From 9d1e3f6a006257c7af27557ffa34622357c0e037 Mon Sep 17 00:00:00 2001 From: Noah Pendleton Date: Fri, 3 May 2024 11:02:22 -0400 Subject: [PATCH 0001/1548] mbedtls_net_send API description typo fix Signed-off-by: Noah Pendleton --- include/mbedtls/net_sockets.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index 85c11971d8..8e69bc0fb3 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -229,7 +229,7 @@ int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len); /** * \brief Write at most 'len' characters. If no error occurs, - * the actual amount read is returned. + * the actual amount written is returned. * * \param ctx Socket * \param buf The buffer to read from From ac2cf1f26c9f1af70dbc99bb5627d199a338742f Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Sun, 10 Mar 2024 02:11:03 +0000 Subject: [PATCH 0002/1548] Defragment incoming TLS handshake messages Signed-off-by: Deomid rojer Ryabkov --- ChangeLog.d/tls-hs-defrag-in.txt | 2 + include/mbedtls/ssl.h | 2 + library/ssl_misc.h | 8 ++- library/ssl_msg.c | 99 ++++++++++++++++++++++++++++---- library/ssl_tls.c | 17 +++++- 5 files changed, 113 insertions(+), 15 deletions(-) create mode 100644 ChangeLog.d/tls-hs-defrag-in.txt diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt new file mode 100644 index 0000000000..8c57200119 --- /dev/null +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -0,0 +1,2 @@ +Change + * Defragment incoming TLS handshake messages. diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index fff53399b7..eb60c78fa7 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1808,6 +1808,8 @@ struct mbedtls_ssl_context { size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length, including the handshake header */ + unsigned char *MBEDTLS_PRIVATE(in_hshdr); /*!< original handshake header start */ + size_t MBEDTLS_PRIVATE(in_hsfraglen); /*!< accumulated hs fragments length */ int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */ int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 5bda91a281..309e924ce8 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1829,7 +1829,13 @@ void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl); -void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl); +void mbedtls_ssl_reset_in_pointers(mbedtls_ssl_context *ssl); +void mbedtls_ssl_reset_out_pointers(mbedtls_ssl_context *ssl); +static inline void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl) +{ + mbedtls_ssl_reset_in_pointers(ssl); + mbedtls_ssl_reset_out_pointers(ssl); +} void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform); void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl); diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 7000e93e53..1c548ecaca 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3225,7 +3225,11 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INVALID_RECORD; } - ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); + if (ssl->in_hslen == 0) { + ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); + ssl->in_hsfraglen = 0; + ssl->in_hshdr = ssl->in_hdr; + } MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen =" " %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %" @@ -3291,10 +3295,59 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) } } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - /* With TLS we don't handle fragmentation (for now) */ - if (ssl->in_msglen < ssl->in_hslen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("TLS handshake fragmentation not supported")); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + { + int ret; + const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; + const size_t msg_hslen = (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen); + + MBEDTLS_SSL_DEBUG_MSG(3, + ("handshake fragment: %" MBEDTLS_PRINTF_SIZET " .. %" + MBEDTLS_PRINTF_SIZET " of %" + MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET, + ssl->in_hsfraglen, ssl->in_hsfraglen + msg_hslen, + ssl->in_hslen, ssl->in_msglen)); + (void) msg_hslen; + if (ssl->in_msglen < hs_remain) { + ssl->in_hsfraglen += ssl->in_msglen; + ssl->in_hdr = ssl->in_msg + ssl->in_msglen; + ssl->in_msglen = 0; + mbedtls_ssl_update_in_pointers(ssl); + return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; + } + if (ssl->in_hshdr != ssl->in_hdr) { + /* + * At ssl->in_hshdr we have a sequence of records that cover the next handshake + * record, each with its own record header that we need to remove. + * Note that the reassembled record size may not equal the size of the message, + * there maybe bytes from the next message following it. + */ + size_t merged_rec_len = 0; + unsigned char *p = ssl->in_hshdr, *q = NULL; + do { + mbedtls_record rec; + ret = ssl_parse_record_header(ssl, p, mbedtls_ssl_in_hdr_len(ssl), &rec); + if (ret != 0) { + return ret; + } + merged_rec_len += rec.data_len; + p = rec.buf + rec.buf_len; + if (q != NULL) { + memmove(q, rec.buf + rec.data_offset, rec.data_len); + q += rec.data_len; + } else { + q = p; + } + } while (merged_rec_len < ssl->in_hslen); + ssl->in_hdr = ssl->in_hshdr; + mbedtls_ssl_update_in_pointers(ssl); + ssl->in_msglen = merged_rec_len; + /* Adjust message length. */ + MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0); + ssl->in_hsfraglen = 0; + ssl->in_hshdr = NULL; + MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record", + ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len); + } } return 0; @@ -4639,6 +4692,16 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } + if (ssl->in_hsfraglen != 0) { + /* Not all handshake fragments have arrived, do not consume. */ + MBEDTLS_SSL_DEBUG_MSG(3, + ("waiting for more fragments (%" MBEDTLS_PRINTF_SIZET " of %" + MBEDTLS_PRINTF_SIZET ", %" MBEDTLS_PRINTF_SIZET " left)", + ssl->in_hsfraglen, ssl->in_hslen, + ssl->in_hslen - ssl->in_hsfraglen)); + return 0; + } + /* * Get next Handshake message in the current record */ @@ -4664,6 +4727,7 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl) ssl->in_msglen -= ssl->in_hslen; memmove(ssl->in_msg, ssl->in_msg + ssl->in_hslen, ssl->in_msglen); + MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0); MBEDTLS_SSL_DEBUG_BUF(4, "remaining content in record", ssl->in_msg, ssl->in_msglen); @@ -5338,7 +5402,7 @@ void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl) } else #endif { - ssl->in_ctr = ssl->in_hdr - MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; + ssl->in_ctr = ssl->in_buf; ssl->in_len = ssl->in_hdr + 3; #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl->in_cid = ssl->in_len; @@ -5354,24 +5418,35 @@ void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl) * Setup an SSL context */ -void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl) +void mbedtls_ssl_reset_in_pointers(mbedtls_ssl_context *ssl) +{ +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + ssl->in_hdr = ssl->in_buf; + } else +#endif + { + ssl->in_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; + } + + /* Derive other internal pointers. */ + mbedtls_ssl_update_in_pointers(ssl); +} + +void mbedtls_ssl_reset_out_pointers(mbedtls_ssl_context *ssl) { /* Set the incoming and outgoing record pointers. */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ssl->out_hdr = ssl->out_buf; - ssl->in_hdr = ssl->in_buf; } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ { ssl->out_ctr = ssl->out_buf; - ssl->out_hdr = ssl->out_buf + 8; - ssl->in_hdr = ssl->in_buf + 8; + ssl->out_hdr = ssl->out_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; } - /* Derive other internal pointers. */ mbedtls_ssl_update_out_pointers(ssl, NULL /* no transform enabled */); - mbedtls_ssl_update_in_pointers(ssl); } /* diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ae4fd89f6a..70621b5ccc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -343,12 +343,17 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, size_t out_buf_new_len) { int modified = 0; - size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0; + size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0, hdr_in = 0; size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0; + size_t hshdr_in = 0; if (ssl->in_buf != NULL) { written_in = ssl->in_msg - ssl->in_buf; iv_offset_in = ssl->in_iv - ssl->in_buf; len_offset_in = ssl->in_len - ssl->in_buf; + hdr_in = ssl->in_hdr - ssl->in_buf; + if (ssl->in_hshdr != NULL) { + hshdr_in = ssl->in_hshdr - ssl->in_buf; + } if (downsizing ? ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len : ssl->in_buf_len < in_buf_new_len) { @@ -380,7 +385,10 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, } if (modified) { /* Update pointers here to avoid doing it twice. */ - mbedtls_ssl_reset_in_out_pointers(ssl); + ssl->in_hdr = ssl->in_buf + hdr_in; + mbedtls_ssl_update_in_pointers(ssl); + mbedtls_ssl_reset_out_pointers(ssl); + /* Fields below might not be properly updated with record * splitting or with CID, so they are manually updated here. */ ssl->out_msg = ssl->out_buf + written_out; @@ -390,6 +398,9 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, ssl->in_msg = ssl->in_buf + written_in; ssl->in_len = ssl->in_buf + len_offset_in; ssl->in_iv = ssl->in_buf + iv_offset_in; + if (ssl->in_hshdr != NULL) { + ssl->in_hshdr = ssl->in_buf + hshdr_in; + } } } #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ @@ -1483,6 +1494,8 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, ssl->in_hslen = 0; ssl->keep_current_message = 0; ssl->transform_in = NULL; + ssl->in_hshdr = NULL; + ssl->in_hsfraglen = 0; #if defined(MBEDTLS_SSL_PROTO_DTLS) ssl->next_record_offset = 0; From f62b8baf27b2ddff1de3f4de5b4c8357e199d49d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Dec 2024 12:17:03 +0100 Subject: [PATCH 0003/1548] Move files out of Mbed TLS The following files are moved to the framework repo (deleted here): scripts/min_requirements.py Signed-off-by: Valerio Setti --- scripts/min_requirements.py | 129 ------------------------------------ 1 file changed, 129 deletions(-) delete mode 100755 scripts/min_requirements.py diff --git a/scripts/min_requirements.py b/scripts/min_requirements.py deleted file mode 100755 index b36f906622..0000000000 --- a/scripts/min_requirements.py +++ /dev/null @@ -1,129 +0,0 @@ -#!/usr/bin/env python3 -"""Install all the required Python packages, with the minimum Python version. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import argparse -import os -import re -import subprocess -import sys -import tempfile -import typing - -from typing import List, Optional - -import framework_scripts_path # pylint: disable=unused-import -from mbedtls_framework import typing_util - -def pylint_doesn_t_notice_that_certain_types_are_used_in_annotations( - _list: List[typing.Any], -) -> None: - pass - - -class Requirements: - """Collect and massage Python requirements.""" - - def __init__(self) -> None: - self.requirements = [] #type: List[str] - - def adjust_requirement(self, req: str) -> str: - """Adjust a requirement to the minimum specified version.""" - # allow inheritance #pylint: disable=no-self-use - # If a requirement specifies a minimum version, impose that version. - split_req = req.split(';', 1) - split_req[0] = re.sub(r'>=|~=', r'==', split_req[0]) - return ';'.join(split_req) - - def add_file(self, filename: str) -> None: - """Add requirements from the specified file. - - This method supports a subset of pip's requirement file syntax: - * One requirement specifier per line, which is passed to - `adjust_requirement`. - * Comments (``#`` at the beginning of the line or after whitespace). - * ``-r FILENAME`` to include another file. - """ - for line in open(filename): - line = line.strip() - line = re.sub(r'(\A|\s+)#.*', r'', line) - if not line: - continue - m = re.match(r'-r\s+', line) - if m: - nested_file = os.path.join(os.path.dirname(filename), - line[m.end(0):]) - self.add_file(nested_file) - continue - self.requirements.append(self.adjust_requirement(line)) - - def write(self, out: typing_util.Writable) -> None: - """List the gathered requirements.""" - for req in self.requirements: - out.write(req + '\n') - - def install( - self, - pip_general_options: Optional[List[str]] = None, - pip_install_options: Optional[List[str]] = None, - ) -> None: - """Call pip to install the requirements.""" - if pip_general_options is None: - pip_general_options = [] - if pip_install_options is None: - pip_install_options = [] - with tempfile.TemporaryDirectory() as temp_dir: - # This is more complicated than it needs to be for the sake - # of Windows. Use a temporary file rather than the command line - # to avoid quoting issues. Use a temporary directory rather - # than NamedTemporaryFile because with a NamedTemporaryFile on - # Windows, the subprocess can't open the file because this process - # has an exclusive lock on it. - req_file_name = os.path.join(temp_dir, 'requirements.txt') - with open(req_file_name, 'w') as req_file: - self.write(req_file) - subprocess.check_call([sys.executable, '-m', 'pip'] + - pip_general_options + - ['install'] + pip_install_options + - ['-r', req_file_name]) - -DEFAULT_REQUIREMENTS_FILE = 'ci.requirements.txt' - -def main() -> None: - """Command line entry point.""" - parser = argparse.ArgumentParser(description=__doc__) - parser.add_argument('--no-act', '-n', - action='store_true', - help="Don't act, just print what will be done") - parser.add_argument('--pip-install-option', - action='append', dest='pip_install_options', - help="Pass this option to pip install") - parser.add_argument('--pip-option', - action='append', dest='pip_general_options', - help="Pass this general option to pip") - parser.add_argument('--user', - action='append_const', dest='pip_install_options', - const='--user', - help="Install to the Python user install directory" - " (short for --pip-install-option --user)") - parser.add_argument('files', nargs='*', metavar='FILE', - help="Requirement files" - " (default: {} in the script's directory)" \ - .format(DEFAULT_REQUIREMENTS_FILE)) - options = parser.parse_args() - if not options.files: - options.files = [os.path.join(os.path.dirname(__file__), - DEFAULT_REQUIREMENTS_FILE)] - reqs = Requirements() - for filename in options.files: - reqs.add_file(filename) - reqs.write(sys.stdout) - if not options.no_act: - reqs.install(pip_general_options=options.pip_general_options, - pip_install_options=options.pip_install_options) - -if __name__ == '__main__': - main() From 3730e4a6b7340e21a7a1f893be219a14acd002c5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Dec 2024 16:42:00 +0100 Subject: [PATCH 0004/1548] scripts: add new min_requirements.py script This call into the "old" script that has been moved to the framework repository. The *.requirements.txt files are kept on this repo though. Signed-off-by: Valerio Setti --- scripts/min_requirements.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100755 scripts/min_requirements.py diff --git a/scripts/min_requirements.py b/scripts/min_requirements.py new file mode 100755 index 0000000000..a67b761a32 --- /dev/null +++ b/scripts/min_requirements.py @@ -0,0 +1,16 @@ +#!/usr/bin/env python3 +"""Install all the required Python packages, with the minimum Python version. +""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +import os +import framework_scripts_path # pylint: disable=unused-import +from mbedtls_framework import min_requirements + +# The default file is located in the same folder as this script. +DEFAULT_REQUIREMENTS_FILE = 'ci.requirements.txt' + +min_requirements.main(os.path.join(os.path.dirname(__file__), + DEFAULT_REQUIREMENTS_FILE)) From 7459ef24254dab554103b5a1ff502b10951460ba Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Dec 2024 16:44:57 +0100 Subject: [PATCH 0005/1548] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index fe852d3b9a..71171b77f5 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit fe852d3b9a3b08171c99176ffebfe8a8475d546d +Subproject commit 71171b77f50302206cc87b93bc8bf76f16b6e1c4 From 3533e9b7611ff9573bbce98b8bd0a8e3c594ba5d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 Jan 2025 14:21:30 +0100 Subject: [PATCH 0006/1548] Move files out of Mbed TLS The following files are moved to the framework repo (deleted here): tests/scripts/pkgconfig.sh Signed-off-by: Valerio Setti --- tests/scripts/pkgconfig.sh | 40 -------------------------------------- 1 file changed, 40 deletions(-) delete mode 100755 tests/scripts/pkgconfig.sh diff --git a/tests/scripts/pkgconfig.sh b/tests/scripts/pkgconfig.sh deleted file mode 100755 index 07a73b3dae..0000000000 --- a/tests/scripts/pkgconfig.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Test pkgconfig files. -# -# For each of the build pkg-config files, .pc files, check that -# they validate and do some basic sanity testing on the output, -# i.e. that the strings are non-empty. -# -# NOTE: This requires the built pc files to be on the pkg-config -# search path, this can be controlled with env variable -# PKG_CONFIG_PATH. See man(1) pkg-config for details. -# - -set -e -u - -if [ $# -le 0 ] -then - echo " [!] No package names specified" >&2 - echo "Usage: $0 ..." >&2 - exit 1 -fi - -for pc in "$@"; do - printf "testing package config file: ${pc} ... " - pkg-config --validate "${pc}" - version="$(pkg-config --modversion "${pc}")" - test -n "$version" - cflags="$(pkg-config --cflags "${pc}")" - test -n "$cflags" - libs="$(pkg-config --libs "${pc}")" - test -n "$libs" - printf "passed\n" -done - -exit 0 From ba8500b6b97d1c36ad4cb05ef51143b4989d8a9c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 Jan 2025 14:27:42 +0100 Subject: [PATCH 0007/1548] components-build-system.sh: fix path of pkgconfig.sh The script was moved to the framework sub-repo. Signed-off-by: Valerio Setti --- tests/scripts/components-build-system.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh index f3a8d19758..d6ad88ab82 100644 --- a/tests/scripts/components-build-system.sh +++ b/tests/scripts/components-build-system.sh @@ -116,7 +116,7 @@ component_test_cmake_as_package () { ./cmake_package if [[ "$OSTYPE" == linux* ]]; then PKG_CONFIG_PATH="${build_variant_dir}/mbedtls/pkgconfig" \ - ${root_dir}/tests/scripts/pkgconfig.sh \ + ${root_dir}/framework/scripts/pkgconfig.sh \ mbedtls mbedx509 mbedcrypto # These are the EXPECTED package names. Renaming these could break # consumers of pkg-config, consider carefully. @@ -137,7 +137,7 @@ component_test_tf_psa_crypto_cmake_as_package () { ./cmake_package if [[ "$OSTYPE" == linux* ]]; then PKG_CONFIG_PATH="${build_variant_dir}/tf-psa-crypto/pkgconfig" \ - ${root_dir}/tests/scripts/pkgconfig.sh \ + ${root_dir}/framework/scripts/pkgconfig.sh \ tfpsacrypto # This is the EXPECTED package name. Renaming it could break consumers # of pkg-config, consider carefully. From dff650eb347680ab1e4bfa2094ec663079c0bfce Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 Jan 2025 14:28:19 +0100 Subject: [PATCH 0008/1548] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 71171b77f5..57ee691a3e 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 71171b77f50302206cc87b93bc8bf76f16b6e1c4 +Subproject commit 57ee691a3e57f172a03c3f2f5c4da457e8fabf3c From 93d4591255f0da0bb7e7d7cdd6c0de8ab0bd6399 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Jan 2025 11:45:44 +0100 Subject: [PATCH 0009/1548] Remove deprecated function mbedtls_ssl_conf_curves() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/ssl.h | 55 ---------------------------- library/ssl_tls.c | 21 +---------- tests/scripts/analyze_outcomes.py | 16 -------- tests/suites/test_suite_ssl.data | 3 -- tests/suites/test_suite_ssl.function | 50 ------------------------- 5 files changed, 1 insertion(+), 144 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index fff53399b7..2922f378aa 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3813,54 +3813,6 @@ void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, unsigned int bitlen); #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ -#if defined(MBEDTLS_ECP_C) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/** - * \brief Set the allowed curves in order of preference. - * - * On server: this only affects selection of the ECDHE curve; - * the curves used for ECDH and ECDSA are determined by the - * list of available certificates instead. - * - * On client: this affects the list of curves offered for any - * use. The server can override our preference order. - * - * Both sides: limits the set of curves accepted for use in - * ECDHE and in the peer's end-entity certificate. - * - * \deprecated Superseded by mbedtls_ssl_conf_groups(). - * - * \note This has no influence on which curves are allowed inside the - * certificate chains, see \c mbedtls_ssl_conf_cert_profile() - * for that. For the end-entity certificate however, the key - * will be accepted only if it is allowed both by this list - * and by the cert profile. - * - * \note This list should be ordered by decreasing preference - * (preferred curve first). - * - * \note The default list is the same set of curves that - * #mbedtls_x509_crt_profile_default allows, plus - * ECDHE-only curves selected according to the same criteria. - * The order favors curves with the lowest resource usage. - * - * \note New minor versions of Mbed TLS may extend this list, - * for example if new curves are added to the library. - * New minor versions of Mbed TLS will not remove items - * from this list unless serious security concerns require it. - * New minor versions of Mbed TLS may change the order in - * keeping with the general principle of favoring the lowest - * resource usage. - * - * \param conf SSL configuration - * \param curves Ordered list of allowed curves, - * terminated by MBEDTLS_ECP_DP_NONE. - */ -void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, - const mbedtls_ecp_group_id *curves); -#endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_ECP_C */ - /** * \brief Set the allowed groups in order of preference. * @@ -3872,13 +3824,6 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, * Both sides: limits the set of groups accepted for use in * key sharing. * - * \note This function replaces the deprecated mbedtls_ssl_conf_curves(), - * which only allows ECP curves to be configured. - * - * \note The most recent invocation of either mbedtls_ssl_conf_curves() - * or mbedtls_ssl_conf_groups() nullifies all previous invocations - * of both. - * * \note This list should be ordered by decreasing preference * (preferred group first). * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5031c77a56..ad2edae308 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2735,25 +2735,6 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_ECP_C) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/* - * Set the allowed elliptic curves - * - * mbedtls_ssl_setup() takes the provided list - * and translates it to a list of IANA TLS group identifiers, - * stored in ssl->handshake->group_list. - * - */ -void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, - const mbedtls_ecp_group_id *curve_list) -{ - conf->curve_list = curve_list; - conf->group_list = NULL; -} -#endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_ECP_C */ - /* * Set the allowed groups */ @@ -5594,7 +5575,7 @@ void mbedtls_ssl_config_init(mbedtls_ssl_config *conf) /* The selection should be the same as mbedtls_x509_crt_profile_default in * x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters: * curves with a lower resource usage come first. - * See the documentation of mbedtls_ssl_conf_curves() for what we promise + * See the documentation of mbedtls_ssl_conf_groups() for what we promise * about this list. */ static const uint16_t ssl_preset_default_groups[] = { diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 721ac4a7d6..a3b18c6d4e 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -429,10 +429,6 @@ class DriverVSReference_ecp_light_only(outcome_analysis.DriverVSReference): re.compile(r'ECP point multiplication .*'), re.compile(r'ECP test vectors .*'), ], - 'test_suite_ssl': [ - # This deprecated function is only present when ECP_C is On. - 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()', - ], } class DriverVSReference_no_ecp_at_all(outcome_analysis.DriverVSReference): @@ -469,10 +465,6 @@ class DriverVSReference_no_ecp_at_all(outcome_analysis.DriverVSReference): re.compile(r'Parse EC Key .*compressed\)'), re.compile(r'Parse Public EC Key .*compressed\)'), ], - # See ecp_light_only - 'test_suite_ssl': [ - 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()', - ], } class DriverVSReference_ecc_no_bignum(outcome_analysis.DriverVSReference): @@ -516,10 +508,6 @@ class DriverVSReference_ecc_no_bignum(outcome_analysis.DriverVSReference): 'test_suite_debug': [ re.compile(r'Debug print mbedtls_mpi.*'), ], - # See ecp_light_only - 'test_suite_ssl': [ - 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()', - ], } class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference): @@ -571,10 +559,6 @@ class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference): 'test_suite_debug': [ re.compile(r'Debug print mbedtls_mpi.*'), ], - # See ecp_light_only - 'test_suite_ssl': [ - 'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()', - ], } class DriverVSReference_ffdh_alg(outcome_analysis.DriverVSReference): diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 8135ef17ad..2eeb17290c 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3086,9 +3086,6 @@ TLS 1.3: SRV: Session serialization, load buffer size depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 -Test configuration of groups for DHE through mbedtls_ssl_conf_curves() -conf_curve: - Test configuration of groups for DHE through mbedtls_ssl_conf_groups() conf_group: diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 3a2d61becd..121c6eab09 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3009,56 +3009,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ECP_C:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ECC_SECP_R1_224:PSA_WANT_ECC_SECP_R1_256 */ -void conf_curve() -{ - - mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP192R1, - MBEDTLS_ECP_DP_SECP224R1, - MBEDTLS_ECP_DP_SECP256R1, - MBEDTLS_ECP_DP_NONE }; - uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, - MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; - - mbedtls_ssl_config conf; - mbedtls_ssl_config_init(&conf); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); - mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); -#else - mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_3); - mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_3); -#endif - mbedtls_ssl_conf_curves(&conf, curve_list); - - mbedtls_ssl_context ssl; - mbedtls_ssl_init(&ssl); - MD_OR_USE_PSA_INIT(); - - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); - - TEST_ASSERT(ssl.handshake != NULL && ssl.handshake->group_list != NULL); - TEST_ASSERT(ssl.conf != NULL && ssl.conf->group_list == NULL); - - TEST_EQUAL(ssl.handshake-> - group_list[ARRAY_LENGTH(iana_tls_group_list) - 1], - MBEDTLS_SSL_IANA_TLS_GROUP_NONE); - - for (size_t i = 0; i < ARRAY_LENGTH(iana_tls_group_list); i++) { - TEST_EQUAL(iana_tls_group_list[i], ssl.handshake->group_list[i]); - } - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_DEPRECATED_REMOVED */ void conf_group() { From 6b720161ca32c382ddb0f6153021b44ebd0b04b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Jan 2025 12:17:20 +0100 Subject: [PATCH 0010/1548] Remove mbedtls_ssl_conf::curve_list MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/ssl.h | 4 ---- library/ssl_misc.h | 16 +------------- library/ssl_tls.c | 51 ------------------------------------------- 3 files changed, 1 insertion(+), 70 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2922f378aa..c0ec6fb4c2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1567,10 +1567,6 @@ struct mbedtls_ssl_config { const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) - const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */ -#endif - const uint16_t *MBEDTLS_PRIVATE(group_list); /*!< allowed IANA NamedGroups */ #if defined(MBEDTLS_DHM_C) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 5bda91a281..4d6ac2b6ec 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2270,25 +2270,11 @@ int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl, /* * Return supported groups. * - * In future, invocations can be changed to ssl->conf->group_list - * when mbedtls_ssl_conf_curves() is deleted. - * - * ssl->handshake->group_list is either a translation of curve_list to IANA TLS group - * identifiers when mbedtls_ssl_conf_curves() has been used, or a pointer to - * ssl->conf->group_list when mbedtls_ssl_conf_groups() has been more recently invoked. - * + * In future, invocations can be changed to ssl->conf->group_list. */ static inline const void *mbedtls_ssl_get_groups(const mbedtls_ssl_context *ssl) { - #if defined(MBEDTLS_DEPRECATED_REMOVED) || !defined(MBEDTLS_ECP_C) return ssl->conf->group_list; - #else - if ((ssl->handshake != NULL) && (ssl->handshake->group_list != NULL)) { - return ssl->handshake->group_list; - } else { - return ssl->conf->group_list; - } - #endif } /* diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ad2edae308..9ea58330be 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1154,48 +1154,6 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) } #endif -/* - * curve_list is translated to IANA TLS group identifiers here because - * mbedtls_ssl_conf_curves returns void and so can't return - * any error codes. - */ -#if defined(MBEDTLS_ECP_C) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - /* Heap allocate and translate curve_list from internal to IANA group ids */ - if (ssl->conf->curve_list != NULL) { - size_t length; - const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list; - - for (length = 0; (curve_list[length] != MBEDTLS_ECP_DP_NONE); length++) { - } - - /* Leave room for zero termination */ - uint16_t *group_list = mbedtls_calloc(length + 1, sizeof(uint16_t)); - if (group_list == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - for (size_t i = 0; i < length; i++) { - uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id( - curve_list[i]); - if (tls_id == 0) { - mbedtls_free(group_list); - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - group_list[i] = tls_id; - } - - group_list[length] = 0; - - ssl->handshake->group_list = group_list; - ssl->handshake->group_list_heap_allocated = 1; - } else { - ssl->handshake->group_list = ssl->conf->group_list; - ssl->handshake->group_list_heap_allocated = 0; - } -#endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_ECP_C */ - #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) @@ -2741,9 +2699,6 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, const uint16_t *group_list) { -#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) - conf->curve_list = NULL; -#endif conf->group_list = group_list; } @@ -5964,9 +5919,6 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, conf->sig_algs = ssl_preset_suiteb_sig_algs; #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) - conf->curve_list = NULL; -#endif conf->group_list = ssl_preset_suiteb_groups; break; @@ -5990,9 +5942,6 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, conf->sig_algs = ssl_preset_default_sig_algs; #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) - conf->curve_list = NULL; -#endif conf->group_list = ssl_preset_default_groups; #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) From 6402c35ecafa72f6e1fe37673752b755dfb4d8b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Jan 2025 12:23:56 +0100 Subject: [PATCH 0011/1548] =?UTF-8?q?Remove=20internal=20helper=20mbedtls?= =?UTF-8?q?=5Fssl=5Fget=5Fgroups()=20Signed-off-by:=20Manuel=20P=C3=A9gour?= =?UTF-8?q?i=C3=A9-Gonnard=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- library/ssl_client.c | 2 +- library/ssl_misc.h | 12 +----------- library/ssl_tls.c | 2 +- library/ssl_tls12_server.c | 2 +- library/ssl_tls13_client.c | 4 ++-- 5 files changed, 6 insertions(+), 16 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 823708173c..be4d621d6c 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -222,7 +222,7 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl, unsigned char *p = buf; unsigned char *named_group_list; /* Start of named_group_list */ size_t named_group_list_len; /* Length of named_group_list */ - const uint16_t *group_list = mbedtls_ssl_get_groups(ssl); + const uint16_t *group_list = ssl->conf->group_list; *out_len = 0; diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 4d6ac2b6ec..9bdd104254 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2267,16 +2267,6 @@ int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl, size_t dst_len, size_t *olen); -/* - * Return supported groups. - * - * In future, invocations can be changed to ssl->conf->group_list. - */ -static inline const void *mbedtls_ssl_get_groups(const mbedtls_ssl_context *ssl) -{ - return ssl->conf->group_list; -} - /* * Helper functions for NamedGroup. */ @@ -2319,7 +2309,7 @@ static inline int mbedtls_ssl_tls13_named_group_is_ffdh(uint16_t named_group) static inline int mbedtls_ssl_named_group_is_offered( const mbedtls_ssl_context *ssl, uint16_t named_group) { - const uint16_t *group_list = mbedtls_ssl_get_groups(ssl); + const uint16_t *group_list = ssl->conf->group_list; if (group_list == NULL) { return 0; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9ea58330be..159f2c3205 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6119,7 +6119,7 @@ unsigned char mbedtls_ssl_hash_from_md_alg(int md) */ int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id) { - const uint16_t *group_list = mbedtls_ssl_get_groups(ssl); + const uint16_t *group_list = ssl->conf->group_list; if (group_list == NULL) { return -1; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 9e7c52c5e6..191031eac6 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2966,7 +2966,7 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, * } ServerECDHParams; */ uint16_t *curr_tls_id = ssl->handshake->curves_tls_id; - const uint16_t *group_list = mbedtls_ssl_get_groups(ssl); + const uint16_t *group_list = ssl->conf->group_list; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 919db7d465..9386801512 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -216,7 +216,7 @@ static int ssl_tls13_get_default_group_id(mbedtls_ssl_context *ssl, #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) - const uint16_t *group_list = mbedtls_ssl_get_groups(ssl); + const uint16_t *group_list = ssl->conf->group_list; /* Pick first available ECDHE group compatible with TLS 1.3 */ if (group_list == NULL) { return MBEDTLS_ERR_SSL_BAD_CONFIG; @@ -382,7 +382,7 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl, int selected_group; int found = 0; - const uint16_t *group_list = mbedtls_ssl_get_groups(ssl); + const uint16_t *group_list = ssl->conf->group_list; if (group_list == NULL) { return MBEDTLS_ERR_SSL_BAD_CONFIG; } From 4c3134a39676d64dc03f154f24364c3eb83efe10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Jan 2025 12:25:52 +0100 Subject: [PATCH 0012/1548] Remove useless dependency from test function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This dependency was never right in the first place. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 121c6eab09..f960235e39 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3009,7 +3009,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_DEPRECATED_REMOVED */ +/* BEGIN_CASE */ void conf_group() { uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, From 4787b4012c864d578ce57190106f47b3899c4279 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Jan 2025 12:28:01 +0100 Subject: [PATCH 0013/1548] Add ChangeLog entry MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/rm-ssl-conf-curves.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/rm-ssl-conf-curves.txt diff --git a/ChangeLog.d/rm-ssl-conf-curves.txt b/ChangeLog.d/rm-ssl-conf-curves.txt new file mode 100644 index 0000000000..4b29adc4c9 --- /dev/null +++ b/ChangeLog.d/rm-ssl-conf-curves.txt @@ -0,0 +1,4 @@ +Removals + * Remove the function mbedtls_ssl_conf_curves() which had been deprecated + in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1. + From 5f7c2c21825518d87912aafc8ad5bda5ad0f320b Mon Sep 17 00:00:00 2001 From: Deomid Ryabkov Date: Wed, 15 Jan 2025 19:26:47 +0000 Subject: [PATCH 0014/1548] Update ChangeLog.d/tls-hs-defrag-in.txt Co-authored-by: minosgalanakis <30719586+minosgalanakis@users.noreply.github.com> Signed-off-by: Deomid Ryabkov --- ChangeLog.d/tls-hs-defrag-in.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt index 8c57200119..3555a789d8 100644 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -1,2 +1,2 @@ -Change +Changes * Defragment incoming TLS handshake messages. From 6b64a1ba379681fdc71ee3106ca3a830a2df9000 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 16 Jan 2025 15:00:10 +0100 Subject: [PATCH 0015/1548] x509: remove definition and implementation of x509write_crt_set_serial Signed-off-by: Valerio Setti --- include/mbedtls/x509_crt.h | 22 ---------------------- library/x509write_crt.c | 24 ------------------------ 2 files changed, 46 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 491343f896..5943cfcfa5 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -943,28 +943,6 @@ void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx); */ void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version); -#if defined(MBEDTLS_BIGNUM_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) -/** - * \brief Set the serial number for a Certificate. - * - * \deprecated This function is deprecated and will be removed in a - * future version of the library. Please use - * mbedtls_x509write_crt_set_serial_raw() instead. - * - * \note Even though the MBEDTLS_BIGNUM_C guard looks redundant since - * X509 depends on PK and PK depends on BIGNUM, this emphasizes - * a direct dependency between X509 and BIGNUM which is going - * to be deprecated in the future. - * - * \param ctx CRT context to use - * \param serial serial number to set - * - * \return 0 if successful - */ -int MBEDTLS_DEPRECATED mbedtls_x509write_crt_set_serial( - mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial); -#endif // MBEDTLS_BIGNUM_C && !MBEDTLS_DEPRECATED_REMOVED - /** * \brief Set the serial number for a Certificate. * diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 8bce1ccf52..4bae0fbf67 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -92,30 +92,6 @@ int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, return mbedtls_x509_string_to_names(&ctx->issuer, issuer_name); } -#if defined(MBEDTLS_BIGNUM_C) && !defined(MBEDTLS_DEPRECATED_REMOVED) -int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, - const mbedtls_mpi *serial) -{ - int ret; - size_t tmp_len; - - /* Ensure that the MPI value fits into the buffer */ - tmp_len = mbedtls_mpi_size(serial); - if (tmp_len > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - ctx->serial_len = tmp_len; - - ret = mbedtls_mpi_write_binary(serial, ctx->serial, tmp_len); - if (ret < 0) { - return ret; - } - - return 0; -} -#endif // MBEDTLS_BIGNUM_C && !MBEDTLS_DEPRECATED_REMOVED - int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx, unsigned char *serial, size_t serial_len) { From 6487da15e9b6ab2f514f67d82d7ce91a18cfb60c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 16 Jan 2025 15:02:15 +0100 Subject: [PATCH 0016/1548] tests: remove usage of mbedtls_x509write_crt_set_serial Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509write.function | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index d0fdd8aeef..d1df9e3912 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -471,14 +471,8 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, mbedtls_x509write_crt_set_version(&crt, ver); } -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - TEST_ASSERT(mbedtls_mpi_read_binary(&serial_mpi, serial_arg->x, - serial_arg->len) == 0); - TEST_ASSERT(mbedtls_x509write_crt_set_serial(&crt, &serial_mpi) == 0); -#else TEST_ASSERT(mbedtls_x509write_crt_set_serial_raw(&crt, serial_arg->x, serial_arg->len) == 0); -#endif TEST_ASSERT(mbedtls_x509write_crt_set_validity(&crt, not_before, not_after) == 0); mbedtls_x509write_crt_set_md_alg(&crt, md_type); @@ -665,13 +659,6 @@ void x509_set_serial_check() USE_PSA_INIT(); memset(invalid_serial, 0x01, sizeof(invalid_serial)); -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - TEST_EQUAL(mbedtls_mpi_read_binary(&serial_mpi, invalid_serial, - sizeof(invalid_serial)), 0); - TEST_EQUAL(mbedtls_x509write_crt_set_serial(&ctx, &serial_mpi), - MBEDTLS_ERR_X509_BAD_INPUT_DATA); -#endif - TEST_EQUAL(mbedtls_x509write_crt_set_serial_raw(&ctx, invalid_serial, sizeof(invalid_serial)), MBEDTLS_ERR_X509_BAD_INPUT_DATA); From 19846f5561482da1c4ad29efee98b15fbb7301d2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 16 Jan 2025 15:06:19 +0100 Subject: [PATCH 0017/1548] changelog: add note for mbedtls_x509write_crt_set_serial() deprecation Signed-off-by: Valerio Setti --- ChangeLog.d/9892.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/9892.txt diff --git a/ChangeLog.d/9892.txt b/ChangeLog.d/9892.txt new file mode 100644 index 0000000000..01d21b6e5f --- /dev/null +++ b/ChangeLog.d/9892.txt @@ -0,0 +1,4 @@ +Removals + * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was + already deprecated and superseeded by + mbedtls_x509write_crt_set_serial_raw(). From e65bfe644964e4e70f8a6834fe661ac73ed8c750 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Fri, 17 Jan 2025 09:19:18 +0000 Subject: [PATCH 0018/1548] Remove check_test_dependencies TF-PSA-Crypto test from Mbed TLS This commit removes the check_test_dependencies from Mbed TLS as it has been added to TF-PSA-Crypto. Signed-off-by: Harry Ramsey --- tests/scripts/components-basic-checks.sh | 59 ------------------------ 1 file changed, 59 deletions(-) diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 6266e9f07f..3ee88a3c21 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -74,65 +74,6 @@ component_check_test_cases () { unset opt } -component_check_test_dependencies () { - msg "Check: test case dependencies: legacy vs PSA" # < 1s - # The purpose of this component is to catch unjustified dependencies on - # legacy feature macros (MBEDTLS_xxx) in PSA tests. Generally speaking, - # PSA test should use PSA feature macros (PSA_WANT_xxx, more rarely - # MBEDTLS_PSA_xxx). - # - # Most of the time, use of legacy MBEDTLS_xxx macros are mistakes, which - # this component is meant to catch. However a few of them are justified, - # mostly by the absence of a PSA equivalent, so this component includes a - # list of expected exceptions. - - found="check-test-deps-found-$$" - expected="check-test-deps-expected-$$" - - # Find legacy dependencies in PSA tests - grep 'depends_on' \ - tf-psa-crypto/tests/suites/test_suite_psa*.data \ - tf-psa-crypto/tests/suites/test_suite_psa*.function | - grep -Eo '!?MBEDTLS_[^: ]*' | - grep -v -e MBEDTLS_PSA_ -e MBEDTLS_TEST_ | - sort -u > $found - - # Expected ones with justification - keep in sorted order by ASCII table! - rm -f $expected - # No PSA equivalent - WANT_KEY_TYPE_AES means all sizes - echo "!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" >> $expected - # No PSA equivalent - used to skip decryption tests in PSA-ECB, CBC/XTS/NIST_KW/DES - echo "!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT" >> $expected - # MBEDTLS_ASN1_WRITE_C is used by import_rsa_made_up() in test_suite_psa_crypto - # in order to build a fake RSA key of the wanted size based on - # PSA_VENDOR_RSA_MAX_KEY_BITS. The legacy module is only used by - # the test code and that's probably the most convenient way of achieving - # the test's goal. - echo "MBEDTLS_ASN1_WRITE_C" >> $expected - # No PSA equivalent - used in test_suite_psa_crypto to get some "known" size - # for raw key generation. - echo "MBEDTLS_CTR_DRBG_MAX_REQUEST" >> $expected - # No PSA equivalent - we should probably have one in the future. - echo "MBEDTLS_ECP_RESTARTABLE" >> $expected - # No PSA equivalent - needed by some init tests - echo "MBEDTLS_ENTROPY_NV_SEED" >> $expected - # No PSA equivalent - required to run threaded tests. - echo "MBEDTLS_THREADING_PTHREAD" >> $expected - - # Compare reality with expectation. - # We want an exact match, to ensure the above list remains up-to-date. - # - # The output should be empty. When it's not: - # - Each '+' line is a macro that was found but not expected. You want to - # find where that macro occurs, and either replace it with PSA macros, or - # add it to the exceptions list above with a justification. - # - Each '-' line is a macro that was expected but not found; it means the - # exceptions list above should be updated by removing that macro. - diff -U0 $expected $found - - rm $found $expected -} - component_check_doxygen_warnings () { msg "Check: doxygen warnings (builds the documentation)" # ~ 3s ./framework/scripts/doxygen.sh From cad11ada7f7d0b79ac1a49d2d9e0484ce42613a1 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Sat, 18 Jan 2025 15:58:57 +0200 Subject: [PATCH 0019/1548] Review comments Signed-off-by: Deomid rojer Ryabkov --- library/ssl_msg.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 1c548ecaca..d0b755d9d3 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3298,15 +3298,14 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) { int ret; const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; - const size_t msg_hslen = (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen); - MBEDTLS_SSL_DEBUG_MSG(3, ("handshake fragment: %" MBEDTLS_PRINTF_SIZET " .. %" MBEDTLS_PRINTF_SIZET " of %" MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET, - ssl->in_hsfraglen, ssl->in_hsfraglen + msg_hslen, + ssl->in_hsfraglen, + ssl->in_hsfraglen + + (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen), ssl->in_hslen, ssl->in_msglen)); - (void) msg_hslen; if (ssl->in_msglen < hs_remain) { ssl->in_hsfraglen += ssl->in_msglen; ssl->in_hdr = ssl->in_msg + ssl->in_msglen; @@ -5424,7 +5423,7 @@ void mbedtls_ssl_reset_in_pointers(mbedtls_ssl_context *ssl) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ssl->in_hdr = ssl->in_buf; } else -#endif +#endif /* MBEDTLS_SSL_PROTO_DTLS */ { ssl->in_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; } From 28eed1abff8f607069b22209308859c01155b7c8 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Fri, 17 Jan 2025 09:21:32 +0000 Subject: [PATCH 0020/1548] Update TF-PSA-Crypto pointer This commit updates TF-PSA-Crypto pointer to include the moved test in Mbed TLS via TF-PSA-Crypto. Signed-off-by: Harry Ramsey --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index c78da5a1e7..3671d64374 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit c78da5a1e7fd503685f28b18e17756a38f10444e +Subproject commit 3671d643746853b4a49fe25dda7842d6c22c026b From cec956263d9cd8fccfc9c537298c7f3ec006d1bf Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Fri, 17 Jan 2025 09:48:55 +0000 Subject: [PATCH 0021/1548] Update framework pointer This commit updates the framework pointer to include modified collect_test_cases.py which can run independently for TF-PSA-Crypto. Signed-off-by: Harry Ramsey --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 57ee691a3e..1ead596839 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 57ee691a3e57f172a03c3f2f5c4da457e8fabf3c +Subproject commit 1ead5968394ac9e66b2ddb8fdb96faafcaa032de From 08c4362ad18f12ba5c291036ff0fec38f05bb9a5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 15 Jan 2025 14:12:26 +0100 Subject: [PATCH 0022/1548] Update submodules Catch up with https://github.com/Mbed-TLS/mbedtls-framework/pull/104 = "Switch generate_psa_test.py to automatic dependencies for negative test cases" Signed-off-by: Gilles Peskine --- framework | 2 +- tf-psa-crypto | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/framework b/framework index 1ead596839..8296a73ce0 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 1ead5968394ac9e66b2ddb8fdb96faafcaa032de +Subproject commit 8296a73ce0cb31fadf411b6929a3201beece37a5 diff --git a/tf-psa-crypto b/tf-psa-crypto index 3671d64374..137b57776c 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 3671d643746853b4a49fe25dda7842d6c22c026b +Subproject commit 137b57776c3779fcc96e36141cf0fbe007e15674 From fe683e7a1b9de961698baa433ccb07cb8c67aa0c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 9 Jan 2025 18:41:45 +0100 Subject: [PATCH 0023/1548] Remove test coverage exceptions that are no longer needed Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 47 ------------------------------- 1 file changed, 47 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 721ac4a7d6..36d58b9d0d 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -33,41 +33,6 @@ def _has_word_re(words: typing.Iterable[str], r'.*\b(?:' + r'|'.join(words) + r')\b.*', re.DOTALL) - # generate_psa_tests.py generates test cases involving cryptographic - # mechanisms (key types, families, algorithms) that are declared but - # not implemented. Until we improve the Python scripts, ignore those - # test cases in the analysis. - # https://github.com/Mbed-TLS/mbedtls/issues/9572 - _PSA_MECHANISMS_NOT_IMPLEMENTED = [ - r'CBC_MAC', - r'DETERMINISTIC_DSA', - r'DET_DSA', - r'DSA', - r'ECC_KEY_PAIR\(BRAINPOOL_P_R1\) (?:160|192|224|320)-bit', - r'ECC_KEY_PAIR\(SECP_K1\) 225-bit', - r'ECC_PAIR\(BP_R1\) (?:160|192|224|320)-bit', - r'ECC_PAIR\(SECP_K1\) 225-bit', - r'ECC_PUBLIC_KEY\(BRAINPOOL_P_R1\) (?:160|192|224|320)-bit', - r'ECC_PUBLIC_KEY\(SECP_K1\) 225-bit', - r'ECC_PUB\(BP_R1\) (?:160|192|224|320)-bit', - r'ECC_PUB\(SECP_K1\) 225-bit', - r'ED25519PH', - r'ED448PH', - r'PEPPER', - r'PURE_EDDSA', - r'SECP_R2', - r'SECT_K1', - r'SECT_R1', - r'SECT_R2', - r'SHAKE256_512', - r'SHA_512_224', - r'SHA_512_256', - r'TWISTED_EDWARDS', - r'XTS', - ] - PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE = \ - _has_word_re(_PSA_MECHANISMS_NOT_IMPLEMENTED) - IGNORED_TESTS = { 'ssl-opt': [ # We don't run ssl-opt.sh with Valgrind on the CI because @@ -224,18 +189,6 @@ def _has_word_re(words: typing.Iterable[str], 'PSA import DH_PUBLIC_KEY(RFC7919) 2048-bit group not supported', ], 'test_suite_psa_crypto_op_fail.generated': [ - # Ignore mechanisms that are not implemented, except - # for test cases that assume the mechanism is not supported. - _has_word_re(_PSA_MECHANISMS_NOT_IMPLEMENTED, - exclude=(r'.*: !(?:' + - r'|'.join(_PSA_MECHANISMS_NOT_IMPLEMENTED) + - r')\b')), - # Incorrect dependency generation. To be fixed as part of the - # resolution of https://github.com/Mbed-TLS/mbedtls/issues/9167 - # by forward-porting the commit - # "PSA test case generation: dependency inference class: operation fail" - # from https://github.com/Mbed-TLS/mbedtls/pull/9025 . - re.compile(r'.* with (?:DH|ECC)_(?:KEY_PAIR|PUBLIC_KEY)\(.*'), # We don't test this unusual, but sensible configuration. # https://github.com/Mbed-TLS/mbedtls/issues/9592 re.compile(r'.*: !ECDSA but DETERMINISTIC_ECDSA with ECC_.*'), From 13c418dceeb2fd2a6a6be3f5bde91842bba99d32 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 Jan 2025 19:49:12 +0100 Subject: [PATCH 0024/1548] Add ignore list entries for ECDH/FFDH algorithm without key type Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 36d58b9d0d..fd59822b59 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -196,6 +196,12 @@ def _has_word_re(words: typing.Iterable[str], # key type disabled. Those dependencies don't really make sense. # https://github.com/Mbed-TLS/mbedtls/issues/9573 re.compile(r'.* !HMAC with HMAC'), + # We don't test with ECDH disabled but the key type enabled. + # https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/161 + re.compile(r'PSA key_agreement.* !ECDH with ECC_KEY_PAIR\(.*'), + # We don't test with FFDH disabled but the key type enabled. + # https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/160 + re.compile(r'PSA key_agreement.* !FFDH with DH_KEY_PAIR\(.*'), ], 'test_suite_psa_crypto_op_fail.misc': [ # We don't test this unusual, but sensible configuration. From 7dc570905e51dadad7fb7385b5c7c73a773f4571 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 20 Jan 2025 19:43:41 +0100 Subject: [PATCH 0025/1548] Update submodule Signed-off-by: Gilles Peskine --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 137b57776c..1bc29c97c9 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 137b57776c3779fcc96e36141cf0fbe007e15674 +Subproject commit 1bc29c97c99ad40aa9f17b5a873b391454c9c068 From c4e768a8a60375e1ee5de5810f0f2e8b89bef6d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 22 Jan 2025 10:04:43 +0100 Subject: [PATCH 0026/1548] Fix incorrect test function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We should not manually set the TLS version, the tests are supposed to pass in 1.3-only builds as well. Instead do the normal thing of setting defaults. This doesn't interfere with the rest of the testing, so I'm not sure why we were not doing it. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index f960235e39..0781ceff84 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3021,8 +3021,9 @@ void conf_group() mbedtls_ssl_config_init(&conf); mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); - mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); + mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT); mbedtls_ssl_conf_groups(&conf, iana_tls_group_list); From 2fe0da7947cb4053e10607da929896fbdd7391ad Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 22 Jan 2025 14:27:22 +0000 Subject: [PATCH 0027/1548] Add X.509 formatting validation to SECURITY.md Clarify that strict formatting of X.509 certificates is not checked by Mbed TLS and that it therefore should not be used to construct a CA. Signed-off-by: David Horstmann --- SECURITY.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 9506eb9134..8f8ad295ee 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -144,3 +144,17 @@ Policy](https://github.com/hacl-star/hacl-star/blob/main/SECURITY.md).) The Everest variant is only used when `MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED` configuration option is defined. This option is off by default. + +#### Formatting of X.509 certificates and certificate signing requests + +When parsing X.509 certificates and certificate signing requests (CSRs), +Mbed TLS does not check that they are strictly compliant with X.509 and other +relevant standards. In the case of signed certificates, the signing party is +assumed to have performed this validation (and the certificate is trusted to +be correctly formatted as long as the signature is correct). +Similarly, CSRs are implicitly trusted by Mbed TLS to be standards-compliant. + +**Warning!** Mbed TLS must not be used to sign untrusted CSRs unless extra +validation is performed separately to ensure that they are compliant to the +relevant specifications. This makes Mbed TLS on its own unsuitable use in a +Certificate Authority (CA). From faa1a0fe50867255ce69180176ade4e6d85f7010 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 22 Jan 2025 14:48:58 +0000 Subject: [PATCH 0028/1548] Add paragraph on undefined behaviour Add a note that we do aim to protect against undefined behaviour and undefined behaviour in certificate parsing is in scope. Signed-off-by: David Horstmann --- SECURITY.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 8f8ad295ee..00d4aed349 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -158,3 +158,8 @@ Similarly, CSRs are implicitly trusted by Mbed TLS to be standards-compliant. validation is performed separately to ensure that they are compliant to the relevant specifications. This makes Mbed TLS on its own unsuitable use in a Certificate Authority (CA). + +However, Mbed TLS aims to protect against memory corruption and other +undefined behavior when parsing certificates and CSRs. If a CSR or signed +certificate causes undefined behavior when it is parsed by Mbed TLS, that +is considered a security vulnerability. From 490e30599bd3be91ce4a5500ac68c2fc95a4c90e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Jan 2025 12:36:50 +0100 Subject: [PATCH 0029/1548] Stop recommended deprecated function in migration guide MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/3.0-migration-guide.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index 63a13ad876..42af9dbaf2 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -748,7 +748,7 @@ for both DTLS-CID and TLS 1.3. The default preference order for curves in TLS now favors resource usage (performance and memory consumption) over size. The exact order is unspecified and may change, but generally you can expect 256-bit curves to be preferred over larger curves. -If you prefer a different order, call `mbedtls_ssl_conf_curves()` when configuring a TLS connection. +If you prefer a different order, call `mbedtls_ssl_conf_groups()` when configuring a TLS connection. ### SSL key export interface change @@ -1025,7 +1025,7 @@ mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default; my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ); ``` -If you still need to allow hashes and curves in TLS that have been removed from the default configuration, call `mbedtls_ssl_conf_sig_hashes()` and `mbedtls_ssl_conf_curves()` with the desired lists. +If you still need to allow hashes and curves in TLS that have been removed from the default configuration, call `mbedtls_ssl_conf_sig_hashes()` and `mbedtls_ssl_conf_groups()` with the desired lists. ### Remove 3DES ciphersuites From 0704fbf1eb89134ec30d677d615998b6309b3bb1 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 23 Jan 2025 10:28:06 +0000 Subject: [PATCH 0030/1548] Fix missing-word typo Signed-off-by: David Horstmann --- SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 00d4aed349..4682f7aacc 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -156,8 +156,8 @@ Similarly, CSRs are implicitly trusted by Mbed TLS to be standards-compliant. **Warning!** Mbed TLS must not be used to sign untrusted CSRs unless extra validation is performed separately to ensure that they are compliant to the -relevant specifications. This makes Mbed TLS on its own unsuitable use in a -Certificate Authority (CA). +relevant specifications. This makes Mbed TLS on its own unsuitable for use in +a Certificate Authority (CA). However, Mbed TLS aims to protect against memory corruption and other undefined behavior when parsing certificates and CSRs. If a CSR or signed From 5c730c1d54845ca4f97d968b8495c68eb1cc3b05 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 14 Jan 2025 17:02:06 +0100 Subject: [PATCH 0031/1548] ssl-opt.sh: remove DHE-PSK only test cases Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 136 ----------------------------------------------- 1 file changed, 136 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 88b0e115d1..b14b1b2441 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8604,50 +8604,6 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384, EMS -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" -run_test "PSK callback: opaque dhe-psk on client, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque dhe-psk on client, no callback, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - run_test "PSK callback: raw psk on client, static opaque on server, no callback" \ "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -8740,52 +8696,6 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" -run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback" \ - "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \ - "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS" \ - "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=73776f726466697368 extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=73776f726466697368 extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \ "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ @@ -8878,52 +8788,6 @@ run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on serve -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" -run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback" \ - "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \ - "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=def psk=beef" \ - 0 \ - -C "session hash for extended master secret"\ - -S "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback, EMS" \ - "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=abc psk=dead extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - -run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ - force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ - "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=abc psk=dead extended_ms=1" \ - 0 \ - -c "session hash for extended master secret"\ - -s "session hash for extended master secret"\ - -S "SSL - The handshake negotiation failed" \ - -S "SSL - Unknown identity received" \ - -S "SSL - Verification of the message MAC failed" - run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \ "$P_SRV extended_ms=0 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ From 9a9c9a53c12e30c49493843766d01b83dd0e7ea5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 14 Jan 2025 17:04:09 +0100 Subject: [PATCH 0032/1548] compat.sh: do not use DHE-PSK key exchange in gnutls tests DHE-PSK is being removed from Mbed TLS so we cannot use this key exchange with gnutls testing. Signed-off-by: Valerio Setti --- tests/compat.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/compat.sh b/tests/compat.sh index 05102e3f16..b2482559f5 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -620,7 +620,7 @@ setup_arguments() M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE" O_SERVER_ARGS="-accept $PORT -cipher ALL,COMPLEMENTOFALL -$O_MODE" G_SERVER_ARGS="-p $PORT --http $G_MODE" - G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:-VERS-TLS-ALL:$G_PRIO_MODE" + G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+NULL:+MD5:+PSK:+ECDHE-PSK:+SHA256:+SHA384:-VERS-TLS-ALL:$G_PRIO_MODE" # The default prime for `openssl s_server` depends on the version: # * OpenSSL <= 1.0.2a: 512-bit From 64d264d2e6e66ee7c7c5897921e08f25dcb68153 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 15 Jan 2025 14:49:57 +0100 Subject: [PATCH 0033/1548] compat.sh: remove usage of DHE-PSK Signed-off-by: Valerio Setti --- tests/compat.sh | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index b2482559f5..656b29d06f 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -406,9 +406,6 @@ add_openssl_ciphersuites() "PSK") CIPHERS="$CIPHERS \ - TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 \ - TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 \ - TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \ TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \ TLS_PSK_WITH_ARIA_128_GCM_SHA256 \ TLS_PSK_WITH_ARIA_256_GCM_SHA384 \ @@ -472,22 +469,6 @@ add_gnutls_ciphersuites() "PSK") CIPHERS="$CIPHERS \ - TLS_DHE_PSK_WITH_AES_128_CBC_SHA \ - TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 \ - TLS_DHE_PSK_WITH_AES_128_CCM \ - TLS_DHE_PSK_WITH_AES_128_CCM_8 \ - TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 \ - TLS_DHE_PSK_WITH_AES_256_CBC_SHA \ - TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 \ - TLS_DHE_PSK_WITH_AES_256_CCM \ - TLS_DHE_PSK_WITH_AES_256_CCM_8 \ - TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 \ - TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 \ - TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 \ - TLS_DHE_PSK_WITH_NULL_SHA256 \ - TLS_DHE_PSK_WITH_NULL_SHA384 \ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA \ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 \ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA \ @@ -554,9 +535,6 @@ add_mbedtls_ciphersuites() "PSK") # *PSK_NULL_SHA suites supported by GnuTLS 3.3.5 but not 3.2.15 M_CIPHERS="$M_CIPHERS \ - TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 \ - TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 \ - TLS_DHE_PSK_WITH_NULL_SHA \ TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 \ TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 \ TLS_ECDHE_PSK_WITH_NULL_SHA \ From 48659a1f9ce9f64440ac6f3cb84d23e4ee8ed9b5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 15 Jan 2025 14:22:28 +0100 Subject: [PATCH 0034/1548] ssl_tls: remove usage of DHE-PSK Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 4 --- library/ssl_tls.c | 29 ++---------------- library/ssl_tls12_client.c | 61 ++++---------------------------------- library/ssl_tls12_server.c | 59 ++++-------------------------------- 4 files changed, 13 insertions(+), 140 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index fff53399b7..21dafd9dc6 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -669,10 +669,6 @@ union mbedtls_ssl_premaster_secret { #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 2 */ #endif -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE - + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */ -#endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES + MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5031c77a56..0d07a855fc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7025,7 +7025,6 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, * length of the other key. */ case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: other_secret_len = MBEDTLS_GET_UINT16_BE(handshake->premaster, 0); other_secret = handshake->premaster + 2; break; @@ -7326,14 +7325,9 @@ int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_excha /* * This should never happen because the existence of a PSK is always * checked before calling this function. - * - * The exception is opaque DHE-PSK. For DHE-PSK fill premaster with - * the shared secret without PSK. */ - if (key_ex != MBEDTLS_KEY_EXCHANGE_DHE_PSK) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } /* @@ -7360,24 +7354,6 @@ int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_excha p += psk_len; } else #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - if (key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - - /* Write length only when we know the actual value */ - if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, - p + 2, (size_t) (end - (p + 2)), &len, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret); - return ret; - } - MBEDTLS_PUT_UINT16_BE(len, p, 0); - p += 2 + len; - - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); - } else -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) if (key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -9686,7 +9662,6 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, /* Don't use default: we want warnings when adding new values */ case MBEDTLS_KEY_EXCHANGE_NONE: case MBEDTLS_KEY_EXCHANGE_PSK: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: case MBEDTLS_KEY_EXCHANGE_ECJPAKE: usage = 0; diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 14ce37757e..63f4240f21 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1660,8 +1660,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) return 0; } -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_server_dh_params(mbedtls_ssl_context *ssl, unsigned char **p, @@ -1699,8 +1698,7 @@ static int ssl_parse_server_dh_params(mbedtls_ssl_context *ssl, return ret; } -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ #if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ @@ -2171,7 +2169,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { if (ssl_parse_server_psk_hint(ssl, &p, end) != 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); @@ -2189,10 +2186,8 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) ; /* nothing more to do */ } else #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { +#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) { if (ssl_parse_server_dh_params(ssl, &p, end) != 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( @@ -2202,8 +2197,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } } else -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) @@ -3043,51 +3037,6 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) content_len = 0; } else #endif -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { - /* - * ClientDiffieHellmanPublic public (DHM send G^X mod P) - */ - content_len = mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx); - - if (header_len + 2 + content_len > - MBEDTLS_SSL_OUT_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("psk identity or DHM size too long or SSL buffer too short")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - ssl->out_msg[header_len++] = MBEDTLS_BYTE_1(content_len); - ssl->out_msg[header_len++] = MBEDTLS_BYTE_0(content_len); - - ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx, - (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx), - &ssl->out_msg[header_len], content_len, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_public", ret); - return ret; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - unsigned char *pms = ssl->handshake->premaster; - unsigned char *pms_end = pms + sizeof(ssl->handshake->premaster); - size_t pms_len; - - /* Write length only when we know the actual value */ - if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, - pms + 2, pms_end - (pms + 2), &pms_len, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret); - return ret; - } - MBEDTLS_PUT_UINT16_BE(pms_len, pms, 0); - pms += 2 + pms_len; - - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); -#endif - } else -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ #if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 9e7c52c5e6..7b013f9cc2 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2887,19 +2887,16 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ /* - * For (EC)DHE key exchanges with PSK, parameters are prefixed by support + * For ECDHE key exchanges with PSK, parameters are prefixed by support * identity hint (RFC 4279, Sec. 3). Until someone needs this feature, * we use empty support identity hints here. **/ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { ssl->out_msg[ssl->out_msglen++] = 0x00; ssl->out_msg[ssl->out_msglen++] = 0x00; } -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ /* * - DHE key exchanges @@ -3375,8 +3372,7 @@ static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl) return 0; } -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_client_dh_public(mbedtls_ssl_context *ssl, unsigned char **p, const unsigned char *end) @@ -3411,8 +3407,7 @@ static int ssl_parse_client_dh_public(mbedtls_ssl_context *ssl, unsigned char ** return ret; } -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) @@ -3838,48 +3833,6 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) #endif /* !MBEDTLS_USE_PSA_CRYPTO */ } else #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { - if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); - return ret; - } - if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_dh_public"), ret); - return ret; - } - - if (p != end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - unsigned char *pms = ssl->handshake->premaster; - unsigned char *pms_end = pms + sizeof(ssl->handshake->premaster); - size_t pms_len; - - /* Write length only when we know the actual value */ - if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, - pms + 2, pms_end - (pms + 2), &pms_len, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret); - return ret; - } - MBEDTLS_PUT_UINT16_BE(pms_len, pms, 0); - pms += 2 + pms_len; - - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); -#else - if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, - (mbedtls_key_exchange_type_t) ciphersuite_info-> - key_exchange)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - } else -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { #if defined(MBEDTLS_USE_PSA_CRYPTO) From 6348b46c0b9c00bff72f0175fa64ffa26e85aebc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 15 Jan 2025 14:32:46 +0100 Subject: [PATCH 0035/1548] ssl_ciphersuites: remove references/usages of DHE-PSK Signed-off-by: Valerio Setti --- include/mbedtls/ssl_ciphersuites.h | 30 +---- library/ssl_ciphersuites.c | 190 ---------------------------- library/ssl_ciphersuites_internal.h | 2 - 3 files changed, 1 insertion(+), 221 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 18e3c4a169..17a0121738 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -28,7 +28,6 @@ extern "C" { #define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */ #define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */ -#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D /**< Weak! */ #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33 @@ -51,9 +50,6 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90 -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91 - #define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */ #define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */ #define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E /**< TLS 1.2 */ @@ -61,19 +57,12 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */ #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2 -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3 -#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4 /**< Weak! */ -#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5 /**< Weak! */ - #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */ #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */ @@ -148,12 +137,8 @@ extern "C" { #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071 /**< TLS 1.2 */ @@ -181,13 +166,9 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC094 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC095 -#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC096 -#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC097 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B @@ -201,12 +182,8 @@ extern "C" { #define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB /**< TLS 1.2 */ /* The last two are named with PSK_DHE in the RFC, which looks like a typo */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC /**< TLS 1.2 */ @@ -222,7 +199,6 @@ extern "C" { #define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD /**< TLS 1.2 */ /* RFC 8446, Appendix B.4 */ #define MBEDTLS_TLS1_3_AES_128_GCM_SHA256 0x1301 /**< TLS 1.3 */ @@ -241,7 +217,6 @@ typedef enum { MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, @@ -318,7 +293,6 @@ typedef enum { /* Key exchanges that involve ephemeral keys */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ @@ -328,14 +302,12 @@ typedef enum { /* Key exchanges using a PSK */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED #endif /* Key exchanges using DHE */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED #endif diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index f4621876b5..8f41f2d4b0 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -119,34 +119,15 @@ static const int ciphersuite_preference[] = /* The PSK ephemeral suites */ MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, - MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, - MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, - MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, - MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, - MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, - MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, - MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, /* The ECJPAKE suite */ MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, @@ -239,9 +220,6 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, - MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, - MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, - MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, MBEDTLS_TLS_RSA_WITH_NULL_SHA256, MBEDTLS_TLS_RSA_WITH_NULL_SHA, @@ -342,14 +320,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, - "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 && PSA_WANT_ALG_SHA_256 && MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -1051,107 +1021,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ - -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_CCM) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CCM */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #if defined(PSA_WANT_KEY_TYPE_AES) @@ -1264,29 +1133,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ - -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #if defined(PSA_WANT_ALG_SHA_1) { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA", @@ -1579,41 +1425,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, - "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, - "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ - #endif /* PSA_WANT_KEY_TYPE_ARIA */ @@ -1863,7 +1674,6 @@ int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_PSK: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: return 1; diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index 4f71bc0630..5c7e7f9b93 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -29,7 +29,6 @@ static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_ { switch (info->MBEDTLS_PRIVATE(key_exchange)) { case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: @@ -109,7 +108,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite { switch (info->MBEDTLS_PRIVATE(key_exchange)) { case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: return 1; default: From 70cc4e6bd1f21bbfa24a5ff1521a9457972d580a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 15 Jan 2025 14:50:23 +0100 Subject: [PATCH 0036/1548] analyze_outcomes.py: remove exceptions related to DHE-PSK Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index fd59822b59..3628fcf582 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -493,17 +493,10 @@ class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference): 'psa_crypto_ecp', ] IGNORED_TESTS = { - 'ssl-opt': [ - # DHE support in TLS 1.2 requires built-in MBEDTLS_DHM_C - # (because it needs custom groups, which PSA does not - # provide), even with MBEDTLS_USE_PSA_CRYPTO. - re.compile(r'PSK callback:.*\bdhe-psk\b.*'), - ], 'test_suite_config': [ re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'), re.compile(r'.*\bMBEDTLS_DHM_C\b.*'), re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), - re.compile(r'.*\bMBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED\b.*'), re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'), ], 'test_suite_platform': [ From 6e892cb630442ae362e5aa48a72449d482488fe8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 20 Jan 2025 11:28:38 +0100 Subject: [PATCH 0037/1548] components-configuration-crypto.sh: remove references to DHE_PSK kex Signed-off-by: Valerio Setti --- tests/scripts/components-configuration-crypto.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index bb80bb44c8..c8c095f5fd 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -672,7 +672,6 @@ component_test_psa_crypto_config_accel_ffdh () { scripts/config.py unset MBEDTLS_DHM_C # Disable things that depend on it - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED # Build @@ -702,7 +701,6 @@ component_test_psa_crypto_config_reference_ffdh () { helper_libtestdriver1_adjust_config "full" # Disable things that are not supported - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED make @@ -1187,14 +1185,12 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*" scripts/config.py unset MBEDTLS_DHM_C - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED else # When testing ECC and DH instead, we disable DHM and depending key # exchanges only in the accelerated build if [ "$driver_only" -eq 1 ]; then scripts/config.py unset MBEDTLS_DHM_C - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED fi fi From a07345247e317c8d659ed4283725ec693347bb44 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 15 Jan 2025 14:52:34 +0100 Subject: [PATCH 0038/1548] check_config: remove checks for DHE-PSK Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index eebe1644be..abce71b71b 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -69,10 +69,6 @@ #error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites" #endif -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C) -#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \ !defined(MBEDTLS_CAN_ECDH) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites" @@ -180,7 +176,6 @@ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) ) #error "One or more versions of the TLS protocol are enabled " \ From 6ba324de0203a512e47485db87d20b9a0a2b861e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 15 Jan 2025 14:53:36 +0100 Subject: [PATCH 0039/1548] mbedtls_config: remove MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED This commit also removes its disabling from config_adjust_ssl.h Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_ssl.h | 1 - include/mbedtls/mbedtls_config.h | 30 ----------------------------- 2 files changed, 31 deletions(-) diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h index ce90991c16..0b1551b929 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/config_adjust_ssl.h @@ -66,7 +66,6 @@ #undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 64bf7eeaad..57bc67338a 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -206,36 +206,6 @@ */ #define MBEDTLS_DEBUG_C -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - * - * Enable the DHE-PSK based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 - * - * \warning Using DHE constitutes a security risk as it - * is not possible to validate custom DH parameters. - * If possible, it is recommended users should consider - * preferring other methods of key exchange. - * See dhm.h for more details. - * - */ -#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - - /** * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED * From 27bc56303a00430ada4045207c7a2a56322d7126 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 15 Jan 2025 14:57:50 +0100 Subject: [PATCH 0040/1548] docs: remove references of DHE-PSK Signed-off-by: Valerio Setti --- configs/ext/crypto_config_profile_medium.h | 6 ------ docs/architecture/tls13-support.md | 1 - 2 files changed, 7 deletions(-) diff --git a/configs/ext/crypto_config_profile_medium.h b/configs/ext/crypto_config_profile_medium.h index 637c2ff11c..83048d0d80 100644 --- a/configs/ext/crypto_config_profile_medium.h +++ b/configs/ext/crypto_config_profile_medium.h @@ -549,16 +549,10 @@ * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md index 52669fdf42..c98ccf7cc1 100644 --- a/docs/architecture/tls13-support.md +++ b/docs/architecture/tls13-support.md @@ -115,7 +115,6 @@ Support description | MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED | no | | | | | MBEDTLS_KEY_EXCHANGE_PSK_ENABLED | n/a (2) | - | MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_RSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED | n/a | From 944f3ab1d673069c1e7fc84310cf903fcf6d4770 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 15 Jan 2025 15:18:42 +0100 Subject: [PATCH 0041/1548] changelog: add note about DHE-PSK removal Signed-off-by: Valerio Setti --- ChangeLog.d/9684.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/9684.txt diff --git a/ChangeLog.d/9684.txt b/ChangeLog.d/9684.txt new file mode 100644 index 0000000000..115ded87a0 --- /dev/null +++ b/ChangeLog.d/9684.txt @@ -0,0 +1,2 @@ +Removals + * Remove support for the DHE-PSK key exchange in TLS 1.2. From 3dfe75e1158bdfe3225acda6612e47bdf397002d Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Sun, 26 Jan 2025 10:43:42 +0200 Subject: [PATCH 0042/1548] Remove mbedtls_ssl_reset_in_out_pointers Signed-off-by: Deomid rojer Ryabkov --- library/ssl_misc.h | 7 +------ library/ssl_tls.c | 6 ++++-- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 309e924ce8..45aaea59a3 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1830,15 +1830,10 @@ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl); void mbedtls_ssl_reset_in_pointers(mbedtls_ssl_context *ssl); +void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl); void mbedtls_ssl_reset_out_pointers(mbedtls_ssl_context *ssl); -static inline void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl) -{ - mbedtls_ssl_reset_in_pointers(ssl); - mbedtls_ssl_reset_out_pointers(ssl); -} void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform); -void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 70621b5ccc..450c397c78 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1419,7 +1419,8 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, goto error; } - mbedtls_ssl_reset_in_out_pointers(ssl); + mbedtls_ssl_reset_in_pointers(ssl); + mbedtls_ssl_reset_out_pointers(ssl); #if defined(MBEDTLS_SSL_DTLS_SRTP) memset(&ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info)); @@ -1484,7 +1485,8 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, /* Cancel any possibly running timer */ mbedtls_ssl_set_timer(ssl, 0); - mbedtls_ssl_reset_in_out_pointers(ssl); + mbedtls_ssl_reset_in_pointers(ssl); + mbedtls_ssl_reset_out_pointers(ssl); /* Reset incoming message parsing */ ssl->in_offt = NULL; From aaa152ed91d445e233e71c8d7c3f2aa5b3b72a1a Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Sun, 26 Jan 2025 11:10:54 +0200 Subject: [PATCH 0043/1548] Allow fragments less HS msg header size (4 bytes) Except the first Signed-off-by: Deomid rojer Ryabkov --- library/ssl_msg.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index d0b755d9d3..36a8611109 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3219,7 +3219,8 @@ static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl) int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) { - if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) { + /* First handshake fragment must at least include the header. */ + if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl) && ssl->in_hslen == 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET, ssl->in_msglen)); return MBEDTLS_ERR_SSL_INVALID_RECORD; From 094fd49f5b22ead6db5bb5bb884c243937a31144 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 23 Jan 2025 11:19:26 +0100 Subject: [PATCH 0044/1548] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 1bc29c97c9..df85eda50d 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 1bc29c97c99ad40aa9f17b5a873b391454c9c068 +Subproject commit df85eda50d5cd7dbbd06843eaf4ca2c5ee27a874 From 5b7bfd8d5a59c985cf694bf67e4194ce1f8a5a7b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 20 Jan 2025 10:50:45 +0100 Subject: [PATCH 0045/1548] test_suite_ssl: adapt DHE-RSA tests to ECDHE-RSA Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 84 ++++++++++++++++---------------- 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 2eeb17290c..4ce9bfd5ec 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -372,9 +372,9 @@ Handshake, RSA-WITH-AES-128-CCM depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:0 -Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:0 +Handshake, ECDHE-RSA-WITH-AES-256-CBC-SHA384 +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:0 Handshake, ECDHE-ECDSA-WITH-AES-256-CCM depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH @@ -400,9 +400,9 @@ DTLS Handshake, RSA-WITH-AES-128-CCM depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:1 -DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:1 +DTLS Handshake, ECDHE-RSA-WITH-AES-256-CBC-SHA384 +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:1 DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH @@ -785,53 +785,53 @@ DTLS legacy break handshake renegotiation with MFL=4096, RSA-WITH-AES-128-CCM depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" -DTLS no legacy renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384 +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" -DTLS no legacy renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +DTLS no legacy renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-CBC-SHA384 +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" -DTLS no legacy renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +DTLS no legacy renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-CBC-SHA384 +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" -DTLS no legacy renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +DTLS no legacy renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-CBC-SHA384 +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" -DTLS legacy allow renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +DTLS legacy allow renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384 +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" -DTLS legacy allow renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +DTLS legacy allow renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-CBC-SHA384 +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" -DTLS legacy allow renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +DTLS legacy allow renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-CBC-SHA384 +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" -DTLS legacy allow renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +DTLS legacy allow renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-CBC-SHA384 +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" -DTLS legacy break handshake renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +DTLS legacy break handshake renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384 +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" -DTLS legacy break handshake renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-CBC-SHA384 +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" -DTLS legacy break handshake renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-CBC-SHA384 +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" -DTLS legacy break handshake renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-CBC-SHA384 +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" SSL DTLS replay: initial state, seqnum 0 ssl_dtls_replay:"":"000000000000":0 From b8ef2a4455d453d0bee44a1291ed2789ef97109e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 20 Jan 2025 11:07:09 +0100 Subject: [PATCH 0046/1548] test_suite_ssl: adapt handshake_fragmentation() to use ECDHE-RSA Use ECDHE-RSA instead of DHE-RSA. Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 0781ceff84..6bb4dfee7f 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2761,7 +2761,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ void handshake_fragmentation(int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation) @@ -2778,7 +2778,7 @@ void handshake_fragmentation(int mfl, options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; options.mfl = mfl; /* Set cipher to one using CBC so that record splitting can be tested */ - options.cipher = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"; + options.cipher = "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"; options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; options.srv_log_obj = &srv_pattern; options.cli_log_obj = &cli_pattern; From 8638603ba7204ceaccafe247108c2cf5c6912674 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 20 Jan 2025 11:12:14 +0100 Subject: [PATCH 0047/1548] test_suite_ssl: remove tests specific for DHE-RSA These tests were specific for DHE-RSA (which is being removed on development branch) and also for each of them there was already the ECDHE-RSA counterpart available. Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 4ce9bfd5ec..abc6fa66ad 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -452,30 +452,6 @@ Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad usage depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 -Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - -Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - -Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - -Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 From 592f6826dd3a63f8c08bd1959100a2e3da82b118 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 22 Jan 2025 11:03:46 +0100 Subject: [PATCH 0048/1548] test_suite_ssl: update description for conf_curve and conf_gruop tests These tests are about EC curves/groups, not DH ones, so the description should be updated accordingly. Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index abc6fa66ad..8d9e8bbc3f 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3062,7 +3062,7 @@ TLS 1.3: SRV: Session serialization, load buffer size depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 -Test configuration of groups for DHE through mbedtls_ssl_conf_groups() +Test configuration of EC groups through mbedtls_ssl_conf_groups() conf_group: Version config: valid client TLS 1.2 only From 309a7ec70e694ebea729807d1e5a92147366c2f7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 20 Jan 2025 13:07:39 +0100 Subject: [PATCH 0049/1548] ssl-opt.sh: adapt tests from DHE-RSA to ECDHE-RSA Adapted tests do not already have an ECDHE-RSA test available. Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 88b0e115d1..8edfdb1672 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2553,11 +2553,12 @@ run_test "Opaque key for server authentication: RSA-" \ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: DHE-RSA, PSS instead of PKCS1" \ +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +run_test "Opaque key for server authentication: ECDHE-RSA, PSS instead of PKCS1" \ "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pss,none debug_level=1" \ "$P_CLI crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ + key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 1 \ -s "key types: Opaque, none" \ -s "got ciphersuites in common, but none of them usable" \ @@ -2586,20 +2587,21 @@ run_test "Opaque keys for server authentication: RSA keys with different algs requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED requires_hash_alg SHA_384 requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "Opaque keys for server authentication: EC + RSA, force DHE-RSA" \ +run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-RSA" \ "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none \ crt_file2=$DATA_FILES_PATH/server4.crt \ key_file2=$DATA_FILES_PATH/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-DHE-RSA" \ + -c "Ciphersuite is TLS-ECDHE-RSA" \ -c "CN=Polarssl Test EC CA" \ -s "key types: Opaque, Opaque" \ - -s "Ciphersuite is TLS-DHE-RSA" \ + -s "Ciphersuite is TLS-ECDHE-RSA" \ -S "error" \ -C "error" @@ -7843,11 +7845,11 @@ run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, RSA: OK" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" -run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \ +run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, ECDHE-RSA: OK" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \ "$P_CLI debug_level=1 \ - force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -C "bad certificate (usage extensions)" \ -C "Processing of the Certificate handshake message failed" \ @@ -7863,11 +7865,11 @@ run_test "keyUsage cli 1.2: KeyEncipherment, RSA: OK" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" -run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (hard)" \ +run_test "keyUsage cli 1.2: KeyEncipherment, ECDHE-RSA: fail (hard)" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ "$P_CLI debug_level=3 \ - force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 1 \ -c "bad certificate (usage extensions)" \ -c "Processing of the Certificate handshake message failed" \ @@ -7876,11 +7878,11 @@ run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (hard)" \ -c "! Usage does not match the keyUsage extension" # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT -run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (soft)" \ +run_test "keyUsage cli 1.2: KeyEncipherment, ECDHE-RSA: fail (soft)" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ "$P_CLI debug_level=3 auth_mode=optional \ - force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -c "bad certificate (usage extensions)" \ -C "Processing of the Certificate handshake message failed" \ @@ -7888,11 +7890,11 @@ run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (soft)" \ -C "send alert level=2 message=43" \ -c "! Usage does not match the keyUsage extension" -run_test "keyUsage cli 1.2: DigitalSignature, DHE-RSA: OK" \ +run_test "keyUsage cli 1.2: DigitalSignature, ECDHE-RSA: OK" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ "$P_CLI debug_level=1 \ - force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -C "bad certificate (usage extensions)" \ -C "Processing of the Certificate handshake message failed" \ From 3b412e283f0c59caea9c1075bd2c52500e0c66ee Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 20 Jan 2025 15:33:43 +0100 Subject: [PATCH 0050/1548] ssl-opt.sh: remove tests which are specific for DHE-RSA For these ones there is no ECDHE alternative as they are testing specific features of DHE. Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 90 ------------------------------------------------ 1 file changed, 90 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8edfdb1672..36789b1cdf 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8417,96 +8417,6 @@ run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (hard)" \ -s "Processing of the Certificate handshake message failed" # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT -# Tests for DHM parameters loading - -run_test "DHM parameters: reference" \ - "$P_SRV" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=3" \ - 0 \ - -c "value of 'DHM: P ' (2048 bits)" \ - -c "value of 'DHM: G ' (2 bits)" - -run_test "DHM parameters: other parameters" \ - "$P_SRV dhm_file=$DATA_FILES_PATH/dhparams.pem" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=3" \ - 0 \ - -c "value of 'DHM: P ' (1024 bits)" \ - -c "value of 'DHM: G ' (2 bits)" - -# Tests for DHM client-side size checking - -run_test "DHM size: server default, client default, OK" \ - "$P_SRV" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1" \ - 0 \ - -C "DHM prime too short:" - -run_test "DHM size: server default, client 2048, OK" \ - "$P_SRV" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1 dhmlen=2048" \ - 0 \ - -C "DHM prime too short:" - -run_test "DHM size: server 1024, client default, OK" \ - "$P_SRV dhm_file=$DATA_FILES_PATH/dhparams.pem" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1" \ - 0 \ - -C "DHM prime too short:" - -run_test "DHM size: server 999, client 999, OK" \ - "$P_SRV dhm_file=$DATA_FILES_PATH/dh.999.pem" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1 dhmlen=999" \ - 0 \ - -C "DHM prime too short:" - -run_test "DHM size: server 1000, client 1000, OK" \ - "$P_SRV dhm_file=$DATA_FILES_PATH/dh.1000.pem" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1 dhmlen=1000" \ - 0 \ - -C "DHM prime too short:" - -run_test "DHM size: server 1000, client default, rejected" \ - "$P_SRV dhm_file=$DATA_FILES_PATH/dh.1000.pem" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1" \ - 1 \ - -c "DHM prime too short:" - -run_test "DHM size: server 1000, client 1001, rejected" \ - "$P_SRV dhm_file=$DATA_FILES_PATH/dh.1000.pem" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1 dhmlen=1001" \ - 1 \ - -c "DHM prime too short:" - -run_test "DHM size: server 999, client 1000, rejected" \ - "$P_SRV dhm_file=$DATA_FILES_PATH/dh.999.pem" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1 dhmlen=1000" \ - 1 \ - -c "DHM prime too short:" - -run_test "DHM size: server 998, client 999, rejected" \ - "$P_SRV dhm_file=$DATA_FILES_PATH/dh.998.pem" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1 dhmlen=999" \ - 1 \ - -c "DHM prime too short:" - -run_test "DHM size: server default, client 2049, rejected" \ - "$P_SRV" \ - "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - debug_level=1 dhmlen=2049" \ - 1 \ - -c "DHM prime too short:" - # Tests for PSK callback run_test "PSK callback: psk, no callback" \ From 0ebd6de77b30f47462f20cb0727e6a1a5ced9b3a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 20 Jan 2025 15:34:43 +0100 Subject: [PATCH 0051/1548] ssl-opt.sh: remove tests forcing DHE-RSA for which have alternatives Remove tests which are forcing DHE-RSA, but for which an ECDHE-RSA alternative already exists. Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 52 ------------------------------------------------ 1 file changed, 52 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 36789b1cdf..9652c8a099 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2276,23 +2276,6 @@ run_test "Opaque key for client authentication: ECDHE-RSA" \ -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -run_test "Opaque key for client authentication: DHE-RSA" \ - "$P_SRV force_version=tls12 auth_mode=required crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key" \ - "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - key_opaque_algs=rsa-sign-pkcs1,none" \ - 0 \ - -c "key type: Opaque" \ - -c "Ciphersuite is TLS-DHE-RSA" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "Ciphersuite is TLS-DHE-RSA" \ - -S "error" \ - -C "error" - # Test using an EC opaque private key for server authentication requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -2521,21 +2504,6 @@ run_test "Opaque key for server authentication: ECDHE-RSA" \ -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: DHE-RSA" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ - "$P_CLI force_version=tls12 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-DHE-RSA" \ - -s "key types: Opaque, none" \ - -s "Ciphersuite is TLS-DHE-RSA" \ - -S "error" \ - -C "error" - requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 @@ -2644,26 +2612,6 @@ run_test "Opaque key for client/server authentication: ECDHE-RSA" \ -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -run_test "Opaque key for client/server authentication: DHE-RSA" \ - "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ - "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none \ - force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -c "key type: Opaque" \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-DHE-RSA" \ - -s "key types: Opaque, none" \ - -s "Verifying peer X.509 certificate... ok" \ - -s "Ciphersuite is TLS-DHE-RSA" \ - -S "error" \ - -C "error" - - # Test ciphersuites which we expect to be fully supported by PSA Crypto # and check that we don't fall back to Mbed TLS' internal crypto primitives. run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM From 1c49cff468c4b56ec076638f63c91ce24e8c3025 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 23 Sep 2024 14:38:59 +0200 Subject: [PATCH 0052/1548] Use PSA macros for the `curves` domain Exclude the SECP224K1 curve due it is unstable via the PSA API. Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 68 ++++++++++++++++++++++++++-------------- 1 file changed, 44 insertions(+), 24 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index f7fc60f579..2765e72b3d 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -274,21 +274,21 @@ def test(self, options): 'MBEDTLS_CIPHER_PADDING_ZEROS': ['MBEDTLS_CIPHER_MODE_CBC'], 'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN': ['MBEDTLS_CIPHER_MODE_CBC'], - 'MBEDTLS_ECP_DP_BP256R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_256'], - 'MBEDTLS_ECP_DP_BP384R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_384'], - 'MBEDTLS_ECP_DP_BP512R1_ENABLED': ['PSA_WANT_ECC_BRAINPOOL_P_R1_512'], - 'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['PSA_WANT_ECC_MONTGOMERY_255'], - 'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['PSA_WANT_ECC_MONTGOMERY_448'], - 'MBEDTLS_ECP_DP_SECP192R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_192'], - 'MBEDTLS_ECP_DP_SECP224R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_224'], - 'MBEDTLS_ECP_DP_SECP256R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_256', - 'PSA_WANT_ALG_JPAKE', - 'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], - 'MBEDTLS_ECP_DP_SECP384R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_384'], - 'MBEDTLS_ECP_DP_SECP512R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_512'], - 'MBEDTLS_ECP_DP_SECP521R1_ENABLED': ['PSA_WANT_ECC_SECP_R1_521'], - 'MBEDTLS_ECP_DP_SECP192K1_ENABLED': ['PSA_WANT_ECC_SECP_K1_192'], - 'MBEDTLS_ECP_DP_SECP256K1_ENABLED': ['PSA_WANT_ECC_SECP_K1_256'], + 'PSA_WANT_ECC_BRAINPOOL_P_R1_256': ['MBEDTLS_ECP_DP_BP256R1_ENABLED'], + 'PSA_WANT_ECC_BRAINPOOL_P_R1_384': ['MBEDTLS_ECP_DP_BP384R1_ENABLED'], + 'PSA_WANT_ECC_BRAINPOOL_P_R1_512': ['MBEDTLS_ECP_DP_BP512R1_ENABLED'], + 'PSA_WANT_ECC_MONTGOMERY_255': ['MBEDTLS_ECP_DP_CURVE25519_ENABLED'], + 'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'], + 'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'], + 'PSA_WANT_ECC_SECP_R1_224': ['MBEDTLS_ECP_DP_SECP224R1_ENABLED'], + 'PSA_WANT_ECC_SECP_R1_256': ['MBEDTLS_ECJPAKE_C', + 'MBEDTLS_ECP_DP_SECP256R1_ENABLED'], + 'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'], + 'PSA_WANT_ECC_SECP_R1_512': ['MBEDTLS_ECP_DP_SECP512R1_ENABLED'], + 'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'], + 'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'], + 'PSA_WANT_ECC_SECP_K1_224': ['MBEDTLS_ECP_DP_SECP224K1_ENABLED'], + 'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'], 'MBEDTLS_ECDSA_C': ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', @@ -362,12 +362,12 @@ def test(self, options): EXCLUSIVE_GROUPS = { 'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C', '-MBEDTLS_SSL_TLS_C'], - 'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C', - '-MBEDTLS_ECDSA_DETERMINISTIC', - '-MBEDTLS_ECJPAKE_C',], - 'MBEDTLS_ECP_DP_CURVE25519_ENABLED': ['-MBEDTLS_ECDSA_C', - '-MBEDTLS_ECDSA_DETERMINISTIC', - '-MBEDTLS_ECJPAKE_C'], + 'PSA_WANT_ECC_MONTGOMERY_448': ['-MBEDTLS_ECDSA_C', + '-MBEDTLS_ECDSA_DETERMINISTIC', + '-MBEDTLS_ECJPAKE_C',], + 'PSA_WANT_ECC_MONTGOMERY_255': ['-MBEDTLS_ECDSA_C', + '-MBEDTLS_ECDSA_DETERMINISTIC', + '-MBEDTLS_ECJPAKE_C'], 'PSA_WANT_KEY_TYPE_ARIA': ['-PSA_WANT_ALG_CMAC', '-PSA_WANT_ALG_CCM', '-PSA_WANT_ALG_GCM', @@ -512,8 +512,23 @@ def __init__(self, options, conf): # Find hash modules by name. hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z') - # Find elliptic curve enabling macros by name. - curve_symbols = self.config_symbols_matching(r'MBEDTLS_ECP_DP_\w+_ENABLED\Z') + + # Find elliptic curve enabling macros + # Mapping is needed for PSA_WANT_ECC_SECP_K1_224 because it actually uses 225 bits. + key_type_mapping = {('PSA_ECC_FAMILY_SECP_K1', '225'): ('PSA_ECC_FAMILY_SECP_K1', '224')} + def get_symbol_from_key_type(key_type_family, bit_size): + (family_name, corrected_bit_size) = key_type_mapping.get((key_type_family, bit_size), + (key_type_family, bit_size)) + symbol = psa_information.finish_family_dependency(family_name, corrected_bit_size) + return psa_information.psa_want_symbol(symbol) + + curve_symbols = {symbol + for symbol in (get_symbol_from_key_type(key_type.family_name, bit_size) + for key_type in key_types + if key_type.family_name in psa_info.ecc_curves + for bit_size in key_type.sizes_to_test()) + if symbol in self.all_config_symbols} + # Find key exchange enabling macros by name. key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z') @@ -541,8 +556,13 @@ def __init__(self, options, conf): 'cipher_padding': ExclusiveDomain(cipher_padding_symbols, build_and_test), + # Elliptic curves. Run the test suites. - 'curves': ExclusiveDomain(curve_symbols, build_and_test), + # The SECP_K1_224 is not stable via the PSA API. + # See https://github.com/Mbed-TLS/mbedtls/issues/3541 + 'curves': ExclusiveDomain(curve_symbols, + build_and_test, + exclude=r'PSA_WANT_ECC_SECP_K1_224'), # Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1, # SHA224 and SHA384 because MBEDTLS_ENTROPY_C is extensively used # across various modules, but it depends on either SHA256 or SHA512. From 0a2f257492a239138537d78e3aec23069adf9a96 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 10 Jan 2025 17:39:55 +0100 Subject: [PATCH 0053/1548] Use symbol matching for the curves domain Instead of using the `crypto_knowledge.py`, use basic symbol matching for the `PSA_WANT_ECC_*` macros to search for in the `curves` domain of `depend.py`. Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) mode change 100755 => 100644 tests/scripts/depends.py diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py old mode 100755 new mode 100644 index 2765e72b3d..2d5f49b8ae --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -514,20 +514,7 @@ def __init__(self, options, conf): hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z') # Find elliptic curve enabling macros - # Mapping is needed for PSA_WANT_ECC_SECP_K1_224 because it actually uses 225 bits. - key_type_mapping = {('PSA_ECC_FAMILY_SECP_K1', '225'): ('PSA_ECC_FAMILY_SECP_K1', '224')} - def get_symbol_from_key_type(key_type_family, bit_size): - (family_name, corrected_bit_size) = key_type_mapping.get((key_type_family, bit_size), - (key_type_family, bit_size)) - symbol = psa_information.finish_family_dependency(family_name, corrected_bit_size) - return psa_information.psa_want_symbol(symbol) - - curve_symbols = {symbol - for symbol in (get_symbol_from_key_type(key_type.family_name, bit_size) - for key_type in key_types - if key_type.family_name in psa_info.ecc_curves - for bit_size in key_type.sizes_to_test()) - if symbol in self.all_config_symbols} + curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z') # Find key exchange enabling macros by name. key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z') From 069e3e6fe7201263f5ed48efea4a1e275dfacfe3 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 10 Jan 2025 17:44:41 +0100 Subject: [PATCH 0054/1548] Remove reference for `PSA_WANT_ALG_SECP_K1_224` The `PSA_WANT_ALG_SECP_K1_224` symbol has been removed. Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) mode change 100644 => 100755 tests/scripts/depends.py diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py old mode 100644 new mode 100755 index 2d5f49b8ae..8db4ec9426 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -287,7 +287,6 @@ def test(self, options): 'PSA_WANT_ECC_SECP_R1_512': ['MBEDTLS_ECP_DP_SECP512R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'], 'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'], - 'PSA_WANT_ECC_SECP_K1_224': ['MBEDTLS_ECP_DP_SECP224K1_ENABLED'], 'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'], 'MBEDTLS_ECDSA_C': ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', @@ -545,11 +544,8 @@ def __init__(self, options, conf): build_and_test), # Elliptic curves. Run the test suites. - # The SECP_K1_224 is not stable via the PSA API. - # See https://github.com/Mbed-TLS/mbedtls/issues/3541 - 'curves': ExclusiveDomain(curve_symbols, - build_and_test, - exclude=r'PSA_WANT_ECC_SECP_K1_224'), + 'curves': ExclusiveDomain(curve_symbols, build_and_test), + # Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1, # SHA224 and SHA384 because MBEDTLS_ENTROPY_C is extensively used # across various modules, but it depends on either SHA256 or SHA512. From fe14d85b7cb07c14fdce6ec7d510aff881823549 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 17 Jan 2025 12:41:58 +0100 Subject: [PATCH 0055/1548] Remove unused symbol Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 8db4ec9426..ac3ba9c466 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -284,7 +284,6 @@ def test(self, options): 'PSA_WANT_ECC_SECP_R1_256': ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_ECP_DP_SECP256R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'], - 'PSA_WANT_ECC_SECP_R1_512': ['MBEDTLS_ECP_DP_SECP512R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'], 'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'], 'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'], From 7554eeaf4c6000116fec9c19c3237601d95a6e22 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 27 Jan 2025 11:17:10 +0100 Subject: [PATCH 0056/1548] Disable 224K1 while testing the other curves Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index ac3ba9c466..2e8df33b58 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -512,7 +512,9 @@ def __init__(self, options, conf): hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z') # Find elliptic curve enabling macros - curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z') + # MBEDTLS_ECP_DP_SECP224K1_ENABLED added to disable it for all curves + curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z|' + r'MBEDTLS_ECP_DP_SECP224K1_ENABLED') # Find key exchange enabling macros by name. key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z') @@ -543,7 +545,8 @@ def __init__(self, options, conf): build_and_test), # Elliptic curves. Run the test suites. - 'curves': ExclusiveDomain(curve_symbols, build_and_test), + 'curves': ExclusiveDomain(curve_symbols, build_and_test, + exclude=r'MBEDTLS_ECP_DP_SECP224K1_ENABLED'), # Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1, # SHA224 and SHA384 because MBEDTLS_ENTROPY_C is extensively used From b70e76a1e6ffd1596915bc337d8975b904bdd8f6 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Mon, 27 Jan 2025 22:37:37 +0400 Subject: [PATCH 0057/1548] Add a safety check for in_hsfraglen Signed-off-by: Deomid rojer Ryabkov --- library/ssl_msg.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 36a8611109..3eb49e2b26 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3297,6 +3297,9 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ { + if (ssl->in_hsfraglen > ssl->in_hslen) { + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } int ret; const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; MBEDTLS_SSL_DEBUG_MSG(3, From f60b09b019d51e7ca0848bb42841d9d185cfa619 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 22 Jan 2025 11:49:25 +0100 Subject: [PATCH 0058/1548] Rm dead !USE_PSA code: X.509 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/x509*.c Signed-off-by: Manuel Pégourié-Gonnard --- library/x509_crt.c | 30 ------------------------------ library/x509write.c | 2 -- library/x509write_crt.c | 22 ---------------------- library/x509write_csr.c | 11 ----------- 4 files changed, 65 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index d72e2fb8ad..113eb1b072 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -32,11 +32,9 @@ #include "mbedtls/pem.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "psa_util_internal.h" #include "mbedtls/psa_util.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #include "pk_internal.h" #include "mbedtls/platform.h" @@ -2013,11 +2011,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, { int flags = 0; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t psa_algorithm; -#else - const mbedtls_md_info_t *md_info; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ size_t hash_length; if (ca == NULL) { @@ -2051,7 +2045,6 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCRL_BAD_PK; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm = mbedtls_md_psa_alg_from_type(crl_list->sig_md); if (psa_hash_compute(psa_algorithm, crl_list->tbs.p, @@ -2063,18 +2056,6 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; break; } -#else - md_info = mbedtls_md_info_from_type(crl_list->sig_md); - hash_length = mbedtls_md_get_size(md_info); - if (mbedtls_md(md_info, - crl_list->tbs.p, - crl_list->tbs.len, - hash) != 0) { - /* Note: this can't happen except after an internal error */ - flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; - break; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (x509_profile_check_key(profile, &ca->pk) != 0) { flags |= MBEDTLS_X509_BADCERT_BAD_KEY; @@ -2126,16 +2107,6 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, { size_t hash_len; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - const mbedtls_md_info_t *md_info; - md_info = mbedtls_md_info_from_type(child->sig_md); - hash_len = mbedtls_md_get_size(md_info); - - /* Note: hash errors can happen only after an internal error */ - if (mbedtls_md(md_info, child->tbs.p, child->tbs.len, hash) != 0) { - return -1; - } -#else psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md); psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -2149,7 +2120,6 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Skip expensive computation on obvious mismatch */ if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) { return -1; diff --git a/library/x509write.c b/library/x509write.c index 8288c892bb..0906a5a9d1 100644 --- a/library/x509write.c +++ b/library/x509write.c @@ -22,11 +22,9 @@ #include "mbedtls/pem.h" #endif /* MBEDTLS_PEM_WRITE_C */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "mbedtls/psa_util.h" #include "md_psa.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define CHECK_OVERFLOW_ADD(a, b) \ do \ diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 4bae0fbf67..8a476978a1 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -30,11 +30,9 @@ #include "mbedtls/pem.h" #endif /* MBEDTLS_PEM_WRITE_C */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "psa_util_internal.h" #include "mbedtls/psa_util.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx) { @@ -179,10 +177,8 @@ static int mbedtls_x509write_crt_set_key_identifier(mbedtls_x509write_cert *ctx, unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ unsigned char *c = buf + sizeof(buf); size_t len = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t hash_length; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ memset(buf, 0, sizeof(buf)); MBEDTLS_ASN1_CHK_ADD(len, @@ -193,7 +189,6 @@ static int mbedtls_x509write_crt_set_key_identifier(mbedtls_x509write_cert *ctx, ctx->subject_key)); -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_compute(PSA_ALG_SHA_1, buf + sizeof(buf) - len, len, @@ -203,14 +198,6 @@ static int mbedtls_x509write_crt_set_key_identifier(mbedtls_x509write_cert *ctx, if (status != PSA_SUCCESS) { return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } -#else - ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1), - buf + sizeof(buf) - len, len, - buf + sizeof(buf) - 20); - if (ret != 0) { - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ c = buf + sizeof(buf) - 20; len = 20; @@ -403,10 +390,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; size_t hash_length = 0; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_algorithm_t psa_algorithm; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; @@ -572,7 +557,6 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, */ /* Compute hash of CRT. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm = mbedtls_md_psa_alg_from_type(ctx->md_alg); status = psa_hash_compute(psa_algorithm, @@ -584,12 +568,6 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, if (status != PSA_SUCCESS) { return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } -#else - if ((ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c, - len, hash)) != 0) { - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg, diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 604c94c3e5..dd75d8f898 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -20,11 +20,9 @@ #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "psa_util_internal.h" #include "mbedtls/psa_util.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #include #include @@ -145,10 +143,8 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, size_t pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; mbedtls_pk_type_t pk_alg; -#if defined(MBEDTLS_USE_PSA_CRYPTO) size_t hash_len; psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(ctx->md_alg); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Write the CSR backwards starting from the end of buf */ c = buf + size; @@ -213,7 +209,6 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, * Sign the written CSR data into the sig buffer * Note: hash errors can happen only after an internal error */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (psa_hash_compute(hash_alg, c, len, @@ -222,12 +217,6 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, &hash_len) != PSA_SUCCESS) { return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } -#else /* MBEDTLS_USE_PSA_CRYPTO */ - ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c, len, hash); - if (ret != 0) { - return ret; - } -#endif if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0, sig, sig_size, &sig_len, f_rng, p_rng)) != 0) { From b18c8b957b25d547614a63d0c9275e8a9900d841 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 22 Jan 2025 12:09:14 +0100 Subject: [PATCH 0059/1548] Rm dead !USE_PSA code: SSL hooks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl_{ticket,cookie}.[ch] Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/ssl_cookie.h | 14 ---- include/mbedtls/ssl_ticket.h | 6 -- library/ssl_cookie.c | 128 ----------------------------------- library/ssl_ticket.c | 89 ------------------------ 4 files changed, 237 deletions(-) diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h index 71c258ea48..afeb07b0fd 100644 --- a/include/mbedtls/ssl_cookie.h +++ b/include/mbedtls/ssl_cookie.h @@ -15,11 +15,6 @@ #include "mbedtls/ssl.h" -#if !defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" -#endif -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ /** * \name SECTION: Module settings @@ -42,23 +37,14 @@ extern "C" { * \brief Context for the default cookie functions. */ typedef struct mbedtls_ssl_cookie_ctx { -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psa_hmac_key); /*!< key id for the HMAC portion */ psa_algorithm_t MBEDTLS_PRIVATE(psa_hmac_alg); /*!< key algorithm for the HMAC portion */ -#else - mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if !defined(MBEDTLS_HAVE_TIME) unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */ #endif unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME, or in number of tickets issued */ -#if !defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); -#endif -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ } mbedtls_ssl_cookie_ctx; /** diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index 2ee1400210..c05e6401f9 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -26,9 +26,7 @@ #include "mbedtls/platform_time.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" -#endif #if defined(MBEDTLS_THREADING_C) #include "mbedtls/threading.h" @@ -54,14 +52,10 @@ typedef struct mbedtls_ssl_ticket_key { * tickets created under that key. */ uint32_t MBEDTLS_PRIVATE(lifetime); -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */ -#else mbedtls_svc_key_id_t MBEDTLS_PRIVATE(key); /*!< key used for auth enc/decryption */ psa_algorithm_t MBEDTLS_PRIVATE(alg); /*!< algorithm of auth enc/decryption */ psa_key_type_t MBEDTLS_PRIVATE(key_type); /*!< key type */ size_t MBEDTLS_PRIVATE(key_bits); /*!< key length in bits */ -#endif } mbedtls_ssl_ticket_key; diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 0e374671ce..01b90e14b1 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -22,7 +22,6 @@ #include -#if defined(MBEDTLS_USE_PSA_CRYPTO) #include "mbedtls/psa_util.h" /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ @@ -33,7 +32,6 @@ static int local_err_translation(psa_status_t status) psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) -#endif /* * If DTLS is in use, then at least one of SHA-256 or SHA-384 is @@ -59,21 +57,12 @@ static int local_err_translation(psa_status_t status) void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) ctx->psa_hmac_key = MBEDTLS_SVC_KEY_ID_INIT; -#else - mbedtls_md_init(&ctx->hmac_ctx); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if !defined(MBEDTLS_HAVE_TIME) ctx->serial = 0; #endif ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT; -#if !defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init(&ctx->mutex); -#endif -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ } void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long delay) @@ -87,15 +76,7 @@ void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx) return; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(ctx->psa_hmac_key); -#else - mbedtls_md_free(&ctx->hmac_ctx); - -#if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free(&ctx->mutex); -#endif -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_cookie_ctx)); } @@ -104,7 +85,6 @@ int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_algorithm_t alg; @@ -130,57 +110,10 @@ int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, &ctx->psa_hmac_key)) != PSA_SUCCESS) { return PSA_TO_MBEDTLS_ERR(status); } -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char key[COOKIE_MD_OUTLEN]; - - if ((ret = f_rng(p_rng, key, sizeof(key))) != 0) { - return ret; - } - - ret = mbedtls_md_setup(&ctx->hmac_ctx, mbedtls_md_info_from_type(COOKIE_MD), 1); - if (ret != 0) { - return ret; - } - - ret = mbedtls_md_hmac_starts(&ctx->hmac_ctx, key, sizeof(key)); - if (ret != 0) { - return ret; - } - - mbedtls_platform_zeroize(key, sizeof(key)); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ return 0; } -#if !defined(MBEDTLS_USE_PSA_CRYPTO) -/* - * Generate the HMAC part of a cookie - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_cookie_hmac(mbedtls_md_context_t *hmac_ctx, - const unsigned char time[4], - unsigned char **p, unsigned char *end, - const unsigned char *cli_id, size_t cli_id_len) -{ - unsigned char hmac_out[COOKIE_MD_OUTLEN]; - - MBEDTLS_SSL_CHK_BUF_PTR(*p, end, COOKIE_HMAC_LEN); - - if (mbedtls_md_hmac_reset(hmac_ctx) != 0 || - mbedtls_md_hmac_update(hmac_ctx, time, 4) != 0 || - mbedtls_md_hmac_update(hmac_ctx, cli_id, cli_id_len) != 0 || - mbedtls_md_hmac_finish(hmac_ctx, hmac_out) != 0) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - memcpy(*p, hmac_out, COOKIE_HMAC_LEN); - *p += COOKIE_HMAC_LEN; - - return 0; -} -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ /* * Generate cookie for DTLS ClientHello verification @@ -189,11 +122,9 @@ int mbedtls_ssl_cookie_write(void *p_ctx, unsigned char **p, unsigned char *end, const unsigned char *cli_id, size_t cli_id_len) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t sign_mac_length = 0; -#endif int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx; unsigned long t; @@ -213,7 +144,6 @@ int mbedtls_ssl_cookie_write(void *p_ctx, MBEDTLS_PUT_UINT32_BE(t, *p, 0); *p += 4; -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_mac_sign_setup(&operation, ctx->psa_hmac_key, ctx->psa_hmac_alg); if (status != PSA_SUCCESS) { @@ -243,31 +173,12 @@ int mbedtls_ssl_cookie_write(void *p_ctx, *p += COOKIE_HMAC_LEN; ret = 0; -#else -#if defined(MBEDTLS_THREADING_C) - if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret); - } -#endif - - ret = ssl_cookie_hmac(&ctx->hmac_ctx, *p - 4, - p, end, cli_id, cli_id_len); - -#if defined(MBEDTLS_THREADING_C) - if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, - MBEDTLS_ERR_THREADING_MUTEX_ERROR); - } -#endif -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: status = psa_mac_abort(&operation); if (status != PSA_SUCCESS) { ret = PSA_TO_MBEDTLS_ERR(status); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ return ret; } @@ -278,13 +189,8 @@ int mbedtls_ssl_cookie_check(void *p_ctx, const unsigned char *cookie, size_t cookie_len, const unsigned char *cli_id, size_t cli_id_len) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#else - unsigned char ref_hmac[COOKIE_HMAC_LEN]; - unsigned char *p = ref_hmac; -#endif int ret = 0; mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx; unsigned long cur_time, cookie_time; @@ -297,7 +203,6 @@ int mbedtls_ssl_cookie_check(void *p_ctx, return -1; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_mac_verify_setup(&operation, ctx->psa_hmac_key, ctx->psa_hmac_alg); if (status != PSA_SUCCESS) { @@ -326,35 +231,6 @@ int mbedtls_ssl_cookie_check(void *p_ctx, } ret = 0; -#else -#if defined(MBEDTLS_THREADING_C) - if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret); - } -#endif - - if (ssl_cookie_hmac(&ctx->hmac_ctx, cookie, - &p, p + sizeof(ref_hmac), - cli_id, cli_id_len) != 0) { - ret = -1; - } - -#if defined(MBEDTLS_THREADING_C) - if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, - MBEDTLS_ERR_THREADING_MUTEX_ERROR); - } -#endif - - if (ret != 0) { - goto exit; - } - - if (mbedtls_ct_memcmp(cookie + 4, ref_hmac, sizeof(ref_hmac)) != 0) { - ret = -1; - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_HAVE_TIME) cur_time = (unsigned long) mbedtls_time(NULL); @@ -370,14 +246,10 @@ int mbedtls_ssl_cookie_check(void *p_ctx, } exit: -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_mac_abort(&operation); if (status != PSA_SUCCESS) { ret = PSA_TO_MBEDTLS_ERR(status); } -#else - mbedtls_platform_zeroize(ref_hmac, sizeof(ref_hmac)); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ return ret; } #endif /* MBEDTLS_SSL_COOKIE_C */ diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 615b37fd64..b770a8846b 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -17,7 +17,6 @@ #include -#if defined(MBEDTLS_USE_PSA_CRYPTO) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -27,7 +26,6 @@ static int local_err_translation(psa_status_t status) psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) -#endif /* * Initialize context @@ -67,9 +65,7 @@ static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx, unsigned char buf[MAX_KEY_BYTES] = { 0 }; mbedtls_ssl_ticket_key *key = ctx->keys + index; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; -#endif #if defined(MBEDTLS_HAVE_TIME) key->generation_time = mbedtls_time(NULL); @@ -87,7 +83,6 @@ static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx, return ret; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); psa_set_key_algorithm(&attributes, key->alg); @@ -98,12 +93,6 @@ static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx, psa_import_key(&attributes, buf, PSA_BITS_TO_BYTES(key->key_bits), &key->key)); -#else - /* With GCM and CCM, same context can encrypt & decrypt */ - ret = mbedtls_cipher_setkey(&key->ctx, buf, - mbedtls_cipher_get_key_bitlen(&key->ctx), - MBEDTLS_ENCRYPT); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_platform_zeroize(buf, sizeof(buf)); @@ -124,9 +113,7 @@ static int ssl_ticket_update_keys(mbedtls_ssl_ticket_context *ctx) mbedtls_time_t current_time = mbedtls_time(NULL); mbedtls_time_t key_time = key->generation_time; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#endif if (current_time >= key_time && (uint64_t) (current_time - key_time) < key->lifetime) { @@ -135,11 +122,9 @@ static int ssl_ticket_update_keys(mbedtls_ssl_ticket_context *ctx) ctx->active = 1 - ctx->active; -#if defined(MBEDTLS_USE_PSA_CRYPTO) if ((status = psa_destroy_key(ctx->keys[ctx->active].key)) != PSA_SUCCESS) { return PSA_TO_MBEDTLS_ERR(status); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ return ssl_ticket_gen_key(ctx, ctx->active); } else @@ -159,19 +144,14 @@ int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx, mbedtls_ssl_ticket_key * const key = ctx->keys + idx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const size_t bitlen = key->key_bits; -#else - const int bitlen = mbedtls_cipher_get_key_bitlen(&key->ctx); -#endif if (nlength < TICKET_KEY_NAME_BYTES || klength * 8 < (size_t) bitlen) { return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if ((status = psa_destroy_key(key->key)) != PSA_SUCCESS) { ret = PSA_TO_MBEDTLS_ERR(status); return ret; @@ -189,12 +169,6 @@ int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx, ret = PSA_TO_MBEDTLS_ERR(status); return ret; } -#else - ret = mbedtls_cipher_setkey(&key->ctx, k, bitlen, MBEDTLS_ENCRYPT); - if (ret != 0) { - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ ctx->active = idx; ctx->ticket_lifetime = lifetime; @@ -218,14 +192,9 @@ int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t key_bits; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg; psa_key_type_t key_type; -#else - const mbedtls_cipher_info_t *cipher_info; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (mbedtls_ssl_cipher_to_psa(cipher, TICKET_AUTH_TAG_BYTES, &alg, &key_type, &key_bits) != PSA_SUCCESS) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -234,17 +203,6 @@ int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, if (PSA_ALG_IS_AEAD(alg) == 0) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } -#else - cipher_info = mbedtls_cipher_info_from_type(cipher); - - if (mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_GCM && - mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_CCM && - mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_CHACHAPOLY) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - key_bits = mbedtls_cipher_info_get_key_bitlen(cipher_info); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (key_bits > 8 * MAX_KEY_BYTES) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -255,7 +213,6 @@ int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, ctx->ticket_lifetime = lifetime; -#if defined(MBEDTLS_USE_PSA_CRYPTO) ctx->keys[0].alg = alg; ctx->keys[0].key_type = key_type; ctx->keys[0].key_bits = key_bits; @@ -263,15 +220,6 @@ int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, ctx->keys[1].alg = alg; ctx->keys[1].key_type = key_type; ctx->keys[1].key_bits = key_bits; -#else - if ((ret = mbedtls_cipher_setup(&ctx->keys[0].ctx, cipher_info)) != 0) { - return ret; - } - - if ((ret = mbedtls_cipher_setup(&ctx->keys[1].ctx, cipher_info)) != 0) { - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if ((ret = ssl_ticket_gen_key(ctx, 0)) != 0 || (ret = ssl_ticket_gen_key(ctx, 1)) != 0) { @@ -311,9 +259,7 @@ int mbedtls_ssl_ticket_write(void *p_ticket, unsigned char *state = state_len_bytes + TICKET_CRYPT_LEN_BYTES; size_t clear_len, ciph_len; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#endif *tlen = 0; @@ -355,7 +301,6 @@ int mbedtls_ssl_ticket_write(void *p_ticket, MBEDTLS_PUT_UINT16_BE(clear_len, state_len_bytes, 0); /* Encrypt and authenticate */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) if ((status = psa_aead_encrypt(key->key, key->alg, iv, TICKET_IV_BYTES, key_name, TICKET_ADD_DATA_LEN, state, clear_len, @@ -364,17 +309,6 @@ int mbedtls_ssl_ticket_write(void *p_ticket, ret = PSA_TO_MBEDTLS_ERR(status); goto cleanup; } -#else - if ((ret = mbedtls_cipher_auth_encrypt_ext(&key->ctx, - iv, TICKET_IV_BYTES, - /* Additional data: key name, IV and length */ - key_name, TICKET_ADD_DATA_LEN, - state, clear_len, - state, (size_t) (end - state), &ciph_len, - TICKET_AUTH_TAG_BYTES)) != 0) { - goto cleanup; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (ciph_len != clear_len + TICKET_AUTH_TAG_BYTES) { ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; @@ -428,9 +362,7 @@ int mbedtls_ssl_ticket_parse(void *p_ticket, unsigned char *ticket = enc_len_p + TICKET_CRYPT_LEN_BYTES; size_t enc_len, clear_len; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#endif if (ctx == NULL || ctx->f_rng == NULL) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -466,7 +398,6 @@ int mbedtls_ssl_ticket_parse(void *p_ticket, } /* Decrypt and authenticate */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) if ((status = psa_aead_decrypt(key->key, key->alg, iv, TICKET_IV_BYTES, key_name, TICKET_ADD_DATA_LEN, ticket, enc_len + TICKET_AUTH_TAG_BYTES, @@ -474,21 +405,6 @@ int mbedtls_ssl_ticket_parse(void *p_ticket, ret = PSA_TO_MBEDTLS_ERR(status); goto cleanup; } -#else - if ((ret = mbedtls_cipher_auth_decrypt_ext(&key->ctx, - iv, TICKET_IV_BYTES, - /* Additional data: key name, IV and length */ - key_name, TICKET_ADD_DATA_LEN, - ticket, enc_len + TICKET_AUTH_TAG_BYTES, - ticket, enc_len, &clear_len, - TICKET_AUTH_TAG_BYTES)) != 0) { - if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) { - ret = MBEDTLS_ERR_SSL_INVALID_MAC; - } - - goto cleanup; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (clear_len != enc_len) { ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; @@ -537,13 +453,8 @@ void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx) return; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(ctx->keys[0].key); psa_destroy_key(ctx->keys[1].key); -#else - mbedtls_cipher_free(&ctx->keys[0].ctx); - mbedtls_cipher_free(&ctx->keys[1].ctx); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free(&ctx->mutex); From daeaa5194377fb4cb291cfa67287099b8c4f5ee5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 22 Jan 2025 12:35:20 +0100 Subject: [PATCH 0060/1548] Rm dead !USE_PSA code: SSL ciphersuites (part 1) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl_ciphersuites* Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_ciphersuites.c | 11 ----------- library/ssl_ciphersuites_internal.h | 2 -- 2 files changed, 13 deletions(-) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 8f41f2d4b0..be32fb6e27 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -16,9 +16,7 @@ #include "mbedtls/ssl_ciphersuites.h" #include "mbedtls/ssl.h" #include "ssl_misc.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) #include "mbedtls/psa_util.h" -#endif #include @@ -1543,7 +1541,6 @@ int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name) size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t key_type; psa_algorithm_t alg; @@ -1558,12 +1555,6 @@ size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersui } return key_bits; -#else - const mbedtls_cipher_info_t * const cipher_info = - mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) info->cipher); - - return mbedtls_cipher_info_get_key_bitlen(cipher_info); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #if defined(MBEDTLS_PK_C) @@ -1587,7 +1578,6 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphe } } -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { @@ -1628,7 +1618,6 @@ psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_c return 0; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info) { diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index 5c7e7f9b93..802318bc92 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -14,10 +14,8 @@ #if defined(MBEDTLS_PK_C) mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info); psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info); #endif /* MBEDTLS_PK_C */ From 873816129e50c0f5107db1afbf9b35c79f4cdad6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 22 Jan 2025 12:55:54 +0100 Subject: [PATCH 0061/1548] Rm dead !USE_PSA code: SSL ciphersuite (part 2) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Manual removal as unifdef doesn't handle non-trivial expressions. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/ssl_ciphersuites.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 17a0121738..6dfdd14053 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -365,8 +365,7 @@ typedef enum { * - by TLS 1.3 to do ECDHE or FFDHE. * The following macros can be used to guard their declaration and use. */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED) || \ From 11ae619e77bf10b50dbcd12861c3a343838d86a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 22 Jan 2025 13:01:52 +0100 Subject: [PATCH 0062/1548] Rm dead !USE_PSA code: SSL headers (part 1) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl*.h Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/ssl.h | 6 ---- library/ssl_misc.h | 73 ------------------------------------------- 2 files changed, 79 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 601094167c..35fc1ac1f2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1572,14 +1572,12 @@ struct mbedtls_ssl_config { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field * should only be set via * mbedtls_ssl_conf_psk_opaque(). * If either no PSK or a raw PSK have been * configured, this has value \c 0. */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field should * only be set via mbedtls_ssl_conf_psk(). * If either no PSK or an opaque PSK @@ -3628,7 +3626,6 @@ int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf, const unsigned char *psk, size_t psk_len, const unsigned char *psk_identity, size_t psk_identity_len); -#if defined(MBEDTLS_USE_PSA_CRYPTO) /** * \brief Configure one or more opaque pre-shared keys (PSKs) and * their identities to be used in PSK-based ciphersuites. @@ -3670,7 +3667,6 @@ int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf, mbedtls_svc_key_id_t psk, const unsigned char *psk_identity, size_t psk_identity_len); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /** * \brief Set the pre-shared Key (PSK) for the current handshake. @@ -3691,7 +3687,6 @@ int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf, int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl, const unsigned char *psk, size_t psk_len); -#if defined(MBEDTLS_USE_PSA_CRYPTO) /** * \brief Set an opaque pre-shared Key (PSK) for the current handshake. * @@ -3714,7 +3709,6 @@ int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl, */ int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl, mbedtls_svc_key_id_t psk); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_SRV_C) /** diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 9bdd104254..51236e3da3 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -18,10 +18,8 @@ #include "mbedtls/ssl.h" #include "mbedtls/cipher.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "psa/crypto.h" #include "psa_util_internal.h" -#endif #if defined(PSA_WANT_ALG_MD5) #include "mbedtls/md5.h" @@ -789,13 +787,9 @@ struct mbedtls_ssl_handshake_params { #endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_pake_operation_t psa_pake_ctx; /*!< EC J-PAKE key exchange */ mbedtls_svc_key_id_t psa_pake_password; uint8_t psa_pake_ctx_is_ok; -#else - mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_CLI_C) unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */ size_t ecjpake_cache_len; /*!< Length of cached data */ @@ -809,13 +803,8 @@ struct mbedtls_ssl_handshake_params { #endif #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t psk_opaque; /*!< Opaque PSK from the callback */ uint8_t psk_opaque_is_internal; -#else - unsigned char *psk; /*!< PSK from the callback */ - size_t psk_len; /*!< Length of PSK from callback */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ uint16_t selected_identity; #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ @@ -923,18 +912,10 @@ struct mbedtls_ssl_handshake_params { * Checksum contexts */ #if defined(PSA_WANT_ALG_SHA_256) -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_operation_t fin_sha256_psa; -#else - mbedtls_md_context_t fin_sha256; -#endif #endif #if defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_operation_t fin_sha384_psa; -#else - mbedtls_md_context_t fin_sha384; -#endif #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -1129,14 +1110,9 @@ struct mbedtls_ssl_transform { #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t psa_mac_enc; /*!< MAC (encryption) */ mbedtls_svc_key_id_t psa_mac_dec; /*!< MAC (decryption) */ psa_algorithm_t psa_mac_alg; /*!< psa MAC algorithm */ -#else - mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */ - mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) int encrypt_then_mac; /*!< flag for EtM activation */ @@ -1146,14 +1122,9 @@ struct mbedtls_ssl_transform { mbedtls_ssl_protocol_version tls_version; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t psa_key_enc; /*!< psa encryption key */ mbedtls_svc_key_id_t psa_key_dec; /*!< psa decryption key */ psa_algorithm_t psa_alg; /*!< psa algorithm */ -#else - mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ - mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) uint8_t in_cid_len; @@ -1499,11 +1470,6 @@ int mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl, size_t total_hs_len); #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -#if !defined(MBEDTLS_USE_PSA_CRYPTO) -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, - mbedtls_key_exchange_type_t key_ex); -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) @@ -1511,7 +1477,6 @@ int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_conf_has_static_psk(mbedtls_ssl_config const *conf); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) /** * Get the first defined opaque PSK by order of precedence: * 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in the PSK @@ -1532,31 +1497,6 @@ static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk( return MBEDTLS_SVC_KEY_ID_INIT; } -#else -/** - * Get the first defined PSK by order of precedence: - * 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback - * 2. static PSK configured by \c mbedtls_ssl_conf_psk() - * Return a code and update the pair (PSK, PSK length) passed to this function - */ -static inline int mbedtls_ssl_get_psk(const mbedtls_ssl_context *ssl, - const unsigned char **psk, size_t *psk_len) -{ - if (ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0) { - *psk = ssl->handshake->psk; - *psk_len = ssl->handshake->psk_len; - } else if (ssl->conf->psk != NULL && ssl->conf->psk_len > 0) { - *psk = ssl->conf->psk; - *psk_len = ssl->conf->psk_len; - } else { - *psk = NULL; - *psk_len = 0; - return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; - } - - return 0; -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ @@ -2603,7 +2543,6 @@ static inline int mbedtls_ssl_sig_alg_is_supported( } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) /* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL. * Same value is used for PSA_ALG_CATEGORY_CIPHER, hence it is * guaranteed to not be a valid PSA algorithm identifier. @@ -2664,7 +2603,6 @@ static inline MBEDTLS_DEPRECATED int psa_ssl_status_to_mbedtls(psa_status_t stat } } #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ defined(MBEDTLS_USE_PSA_CRYPTO) @@ -2969,7 +2907,6 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl); * \retval #MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED * The hardware accelerator failed. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int mbedtls_ct_hmac(mbedtls_svc_key_id_t key, psa_algorithm_t mac_alg, const unsigned char *add_data, @@ -2979,16 +2916,6 @@ int mbedtls_ct_hmac(mbedtls_svc_key_id_t key, size_t min_data_len, size_t max_data_len, unsigned char *output); -#else -int mbedtls_ct_hmac(mbedtls_md_context_t *ctx, - const unsigned char *add_data, - size_t add_data_len, - const unsigned char *data, - size_t data_len_secret, - size_t min_data_len, - size_t max_data_len, - unsigned char *output); -#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */ #endif /* MBEDTLS_TEST_HOOKS && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) */ #endif /* ssl_misc.h */ From 615914b5acc1f689387ec6855353ee637bbb3283 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 22 Jan 2025 13:03:55 +0100 Subject: [PATCH 0063/1548] Rm dead !USE_PSA code: SSL headers (part 2) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Expression that are too complex for unifdef - please review carefully :) Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_misc.h | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 51236e3da3..3d2fc01577 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -37,11 +37,6 @@ #include "mbedtls/sha512.h" #endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - !defined(MBEDTLS_USE_PSA_CRYPTO) -#include "mbedtls/ecjpake.h" -#endif - #include "mbedtls/pk.h" #include "ssl_ciphersuites_internal.h" #include "x509_internal.h" @@ -771,12 +766,6 @@ struct mbedtls_ssl_handshake_params { mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ #endif -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) - mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ -#endif /* !MBEDTLS_USE_PSA_CRYPTO && - MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) psa_key_type_t xxdh_psa_type; size_t xxdh_psa_bits; @@ -2604,8 +2593,7 @@ static inline MBEDTLS_DEPRECATED int psa_ssl_status_to_mbedtls(psa_status_t stat } #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) typedef enum { MBEDTLS_ECJPAKE_ROUND_ONE, @@ -2648,7 +2636,7 @@ int mbedtls_psa_ecjpake_write_round( size_t len, size_t *olen, mbedtls_ecjpake_rounds_t round); -#endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ /** * \brief TLS record protection modes From 48e0e3a356c453ad6b55927a407abd17f2971ae2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Jan 2025 09:42:54 +0100 Subject: [PATCH 0064/1548] Rm dead !USE_PSA code: check_config.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Manual, as most expressions were too complex for unifdef. Most of those were or had a part like "we need XXX or USE_PSA" (where XXX was Cipher or MD) and those are always satisfied now. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index abce71b71b..06613595b8 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -99,20 +99,12 @@ #error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ ( !defined(PSA_WANT_ALG_JPAKE) || \ !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \ !defined(PSA_WANT_ECC_SECP_R1_256) ) #error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" #endif -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - ( !defined(MBEDTLS_ECJPAKE_C) || \ - !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) ) -#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" -#endif -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Use of EC J-PAKE in TLS requires SHA-256. */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ @@ -209,11 +201,6 @@ #error "MBEDTLS_SSL_ASYNC_PRIVATE defined, but not all prerequisites" #endif -#if defined(MBEDTLS_SSL_TLS_C) && !(defined(MBEDTLS_CIPHER_C) || \ - defined(MBEDTLS_USE_PSA_CRYPTO)) -#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites" -#endif - /* TLS 1.2 and 1.3 require SHA-256 or SHA-384 (running handshake hash) */ #if defined(MBEDTLS_SSL_TLS_C) && \ !(defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384)) @@ -288,11 +275,6 @@ #error "MBEDTLS_SSL_RENEGOTIATION defined, but not all prerequisites" #endif -#if defined(MBEDTLS_SSL_TICKET_C) && ( !defined(MBEDTLS_CIPHER_C) && \ - !defined(MBEDTLS_USE_PSA_CRYPTO) ) -#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_SSL_TICKET_C) && \ !( defined(PSA_WANT_ALG_CCM) || defined(PSA_WANT_ALG_GCM) || \ defined(PSA_WANT_ALG_CHACHA20_POLY1305) ) @@ -315,15 +297,13 @@ #if defined(MBEDTLS_X509_USE_C) && \ (!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \ - !defined(MBEDTLS_PK_PARSE_C) || \ - ( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) ) + !defined(MBEDTLS_PK_PARSE_C)) #error "MBEDTLS_X509_USE_C defined, but not all prerequisites" #endif #if defined(MBEDTLS_X509_CREATE_C) && \ (!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \ - !defined(MBEDTLS_PK_PARSE_C) || \ - ( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) ) + !defined(MBEDTLS_PK_PARSE_C)) #error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites" #endif From 855f5bf24424bfef378e013efeb6bab567d15a18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Jan 2025 09:46:14 +0100 Subject: [PATCH 0065/1548] Rm dead !USE_PSA code: ssl_tls13_xxx (part 1) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls13*.c Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls13_keys.c | 55 -------------------------------------- library/ssl_tls13_server.c | 14 ---------- 2 files changed, 69 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 5128a41535..17f98ca979 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -925,23 +925,17 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_key_set const *traffic_keys, mbedtls_ssl_context *ssl /* DEBUG ONLY */) { -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - int ret; - mbedtls_cipher_info_t const *cipher_info; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ const mbedtls_ssl_ciphersuite_t *ciphersuite_info; unsigned char const *key_enc; unsigned char const *iv_enc; unsigned char const *key_dec; unsigned char const *iv_dec; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_type_t key_type; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg; size_t key_bits; psa_status_t status = PSA_SUCCESS; -#endif #if !defined(MBEDTLS_DEBUG_C) ssl = NULL; /* make sure we don't use it except for those cases */ @@ -955,29 +949,6 @@ int mbedtls_ssl_tls13_populate_transform( return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher); - if (cipher_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("cipher info for %u not found", - ciphersuite_info->cipher)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* - * Setup cipher contexts in target transform - */ - if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_enc, - cipher_info)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret); - return ret; - } - - if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_dec, - cipher_info)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_SRV_C) if (endpoint == MBEDTLS_SSL_IS_SERVER) { @@ -1003,21 +974,6 @@ int mbedtls_ssl_tls13_populate_transform( memcpy(transform->iv_enc, iv_enc, traffic_keys->iv_len); memcpy(transform->iv_dec, iv_dec, traffic_keys->iv_len); -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc, - key_enc, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), - MBEDTLS_ENCRYPT)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret); - return ret; - } - - if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec, - key_dec, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), - MBEDTLS_DECRYPT)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* * Setup other fields in SSL transform @@ -1041,7 +997,6 @@ int mbedtls_ssl_tls13_populate_transform( transform->minlen = transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY; -#if defined(MBEDTLS_USE_PSA_CRYPTO) /* * Setup psa keys and alg */ @@ -1082,7 +1037,6 @@ int mbedtls_ssl_tls13_populate_transform( return PSA_TO_MBEDTLS_ERR(status); } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ return 0; } @@ -1839,7 +1793,6 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, unsigned char **psk, size_t *psk_len) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -1869,14 +1822,6 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, return PSA_TO_MBEDTLS_ERR(status); } return 0; -#else - *psk = ssl->handshake->psk; - *psk_len = ssl->handshake->psk_len; - if (*psk == NULL) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - return 0; -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ } #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index ab27c94efc..7273eb9392 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -435,9 +435,7 @@ static int ssl_tls13_offered_psks_check_binder_match( psk, psk_len, psk_type, transcript, server_computed_binder); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_free((void *) psk); -#endif if (ret != 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("PSK binder calculation failed.")); return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; @@ -739,11 +737,7 @@ static int ssl_tls13_write_server_pre_shared_key_ext(mbedtls_ssl_context *ssl, *olen = 0; int not_using_psk = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)); -#else - not_using_psk = (ssl->handshake->psk == NULL); -#endif if (not_using_psk) { /* We shouldn't have called this extension writer unless we've * chosen to use a PSK. */ @@ -1078,7 +1072,6 @@ static int ssl_tls13_key_exchange_is_ephemeral_available(mbedtls_ssl_context *ss #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg(uint16_t sig_alg) { switch (sig_alg) { @@ -1104,7 +1097,6 @@ static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg(uint16_t sig_alg) return PSA_ALG_NONE; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* * Pick best ( private key, certificate chain ) pair based on the signature @@ -1139,9 +1131,7 @@ static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl) for (key_cert = key_cert_list; key_cert != NULL; key_cert = key_cert->next) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t psa_alg = PSA_ALG_NONE; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ MBEDTLS_SSL_DEBUG_CRT(3, "certificate (chain) candidate", key_cert->cert); @@ -1165,17 +1155,13 @@ static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl) "check signature algorithm %s [%04x]", mbedtls_ssl_sig_alg_to_str(*sig_alg), *sig_alg)); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_alg = ssl_tls13_iana_sig_alg_to_psa_alg(*sig_alg); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, &key_cert->cert->pk) -#if defined(MBEDTLS_USE_PSA_CRYPTO) && psa_alg != PSA_ALG_NONE && mbedtls_pk_can_do_ext(&key_cert->cert->pk, psa_alg, PSA_KEY_USAGE_SIGN_HASH) == 1 -#endif /* MBEDTLS_USE_PSA_CRYPTO */ ) { ssl->handshake->key_cert = key_cert; MBEDTLS_SSL_DEBUG_MSG(3, From 0b44a81f077f41ba77cb3a1c25e067ed5d8617df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Jan 2025 09:58:07 +0100 Subject: [PATCH 0066/1548] Rm dead !USE_PSA code: ssl_tls13*.c part 2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The one expression that was apparently too much for unifdef Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls13_keys.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 17f98ca979..a421a06de4 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1252,8 +1252,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_early(mbedtls_ssl_context *ssl) ret = mbedtls_ssl_tls13_evolve_secret(hash_alg, NULL, psk, psk_len, handshake->tls13_master_secrets.early); -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) mbedtls_free((void *) psk); #endif if (ret != 0) { From 58916768b7e5a039a6e87fc56609192978ab0f90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Jan 2025 10:48:45 +0100 Subject: [PATCH 0067/1548] Rm dead !USE_PSA code: ssl_tls12_server.c (part 1) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls12_server.c framework/scripts/code_style.py --fix library/ssl_tls12_server.c Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls12_server.c | 182 +------------------------------------ 1 file changed, 1 insertion(+), 181 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 86a8cb1850..3d912284fb 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -20,7 +20,6 @@ #include -#if defined(MBEDTLS_USE_PSA_CRYPTO) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \ @@ -33,7 +32,6 @@ static int local_err_translation(psa_status_t status) } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #endif -#endif #if defined(MBEDTLS_ECP_C) #include "mbedtls/ecp.h" @@ -88,11 +86,9 @@ static int ssl_conf_has_psk_or_cb(mbedtls_ssl_config const *conf) } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { return 1; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (conf->psk != NULL && conf->psk_len != 0) { return 1; @@ -292,17 +288,11 @@ static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if (ssl->handshake->psa_pake_ctx_is_ok != 1) -#else - if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - { + if (ssl->handshake->psa_pake_ctx_is_ok != 1) { MBEDTLS_SSL_DEBUG_MSG(3, ("skip ecjpake kkpp extension")); return 0; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if ((ret = mbedtls_psa_ecjpake_read_round( &ssl->handshake->psa_pake_ctx, buf, len, MBEDTLS_ECJPAKE_ROUND_ONE)) != 0) { @@ -317,15 +307,6 @@ static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl, return ret; } -#else - if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx, - buf, len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_one", ret); - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Only mark the extension as OK when we're sure it is */ ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK; @@ -687,15 +668,10 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info) { mbedtls_ssl_key_cert *cur, *list; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(ciphersuite_info); psa_key_usage_t pk_usage = mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(ciphersuite_info); -#else - mbedtls_pk_type_t pk_alg = - mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ uint32_t flags; #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) @@ -706,11 +682,7 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, list = ssl->conf->key_cert; int pk_alg_is_none = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) pk_alg_is_none = (pk_alg == PSA_ALG_NONE); -#else - pk_alg_is_none = (pk_alg == MBEDTLS_PK_NONE); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (pk_alg_is_none) { return 0; } @@ -728,7 +700,6 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, cur->cert); int key_type_matches = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) key_type_matches = ((ssl->conf->f_async_sign_start != NULL || ssl->conf->f_async_decrypt_start != NULL || @@ -738,9 +709,6 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, key_type_matches = ( mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage)); #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#else - key_type_matches = mbedtls_pk_can_do(&cur->cert->pk, pk_alg); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (!key_type_matches) { MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: key type")); continue; @@ -1948,7 +1916,6 @@ static void ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, MBEDTLS_PUT_UINT16_BE(MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0); p += 2; -#if defined(MBEDTLS_USE_PSA_CRYPTO) ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, p + 2, (size_t) (end - p - 2), &kkpp_len, MBEDTLS_ECJPAKE_ROUND_ONE); @@ -1958,15 +1925,6 @@ static void ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret); return; } -#else - ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx, - p + 2, (size_t) (end - p - 2), &kkpp_len, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_one", ret); - return; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ MBEDTLS_PUT_UINT16_BE(kkpp_len, p, 0); p += 2; @@ -2585,7 +2543,6 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) #if (defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)) -#if defined(MBEDTLS_USE_PSA_CRYPTO) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) { @@ -2732,33 +2689,6 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return ret; } -#else /* MBEDTLS_USE_PSA_CRYPTO */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - const mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl); - if (private_key == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no server private key")); - return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; - } - - if (!mbedtls_pk_can_do(private_key, MBEDTLS_PK_ECKEY)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("server key not ECDH capable")); - return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - - if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, - mbedtls_pk_ec_ro(*mbedtls_ssl_own_key(ssl)), - MBEDTLS_ECDH_OURS)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret); - return ret; - } - - return 0; -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ @@ -2831,7 +2761,6 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_USE_PSA_CRYPTO) unsigned char *out_p = ssl->out_msg + ssl->out_msglen; unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen; @@ -2868,21 +2797,6 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, output_offset += output_len; ssl->out_msglen += output_offset; -#else - size_t len = 0; - - ret = mbedtls_ecjpake_write_round_two( - &ssl->handshake->ecjpake_ctx, - ssl->out_msg + ssl->out_msglen, - MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, &len, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_two", ret); - return ret; - } - - ssl->out_msglen += len; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -2989,7 +2903,6 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(2, ("ECDHE curve: %s", mbedtls_ssl_get_curve_name_from_tls_id(*curr_tls_id))); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t key_attributes; mbedtls_ssl_handshake_params *handshake = ssl->handshake; @@ -3071,28 +2984,6 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, /* Determine full message length. */ len += header_size; -#else - mbedtls_ecp_group_id curr_grp_id = - mbedtls_ssl_get_ecp_group_id_from_tls_id(*curr_tls_id); - - if ((ret = mbedtls_ecdh_setup(&ssl->handshake->ecdh_ctx, - curr_grp_id)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecp_group_load", ret); - return ret; - } - - if ((ret = mbedtls_ecdh_make_params( - &ssl->handshake->ecdh_ctx, &len, - ssl->out_msg + ssl->out_msglen, - MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_params", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Q); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) dig_signed = ssl->out_msg + ssl->out_msglen; @@ -3723,7 +3614,6 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) size_t data_len = (size_t) (*p++); size_t buf_len = (size_t) (end - p); psa_status_t status = PSA_ERROR_GENERIC_ERROR; @@ -3784,28 +3674,6 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) } } handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; -#else - if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx, - p, (size_t) (end - p))) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_QP); - - if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, - &ssl->handshake->pmslen, - ssl->handshake->premaster, - MBEDTLS_MPI_MAX_SIZE, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Z); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || @@ -3823,19 +3691,10 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_DECODE_ERROR; } -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, - (mbedtls_key_exchange_type_t) ciphersuite_info-> - key_exchange)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); - return ret; - } -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ } else #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; size_t ecpoint_len; @@ -3917,28 +3776,6 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_PUT_UINT16_BE(zlen, psm, 0); psm += zlen_size + zlen; -#else /* MBEDTLS_USE_PSA_CRYPTO */ - if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); - return ret; - } - - if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx, - p, (size_t) (end - p))) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_QP); - - if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, - (mbedtls_key_exchange_type_t) ciphersuite_info-> - key_exchange)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) @@ -3951,7 +3788,6 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if ((ret = mbedtls_psa_ecjpake_read_round( &ssl->handshake->psa_pake_ctx, p, (size_t) (end - p), MBEDTLS_ECJPAKE_ROUND_TWO)) != 0) { @@ -3961,22 +3797,6 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_input round two", ret); return ret; } -#else - ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx, - p, (size_t) (end - p)); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx, - ssl->handshake->premaster, 32, &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_derive_secret", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } else #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ { From df5e1b6864a562857fed2d9744b470761ed63a8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Jan 2025 10:51:01 +0100 Subject: [PATCH 0068/1548] Rm dead !USE_PSA code: ssl_tls12_server.c (part 2) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Manual. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls12_server.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 3d912284fb..acb73b554b 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -257,15 +257,6 @@ static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl, while (list_size > 0) { if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || p[0] == MBEDTLS_ECP_PF_COMPRESSED) { -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) - ssl->handshake->ecdh_ctx.point_format = p[0]; -#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */ -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx, - p[0]); -#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ MBEDTLS_SSL_DEBUG_MSG(4, ("point format selected: %d", p[0])); return 0; } From 1a3959c84e20e5a72d60da82c2887adbc4d45544 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Jan 2025 10:55:53 +0100 Subject: [PATCH 0069/1548] Rm dead !USE_PSA code: ssl_msg.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_msg.c Took care of everything in this file Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_msg.c | 305 ---------------------------------------------- 1 file changed, 305 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 7000e93e53..97c4866b15 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -26,16 +26,13 @@ #include -#if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa_util_internal.h" #include "psa/crypto.h" -#endif #if defined(MBEDTLS_X509_CRT_PARSE_C) #include "mbedtls/oid.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -45,11 +42,9 @@ static int local_err_translation(psa_status_t status) psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) -#endif #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(PSA_WANT_ALG_SHA_384) #define MAX_HASH_BLOCK_LENGTH PSA_HASH_BLOCK_LENGTH(PSA_ALG_SHA_384) @@ -179,99 +174,6 @@ int mbedtls_ct_hmac(mbedtls_svc_key_id_t key, #undef MAX_HASH_BLOCK_LENGTH -#else -MBEDTLS_STATIC_TESTABLE -int mbedtls_ct_hmac(mbedtls_md_context_t *ctx, - const unsigned char *add_data, - size_t add_data_len, - const unsigned char *data, - size_t data_len_secret, - size_t min_data_len, - size_t max_data_len, - unsigned char *output) -{ - /* - * This function breaks the HMAC abstraction and uses the md_clone() - * extension to the MD API in order to get constant-flow behaviour. - * - * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means - * concatenation, and okey/ikey are the XOR of the key with some fixed bit - * patterns (see RFC 2104, sec. 2), which are stored in ctx->hmac_ctx. - * - * We'll first compute inner_hash = HASH(ikey + msg) by hashing up to - * minlen, then cloning the context, and for each byte up to maxlen - * finishing up the hash computation, keeping only the correct result. - * - * Then we only need to compute HASH(okey + inner_hash) and we're done. - */ - const mbedtls_md_type_t md_alg = mbedtls_md_get_type(ctx->md_info); - /* TLS 1.2 only supports SHA-384, SHA-256, SHA-1, MD-5, - * all of which have the same block size except SHA-384. */ - const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64; - const unsigned char * const ikey = ctx->hmac_ctx; - const unsigned char * const okey = ikey + block_size; - const size_t hash_size = mbedtls_md_get_size(ctx->md_info); - - unsigned char aux_out[MBEDTLS_MD_MAX_SIZE]; - mbedtls_md_context_t aux; - size_t offset; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_md_init(&aux); - -#define MD_CHK(func_call) \ - do { \ - ret = (func_call); \ - if (ret != 0) \ - goto cleanup; \ - } while (0) - - MD_CHK(mbedtls_md_setup(&aux, ctx->md_info, 0)); - - /* After hmac_start() of hmac_reset(), ikey has already been hashed, - * so we can start directly with the message */ - MD_CHK(mbedtls_md_update(ctx, add_data, add_data_len)); - MD_CHK(mbedtls_md_update(ctx, data, min_data_len)); - - /* Fill the hash buffer in advance with something that is - * not a valid hash (barring an attack on the hash and - * deliberately-crafted input), in case the caller doesn't - * check the return status properly. */ - memset(output, '!', hash_size); - - /* For each possible length, compute the hash up to that point */ - for (offset = min_data_len; offset <= max_data_len; offset++) { - MD_CHK(mbedtls_md_clone(&aux, ctx)); - MD_CHK(mbedtls_md_finish(&aux, aux_out)); - /* Keep only the correct inner_hash in the output buffer */ - mbedtls_ct_memcpy_if(mbedtls_ct_uint_eq(offset, data_len_secret), - output, aux_out, NULL, hash_size); - - if (offset < max_data_len) { - MD_CHK(mbedtls_md_update(ctx, data + offset, 1)); - } - } - - /* The context needs to finish() before it starts() again */ - MD_CHK(mbedtls_md_finish(ctx, aux_out)); - - /* Now compute HASH(okey + inner_hash) */ - MD_CHK(mbedtls_md_starts(ctx)); - MD_CHK(mbedtls_md_update(ctx, okey, block_size)); - MD_CHK(mbedtls_md_update(ctx, output, hash_size)); - MD_CHK(mbedtls_md_finish(ctx, output)); - - /* Done, get ready for next time */ - MD_CHK(mbedtls_md_hmac_reset(ctx)); - -#undef MD_CHK - -cleanup: - mbedtls_md_free(&aux); - return ret; -} - -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ @@ -1039,17 +941,14 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) unsigned char mac[MBEDTLS_SSL_MAC_ADD]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t sign_mac_length = 0; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ ssl_extract_add_data_from_record(add_data, &add_data_len, rec, transform->tls_version, transform->taglen); -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_mac_sign_setup(&operation, transform->psa_mac_enc, transform->psa_mac_alg); if (status != PSA_SUCCESS) { @@ -1071,25 +970,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, if (status != PSA_SUCCESS) { goto hmac_failed_etm_disabled; } -#else - ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, add_data, - add_data_len); - if (ret != 0) { - goto hmac_failed_etm_disabled; - } - ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, data, rec->data_len); - if (ret != 0) { - goto hmac_failed_etm_disabled; - } - ret = mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac); - if (ret != 0) { - goto hmac_failed_etm_disabled; - } - ret = mbedtls_md_hmac_reset(&transform->md_ctx_enc); - if (ret != 0) { - goto hmac_failed_etm_disabled; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ memcpy(data + rec->data_len, mac, transform->maclen); #endif @@ -1103,13 +983,11 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, hmac_failed_etm_disabled: mbedtls_platform_zeroize(mac, transform->maclen); -#if defined(MBEDTLS_USE_PSA_CRYPTO) ret = PSA_TO_MBEDTLS_ERR(status); status = psa_mac_abort(&operation); if (ret == 0 && status != PSA_SUCCESS) { ret = PSA_TO_MBEDTLS_ERR(status); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_hmac_xxx", ret); return ret; @@ -1138,9 +1016,7 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, size_t dynamic_iv_len; int dynamic_iv_is_explicit = ssl_transform_aead_dynamic_iv_is_explicit(transform); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Check that there's space for the authentication tag. */ @@ -1192,7 +1068,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, /* * Encrypt and authenticate */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_aead_encrypt(transform->psa_key_enc, transform->psa_alg, iv, transform->ivlen, @@ -1206,18 +1081,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_encrypt_buf", ret); return ret; } -#else - if ((ret = mbedtls_cipher_auth_encrypt_ext(&transform->cipher_ctx_enc, - iv, transform->ivlen, - add_data, add_data_len, - data, rec->data_len, /* src */ - data, rec->buf_len - (size_t) (data - rec->buf), /* dst */ - &rec->data_len, - transform->taglen)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_encrypt_ext", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ MBEDTLS_SSL_DEBUG_BUF(4, "after encrypt: tag", data + rec->data_len - transform->taglen, @@ -1248,11 +1111,9 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t padlen, i; size_t olen; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t part_len; psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Currently we're always using minimal padding * (up to 255 bytes would be allowed). */ @@ -1307,7 +1168,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, rec->data_len, transform->ivlen, padlen + 1)); -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_cipher_encrypt_setup(&cipher_op, transform->psa_key_enc, transform->psa_alg); @@ -1349,16 +1209,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, } olen += part_len; -#else - if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_enc, - transform->iv_enc, - transform->ivlen, - data, rec->data_len, - data, &olen)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (rec->data_len != olen) { MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); @@ -1372,10 +1222,8 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) if (auth_done == 0) { unsigned char mac[MBEDTLS_SSL_MAC_ADD]; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; size_t sign_mac_length = 0; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* MAC(MAC_write_key, add_data, IV, ENC(content + padding + padding_length)) */ @@ -1392,7 +1240,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(3, ("using encrypt then mac")); MBEDTLS_SSL_DEBUG_BUF(4, "MAC'd meta-data", add_data, add_data_len); -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_mac_sign_setup(&operation, transform->psa_mac_enc, transform->psa_mac_alg); if (status != PSA_SUCCESS) { @@ -1414,27 +1261,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, if (status != PSA_SUCCESS) { goto hmac_failed_etm_enabled; } -#else - - ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, add_data, - add_data_len); - if (ret != 0) { - goto hmac_failed_etm_enabled; - } - ret = mbedtls_md_hmac_update(&transform->md_ctx_enc, - data, rec->data_len); - if (ret != 0) { - goto hmac_failed_etm_enabled; - } - ret = mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac); - if (ret != 0) { - goto hmac_failed_etm_enabled; - } - ret = mbedtls_md_hmac_reset(&transform->md_ctx_enc); - if (ret != 0) { - goto hmac_failed_etm_enabled; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ memcpy(data + rec->data_len, mac, transform->maclen); @@ -1444,13 +1270,11 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, hmac_failed_etm_enabled: mbedtls_platform_zeroize(mac, transform->maclen); -#if defined(MBEDTLS_USE_PSA_CRYPTO) ret = PSA_TO_MBEDTLS_ERR(status); status = psa_mac_abort(&operation); if (ret == 0 && status != PSA_SUCCESS) { ret = PSA_TO_MBEDTLS_ERR(status); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "HMAC calculation failed", ret); return ret; @@ -1547,9 +1371,7 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, unsigned char iv[12]; unsigned char *dynamic_iv; size_t dynamic_iv_len; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* * Extract dynamic part of nonce for AEAD decryption. @@ -1619,7 +1441,6 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, /* * Decrypt and authenticate */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_aead_decrypt(transform->psa_key_dec, transform->psa_alg, iv, transform->ivlen, @@ -1633,23 +1454,6 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, MBEDTLS_SSL_DEBUG_RET(1, "psa_aead_decrypt", ret); return ret; } -#else - if ((ret = mbedtls_cipher_auth_decrypt_ext - (&transform->cipher_ctx_dec, - iv, transform->ivlen, - add_data, add_data_len, - data, rec->data_len + transform->taglen, /* src */ - data, rec->buf_len - (size_t) (data - rec->buf), &olen, /* dst */ - transform->taglen)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_decrypt_ext", ret); - - if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) { - return MBEDTLS_ERR_SSL_INVALID_MAC; - } - - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ auth_done++; @@ -1664,11 +1468,9 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, if (ssl_mode == MBEDTLS_SSL_MODE_CBC || ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { size_t minlen = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t part_len; psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* * Check immediate ciphertext sanity @@ -1716,11 +1518,7 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) if (ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; -#else - unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD]; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ MBEDTLS_SSL_DEBUG_MSG(3, ("using encrypt then mac")); @@ -1742,7 +1540,6 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, /* Calculate expected MAC. */ MBEDTLS_SSL_DEBUG_BUF(4, "MAC'd meta-data", add_data, add_data_len); -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_mac_verify_setup(&operation, transform->psa_mac_dec, transform->psa_mac_alg); if (status != PSA_SUCCESS) { @@ -1765,51 +1562,14 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, if (status != PSA_SUCCESS) { goto hmac_failed_etm_enabled; } -#else - ret = mbedtls_md_hmac_update(&transform->md_ctx_dec, add_data, - add_data_len); - if (ret != 0) { - goto hmac_failed_etm_enabled; - } - ret = mbedtls_md_hmac_update(&transform->md_ctx_dec, - data, rec->data_len); - if (ret != 0) { - goto hmac_failed_etm_enabled; - } - ret = mbedtls_md_hmac_finish(&transform->md_ctx_dec, mac_expect); - if (ret != 0) { - goto hmac_failed_etm_enabled; - } - ret = mbedtls_md_hmac_reset(&transform->md_ctx_dec); - if (ret != 0) { - goto hmac_failed_etm_enabled; - } - - MBEDTLS_SSL_DEBUG_BUF(4, "message mac", data + rec->data_len, - transform->maclen); - MBEDTLS_SSL_DEBUG_BUF(4, "expected mac", mac_expect, - transform->maclen); - - /* Compare expected MAC with MAC at the end of the record. */ - if (mbedtls_ct_memcmp(data + rec->data_len, mac_expect, - transform->maclen) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("message mac does not match")); - ret = MBEDTLS_ERR_SSL_INVALID_MAC; - goto hmac_failed_etm_enabled; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ auth_done++; hmac_failed_etm_enabled: -#if defined(MBEDTLS_USE_PSA_CRYPTO) ret = PSA_TO_MBEDTLS_ERR(status); status = psa_mac_abort(&operation); if (ret == 0 && status != PSA_SUCCESS) { ret = PSA_TO_MBEDTLS_ERR(status); } -#else - mbedtls_platform_zeroize(mac_expect, transform->maclen); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (ret != 0) { if (ret != MBEDTLS_ERR_SSL_INVALID_MAC) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_hmac_xxx", ret); @@ -1847,7 +1607,6 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, /* We still have data_len % ivlen == 0 and data_len >= ivlen here. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_cipher_decrypt_setup(&cipher_op, transform->psa_key_dec, transform->psa_alg); @@ -1886,15 +1645,6 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, } olen += part_len; -#else - - if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_dec, - transform->iv_dec, transform->ivlen, - data, rec->data_len, data, &olen)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Double-check that length hasn't changed during decryption. */ if (rec->data_len != olen) { @@ -2036,18 +1786,11 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, const size_t max_len = rec->data_len + padlen; const size_t min_len = (max_len > 256) ? max_len - 256 : 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) ret = mbedtls_ct_hmac(transform->psa_mac_dec, transform->psa_mac_alg, add_data, add_data_len, data, rec->data_len, min_len, max_len, mac_expect); -#else - ret = mbedtls_ct_hmac(&transform->md_ctx_dec, - add_data, add_data_len, - data, rec->data_len, min_len, max_len, - mac_expect); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ct_hmac", ret); goto hmac_failed_etm_disabled; @@ -5440,10 +5183,8 @@ int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl) size_t transform_expansion = 0; const mbedtls_ssl_transform *transform = ssl->transform_out; unsigned block_size; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ size_t out_hdr_len = mbedtls_ssl_out_hdr_len(ssl); @@ -5452,7 +5193,6 @@ int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl) } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (transform->psa_alg == PSA_ALG_GCM || transform->psa_alg == PSA_ALG_CCM || transform->psa_alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 8) || @@ -5483,41 +5223,6 @@ int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl) ("Unsupported psa_alg spotted in mbedtls_ssl_get_record_expansion()")); return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } -#else - switch (mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc)) { - case MBEDTLS_MODE_GCM: - case MBEDTLS_MODE_CCM: - case MBEDTLS_MODE_CHACHAPOLY: - case MBEDTLS_MODE_STREAM: - transform_expansion = transform->minlen; - break; - - case MBEDTLS_MODE_CBC: - - block_size = mbedtls_cipher_get_block_size( - &transform->cipher_ctx_enc); - - /* Expansion due to the addition of the MAC. */ - transform_expansion += transform->maclen; - - /* Expansion due to the addition of CBC padding; - * Theoretically up to 256 bytes, but we never use - * more than the block size of the underlying cipher. */ - transform_expansion += block_size; - - /* For TLS 1.2 or higher, an explicit IV is added - * after the record header. */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - transform_expansion += block_size; -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - break; - - default: - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if (transform->out_cid_len != 0) { @@ -6202,22 +5907,12 @@ void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform) return; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(transform->psa_key_enc); psa_destroy_key(transform->psa_key_dec); -#else - mbedtls_cipher_free(&transform->cipher_ctx_enc); - mbedtls_cipher_free(&transform->cipher_ctx_dec); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(transform->psa_mac_enc); psa_destroy_key(transform->psa_mac_dec); -#else - mbedtls_md_free(&transform->md_ctx_enc); - mbedtls_md_free(&transform->md_ctx_dec); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif mbedtls_platform_zeroize(transform, sizeof(mbedtls_ssl_transform)); From 88800ddcc634e46892b1d550e7e4ce88a1cda8f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Jan 2025 11:01:35 +0100 Subject: [PATCH 0070/1548] Rm dead !USE_PSA code: ssl_tls.c (part 1) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls.c framework/scripts/code_style.py --fix library/ssl_tls.c Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 689 +--------------------------------------------- 1 file changed, 1 insertion(+), 688 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 56fdb1ef48..82ff2ccb52 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -27,18 +27,15 @@ #include -#if defined(MBEDTLS_USE_PSA_CRYPTO) #include "mbedtls/psa_util.h" #include "md_psa.h" #include "psa_util_internal.h" #include "psa/crypto.h" -#endif #if defined(MBEDTLS_X509_CRT_PARSE_C) #include "mbedtls/oid.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) /* Define local translating functions to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) @@ -48,7 +45,6 @@ static int local_err_translation(psa_status_t status) psa_generic_status_to_mbedtls); } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) -#endif #if defined(MBEDTLS_TEST_HOOKS) static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args; @@ -831,16 +827,11 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) { #if defined(PSA_WANT_ALG_SHA_256) || \ defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#endif #else /* SHA-256 or SHA-384 */ ((void) ssl); #endif /* SHA-256 or SHA-384 */ #if defined(PSA_WANT_ALG_SHA_256) -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_abort(&ssl->handshake->fin_sha256_psa); if (status != PSA_SUCCESS) { return mbedtls_md_error_from_psa(status); @@ -849,23 +840,8 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) if (status != PSA_SUCCESS) { return mbedtls_md_error_from_psa(status); } -#else - mbedtls_md_free(&ssl->handshake->fin_sha256); - mbedtls_md_init(&ssl->handshake->fin_sha256); - ret = mbedtls_md_setup(&ssl->handshake->fin_sha256, - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - 0); - if (ret != 0) { - return ret; - } - ret = mbedtls_md_starts(&ssl->handshake->fin_sha256); - if (ret != 0) { - return ret; - } -#endif #endif #if defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_abort(&ssl->handshake->fin_sha384_psa); if (status != PSA_SUCCESS) { return mbedtls_md_error_from_psa(status); @@ -874,19 +850,6 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) if (status != PSA_SUCCESS) { return mbedtls_md_error_from_psa(status); } -#else - mbedtls_md_free(&ssl->handshake->fin_sha384); - mbedtls_md_init(&ssl->handshake->fin_sha384); - ret = mbedtls_md_setup(&ssl->handshake->fin_sha384, - mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); - if (ret != 0) { - return ret; - } - ret = mbedtls_md_starts(&ssl->handshake->fin_sha384); - if (ret != 0) { - return ret; - } -#endif #endif return 0; } @@ -896,41 +859,23 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, { #if defined(PSA_WANT_ALG_SHA_256) || \ defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#endif #else /* SHA-256 or SHA-384 */ ((void) ssl); (void) buf; (void) len; #endif /* SHA-256 or SHA-384 */ #if defined(PSA_WANT_ALG_SHA_256) -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len); if (status != PSA_SUCCESS) { return mbedtls_md_error_from_psa(status); } -#else - ret = mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len); - if (ret != 0) { - return ret; - } -#endif #endif #if defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len); if (status != PSA_SUCCESS) { return mbedtls_md_error_from_psa(status); } -#else - ret = mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len); - if (ret != 0) { - return ret; - } -#endif #endif return 0; } @@ -939,12 +884,8 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) return mbedtls_md_error_from_psa(psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len)); -#else - return mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len); -#endif } #endif @@ -952,12 +893,8 @@ static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) return mbedtls_md_error_from_psa(psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len)); -#else - return mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len); -#endif } #endif @@ -966,18 +903,10 @@ static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake) memset(handshake, 0, sizeof(mbedtls_ssl_handshake_params)); #if defined(PSA_WANT_ALG_SHA_256) -#if defined(MBEDTLS_USE_PSA_CRYPTO) handshake->fin_sha256_psa = psa_hash_operation_init(); -#else - mbedtls_md_init(&handshake->fin_sha256); -#endif #endif #if defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_USE_PSA_CRYPTO) handshake->fin_sha384_psa = psa_hash_operation_init(); -#else - mbedtls_md_init(&handshake->fin_sha384); -#endif #endif handshake->update_checksum = ssl_update_checksum_start; @@ -990,12 +919,8 @@ static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake) mbedtls_ecdh_init(&handshake->ecdh_ctx); #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) handshake->psa_pake_ctx = psa_pake_operation_init(); handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT; -#else - mbedtls_ecjpake_init(&handshake->ecjpake_ctx); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_CLI_C) handshake->ecjpake_cache = NULL; handshake->ecjpake_cache_len = 0; @@ -1020,22 +945,12 @@ void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform) { memset(transform, 0, sizeof(mbedtls_ssl_transform)); -#if defined(MBEDTLS_USE_PSA_CRYPTO) transform->psa_key_enc = MBEDTLS_SVC_KEY_ID_INIT; transform->psa_key_dec = MBEDTLS_SVC_KEY_ID_INIT; -#else - mbedtls_cipher_init(&transform->cipher_ctx_enc); - mbedtls_cipher_init(&transform->cipher_ctx_dec); -#endif #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) -#if defined(MBEDTLS_USE_PSA_CRYPTO) transform->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT; transform->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT; -#else - mbedtls_md_init(&transform->md_ctx_enc); - mbedtls_md_init(&transform->md_ctx_dec); -#endif #endif } @@ -1903,7 +1818,6 @@ void mbedtls_ssl_set_verify(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; @@ -2019,35 +1933,6 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque(mbedtls_ssl_context *ssl, return 0; } -#else /* MBEDTLS_USE_PSA_CRYPTO */ -int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl, - const unsigned char *pw, - size_t pw_len) -{ - mbedtls_ecjpake_role role; - - if (ssl->handshake == NULL || ssl->conf == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* Empty password is not valid */ - if ((pw == NULL) || (pw_len == 0)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - role = MBEDTLS_ECJPAKE_SERVER; - } else { - role = MBEDTLS_ECJPAKE_CLIENT; - } - - return mbedtls_ecjpake_setup(&ssl->handshake->ecjpake_ctx, - role, - MBEDTLS_MD_SHA256, - MBEDTLS_ECP_DP_SECP256R1, - pw, pw_len); -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) @@ -2058,11 +1943,9 @@ int mbedtls_ssl_conf_has_static_psk(mbedtls_ssl_config const *conf) return 0; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { return 1; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (conf->psk != NULL && conf->psk_len != 0) { return 1; @@ -2074,13 +1957,11 @@ int mbedtls_ssl_conf_has_static_psk(mbedtls_ssl_config const *conf) static void ssl_conf_remove_psk(mbedtls_ssl_config *conf) { /* Remove reference to existing PSK, if any. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { /* The maintenance of the PSK key slot is the * user's responsibility. */ conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (conf->psk != NULL) { mbedtls_zeroize_and_free(conf->psk, conf->psk_len); conf->psk = NULL; @@ -2162,7 +2043,6 @@ int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf, static void ssl_remove_psk(mbedtls_ssl_context *ssl) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { /* The maintenance of the external PSK key slot is the * user's responsibility. */ @@ -2172,25 +2052,15 @@ static void ssl_remove_psk(mbedtls_ssl_context *ssl) } ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; } -#else - if (ssl->handshake->psk != NULL) { - mbedtls_zeroize_and_free(ssl->handshake->psk, - ssl->handshake->psk_len); - ssl->handshake->psk_len = 0; - ssl->handshake->psk = NULL; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl, const unsigned char *psk, size_t psk_len) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_attributes_t key_attributes = psa_key_attributes_init(); psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_algorithm_t alg = PSA_ALG_NONE; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (psk == NULL || ssl->handshake == NULL) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -2202,7 +2072,6 @@ int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl, ssl_remove_psk(ssl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) { @@ -2233,19 +2102,8 @@ int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl, /* Allow calling psa_destroy_key() on psk remove */ ssl->handshake->psk_opaque_is_internal = 1; return mbedtls_ssl_set_hs_psk_opaque(ssl, key); -#else - if ((ssl->handshake->psk = mbedtls_calloc(1, psk_len)) == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - ssl->handshake->psk_len = psk_len; - memcpy(ssl->handshake->psk, psk, ssl->handshake->psk_len); - - return 0; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } -#if defined(MBEDTLS_USE_PSA_CRYPTO) int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf, mbedtls_svc_key_id_t psk, const unsigned char *psk_identity, @@ -2286,7 +2144,6 @@ int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl, ssl->handshake->psk_opaque = psk; return 0; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_SRV_C) void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, @@ -2301,7 +2158,6 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode( psa_algorithm_t alg) { @@ -2316,30 +2172,6 @@ static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode( return MBEDTLS_SSL_MODE_STREAM; } -#else /* MBEDTLS_USE_PSA_CRYPTO */ - -static mbedtls_ssl_mode_t mbedtls_ssl_get_base_mode( - mbedtls_cipher_mode_t mode) -{ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if (mode == MBEDTLS_MODE_CBC) { - return MBEDTLS_SSL_MODE_CBC; - } -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ - -#if defined(MBEDTLS_GCM_C) || \ - defined(MBEDTLS_CCM_C) || \ - defined(MBEDTLS_CHACHAPOLY_C) - if (mode == MBEDTLS_MODE_GCM || - mode == MBEDTLS_MODE_CCM || - mode == MBEDTLS_MODE_CHACHAPOLY) { - return MBEDTLS_SSL_MODE_AEAD; - } -#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ - - return MBEDTLS_SSL_MODE_STREAM; -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ static mbedtls_ssl_mode_t mbedtls_ssl_get_actual_mode( mbedtls_ssl_mode_t base_mode, @@ -2360,11 +2192,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform( const mbedtls_ssl_transform *transform) { mbedtls_ssl_mode_t base_mode = mbedtls_ssl_get_base_mode( -#if defined(MBEDTLS_USE_PSA_CRYPTO) transform->psa_alg -#else - mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc) -#endif ); int encrypt_then_mac = 0; @@ -2382,7 +2210,6 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( { mbedtls_ssl_mode_t base_mode = MBEDTLS_SSL_MODE_STREAM; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; psa_algorithm_t alg; psa_key_type_t type; @@ -2392,15 +2219,6 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( if (status == PSA_SUCCESS) { base_mode = mbedtls_ssl_get_base_mode(alg); } -#else - const mbedtls_cipher_info_t *cipher = - mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) suite->cipher); - if (cipher != NULL) { - base_mode = - mbedtls_ssl_get_base_mode( - mbedtls_cipher_info_get_mode(cipher)); - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if !defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) int encrypt_then_mac = 0; @@ -2408,7 +2226,6 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( return mbedtls_ssl_get_actual_mode(base_mode, encrypt_then_mac); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) const mbedtls_error_pair_t psa_to_ssl_errors[] = { @@ -2617,7 +2434,6 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type return PSA_SUCCESS; } -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf, @@ -4719,18 +4535,10 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(PSA_WANT_ALG_SHA_256) -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort(&handshake->fin_sha256_psa); -#else - mbedtls_md_free(&handshake->fin_sha256); -#endif #endif #if defined(PSA_WANT_ALG_SHA_384) -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort(&handshake->fin_sha384_psa); -#else - mbedtls_md_free(&handshake->fin_sha384); -#endif #endif #if defined(MBEDTLS_DHM_C) @@ -4742,7 +4550,6 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_pake_abort(&handshake->psa_pake_ctx); /* * Opaque keys are not stored in the handshake's data and it's the user @@ -4753,9 +4560,6 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) psa_destroy_key(handshake->psa_pake_password); } handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT; -#else - mbedtls_ecjpake_free(&handshake->ecjpake_ctx); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_CLI_C) mbedtls_free(handshake->ecjpake_cache); handshake->ecjpake_cache = NULL; @@ -4771,7 +4575,6 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #endif #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (!mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { /* The maintenance of the external PSK key slot is the * user's responsibility. */ @@ -4781,11 +4584,6 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) } ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; } -#else - if (handshake->psk != NULL) { - mbedtls_zeroize_and_free(handshake->psk, handshake->psk_len); - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ @@ -5967,11 +5765,9 @@ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf) #endif #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (conf->psk != NULL) { mbedtls_zeroize_and_free(conf->psk, conf->psk_len); conf->psk = NULL; @@ -6272,7 +6068,6 @@ const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id) } #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl, const mbedtls_md_type_t md, unsigned char *dst, @@ -6319,116 +6114,6 @@ int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl, #endif return PSA_TO_MBEDTLS_ERR(status); } -#else /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(PSA_WANT_ALG_SHA_384) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl, - unsigned char *dst, - size_t dst_len, - size_t *olen) -{ - int ret; - mbedtls_md_context_t sha384; - - if (dst_len < 48) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - mbedtls_md_init(&sha384); - ret = mbedtls_md_setup(&sha384, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_clone(&sha384, &ssl->handshake->fin_sha384); - if (ret != 0) { - goto exit; - } - - if ((ret = mbedtls_md_finish(&sha384, dst)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret); - goto exit; - } - - *olen = 48; - -exit: - - mbedtls_md_free(&sha384); - return ret; -} -#endif /* PSA_WANT_ALG_SHA_384 */ - -#if defined(PSA_WANT_ALG_SHA_256) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_handshake_transcript_sha256(mbedtls_ssl_context *ssl, - unsigned char *dst, - size_t dst_len, - size_t *olen) -{ - int ret; - mbedtls_md_context_t sha256; - - if (dst_len < 32) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - mbedtls_md_init(&sha256); - ret = mbedtls_md_setup(&sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256); - if (ret != 0) { - goto exit; - } - - if ((ret = mbedtls_md_finish(&sha256, dst)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret); - goto exit; - } - - *olen = 32; - -exit: - - mbedtls_md_free(&sha256); - return ret; -} -#endif /* PSA_WANT_ALG_SHA_256 */ - -int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl, - const mbedtls_md_type_t md, - unsigned char *dst, - size_t dst_len, - size_t *olen) -{ - switch (md) { - -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_MD_SHA384: - return ssl_get_handshake_transcript_sha384(ssl, dst, dst_len, olen); -#endif /* PSA_WANT_ALG_SHA_384*/ - -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_MD_SHA256: - return ssl_get_handshake_transcript_sha256(ssl, dst, dst_len, olen); -#endif /* PSA_WANT_ALG_SHA_256*/ - - default: -#if !defined(PSA_WANT_ALG_SHA_384) && \ - !defined(PSA_WANT_ALG_SHA_256) - (void) ssl; - (void) dst; - (void) dst_len; - (void) olen; -#endif - break; - } - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; -} - -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) /* mbedtls_ssl_parse_sig_alg_ext() @@ -6537,7 +6222,6 @@ int mbedtls_ssl_parse_sig_alg_ext(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_USE_PSA_CRYPTO) static psa_status_t setup_psa_key_derivation(psa_key_derivation_operation_t *derivation, mbedtls_svc_key_id_t key, @@ -6680,116 +6364,6 @@ static int tls_prf_generic(mbedtls_md_type_t md_type, return 0; } #endif /* PSA_WANT_ALG_SHA_256 || PSA_WANT_ALG_SHA_384 */ -#else /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_MD_C) && \ - (defined(PSA_WANT_ALG_SHA_256) || \ - defined(PSA_WANT_ALG_SHA_384)) -MBEDTLS_CHECK_RETURN_CRITICAL -static int tls_prf_generic(mbedtls_md_type_t md_type, - const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen) -{ - size_t nb; - size_t i, j, k, md_len; - unsigned char *tmp; - size_t tmp_len = 0; - unsigned char h_i[MBEDTLS_MD_MAX_SIZE]; - const mbedtls_md_info_t *md_info; - mbedtls_md_context_t md_ctx; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_md_init(&md_ctx); - - if ((md_info = mbedtls_md_info_from_type(md_type)) == NULL) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - md_len = mbedtls_md_get_size(md_info); - - tmp_len = md_len + strlen(label) + rlen; - tmp = mbedtls_calloc(1, tmp_len); - if (tmp == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; - } - - nb = strlen(label); - memcpy(tmp + md_len, label, nb); - memcpy(tmp + md_len + nb, random, rlen); - nb += rlen; - - /* - * Compute P_(secret, label + random)[0..dlen] - */ - if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) { - goto exit; - } - - ret = mbedtls_md_hmac_starts(&md_ctx, secret, slen); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_hmac_update(&md_ctx, tmp + md_len, nb); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_hmac_finish(&md_ctx, tmp); - if (ret != 0) { - goto exit; - } - - for (i = 0; i < dlen; i += md_len) { - ret = mbedtls_md_hmac_reset(&md_ctx); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_hmac_update(&md_ctx, tmp, md_len + nb); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_hmac_finish(&md_ctx, h_i); - if (ret != 0) { - goto exit; - } - - ret = mbedtls_md_hmac_reset(&md_ctx); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_hmac_update(&md_ctx, tmp, md_len); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_hmac_finish(&md_ctx, tmp); - if (ret != 0) { - goto exit; - } - - k = (i + md_len > dlen) ? dlen % md_len : md_len; - - for (j = 0; j < k; j++) { - dstbuf[i + j] = h_i[j]; - } - } - -exit: - mbedtls_md_free(&md_ctx); - - if (tmp != NULL) { - mbedtls_platform_zeroize(tmp, tmp_len); - } - - mbedtls_platform_zeroize(h_i, sizeof(h_i)); - - mbedtls_free(tmp); - - return ret; -} -#endif /* MBEDTLS_MD_C && ( PSA_WANT_ALG_SHA_256 || PSA_WANT_ALG_SHA_384 ) */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(PSA_WANT_ALG_SHA_256) MBEDTLS_CHECK_RETURN_CRITICAL @@ -7139,7 +6713,6 @@ int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md) return 0; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) static int ssl_calc_verify_tls_psa(const mbedtls_ssl_context *ssl, const psa_hash_operation_t *hs_op, size_t buffer_size, @@ -7170,59 +6743,14 @@ static int ssl_calc_verify_tls_psa(const mbedtls_ssl_context *ssl, psa_hash_abort(&cloned_op); return mbedtls_md_error_from_psa(status); } -#else -static int ssl_calc_verify_tls_legacy(const mbedtls_ssl_context *ssl, - const mbedtls_md_context_t *hs_ctx, - unsigned char *hash, - size_t *hlen) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_context_t cloned_ctx; - - mbedtls_md_init(&cloned_ctx); - -#if !defined(MBEDTLS_DEBUG_C) - (void) ssl; -#endif - MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify")); - - ret = mbedtls_md_setup(&cloned_ctx, mbedtls_md_info_from_ctx(hs_ctx), 0); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_clone(&cloned_ctx, hs_ctx); - if (ret != 0) { - goto exit; - } - - ret = mbedtls_md_finish(&cloned_ctx, hash); - if (ret != 0) { - goto exit; - } - - *hlen = mbedtls_md_get_size(mbedtls_md_info_from_ctx(hs_ctx)); - - MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen); - MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); - -exit: - mbedtls_md_free(&cloned_ctx); - return ret; -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(PSA_WANT_ALG_SHA_256) int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl, unsigned char *hash, size_t *hlen) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha256_psa, 32, hash, hlen); -#else - return ssl_calc_verify_tls_legacy(ssl, &ssl->handshake->fin_sha256, - hash, hlen); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #endif /* PSA_WANT_ALG_SHA_256 */ @@ -7231,13 +6759,8 @@ int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl, unsigned char *hash, size_t *hlen) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha384_psa, 48, hash, hlen); -#else - return ssl_calc_verify_tls_legacy(ssl, &ssl->handshake->fin_sha384, - hash, hlen); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #endif /* PSA_WANT_ALG_SHA_384 */ @@ -7953,17 +7476,10 @@ static int ssl_calc_finished_tls_generic(mbedtls_ssl_context *ssl, void *ctx, { unsigned int len = 12; const char *sender; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; psa_hash_operation_t *hs_op = ctx; psa_hash_operation_t cloned_op = PSA_HASH_OPERATION_INIT; size_t hash_size; -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_context_t *hs_ctx = ctx; - mbedtls_md_context_t cloned_ctx; - mbedtls_md_init(&cloned_ctx); -#endif mbedtls_ssl_session *session = ssl->session_negotiate; if (!session) { @@ -7974,7 +7490,6 @@ static int ssl_calc_finished_tls_generic(mbedtls_ssl_context *ssl, void *ctx, ? "client finished" : "server finished"; -#if defined(MBEDTLS_USE_PSA_CRYPTO) MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls")); status = psa_hash_clone(hs_op, &cloned_op); @@ -7987,23 +7502,6 @@ static int ssl_calc_finished_tls_generic(mbedtls_ssl_context *ssl, void *ctx, goto exit; } MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, hlen); -#else - MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls")); - - ret = mbedtls_md_setup(&cloned_ctx, mbedtls_md_info_from_ctx(hs_ctx), 0); - if (ret != 0) { - goto exit; - } - ret = mbedtls_md_clone(&cloned_ctx, hs_ctx); - if (ret != 0) { - goto exit; - } - - ret = mbedtls_md_finish(&cloned_ctx, padbuf); - if (ret != 0) { - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ MBEDTLS_SSL_DEBUG_BUF(4, "finished output", padbuf, hlen); @@ -8022,13 +7520,8 @@ static int ssl_calc_finished_tls_generic(mbedtls_ssl_context *ssl, void *ctx, MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished")); exit: -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort(&cloned_op); return mbedtls_md_error_from_psa(status); -#else - mbedtls_md_free(&cloned_ctx); - return ret; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #if defined(PSA_WANT_ALG_SHA_256) @@ -8037,11 +7530,7 @@ static int ssl_calc_finished_tls_sha256( { unsigned char padbuf[32]; return ssl_calc_finished_tls_generic(ssl, -#if defined(MBEDTLS_USE_PSA_CRYPTO) &ssl->handshake->fin_sha256_psa, -#else - &ssl->handshake->fin_sha256, -#endif padbuf, sizeof(padbuf), buf, from); } @@ -8054,11 +7543,7 @@ static int ssl_calc_finished_tls_sha384( { unsigned char padbuf[48]; return ssl_calc_finished_tls_generic(ssl, -#if defined(MBEDTLS_USE_PSA_CRYPTO) &ssl->handshake->fin_sha384_psa, -#else - &ssl->handshake->fin_sha384, -#endif padbuf, sizeof(padbuf), buf, from); } @@ -8436,19 +7921,13 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, size_t keylen; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; mbedtls_ssl_mode_t ssl_mode; -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - const mbedtls_cipher_info_t *cipher_info; - const mbedtls_md_info_t *md_info; -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_type_t key_type; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg; psa_algorithm_t mac_alg = 0; size_t key_bits; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#endif /* * Some data just needs copying into the structure @@ -8491,7 +7970,6 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if ((status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher, transform->taglen, &alg, @@ -8501,30 +7979,13 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", ret); goto end; } -#else - cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) ciphersuite_info->cipher); - if (cipher_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("cipher info for %u not found", - ciphersuite_info->cipher)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) mac_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac); if (mac_alg == 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md_psa_alg_from_type for %u not found", (unsigned) ciphersuite_info->mac)); return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } -#else - md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) ciphersuite_info->mac); - if (md_info == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md info for %u not found", - (unsigned) ciphersuite_info->mac)); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* Copy own and peer's CID if the use of the CID @@ -8564,11 +8025,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, * Determine the appropriate key, IV and MAC length. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) keylen = PSA_BITS_TO_BYTES(key_bits); -#else - keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8; -#endif #if defined(MBEDTLS_SSL_HAVE_AEAD) if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) { @@ -8588,12 +8045,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, transform->ivlen = 12; int is_chachapoly = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) is_chachapoly = (key_type == PSA_KEY_TYPE_CHACHA20); -#else - is_chachapoly = (mbedtls_cipher_info_get_mode(cipher_info) - == MBEDTLS_MODE_CHACHAPOLY); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (is_chachapoly) { transform->fixed_ivlen = 12; @@ -8610,34 +8062,14 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, if (ssl_mode == MBEDTLS_SSL_MODE_STREAM || ssl_mode == MBEDTLS_SSL_MODE_CBC || ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) size_t block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type); -#else - size_t block_size = mbedtls_cipher_info_get_block_size(cipher_info); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) /* Get MAC length */ mac_key_len = PSA_HASH_LENGTH(mac_alg); -#else - /* Initialize HMAC contexts */ - if ((ret = mbedtls_md_setup(&transform->md_ctx_enc, md_info, 1)) != 0 || - (ret = mbedtls_md_setup(&transform->md_ctx_dec, md_info, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_setup", ret); - goto end; - } - - /* Get MAC length */ - mac_key_len = mbedtls_md_get_size(md_info); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ transform->maclen = mac_key_len; /* IV length */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) transform->ivlen = PSA_CIPHER_IV_LENGTH(key_type, alg); -#else - transform->ivlen = mbedtls_cipher_info_get_iv_size(cipher_info); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Minimum length */ if (ssl_mode == MBEDTLS_SSL_MODE_STREAM) { @@ -8730,7 +8162,6 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, tls_prf_get_type(tls_prf)); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) transform->psa_alg = alg; if (alg != MBEDTLS_SSL_NULL_CIPHER) { @@ -8759,55 +8190,11 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, goto end; } } -#else - if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_enc, - cipher_info)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret); - goto end; - } - - if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_dec, - cipher_info)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret); - goto end; - } - - if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc, key1, - (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), - MBEDTLS_ENCRYPT)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret); - goto end; - } - - if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec, key2, - (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), - MBEDTLS_DECRYPT)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret); - goto end; - } - -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if (mbedtls_cipher_info_get_mode(cipher_info) == MBEDTLS_MODE_CBC) { - if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_enc, - MBEDTLS_PADDING_NONE)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_set_padding_mode", ret); - goto end; - } - - if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_dec, - MBEDTLS_PADDING_NONE)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_set_padding_mode", ret); - goto end; - } - } -#endif /* MBEDTLS_CIPHER_MODE_CBC */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) /* For HMAC-based ciphersuites, initialize the HMAC transforms. For AEAD-based ciphersuites, there is nothing to do here. */ if (mac_key_len != 0) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) transform->psa_mac_alg = PSA_ALG_HMAC(mac_alg); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); @@ -8842,16 +8229,6 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret); goto end; } -#else - ret = mbedtls_md_hmac_starts(&transform->md_ctx_enc, mac_enc, mac_key_len); - if (ret != 0) { - goto end; - } - ret = mbedtls_md_hmac_starts(&transform->md_ctx_dec, mac_dec, mac_key_len); - if (ret != 0) { - goto end; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ @@ -8950,7 +8327,6 @@ int mbedtls_psa_ecjpake_write_round( } #endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO -#if defined(MBEDTLS_USE_PSA_CRYPTO) int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, unsigned char *hash, size_t *hashlen, unsigned char *data, size_t data_len, @@ -9005,61 +8381,6 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, return 0; } -#else - -int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, - unsigned char *hash, size_t *hashlen, - unsigned char *data, size_t data_len, - mbedtls_md_type_t md_alg) -{ - int ret = 0; - mbedtls_md_context_t ctx; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg); - *hashlen = mbedtls_md_get_size(md_info); - - MBEDTLS_SSL_DEBUG_MSG(3, ("Perform mbedtls-based computation of digest of ServerKeyExchange")); - - mbedtls_md_init(&ctx); - - /* - * digitally-signed struct { - * opaque client_random[32]; - * opaque server_random[32]; - * ServerDHParams params; - * }; - */ - if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_setup", ret); - goto exit; - } - if ((ret = mbedtls_md_starts(&ctx)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_starts", ret); - goto exit; - } - if ((ret = mbedtls_md_update(&ctx, ssl->handshake->randbytes, 64)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_update", ret); - goto exit; - } - if ((ret = mbedtls_md_update(&ctx, data, data_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_update", ret); - goto exit; - } - if ((ret = mbedtls_md_finish(&ctx, hash)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret); - goto exit; - } - -exit: - mbedtls_md_free(&ctx); - - if (ret != 0) { - mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - } - - return ret; -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) @@ -9090,7 +8411,6 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( } if (sig_alg == sig_alg_received) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (ssl->handshake->key_cert && ssl->handshake->key_cert->key) { psa_algorithm_t psa_hash_alg = mbedtls_md_psa_alg_from_type(md_alg); @@ -9110,7 +8430,6 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( continue; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ return hash_alg_received; } @@ -9142,14 +8461,8 @@ int mbedtls_ssl_validate_ciphersuite( #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && - ssl->handshake->psa_pake_ctx_is_ok != 1) -#else - if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && - mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - { + ssl->handshake->psa_pake_ctx_is_ok != 1) { return -1; } #endif From 07a1edd590370495251e51917abeff7af6eb2ba7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Jan 2025 11:04:48 +0100 Subject: [PATCH 0071/1548] Rm dead !USE_PSA code: ssl_tls.c (part 2) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Manually handle more complex expressions. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 110 +++------------------------------------------- 1 file changed, 5 insertions(+), 105 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 82ff2ccb52..81a0d60967 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -914,10 +914,6 @@ static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake) #if defined(MBEDTLS_DHM_C) mbedtls_dhm_init(&handshake->dhm_ctx); #endif -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) - mbedtls_ecdh_init(&handshake->ecdh_ctx); -#endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) handshake->psa_pake_ctx = psa_pake_operation_init(); handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT; @@ -4544,10 +4540,6 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_DHM_C) mbedtls_dhm_free(&handshake->dhm_ctx); #endif -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) - mbedtls_ecdh_free(&handshake->ecdh_ctx); -#endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) psa_pake_abort(&handshake->psa_pake_ctx); @@ -6474,8 +6466,7 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, #if !defined(MBEDTLS_DEBUG_C) && \ !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \ - !(defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)) + !defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ssl = NULL; /* make sure we don't use it except for those cases */ (void) ssl; #endif @@ -6499,8 +6490,7 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, } #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) if (mbedtls_ssl_ciphersuite_uses_psk(handshake->ciphersuite_info) == 1) { /* Perform PSK-to-MS expansion in a single step. */ psa_status_t status; @@ -6563,8 +6553,7 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, } else #endif { -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { psa_status_t status; psa_algorithm_t alg = PSA_ALG_TLS12_ECJPAKE_TO_PMS; @@ -6764,94 +6753,6 @@ int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl, } #endif /* PSA_WANT_ALG_SHA_384 */ -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex) -{ - unsigned char *p = ssl->handshake->premaster; - unsigned char *end = p + sizeof(ssl->handshake->premaster); - const unsigned char *psk = NULL; - size_t psk_len = 0; - int psk_ret = mbedtls_ssl_get_psk(ssl, &psk, &psk_len); - - if (psk_ret == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED) { - /* - * This should never happen because the existence of a PSK is always - * checked before calling this function. - */ - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* - * PMS = struct { - * opaque other_secret<0..2^16-1>; - * opaque psk<0..2^16-1>; - * }; - * with "other_secret" depending on the particular key exchange - */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if (key_ex == MBEDTLS_KEY_EXCHANGE_PSK) { - if (end - p < 2) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - MBEDTLS_PUT_UINT16_BE(psk_len, p, 0); - p += 2; - - if (end < p || (size_t) (end - p) < psk_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - memset(p, 0, psk_len); - p += psk_len; - } else -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if (key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t zlen; - - if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, &zlen, - p + 2, (size_t) (end - (p + 2)), - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret); - return ret; - } - - MBEDTLS_PUT_UINT16_BE(zlen, p, 0); - p += 2 + zlen; - - MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Z); - } else -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ - { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - /* opaque psk<0..2^16-1>; */ - if (end - p < 2) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - MBEDTLS_PUT_UINT16_BE(psk_len, p, 0); - p += 2; - - if (end < p || (size_t) (end - p) < psk_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - memcpy(p, psk, psk_len); - p += psk_len; - - ssl->handshake->pmslen = (size_t) (p - ssl->handshake->premaster); - - return 0; -} -#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_hello_request(mbedtls_ssl_context *ssl); @@ -8240,8 +8141,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, return ret; } -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) int mbedtls_psa_ecjpake_read_round( psa_pake_operation_t *pake_ctx, const unsigned char *buf, @@ -8325,7 +8225,7 @@ int mbedtls_psa_ecjpake_write_round( return 0; } -#endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, unsigned char *hash, size_t *hashlen, From 8fcfcf947c100d2b354610958e0c343db45ae717 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Jan 2025 11:08:36 +0100 Subject: [PATCH 0072/1548] Appease unifdef MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I was going to describe those changes as temporary, to be undone after applying unifdef, but it turns out they're both in dead code, so there will be nothing to undo after unifdef has run. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls12_client.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 63f4240f21..9241b4a0ff 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1810,11 +1810,7 @@ static int ssl_check_server_ecdh_params(const mbedtls_ssl_context *ssl) return 0; } -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECDH*_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ @@ -1853,9 +1849,7 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, return ret; } -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || \ - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || \ - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_*_ENABLED */ #endif /* !MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL From fef408976f1cfe7299a31cfce34f6e734aac9d0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Jan 2025 11:21:19 +0100 Subject: [PATCH 0073/1548] Rm dead !USE_PSA code: ssl_tls12_client (part 1) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls12_client.c Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls12_client.c | 228 ------------------------------------- 1 file changed, 228 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 9241b4a0ff..a15daf0abc 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -17,7 +17,6 @@ #include "mbedtls/error.h" #include "mbedtls/constant_time.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa_util_internal.h" #include "psa/crypto.h" #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) @@ -31,7 +30,6 @@ static int local_err_translation(psa_status_t status) } #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #include @@ -136,15 +134,9 @@ static int ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, *olen = 0; /* Skip costly extension if we can't use EC J-PAKE anyway */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (ssl->handshake->psa_pake_ctx_is_ok != 1) { return 0; } -#else - if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) { - return 0; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding ecjpake_kkpp extension")); @@ -163,7 +155,6 @@ static int ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, ssl->handshake->ecjpake_cache_len == 0) { MBEDTLS_SSL_DEBUG_MSG(3, ("generating new ecjpake parameters")); -#if defined(MBEDTLS_USE_PSA_CRYPTO) ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, p + 2, end - p - 2, &kkpp_len, MBEDTLS_ECJPAKE_ROUND_ONE); @@ -173,16 +164,6 @@ static int ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret); return ret; } -#else - ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx, - p + 2, end - p - 2, &kkpp_len, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "mbedtls_ecjpake_write_round_one", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ ssl->handshake->ecjpake_cache = mbedtls_calloc(1, kkpp_len); if (ssl->handshake->ecjpake_cache == NULL) { @@ -873,7 +854,6 @@ static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl, ssl->handshake->ecjpake_cache = NULL; ssl->handshake->ecjpake_cache_len = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) if ((ret = mbedtls_psa_ecjpake_read_round( &ssl->handshake->psa_pake_ctx, buf, len, MBEDTLS_ECJPAKE_ROUND_ONE)) != 0) { @@ -889,19 +869,6 @@ static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl, } return 0; -#else - if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx, - buf, len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_one", ret); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return ret; - } - - return 0; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -1700,7 +1667,6 @@ static int ssl_parse_server_dh_params(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) @@ -1774,83 +1740,6 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ -#else -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_server_ecdh_params(const mbedtls_ssl_context *ssl) -{ - uint16_t tls_id; - mbedtls_ecp_group_id grp_id; -#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - grp_id = ssl->handshake->ecdh_ctx.grp.id; -#else - grp_id = ssl->handshake->ecdh_ctx.grp_id; -#endif - - tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); - if (tls_id == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH curve: %s", - mbedtls_ssl_get_curve_name_from_tls_id(tls_id))); - - if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { - return -1; - } - - MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_QP); - - return 0; -} - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH*_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - - /* - * Ephemeral ECDH parameters: - * - * struct { - * ECParameters curve_params; - * ECPoint public; - * } ServerECDHParams; - */ - if ((ret = mbedtls_ecdh_read_params(&ssl->handshake->ecdh_ctx, - (const unsigned char **) p, end)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_read_params"), ret); -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; - } -#endif - return ret; - } - - if (ssl_check_server_ecdh_params(ssl) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("bad server key exchange message (ECDHE curve)")); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_*_ENABLED */ -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl, @@ -1999,7 +1888,6 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) const mbedtls_ecp_keypair *peer_key = mbedtls_pk_ec_ro(*peer_pk); #endif /* !defined(MBEDTLS_PK_USE_PSA_EC_DATA) */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) uint16_t tls_id = 0; psa_key_type_t key_type = PSA_KEY_TYPE_NONE; mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(peer_pk); @@ -2041,18 +1929,6 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) } ssl->handshake->xxdh_psa_peerkey_len = olen; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ -#else /* MBEDTLS_USE_PSA_CRYPTO */ - if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key, - MBEDTLS_ECDH_THEIRS)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret); - return ret; - } - - if (ssl_check_server_ecdh_params(ssl) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)")); - return MBEDTLS_ERR_SSL_BAD_CERTIFICATE; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* We don't need the peer's public key anymore. Free it, * so that more RAM is available for upcoming expensive @@ -2212,7 +2088,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) /* * The first 3 bytes are: * [0] MBEDTLS_ECP_TLS_NAMED_CURVE @@ -2249,18 +2124,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } -#else - ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx, - p, end - p); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } else #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ { @@ -2733,7 +2596,6 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t key_attributes; @@ -2805,67 +2667,6 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) if (status != PSA_SUCCESS || destruction_status != PSA_SUCCESS) { return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } -#else - /* - * ECDH key exchange -- send client public value - */ - header_len = 4; - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled) { - if (ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret) { - goto ecdh_calc_secret; - } - - mbedtls_ecdh_enable_restart(&ssl->handshake->ecdh_ctx); - } -#endif - - ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx, - &content_len, - &ssl->out_msg[header_len], 1000, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_public", ret); -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; - } -#endif - return ret; - } - - MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Q); - -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ssl->handshake->ecrs_enabled) { - ssl->handshake->ecrs_n = content_len; - ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret; - } - -ecdh_calc_secret: - if (ssl->handshake->ecrs_enabled) { - content_len = ssl->handshake->ecrs_n; - } -#endif - if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, - &ssl->handshake->pmslen, - ssl->handshake->premaster, - MBEDTLS_MPI_MAX_SIZE, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret); -#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { - ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; - } -#endif - return ret; - } - - MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Z); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || @@ -3056,15 +2857,6 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, - (mbedtls_key_exchange_type_t) ciphersuite_info-> - key_exchange)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, - "mbedtls_ssl_psk_derive_premaster", ret); - return ret; - } -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ } else #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) @@ -3080,7 +2872,6 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { header_len = 4; -#if defined(MBEDTLS_USE_PSA_CRYPTO) unsigned char *out_p = ssl->out_msg + header_len; unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN - header_len; @@ -3093,25 +2884,6 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_RET(1, "psa_pake_output", ret); return ret; } -#else - ret = mbedtls_ecjpake_write_round_two(&ssl->handshake->ecjpake_ctx, - ssl->out_msg + header_len, - MBEDTLS_SSL_OUT_CONTENT_LEN - header_len, - &content_len, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_two", ret); - return ret; - } - - ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx, - ssl->handshake->premaster, 32, &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_derive_secret", ret); - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } else #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ { From c7403edad804205a0022c46e505be2dac5933de5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Jan 2025 11:24:18 +0100 Subject: [PATCH 0074/1548] Rm dead !USE_PSA code: ssl_tls12_client (part 2) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Manually handle unifdef leftovers Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls12_client.c | 35 ++--------------------------------- 1 file changed, 2 insertions(+), 33 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index a15daf0abc..1b1f85e419 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -809,15 +809,6 @@ static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl, while (list_size > 0) { if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || p[0] == MBEDTLS_ECP_PF_COMPRESSED) { -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) - ssl->handshake->ecdh_ctx.point_format = p[0]; -#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */ -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx, - p[0]); -#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ MBEDTLS_SSL_DEBUG_MSG(4, ("point format selected: %d", p[0])); return 0; } @@ -2672,8 +2663,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; @@ -2796,8 +2786,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_PUT_UINT16_BE(zlen, pms, 0); pms += zlen_size + zlen; } else -#endif /* MBEDTLS_USE_PSA_CRYPTO && - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) if (mbedtls_ssl_ciphersuite_uses_psk(ciphersuite_info)) { /* @@ -2832,26 +2821,6 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) content_len = 0; } else #endif -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { - /* - * ClientECDiffieHellmanPublic public; - */ - ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx, - &content_len, - &ssl->out_msg[header_len], - MBEDTLS_SSL_OUT_CONTENT_LEN - header_len, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_public", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Q); - } else -#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ { MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); return MBEDTLS_ERR_SSL_INTERNAL_ERROR; From 28905b76fa2391fd3d4bb04e0e5bf740bbb936de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Jan 2025 11:43:15 +0100 Subject: [PATCH 0075/1548] Remove mention of USE_PSA_CRYPTO in documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This was the last occurrence found by: git grep -c 'MBEDTLS_USE_PSA_CRYPTO' library include Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/mbedtls_config.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 57bc67338a..be38c6d71c 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -867,8 +867,7 @@ * Module: library/ssl_ticket.c * Caller: * - * Requires: (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) && - * (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C) + * Requires: MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ #define MBEDTLS_SSL_TICKET_C From 53fe26c5adc616beebb2f8c7eb478ace5f0b72d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 Jan 2025 09:38:29 +0100 Subject: [PATCH 0076/1548] Update a function's doxygen MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There was two versions of this function with different arguments. Update the documentation to match the signature of the function we kept. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_misc.h | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 3d2fc01577..2085e2d822 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2867,12 +2867,9 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl); * max_data_len. In particular, this function always reads exactly \p * max_data_len bytes from \p data. * - * \param ctx The HMAC context. It must have keys configured - * with mbedtls_md_hmac_starts() and use one of the - * following hashes: SHA-384, SHA-256, SHA-1 or MD-5. - * It is reset using mbedtls_md_hmac_reset() after - * the computation is complete to prepare for the - * next computation. + * \param key The HMAC key. + * \param mac_alg The hash algorithm. + * Must be one of SHA-384, SHA-256, SHA-1 or MD-5. * \param add_data The first part of the message whose HMAC is being * calculated. This must point to a readable buffer * of \p add_data_len bytes. From 072c98eb756aa2b5564eaeef577ebd7af8b9df1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 29 Jan 2025 10:40:15 +0100 Subject: [PATCH 0077/1548] Remove empty #if #endif block MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_misc.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 2085e2d822..8c2ad47b3a 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1458,9 +1458,6 @@ int mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl, unsigned hs_type, size_t total_hs_len); -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) #if defined(MBEDTLS_SSL_CLI_C) || defined(MBEDTLS_SSL_SRV_C) MBEDTLS_CHECK_RETURN_CRITICAL From 0c29cf87b19cc7545a0719ab91582e5149e0ec0b Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 29 Jan 2025 08:18:43 +0000 Subject: [PATCH 0078/1548] Move ssl_ticket to the PSA API Convert the mbedtl_ssl_ticket_setup function to use the TF_PSA_Crypto API. Signed-off-by: Ben Taylor --- ChangeLog.d/9874.txt | 2 + include/mbedtls/ssl_ticket.h | 11 +++-- library/ssl_ticket.c | 11 +---- programs/fuzz/fuzz_server.c | 11 +++-- programs/ssl/ssl_server2.c | 88 ++++++++++++++++++++++++++---------- 5 files changed, 81 insertions(+), 42 deletions(-) create mode 100644 ChangeLog.d/9874.txt diff --git a/ChangeLog.d/9874.txt b/ChangeLog.d/9874.txt new file mode 100644 index 0000000000..efcaa3af95 --- /dev/null +++ b/ChangeLog.d/9874.txt @@ -0,0 +1,2 @@ +API changes + * Convert the mbedtl_ssl_ticket_setup function to use the TF_PSA_Crypto API. diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index c05e6401f9..6dfe371a2a 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -20,7 +20,6 @@ */ #include "mbedtls/ssl.h" -#include "mbedtls/cipher.h" #if defined(MBEDTLS_HAVE_TIME) #include "mbedtls/platform_time.h" @@ -93,8 +92,12 @@ void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx); * \param ctx Context to be set up * \param f_rng RNG callback function (mandatory) * \param p_rng RNG callback context - * \param cipher AEAD cipher to use for ticket protection. - * Recommended value: MBEDTLS_CIPHER_AES_256_GCM. + * \param alg Cryptographic algorithm to use recomended value + * PSA_ALG_GCM from include/psa/crypto_values.h. + * \param key_type Cryptographic key type to use recomended value + * PSA_KEY_TYPE_AES from include/psa/crypto_values.h. + * \param key_bits Cryptographic key type to use recomended value + * PSA_KEY_TYPE_AES from include/psa/crypto_values.h. * \param lifetime Tickets lifetime in seconds * Recommended value: 86400 (one day). * @@ -117,7 +120,7 @@ void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx); */ int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_cipher_type_t cipher, + psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime); /** diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index b770a8846b..8653e2ddda 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -186,19 +186,10 @@ int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx, */ int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_cipher_type_t cipher, + psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t key_bits; - - psa_algorithm_t alg; - psa_key_type_t key_type; - - if (mbedtls_ssl_cipher_to_psa(cipher, TICKET_AUTH_TAG_BYTES, - &alg, &key_type, &key_bits) != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } if (PSA_ALG_IS_AEAD(alg) == 0) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 64b35edb9b..28f9e336ca 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -131,10 +131,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) if (options & 0x4) { - if (mbedtls_ssl_ticket_setup(&ticket_ctx, - dummy_random, &ctr_drbg, - MBEDTLS_CIPHER_AES_256_GCM, - 86400) != 0) { + if (mbedtls_ssl_ticket_setup(&ticket_ctx, //context + dummy_random, //f_rng + &ctr_drbg, //p_rng + PSA_ALG_GCM, //alg + PSA_KEY_TYPE_AES, //key_type + 256, //key_bits + 86400) != 0) { //lifetime goto exit; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 579c0a190f..b1c1359389 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -115,7 +115,9 @@ int main(void) #define DFL_DUMMY_TICKET 0 #define DFL_TICKET_ROTATE 0 #define DFL_TICKET_TIMEOUT 86400 -#define DFL_TICKET_AEAD MBEDTLS_CIPHER_AES_256_GCM +#define DFL_TICKET_ALG PSA_ALG_GCM +#define DFL_TICKET_KEY_TYPE PSA_KEY_TYPE_AES +#define DFL_TICKET_KEY_BITS 256 #define DFL_CACHE_MAX -1 #define DFL_CACHE_TIMEOUT -1 #define DFL_CACHE_REMOVE 0 @@ -661,7 +663,9 @@ struct options { int dummy_ticket; /* enable / disable dummy ticket generator */ int ticket_rotate; /* session ticket rotate (code coverage) */ int ticket_timeout; /* session ticket lifetime */ - int ticket_aead; /* session ticket protection */ + int ticket_alg; /* session ticket algorithm */ + int ticket_key_type; /* session ticket key type */ + int ticket_key_bits; /* session ticket key size in bits */ int cache_max; /* max number of session cache entries */ #if defined(MBEDTLS_HAVE_TIME) int cache_timeout; /* expiration delay of session cache entries*/ @@ -1472,38 +1476,71 @@ static int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, static int parse_cipher(char *buf) { + int rc = 0; if (strcmp(buf, "AES-128-CCM")) { - return MBEDTLS_CIPHER_AES_128_CCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_AES; + opt.ticket_key_bits = 128; } else if (strcmp(buf, "AES-128-GCM")) { - return MBEDTLS_CIPHER_AES_128_GCM; + opt.ticket_alg = PSA_ALG_GCM; + opt.ticket_key_type = PSA_KEY_TYPE_AES; + opt.ticket_key_bits = 128; } else if (strcmp(buf, "AES-192-CCM")) { - return MBEDTLS_CIPHER_AES_192_CCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_AES; + opt.ticket_key_bits = 192; } else if (strcmp(buf, "AES-192-GCM")) { - return MBEDTLS_CIPHER_AES_192_GCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_AES; + opt.ticket_key_bits = 192; } else if (strcmp(buf, "AES-256-CCM")) { - return MBEDTLS_CIPHER_AES_256_CCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_AES; + opt.ticket_key_bits = 128; } else if (strcmp(buf, "ARIA-128-CCM")) { - return MBEDTLS_CIPHER_ARIA_128_CCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_ARIA; + opt.ticket_key_bits = 128; } else if (strcmp(buf, "ARIA-128-GCM")) { - return MBEDTLS_CIPHER_ARIA_128_GCM; + opt.ticket_alg = PSA_ALG_GCM; + opt.ticket_key_type = PSA_KEY_TYPE_ARIA; + opt.ticket_key_bits = 128; } else if (strcmp(buf, "ARIA-192-CCM")) { - return MBEDTLS_CIPHER_ARIA_192_CCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_ARIA; + opt.ticket_key_bits = 192; } else if (strcmp(buf, "ARIA-192-GCM")) { - return MBEDTLS_CIPHER_ARIA_192_GCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_ARIA; + opt.ticket_key_bits = 192; } else if (strcmp(buf, "ARIA-256-CCM")) { - return MBEDTLS_CIPHER_ARIA_256_CCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_ARIA; + opt.ticket_key_bits = 256; } else if (strcmp(buf, "ARIA-256-GCM")) { - return MBEDTLS_CIPHER_ARIA_256_GCM; + opt.ticket_alg = PSA_ALG_GCM; + opt.ticket_key_type = PSA_KEY_TYPE_ARIA; + opt.ticket_key_bits = 256; } else if (strcmp(buf, "CAMELLIA-128-CCM")) { - return MBEDTLS_CIPHER_CAMELLIA_128_CCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_CAMELLIA; + opt.ticket_key_bits = 128; } else if (strcmp(buf, "CAMELLIA-192-CCM")) { - return MBEDTLS_CIPHER_CAMELLIA_192_CCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_CAMELLIA; + opt.ticket_key_bits = 192; } else if (strcmp(buf, "CAMELLIA-256-CCM")) { - return MBEDTLS_CIPHER_CAMELLIA_256_CCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_CAMELLIA; + opt.ticket_key_bits = 256; } else if (strcmp(buf, "CHACHA20-POLY1305")) { - return MBEDTLS_CIPHER_CHACHA20_POLY1305; + opt.ticket_alg = PSA_ALG_CHACHA20_POLY1305; + opt.ticket_key_type = PSA_KEY_TYPE_CHACHA20; + opt.ticket_key_bits = 256; + } else { + rc = -1; } - return MBEDTLS_CIPHER_NONE; + return rc; } int main(int argc, char *argv[]) @@ -1740,7 +1777,9 @@ int main(int argc, char *argv[]) opt.dummy_ticket = DFL_DUMMY_TICKET; opt.ticket_rotate = DFL_TICKET_ROTATE; opt.ticket_timeout = DFL_TICKET_TIMEOUT; - opt.ticket_aead = DFL_TICKET_AEAD; + opt.ticket_alg = DFL_TICKET_ALG; + opt.ticket_key_type = DFL_TICKET_KEY_TYPE; + opt.ticket_key_bits = DFL_TICKET_KEY_BITS; opt.cache_max = DFL_CACHE_MAX; #if defined(MBEDTLS_HAVE_TIME) opt.cache_timeout = DFL_CACHE_TIMEOUT; @@ -2191,9 +2230,7 @@ int main(int argc, char *argv[]) goto usage; } } else if (strcmp(p, "ticket_aead") == 0) { - opt.ticket_aead = parse_cipher(q); - - if (opt.ticket_aead == MBEDTLS_CIPHER_NONE) { + if (parse_cipher(q) != 0) { goto usage; } } else if (strcmp(p, "cache_max") == 0) { @@ -2963,8 +3000,11 @@ int main(int argc, char *argv[]) #endif /* MBEDTLS_HAVE_TIME */ { if ((ret = mbedtls_ssl_ticket_setup(&ticket_ctx, - rng_get, &rng, - opt.ticket_aead, + rng_get, + &rng, + opt.ticket_alg, + opt.ticket_key_type, + opt.ticket_key_bits, opt.ticket_timeout)) != 0) { mbedtls_printf( " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", From 2547ae9fccc904992612ab7a9feaac9f61fc017b Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 20 Jan 2025 10:04:53 +0000 Subject: [PATCH 0079/1548] Move SSL macro checks from TF-PSA-Crypto to Mbed TLS This commit moves macro checks specifically for Mbed TLS from TF-PSA-Crypto to Mbed TLS where they more approriately belong. Signed-off-by: Harry Ramsey --- include/mbedtls/check_config.h | 5 +++++ library/ssl_misc.h | 1 + 2 files changed, 6 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 06613595b8..819ea0a030 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -174,6 +174,11 @@ "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx" #endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ + !(defined(PSA_WANT_ALG_SHA_1) || defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_512)) +#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_SSL_EARLY_DATA) && \ ( !defined(MBEDTLS_SSL_SESSION_TICKETS) || \ ( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 8c2ad47b3a..9f91861f64 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -20,6 +20,7 @@ #include "psa/crypto.h" #include "psa_util_internal.h" +extern const mbedtls_error_pair_t psa_to_ssl_errors[7]; #if defined(PSA_WANT_ALG_MD5) #include "mbedtls/md5.h" From d5c8bf0f093a484b50aa07836fb65ef592d6d93d Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 31 Jan 2025 14:36:02 +0000 Subject: [PATCH 0080/1548] PR-Template: Updated the PR template with TF-PSA-Crypto checkbox Signed-off-by: Minos Galanakis --- .github/pull_request_template.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 155f114bfd..a637fe4c20 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -11,6 +11,7 @@ If the provided content is part of the present PR remove the # symbol. - [ ] **changelog** provided | not required because: - [ ] **development PR** provided # | not required because: +- [ ] **TF-PSA-Crypto PR** provided # | not required because: - [ ] **framework PR** provided Mbed-TLS/mbedtls-framework# | not required - [ ] **3.6 PR** provided # | not required because: - [ ] **2.28 PR** provided # | not required because: From afa11db62010d7d0fd23087f228890e264fa66d0 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Sat, 1 Feb 2025 15:33:37 +0200 Subject: [PATCH 0081/1548] Remove obselete checks due to the introduction of handhsake defragmen... tation. h/t @waleed-elmelegy-arm https://github.com/Mbed-TLS/mbedtls/pull/9928/commits/909e71672f6a11219e12347c2d7d2429b98e6500 Signed-off-by: Waleed Elmelegy Signed-off-by: Deomid rojer Ryabkov --- library/ssl_tls12_server.c | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 9e7c52c5e6..8aad2b888a 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1060,23 +1060,6 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) size_t handshake_len = MBEDTLS_GET_UINT24_BE(buf, 1); MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake len.: %u", (unsigned) handshake_len)); - - /* The record layer has a record size limit of 2^14 - 1 and - * fragmentation is not supported, so buf[1] should be zero. */ - if (buf[1] != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message: %u != 0", - (unsigned) buf[1])); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* We don't support fragmentation of ClientHello (yet?) */ - if (msg_len != mbedtls_ssl_hs_hdr_len(ssl) + handshake_len) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message: %u != %u + %u", - (unsigned) msg_len, - (unsigned) mbedtls_ssl_hs_hdr_len(ssl), - (unsigned) handshake_len)); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } } #if defined(MBEDTLS_SSL_PROTO_DTLS) From d0498803a131c2822d4984873ead6e6b14d4ecd4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 3 Feb 2025 11:33:25 +0000 Subject: [PATCH 0082/1548] Correct typos in comments Correct the typos in the mbedtls_ssl_ticket_setup function docs Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ticket.h | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index 6dfe371a2a..ef97e8f024 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -92,12 +92,9 @@ void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx); * \param ctx Context to be set up * \param f_rng RNG callback function (mandatory) * \param p_rng RNG callback context - * \param alg Cryptographic algorithm to use recomended value - * PSA_ALG_GCM from include/psa/crypto_values.h. - * \param key_type Cryptographic key type to use recomended value - * PSA_KEY_TYPE_AES from include/psa/crypto_values.h. - * \param key_bits Cryptographic key type to use recomended value - * PSA_KEY_TYPE_AES from include/psa/crypto_values.h. + * \param alg AEAD cipher to use for ticket protection. + * \param key_type Cryptographic key type to use. + * \param key_bits Cryptographic key size to use in bits. * \param lifetime Tickets lifetime in seconds * Recommended value: 86400 (one day). * From 837130cf656d48b0ad73a36de716b1dc5d4e646a Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 4 Feb 2025 07:40:59 +0000 Subject: [PATCH 0083/1548] Improve Changelog and correct alg selection Improve the description of the API changes in the changelog and fix some incorrect alg selection variables in ssl_server2.c. Signed-off-by: Ben Taylor --- ChangeLog.d/9874.txt | 5 ++++- programs/ssl/ssl_server2.c | 12 ++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/ChangeLog.d/9874.txt b/ChangeLog.d/9874.txt index efcaa3af95..8f264ec1be 100644 --- a/ChangeLog.d/9874.txt +++ b/ChangeLog.d/9874.txt @@ -1,2 +1,5 @@ API changes - * Convert the mbedtl_ssl_ticket_setup function to use the TF_PSA_Crypto API. + * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. + Instead of taking a mbedtls_cipher_type_t as an argument, this function now takes 3 + new arguments: a PSA algorithm, key type and key size, to specify the AEAD for ticket + protection. diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b1c1359389..d9e57018ae 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1476,7 +1476,7 @@ static int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, static int parse_cipher(char *buf) { - int rc = 0; + int ret = 0; if (strcmp(buf, "AES-128-CCM")) { opt.ticket_alg = PSA_ALG_CCM; opt.ticket_key_type = PSA_KEY_TYPE_AES; @@ -1490,13 +1490,13 @@ static int parse_cipher(char *buf) opt.ticket_key_type = PSA_KEY_TYPE_AES; opt.ticket_key_bits = 192; } else if (strcmp(buf, "AES-192-GCM")) { - opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_alg = PSA_ALG_GCM; opt.ticket_key_type = PSA_KEY_TYPE_AES; opt.ticket_key_bits = 192; } else if (strcmp(buf, "AES-256-CCM")) { opt.ticket_alg = PSA_ALG_CCM; opt.ticket_key_type = PSA_KEY_TYPE_AES; - opt.ticket_key_bits = 128; + opt.ticket_key_bits = 256; } else if (strcmp(buf, "ARIA-128-CCM")) { opt.ticket_alg = PSA_ALG_CCM; opt.ticket_key_type = PSA_KEY_TYPE_ARIA; @@ -1510,7 +1510,7 @@ static int parse_cipher(char *buf) opt.ticket_key_type = PSA_KEY_TYPE_ARIA; opt.ticket_key_bits = 192; } else if (strcmp(buf, "ARIA-192-GCM")) { - opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_alg = PSA_ALG_GCM; opt.ticket_key_type = PSA_KEY_TYPE_ARIA; opt.ticket_key_bits = 192; } else if (strcmp(buf, "ARIA-256-CCM")) { @@ -1538,9 +1538,9 @@ static int parse_cipher(char *buf) opt.ticket_key_type = PSA_KEY_TYPE_CHACHA20; opt.ticket_key_bits = 256; } else { - rc = -1; + ret = -1; } - return rc; + return ret; } int main(int argc, char *argv[]) From 285722a3fec9ce9bc429a96e4c45b44156c24402 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 20 Jan 2025 10:08:00 +0000 Subject: [PATCH 0084/1548] Update TF-PSA-Crypto pointer This commit updates the TF-PSA-Crypto pointer to include the moved config files. Signed-off-by: Harry Ramsey --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index df85eda50d..d6031a2ad2 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit df85eda50d5cd7dbbd06843eaf4ca2c5ee27a874 +Subproject commit d6031a2ad2e5f420ecc532bdd24c4998c9d6fc92 From 93a496e8772e6a6371487d317c1bc90affdbc76b Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Thu, 30 Jan 2025 21:31:46 +0000 Subject: [PATCH 0085/1548] Update framework pointer This commit updates the framework pointer to include changes to enable check_names.py to run independently for TF-PSA-Crypto and Mbed TLS. Signed-off-by: Harry Ramsey --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 8296a73ce0..78f70ca80f 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 8296a73ce0cb31fadf411b6929a3201beece37a5 +Subproject commit 78f70ca80f9d382aa45209a2b6cd0775c69723d4 From b6fb07bc48034384b1e9009f524672ceabf760ee Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 4 Feb 2025 09:08:02 +0000 Subject: [PATCH 0086/1548] Change Changelog entry to a maximum of 80 charactors Signed-off-by: Ben Taylor --- ChangeLog.d/9874.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/9874.txt b/ChangeLog.d/9874.txt index 8f264ec1be..21fe22e4e5 100644 --- a/ChangeLog.d/9874.txt +++ b/ChangeLog.d/9874.txt @@ -1,5 +1,5 @@ API changes * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. - Instead of taking a mbedtls_cipher_type_t as an argument, this function now takes 3 - new arguments: a PSA algorithm, key type and key size, to specify the AEAD for ticket - protection. + Instead of taking a mbedtls_cipher_type_t as an argument, this function + now takes 3 new arguments: a PSA algorithm, key type and key size, to + specify the AEAD for ticket protection. From 6e5dfa851c6200df3b19d7f8e2ae4a1f1b412b52 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Tue, 14 Jan 2025 11:42:34 +0000 Subject: [PATCH 0087/1548] Move crypto configs to TF-PSA-Crypto This commit moves config-symmetric-only.h, crypto-config-ccm-aes-sha256.h and crypto_config_profile_medium.h to TF-PSA-Crypto. Signed-off-by: Harry Ramsey --- configs/crypto-config-ccm-aes-sha256.h | 28 - configs/crypto-config-symmetric-only.h | 91 --- configs/ext/crypto_config_profile_medium.h | 693 --------------------- 3 files changed, 812 deletions(-) delete mode 100644 configs/crypto-config-ccm-aes-sha256.h delete mode 100644 configs/crypto-config-symmetric-only.h delete mode 100644 configs/ext/crypto_config_profile_medium.h diff --git a/configs/crypto-config-ccm-aes-sha256.h b/configs/crypto-config-ccm-aes-sha256.h deleted file mode 100644 index be8a7467eb..0000000000 --- a/configs/crypto-config-ccm-aes-sha256.h +++ /dev/null @@ -1,28 +0,0 @@ -/** - * \file configs/crypto-config-ccm-aes-sha256.h - * - * \brief PSA crypto configuration with only symmetric cryptography: CCM-AES, - * SHA-256 and key derivation (uses HMAC). - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_CRYPTO_CONFIG_H -#define PSA_CRYPTO_CONFIG_H - -#define PSA_WANT_ALG_CCM 1 -#define PSA_WANT_ALG_SHA_256 1 -#define PSA_WANT_ALG_TLS12_PRF 1 -#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 -#define PSA_WANT_KEY_TYPE_DERIVE 1 -#define PSA_WANT_KEY_TYPE_AES 1 -#define PSA_WANT_KEY_TYPE_RAW_DATA 1 - - -#define MBEDTLS_PSA_CRYPTO_C -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ENTROPY_C - -#endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/configs/crypto-config-symmetric-only.h b/configs/crypto-config-symmetric-only.h deleted file mode 100644 index dfe9e81251..0000000000 --- a/configs/crypto-config-symmetric-only.h +++ /dev/null @@ -1,91 +0,0 @@ -/** - * \file crypto-config-symmetric-only.h - * - * \brief Crypto configuration without any asymmetric cryptography. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/** - * To be used in conjunction with configs/config-symmetric-only.h. */ - -#ifndef PSA_CRYPTO_CONFIG_H -#define PSA_CRYPTO_CONFIG_H - -#define PSA_WANT_ALG_CBC_NO_PADDING 1 -#define PSA_WANT_ALG_CBC_PKCS7 1 -#define PSA_WANT_ALG_CCM 1 -#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1 -#define PSA_WANT_ALG_CFB 1 -#define PSA_WANT_ALG_CHACHA20_POLY1305 1 -#define PSA_WANT_ALG_CMAC 1 -#define PSA_WANT_ALG_CTR 1 -#define PSA_WANT_ALG_ECB_NO_PADDING 1 -#define PSA_WANT_ALG_GCM 1 -#define PSA_WANT_ALG_HKDF 1 -#define PSA_WANT_ALG_HKDF_EXTRACT 1 -#define PSA_WANT_ALG_HKDF_EXPAND 1 -#define PSA_WANT_ALG_HMAC 1 -#define PSA_WANT_ALG_MD5 1 -#define PSA_WANT_ALG_OFB 1 -#define PSA_WANT_ALG_RIPEMD160 1 -#define PSA_WANT_ALG_SHA_1 1 -#define PSA_WANT_ALG_STREAM_CIPHER 1 -#define PSA_WANT_ALG_SHA_224 1 -#define PSA_WANT_ALG_SHA_256 1 -#define PSA_WANT_ALG_SHA_384 1 -#define PSA_WANT_ALG_SHA_512 1 -#define PSA_WANT_ALG_SHA3_224 1 -#define PSA_WANT_ALG_SHA3_256 1 -#define PSA_WANT_ALG_SHA3_384 1 -#define PSA_WANT_ALG_SHA3_512 1 -#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 -#define PSA_WANT_ALG_TLS12_PRF 1 -#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 - -/* XTS is not yet supported via the PSA API in Mbed TLS. */ -//#define PSA_WANT_ALG_XTS 1 - -#define PSA_WANT_KEY_TYPE_AES 1 -#define PSA_WANT_KEY_TYPE_ARIA 1 -#define PSA_WANT_KEY_TYPE_CAMELLIA 1 -#define PSA_WANT_KEY_TYPE_CHACHA20 1 -#define PSA_WANT_KEY_TYPE_DES 1 -#define PSA_WANT_KEY_TYPE_HMAC 1 - -#define MBEDTLS_SELF_TEST - -#define MBEDTLS_PSA_CRYPTO_C - -/* System support */ -//#define MBEDTLS_HAVE_ASM -#define MBEDTLS_HAVE_TIME -#define MBEDTLS_HAVE_TIME_DATE - -#define MBEDTLS_FS_IO -#define MBEDTLS_ENTROPY_NV_SEED - -/* Mbed TLS modules */ -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_BASE64_C -#define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ENTROPY_C -#define MBEDTLS_ERROR_C -#define MBEDTLS_HMAC_DRBG_C -#define MBEDTLS_NIST_KW_C -#define MBEDTLS_OID_C -#define MBEDTLS_PEM_PARSE_C -#define MBEDTLS_PEM_WRITE_C -#define MBEDTLS_PKCS5_C -#define MBEDTLS_PKCS12_C -#define MBEDTLS_PLATFORM_C -#define MBEDTLS_PSA_CRYPTO_SE_C -#define MBEDTLS_PSA_CRYPTO_STORAGE_C -#define MBEDTLS_PSA_ITS_FILE_C - -//#define MBEDTLS_THREADING_C - -#endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/configs/ext/crypto_config_profile_medium.h b/configs/ext/crypto_config_profile_medium.h deleted file mode 100644 index 83048d0d80..0000000000 --- a/configs/ext/crypto_config_profile_medium.h +++ /dev/null @@ -1,693 +0,0 @@ -/* - * Copyright (c) 2018-2023, Arm Limited. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - * - */ -/** - * \file psa/crypto_config.h - * \brief PSA crypto configuration options (set of defines) - * - */ - -#ifndef PROFILE_M_PSA_CRYPTO_CONFIG_H -#define PROFILE_M_PSA_CRYPTO_CONFIG_H - -/** - * \name SECTION: Platform abstraction layer - * - * This section sets platform specific settings. - * \{ - */ - -/** - * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C - * - * Enable the buffer allocator implementation that makes use of a (stack) - * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() - * calls) - * - * Module: library/memory_buffer_alloc.c - * - * Requires: MBEDTLS_PLATFORM_C - * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS) - * - * Enable this module to enable the buffer memory allocator. - */ -#define MBEDTLS_MEMORY_BUFFER_ALLOC_C - -/** - * \def MBEDTLS_PLATFORM_C - * - * Enable the platform abstraction layer that allows you to re-assign - * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). - * - * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT - * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned - * above to be specified at runtime or compile time respectively. - * - * \note This abstraction layer must be enabled on Windows (including MSYS2) - * as other modules rely on it for a fixed snprintf implementation. - * - * Module: library/platform.c - * Caller: Most other .c files - * - * This module enables abstraction of common (libc) functions. - */ -#define MBEDTLS_PLATFORM_C - -/** - * \def MBEDTLS_PLATFORM_MEMORY - * - * Enable the memory allocation layer. - * - * By default Mbed TLS uses the system-provided calloc() and free(). - * This allows different allocators (self-implemented or provided) to be - * provided to the platform abstraction layer. - * - * Enabling #MBEDTLS_PLATFORM_MEMORY without the - * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide - * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and - * free() function pointer at runtime. - * - * Enabling #MBEDTLS_PLATFORM_MEMORY and specifying - * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the - * alternate function at compile time. - * - * An overview of how the value of mbedtls_calloc is determined: - * - * - if !MBEDTLS_PLATFORM_MEMORY - * - mbedtls_calloc = calloc - * - if MBEDTLS_PLATFORM_MEMORY - * - if (MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO): - * - mbedtls_calloc = MBEDTLS_PLATFORM_CALLOC_MACRO - * - if !(MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO): - * - Dynamic setup via mbedtls_platform_set_calloc_free is now possible with a default value MBEDTLS_PLATFORM_STD_CALLOC. - * - How is MBEDTLS_PLATFORM_STD_CALLOC handled? - * - if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS: - * - MBEDTLS_PLATFORM_STD_CALLOC is not set to anything; - * - MBEDTLS_PLATFORM_STD_MEM_HDR can be included if present; - * - if !MBEDTLS_PLATFORM_NO_STD_FUNCTIONS: - * - if MBEDTLS_PLATFORM_STD_CALLOC is present: - * - User-defined MBEDTLS_PLATFORM_STD_CALLOC is respected; - * - if !MBEDTLS_PLATFORM_STD_CALLOC: - * - MBEDTLS_PLATFORM_STD_CALLOC = calloc - * - * - At this point the presence of MBEDTLS_PLATFORM_STD_CALLOC is checked. - * - if !MBEDTLS_PLATFORM_STD_CALLOC - * - MBEDTLS_PLATFORM_STD_CALLOC = uninitialized_calloc - * - * - mbedtls_calloc = MBEDTLS_PLATFORM_STD_CALLOC. - * - * Defining MBEDTLS_PLATFORM_CALLOC_MACRO and #MBEDTLS_PLATFORM_STD_CALLOC at the same time is not possible. - * MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO must both be defined or undefined at the same time. - * #MBEDTLS_PLATFORM_STD_CALLOC and #MBEDTLS_PLATFORM_STD_FREE do not have to be defined at the same time, as, if they are used, - * dynamic setup of these functions is possible. See the tree above to see how are they handled in all cases. - * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer. - * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything. - * - * Requires: MBEDTLS_PLATFORM_C - * - * Enable this layer to allow use of alternative memory allocators. - */ -#define MBEDTLS_PLATFORM_MEMORY - -/** - * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - * - * Do not assign standard functions in the platform layer (e.g. calloc() to - * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF) - * - * This makes sure there are no linking errors on platforms that do not support - * these functions. You will HAVE to provide alternatives, either at runtime - * via the platform_set_xxx() functions or at compile time by setting - * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a - * MBEDTLS_PLATFORM_XXX_MACRO. - * - * Requires: MBEDTLS_PLATFORM_C - * - * Uncomment to prevent default assignment of standard functions in the - * platform layer. - */ -#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS - -#define MBEDTLS_PLATFORM_PRINTF_ALT - -/* To use the following function macros, MBEDTLS_PLATFORM_C must be enabled. */ -/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */ - -#include - -#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf -#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE -#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS - -#define MBEDTLS_PLATFORM_STD_MEM_HDR - -/** \} name SECTION: Platform abstraction layer */ - -/** - * \name SECTION: SECTION Cryptographic mechanism selection (PSA API) - * - * This section sets PSA API settings. - * \{ - */ -/* - * CBC-MAC is not yet supported via the PSA API in Mbed TLS. - */ -//#define PSA_WANT_ALG_CBC_MAC 1 -//#define PSA_WANT_ALG_CBC_NO_PADDING 1 -//#define PSA_WANT_ALG_CBC_PKCS7 1 -#define PSA_WANT_ALG_CCM 1 -//#define PSA_WANT_ALG_CMAC 1 -//#define PSA_WANT_ALG_CFB 1 -//#define PSA_WANT_ALG_CHACHA20_POLY1305 1 -//#define PSA_WANT_ALG_CTR 1 -//#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 -//#define PSA_WANT_ALG_ECB_NO_PADDING 1 -#define PSA_WANT_ALG_ECDH 1 -#define PSA_WANT_ALG_ECDSA 1 -//#define PSA_WANT_ALG_GCM 1 -#define PSA_WANT_ALG_HKDF 1 -#define PSA_WANT_ALG_HMAC 1 -//#define PSA_WANT_ALG_MD5 1 -//#define PSA_WANT_ALG_OFB 1 -/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. - * Note: when adding support, also adjust include/mbedtls/config_psa.h */ -//#define PSA_WANT_ALG_PBKDF2_HMAC 1 -//#define PSA_WANT_ALG_RIPEMD160 1 -//#define PSA_WANT_ALG_RSA_OAEP 1 -//#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 -//#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 -//#define PSA_WANT_ALG_RSA_PSS 1 -//#define PSA_WANT_ALG_SHA_1 1 -#define PSA_WANT_ALG_SHA_224 1 -#define PSA_WANT_ALG_SHA_256 1 -//#define PSA_WANT_ALG_SHA_384 1 -//#define PSA_WANT_ALG_SHA_512 1 -//#define PSA_WANT_ALG_STREAM_CIPHER 1 -#define PSA_WANT_ALG_TLS12_PRF 1 -#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 -/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. - * Note: when adding support, also adjust include/mbedtls/config_psa.h */ -//#define PSA_WANT_ALG_XTS 1 - -//#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 -//#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 -//#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1 -//#define PSA_WANT_ECC_MONTGOMERY_255 1 -//#define PSA_WANT_ECC_MONTGOMERY_448 1 -//#define PSA_WANT_ECC_SECP_K1_192 1 -//#define PSA_WANT_ECC_SECP_K1_256 1 -//#define PSA_WANT_ECC_SECP_R1_192 1 -//#define PSA_WANT_ECC_SECP_R1_224 1 -#define PSA_WANT_ECC_SECP_R1_256 1 -//#define PSA_WANT_ECC_SECP_R1_384 1 -//#define PSA_WANT_ECC_SECP_R1_521 1 - -#define PSA_WANT_KEY_TYPE_DERIVE 1 -#define PSA_WANT_KEY_TYPE_HMAC 1 -#define PSA_WANT_KEY_TYPE_AES 1 -//#define PSA_WANT_KEY_TYPE_ARIA 1 -//#define PSA_WANT_KEY_TYPE_CAMELLIA 1 -//#define PSA_WANT_KEY_TYPE_CHACHA20 1 -//#define PSA_WANT_KEY_TYPE_DES 1 -//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 /* Deprecated */ -#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 -#define PSA_WANT_KEY_TYPE_RAW_DATA 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 /* Deprecated */ -//#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 - -/* - * The following symbols extend and deprecate the legacy - * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR ones. They include the usage of that key in - * the name's suffix. "_USE" is the most generic and it can be used to describe - * a generic suport, whereas other ones add more features on top of that and - * they are more specific. - */ -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 -//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 - -/** \} name SECTION Cryptographic mechanism selection (PSA API) */ - -/** - * \name SECTION: PSA core - * - * This section sets PSA specific settings. - * \{ - */ - -/** - * \def MBEDTLS_ENTROPY_C - * - * Enable the platform-specific entropy code. - * - * Module: library/entropy.c - * Caller: - * - * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C - * - * This module provides a generic entropy pool - */ -#define MBEDTLS_ENTROPY_C - -/** - * \def MBEDTLS_ENTROPY_NV_SEED - * - * Enable the non-volatile (NV) seed file-based entropy source. - * (Also enables the NV seed read/write functions in the platform layer) - * - * This is crucial (if not required) on systems that do not have a - * cryptographic entropy source (in hardware or kernel) available. - * - * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C - * - * \note The read/write functions that are used by the entropy source are - * determined in the platform layer, and can be modified at runtime and/or - * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. - * - * \note If you use the default implementation functions that read a seedfile - * with regular fopen(), please make sure you make a seedfile with the - * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at - * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from - * and written to or you will get an entropy source error! The default - * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE - * bytes from the file. - * - * \note The entropy collector will write to the seed file before entropy is - * given to an external source, to update it. - */ -#define MBEDTLS_ENTROPY_NV_SEED - -/** - * \def MBEDTLS_NO_PLATFORM_ENTROPY - * - * Do not use built-in platform entropy functions. - * This is useful if your platform does not support - * standards like the /dev/urandom or Windows CryptoAPI. - * - * Uncomment this macro to disable the built-in platform entropy functions. - */ -#define MBEDTLS_NO_PLATFORM_ENTROPY - -/** - * \def MBEDTLS_PSA_CRYPTO_C - * - * Enable the Platform Security Architecture cryptography API. - * - * Module: library/psa_crypto.c - * - * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C, - * or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C, - * or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. - * Auto-enables: MBEDTLS_CIPHER_C if any unauthenticated (ie, non-AEAD) cipher - * is enabled in PSA (unless it's fully accelerated, see - * docs/driver-only-builds.md about that). - */ -#define MBEDTLS_PSA_CRYPTO_C - -/** - * \def MBEDTLS_PSA_CRYPTO_SPM - * - * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure - * Partition Manager) integration which separates the code into two parts: a - * NSPE (Non-Secure Process Environment) and an SPE (Secure Process - * Environment). - * - * If you enable this option, your build environment must include a header - * file `"crypto_spe.h"` (either in the `psa` subdirectory of the Mbed TLS - * header files, or in another directory on the compiler's include search - * path). Alternatively, your platform may customize the header - * `psa/crypto_platform.h`, in which case it can skip or replace the - * inclusion of `"crypto_spe.h"`. - * - * Module: library/psa_crypto.c - * Requires: MBEDTLS_PSA_CRYPTO_C - * - */ -#define MBEDTLS_PSA_CRYPTO_SPM - -/** - * \def MBEDTLS_PSA_CRYPTO_STORAGE_C - * - * Enable the Platform Security Architecture persistent key storage. - * - * Module: library/psa_crypto_storage.c - * - * Requires: MBEDTLS_PSA_CRYPTO_C, - * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of - * the PSA ITS interface - */ -#define MBEDTLS_PSA_CRYPTO_STORAGE_C - -/** \} name SECTION: PSA core */ - -/** - * \name SECTION: Builtin drivers - * - * This section sets driver specific settings. - * \{ - */ - -/** - * \def MBEDTLS_AES_ROM_TABLES - * - * Use precomputed AES tables stored in ROM. - * - * Uncomment this macro to use precomputed AES tables stored in ROM. - * Comment this macro to generate AES tables in RAM at runtime. - * - * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb - * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the - * initialization time before the first AES operation can be performed. - * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c - * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded - * performance if ROM access is slower than RAM access. - * - * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. - */ -#define MBEDTLS_AES_ROM_TABLES - -/** - * \def MBEDTLS_AES_FEWER_TABLES - * - * Use less ROM/RAM for AES tables. - * - * Uncommenting this macro omits 75% of the AES tables from - * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES) - * by computing their values on the fly during operations - * (the tables are entry-wise rotations of one another). - * - * Tradeoff: Uncommenting this reduces the RAM / ROM footprint - * by ~6kb but at the cost of more arithmetic operations during - * runtime. Specifically, one has to compare 4 accesses within - * different tables to 4 accesses with additional arithmetic - * operations within the same table. The performance gain/loss - * depends on the system and memory details. - * - * This option is independent of \c MBEDTLS_AES_ROM_TABLES. - */ -#define MBEDTLS_AES_FEWER_TABLES - -/** - * \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH - * - * Use only 128-bit keys in AES operations to save ROM. - * - * Uncomment this macro to remove support for AES operations that use 192- - * or 256-bit keys. - * - * Uncommenting this macro reduces the size of AES code by ~300 bytes - * on v8-M/Thumb2. - * - * Module: library/aes.c - * - * Requires: MBEDTLS_AES_C - */ -#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH - -/** - * \def MBEDTLS_ECP_NIST_OPTIM - * - * Enable specific 'modulo p' routines for each NIST prime. - * Depending on the prime and architecture, makes operations 4 to 8 times - * faster on the corresponding curve. - * - * Comment this macro to disable NIST curves optimisation. - */ -#define MBEDTLS_ECP_NIST_OPTIM - -/** - * \def MBEDTLS_HAVE_ASM - * - * The compiler has support for asm(). - * - * Requires support for asm() in compiler. - * - * Used in: - * library/aesni.h - * library/aria.c - * library/bn_mul.h - * library/constant_time.c - * - * Required by: - * MBEDTLS_AESCE_C - * MBEDTLS_AESNI_C (on some platforms) - * - * Comment to disable the use of assembly code. - */ -#define MBEDTLS_HAVE_ASM - -/** - * Uncomment to enable p256-m. This is an alternative implementation of - * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1. - * Compared to the default implementation: - * - * - p256-m has a much smaller code size and RAM footprint. - * - p256-m is only available via the PSA API. This includes the pk module. - * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols - * over the core arithmetic, or deterministic derivation of keys. - * - * We recommend enabling this option if your application uses the PSA API - * and the only elliptic curve support it needs is ECDH and ECDSA over - * SECP256R1. - * - * If you enable this option, you do not need to enable any ECC-related - * MBEDTLS_xxx option. You do need to separately request support for the - * cryptographic mechanisms through the PSA API: - * - #MBEDTLS_PSA_CRYPTO_C for PSA-based configuration; - * - #PSA_WANT_ECC_SECP_R1_256; - * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed; - * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, - * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT, - * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or - * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed. - * - * \note To benefit from the smaller code size of p256-m, make sure that you - * do not enable any ECC-related option not supported by p256-m: this - * would cause the built-in ECC implementation to be built as well, in - * order to provide the required option. - * Make sure #PSA_WANT_ALG_DETERMINISTIC_ECDSA, #PSA_WANT_ALG_JPAKE and - * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE, and curves other than - * SECP256R1 are disabled as they are not supported by this driver. - * Also, avoid defining #MBEDTLS_PK_PARSE_EC_COMPRESSED or - * #MBEDTLS_PK_PARSE_EC_EXTENDED as those currently require a subset of - * the built-in ECC implementation, see docs/driver-only-builds.md. - */ -#define MBEDTLS_PSA_P256M_DRIVER_ENABLED - -/** - * \def MBEDTLS_SHA256_SMALLER - * - * Enable an implementation of SHA-256 that has lower ROM footprint but also - * lower performance. - * - * The default implementation is meant to be a reasonable compromise between - * performance and size. This version optimizes more aggressively for size at - * the expense of performance. Eg on Cortex-M4 it reduces the size of - * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about - * 30%. - * - * Uncomment to enable the smaller implementation of SHA256. - */ -#define MBEDTLS_SHA256_SMALLER - -/* ECP options */ -#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Disable fixed-point speed-up */ - -/** \} name SECTION: Builtin drivers */ - -/** - * \name SECTION: Legacy cryptography - * - * This section sets legacy settings. - * \{ - */ - -/** - * \def MBEDTLS_AES_C - * - * Enable the AES block cipher. - * - * Module: library/aes.c - * Caller: library/cipher.c - * library/pem.c - * library/ctr_drbg.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA - * - * PEM_PARSE uses AES for decrypting encrypted keys. - */ -#define MBEDTLS_AES_C - -/** - * \def MBEDTLS_CIPHER_C - * - * Enable the generic cipher layer. - * - * Module: library/cipher.c - * Caller: library/ccm.c - * library/cmac.c - * library/gcm.c - * library/nist_kw.c - * library/pkcs12.c - * library/pkcs5.c - * library/psa_crypto_aead.c - * library/psa_crypto_mac.c - * library/ssl_ciphersuites.c - * library/ssl_msg.c - * Auto-enabled by: MBEDTLS_PSA_CRYPTO_C depending on which ciphers are enabled - * (see the documentation of that option for details). - * - * Uncomment to enable generic cipher wrappers. - */ -#define MBEDTLS_CIPHER_C - -/** - * \def MBEDTLS_CTR_DRBG_C - * - * Enable the CTR_DRBG AES-based random generator. - * The CTR_DRBG generator uses AES-256 by default. - * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above. - * - * AES support can either be achieved through builtin (MBEDTLS_AES_C) or PSA. - * Builtin is the default option when MBEDTLS_AES_C is defined otherwise PSA - * is used. - * - * \warning When using PSA, the user should call `psa_crypto_init()` before - * using any CTR_DRBG operation (except `mbedtls_ctr_drbg_init()`). - * - * \note AES-128 will be used if \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set. - * - * \note To achieve a 256-bit security strength with CTR_DRBG, - * you must use AES-256 *and* use sufficient entropy. - * See ctr_drbg.h for more details. - * - * Module: library/ctr_drbg.c - * Caller: - * - * Requires: MBEDTLS_AES_C or - * (PSA_WANT_KEY_TYPE_AES and PSA_WANT_ALG_ECB_NO_PADDING and - * MBEDTLS_PSA_CRYPTO_C) - * - * This module provides the CTR_DRBG AES random number generator. - */ -#define MBEDTLS_CTR_DRBG_C -/** \} name SECTION: Legacy cryptography */ - -/***********************************************************/ -/* Tweak the configuration to remove dependencies on TF-M. */ -/***********************************************************/ - -/* MBEDTLS_PSA_CRYPTO_SPM needs third-party files, so disable it. */ -#undef MBEDTLS_PSA_CRYPTO_SPM - -/* Disable buffer-based memory allocator. This isn't strictly required, - * but using the native allocator is faster and works better with - * memory management analysis frameworks such as ASan. */ -#undef MBEDTLS_MEMORY_BUFFER_ALLOC_C - -// This macro is enabled in TFM Medium but is disabled here because it is -// incompatible with baremetal builds in Mbed TLS. -#undef MBEDTLS_PSA_CRYPTO_STORAGE_C - -// This macro is enabled in TFM Medium but is disabled here because it is -// incompatible with baremetal builds in Mbed TLS. -#undef MBEDTLS_ENTROPY_NV_SEED - -// These platform-related TF-M settings are not useful here. -#undef MBEDTLS_PLATFORM_NO_STD_FUNCTIONS -#undef MBEDTLS_PLATFORM_STD_MEM_HDR -#undef MBEDTLS_PLATFORM_SNPRINTF_MACRO -#undef MBEDTLS_PLATFORM_PRINTF_ALT -#undef MBEDTLS_PLATFORM_STD_EXIT_SUCCESS -#undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE - -/* - * In order to get an example config that works cleanly out-of-the-box - * for both baremetal and non-baremetal builds, we detect baremetal builds - * (either IAR, Arm compiler or __ARM_EABI__ defined), and adjust some - * variables accordingly. - */ -#if defined(__IAR_SYSTEMS_ICC__) || defined(__ARMCC_VERSION) || defined(__ARM_EABI__) -#define MBEDTLS_NO_PLATFORM_ENTROPY -#else -/* Use built-in platform entropy functions (TF-M provides its own). */ -#undef MBEDTLS_NO_PLATFORM_ENTROPY -#endif - -/*********************************************************************** - * Local changes to crypto config below this delimiter - **********************************************************************/ - -// We expect TF-M to pick this up soon -#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - -/* CCM is the only cipher/AEAD enabled in TF-M configuration files, but it - * does not need CIPHER_C to be enabled, so we can disable it in order - * to reduce code size further. */ -#undef MBEDTLS_CIPHER_C - -#if CRYPTO_NV_SEED -#include "tfm_mbedcrypto_config_extra_nv_seed.h" -#endif /* CRYPTO_NV_SEED */ - -#if !defined(CRYPTO_HW_ACCELERATOR) && defined(MBEDTLS_ENTROPY_NV_SEED) -#include "mbedtls_entropy_nv_seed_config.h" -#endif - -#ifdef CRYPTO_HW_ACCELERATOR -#include "crypto_accelerator_config.h" -#endif - -#endif /* PROFILE_M_PSA_CRYPTO_CONFIG_H */ From c89fa17ba3f20c53cbf9d79f50e10f55768fb3ac Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Tue, 14 Jan 2025 11:45:30 +0000 Subject: [PATCH 0088/1548] Update configs README This commit updates configs/ext/README.md to reflect the necessary files which were removed from Mbed TLS. Signed-off-by: Harry Ramsey --- configs/crypto-config-suite-b.h | 2 +- configs/ext/README.md | 16 ++++++---------- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h index 3eea061262..3fec3d0f10 100644 --- a/configs/crypto-config-suite-b.h +++ b/configs/crypto-config-suite-b.h @@ -1,5 +1,5 @@ /** - * \file crypto-config-symmetric-only.h + * \file crypto-config-suite-b.h * * \brief \brief Minimal crypto configuration for * TLS NSA Suite B Profile (RFC 6460). diff --git a/configs/ext/README.md b/configs/ext/README.md index b07cbc18c5..f679e32112 100644 --- a/configs/ext/README.md +++ b/configs/ext/README.md @@ -1,26 +1,22 @@ Summary ------- -The two files: +The file: -* crypto_config_profile_medium.h * tfm_mbedcrypto_config_profile_medium.h -are copyright The Mbed TLS Contributors, and are distributed under the license normally +is copyright The Mbed TLS Contributors, and is distributed under the license normally used by Mbed TLS: a dual Apache 2.0 or GPLv2-or-later license. Background ---------- -The two files crypto_config_profile_medium.h and tfm_mbedcrypto_config_profile_medium.h -are taken verbatim from the TF-M source code here: +The file tfm_mbedcrypto_config_profile_medium.h was derived from the file tfm_mbedcrypto_config_profile_medium.h taken from the TF-M source code here: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/lib/ext/mbedcrypto/mbedcrypto_config -In TF-M, they are distributed under a 3-Clause BSD license, as noted at the top of the files. +It was derived according to the Mbed TLS configuration file split that occurred as part of the Mbed TLS repository split, see https://github.com/Mbed-TLS/mbedtls/blob/development/docs/proposed/config-split.md. -In Mbed TLS, with permission from the TF-M project, they are distributed under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license, with copyright assigned to The Mbed TLS Contributors. +In TF-M, the original file is distributed under a 3-Clause BSD license, as noted at the top of the file. -We only retain the note at the top of the files because the intent is to take these files verbatim, -for ease of maintenance. Currently however, they contain changes, showing how these configurations -will need to be adapted for 4.0. +In Mbed TLS, with permission from the TF-M project, tfm_mbedcrypto_config_profile_medium.h is distributed under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license, with copyright assigned to The Mbed TLS Contributors. From 94c386a8ea314b654b07aa786dfe679e1d52fe06 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Thu, 16 Jan 2025 16:08:34 +0000 Subject: [PATCH 0089/1548] Update config paths in scripts This commit updates the moved config paths in multiple script files. Signed-off-by: Harry Ramsey --- scripts/code_size_compare.py | 2 +- tests/scripts/components-compiler.sh | 2 +- tests/scripts/components-configuration-crypto.sh | 8 ++++---- tests/scripts/components-configuration.sh | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index ce752e4931..8ed5f9cd63 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -146,7 +146,7 @@ def detect_arch() -> str: sys.exit(1) TFM_MEDIUM_CONFIG_H = 'configs/ext/tfm_mbedcrypto_config_profile_medium.h' -TFM_MEDIUM_CRYPTO_CONFIG_H = 'configs/ext/crypto_config_profile_medium.h' +TFM_MEDIUM_CRYPTO_CONFIG_H = 'tf-psa-crypto/configs/ext/crypto_config_profile_medium.h' CONFIG_H = 'include/mbedtls/mbedtls_config.h' CRYPTO_CONFIG_H = 'tf-psa-crypto/include/psa/crypto_config.h' diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 0598b2df08..cb6dd9253e 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -16,7 +16,7 @@ support_build_tfm_armcc () { component_build_tfm_armcc () { # test the TF-M configuration can build cleanly with various warning flags enabled cp configs/config-tfm.h "$CONFIG_H" - cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" + cp tf-psa-crypto/configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" msg "build: TF-M config, armclang armv7-m thumb2" helper_armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe" diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index c8c095f5fd..514682136e 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -412,7 +412,7 @@ component_test_full_no_ccm_star_no_tag () { component_test_config_symmetric_only () { msg "build: configs/config-symmetric-only.h" MBEDTLS_CONFIG="configs/config-symmetric-only.h" - CRYPTO_CONFIG="configs/crypto-config-symmetric-only.h" + CRYPTO_CONFIG="tf-psa-crypto/configs/crypto-config-symmetric-only.h" CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . make @@ -1334,7 +1334,7 @@ component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { component_test_tfm_config_as_is () { msg "build: configs/config-tfm.h" MBEDTLS_CONFIG="configs/config-tfm.h" - CRYPTO_CONFIG="configs/ext/crypto_config_profile_medium.h" + CRYPTO_CONFIG="tf-psa-crypto/configs/ext/crypto_config_profile_medium.h" CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . make @@ -1348,7 +1348,7 @@ component_test_tfm_config_as_is () { common_tfm_config () { # Enable TF-M config cp configs/config-tfm.h "$CONFIG_H" - cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" + cp tf-psa-crypto/configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" # Config adjustment for better test coverage in our environment. # This is not needed just to build and pass tests. @@ -2097,7 +2097,7 @@ component_test_ccm_aes_sha256 () { # Setting a blank config disables everyhing in the library side. echo '#define MBEDTLS_CONFIG_H ' >"$CONFIG_H" - cp configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H" + cp tf-psa-crypto/configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H" make msg "test: CCM + AES + SHA256 configuration" diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index 74408457d9..61a51292d9 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -236,7 +236,7 @@ component_build_tfm () { # the configuration that works on mainstream platforms is in # configs/config-tfm.h, tested via test-ref-configs.pl. cp configs/config-tfm.h "$CONFIG_H" - cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" + cp tf-psa-crypto/configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" msg "build: TF-M config, clang, armv7-m thumb2" make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe" From 7d4c48ba4ff8e8d65a907d05138c9de515008222 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 4 Feb 2025 15:27:53 +0000 Subject: [PATCH 0090/1548] fixed trailing whitespace Signed-off-by: Ben Taylor --- ChangeLog.d/9874.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/9874.txt b/ChangeLog.d/9874.txt index 21fe22e4e5..a4d2e032ee 100644 --- a/ChangeLog.d/9874.txt +++ b/ChangeLog.d/9874.txt @@ -1,5 +1,5 @@ API changes * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. - Instead of taking a mbedtls_cipher_type_t as an argument, this function - now takes 3 new arguments: a PSA algorithm, key type and key size, to + Instead of taking a mbedtls_cipher_type_t as an argument, this function + now takes 3 new arguments: a PSA algorithm, key type and key size, to specify the AEAD for ticket protection. From 40e14a7559920f61ec32a17b325d6844f754bc69 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 29 Jan 2025 15:12:09 +0100 Subject: [PATCH 0091/1548] Move files out of Mbed TLS The following files are moved to the framework repo (deleted here): tests/scripts/test_psa_compliance.py tests/scripts/test_psa_constant_names.py Signed-off-by: Valerio Setti --- tests/scripts/test_psa_compliance.py | 172 -------------------- tests/scripts/test_psa_constant_names.py | 194 ----------------------- 2 files changed, 366 deletions(-) delete mode 100755 tests/scripts/test_psa_compliance.py delete mode 100755 tests/scripts/test_psa_constant_names.py diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py deleted file mode 100755 index 7c09afc19c..0000000000 --- a/tests/scripts/test_psa_compliance.py +++ /dev/null @@ -1,172 +0,0 @@ -#!/usr/bin/env python3 -"""Run the PSA Crypto API compliance test suite. -Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF, -then compile and run the test suite. The clone is stored at /psa-arch-tests. -Known defects in either the test suite or mbedtls / TF-PSA-Crypto - identified by their test -number - are ignored, while unexpected failures AND successes are reported as errors, to help -keep the list of known defects as up to date as possible. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import argparse -import os -import re -import shutil -import subprocess -import sys -from typing import List - -#pylint: disable=unused-import -import scripts_path -from mbedtls_framework import build_tree - -# PSA Compliance tests we expect to fail due to known defects in Mbed TLS / -# TF-PSA-Crypto (or the test suite). -# The test numbers correspond to the numbers used by the console output of the test suite. -# Test number 2xx corresponds to the files in the folder -# psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx -EXPECTED_FAILURES = {} # type: dict - -PSA_ARCH_TESTS_REPO = 'https://github.com/ARM-software/psa-arch-tests.git' -PSA_ARCH_TESTS_REF = 'v23.06_API1.5_ADAC_EAC' - -#pylint: disable=too-many-branches,too-many-statements,too-many-locals -def main(library_build_dir: str): - root_dir = os.getcwd() - - in_tf_psa_crypto_repo = build_tree.looks_like_tf_psa_crypto_root(root_dir) - - crypto_name = build_tree.crypto_library_filename(root_dir) - - # Temporary, while the crypto library is still located in the library - # directory. This will not be the case anymore when it will be built by - # the TF-PSA-Crypto build system. - if in_tf_psa_crypto_repo: - library_subdir = build_tree.crypto_core_directory(root_dir, relative=True) - else: - library_subdir = 'library' - - crypto_lib_filename = (library_build_dir + '/' + - library_subdir + '/' + - 'lib' + crypto_name + '.a') - - if not os.path.exists(crypto_lib_filename): - #pylint: disable=bad-continuation - subprocess.check_call([ - 'cmake', '.', - '-GUnix Makefiles', - '-B' + library_build_dir - ]) - subprocess.check_call(['cmake', '--build', library_build_dir, - '--target', crypto_name]) - - psa_arch_tests_dir = 'psa-arch-tests' - os.makedirs(psa_arch_tests_dir, exist_ok=True) - try: - os.chdir(psa_arch_tests_dir) - - # Reuse existing local clone - subprocess.check_call(['git', 'init']) - subprocess.check_call(['git', 'fetch', PSA_ARCH_TESTS_REPO, PSA_ARCH_TESTS_REF]) - subprocess.check_call(['git', 'checkout', 'FETCH_HEAD']) - - build_dir = 'api-tests/build' - try: - shutil.rmtree(build_dir) - except FileNotFoundError: - pass - os.mkdir(build_dir) - os.chdir(build_dir) - - # Temporary while the PSA compliance test suite is still run as part - # of Mbed TLS testing. When it is not the case anymore, the second case - # can be removed. - if in_tf_psa_crypto_repo: - extra_includes = ';{}/drivers/builtin/include'.format(root_dir) - elif os.path.isdir(os.path.join(root_dir, 'tf-psa-crypto')): - extra_includes = ';{}/tf-psa-crypto/include'.format(root_dir) + \ - (';{}/tf-psa-crypto/drivers/builtin/include'.format(root_dir)) - - #pylint: disable=bad-continuation - subprocess.check_call([ - 'cmake', '..', - '-GUnix Makefiles', - '-DTARGET=tgt_dev_apis_stdc', - '-DTOOLCHAIN=HOST_GCC', - '-DSUITE=CRYPTO', - '-DPSA_CRYPTO_LIB_FILENAME={}/{}'.format(root_dir, - crypto_lib_filename), - ('-DPSA_INCLUDE_PATHS={}/include' + extra_includes).format(root_dir) - ]) - subprocess.check_call(['cmake', '--build', '.']) - - proc = subprocess.Popen(['./psa-arch-tests-crypto'], - bufsize=1, stdout=subprocess.PIPE, universal_newlines=True) - - test_re = re.compile( - '^TEST: (?P[0-9]*)|' - '^TEST RESULT: (?PFAILED|PASSED)' - ) - test = -1 - unexpected_successes = set(EXPECTED_FAILURES) - expected_failures = [] # type: List[int] - unexpected_failures = [] # type: List[int] - if proc.stdout is None: - return 1 - - for line in proc.stdout: - print(line, end='') - match = test_re.match(line) - if match is not None: - groupdict = match.groupdict() - test_num = groupdict['test_num'] - if test_num is not None: - test = int(test_num) - elif groupdict['test_result'] == 'FAILED': - try: - unexpected_successes.remove(test) - expected_failures.append(test) - print('Expected failure, ignoring') - except KeyError: - unexpected_failures.append(test) - print('ERROR: Unexpected failure') - elif test in unexpected_successes: - print('ERROR: Unexpected success') - proc.wait() - - print() - print('***** test_psa_compliance.py report ******') - print() - print('Expected failures:', ', '.join(str(i) for i in expected_failures)) - print('Unexpected failures:', ', '.join(str(i) for i in unexpected_failures)) - print('Unexpected successes:', ', '.join(str(i) for i in sorted(unexpected_successes))) - print() - if unexpected_successes or unexpected_failures: - if unexpected_successes: - print('Unexpected successes encountered.') - print('Please remove the corresponding tests from ' - 'EXPECTED_FAILURES in tests/scripts/compliance_test.py') - print() - print('FAILED') - return 1 - else: - print('SUCCESS') - return 0 - finally: - os.chdir(root_dir) - -if __name__ == '__main__': - BUILD_DIR = 'out_of_source_build' - - # pylint: disable=invalid-name - parser = argparse.ArgumentParser() - parser.add_argument('--build-dir', nargs=1, - help='path to Mbed TLS / TF-PSA-Crypto build directory') - args = parser.parse_args() - - if args.build_dir is not None: - BUILD_DIR = args.build_dir[0] - - sys.exit(main(BUILD_DIR)) diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py deleted file mode 100755 index e697d1755c..0000000000 --- a/tests/scripts/test_psa_constant_names.py +++ /dev/null @@ -1,194 +0,0 @@ -#!/usr/bin/env python3 -"""Test the program psa_constant_names. -Gather constant names from header files and test cases. Compile a C program -to print out their numerical values, feed these numerical values to -psa_constant_names, and check that the output is the original name. -Return 0 if all test cases pass, 1 if the output was not always as expected, -or 1 (with a Python backtrace) if there was an operational error. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import argparse -from collections import namedtuple -import os -import re -import subprocess -import sys -from typing import Iterable, List, Optional, Tuple - -import scripts_path # pylint: disable=unused-import -from mbedtls_framework import c_build_helper -from mbedtls_framework.macro_collector import InputsForTest, PSAMacroEnumerator -from mbedtls_framework import typing_util - -def gather_inputs(headers: Iterable[str], - test_suites: Iterable[str], - inputs_class=InputsForTest) -> PSAMacroEnumerator: - """Read the list of inputs to test psa_constant_names with.""" - inputs = inputs_class() - for header in headers: - inputs.parse_header(header) - for test_cases in test_suites: - inputs.parse_test_cases(test_cases) - inputs.add_numerical_values() - inputs.gather_arguments() - return inputs - -def run_c(type_word: str, - expressions: Iterable[str], - include_path: Optional[str] = None, - keep_c: bool = False) -> List[str]: - """Generate and run a program to print out numerical values of C expressions.""" - if type_word == 'status': - cast_to = 'long' - printf_format = '%ld' - else: - cast_to = 'unsigned long' - printf_format = '0x%08lx' - return c_build_helper.get_c_expression_values( - cast_to, printf_format, - expressions, - caller='test_psa_constant_names.py for {} values'.format(type_word), - file_label=type_word, - header='#include ', - include_path=include_path, - keep_c=keep_c - ) - -NORMALIZE_STRIP_RE = re.compile(r'\s+') -def normalize(expr: str) -> str: - """Normalize the C expression so as not to care about trivial differences. - - Currently "trivial differences" means whitespace. - """ - return re.sub(NORMALIZE_STRIP_RE, '', expr) - -ALG_TRUNCATED_TO_SELF_RE = \ - re.compile(r'PSA_ALG_AEAD_WITH_SHORTENED_TAG\(' - r'PSA_ALG_(?:CCM|CHACHA20_POLY1305|GCM)' - r', *16\)\Z') - -def is_simplifiable(expr: str) -> bool: - """Determine whether an expression is simplifiable. - - Simplifiable expressions can't be output in their input form, since - the output will be the simple form. Therefore they must be excluded - from testing. - """ - if ALG_TRUNCATED_TO_SELF_RE.match(expr): - return True - return False - -def collect_values(inputs: InputsForTest, - type_word: str, - include_path: Optional[str] = None, - keep_c: bool = False) -> Tuple[List[str], List[str]]: - """Generate expressions using known macro names and calculate their values. - - Return a list of pairs of (expr, value) where expr is an expression and - value is a string representation of its integer value. - """ - names = inputs.get_names(type_word) - expressions = sorted(expr - for expr in inputs.generate_expressions(names) - if not is_simplifiable(expr)) - values = run_c(type_word, expressions, - include_path=include_path, keep_c=keep_c) - return expressions, values - -class Tests: - """An object representing tests and their results.""" - - Error = namedtuple('Error', - ['type', 'expression', 'value', 'output']) - - def __init__(self, options) -> None: - self.options = options - self.count = 0 - self.errors = [] #type: List[Tests.Error] - - def run_one(self, inputs: InputsForTest, type_word: str) -> None: - """Test psa_constant_names for the specified type. - - Run the program on the names for this type. - Use the inputs to figure out what arguments to pass to macros that - take arguments. - """ - expressions, values = collect_values(inputs, type_word, - include_path=self.options.include, - keep_c=self.options.keep_c) - output_bytes = subprocess.check_output([self.options.program, - type_word] + values) - output = output_bytes.decode('ascii') - outputs = output.strip().split('\n') - self.count += len(expressions) - for expr, value, output in zip(expressions, values, outputs): - if self.options.show: - sys.stdout.write('{} {}\t{}\n'.format(type_word, value, output)) - if normalize(expr) != normalize(output): - self.errors.append(self.Error(type=type_word, - expression=expr, - value=value, - output=output)) - - def run_all(self, inputs: InputsForTest) -> None: - """Run psa_constant_names on all the gathered inputs.""" - for type_word in ['status', 'algorithm', 'ecc_curve', 'dh_group', - 'key_type', 'key_usage']: - self.run_one(inputs, type_word) - - def report(self, out: typing_util.Writable) -> None: - """Describe each case where the output is not as expected. - - Write the errors to ``out``. - Also write a total. - """ - for error in self.errors: - out.write('For {} "{}", got "{}" (value: {})\n' - .format(error.type, error.expression, - error.output, error.value)) - out.write('{} test cases'.format(self.count)) - if self.errors: - out.write(', {} FAIL\n'.format(len(self.errors))) - else: - out.write(' PASS\n') - -HEADERS = ['psa/crypto.h', 'psa/crypto_extra.h', 'psa/crypto_values.h'] -TEST_SUITES = ['tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data'] - -def main(): - parser = argparse.ArgumentParser(description=globals()['__doc__']) - parser.add_argument('--include', '-I', - action='append', default=['tf-psa-crypto/include', - 'tf-psa-crypto/drivers/builtin/include', - 'tf-psa-crypto/drivers/everest/include', - 'include'], - help='Directory for header files') - parser.add_argument('--keep-c', - action='store_true', dest='keep_c', default=False, - help='Keep the intermediate C file') - parser.add_argument('--no-keep-c', - action='store_false', dest='keep_c', - help='Don\'t keep the intermediate C file (default)') - parser.add_argument('--program', - default='tf-psa-crypto/programs/psa/psa_constant_names', - help='Program to test') - parser.add_argument('--show', - action='store_true', - help='Show tested values on stdout') - parser.add_argument('--no-show', - action='store_false', dest='show', - help='Don\'t show tested values (default)') - options = parser.parse_args() - headers = [os.path.join(options.include[0], h) for h in HEADERS] - inputs = gather_inputs(headers, TEST_SUITES) - tests = Tests(options) - tests.run_all(inputs) - tests.report(sys.stdout) - if tests.errors: - sys.exit(1) - -if __name__ == '__main__': - main() From 2ef55352e8215930f56d518539d31601e562e725 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 29 Jan 2025 15:16:50 +0100 Subject: [PATCH 0092/1548] components-configuration.sh: update references to test_psa_constant_names.py Signed-off-by: Valerio Setti --- tests/scripts/components-configuration.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index 61a51292d9..cee4d632f3 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -148,7 +148,7 @@ component_test_full_cmake_clang () { tests/scripts/run_demos.py msg "test: psa_constant_names (full config, clang)" # ~ 1s - tests/scripts/test_psa_constant_names.py + $FRAMEWORK/scripts/test_psa_constant_names.py msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' From da1673c013acbb9e8c9327be04dc123ecc053eb3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 29 Jan 2025 15:17:26 +0100 Subject: [PATCH 0093/1548] components-compliance.sh: update references to test_psa_compliance.py Signed-off-by: Valerio Setti --- tests/scripts/components-compliance.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-compliance.sh b/tests/scripts/components-compliance.sh index 16a306da13..cce0890460 100644 --- a/tests/scripts/components-compliance.sh +++ b/tests/scripts/components-compliance.sh @@ -15,7 +15,7 @@ component_test_psa_compliance () { CC=gcc make -C library libmbedcrypto.a msg "unit test: test_psa_compliance.py" - CC=gcc ./tests/scripts/test_psa_compliance.py --build-dir="." + CC=gcc $FRAMEWORK/scripts/test_psa_compliance.py --build-dir="." } support_test_psa_compliance () { From c96d75bba3209b2717ad0649e7e36444d250af7f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 29 Jan 2025 15:32:45 +0100 Subject: [PATCH 0094/1548] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 78f70ca80f..2000db4295 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 78f70ca80f9d382aa45209a2b6cd0775c69723d4 +Subproject commit 2000db429553aa38e5875c621daf32aa8b63c340 From eb77e5b1c7789939a3135a5ca2e96bbdaf148084 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Tue, 4 Feb 2025 12:08:15 +0200 Subject: [PATCH 0095/1548] Update the changelog message Signed-off-by: Deomid rojer Ryabkov --- ChangeLog.d/tls-hs-defrag-in.txt | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt index 3555a789d8..55103c9a42 100644 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -1,2 +1,5 @@ -Changes - * Defragment incoming TLS handshake messages. +Bugfix + * Support re-assembly of fragmented handshake messages in TLS, as mandated + by the spec. Lack of support was causing handshake failures with some + servers, especially with TLS 1.3 in practice (though both protocol + version could be affected in principle, and both are fixed now). From cf4e6a18e6645968355c9fead96f4a46da5b5265 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 31 Jan 2025 11:11:06 +0000 Subject: [PATCH 0096/1548] Remove unused variable in ssl_server.c Signed-off-by: Waleed Elmelegy Signed-off-by: Deomid rojer Ryabkov --- library/ssl_tls12_server.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 8aad2b888a..aca37fd2bb 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1056,11 +1056,6 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } - { - size_t handshake_len = MBEDTLS_GET_UINT24_BE(buf, 1); - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake len.: %u", - (unsigned) handshake_len)); - } #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { From 98f348a2c52c9b88f1258ab4e8413c9d26176e19 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 30 Jan 2025 12:10:28 +0100 Subject: [PATCH 0097/1548] ssl-opt.sh|compat.sh: remove references to DHE-RSA Signed-off-by: Valerio Setti --- tests/compat.sh | 21 --------------------- tests/ssl-opt.sh | 8 +++----- 2 files changed, 3 insertions(+), 26 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 656b29d06f..de8c1bb18a 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -320,14 +320,6 @@ add_common_ciphersuites() "RSA") CIPHERS="$CIPHERS \ - TLS_DHE_RSA_WITH_AES_128_CBC_SHA \ - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 \ - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 \ - TLS_DHE_RSA_WITH_AES_256_CBC_SHA \ - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 \ - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 \ - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA \ - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA \ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA \ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 \ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 \ @@ -393,9 +385,6 @@ add_openssl_ciphersuites() "RSA") CIPHERS="$CIPHERS \ - TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 \ - TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 \ - TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \ TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 \ TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 \ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \ @@ -444,14 +433,6 @@ add_gnutls_ciphersuites() "RSA") CIPHERS="$CIPHERS \ - TLS_DHE_RSA_WITH_AES_128_CCM \ - TLS_DHE_RSA_WITH_AES_128_CCM_8 \ - TLS_DHE_RSA_WITH_AES_256_CCM \ - TLS_DHE_RSA_WITH_AES_256_CCM_8 \ - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 \ - TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \ TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \ TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \ @@ -523,8 +504,6 @@ add_mbedtls_ciphersuites() "RSA") M_CIPHERS="$M_CIPHERS \ - TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 \ - TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 \ TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 \ TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 \ TLS_RSA_WITH_ARIA_128_CBC_SHA256 \ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b1a4b92cc8..23b692c723 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -310,7 +310,6 @@ requires_any_configs_disabled() { } TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \ @@ -320,7 +319,6 @@ TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" @@ -7732,12 +7730,12 @@ run_test "ALPN: both, no common" \ # In 4.0 this will probably go away as all TLS 1.2 key exchanges will use # signatures too, following the removal of RSA #8170 and static ECDH #9201. -run_test "keyUsage srv 1.2: RSA, digitalSignature -> (EC)DHE-RSA" \ +run_test "keyUsage srv 1.2: RSA, digitalSignature -> ECDHE-RSA" \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ crt_file=$DATA_FILES_PATH/server2.ku-ds.crt" \ "$P_CLI" \ 0 \ - -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-" + -c "Ciphersuite is TLS-ECDHE-RSA-WITH-" run_test "keyUsage srv 1.2: RSA, keyEncipherment -> RSA" \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ @@ -8940,7 +8938,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED requires_gnutls run_test "ClientHello without extensions: PSK" \ "$P_SRV force_version=tls12 debug_level=3 psk=73776f726466697368" \ - "$G_CLI --priority=NORMAL:+PSK:-RSA:-DHE-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \ + "$G_CLI --priority=NORMAL:+PSK:-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \ 0 \ -s "Ciphersuite is .*-PSK-.*" \ -S "Ciphersuite is .*-EC.*" \ From 89743b5db562de590e0b205d4604ab1697298fe8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 22 Jan 2025 11:33:55 +0100 Subject: [PATCH 0098/1548] ssl_tls: remove code related to DHE-RSA Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 3 -- library/ssl_tls.c | 1 - library/ssl_tls12_client.c | 86 -------------------------------------- library/ssl_tls12_server.c | 61 --------------------------- 4 files changed, 151 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 35fc1ac1f2..e0c0eae4e2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -657,9 +657,6 @@ union mbedtls_ssl_premaster_secret { #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */ #endif -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */ -#endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 81a0d60967..60f2e1cd6d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8791,7 +8791,6 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT; break; - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 1b1f85e419..36f79cb202 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1618,46 +1618,6 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) return 0; } -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_server_dh_params(mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - size_t dhm_actual_bitlen; - - /* - * Ephemeral DH parameters: - * - * struct { - * opaque dh_p<1..2^16-1>; - * opaque dh_g<1..2^16-1>; - * opaque dh_Ys<1..2^16-1>; - * } ServerDHParams; - */ - if ((ret = mbedtls_dhm_read_params(&ssl->handshake->dhm_ctx, - p, end)) != 0) { - MBEDTLS_SSL_DEBUG_RET(2, ("mbedtls_dhm_read_params"), ret); - return ret; - } - - dhm_actual_bitlen = mbedtls_dhm_get_bitlen(&ssl->handshake->dhm_ctx); - if (dhm_actual_bitlen < ssl->conf->dhm_min_bitlen) { - MBEDTLS_SSL_DEBUG_MSG(1, ("DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u", - dhm_actual_bitlen, - ssl->conf->dhm_min_bitlen)); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P); - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G); - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY); - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) @@ -2047,18 +2007,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) ; /* nothing more to do */ } else #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) { - if (ssl_parse_server_dh_params(ssl, &p, end) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - } else -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) @@ -2545,40 +2493,6 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client key exchange")); -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) { - /* - * DHM key exchange -- send G^X mod P - */ - content_len = mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx); - - MBEDTLS_PUT_UINT16_BE(content_len, ssl->out_msg, 4); - header_len = 6; - - ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx, - (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx), - &ssl->out_msg[header_len], content_len, - ssl->conf->f_rng, ssl->conf->p_rng); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_public", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X); - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX); - - if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, - ssl->handshake->premaster, - MBEDTLS_PREMASTER_SIZE, - &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret); - return ret; - } - - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); - } else -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index acb73b554b..16866fd554 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3254,43 +3254,6 @@ static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl) return 0; } -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_client_dh_public(mbedtls_ssl_context *ssl, unsigned char **p, - const unsigned char *end) -{ - int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - size_t n; - - /* - * Receive G^Y mod P, premaster = (G^Y)^X mod P - */ - if (*p + 2 > end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - n = MBEDTLS_GET_UINT16_BE(*p, 0); - *p += 2; - - if (*p + n > end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - if ((ret = mbedtls_dhm_read_public(&ssl->handshake->dhm_ctx, *p, n)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_read_public", ret); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - *p += n; - - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY); - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) @@ -3573,30 +3536,6 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) { - if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_dh_public"), ret); - return ret; - } - - if (p != end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, - ssl->handshake->premaster, - MBEDTLS_PREMASTER_SIZE, - &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); - } else -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ From b8621b6f9d5ee8d3fd3f5125bf9b227e0f02127e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 22 Jan 2025 11:42:34 +0100 Subject: [PATCH 0099/1548] ssl_ciphersuites: remove references to DHE-RSA key exchanges In this commit also MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED is removed. This cause some code in "ssl_ciphersuites_internal.h" and "ssl_tls12_server.c" to became useless, so these blocks are removed as well. Signed-off-by: Valerio Setti --- include/mbedtls/ssl_ciphersuites.h | 40 +------ library/ssl_ciphersuites.c | 177 ---------------------------- library/ssl_ciphersuites_internal.h | 17 --- library/ssl_tls12_server.c | 51 -------- 4 files changed, 4 insertions(+), 281 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 6dfdd14053..6a80520b08 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -30,30 +30,21 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */ #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33 #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35 -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */ #define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */ #define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */ #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41 -#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45 - -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B /**< TLS 1.2 */ #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84 -#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D #define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */ #define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */ @@ -64,10 +55,8 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */ #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE /**< TLS 1.2 */ #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 @@ -113,8 +102,6 @@ extern "C" { #define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */ #define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */ @@ -125,8 +112,6 @@ extern "C" { #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */ #define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 /**< TLS 1.2 */ #define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */ @@ -153,8 +138,6 @@ extern "C" { #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */ #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */ @@ -174,12 +157,8 @@ extern "C" { #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */ #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F /**< TLS 1.2 */ #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */ #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */ @@ -196,7 +175,6 @@ extern "C" { /* RFC 7905 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 /**< TLS 1.2 */ -#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC /**< TLS 1.2 */ @@ -213,7 +191,6 @@ extern "C" { typedef enum { MBEDTLS_KEY_EXCHANGE_NONE = 0, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_KEY_EXCHANGE_PSK, @@ -225,7 +202,6 @@ typedef enum { /* Key exchanges using a certificate */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ @@ -272,8 +248,7 @@ typedef enum { #endif /* Key exchanges involving server signature in ServerKeyExchange */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) #define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED #endif @@ -292,8 +267,7 @@ typedef enum { #endif /* Key exchanges that involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -306,11 +280,6 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED #endif -/* Key exchanges using DHE */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED -#endif - /* Key exchanges using ECDHE */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ @@ -354,9 +323,8 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED #endif -/* TLS 1.2 XXDH key exchanges: ECDH or ECDHE or FFDH */ -#if (defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)) +/* TLS 1.2 XXDH key exchanges: ECDH or ECDHE */ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED #endif diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index be32fb6e27..e4cc226327 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -49,71 +49,50 @@ static const int ciphersuite_preference[] = /* Chacha-Poly ephemeral suites */ MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* All AES-256 ephemeral suites */ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, - MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, - MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, /* All CAMELLIA-256 ephemeral suites */ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, - MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, /* All ARIA-256 ephemeral suites */ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, - MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, /* All AES-128 ephemeral suites */ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, - MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, - MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, /* All CAMELLIA-128 ephemeral suites */ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, /* All ARIA-128 ephemeral suites */ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, - MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, /* The PSK ephemeral suites */ MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, @@ -294,14 +273,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", @@ -519,115 +490,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_SHA_384) && \ - defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_CCM) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CCM */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #if defined(PSA_WANT_KEY_TYPE_AES) #if defined(PSA_WANT_ALG_SHA_384) && \ @@ -1388,41 +1250,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ - #endif /* PSA_WANT_KEY_TYPE_ARIA */ @@ -1562,7 +1389,6 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphe { switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_RSA: - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: return MBEDTLS_PK_RSA; @@ -1583,7 +1409,6 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_RSA: return PSA_ALG_RSA_PKCS1V15_CRYPT; - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: return PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); @@ -1605,7 +1430,6 @@ psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_c switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_RSA: return PSA_KEY_USAGE_DECRYPT; - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return PSA_KEY_USAGE_SIGN_HASH; @@ -1622,7 +1446,6 @@ psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_c mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: return MBEDTLS_PK_RSA; diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index 802318bc92..b60acdc5f8 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -26,7 +26,6 @@ int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info); static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: @@ -73,7 +72,6 @@ static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_cip { switch (info->MBEDTLS_PRIVATE(key_exchange)) { case MBEDTLS_KEY_EXCHANGE_RSA: - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: @@ -89,7 +87,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_cipher { switch (info->MBEDTLS_PRIVATE(key_exchange)) { case MBEDTLS_KEY_EXCHANGE_RSA: - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: @@ -101,19 +98,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_cipher } } -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */ - #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info) { @@ -134,7 +118,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return 1; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 16866fd554..fc9b860543 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2803,57 +2803,6 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ - /* - * - DHE key exchanges - */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_dhe(ciphersuite_info)) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - - if (ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no DH parameters set")); - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - /* - * Ephemeral DH parameters: - * - * struct { - * opaque dh_p<1..2^16-1>; - * opaque dh_g<1..2^16-1>; - * opaque dh_Ys<1..2^16-1>; - * } ServerDHParams; - */ - if ((ret = mbedtls_dhm_set_group(&ssl->handshake->dhm_ctx, - &ssl->conf->dhm_P, - &ssl->conf->dhm_G)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_set_group", ret); - return ret; - } - - if ((ret = mbedtls_dhm_make_params( - &ssl->handshake->dhm_ctx, - (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx), - ssl->out_msg + ssl->out_msglen, &len, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_params", ret); - return ret; - } - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - dig_signed = ssl->out_msg + ssl->out_msglen; -#endif - - ssl->out_msglen += len; - - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X); - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P); - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G); - MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX); - } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED */ - /* * - ECDHE key exchanges */ From b7e2eccf1f06cecdd5681437344d9862c8820e3b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 22 Jan 2025 11:46:33 +0100 Subject: [PATCH 0100/1548] ssl_ciphersuites: remove MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED This symbol is unused in the code so it can be removed. Signed-off-by: Valerio Setti --- include/mbedtls/ssl_ciphersuites.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 6a80520b08..5d5b4b94b8 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -323,11 +323,6 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED #endif -/* TLS 1.2 XXDH key exchanges: ECDH or ECDHE */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED -#endif - /* The handshake params structure has a set of fields called xxdh_psa which are used: * - by TLS 1.2 to do ECDH or ECDHE; * - by TLS 1.3 to do ECDHE or FFDHE. From 8438c637eef61c792ac8ff6a9dbfe3ae33151620 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 22 Jan 2025 11:56:40 +0100 Subject: [PATCH 0101/1548] tests: remove references to DHE-RSA Signed-off-by: Valerio Setti --- tests/include/test/ssl_helpers.h | 3 +-- tests/scripts/components-configuration-crypto.sh | 14 ++------------ tests/scripts/depends.py | 3 +-- 3 files changed, 4 insertions(+), 16 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 90d51b7835..e5b8d74416 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -66,8 +66,7 @@ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY #endif diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 514682136e..34b3107815 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -671,9 +671,6 @@ component_test_psa_crypto_config_accel_ffdh () { # Disable the module that's accelerated scripts/config.py unset MBEDTLS_DHM_C - # Disable things that depend on it - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - # Build # ----- @@ -700,8 +697,6 @@ component_test_psa_crypto_config_reference_ffdh () { # Start with full (USE_PSA and TLS 1.3) helper_libtestdriver1_adjust_config "full" - # Disable things that are not supported - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED make msg "test suites: full with non-accelerated FFDH alg" @@ -1174,24 +1169,20 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT # Also disable key exchanges that depend on RSA scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED if [ "$test_target" = "ECC" ]; then # When testing ECC only, we disable FFDH support, both from builtin and - # PSA sides, and also disable the key exchanges that depend on DHM. + # PSA sides. scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_FFDH scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*" scripts/config.py unset MBEDTLS_DHM_C - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED else - # When testing ECC and DH instead, we disable DHM and depending key - # exchanges only in the accelerated build + # When testing ECC and DH instead, we disable DHM. if [ "$driver_only" -eq 1 ]; then scripts/config.py unset MBEDTLS_DHM_C - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED fi fi @@ -1543,7 +1534,6 @@ component_test_new_psa_want_key_pair_symbol () { # Remove RSA support and its dependencies scripts/config.py unset MBEDTLS_PKCS1_V15 scripts/config.py unset MBEDTLS_PKCS1_V21 - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 2e8df33b58..a08ede54a5 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -314,8 +314,7 @@ def test(self, options): 'MBEDTLS_PKCS1_V21': ['MBEDTLS_X509_RSASSA_PSS_SUPPORT', 'PSA_WANT_ALG_RSA_OAEP', 'PSA_WANT_ALG_RSA_PSS'], - 'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', + 'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT', 'PSA_WANT_ALG_RSA_PKCS1V15_SIGN'], From 02ae66830e50f5e58a63326e912b10c4f812a577 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 22 Jan 2025 11:59:36 +0100 Subject: [PATCH 0102/1548] check_config.h: remove checks for DHE-RSA Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 7 ------- 1 file changed, 7 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 819ea0a030..c2b5200bc3 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -74,12 +74,6 @@ #error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites" #endif -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) ) -#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ ( !defined(MBEDTLS_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) ) @@ -162,7 +156,6 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ From f886924eec878db9d550e28892ffee75ee6dcb36 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 22 Jan 2025 12:02:01 +0100 Subject: [PATCH 0103/1548] docs: remove references to DHE-RSA Signed-off-by: Valerio Setti --- docs/architecture/tls13-support.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md index c98ccf7cc1..aa09e302d2 100644 --- a/docs/architecture/tls13-support.md +++ b/docs/architecture/tls13-support.md @@ -117,7 +117,6 @@ Support description | MBEDTLS_KEY_EXCHANGE_PSK_ENABLED | n/a (2) | | MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_RSA_ENABLED | n/a | - | MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED | n/a | From d137f15e1bc6d422c3b4999eea326b9f04ddf4fd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 22 Jan 2025 12:02:17 +0100 Subject: [PATCH 0104/1548] mbedtls_config.h: remove definition of MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_ssl.h | 1 - include/mbedtls/mbedtls_config.h | 32 ----------------------------- 2 files changed, 33 deletions(-) diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h index 0b1551b929..7070283fd7 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/config_adjust_ssl.h @@ -62,7 +62,6 @@ #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET #undef MBEDTLS_SSL_RENEGOTIATION #undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index be38c6d71c..dd9ccacdee 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -206,38 +206,6 @@ */ #define MBEDTLS_DEBUG_C -/** - * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - * - * Enable the DHE-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - * - * \warning Using DHE constitutes a security risk as it - * is not possible to validate custom DH parameters. - * If possible, it is recommended users should consider - * preferring other methods of key exchange. - * See dhm.h for more details. - * - */ -#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - /** * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED * From 1494a09ff707358aa709d062a471de424bec213e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 30 Jan 2025 16:45:45 +0100 Subject: [PATCH 0105/1548] test_suite_ssl: require GCM or ChaChaPoly in handshake_serialization() Hanshake serialization requires that the selected ciphersuite uses an AEAD algorithm. However, following the DHE-RSA removal, trying to still use RSA signature might select a ciphersuite which is not using AEAD, but CBC instead (see preference order in "ssl_ciphersuite.c"). This is especially problematic in tests scenarios where both GCM and ChaChaPoly are disabled, so that CCM remains as the only AEAD algorithm. Ciphersuites using RSA signature and CCM are very low on the preference list, so very unlikely to be picked in tests. This cause a CBC one to be selected in this case and the handshake_serialization() function to fail. In order to prevent failures from happening, in this commit we require that either GCM or ChaChaPoly are enabled, so that ciphersuites using one of these are likely to be picked. Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 1 - tests/suites/test_suite_ssl.function | 6 +++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 8d9e8bbc3f..cd0c303e91 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -417,7 +417,6 @@ depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_W handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1 DTLS Handshake with serialization, tls1_2 -depends_on:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS handshake_serialization DTLS Handshake fragmentation, MFL=512 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 6bb4dfee7f..2b50f0e3f2 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -63,6 +63,10 @@ exit: } #endif +#if defined(PSA_WANT_ALG_GCM) || defined(PSA_WANT_ALG_CHACHA20_POLY1305) +#define TEST_GCM_OR_CHACHAPOLY_ENABLED +#endif + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -2744,7 +2748,7 @@ void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len, } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY:TEST_GCM_OR_CHACHAPOLY_ENABLED */ void handshake_serialization() { mbedtls_test_handshake_test_options options; From c8cac1d22fd89c63612735465b4d07ab045c5bcf Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 6 Feb 2025 09:57:29 +0100 Subject: [PATCH 0106/1548] changelog: add note abot DHE-RSA removal Signed-off-by: Valerio Setti --- ChangeLog.d/9685.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/9685.txt diff --git a/ChangeLog.d/9685.txt b/ChangeLog.d/9685.txt new file mode 100644 index 0000000000..9820aff759 --- /dev/null +++ b/ChangeLog.d/9685.txt @@ -0,0 +1,2 @@ +Removals + * Remove support for the DHE-RSA key exchange in TLS 1.2. From 683e49e781b36669a6ac5303cca4111714f16d36 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 22 Jan 2025 12:15:56 +0100 Subject: [PATCH 0107/1548] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 2000db4295..2eb60b8da3 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 2000db429553aa38e5875c621daf32aa8b63c340 +Subproject commit 2eb60b8da3745f8882741f6fa4c2b316abf5478a From bfc1ec15e61858d8fdec80ce146cfc24da1c0500 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 6 Feb 2025 10:31:04 +0100 Subject: [PATCH 0108/1548] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index d6031a2ad2..dcbe6fc1da 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit d6031a2ad2e5f420ecc532bdd24c4998c9d6fc92 +Subproject commit dcbe6fc1da160e17ffa6ad8d2f503e13d7f505ff From dd14c0a11eeefb0b37db4ba6bd3967746488aff4 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Thu, 13 Feb 2025 13:41:51 +0300 Subject: [PATCH 0109/1548] Remove in_hshdr The first fragment of a fragmented handshake message always starts at the beginning of the buffer so there's no need to store it. Signed-off-by: Deomid rojer Ryabkov --- include/mbedtls/ssl.h | 4 ++-- library/ssl_msg.c | 20 +++++++++----------- library/ssl_tls.c | 10 +--------- 3 files changed, 12 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index eb60c78fa7..0e0bee54c7 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1808,8 +1808,8 @@ struct mbedtls_ssl_context { size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length, including the handshake header */ - unsigned char *MBEDTLS_PRIVATE(in_hshdr); /*!< original handshake header start */ - size_t MBEDTLS_PRIVATE(in_hsfraglen); /*!< accumulated hs fragments length */ + size_t MBEDTLS_PRIVATE(in_hsfraglen); /*!< accumulated length of hs fragments + (up to in_hslen) */ int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */ int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 3eb49e2b26..a920e46dbf 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3229,7 +3229,6 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) if (ssl->in_hslen == 0) { ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); ssl->in_hsfraglen = 0; - ssl->in_hshdr = ssl->in_hdr; } MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen =" @@ -3296,10 +3295,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) } } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - { - if (ssl->in_hsfraglen > ssl->in_hslen) { - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - } + if (ssl->in_hsfraglen <= ssl->in_hslen) { int ret; const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; MBEDTLS_SSL_DEBUG_MSG(3, @@ -3317,15 +3313,16 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) mbedtls_ssl_update_in_pointers(ssl); return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; } - if (ssl->in_hshdr != ssl->in_hdr) { + if (ssl->in_hsfraglen > 0) { /* - * At ssl->in_hshdr we have a sequence of records that cover the next handshake + * At in_first_hdr we have a sequence of records that cover the next handshake * record, each with its own record header that we need to remove. * Note that the reassembled record size may not equal the size of the message, - * there maybe bytes from the next message following it. + * there may be more messages after it, complete or partial. */ + unsigned char *in_first_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; + unsigned char *p = in_first_hdr, *q = NULL; size_t merged_rec_len = 0; - unsigned char *p = ssl->in_hshdr, *q = NULL; do { mbedtls_record rec; ret = ssl_parse_record_header(ssl, p, mbedtls_ssl_in_hdr_len(ssl), &rec); @@ -3341,16 +3338,17 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) q = p; } } while (merged_rec_len < ssl->in_hslen); - ssl->in_hdr = ssl->in_hshdr; + ssl->in_hdr = in_first_hdr; mbedtls_ssl_update_in_pointers(ssl); ssl->in_msglen = merged_rec_len; /* Adjust message length. */ MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0); ssl->in_hsfraglen = 0; - ssl->in_hshdr = NULL; MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record", ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len); } + } else { + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } return 0; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 450c397c78..991b431179 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -345,15 +345,11 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, int modified = 0; size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0, hdr_in = 0; size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0; - size_t hshdr_in = 0; if (ssl->in_buf != NULL) { written_in = ssl->in_msg - ssl->in_buf; iv_offset_in = ssl->in_iv - ssl->in_buf; len_offset_in = ssl->in_len - ssl->in_buf; hdr_in = ssl->in_hdr - ssl->in_buf; - if (ssl->in_hshdr != NULL) { - hshdr_in = ssl->in_hshdr - ssl->in_buf; - } if (downsizing ? ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len : ssl->in_buf_len < in_buf_new_len) { @@ -398,9 +394,6 @@ static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, ssl->in_msg = ssl->in_buf + written_in; ssl->in_len = ssl->in_buf + len_offset_in; ssl->in_iv = ssl->in_buf + iv_offset_in; - if (ssl->in_hshdr != NULL) { - ssl->in_hshdr = ssl->in_buf + hshdr_in; - } } } #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ @@ -1494,10 +1487,9 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, ssl->in_msgtype = 0; ssl->in_msglen = 0; ssl->in_hslen = 0; + ssl->in_hsfraglen = 0; ssl->keep_current_message = 0; ssl->transform_in = NULL; - ssl->in_hshdr = NULL; - ssl->in_hsfraglen = 0; #if defined(MBEDTLS_SSL_PROTO_DTLS) ssl->next_record_offset = 0; From 24e6ecb502839ab20c7a6f869a711c1df7af873e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 6 Feb 2025 14:48:35 +0100 Subject: [PATCH 0110/1548] tests: move components-compliance.sh to tf-psa-crypto repo This file is cancelled from the Mbed TLS repo and copied to the TF-PSA-Crypto one. Signed-off-by: Valerio Setti --- tests/scripts/components-compliance.sh | 32 -------------------------- 1 file changed, 32 deletions(-) delete mode 100644 tests/scripts/components-compliance.sh diff --git a/tests/scripts/components-compliance.sh b/tests/scripts/components-compliance.sh deleted file mode 100644 index cce0890460..0000000000 --- a/tests/scripts/components-compliance.sh +++ /dev/null @@ -1,32 +0,0 @@ -# components-compliance.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This file contains test components that are executed by all.sh - -################################################################ -#### Compliance Testing -################################################################ - -component_test_psa_compliance () { - # The arch tests build with gcc, so require use of gcc here to link properly - msg "build: make, default config (out-of-box), libmbedcrypto.a only" - CC=gcc make -C library libmbedcrypto.a - - msg "unit test: test_psa_compliance.py" - CC=gcc $FRAMEWORK/scripts/test_psa_compliance.py --build-dir="." -} - -support_test_psa_compliance () { - # psa-compliance-tests only supports CMake >= 3.10.0 - ver="$(cmake --version)" - ver="${ver#cmake version }" - ver_major="${ver%%.*}" - - ver="${ver#*.}" - ver_minor="${ver%%.*}" - - [ "$ver_major" -eq 3 ] && [ "$ver_minor" -ge 10 ] -} - From e06f9f3eba5de851eec46b3c463d640978a91913 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 7 Feb 2025 11:55:02 +0100 Subject: [PATCH 0111/1548] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 2eb60b8da3..9c2eb756ca 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 2eb60b8da3745f8882741f6fa4c2b316abf5478a +Subproject commit 9c2eb756ca8c8edbbc100ac2530c3066833952a7 From 1e781adb629622ed6bb4cc134bae60dad50d8b03 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 6 Feb 2025 14:51:39 +0100 Subject: [PATCH 0112/1548] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index dcbe6fc1da..67995d5def 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit dcbe6fc1da160e17ffa6ad8d2f503e13d7f505ff +Subproject commit 67995d5def986d60fc81d85f5b3965e8f660e2e9 From 76e476245a7d0a6dd1e23479b5f4cd50aa365233 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 15:51:59 +0000 Subject: [PATCH 0113/1548] Move zeroize config to TF-PSA-Crypto This commit moves user-config-zeroize-memset.h to TF-PSA-Crypto where it more appropriately belongs. Signed-off-by: Harry Ramsey --- tests/configs/user-config-zeroize-memset.h | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 tests/configs/user-config-zeroize-memset.h diff --git a/tests/configs/user-config-zeroize-memset.h b/tests/configs/user-config-zeroize-memset.h deleted file mode 100644 index 270d12584b..0000000000 --- a/tests/configs/user-config-zeroize-memset.h +++ /dev/null @@ -1,17 +0,0 @@ -/* crypto_config.h modifier that defines mbedtls_platform_zeroize() to be - * memset(), so that the compile can check arguments for us. - * Used for testing. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include - -/* Define _ALT so we don't get the built-in implementation. The test code will - * also need to define MBEDTLS_TEST_DEFINES_ZEROIZE so we don't get the - * declaration. */ -#define MBEDTLS_PLATFORM_ZEROIZE_ALT - -#define mbedtls_platform_zeroize(buf, len) memset(buf, 0, len) From 2a75a60d34d04c648d409db203a202ad2a02426b Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 15:52:58 +0000 Subject: [PATCH 0114/1548] Update path to user-config-zeroize-memset.h This commit updates the path to user-config-zeroize-memset.h as it has been moved to TF-PSA-Crypto. Signed-off-by: Harry Ramsey --- tests/scripts/components-compiler.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index cb6dd9253e..469c62cb09 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -114,7 +114,7 @@ component_build_zeroize_checks () { scripts/config.py full # Only compile - we're looking for sizeof-pointer-memaccess warnings - make CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" + make CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"$TF_PSA_CRYPTO_ROOT_DIR/tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" } component_test_zeroize () { From 82c42190a1d6a0f4f7b28aec61f5f38a821a6f20 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 15:54:33 +0000 Subject: [PATCH 0115/1548] Update TF-PSA-Crypto pointer Signed-off-by: Harry Ramsey --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 67995d5def..da76c6b191 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 67995d5def986d60fc81d85f5b3965e8f660e2e9 +Subproject commit da76c6b1915c75e9dd9efc32f7d206a05b5d36c8 From b14141dd71c81f16a6790d13542255811ecc6f84 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 19 Feb 2025 15:17:32 +0000 Subject: [PATCH 0116/1548] Move programs out of Mbed TLS This commit moves demo_common.sh, dlopen_demo.sh, metatest.c query_compile_time_config.c, query_config.h, query_included_headers.c, zeroize.c and test_zeroize.gdb from MbedTLS into the MbedTLS framework. Signed-off-by: Harry Ramsey --- programs/demo_common.sh | 137 ------ programs/test/dlopen_demo.sh | 42 -- programs/test/metatest.c | 484 ---------------------- programs/test/query_compile_time_config.c | 66 --- programs/test/query_config.h | 34 -- programs/test/query_included_headers.c | 29 -- programs/test/zeroize.c | 72 ---- tests/scripts/test_zeroize.gdb | 64 --- 8 files changed, 928 deletions(-) delete mode 100644 programs/demo_common.sh delete mode 100755 programs/test/dlopen_demo.sh delete mode 100644 programs/test/metatest.c delete mode 100644 programs/test/query_compile_time_config.c delete mode 100644 programs/test/query_config.h delete mode 100644 programs/test/query_included_headers.c delete mode 100644 programs/test/zeroize.c delete mode 100644 tests/scripts/test_zeroize.gdb diff --git a/programs/demo_common.sh b/programs/demo_common.sh deleted file mode 100644 index d8fcda5544..0000000000 --- a/programs/demo_common.sh +++ /dev/null @@ -1,137 +0,0 @@ -## Common shell functions used by demo scripts programs/*/*.sh. - -## How to write a demo script -## ========================== -## -## Include this file near the top of each demo script: -## . "${0%/*}/../demo_common.sh" -## -## Start with a "msg" call that explains the purpose of the script. -## Then call the "depends_on" function to ensure that all config -## dependencies are met. -## -## As the last thing in the script, call the cleanup function. -## -## You can use the functions and variables described below. - -set -e -u - -## $root_dir is the root directory of the Mbed TLS source tree. -root_dir="${0%/*}" -# Find a nice path to the root directory, avoiding unnecessary "../". -# The code supports demo scripts nested up to 4 levels deep. -# The code works no matter where the demo script is relative to the current -# directory, even if it is called with a relative path. -n=4 # limit the search depth -while ! [ -d "$root_dir/programs" ] || ! [ -d "$root_dir/library" ]; do - if [ $n -eq 0 ]; then - echo >&2 "This doesn't seem to be an Mbed TLS source tree." - exit 125 - fi - n=$((n - 1)) - case $root_dir in - .) root_dir="..";; - ..|?*/..) root_dir="$root_dir/..";; - ?*/*) root_dir="${root_dir%/*}";; - /*) root_dir="/";; - *) root_dir=".";; - esac -done - -## $programs_dir is the directory containing the sample programs. -# Assume an in-tree build. -programs_dir="$root_dir/programs" - -## msg LINE... -## msg &2 < -#include -#include -#include "test/helpers.h" -#include "test/threading_helpers.h" -#include "test/macros.h" -#include "test/memory.h" -#include "common.h" - -#include -#include - -#if defined(MBEDTLS_THREADING_C) -#include -#endif - - -/* This is an external variable, so the compiler doesn't know that we're never - * changing its value. - */ -volatile int false_but_the_compiler_does_not_know = 0; - -/* Hide calls to calloc/free from static checkers such as - * `gcc-12 -Wuse-after-free`, to avoid compile-time complaints about - * code where we do mean to cause a runtime error. */ -void * (* volatile calloc_but_the_compiler_does_not_know)(size_t, size_t) = mbedtls_calloc; -void(*volatile free_but_the_compiler_does_not_know)(void *) = mbedtls_free; - -/* Set n bytes at the address p to all-bits-zero, in such a way that - * the compiler should not know that p is all-bits-zero. */ -static void set_to_zero_but_the_compiler_does_not_know(volatile void *p, size_t n) -{ - memset((void *) p, false_but_the_compiler_does_not_know, n); -} - -/* Simulate an access to the given object, to avoid compiler optimizations - * in code that prepares or consumes the object. */ -static void do_nothing_with_object(void *p) -{ - (void) p; -} -void(*volatile do_nothing_with_object_but_the_compiler_does_not_know)(void *) = - do_nothing_with_object; - - -/****************************************************************/ -/* Test framework features */ -/****************************************************************/ - -static void meta_test_fail(const char *name) -{ - (void) name; - mbedtls_test_fail("Forced test failure", __LINE__, __FILE__); -} - -static void meta_test_not_equal(const char *name) -{ - int left = 20; - int right = 10; - - (void) name; - - TEST_EQUAL(left, right); -exit: - ; -} - -static void meta_test_not_le_s(const char *name) -{ - int left = 20; - int right = 10; - - (void) name; - - TEST_LE_S(left, right); -exit: - ; -} - -static void meta_test_not_le_u(const char *name) -{ - size_t left = 20; - size_t right = 10; - - (void) name; - - TEST_LE_U(left, right); -exit: - ; -} - -/****************************************************************/ -/* Platform features */ -/****************************************************************/ - -static void null_pointer_dereference(const char *name) -{ - (void) name; - volatile char *volatile p; - set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p)); - /* Undefined behavior (read from null data pointer) */ - mbedtls_printf("%p -> %u\n", (void *) p, (unsigned) *p); -} - -static void null_pointer_call(const char *name) -{ - (void) name; - unsigned(*volatile p)(void); - set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p)); - /* Undefined behavior (execute null function pointer) */ - /* The pointer representation may be truncated, but we don't care: - * the only point of printing it is to have some use of the pointer - * to dissuade the compiler from optimizing it away. */ - mbedtls_printf("%lx() -> %u\n", (unsigned long) (uintptr_t) p, p()); -} - - -/****************************************************************/ -/* Memory */ -/****************************************************************/ - -static void read_after_free(const char *name) -{ - (void) name; - volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); - *p = 'a'; - free_but_the_compiler_does_not_know((void *) p); - /* Undefined behavior (read after free) */ - mbedtls_printf("%u\n", (unsigned) *p); -} - -static void double_free(const char *name) -{ - (void) name; - volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); - *p = 'a'; - free_but_the_compiler_does_not_know((void *) p); - /* Undefined behavior (double free) */ - free_but_the_compiler_does_not_know((void *) p); -} - -static void read_uninitialized_stack(const char *name) -{ - (void) name; - char buf[1]; - if (false_but_the_compiler_does_not_know) { - buf[0] = '!'; - } - char *volatile p = buf; - if (*p != 0) { - /* Unspecified result (read from uninitialized memory) */ - mbedtls_printf("%u\n", (unsigned) *p); - } -} - -static void memory_leak(const char *name) -{ - (void) name; - volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); - mbedtls_printf("%u\n", (unsigned) *p); - /* Leak of a heap object */ -} - -/* name = "test_memory_poison_%(start)_%(offset)_%(count)_%(direction)" - * Poison a region starting at start from an 8-byte aligned origin, - * encompassing count bytes. Access the region at offset from the start. - * %(start), %(offset) and %(count) are decimal integers. - * %(direction) is either the character 'r' for read or 'w' for write. - */ -static void test_memory_poison(const char *name) -{ - size_t start = 0, offset = 0, count = 0; - char direction = 'r'; - if (sscanf(name, - "%*[^0-9]%" MBEDTLS_PRINTF_SIZET - "%*[^0-9]%" MBEDTLS_PRINTF_SIZET - "%*[^0-9]%" MBEDTLS_PRINTF_SIZET - "_%c", - &start, &offset, &count, &direction) != 4) { - mbedtls_fprintf(stderr, "%s: Bad name format: %s\n", __func__, name); - return; - } - - union { - long long ll; - unsigned char buf[32]; - } aligned; - memset(aligned.buf, 'a', sizeof(aligned.buf)); - - if (start > sizeof(aligned.buf)) { - mbedtls_fprintf(stderr, - "%s: start=%" MBEDTLS_PRINTF_SIZET - " > size=%" MBEDTLS_PRINTF_SIZET, - __func__, start, sizeof(aligned.buf)); - return; - } - if (start + count > sizeof(aligned.buf)) { - mbedtls_fprintf(stderr, - "%s: start+count=%" MBEDTLS_PRINTF_SIZET - " > size=%" MBEDTLS_PRINTF_SIZET, - __func__, start + count, sizeof(aligned.buf)); - return; - } - if (offset >= count) { - mbedtls_fprintf(stderr, - "%s: offset=%" MBEDTLS_PRINTF_SIZET - " >= count=%" MBEDTLS_PRINTF_SIZET, - __func__, offset, count); - return; - } - - MBEDTLS_TEST_MEMORY_POISON(aligned.buf + start, count); - - if (direction == 'w') { - aligned.buf[start + offset] = 'b'; - do_nothing_with_object_but_the_compiler_does_not_know(aligned.buf); - } else { - do_nothing_with_object_but_the_compiler_does_not_know(aligned.buf); - mbedtls_printf("%u\n", (unsigned) aligned.buf[start + offset]); - } -} - - -/****************************************************************/ -/* Threading */ -/****************************************************************/ - -static void mutex_lock_not_initialized(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - memset(&mutex, 0, sizeof(mutex)); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - TEST_ASSERT(mbedtls_mutex_lock(&mutex) == 0); -exit: - ; -#endif -} - -static void mutex_unlock_not_initialized(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - memset(&mutex, 0, sizeof(mutex)); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - TEST_ASSERT(mbedtls_mutex_unlock(&mutex) == 0); -exit: - ; -#endif -} - -static void mutex_free_not_initialized(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - memset(&mutex, 0, sizeof(mutex)); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - mbedtls_mutex_free(&mutex); -#endif -} - -static void mutex_double_init(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - mbedtls_mutex_init(&mutex); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - mbedtls_mutex_init(&mutex); - mbedtls_mutex_free(&mutex); -#endif -} - -static void mutex_double_free(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - mbedtls_mutex_init(&mutex); - mbedtls_mutex_free(&mutex); - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ - mbedtls_mutex_free(&mutex); -#endif -} - -static void mutex_leak(const char *name) -{ - (void) name; -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; - mbedtls_mutex_init(&mutex); -#endif - /* This mutex usage error is detected by our test framework's mutex usage - * verification framework. See framework/tests/src/threading_helpers.c. Other - * threading implementations (e.g. pthread without our instrumentation) - * might consider this normal usage. */ -} - - -/****************************************************************/ -/* Command line entry point */ -/****************************************************************/ - -typedef struct { - /** Command line argument that will trigger that metatest. - * - * Conventionally matches "[a-z0-9_]+". */ - const char *name; - - /** Platform under which that metatest is valid. - * - * - "any": should work anywhere. - * - "asan": triggers ASan (Address Sanitizer). - * - "msan": triggers MSan (Memory Sanitizer). - * - "pthread": requires MBEDTLS_THREADING_PTHREAD and MBEDTLS_TEST_HOOKS, - * which enables MBEDTLS_TEST_MUTEX_USAGE internally in the test - * framework (see framework/tests/src/threading_helpers.c). - */ - const char *platform; - - /** Function that performs the metatest. - * - * The function receives the name as an argument. This allows using the - * same function to perform multiple variants of a test based on the name. - * - * When executed on a conforming platform, the function is expected to - * either cause a test failure (mbedtls_test_fail()), or cause the - * program to abort in some way (e.g. by causing a segfault or by - * triggering a sanitizer). - * - * When executed on a non-conforming platform, the function may return - * normally or may have unpredictable behavior. - */ - void (*entry_point)(const char *name); -} metatest_t; - -/* The list of available meta-tests. Remember to register new functions here! - * - * Note that we always compile all the functions, so that `metatest --list` - * will always list all the available meta-tests. - * - * See the documentation of metatest_t::platform for the meaning of - * platform values. - */ -metatest_t metatests[] = { - { "test_fail", "any", meta_test_fail }, - { "test_not_equal", "any", meta_test_not_equal }, - { "test_not_le_s", "any", meta_test_not_le_s }, - { "test_not_le_u", "any", meta_test_not_le_u }, - { "null_dereference", "any", null_pointer_dereference }, - { "null_call", "any", null_pointer_call }, - { "read_after_free", "asan", read_after_free }, - { "double_free", "asan", double_free }, - { "read_uninitialized_stack", "msan", read_uninitialized_stack }, - { "memory_leak", "asan", memory_leak }, - { "test_memory_poison_0_0_8_r", "poison", test_memory_poison }, - { "test_memory_poison_0_0_8_w", "poison", test_memory_poison }, - { "test_memory_poison_0_7_8_r", "poison", test_memory_poison }, - { "test_memory_poison_0_7_8_w", "poison", test_memory_poison }, - { "test_memory_poison_0_0_1_r", "poison", test_memory_poison }, - { "test_memory_poison_0_0_1_w", "poison", test_memory_poison }, - { "test_memory_poison_0_1_2_r", "poison", test_memory_poison }, - { "test_memory_poison_0_1_2_w", "poison", test_memory_poison }, - { "test_memory_poison_7_0_8_r", "poison", test_memory_poison }, - { "test_memory_poison_7_0_8_w", "poison", test_memory_poison }, - { "test_memory_poison_7_7_8_r", "poison", test_memory_poison }, - { "test_memory_poison_7_7_8_w", "poison", test_memory_poison }, - { "test_memory_poison_7_0_1_r", "poison", test_memory_poison }, - { "test_memory_poison_7_0_1_w", "poison", test_memory_poison }, - { "test_memory_poison_7_1_2_r", "poison", test_memory_poison }, - { "test_memory_poison_7_1_2_w", "poison", test_memory_poison }, - { "mutex_lock_not_initialized", "pthread", mutex_lock_not_initialized }, - { "mutex_unlock_not_initialized", "pthread", mutex_unlock_not_initialized }, - { "mutex_free_not_initialized", "pthread", mutex_free_not_initialized }, - { "mutex_double_init", "pthread", mutex_double_init }, - { "mutex_double_free", "pthread", mutex_double_free }, - { "mutex_leak", "pthread", mutex_leak }, - { NULL, NULL, NULL } -}; - -static void help(FILE *out, const char *argv0) -{ - mbedtls_fprintf(out, "Usage: %s list|TEST\n", argv0); - mbedtls_fprintf(out, "Run a meta-test that should cause a test failure.\n"); - mbedtls_fprintf(out, "With 'list', list the available tests and their platform requirement.\n"); -} - -int main(int argc, char *argv[]) -{ - const char *argv0 = argc > 0 ? argv[0] : "metatest"; - if (argc != 2) { - help(stderr, argv0); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - /* Support "-help", "--help", "--list", etc. */ - const char *command = argv[1]; - while (*command == '-') { - ++command; - } - - if (strcmp(argv[1], "help") == 0) { - help(stdout, argv0); - mbedtls_exit(MBEDTLS_EXIT_SUCCESS); - } - if (strcmp(argv[1], "list") == 0) { - for (const metatest_t *p = metatests; p->name != NULL; p++) { - mbedtls_printf("%s %s\n", p->name, p->platform); - } - mbedtls_exit(MBEDTLS_EXIT_SUCCESS); - } - -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - mbedtls_test_mutex_usage_init(); -#endif - - for (const metatest_t *p = metatests; p->name != NULL; p++) { - if (strcmp(argv[1], p->name) == 0) { - mbedtls_printf("Running metatest %s...\n", argv[1]); - p->entry_point(argv[1]); -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - mbedtls_test_mutex_usage_check(); -#endif - int result = (int) mbedtls_test_get_result(); - - mbedtls_printf("Running metatest %s... done, result=%d\n", - argv[1], result); - mbedtls_exit(result == MBEDTLS_TEST_RESULT_SUCCESS ? - MBEDTLS_EXIT_SUCCESS : - MBEDTLS_EXIT_FAILURE); - } - } - - mbedtls_fprintf(stderr, "%s: FATAL: No such metatest: %s\n", - argv0, command); - mbedtls_exit(MBEDTLS_EXIT_FAILURE); -} diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c deleted file mode 100644 index a70e6daef3..0000000000 --- a/programs/test/query_compile_time_config.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Query the Mbed TLS compile time configuration - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#define USAGE \ - "usage: %s [ -all | -any | -l ] ...\n\n" \ - "This program takes command line arguments which correspond to\n" \ - "the string representation of Mbed TLS compile time configurations.\n\n" \ - "If \"--all\" and \"--any\" are not used, then, if all given arguments\n" \ - "are defined in the Mbed TLS build, 0 is returned; otherwise 1 is\n" \ - "returned. Macro expansions of configurations will be printed (if any).\n" \ - "-l\tPrint all available configuration.\n" \ - "-all\tReturn 0 if all configurations are defined. Otherwise, return 1\n" \ - "-any\tReturn 0 if any configuration is defined. Otherwise, return 1\n" \ - "-h\tPrint this usage\n" - -#include -#include "query_config.h" - -int main(int argc, char *argv[]) -{ - int i; - - if (argc < 2 || strcmp(argv[1], "-h") == 0) { - mbedtls_printf(USAGE, argv[0]); - return MBEDTLS_EXIT_FAILURE; - } - - if (strcmp(argv[1], "-l") == 0) { - list_config(); - return 0; - } - - if (strcmp(argv[1], "-all") == 0) { - for (i = 2; i < argc; i++) { - if (query_config(argv[i]) != 0) { - return 1; - } - } - return 0; - } - - if (strcmp(argv[1], "-any") == 0) { - for (i = 2; i < argc; i++) { - if (query_config(argv[i]) == 0) { - return 0; - } - } - return 1; - } - - for (i = 1; i < argc; i++) { - if (query_config(argv[i]) != 0) { - return 1; - } - } - - return 0; -} diff --git a/programs/test/query_config.h b/programs/test/query_config.h deleted file mode 100644 index 43f120bf01..0000000000 --- a/programs/test/query_config.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Query Mbed TLS compile time configurations from mbedtls_config.h - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H -#define MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H - -#include "mbedtls/build_info.h" - -/** Check whether a given configuration symbol is enabled. - * - * \param config The symbol to query (e.g. "MBEDTLS_RSA_C"). - * \return \c 0 if the symbol was defined at compile time - * (in MBEDTLS_CONFIG_FILE or mbedtls_config.h), - * \c 1 otherwise. - * - * \note This function is defined in `programs/test/query_config.c` - * which is automatically generated by - * `scripts/generate_query_config.pl`. - */ -int query_config(const char *config); - -/** List all enabled configuration symbols - * - * \note This function is defined in `programs/test/query_config.c` - * which is automatically generated by - * `scripts/generate_query_config.pl`. - */ -void list_config(void); - -#endif /* MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H */ diff --git a/programs/test/query_included_headers.c b/programs/test/query_included_headers.c deleted file mode 100644 index cdafa16204..0000000000 --- a/programs/test/query_included_headers.c +++ /dev/null @@ -1,29 +0,0 @@ -/* Ad hoc report on included headers. */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -int main(void) -{ - - /* Which PSA platform header? */ -#if defined(PSA_CRYPTO_PLATFORM_H) - mbedtls_printf("PSA_CRYPTO_PLATFORM_H\n"); -#endif -#if defined(PSA_CRYPTO_PLATFORM_ALT_H) - mbedtls_printf("PSA_CRYPTO_PLATFORM_ALT_H\n"); -#endif - - /* Which PSA struct header? */ -#if defined(PSA_CRYPTO_STRUCT_H) - mbedtls_printf("PSA_CRYPTO_STRUCT_H\n"); -#endif -#if defined(PSA_CRYPTO_STRUCT_ALT_H) - mbedtls_printf("PSA_CRYPTO_STRUCT_ALT_H\n"); -#endif - -} diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c deleted file mode 100644 index c1cee0d840..0000000000 --- a/programs/test/zeroize.c +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Zeroize application for debugger-driven testing - * - * This is a simple test application used for debugger-driven testing to check - * whether calls to mbedtls_platform_zeroize() are being eliminated by compiler - * optimizations. This application is used by the GDB script at - * tests/scripts/test_zeroize.gdb: the script sets a breakpoint at the last - * return statement in the main() function of this program. The debugger - * facilities are then used to manually inspect the memory and verify that the - * call to mbedtls_platform_zeroize() was not eliminated. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include - -#include "mbedtls/platform.h" - -#include "mbedtls/platform_util.h" - -#define BUFFER_LEN 1024 - -static void usage(void) -{ - mbedtls_printf("Zeroize is a simple program to assist with testing\n"); - mbedtls_printf("the mbedtls_platform_zeroize() function by using the\n"); - mbedtls_printf("debugger. This program takes a file as input and\n"); - mbedtls_printf("prints the first %d characters. Usage:\n\n", BUFFER_LEN); - mbedtls_printf(" zeroize \n"); -} - -int main(int argc, char **argv) -{ - int exit_code = MBEDTLS_EXIT_FAILURE; - FILE *fp; - char buf[BUFFER_LEN]; - char *p = buf; - char *end = p + BUFFER_LEN; - int c; - - if (argc != 2) { - mbedtls_printf("This program takes exactly 1 argument\n"); - usage(); - mbedtls_exit(exit_code); - } - - fp = fopen(argv[1], "r"); - if (fp == NULL) { - mbedtls_printf("Could not open file '%s'\n", argv[1]); - mbedtls_exit(exit_code); - } - - while ((c = fgetc(fp)) != EOF && p < end - 1) { - *p++ = (char) c; - } - *p = '\0'; - - if (p - buf != 0) { - mbedtls_printf("%s\n", buf); - exit_code = MBEDTLS_EXIT_SUCCESS; - } else { - mbedtls_printf("The file is empty!\n"); - } - - fclose(fp); - mbedtls_platform_zeroize(buf, sizeof(buf)); - - mbedtls_exit(exit_code); // GDB_BREAK_HERE -- don't remove this comment! -} diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb deleted file mode 100644 index 57f771f56a..0000000000 --- a/tests/scripts/test_zeroize.gdb +++ /dev/null @@ -1,64 +0,0 @@ -# test_zeroize.gdb -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Run a test using the debugger to check that the mbedtls_platform_zeroize() -# function in platform_util.h is not being optimized out by the compiler. To do -# so, the script loads the test program at programs/test/zeroize.c and sets a -# breakpoint at the last return statement in main(). When the breakpoint is -# hit, the debugger manually checks the contents to be zeroized and checks that -# it is actually cleared. -# -# The mbedtls_platform_zeroize() test is debugger driven because there does not -# seem to be a mechanism to reliably check whether the zeroize calls are being -# eliminated by compiler optimizations from within the compiled program. The -# problem is that a compiler would typically remove what it considers to be -# "unnecessary" assignments as part of redundant code elimination. To identify -# such code, the compilar will create some form dependency graph between -# reads and writes to variables (among other situations). It will then use this -# data structure to remove redundant code that does not have an impact on the -# program's observable behavior. In the case of mbedtls_platform_zeroize(), an -# intelligent compiler could determine that this function clears a block of -# memory that is not accessed later in the program, so removing the call to -# mbedtls_platform_zeroize() does not have an observable behavior. However, -# inserting a test after a call to mbedtls_platform_zeroize() to check whether -# the block of memory was correctly zeroed would force the compiler to not -# eliminate the mbedtls_platform_zeroize() call. If this does not occur, then -# the compiler potentially has a bug. -# -# Note: This test requires that the test program is compiled with -g3. - -set confirm off - -file ./programs/test/zeroize - -search GDB_BREAK_HERE -break $_ - -set args ./programs/test/zeroize.c -run - -set $i = 0 -set $len = sizeof(buf) -set $buf = buf - -while $i < $len - if $buf[$i++] != 0 - echo The buffer at was not zeroized\n - quit 1 - end -end - -echo The buffer was correctly zeroized\n - -continue - -if $_exitcode != 0 - echo The program did not terminate correctly\n - quit 1 -end - -quit 0 From 2543ec0608ad601d0171d893d6848891a49979ba Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Tue, 11 Feb 2025 14:06:44 +0000 Subject: [PATCH 0117/1548] Update paths for moved program files in makefiles This commit updates the file paths necessary for dlopen_demo.sh, metatest.c query_compile_time_config.c, query_config.h, query_included_headers.c and zeroize.c. This commit also adds a CFLAG to find header files now contained in the framework. Signed-off-by: Harry Ramsey --- programs/Makefile | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index c177c28a25..07638a7c04 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -1,4 +1,5 @@ MBEDTLS_TEST_PATH = ../tests +FRAMEWORK = ${MBEDTLS_PATH}/framework include ../scripts/common.make ifeq ($(shell uname -s),Linux) @@ -24,6 +25,8 @@ else BUILD_DLOPEN = endif +LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs + ## The following assignment is the list of base names of applications that ## will be built on Windows. Extra Linux/Unix/POSIX-only applications can ## be declared by appending with `APPS += ...` afterwards. @@ -301,7 +304,7 @@ ssl/ssl_client1$(EXEXT): ssl/ssl_client1.c $(DEP) SSL_TEST_OBJECTS = test/query_config.o ssl/ssl_test_lib.o SSL_TEST_DEPS = $(SSL_TEST_OBJECTS) \ - test/query_config.h \ + $(FRAMEWORK)/tests/programs/query_config.h \ ssl/ssl_test_lib.h \ ssl/ssl_test_common_source.c \ $(DEP) @@ -322,7 +325,7 @@ ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c $(SSL_TEST_DEPS) echo " CC ssl/ssl_server2.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c $(SSL_TEST_OBJECTS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -ssl/ssl_context_info$(EXEXT): ssl/ssl_context_info.c test/query_config.o test/query_config.h $(DEP) +ssl/ssl_context_info$(EXEXT): ssl/ssl_context_info.c test/query_config.o $(FRAMEWORK)/tests/programs/query_config.h $(DEP) echo " CC ssl/ssl_context_info.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_context_info.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -363,17 +366,17 @@ test/dlopen$(EXEXT): test/dlopen.c $(DEP) $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/dlopen.c $(LDFLAGS) $(DLOPEN_LDFLAGS) -o $@ endif -test/metatest$(EXEXT): test/metatest.c $(DEP) - echo " CC test/metatest.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core test/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/metatest$(EXEXT): $(FRAMEWORK)/tests/programs/metatest.c $(DEP) + echo " CC $(FRAMEWORK)/tests/programs/metatest.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core $(FRAMEWORK)/tests/programs/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -test/query_config.o: test/query_config.c test/query_config.h $(DEP) +test/query_config.o: test/query_config.c $(FRAMEWORK)/tests/programs/query_config.h $(DEP) echo " CC test/query_config.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c test/query_config.c -o $@ -test/query_included_headers$(EXEXT): test/query_included_headers.c $(DEP) - echo " CC test/query_included_headers.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_included_headers.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/query_included_headers$(EXEXT): $(FRAMEWORK)/tests/programs/query_included_headers.c $(DEP) + echo " CC $(FRAMEWORK)/tests/programs/query_included_headers.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $(FRAMEWORK)/tests/programs/query_included_headers.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ test/selftest$(EXEXT): test/selftest.c $(DEP) echo " CC test/selftest.c" @@ -383,13 +386,13 @@ test/udp_proxy$(EXEXT): test/udp_proxy.c $(DEP) echo " CC test/udp_proxy.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/udp_proxy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -test/zeroize$(EXEXT): test/zeroize.c $(DEP) - echo " CC test/zeroize.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/zeroize$(EXEXT): $(FRAMEWORK)/tests/programs/zeroize.c $(DEP) + echo " CC $(FRAMEWORK)/tests/programs/zeroize.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $(FRAMEWORK)/tests/programs/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -test/query_compile_time_config$(EXEXT): test/query_compile_time_config.c test/query_config.o test/query_config.h $(DEP) - echo " CC test/query_compile_time_config.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_compile_time_config.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +test/query_compile_time_config$(EXEXT): $(FRAMEWORK)/tests/programs/query_compile_time_config.c test/query_config.o $(FRAMEWORK)/tests/programs/query_config.h $(DEP) + echo " CC $(FRAMEWORK)/tests/programs/query_compile_time_config.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $(FRAMEWORK)/tests/programs/query_compile_time_config.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ util/pem2der$(EXEXT): util/pem2der.c $(DEP) echo " CC util/pem2der.c" From c19b8e80e7ed024297f394b4f0124f40a7bbb1cf Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Tue, 11 Feb 2025 14:14:00 +0000 Subject: [PATCH 0118/1548] Update include paths in C files Signed-off-by: Harry Ramsey --- programs/ssl/ssl_test_lib.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index a8387d7196..6fc3d73072 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -66,7 +66,7 @@ #include -#include "../test/query_config.h" +#include "query_config.h" #define ALPN_LIST_SIZE 10 #define GROUP_LIST_SIZE 25 From 53ba6ad106128eb72f9177bd8eda1b47ced21787 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 12 Feb 2025 10:18:51 +0000 Subject: [PATCH 0119/1548] Update paths for moved program files in CMakeLists This commit fixes the paths of program files which were moved to the MbedTLS Framework. Signed-off-by: Harry Ramsey --- programs/ssl/CMakeLists.txt | 10 +++++----- programs/test/CMakeLists.txt | 13 ++++++++++--- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index a27c6262b5..65f65b9bdd 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -35,7 +35,7 @@ foreach(exe IN LISTS executables) if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2") list(APPEND extra_sources ssl_test_lib.c - ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.h + ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/query_config.h ${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c) endif() add_executable(${exe} @@ -45,14 +45,13 @@ foreach(exe IN LISTS executables) ${extra_sources}) set_base_compile_options(${exe}) target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include + target_include_directories(${exe} PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/programs + ${MBEDTLS_FRAMEWORK_DIR}/tests/include ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2") if(GEN_FILES) add_dependencies(${exe} generate_query_config_c) endif() - target_include_directories(${exe} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../test) endif() endforeach() @@ -62,7 +61,8 @@ if(THREADS_FOUND) $ $) set_base_compile_options(ssl_pthread_server) - target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include + target_include_directories(ssl_pthread_server PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/programs + ${MBEDTLS_FRAMEWORK_DIR}/tests/include ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT}) list(APPEND executables ssl_pthread_server) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index dec1e8c28a..9c781a6b49 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -76,17 +76,24 @@ else() endif() foreach(exe IN LISTS executables_libs executables_mbedcrypto) + set(source ${exe}.c) set(extra_sources "") + if(NOT EXISTS ${source} AND + EXISTS ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/${source}) + set(source ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/${source}) + endif() + if(exe STREQUAL "query_compile_time_config") list(APPEND extra_sources - ${CMAKE_CURRENT_SOURCE_DIR}/query_config.h + ${MBEDTLS_FRAMEWORK_DIR}/tests/programs/query_config.h ${CMAKE_CURRENT_BINARY_DIR}/query_config.c) endif() - add_executable(${exe} ${exe}.c $ + add_executable(${exe} ${source} $ ${extra_sources}) set_base_compile_options(${exe}) target_include_directories(${exe} - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) + PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include + ${MBEDTLS_FRAMEWORK_DIR}/tests/programs) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/core) From d096793c3f355abd09c739d0aa397d7524740d00 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 12 Feb 2025 20:29:33 +0000 Subject: [PATCH 0120/1548] Update paths for moved program files in components-build-system.sh This commit updates the paths for dlopen_demo.sh in components-build-system.sh as the file has been moved to the framework. Signed-off-by: Harry Ramsey --- tests/scripts/components-build-system.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh index d6ad88ab82..91a999e10a 100644 --- a/tests/scripts/components-build-system.sh +++ b/tests/scripts/components-build-system.sh @@ -13,7 +13,7 @@ component_test_make_shared () { msg "build/test: make shared" # ~ 40s make SHARED=1 TEST_CPP=1 all check ldd programs/util/strerror | grep libmbedcrypto - programs/test/dlopen_demo.sh + $FRAMEWORK/tests/programs/dlopen_demo.sh } component_test_cmake_shared () { @@ -22,7 +22,7 @@ component_test_cmake_shared () { make ldd programs/util/strerror | grep libtfpsacrypto make test - programs/test/dlopen_demo.sh + $FRAMEWORK/tests/programs/dlopen_demo.sh } support_test_cmake_out_of_source () { From ec4af6c6e2f99821e9a60fb0d2f2ea10abef828b Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 12 Feb 2025 20:56:34 +0000 Subject: [PATCH 0121/1548] Update paths for moved programs in generate_visualc_files.pl This commit updates the paths for moved programs in generate_visualc_files.pl. Signed-off-by: Harry Ramsey --- scripts/generate_visualc_files.pl | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index d0fcb7d60f..053040a9c5 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -22,6 +22,7 @@ my $vsx_sln_file = "$vsx_dir/mbedTLS.sln"; my $mbedtls_programs_dir = "programs"; +my $framework_programs_dir = "framework/tests/programs"; my $tfpsacrypto_programs_dir = "tf-psa-crypto/programs"; my $mbedtls_header_dir = 'include/mbedtls'; @@ -59,6 +60,7 @@ tf-psa-crypto/drivers/everest/include/everest/kremlib tests/include framework/tests/include + framework/tests/programs ); my $include_directories = join(';', map {"../../$_"} @include_directories); @@ -125,6 +127,7 @@ sub check_dirs { && -d $tls_test_header_dir && -d $test_drivers_header_dir && -d $mbedtls_programs_dir + && -d $framework_programs_dir && -d $tfpsacrypto_programs_dir; } @@ -164,7 +167,14 @@ sub gen_app { (my $appname = $path) =~ s/.*\\//; my $is_test_app = ($path =~ m/^test\\/); - my $srcs = ""; + my $srcs; + if( $appname eq "metatest" or $appname eq "query_compile_time_config" or + $appname eq "query_included_headers" or $appname eq "zeroize" ) { + $srcs = ""; + } else { + $srcs = ""; + } + if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or $appname eq "query_compile_time_config" ) { $srcs .= "\n "; @@ -283,6 +293,7 @@ sub main { $tls_source_dir, $crypto_core_source_dir, $crypto_source_dir, + $framework_programs_dir, @thirdparty_header_dirs, ); my @headers = (map { <$_/*.h> } @header_dirs); From 9b4035cc9ebbe8a0ef6611e6fb813e69f6b7481c Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 10:00:11 +0000 Subject: [PATCH 0122/1548] Update path for moved test_zeroize.gdb script This commit updates the path for the moved test_zeroize.gdb script which has been moved to MbedTLS-Framework. Signed-off-by: Harry Ramsey --- tests/scripts/components-compiler.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 469c62cb09..74543b13e9 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -136,7 +136,7 @@ component_test_zeroize () { for compiler in clang gcc; do msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" - gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log + gdb -ex "$gdb_disable_aslr" -x $FRAMEWORK/tests/programs/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log grep "The buffer was correctly zeroized" test_zeroize.log not grep -i "error" test_zeroize.log rm -f test_zeroize.log From f6fb2f0cb41a273b689b9e53f6c45c529ac48eb4 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Tue, 18 Feb 2025 17:52:45 +0000 Subject: [PATCH 0123/1548] Update documentation regarding test_zeroize This commit updates the paths in documentation for test_zeroize since it has been moved to MbedTLS Framework. Signed-off-by: Harry Ramsey --- docs/architecture/testing/invasive-testing.md | 2 +- programs/README.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/architecture/testing/invasive-testing.md b/docs/architecture/testing/invasive-testing.md index 464f7611f2..bf8d631d79 100644 --- a/docs/architecture/testing/invasive-testing.md +++ b/docs/architecture/testing/invasive-testing.md @@ -275,7 +275,7 @@ This section lists some strategies that are currently used for invasive testing, Goal: test that `mbedtls_platform_zeroize` does wipe the memory buffer. -Solution ([debugger](#debugger-based-testing)): implemented in `tests/scripts/test_zeroize.gdb`. +Solution ([debugger](#debugger-based-testing)): implemented in `framework/tests/programs/test_zeroize.gdb`. Rationale: this cannot be tested by adding C code, because the danger is that the compiler optimizes the zeroization away, and any C code that observes the zeroization would cause the compiler not to optimize it away. diff --git a/programs/README.md b/programs/README.md index f53bde5611..a58037d097 100644 --- a/programs/README.md +++ b/programs/README.md @@ -53,7 +53,7 @@ This subdirectory mostly contains sample programs that illustrate specific featu ## Random number generator (RNG) examples -* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data. +* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data. Note: most applications should only use the entropy generator to seed a cryptographic pseudorandom generator, as illustrated by `random/gen_random_ctr_drbg.c`. * [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): shows how to use the default entropy sources to seed a pseudorandom generator, and how to use the resulting random generator to generate random data. @@ -96,7 +96,7 @@ In addition to providing options for testing client-side features, the `ssl_clie * [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful for testing DTLS. -* [`test/zeroize.c`](test/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`tests/scripts/test_zeroize.gdb`](tests/scripts/test_zeroize.gdb). +* [`test/zeroize.c`](../framework/tests/programs/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`test_zeroize.gdb`](../framework/tests/programs/test_zeroize.gdb). ## Development utilities From 21506fd7f19257315d10cf278bbea2c331f7a4dd Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 19 Feb 2025 14:47:10 +0000 Subject: [PATCH 0124/1548] Update documentation regarding metatest This commit updates the paths in the documentation for metatest.c as it has been moved to MbedTLS Framework. Signed-off-by: Harry Ramsey --- tests/suites/test_suite_test_helpers.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_test_helpers.function b/tests/suites/test_suite_test_helpers.function index 8c5d5adf65..0139faf14f 100644 --- a/tests/suites/test_suite_test_helpers.function +++ b/tests/suites/test_suite_test_helpers.function @@ -15,7 +15,7 @@ /* Test that poison+unpoison leaves the memory accessible. */ /* We can't test that poisoning makes the memory inaccessible: * there's no sane way to catch an Asan/Valgrind complaint. - * That negative testing is done in programs/test/metatest.c. */ + * That negative testing is done in framework/tests/programs/metatest.c. */ void memory_poison_unpoison(int align, int size) { unsigned char *buf = NULL; From 48d1374a2cfe0b99ccf44e76f1d456fb3291ae2a Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Mon, 17 Feb 2025 10:01:43 +0000 Subject: [PATCH 0125/1548] Update framework pointer Signed-off-by: Harry Ramsey --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 9c2eb756ca..523a12d05b 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 9c2eb756ca8c8edbbc100ac2530c3066833952a7 +Subproject commit 523a12d05b91301b020e2aa560d9774135e3a801 From 5befe36d2aeb4f4b9893c25427cb087b14070358 Mon Sep 17 00:00:00 2001 From: Harry Ramsey Date: Wed, 19 Feb 2025 15:27:49 +0000 Subject: [PATCH 0126/1548] Update TF-PSA-Crypto pointer Signed-off-by: Harry Ramsey --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index da76c6b191..67212566e9 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit da76c6b1915c75e9dd9efc32f7d206a05b5d36c8 +Subproject commit 67212566e95c936f8375eb634c249dd71dea582d From aa2594a52e9bddb6a21f7353a2c0965eec3b3415 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Feb 2025 18:42:13 +0100 Subject: [PATCH 0127/1548] Make ticket_alpn field private An omission in 3.x. Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e0c0eae4e2..9029078566 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1295,8 +1295,8 @@ struct mbedtls_ssl_session { #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C) - char *ticket_alpn; /*!< ALPN negotiated in the session - during which the ticket was generated. */ + char *MBEDTLS_PRIVATE(ticket_alpn); /*!< ALPN negotiated in the session + during which the ticket was generated. */ #endif #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C) From 86a66edcd021556e13cc4b714ab4dbc159770482 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Feb 2025 23:11:09 +0100 Subject: [PATCH 0128/1548] Fix Doxygen markup Pacify `clang -Wdocumentation`. Signed-off-by: Gilles Peskine --- programs/ssl/ssl_test_lib.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index a8387d7196..3bbddd76e4 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -243,8 +243,8 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, * - free the provided PK context and re-initilize it as an opaque PK context * wrapping the PSA key imported in the above step. * - * \param[in/out] pk On input the non-opaque PK context which contains the - * key to be wrapped. On output the re-initialized PK + * \param[in,out] pk On input, the non-opaque PK context which contains the + * key to be wrapped. On output, the re-initialized PK * context which represents the opaque version of the one * provided as input. * \param[in] psa_alg The primary algorithm that will be associated to the From eb63613347312ae8976016ac94884e34c058926f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Feb 2025 12:58:24 +0100 Subject: [PATCH 0129/1548] Make guards more consistent between X.509-has-certs and SSL-has-certs Fix some build errors when MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED is false but MBEDTLS_X509_CRT_PARSE_C is enabled. This is not a particularly useful configuration, but for quick testing, it's convenient for it to work. Signed-off-by: Gilles Peskine --- programs/ssl/ssl_test_common_source.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 6c7eed5e58..e194b58dff 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -315,7 +315,7 @@ uint16_t ssl_sig_algs_for_test[] = { }; #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) /** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function * for more info. */ @@ -350,9 +350,7 @@ static int x509_crt_verify_info(char *buf, size_t size, const char *prefix, return (int) (size - n); #endif /* MBEDTLS_X509_REMOVE_INFO */ } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) static void mbedtls_print_supported_sig_algs(void) { mbedtls_printf("supported signature algorithms:\n"); From 58b399e81ed3bff008672a76b227ffbf2c3a288f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Feb 2025 21:23:22 +0100 Subject: [PATCH 0130/1548] Automate MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK dependency Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 23b692c723..ce661fcc83 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -475,6 +475,11 @@ detect_required_features() { requires_certificate_authentication;; esac + case " $CMD_LINE " in + *\ ca_callback=1\ *) + requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK;; + esac + case " $CMD_LINE " in *"programs/ssl/dtls_client "*|\ *"programs/ssl/ssl_client1 "*) @@ -2217,7 +2222,6 @@ run_test "TLS: password protected server key, two certificates" \ "$P_CLI" \ 0 -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "CA callback on client" \ "$P_SRV debug_level=3" \ "$P_CLI ca_callback=1 debug_level=3 " \ @@ -2226,7 +2230,6 @@ run_test "CA callback on client" \ -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_hash_alg SHA_256 run_test "CA callback on server" \ @@ -6279,7 +6282,6 @@ run_test "Authentication: send alt hs DN hints in CertificateRequest" \ # Tests for auth_mode, using CA callback, these are duplicated from the authentication tests # When updating these tests, modify the matching authentication tests accordingly -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server badcert, client required" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -6291,7 +6293,6 @@ run_test "Authentication, CA callback: server badcert, client required" \ -c "! mbedtls_ssl_handshake returned" \ -c "X509 - Certificate verification failed" -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server badcert, client optional" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -6303,7 +6304,6 @@ run_test "Authentication, CA callback: server badcert, client optional" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server badcert, client none" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -6322,7 +6322,6 @@ run_test "Authentication, CA callback: server badcert, client none" \ # occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a # different means to have the server ignoring the client's supported curve list. -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \ "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ @@ -6333,7 +6332,6 @@ run_test "Authentication, CA callback: server ECDH p256v1, client required, p -c "! Certificate verification flags" \ -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \ "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ @@ -6344,7 +6342,6 @@ run_test "Authentication, CA callback: server ECDH p256v1, client optional, p -c "! Certificate verification flags"\ -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client SHA384, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ @@ -6356,7 +6353,6 @@ run_test "Authentication, CA callback: client SHA384, server required" \ -c "Supported Signature Algorithm found: 04 " \ -c "Supported Signature Algorithm found: 05 " -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client SHA256, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ @@ -6368,7 +6364,6 @@ run_test "Authentication, CA callback: client SHA256, server required" \ -c "Supported Signature Algorithm found: 04 " \ -c "Supported Signature Algorithm found: 05 " -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: client badcert, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -6390,7 +6385,6 @@ run_test "Authentication, CA callback: client badcert, server required" \ # detect that its write end of the connection is closed and abort # before reading the alert message. -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: client cert not trusted, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ @@ -6408,7 +6402,6 @@ run_test "Authentication, CA callback: client cert not trusted, server requir -s "! mbedtls_ssl_handshake returned" \ -s "X509 - Certificate verification failed" -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: client badcert, server optional" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -6429,7 +6422,6 @@ run_test "Authentication, CA callback: client badcert, server optional" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server max_int chain, client default" \ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ @@ -6440,7 +6432,6 @@ run_test "Authentication, CA callback: server max_int chain, client default" requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server max_int+1 chain, client default" \ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ @@ -6451,7 +6442,6 @@ run_test "Authentication, CA callback: server max_int+1 chain, client default requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: server max_int+1 chain, client optional" \ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ @@ -6463,7 +6453,6 @@ run_test "Authentication, CA callback: server max_int+1 chain, client optiona requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: client max_int+1 chain, server optional" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ @@ -6474,7 +6463,6 @@ run_test "Authentication, CA callback: client max_int+1 chain, server optiona requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: client max_int+1 chain, server required" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ @@ -6485,7 +6473,6 @@ run_test "Authentication, CA callback: client max_int+1 chain, server require requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer -requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK run_test "Authentication, CA callback: client max_int chain, server required" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ From 95fe2a6df4efca8680200f8a0110fbeae4a795cb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Feb 2025 18:12:29 +0100 Subject: [PATCH 0131/1548] Add a flags field to mbedtls_ssl_context Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 6 ++++++ library/ssl_tls.c | 1 + 2 files changed, 7 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 9029078566..7c3a3d9433 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1669,6 +1669,12 @@ struct mbedtls_ssl_context { * Miscellaneous */ int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */ + + /** Mask of `MBEDTLS_SSL_CONTEXT_FLAG_XXX`. + * This field is not saved by mbedtls_ssl_session_save(). + */ + uint32_t MBEDTLS_PRIVATE(flags); + #if defined(MBEDTLS_SSL_RENEGOTIATION) int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending? */ int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request, or with DTLS, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 60f2e1cd6d..4744db3d49 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1411,6 +1411,7 @@ int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ssl->state = MBEDTLS_SSL_HELLO_REQUEST; + ssl->flags = 0; ssl->tls_version = ssl->conf->max_tls_version; mbedtls_ssl_session_reset_msg_layer(ssl, partial); From e5054e495aa69f4556147fc250d9204e597e4ed9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Feb 2025 21:50:53 +0100 Subject: [PATCH 0132/1548] mbedtls_ssl_set_hostname tests: baseline Test the current behavior. Signed-off-by: Gilles Peskine --- programs/ssl/ssl_client2.c | 39 ++++++++- tests/ssl-opt.sh | 157 +++++++++++++++++++++++++++++++++++++ 2 files changed, 192 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f009a3169b..fa61c6cb1f 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -68,6 +68,7 @@ int main(void) #define DFL_MAX_VERSION -1 #define DFL_SHA1 -1 #define DFL_AUTH_MODE -1 +#define DFL_SET_HOSTNAME 1 #define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE #define DFL_TRUNC_HMAC -1 #define DFL_RECSPLIT -1 @@ -403,6 +404,9 @@ int main(void) #define USAGE2 \ " auth_mode=%%s default: (library default: none)\n" \ " options: none, optional, required\n" \ + " set_hostname=%%s call mbedtls_ssl_set_hostname()?" \ + " options: no, server_name, NULL\n" \ + " default: server_name (but ignored if certs disabled)\n" \ USAGE_IO \ USAGE_KEY_OPAQUE \ USAGE_CA_CALLBACK \ @@ -505,6 +509,8 @@ struct options { int max_version; /* maximum protocol version accepted */ int allow_sha1; /* flag for SHA-1 support */ int auth_mode; /* verify mode for connection */ + int set_hostname; /* call mbedtls_ssl_set_hostname()? */ + /* 0=no, 1=yes, -1=NULL */ unsigned char mfl_code; /* code for maximum fragment length */ int trunc_hmac; /* negotiate truncated hmac or not */ int recsplit; /* enable record splitting? */ @@ -953,6 +959,7 @@ int main(int argc, char *argv[]) opt.max_version = DFL_MAX_VERSION; opt.allow_sha1 = DFL_SHA1; opt.auth_mode = DFL_AUTH_MODE; + opt.set_hostname = DFL_SET_HOSTNAME; opt.mfl_code = DFL_MFL_CODE; opt.trunc_hmac = DFL_TRUNC_HMAC; opt.recsplit = DFL_RECSPLIT; @@ -1344,6 +1351,16 @@ int main(int argc, char *argv[]) } else { goto usage; } + } else if (strcmp(p, "set_hostname") == 0) { + if (strcmp(q, "no") == 0) { + opt.set_hostname = 0; + } else if (strcmp(q, "server_name") == 0) { + opt.set_hostname = 1; + } else if (strcmp(q, "NULL") == 0) { + opt.set_hostname = -1; + } else { + goto usage; + } } else if (strcmp(p, "max_frag_len") == 0) { if (strcmp(q, "512") == 0) { opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512; @@ -2052,10 +2069,24 @@ int main(int argc, char *argv[]) #endif /* MBEDTLS_SSL_DTLS_SRTP */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", - ret); - goto exit; + switch (opt.set_hostname) { + case -1: + if ((ret = mbedtls_ssl_set_hostname(&ssl, NULL)) != 0) { + mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", + ret); + goto exit; + } + break; + case 0: + /* Skip the call */ + break; + default: + if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) { + mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", + ret); + goto exit; + } + break; } #endif diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ce661fcc83..e541a81983 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5938,6 +5938,163 @@ run_test "Authentication: server goodcert, client none, no trusted CA (1.2)" -C "X509 - Certificate verification failed" \ -C "SSL - No CA Chain is set, but required to operate" +# The next few tests check what happens if the server has a valid certificate +# that does not match its name (impersonation). + +run_test "Authentication: hostname match, client required" \ + "$P_SRV" \ + "$P_CLI auth_mode=required server_name=localhost debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname mismatch (wrong), client required" \ + "$P_SRV" \ + "$P_CLI auth_mode=required server_name=wrong-name debug_level=1" \ + 1 \ + -c "does not match with the expected CN" \ + -c "x509_verify_cert() returned -" \ + -c "! mbedtls_ssl_handshake returned" \ + -c "X509 - Certificate verification failed" + +run_test "Authentication: hostname mismatch (empty), client required" \ + "$P_SRV" \ + "$P_CLI auth_mode=required server_name= debug_level=1" \ + 1 \ + -c "does not match with the expected CN" \ + -c "x509_verify_cert() returned -" \ + -c "! mbedtls_ssl_handshake returned" \ + -c "X509 - Certificate verification failed" + +run_test "Authentication: hostname mismatch (truncated), client required" \ + "$P_SRV" \ + "$P_CLI auth_mode=required server_name=localhos debug_level=1" \ + 1 \ + -c "does not match with the expected CN" \ + -c "x509_verify_cert() returned -" \ + -c "! mbedtls_ssl_handshake returned" \ + -c "X509 - Certificate verification failed" + +run_test "Authentication: hostname mismatch (last char), client required" \ + "$P_SRV" \ + "$P_CLI auth_mode=required server_name=localhoss debug_level=1" \ + 1 \ + -c "does not match with the expected CN" \ + -c "x509_verify_cert() returned -" \ + -c "! mbedtls_ssl_handshake returned" \ + -c "X509 - Certificate verification failed" + +run_test "Authentication: hostname mismatch (trailing), client required" \ + "$P_SRV" \ + "$P_CLI auth_mode=required server_name=localhostt debug_level=1" \ + 1 \ + -c "does not match with the expected CN" \ + -c "x509_verify_cert() returned -" \ + -c "! mbedtls_ssl_handshake returned" \ + -c "X509 - Certificate verification failed" + +run_test "Authentication: hostname mismatch, client optional" \ + "$P_SRV" \ + "$P_CLI auth_mode=optional server_name=wrong-name debug_level=1" \ + 0 \ + -c "does not match with the expected CN" \ + -c "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname mismatch, client none" \ + "$P_SRV" \ + "$P_CLI auth_mode=none server_name=wrong-name debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname null, client required" \ + "$P_SRV" \ + "$P_CLI auth_mode=required set_hostname=NULL debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname null, client optional" \ + "$P_SRV" \ + "$P_CLI auth_mode=optional set_hostname=NULL debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname null, client none" \ + "$P_SRV" \ + "$P_CLI auth_mode=none set_hostname=NULL debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname unset, client required" \ + "$P_SRV" \ + "$P_CLI auth_mode=required set_hostname=no debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname unset, client optional" \ + "$P_SRV" \ + "$P_CLI auth_mode=optional set_hostname=no debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname unset, client none" \ + "$P_SRV" \ + "$P_CLI auth_mode=none set_hostname=no debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname unset, client default, server picks cert, 1.2" \ + "$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "Authentication: hostname unset, client default, server picks cert, 1.3" \ + "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral" \ + "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + +run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" \ + "$P_SRV force_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \ + "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" \ + "$P_SRV force_version=tls13 tls13_kex_modes=psk psk=73776f726466697368 psk_identity=foo" \ + "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "x509_verify_cert() returned -" \ + -C "X509 - Certificate verification failed" + # The purpose of the next two tests is to test the client's behaviour when receiving a server # certificate with an unsupported elliptic curve. This should usually not happen because # the client informs the server about the supported curves - it does, though, in the From 4ac4008fa09e0be09a8bfabbb43c966bcc54119f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Feb 2025 18:13:58 +0100 Subject: [PATCH 0133/1548] Access ssl->hostname through abstractions in certificate verification New abstractions to access ssl->hostname: mbedtls_ssl_has_set_hostname_been_called(), mbedtls_ssl_free_hostname(). Use these abstractions to access the hostname with the opportunity for extra checks in mbedtls_ssl_verify_certificate(). No behavior change except for a new log message. Signed-off-by: Gilles Peskine --- library/ssl_tls.c | 66 ++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 56 insertions(+), 10 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4744db3d49..dd1beb98b7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2516,6 +2516,36 @@ void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, } #if defined(MBEDTLS_X509_CRT_PARSE_C) + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +/** Whether mbedtls_ssl_set_hostname() has been called. + * + * \param[in] ssl SSL context + * + * \return \c 1 if mbedtls_ssl_set_hostname() has been called on \p ssl + * (including `mbedtls_ssl_set_hostname(ssl, NULL)`), + * otherwise \c 0. + */ +static int mbedtls_ssl_has_set_hostname_been_called( + const mbedtls_ssl_context *ssl) +{ + /* We can't tell the difference between the case where + * mbedtls_ssl_set_hostname() has not been called at all, and + * the case where it was last called with NULL. For the time + * being, we assume the latter, i.e. we behave as if there had + * been an implicit call to mbedtls_ssl_set_hostname(ssl, NULL). */ + return ssl->hostname != NULL; +} +#endif + +static void mbedtls_ssl_free_hostname(mbedtls_ssl_context *ssl) +{ + if (ssl->hostname != NULL) { + mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname)); + } + ssl->hostname = NULL; +} + int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname) { /* Initialize to suppress unnecessary compiler warning */ @@ -2533,10 +2563,7 @@ int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname) /* Now it's clear that we will overwrite the old hostname, * so we can free it safely */ - - if (ssl->hostname != NULL) { - mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname)); - } + mbedtls_ssl_free_hostname(ssl); /* Passing NULL as hostname shall clear the old one */ @@ -5295,9 +5322,7 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl) } #if defined(MBEDTLS_X509_CRT_PARSE_C) - if (ssl->hostname != NULL) { - mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname)); - } + mbedtls_ssl_free_hostname(ssl); #endif #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) @@ -8845,6 +8870,21 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, return ret; } +static int get_hostname_for_verification(mbedtls_ssl_context *ssl, + const char **hostname) +{ + if (!mbedtls_ssl_has_set_hostname_been_called(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Certificate verification without having set hostname")); + } + + *hostname = ssl->hostname; + if (*hostname == NULL) { + MBEDTLS_SSL_DEBUG_MSG(2, ("Certificate verification without CN verification")); + } + + return 0; +} + int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, int authmode, mbedtls_x509_crt *chain, @@ -8870,7 +8910,13 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, p_vrfy = ssl->conf->p_vrfy; } - int ret = 0; + const char *hostname = ""; + int ret = get_hostname_for_verification(ssl, &hostname); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "get_hostname_for_verification", ret); + return ret; + } + int have_ca_chain_or_callback = 0; #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) if (ssl->conf->f_ca_cb != NULL) { @@ -8883,7 +8929,7 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, ssl->conf->f_ca_cb, ssl->conf->p_ca_cb, ssl->conf->cert_profile, - ssl->hostname, + hostname, &ssl->session_negotiate->verify_result, f_vrfy, p_vrfy); } else @@ -8910,7 +8956,7 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, chain, ca_chain, ca_crl, ssl->conf->cert_profile, - ssl->hostname, + hostname, &ssl->session_negotiate->verify_result, f_vrfy, p_vrfy, rs_ctx); } From 6a9cf113611de1d8ac18f49563883a639ae7c7d6 Mon Sep 17 00:00:00 2001 From: Stefan Gloor Date: Fri, 21 Feb 2025 10:30:02 +0100 Subject: [PATCH 0134/1548] fix: remove superfluous BEFORE_COLON in x509_crl.c BEFORE_COLON and BC defines with the accompanying comment are only required in x509_crt and x509_csr, but not used in x509_crl.c. Signed-off-by: Stefan Gloor --- library/x509_crl.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/library/x509_crl.c b/library/x509_crl.c index e67fde7210..bc4fdbb884 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -582,11 +582,6 @@ int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path) #endif /* MBEDTLS_FS_IO */ #if !defined(MBEDTLS_X509_REMOVE_INFO) -/* - * Return an informational string about the certificate. - */ -#define BEFORE_COLON 14 -#define BC "14" /* * Return an informational string about the CRL. */ From b5c079b13c4977bdba8593d174d7851e41b5788e Mon Sep 17 00:00:00 2001 From: Stefan Gloor Date: Fri, 21 Feb 2025 10:33:51 +0100 Subject: [PATCH 0135/1548] fix: rename BEFORE_COLON and BC to avoid conflicts Namespace BEFORE_COLON and BC defines by prepending MBEDTLS_ and expanding BC to BEFORE_COLON_STR. This is to avoid naming conflicts with third-party code. No functional change. Signed-off-by: Stefan Gloor --- library/x509_crt.c | 12 ++++++------ library/x509_csr.c | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 113eb1b072..5d26ebbbc1 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1743,15 +1743,15 @@ static int x509_info_cert_policies(char **buf, size_t *size, /* * Return an informational string about the certificate. */ -#define BEFORE_COLON 18 -#define BC "18" +#define MBEDTLS_BEFORE_COLON 18 +#define MBEDTLS_BEFORE_COLON_STR "18" int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; char *p; - char key_size_str[BEFORE_COLON]; + char key_size_str[MBEDTLS_BEFORE_COLON]; p = buf; n = size; @@ -1805,13 +1805,13 @@ int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, MBEDTLS_X509_SAFE_SNPRINTF; /* Key size */ - if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON, + if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, mbedtls_pk_get_name(&crt->pk))) != 0) { return ret; } - ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, - (int) mbedtls_pk_get_bitlen(&crt->pk)); + ret = mbedtls_snprintf(p, n, "\n%s%-" MBEDTLS_BEFORE_COLON_STR "s: %d bits", + prefix, key_size_str, (int) mbedtls_pk_get_bitlen(&crt->pk)); MBEDTLS_X509_SAFE_SNPRINTF; /* diff --git a/library/x509_csr.c b/library/x509_csr.c index 3a78268685..8e5fdb6813 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -519,8 +519,8 @@ int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path) #endif /* MBEDTLS_FS_IO */ #if !defined(MBEDTLS_X509_REMOVE_INFO) -#define BEFORE_COLON 14 -#define BC "14" +#define MBEDTLS_BEFORE_COLON 14 +#define MBEDTLS_BEFORE_COLON_STR "14" /* * Return an informational string about the CSR. */ @@ -530,7 +530,7 @@ int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; char *p; - char key_size_str[BEFORE_COLON]; + char key_size_str[MBEDTLS_BEFORE_COLON]; p = buf; n = size; @@ -551,13 +551,13 @@ int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, csr->sig_opts); MBEDTLS_X509_SAFE_SNPRINTF; - if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON, + if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, mbedtls_pk_get_name(&csr->pk))) != 0) { return ret; } - ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str, - (int) mbedtls_pk_get_bitlen(&csr->pk)); + ret = mbedtls_snprintf(p, n, "\n%s%-" MBEDTLS_BEFORE_COLON_STR "s: %d bits\n", + prefix, key_size_str, (int) mbedtls_pk_get_bitlen(&csr->pk)); MBEDTLS_X509_SAFE_SNPRINTF; /* From 34b4aa1f585d2dfce06401d9a2a3e02e28579b38 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 17 Feb 2025 10:21:28 +0100 Subject: [PATCH 0136/1548] programs: move benchmark to tf-psa-crypto repo This commit also removes references from Makefile and README.md. Signed-off-by: Valerio Setti --- programs/Makefile | 5 - programs/README.md | 3 - programs/test/CMakeLists.txt | 1 - programs/test/benchmark.c | 1272 ---------------------------------- 4 files changed, 1281 deletions(-) delete mode 100644 programs/test/benchmark.c diff --git a/programs/Makefile b/programs/Makefile index 07638a7c04..79bb402f1b 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -79,7 +79,6 @@ APPS = \ ssl/ssl_mail_client \ ssl/ssl_server \ ssl/ssl_server2 \ - test/benchmark \ test/metatest \ test/query_compile_time_config \ test/query_included_headers \ @@ -345,10 +344,6 @@ ssl/mini_client$(EXEXT): ssl/mini_client.c $(DEP) echo " CC ssl/mini_client.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/mini_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -test/benchmark$(EXEXT): test/benchmark.c $(DEP) - echo " CC test/benchmark.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - test/cpp_dummy_build.cpp: test/generate_cpp_dummy_build.sh echo " Gen test/cpp_dummy_build.cpp" test/generate_cpp_dummy_build.sh diff --git a/programs/README.md b/programs/README.md index a58037d097..5e5f40a4c3 100644 --- a/programs/README.md +++ b/programs/README.md @@ -90,8 +90,6 @@ In addition to providing options for testing client-side features, the `ssl_clie ## Test utilities -* [`test/benchmark.c`](test/benchmark.c): benchmark for cryptographic algorithms. - * [`test/selftest.c`](test/selftest.c): runs the self-test function in each library module. * [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful for testing DTLS. @@ -115,4 +113,3 @@ In addition to providing options for testing client-side features, the `ssl_clie * [`x509/crl_app.c`](x509/crl_app.c): loads and dumps a certificate revocation list (CRL). * [`x509/req_app.c`](x509/req_app.c): loads and dumps a certificate signing request (CSR). - diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 9c781a6b49..089f8a67e8 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -13,7 +13,6 @@ add_dependencies(${programs_target} ${executables_libs}) add_dependencies(${ssl_opt_target} udp_proxy) set(executables_mbedcrypto - benchmark zeroize ) add_dependencies(${programs_target} ${executables_mbedcrypto}) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c deleted file mode 100644 index c878e3426d..0000000000 --- a/programs/test/benchmark.c +++ /dev/null @@ -1,1272 +0,0 @@ -/* - * Benchmark demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_HAVE_TIME) -int main(void) -{ - mbedtls_printf("MBEDTLS_HAVE_TIME not defined.\n"); - mbedtls_exit(0); -} -#else - -#include -#include - -#include "mbedtls/md5.h" -#include "mbedtls/ripemd160.h" -#include "mbedtls/sha1.h" -#include "mbedtls/sha256.h" -#include "mbedtls/sha512.h" -#include "mbedtls/sha3.h" - -#include "mbedtls/des.h" -#include "mbedtls/aes.h" -#include "mbedtls/aria.h" -#include "mbedtls/camellia.h" -#include "mbedtls/chacha20.h" -#include "mbedtls/gcm.h" -#include "mbedtls/ccm.h" -#include "mbedtls/chachapoly.h" -#include "mbedtls/cmac.h" -#include "mbedtls/poly1305.h" - -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/hmac_drbg.h" - -#include "mbedtls/rsa.h" -#include "mbedtls/dhm.h" -#include "mbedtls/ecdsa.h" -#include "mbedtls/ecdh.h" - -#include "mbedtls/error_common.h" - -/* *INDENT-OFF* */ -#ifndef asm -#define asm __asm -#endif -/* *INDENT-ON* */ - -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - -#include -#include - -struct _hr_time { - LARGE_INTEGER start; -}; - -#else - -#include -#include -#include -#include -#include - -struct _hr_time { - struct timeval start; -}; - -#endif /* _WIN32 && !EFIX64 && !EFI32 */ - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#include "mbedtls/memory_buffer_alloc.h" -#endif - -#ifdef MBEDTLS_TIMING_ALT -void mbedtls_set_alarm(int seconds); -unsigned long mbedtls_timing_hardclock(void); -extern volatile int mbedtls_timing_alarmed; -#else -static void mbedtls_set_alarm(int seconds); -static unsigned long mbedtls_timing_hardclock(void); -#endif - -/* - * For heap usage estimates, we need an estimate of the overhead per allocated - * block. ptmalloc2/3 (used in gnu libc for instance) uses 2 size_t per block, - * so use that as our baseline. - */ -#define MEM_BLOCK_OVERHEAD (2 * sizeof(size_t)) - -/* - * Size to use for the alloc buffer if MEMORY_BUFFER_ALLOC_C is defined. - */ -#define HEAP_SIZE (1u << 16) /* 64k */ - -#define BUFSIZE 1024 -#define HEADER_FORMAT " %-24s : " -#define TITLE_LEN 25 - -#define OPTIONS \ - "md5, ripemd160, sha1, sha256, sha512,\n" \ - "sha3_224, sha3_256, sha3_384, sha3_512,\n" \ - "des3, des, camellia, chacha20,\n" \ - "aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly\n" \ - "aes_cmac, des3_cmac, poly1305\n" \ - "ctr_drbg, hmac_drbg\n" \ - "rsa, dhm, ecdsa, ecdh.\n" - -#if defined(MBEDTLS_ERROR_C) -#define PRINT_ERROR \ - mbedtls_printf("Error code: %d", ret); -/* mbedtls_strerror(ret, (char *) tmp, sizeof(tmp)); \ - mbedtls_printf("FAILED: %s\n", tmp); */ -#else -#define PRINT_ERROR \ - mbedtls_printf("FAILED: -0x%04x\n", (unsigned int) -ret); -#endif - -#define TIME_AND_TSC(TITLE, CODE) \ - do { \ - unsigned long ii, jj, tsc; \ - int ret = 0; \ - \ - mbedtls_printf(HEADER_FORMAT, TITLE); \ - fflush(stdout); \ - \ - mbedtls_set_alarm(1); \ - for (ii = 1; ret == 0 && !mbedtls_timing_alarmed; ii++) \ - { \ - ret = CODE; \ - } \ - \ - tsc = mbedtls_timing_hardclock(); \ - for (jj = 0; ret == 0 && jj < 1024; jj++) \ - { \ - ret = CODE; \ - } \ - \ - if (ret != 0) \ - { \ - PRINT_ERROR; \ - } \ - else \ - { \ - mbedtls_printf("%9lu KiB/s, %9lu cycles/byte\n", \ - ii * BUFSIZE / 1024, \ - (mbedtls_timing_hardclock() - tsc) \ - / (jj * BUFSIZE)); \ - } \ - } while (0) - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG) - -/* How much space to reserve for the title when printing heap usage results. - * Updated manually as the output of the following command: - * - * sed -n 's/.*[T]IME_PUBLIC.*"\(.*\)",/\1/p' programs/test/benchmark.c | - * awk '{print length+3}' | sort -rn | head -n1 - * - * This computes the maximum length of a title +3, because we appends "/s" and - * want at least one space. (If the value is too small, the only consequence - * is poor alignment.) */ -#define TITLE_SPACE 17 - -#define MEMORY_MEASURE_INIT \ - size_t max_used, max_blocks, max_bytes; \ - size_t prv_used, prv_blocks; \ - size_t alloc_cnt, free_cnt, prv_alloc, prv_free; \ - mbedtls_memory_buffer_alloc_cur_get(&prv_used, &prv_blocks); \ - mbedtls_memory_buffer_alloc_max_reset(); - -#define MEMORY_MEASURE_RESET \ - mbedtls_memory_buffer_alloc_count_get(&prv_alloc, &prv_free); - -#define MEMORY_MEASURE_PRINT(title_len) \ - mbedtls_memory_buffer_alloc_max_get(&max_used, &max_blocks); \ - mbedtls_memory_buffer_alloc_count_get(&alloc_cnt, &free_cnt); \ - ii = TITLE_SPACE > (title_len) ? TITLE_SPACE - (title_len) : 1; \ - while (ii--) mbedtls_printf(" "); \ - max_used -= prv_used; \ - max_blocks -= prv_blocks; \ - max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \ - mbedtls_printf("%6u heap bytes, %6u allocs", \ - (unsigned) max_bytes, \ - (unsigned) (alloc_cnt - prv_alloc)); - -#else -#define MEMORY_MEASURE_INIT -#define MEMORY_MEASURE_RESET -#define MEMORY_MEASURE_PRINT(title_len) -#endif - -#define TIME_PUBLIC(TITLE, TYPE, CODE) \ - do { \ - unsigned long ii; \ - int ret; \ - MEMORY_MEASURE_INIT; \ - \ - mbedtls_printf(HEADER_FORMAT, TITLE); \ - fflush(stdout); \ - mbedtls_set_alarm(3); \ - \ - ret = 0; \ - for (ii = 1; !mbedtls_timing_alarmed && !ret; ii++) \ - { \ - MEMORY_MEASURE_RESET; \ - CODE; \ - } \ - \ - if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) \ - { \ - mbedtls_printf("Feature Not Supported. Skipping.\n"); \ - ret = 0; \ - } \ - else if (ret != 0) \ - { \ - PRINT_ERROR; \ - } \ - else \ - { \ - mbedtls_printf("%6lu " TYPE "/s", ii / 3); \ - MEMORY_MEASURE_PRINT(sizeof(TYPE) + 1); \ - mbedtls_printf("\n"); \ - } \ - } while (0) - -#if !defined(MBEDTLS_TIMING_ALT) -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long tsc; - __asm rdtsc - __asm mov[tsc], eax - return tsc; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - ( _MSC_VER && _M_IX86 ) || __WATCOMC__ */ - -/* some versions of mingw-64 have 32-bit longs even on x84_64 */ -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && (defined(__i386__) || ( \ - (defined(__amd64__) || defined(__x86_64__)) && __SIZEOF_LONG__ == 4)) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long lo, hi; - asm volatile ("rdtsc" : "=a" (lo), "=d" (hi)); - return lo; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __i386__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && (defined(__amd64__) || defined(__x86_64__)) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long lo, hi; - asm volatile ("rdtsc" : "=a" (lo), "=d" (hi)); - return lo | (hi << 32); -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && ( __amd64__ || __x86_64__ ) */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && (defined(__powerpc__) || defined(__ppc__)) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long tbl, tbu0, tbu1; - - do { - asm volatile ("mftbu %0" : "=r" (tbu0)); - asm volatile ("mftb %0" : "=r" (tbl)); - asm volatile ("mftbu %0" : "=r" (tbu1)); - } while (tbu0 != tbu1); - - return tbl; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && ( __powerpc__ || __ppc__ ) */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__sparc64__) - -#if defined(__OpenBSD__) -#warning OpenBSD does not allow access to tick register using software version instead -#else -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long tick; - asm volatile ("rdpr %%tick, %0;" : "=&r" (tick)); - return tick; -} -#endif /* __OpenBSD__ */ -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __sparc64__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__sparc__) && !defined(__sparc64__) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long tick; - asm volatile (".byte 0x83, 0x41, 0x00, 0x00"); - asm volatile ("mov %%g1, %0" : "=r" (tick)); - return tick; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __sparc__ && !__sparc64__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__alpha__) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long cc; - asm volatile ("rpcc %0" : "=r" (cc)); - return cc & 0xFFFFFFFF; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __alpha__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__ia64__) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - unsigned long itc; - asm volatile ("mov %0 = ar.itc" : "=r" (itc)); - return itc; -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __ia64__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(_WIN32) && \ - !defined(EFIX64) && !defined(EFI32) - -#define HAVE_HARDCLOCK - -static unsigned long mbedtls_timing_hardclock(void) -{ - LARGE_INTEGER offset; - - QueryPerformanceCounter(&offset); - - return (unsigned long) (offset.QuadPart); -} -#endif /* !HAVE_HARDCLOCK && _WIN32 && !EFIX64 && !EFI32 */ - -#if !defined(HAVE_HARDCLOCK) - -#define HAVE_HARDCLOCK - -static int hardclock_init = 0; -static struct timeval tv_init; - -static unsigned long mbedtls_timing_hardclock(void) -{ - struct timeval tv_cur; - - if (hardclock_init == 0) { - gettimeofday(&tv_init, NULL); - hardclock_init = 1; - } - - gettimeofday(&tv_cur, NULL); - return (tv_cur.tv_sec - tv_init.tv_sec) * 1000000U - + (tv_cur.tv_usec - tv_init.tv_usec); -} -#endif /* !HAVE_HARDCLOCK */ - -volatile int mbedtls_timing_alarmed = 0; - -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - -/* It's OK to use a global because alarm() is supposed to be global anyway */ -static DWORD alarmMs; - -static void TimerProc(void *TimerContext) -{ - (void) TimerContext; - Sleep(alarmMs); - mbedtls_timing_alarmed = 1; - /* _endthread will be called implicitly on return - * That ensures execution of thread function's epilogue */ -} - -static void mbedtls_set_alarm(int seconds) -{ - if (seconds == 0) { - /* No need to create a thread for this simple case. - * Also, this shorcut is more reliable at least on MinGW32 */ - mbedtls_timing_alarmed = 1; - return; - } - - mbedtls_timing_alarmed = 0; - alarmMs = seconds * 1000; - (void) _beginthread(TimerProc, 0, NULL); -} - -#else /* _WIN32 && !EFIX64 && !EFI32 */ - -static void sighandler(int signum) -{ - mbedtls_timing_alarmed = 1; - signal(signum, sighandler); -} - -static void mbedtls_set_alarm(int seconds) -{ - mbedtls_timing_alarmed = 0; - signal(SIGALRM, sighandler); - alarm(seconds); - if (seconds == 0) { - /* alarm(0) cancelled any previous pending alarm, but the - handler won't fire, so raise the flag straight away. */ - mbedtls_timing_alarmed = 1; - } -} - -#endif /* _WIN32 && !EFIX64 && !EFI32 */ -#endif /* !MBEDTLS_TIMING_ALT */ - -static int myrand(void *rng_state, unsigned char *output, size_t len) -{ - size_t use_len; - int rnd; - - if (rng_state != NULL) { - rng_state = NULL; - } - - while (len > 0) { - use_len = len; - if (use_len > sizeof(int)) { - use_len = sizeof(int); - } - - rnd = rand(); - memcpy(output, &rnd, use_len); - output += use_len; - len -= use_len; - } - - return 0; -} - -#define CHECK_AND_CONTINUE(R) \ - { \ - int CHECK_AND_CONTINUE_ret = (R); \ - if (CHECK_AND_CONTINUE_ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) { \ - mbedtls_printf("Feature not supported. Skipping.\n"); \ - continue; \ - } \ - else if (CHECK_AND_CONTINUE_ret != 0) { \ - mbedtls_exit(1); \ - } \ - } - -#if defined(MBEDTLS_ECP_C) -static int set_ecp_curve(const char *string, mbedtls_ecp_curve_info *curve) -{ - const mbedtls_ecp_curve_info *found = - mbedtls_ecp_curve_info_from_name(string); - if (found != NULL) { - *curve = *found; - return 1; - } else { - return 0; - } -} -#endif - -unsigned char buf[BUFSIZE]; - -typedef struct { - char md5, ripemd160, sha1, sha256, sha512, - sha3_224, sha3_256, sha3_384, sha3_512, - des3, des, - aes_cbc, aes_cfb128, aes_cfb8, aes_ctr, aes_gcm, aes_ccm, aes_xts, chachapoly, - aes_cmac, des3_cmac, - aria, camellia, chacha20, - poly1305, - ctr_drbg, hmac_drbg, - rsa, dhm, ecdsa, ecdh; -} todo_list; - - -int main(int argc, char *argv[]) -{ - int i; - unsigned char tmp[200]; - char title[TITLE_LEN]; - todo_list todo; -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - unsigned char alloc_buf[HEAP_SIZE] = { 0 }; -#endif -#if defined(MBEDTLS_ECP_C) - mbedtls_ecp_curve_info single_curve[2] = { - { MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, - { MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, - }; - const mbedtls_ecp_curve_info *curve_list = mbedtls_ecp_curve_list(); -#endif - -#if defined(MBEDTLS_ECP_C) - (void) curve_list; /* Unused in some configurations where no benchmark uses ECC */ -#endif - - if (argc <= 1) { - memset(&todo, 1, sizeof(todo)); - } else { - memset(&todo, 0, sizeof(todo)); - - for (i = 1; i < argc; i++) { - if (strcmp(argv[i], "md5") == 0) { - todo.md5 = 1; - } else if (strcmp(argv[i], "ripemd160") == 0) { - todo.ripemd160 = 1; - } else if (strcmp(argv[i], "sha1") == 0) { - todo.sha1 = 1; - } else if (strcmp(argv[i], "sha256") == 0) { - todo.sha256 = 1; - } else if (strcmp(argv[i], "sha512") == 0) { - todo.sha512 = 1; - } else if (strcmp(argv[i], "sha3_224") == 0) { - todo.sha3_224 = 1; - } else if (strcmp(argv[i], "sha3_256") == 0) { - todo.sha3_256 = 1; - } else if (strcmp(argv[i], "sha3_384") == 0) { - todo.sha3_384 = 1; - } else if (strcmp(argv[i], "sha3_512") == 0) { - todo.sha3_512 = 1; - } else if (strcmp(argv[i], "des3") == 0) { - todo.des3 = 1; - } else if (strcmp(argv[i], "des") == 0) { - todo.des = 1; - } else if (strcmp(argv[i], "aes_cbc") == 0) { - todo.aes_cbc = 1; - } else if (strcmp(argv[i], "aes_cfb128") == 0) { - todo.aes_cfb128 = 1; - } else if (strcmp(argv[i], "aes_cfb8") == 0) { - todo.aes_cfb8 = 1; - } else if (strcmp(argv[i], "aes_ctr") == 0) { - todo.aes_ctr = 1; - } else if (strcmp(argv[i], "aes_xts") == 0) { - todo.aes_xts = 1; - } else if (strcmp(argv[i], "aes_gcm") == 0) { - todo.aes_gcm = 1; - } else if (strcmp(argv[i], "aes_ccm") == 0) { - todo.aes_ccm = 1; - } else if (strcmp(argv[i], "chachapoly") == 0) { - todo.chachapoly = 1; - } else if (strcmp(argv[i], "aes_cmac") == 0) { - todo.aes_cmac = 1; - } else if (strcmp(argv[i], "des3_cmac") == 0) { - todo.des3_cmac = 1; - } else if (strcmp(argv[i], "aria") == 0) { - todo.aria = 1; - } else if (strcmp(argv[i], "camellia") == 0) { - todo.camellia = 1; - } else if (strcmp(argv[i], "chacha20") == 0) { - todo.chacha20 = 1; - } else if (strcmp(argv[i], "poly1305") == 0) { - todo.poly1305 = 1; - } else if (strcmp(argv[i], "ctr_drbg") == 0) { - todo.ctr_drbg = 1; - } else if (strcmp(argv[i], "hmac_drbg") == 0) { - todo.hmac_drbg = 1; - } else if (strcmp(argv[i], "rsa") == 0) { - todo.rsa = 1; - } else if (strcmp(argv[i], "dhm") == 0) { - todo.dhm = 1; - } else if (strcmp(argv[i], "ecdsa") == 0) { - todo.ecdsa = 1; - } else if (strcmp(argv[i], "ecdh") == 0) { - todo.ecdh = 1; - } -#if defined(MBEDTLS_ECP_C) - else if (set_ecp_curve(argv[i], single_curve)) { - curve_list = single_curve; - } -#endif - else { - mbedtls_printf("Unrecognized option: %s\n", argv[i]); - mbedtls_printf("Available options: " OPTIONS); - } - } - } - - mbedtls_printf("\n"); - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); -#endif - memset(buf, 0xAA, sizeof(buf)); - memset(tmp, 0xBB, sizeof(tmp)); - - /* Avoid "unused static function" warning in configurations without - * symmetric crypto. */ - (void) mbedtls_timing_hardclock; - -#if defined(MBEDTLS_MD5_C) - if (todo.md5) { - TIME_AND_TSC("MD5", mbedtls_md5(buf, BUFSIZE, tmp)); - } -#endif - -#if defined(MBEDTLS_RIPEMD160_C) - if (todo.ripemd160) { - TIME_AND_TSC("RIPEMD160", mbedtls_ripemd160(buf, BUFSIZE, tmp)); - } -#endif - -#if defined(MBEDTLS_SHA1_C) - if (todo.sha1) { - TIME_AND_TSC("SHA-1", mbedtls_sha1(buf, BUFSIZE, tmp)); - } -#endif - -#if defined(MBEDTLS_SHA256_C) - if (todo.sha256) { - TIME_AND_TSC("SHA-256", mbedtls_sha256(buf, BUFSIZE, tmp, 0)); - } -#endif - -#if defined(MBEDTLS_SHA512_C) - if (todo.sha512) { - TIME_AND_TSC("SHA-512", mbedtls_sha512(buf, BUFSIZE, tmp, 0)); - } -#endif -#if defined(MBEDTLS_SHA3_C) - if (todo.sha3_224) { - TIME_AND_TSC("SHA3-224", mbedtls_sha3(MBEDTLS_SHA3_224, buf, BUFSIZE, tmp, 28)); - } - if (todo.sha3_256) { - TIME_AND_TSC("SHA3-256", mbedtls_sha3(MBEDTLS_SHA3_256, buf, BUFSIZE, tmp, 32)); - } - if (todo.sha3_384) { - TIME_AND_TSC("SHA3-384", mbedtls_sha3(MBEDTLS_SHA3_384, buf, BUFSIZE, tmp, 48)); - } - if (todo.sha3_512) { - TIME_AND_TSC("SHA3-512", mbedtls_sha3(MBEDTLS_SHA3_512, buf, BUFSIZE, tmp, 64)); - } -#endif - -#if defined(MBEDTLS_DES_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if (todo.des3) { - mbedtls_des3_context des3; - - mbedtls_des3_init(&des3); - if (mbedtls_des3_set3key_enc(&des3, tmp) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("3DES", - mbedtls_des3_crypt_cbc(&des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf)); - mbedtls_des3_free(&des3); - } - - if (todo.des) { - mbedtls_des_context des; - - mbedtls_des_init(&des); - if (mbedtls_des_setkey_enc(&des, tmp) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("DES", - mbedtls_des_crypt_cbc(&des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf)); - mbedtls_des_free(&des); - } - -#endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CMAC_C) - if (todo.des3_cmac) { - unsigned char output[8]; - const mbedtls_cipher_info_t *cipher_info; - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - - cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_DES_EDE3_ECB); - - TIME_AND_TSC("3DES-CMAC", - mbedtls_cipher_cmac(cipher_info, tmp, 192, buf, - BUFSIZE, output)); - } -#endif /* MBEDTLS_CMAC_C */ -#endif /* MBEDTLS_DES_C */ - -#if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if (todo.aes_cbc) { - int keysize; - mbedtls_aes_context aes; - - mbedtls_aes_init(&aes); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CBC-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); - - TIME_AND_TSC(title, - mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf)); - } - mbedtls_aes_free(&aes); - } -#endif -#if defined(MBEDTLS_CIPHER_MODE_CFB) - if (todo.aes_cfb128) { - int keysize; - size_t iv_off = 0; - mbedtls_aes_context aes; - - mbedtls_aes_init(&aes); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CFB128-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); - - TIME_AND_TSC(title, - mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, - &iv_off, tmp, buf, buf)); - } - mbedtls_aes_free(&aes); - } - if (todo.aes_cfb8) { - int keysize; - mbedtls_aes_context aes; - - mbedtls_aes_init(&aes); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CFB8-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); - - TIME_AND_TSC(title, - mbedtls_aes_crypt_cfb8(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf)); - } - mbedtls_aes_free(&aes); - } -#endif -#if defined(MBEDTLS_CIPHER_MODE_CTR) - if (todo.aes_ctr) { - int keysize; - mbedtls_aes_context aes; - - uint8_t stream_block[16]; - size_t nc_off; - - mbedtls_aes_init(&aes); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CTR-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - memset(stream_block, 0, sizeof(stream_block)); - nc_off = 0; - - CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); - - TIME_AND_TSC(title, mbedtls_aes_crypt_ctr(&aes, BUFSIZE, &nc_off, tmp, stream_block, - buf, buf)); - } - mbedtls_aes_free(&aes); - } -#endif -#if defined(MBEDTLS_CIPHER_MODE_XTS) - if (todo.aes_xts) { - int keysize; - mbedtls_aes_xts_context ctx; - - mbedtls_aes_xts_init(&ctx); - for (keysize = 128; keysize <= 256; keysize += 128) { - mbedtls_snprintf(title, sizeof(title), "AES-XTS-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - CHECK_AND_CONTINUE(mbedtls_aes_xts_setkey_enc(&ctx, tmp, keysize * 2)); - - TIME_AND_TSC(title, - mbedtls_aes_crypt_xts(&ctx, MBEDTLS_AES_ENCRYPT, BUFSIZE, - tmp, buf, buf)); - - mbedtls_aes_xts_free(&ctx); - } - } -#endif -#if defined(MBEDTLS_GCM_C) - if (todo.aes_gcm) { - int keysize; - mbedtls_gcm_context gcm; - - mbedtls_gcm_init(&gcm); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-GCM-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - mbedtls_gcm_setkey(&gcm, MBEDTLS_CIPHER_ID_AES, tmp, keysize); - - TIME_AND_TSC(title, - mbedtls_gcm_crypt_and_tag(&gcm, MBEDTLS_GCM_ENCRYPT, BUFSIZE, tmp, - 12, NULL, 0, buf, buf, 16, tmp)); - - mbedtls_gcm_free(&gcm); - } - } -#endif -#if defined(MBEDTLS_CCM_C) - if (todo.aes_ccm) { - int keysize; - mbedtls_ccm_context ccm; - - mbedtls_ccm_init(&ccm); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "AES-CCM-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - mbedtls_ccm_setkey(&ccm, MBEDTLS_CIPHER_ID_AES, tmp, keysize); - - TIME_AND_TSC(title, - mbedtls_ccm_encrypt_and_tag(&ccm, BUFSIZE, tmp, - 12, NULL, 0, buf, buf, tmp, 16)); - - mbedtls_ccm_free(&ccm); - } - } -#endif -#if defined(MBEDTLS_CHACHAPOLY_C) - if (todo.chachapoly) { - mbedtls_chachapoly_context chachapoly; - - mbedtls_chachapoly_init(&chachapoly); - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - - mbedtls_snprintf(title, sizeof(title), "ChaCha20-Poly1305"); - - mbedtls_chachapoly_setkey(&chachapoly, tmp); - - TIME_AND_TSC(title, - mbedtls_chachapoly_encrypt_and_tag(&chachapoly, - BUFSIZE, tmp, NULL, 0, buf, buf, tmp)); - - mbedtls_chachapoly_free(&chachapoly); - } -#endif -#if defined(MBEDTLS_CMAC_C) - if (todo.aes_cmac) { - unsigned char output[16]; - const mbedtls_cipher_info_t *cipher_info; - mbedtls_cipher_type_t cipher_type; - int keysize; - - for (keysize = 128, cipher_type = MBEDTLS_CIPHER_AES_128_ECB; - keysize <= 256; - keysize += 64, cipher_type++) { - mbedtls_snprintf(title, sizeof(title), "AES-CMAC-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - - cipher_info = mbedtls_cipher_info_from_type(cipher_type); - - TIME_AND_TSC(title, - mbedtls_cipher_cmac(cipher_info, tmp, keysize, - buf, BUFSIZE, output)); - } - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - TIME_AND_TSC("AES-CMAC-PRF-128", - mbedtls_aes_cmac_prf_128(tmp, 16, buf, BUFSIZE, - output)); - } -#endif /* MBEDTLS_CMAC_C */ -#endif /* MBEDTLS_AES_C */ - -#if defined(MBEDTLS_ARIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC) - if (todo.aria) { - int keysize; - mbedtls_aria_context aria; - - mbedtls_aria_init(&aria); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "ARIA-CBC-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - mbedtls_aria_setkey_enc(&aria, tmp, keysize); - - TIME_AND_TSC(title, - mbedtls_aria_crypt_cbc(&aria, MBEDTLS_ARIA_ENCRYPT, - BUFSIZE, tmp, buf, buf)); - } - mbedtls_aria_free(&aria); - } -#endif - -#if defined(MBEDTLS_CAMELLIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC) - if (todo.camellia) { - int keysize; - mbedtls_camellia_context camellia; - - mbedtls_camellia_init(&camellia); - for (keysize = 128; keysize <= 256; keysize += 64) { - mbedtls_snprintf(title, sizeof(title), "CAMELLIA-CBC-%d", keysize); - - memset(buf, 0, sizeof(buf)); - memset(tmp, 0, sizeof(tmp)); - mbedtls_camellia_setkey_enc(&camellia, tmp, keysize); - - TIME_AND_TSC(title, - mbedtls_camellia_crypt_cbc(&camellia, MBEDTLS_CAMELLIA_ENCRYPT, - BUFSIZE, tmp, buf, buf)); - } - mbedtls_camellia_free(&camellia); - } -#endif - -#if defined(MBEDTLS_CHACHA20_C) - if (todo.chacha20) { - TIME_AND_TSC("ChaCha20", mbedtls_chacha20_crypt(buf, buf, 0U, BUFSIZE, buf, buf)); - } -#endif - -#if defined(MBEDTLS_POLY1305_C) - if (todo.poly1305) { - TIME_AND_TSC("Poly1305", mbedtls_poly1305_mac(buf, buf, BUFSIZE, buf)); - } -#endif - -#if defined(MBEDTLS_CTR_DRBG_C) - if (todo.ctr_drbg) { - mbedtls_ctr_drbg_context ctr_drbg; - - mbedtls_ctr_drbg_init(&ctr_drbg); - if (mbedtls_ctr_drbg_seed(&ctr_drbg, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("CTR_DRBG (NOPR)", - mbedtls_ctr_drbg_random(&ctr_drbg, buf, BUFSIZE)); - mbedtls_ctr_drbg_free(&ctr_drbg); - - mbedtls_ctr_drbg_init(&ctr_drbg); - if (mbedtls_ctr_drbg_seed(&ctr_drbg, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - mbedtls_ctr_drbg_set_prediction_resistance(&ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON); - TIME_AND_TSC("CTR_DRBG (PR)", - mbedtls_ctr_drbg_random(&ctr_drbg, buf, BUFSIZE)); - mbedtls_ctr_drbg_free(&ctr_drbg); - } -#endif - -#if defined(MBEDTLS_HMAC_DRBG_C) && \ - (defined(MBEDTLS_SHA1_C) || defined(MBEDTLS_SHA256_C)) - if (todo.hmac_drbg) { - mbedtls_hmac_drbg_context hmac_drbg; - const mbedtls_md_info_t *md_info; - - mbedtls_hmac_drbg_init(&hmac_drbg); - -#if defined(MBEDTLS_SHA1_C) - if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1)) == NULL) { - mbedtls_exit(1); - } - - if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("HMAC_DRBG SHA-1 (NOPR)", - mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE)); - - if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - mbedtls_hmac_drbg_set_prediction_resistance(&hmac_drbg, - MBEDTLS_HMAC_DRBG_PR_ON); - TIME_AND_TSC("HMAC_DRBG SHA-1 (PR)", - mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE)); -#endif - -#if defined(MBEDTLS_SHA256_C) - if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)) == NULL) { - mbedtls_exit(1); - } - - if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - TIME_AND_TSC("HMAC_DRBG SHA-256 (NOPR)", - mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE)); - - if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) { - mbedtls_exit(1); - } - mbedtls_hmac_drbg_set_prediction_resistance(&hmac_drbg, - MBEDTLS_HMAC_DRBG_PR_ON); - TIME_AND_TSC("HMAC_DRBG SHA-256 (PR)", - mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE)); -#endif - mbedtls_hmac_drbg_free(&hmac_drbg); - } -#endif /* MBEDTLS_HMAC_DRBG_C && ( MBEDTLS_SHA1_C || MBEDTLS_SHA256_C ) */ - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) - if (todo.rsa) { - int keysize; - mbedtls_rsa_context rsa; - - for (keysize = 2048; keysize <= 4096; keysize += 1024) { - mbedtls_snprintf(title, sizeof(title), "RSA-%d", keysize); - - mbedtls_rsa_init(&rsa); - mbedtls_rsa_gen_key(&rsa, myrand, NULL, keysize, 65537); - - TIME_PUBLIC(title, " public", - buf[0] = 0; - ret = mbedtls_rsa_public(&rsa, buf, buf)); - - TIME_PUBLIC(title, "private", - buf[0] = 0; - ret = mbedtls_rsa_private(&rsa, myrand, NULL, buf, buf)); - - mbedtls_rsa_free(&rsa); - } - } -#endif - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_BIGNUM_C) - if (todo.dhm) { - int dhm_sizes[] = { 2048, 3072 }; - static const unsigned char dhm_P_2048[] = - MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; - static const unsigned char dhm_P_3072[] = - MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN; - static const unsigned char dhm_G_2048[] = - MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; - static const unsigned char dhm_G_3072[] = - MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN; - - const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 }; - const size_t dhm_P_size[] = { sizeof(dhm_P_2048), - sizeof(dhm_P_3072) }; - - const unsigned char *dhm_G[] = { dhm_G_2048, dhm_G_3072 }; - const size_t dhm_G_size[] = { sizeof(dhm_G_2048), - sizeof(dhm_G_3072) }; - - mbedtls_dhm_context dhm; - size_t olen; - size_t n; - mbedtls_mpi P, G; - mbedtls_mpi_init(&P); mbedtls_mpi_init(&G); - - for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) { - mbedtls_dhm_init(&dhm); - - if (mbedtls_mpi_read_binary(&P, dhm_P[i], - dhm_P_size[i]) != 0 || - mbedtls_mpi_read_binary(&G, dhm_G[i], - dhm_G_size[i]) != 0 || - mbedtls_dhm_set_group(&dhm, &P, &G) != 0) { - mbedtls_exit(1); - } - - n = mbedtls_dhm_get_len(&dhm); - mbedtls_dhm_make_public(&dhm, (int) n, buf, n, myrand, NULL); - - if (mbedtls_dhm_read_public(&dhm, buf, n) != 0) { - mbedtls_exit(1); - } - - mbedtls_snprintf(title, sizeof(title), "DHE-%d", dhm_sizes[i]); - TIME_PUBLIC(title, "handshake", - ret |= mbedtls_dhm_make_public(&dhm, (int) n, buf, n, - myrand, NULL); - ret |= - mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL)); - - mbedtls_snprintf(title, sizeof(title), "DH-%d", dhm_sizes[i]); - TIME_PUBLIC(title, "handshake", - ret |= - mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL)); - - mbedtls_dhm_free(&dhm); - mbedtls_mpi_free(&P), mbedtls_mpi_free(&G); - } - } -#endif - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C) - if (todo.ecdsa) { - mbedtls_ecdsa_context ecdsa; - const mbedtls_ecp_curve_info *curve_info; - size_t sig_len; - - memset(buf, 0x2A, sizeof(buf)); - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdsa_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdsa_init(&ecdsa); - - if (mbedtls_ecdsa_genkey(&ecdsa, curve_info->grp_id, myrand, NULL) != 0) { - mbedtls_exit(1); - } - - mbedtls_snprintf(title, sizeof(title), "ECDSA-%s", - curve_info->name); - TIME_PUBLIC(title, - "sign", - ret = - mbedtls_ecdsa_write_signature(&ecdsa, MBEDTLS_MD_SHA256, buf, - curve_info->bit_size, - tmp, sizeof(tmp), &sig_len, myrand, - NULL)); - - mbedtls_ecdsa_free(&ecdsa); - } - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdsa_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdsa_init(&ecdsa); - - if (mbedtls_ecdsa_genkey(&ecdsa, curve_info->grp_id, myrand, NULL) != 0 || - mbedtls_ecdsa_write_signature(&ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size, - tmp, sizeof(tmp), &sig_len, myrand, NULL) != 0) { - mbedtls_exit(1); - } - - mbedtls_snprintf(title, sizeof(title), "ECDSA-%s", - curve_info->name); - TIME_PUBLIC(title, "verify", - ret = mbedtls_ecdsa_read_signature(&ecdsa, buf, curve_info->bit_size, - tmp, sig_len)); - - mbedtls_ecdsa_free(&ecdsa); - } - } -#endif - -#if defined(MBEDTLS_ECDH_C) - if (todo.ecdh) { - mbedtls_ecdh_context ecdh_srv, ecdh_cli; - unsigned char buf_srv[BUFSIZE], buf_cli[BUFSIZE]; - const mbedtls_ecp_curve_info *curve_info; - size_t params_len, publen, seclen; - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdh_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdh_init(&ecdh_srv); - - CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, ¶ms_len, buf_srv, - sizeof(buf_srv), myrand, NULL)); - - mbedtls_snprintf(title, sizeof(title), "ECDHE-%s", curve_info->name); - TIME_PUBLIC(title, - "ephemeral handshake", - const unsigned char *p_srv = buf_srv; - mbedtls_ecdh_init(&ecdh_cli); - - CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv, - p_srv + params_len)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &publen, buf_cli, - sizeof(buf_cli), myrand, NULL)); - - CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &seclen, buf_cli, - sizeof(buf_cli), myrand, NULL)); - mbedtls_ecdh_free(&ecdh_cli); - ); - - mbedtls_ecdh_free(&ecdh_srv); - } - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdh_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdh_init(&ecdh_srv); - mbedtls_ecdh_init(&ecdh_cli); - - CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, ¶ms_len, buf_srv, - sizeof(buf_srv), myrand, NULL)); - - const unsigned char *p_srv = buf_srv; - CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv, - p_srv + params_len)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &publen, buf_cli, - sizeof(buf_cli), myrand, NULL)); - - - mbedtls_snprintf(title, sizeof(title), "ECDH-%s", curve_info->name); - TIME_PUBLIC(title, - "static handshake", - CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &seclen, buf_cli, - sizeof(buf_cli), myrand, NULL)); - ); - - mbedtls_ecdh_free(&ecdh_cli); - mbedtls_ecdh_free(&ecdh_srv); - } - } -#endif - - mbedtls_printf("\n"); - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_free(); -#endif - - mbedtls_exit(0); -} - -#endif /* MBEDTLS_HAVE_TIME */ From f8244d49b074f19f3007862722f0c47b1b352ab4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 19 Feb 2025 10:35:41 +0100 Subject: [PATCH 0137/1548] programs: update .gitignore Remove entry for benchmark program since it was moved to the tf-psa-crypto repo. Signed-off-by: Valerio Setti --- programs/.gitignore | 1 - 1 file changed, 1 deletion(-) diff --git a/programs/.gitignore b/programs/.gitignore index c3e61c16bd..939e405952 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -46,7 +46,6 @@ ssl/ssl_mail_client ssl/ssl_pthread_server ssl/ssl_server ssl/ssl_server2 -test/benchmark test/cpp_dummy_build test/cpp_dummy_build.cpp test/dlopen From 69d078157655691de1aa5798cc8333a9231d1446 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 19 Feb 2025 11:07:44 +0100 Subject: [PATCH 0138/1548] scripts: move ecc-heap.sh to tf-psa-crypto Since benchmark programs was moved to tf-psa-crypto, this script should be moved as well. Signed-off-by: Valerio Setti --- scripts/ecc-heap.sh | 87 --------------------------------------------- 1 file changed, 87 deletions(-) delete mode 100755 scripts/ecc-heap.sh diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh deleted file mode 100755 index 3eb2ff4492..0000000000 --- a/scripts/ecc-heap.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/sh - -# Measure heap usage (and performance) of ECC operations with various values of -# the relevant tunable compile-time parameters. -# -# Usage (preferably on a 32-bit platform): -# cmake -D CMAKE_BUILD_TYPE=Release . -# scripts/ecc-heap.sh | tee ecc-heap.log -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -set -eu - -CONFIG_H='include/mbedtls/mbedtls_config.h' - -if [ -r $CONFIG_H ]; then :; else - echo "$CONFIG_H not found" >&2 - exit 1 -fi - -if grep -i cmake Makefile >/dev/null; then :; else - echo "Needs Cmake" >&2 - exit 1 -fi - -if git status | grep -F $CONFIG_H >/dev/null 2>&1; then - echo "mbedtls_config.h not clean" >&2 - exit 1 -fi - -CONFIG_BAK=${CONFIG_H}.bak -cp $CONFIG_H $CONFIG_BAK - -cat << EOF >$CONFIG_H -#define MBEDTLS_PLATFORM_C -#define MBEDTLS_PLATFORM_MEMORY -#define MBEDTLS_MEMORY_BUFFER_ALLOC_C -#define MBEDTLS_MEMORY_DEBUG - -#define MBEDTLS_TIMING_C - -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_ECP_C -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_ECDSA_C -#define MBEDTLS_SHA256_C // ECDSA benchmark needs it -#define MBEDTLS_SHA224_C // SHA256 requires this for now -#define MBEDTLS_ECDH_C - -// NIST curves >= 256 bits -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -// SECP "koblitz-like" curve >= 256 bits -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -// Brainpool curves (no specialised "mod p" routine) -#define MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_ECP_DP_BP512R1_ENABLED -// Montgomery curves -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_ECP_DP_CURVE448_ENABLED - -#define MBEDTLS_HAVE_ASM // just make things a bit faster -#define MBEDTLS_ECP_NIST_OPTIM // faster and less allocations - -//#define MBEDTLS_ECP_WINDOW_SIZE 4 -//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 -EOF - -for F in 0 1; do - for W in 2 3 4; do - scripts/config.py set MBEDTLS_ECP_WINDOW_SIZE $W - scripts/config.py set MBEDTLS_ECP_FIXED_POINT_OPTIM $F - make benchmark >/dev/null 2>&1 - echo "fixed point optim = $F, max window size = $W" - echo "--------------------------------------------" - programs/test/benchmark ecdh ecdsa - done -done - -# cleanup - -mv $CONFIG_BAK $CONFIG_H -make clean From aa380c4a829d051eb840b15ab88aff9f9362ad57 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 21 Feb 2025 11:31:33 +0100 Subject: [PATCH 0139/1548] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 67212566e9..2cfed8e711 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 67212566e95c936f8375eb634c249dd71dea582d +Subproject commit 2cfed8e711554ffc9432209caa62244938a7da7b From 79a8ded3159821b08cde22713f42e3db2819b7bb Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 24 Jan 2025 17:39:58 +0000 Subject: [PATCH 0140/1548] Add TLS Hanshake defragmentation tests Tests uses openssl s_server with a mix of max_send_frag and split_send_frag options. Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 84 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 23b692c723..a926f50bce 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13872,6 +13872,90 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth -c "Handshake was completed" \ -s "dumping .client hello, compression. (2 bytes)" +# Handshake defragmentation testing + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (512)" \ + "$O_SRV -max_send_frag 512 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (513)" \ + "$O_SRV -max_send_frag 513 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (256)" \ + "$O_SRV -mtu 32 -split_send_frag 256 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (128)" \ + "$O_SRV -mtu 32 -split_send_frag 128 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (64)" \ + "$O_SRV -mtu 32 -split_send_frag 64 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (36)" \ + "$O_SRV -mtu 32 -split_send_frag 36 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (32)" \ + "$O_SRV -mtu 32 -split_send_frag 32 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (16)" \ + "$O_SRV -mtu 32 -split_send_frag 16 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (13)" \ + "$O_SRV -mtu 32 -split_send_frag 13 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Hanshake defragmentation (5)" \ + "$O_SRV -mtu 32 -split_send_frag 5 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "received ServerHello message" \ + -c "<= handshake" \ + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 0e0d5d4dc84d81e5d3fc98026c1e6dc0e0beb2a5 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 28 Jan 2025 16:47:21 +0000 Subject: [PATCH 0141/1548] Improve TLS handshake defragmentation tests * Add tests for the server side. * Remove restriction for TLS 1.2 so that we can test TLS 1.2 & 1.3. * Use latest version of openSSL to make sure -max_send_frag & -split_send_frag flags are supported. Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 131 ++++++++++++++++++++++++++++++++++++----------- 1 file changed, 100 insertions(+), 31 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a926f50bce..8d1ec9e4e9 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13874,87 +13874,156 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (512)" \ - "$O_SRV -max_send_frag 512 " \ +run_test "Client Hanshake defragmentation (512)" \ + "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (513)" \ - "$O_SRV -max_send_frag 513 " \ +run_test "Client Hanshake defragmentation (513)" \ + "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (256)" \ - "$O_SRV -mtu 32 -split_send_frag 256 " \ +run_test "Client Hanshake defragmentation (256)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (128)" \ - "$O_SRV -mtu 32 -split_send_frag 128 " \ +run_test "Client Hanshake defragmentation (128)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (64)" \ - "$O_SRV -mtu 32 -split_send_frag 64 " \ +run_test "Client Hanshake defragmentation (64)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (36)" \ - "$O_SRV -mtu 32 -split_send_frag 36 " \ +run_test "Client Hanshake defragmentation (36)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (32)" \ - "$O_SRV -mtu 32 -split_send_frag 32 " \ +run_test "Client Hanshake defragmentation (32)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (16)" \ - "$O_SRV -mtu 32 -split_send_frag 16 " \ +run_test "Client Hanshake defragmentation (16)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (13)" \ - "$O_SRV -mtu 32 -split_send_frag 13 " \ +run_test "Client Hanshake defragmentation (13)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Hanshake defragmentation (5)" \ - "$O_SRV -mtu 32 -split_send_frag 5 " \ +run_test "Client Hanshake defragmentation (5)" \ + "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ -c "received ServerHello message" \ -c "<= handshake" \ + -c "handshake fragment: " + +run_test "Server Hanshake defragmentation (512)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -max_send_frag 512 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (513)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -max_send_frag 513 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (256)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 256 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (128)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 128 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (64)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 64 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (36)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 36 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (32)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 32 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (16)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 16 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (13)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 13 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " + +run_test "Server Hanshake defragmentation (5)" \ + "$P_SRV debug_level=4 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 5 " \ + 0 \ + -s "<= handshake" \ + -s "handshake fragment: " # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 From c0118d87b93231b1e0bffb3f6d6d1a8567c45d98 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 29 Jan 2025 16:23:40 +0000 Subject: [PATCH 0142/1548] Fix typo in TLS Handshake defrafmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8d1ec9e4e9..fd196cd099 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13874,7 +13874,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing -run_test "Client Hanshake defragmentation (512)" \ +run_test "Client Handshake defragmentation (512)" \ "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13882,7 +13882,7 @@ run_test "Client Hanshake defragmentation (512)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (513)" \ +run_test "Client Handshake defragmentation (513)" \ "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13890,7 +13890,7 @@ run_test "Client Hanshake defragmentation (513)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (256)" \ +run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13898,7 +13898,7 @@ run_test "Client Hanshake defragmentation (256)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (128)" \ +run_test "Client Handshake defragmentation (128)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13906,7 +13906,7 @@ run_test "Client Hanshake defragmentation (128)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (64)" \ +run_test "Client Handshake defragmentation (64)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13914,7 +13914,7 @@ run_test "Client Hanshake defragmentation (64)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (36)" \ +run_test "Client Handshake defragmentation (36)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13922,7 +13922,7 @@ run_test "Client Hanshake defragmentation (36)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (32)" \ +run_test "Client Handshake defragmentation (32)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13930,7 +13930,7 @@ run_test "Client Hanshake defragmentation (32)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (16)" \ +run_test "Client Handshake defragmentation (16)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13939,7 +13939,7 @@ run_test "Client Hanshake defragmentation (16)" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (13)" \ +run_test "Client Handshake defragmentation (13)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13947,7 +13947,7 @@ run_test "Client Hanshake defragmentation (13)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Client Hanshake defragmentation (5)" \ +run_test "Client Handshake defragmentation (5)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13955,70 +13955,70 @@ run_test "Client Hanshake defragmentation (5)" \ -c "<= handshake" \ -c "handshake fragment: " -run_test "Server Hanshake defragmentation (512)" \ +run_test "Server Handshake defragmentation (512)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -max_send_frag 512 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (513)" \ +run_test "Server Handshake defragmentation (513)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -max_send_frag 513 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (256)" \ +run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 256 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (128)" \ +run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 128 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (64)" \ +run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 64 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (36)" \ +run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 36 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (32)" \ +run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 32 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (16)" \ +run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 16 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (13)" \ +run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 13 " \ 0 \ -s "<= handshake" \ -s "handshake fragment: " -run_test "Server Hanshake defragmentation (5)" \ +run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 5 " \ 0 \ From fccd014c2d9f5f154d7a813dafc9168503b9d2eb Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 29 Jan 2025 16:58:58 +0000 Subject: [PATCH 0143/1548] Remove unnecessary string check in handshake defragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index fd196cd099..d59d681216 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13878,7 +13878,6 @@ run_test "Client Handshake defragmentation (512)" \ "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -13886,7 +13885,6 @@ run_test "Client Handshake defragmentation (513)" \ "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -13894,7 +13892,6 @@ run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -13902,7 +13899,6 @@ run_test "Client Handshake defragmentation (128)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -13910,7 +13906,6 @@ run_test "Client Handshake defragmentation (64)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -13918,7 +13913,6 @@ run_test "Client Handshake defragmentation (36)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -13926,7 +13920,6 @@ run_test "Client Handshake defragmentation (32)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -13934,7 +13927,6 @@ run_test "Client Handshake defragmentation (16)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -13943,7 +13935,6 @@ run_test "Client Handshake defragmentation (13)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " @@ -13951,7 +13942,6 @@ run_test "Client Handshake defragmentation (5)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "received ServerHello message" \ -c "<= handshake" \ -c "handshake fragment: " From f9120311e34cb45d03a752e4f515d7ed13c45c25 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 29 Jan 2025 17:01:55 +0000 Subject: [PATCH 0144/1548] Require openssl to support TLS 1.3 in handshake defragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d59d681216..a9fd77c836 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13874,6 +13874,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (512)" \ "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ @@ -13881,6 +13882,7 @@ run_test "Client Handshake defragmentation (512)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (513)" \ "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ @@ -13888,6 +13890,7 @@ run_test "Client Handshake defragmentation (513)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ @@ -13895,6 +13898,7 @@ run_test "Client Handshake defragmentation (256)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (128)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ @@ -13902,6 +13906,7 @@ run_test "Client Handshake defragmentation (128)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (64)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ @@ -13909,6 +13914,7 @@ run_test "Client Handshake defragmentation (64)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (36)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ @@ -13916,6 +13922,7 @@ run_test "Client Handshake defragmentation (36)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (32)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ @@ -13923,6 +13930,7 @@ run_test "Client Handshake defragmentation (32)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (16)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ @@ -13930,7 +13938,7 @@ run_test "Client Handshake defragmentation (16)" \ -c "<= handshake" \ -c "handshake fragment: " - +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (13)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ @@ -13938,6 +13946,7 @@ run_test "Client Handshake defragmentation (13)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Client Handshake defragmentation (5)" \ "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ @@ -13945,6 +13954,7 @@ run_test "Client Handshake defragmentation (5)" \ -c "<= handshake" \ -c "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (512)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -max_send_frag 512 " \ @@ -13952,6 +13962,7 @@ run_test "Server Handshake defragmentation (512)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (513)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -max_send_frag 513 " \ @@ -13959,6 +13970,7 @@ run_test "Server Handshake defragmentation (513)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 256 " \ @@ -13966,6 +13978,7 @@ run_test "Server Handshake defragmentation (256)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 128 " \ @@ -13973,6 +13986,7 @@ run_test "Server Handshake defragmentation (128)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 64 " \ @@ -13980,6 +13994,7 @@ run_test "Server Handshake defragmentation (64)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 36 " \ @@ -13987,6 +14002,7 @@ run_test "Server Handshake defragmentation (36)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 32 " \ @@ -13994,6 +14010,7 @@ run_test "Server Handshake defragmentation (32)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 16 " \ @@ -14001,6 +14018,7 @@ run_test "Server Handshake defragmentation (16)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 13 " \ @@ -14008,6 +14026,7 @@ run_test "Server Handshake defragmentation (13)" \ -s "<= handshake" \ -s "handshake fragment: " +requires_openssl_tls1_3 run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 " \ "$O_NEXT_CLI -mtu 32 -split_send_frag 5 " \ From 48874b3abaf2ea71d869f2b7f4541fe90dc4676b Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 29 Jan 2025 17:13:34 +0000 Subject: [PATCH 0145/1548] Add client authentication to handshake defragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a9fd77c836..68c9f3f06d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13957,7 +13957,7 @@ run_test "Client Handshake defragmentation (5)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (512)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -max_send_frag 512 " \ + "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -13965,7 +13965,7 @@ run_test "Server Handshake defragmentation (512)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (513)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -max_send_frag 513 " \ + "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -13973,7 +13973,7 @@ run_test "Server Handshake defragmentation (513)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 256 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -13981,7 +13981,7 @@ run_test "Server Handshake defragmentation (256)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 128 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -13989,7 +13989,7 @@ run_test "Server Handshake defragmentation (128)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 64 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -13997,7 +13997,7 @@ run_test "Server Handshake defragmentation (64)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 36 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14005,7 +14005,7 @@ run_test "Server Handshake defragmentation (36)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 32 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14013,7 +14013,7 @@ run_test "Server Handshake defragmentation (32)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 16 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14021,7 +14021,7 @@ run_test "Server Handshake defragmentation (16)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 13 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14029,7 +14029,7 @@ run_test "Server Handshake defragmentation (13)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 5 " \ + "$O_NEXT_CLI -mtu 32 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " From 39d83dd38dfb9b4a26dafc5bcdee1a14eb6fc820 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 29 Jan 2025 18:28:56 +0000 Subject: [PATCH 0146/1548] Remove unneeded mtu option from handshake fragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 68c9f3f06d..7d9f7fe259 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13892,7 +13892,7 @@ run_test "Client Handshake defragmentation (513)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (256)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 256 " \ + "$O_NEXT_SRV -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -13900,7 +13900,7 @@ run_test "Client Handshake defragmentation (256)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (128)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 128 " \ + "$O_NEXT_SRV -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -13908,7 +13908,7 @@ run_test "Client Handshake defragmentation (128)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (64)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 64 " \ + "$O_NEXT_SRV -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -13916,7 +13916,7 @@ run_test "Client Handshake defragmentation (64)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (36)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 36 " \ + "$O_NEXT_SRV -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -13924,7 +13924,7 @@ run_test "Client Handshake defragmentation (36)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (32)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 32 " \ + "$O_NEXT_SRV -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -13932,7 +13932,7 @@ run_test "Client Handshake defragmentation (32)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (16)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 16 " \ + "$O_NEXT_SRV -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -13940,7 +13940,7 @@ run_test "Client Handshake defragmentation (16)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (13)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 13 " \ + "$O_NEXT_SRV -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -13948,7 +13948,7 @@ run_test "Client Handshake defragmentation (13)" \ requires_openssl_tls1_3 run_test "Client Handshake defragmentation (5)" \ - "$O_NEXT_SRV -mtu 32 -split_send_frag 5 " \ + "$O_NEXT_SRV -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ -c "<= handshake" \ @@ -13973,7 +13973,7 @@ run_test "Server Handshake defragmentation (513)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -13981,7 +13981,7 @@ run_test "Server Handshake defragmentation (256)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -13989,7 +13989,7 @@ run_test "Server Handshake defragmentation (128)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -13997,7 +13997,7 @@ run_test "Server Handshake defragmentation (64)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14005,7 +14005,7 @@ run_test "Server Handshake defragmentation (36)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14013,7 +14013,7 @@ run_test "Server Handshake defragmentation (32)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14021,7 +14021,7 @@ run_test "Server Handshake defragmentation (16)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " @@ -14029,7 +14029,7 @@ run_test "Server Handshake defragmentation (13)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 " \ - "$O_NEXT_CLI -mtu 32 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ -s "handshake fragment: " From 61b8e2d225da7e59bf759bab1708660ac4c7b1af Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 30 Jan 2025 12:02:12 +0000 Subject: [PATCH 0147/1548] Enforce client authentication in handshake fragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7d9f7fe259..5e20d32aa2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13956,7 +13956,7 @@ run_test "Client Handshake defragmentation (5)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (512)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -13964,7 +13964,7 @@ run_test "Server Handshake defragmentation (512)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (513)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -13972,7 +13972,7 @@ run_test "Server Handshake defragmentation (513)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (256)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -13980,7 +13980,7 @@ run_test "Server Handshake defragmentation (256)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (128)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -13988,7 +13988,7 @@ run_test "Server Handshake defragmentation (128)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (64)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -13996,7 +13996,7 @@ run_test "Server Handshake defragmentation (64)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (36)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -14004,7 +14004,7 @@ run_test "Server Handshake defragmentation (36)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (32)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -14012,7 +14012,7 @@ run_test "Server Handshake defragmentation (32)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (16)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -14020,7 +14020,7 @@ run_test "Server Handshake defragmentation (16)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (13)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ @@ -14028,7 +14028,7 @@ run_test "Server Handshake defragmentation (13)" \ requires_openssl_tls1_3 run_test "Server Handshake defragmentation (5)" \ - "$P_SRV debug_level=4 " \ + "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "<= handshake" \ From f162249e87be8a431928f5eb7a76c9d9ff8bfcd8 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 30 Jan 2025 17:53:02 +0000 Subject: [PATCH 0148/1548] Add a comment to elaborate using split_send_frag in handshake defragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5e20d32aa2..9a2622e418 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13890,6 +13890,9 @@ run_test "Client Handshake defragmentation (513)" \ -c "<= handshake" \ -c "handshake fragment: " +# OpenSSL does not allow max_send_frag to be less than 512 +# so we use split_send_frag instead for tests lower than 512 below. + requires_openssl_tls1_3 run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -split_send_frag 256 " \ From a75c7e09c81599b1a25cde85352e3932ed6d76b5 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 31 Jan 2025 11:25:43 +0000 Subject: [PATCH 0149/1548] Add guard to handshake defragmentation tests for client certificate Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9a2622e418..51844f2a65 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13894,6 +13894,7 @@ run_test "Client Handshake defragmentation (513)" \ # so we use split_send_frag instead for tests lower than 512 below. requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ @@ -13902,6 +13903,7 @@ run_test "Client Handshake defragmentation (256)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (128)" \ "$O_NEXT_SRV -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ @@ -13910,6 +13912,7 @@ run_test "Client Handshake defragmentation (128)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (64)" \ "$O_NEXT_SRV -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ @@ -13918,6 +13921,7 @@ run_test "Client Handshake defragmentation (64)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (36)" \ "$O_NEXT_SRV -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ @@ -13926,6 +13930,7 @@ run_test "Client Handshake defragmentation (36)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (32)" \ "$O_NEXT_SRV -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ @@ -13934,6 +13939,7 @@ run_test "Client Handshake defragmentation (32)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (16)" \ "$O_NEXT_SRV -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ @@ -13942,6 +13948,7 @@ run_test "Client Handshake defragmentation (16)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (13)" \ "$O_NEXT_SRV -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ @@ -13950,6 +13957,7 @@ run_test "Client Handshake defragmentation (13)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (5)" \ "$O_NEXT_SRV -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ @@ -13958,6 +13966,7 @@ run_test "Client Handshake defragmentation (5)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (512)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -13966,6 +13975,7 @@ run_test "Server Handshake defragmentation (512)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (513)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -13974,6 +13984,7 @@ run_test "Server Handshake defragmentation (513)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -13982,6 +13993,7 @@ run_test "Server Handshake defragmentation (256)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -13990,6 +14002,7 @@ run_test "Server Handshake defragmentation (128)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -13998,6 +14011,7 @@ run_test "Server Handshake defragmentation (64)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14006,6 +14020,7 @@ run_test "Server Handshake defragmentation (36)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14014,6 +14029,7 @@ run_test "Server Handshake defragmentation (32)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14022,6 +14038,7 @@ run_test "Server Handshake defragmentation (16)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14030,6 +14047,7 @@ run_test "Server Handshake defragmentation (13)" \ -s "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ From 5f21537c2ada87522334932c9908052a696c5629 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 31 Jan 2025 11:50:08 +0000 Subject: [PATCH 0150/1548] Test Handshake defragmentation only for TLS 1.3 only for small values Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 51844f2a65..4659fcdb22 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13893,8 +13893,12 @@ run_test "Client Handshake defragmentation (513)" \ # OpenSSL does not allow max_send_frag to be less than 512 # so we use split_send_frag instead for tests lower than 512 below. +# There is an issue with OpenSSL when fragmenting with values less +# than 512 bytes in TLS 1.2 so we require TLS 1.3 with these values. + requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ @@ -13904,6 +13908,7 @@ run_test "Client Handshake defragmentation (256)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (128)" \ "$O_NEXT_SRV -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ @@ -13913,6 +13918,7 @@ run_test "Client Handshake defragmentation (128)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (64)" \ "$O_NEXT_SRV -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ @@ -13922,6 +13928,7 @@ run_test "Client Handshake defragmentation (64)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (36)" \ "$O_NEXT_SRV -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ @@ -13931,6 +13938,7 @@ run_test "Client Handshake defragmentation (36)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (32)" \ "$O_NEXT_SRV -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ @@ -13940,6 +13948,7 @@ run_test "Client Handshake defragmentation (32)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (16)" \ "$O_NEXT_SRV -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ @@ -13949,6 +13958,7 @@ run_test "Client Handshake defragmentation (16)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (13)" \ "$O_NEXT_SRV -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ @@ -13958,6 +13968,7 @@ run_test "Client Handshake defragmentation (13)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Client Handshake defragmentation (5)" \ "$O_NEXT_SRV -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ @@ -13985,6 +13996,7 @@ run_test "Server Handshake defragmentation (513)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -13994,6 +14006,7 @@ run_test "Server Handshake defragmentation (256)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14003,6 +14016,7 @@ run_test "Server Handshake defragmentation (128)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14012,6 +14026,7 @@ run_test "Server Handshake defragmentation (64)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14021,6 +14036,7 @@ run_test "Server Handshake defragmentation (36)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14030,6 +14046,7 @@ run_test "Server Handshake defragmentation (32)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14039,6 +14056,7 @@ run_test "Server Handshake defragmentation (16)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -14048,6 +14066,7 @@ run_test "Server Handshake defragmentation (13)" \ requires_openssl_tls1_3 requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ From 4028cfd9ca2bae151203f26c457fcd702fc328f2 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 31 Jan 2025 14:44:13 +0000 Subject: [PATCH 0151/1548] Add missing client certificate check in handshake defragmentation tests Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4659fcdb22..da4e6eb527 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13875,6 +13875,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (512)" \ "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ @@ -13883,6 +13884,7 @@ run_test "Client Handshake defragmentation (512)" \ -c "handshake fragment: " requires_openssl_tls1_3 +requires_certificate_authentication run_test "Client Handshake defragmentation (513)" \ "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ From 270dd7462e5a4bdff3a302112d247ed99e639726 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 5 Feb 2025 15:23:14 +0000 Subject: [PATCH 0152/1548] ssl-opt: Updated the keywords to look up during handshake fragmentation tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 80 ++++++++++++++++++++++++------------------------ 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index da4e6eb527..46751afdf0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13880,8 +13880,8 @@ run_test "Client Handshake defragmentation (512)" \ "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (512 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13889,8 +13889,8 @@ run_test "Client Handshake defragmentation (513)" \ "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (513 [0-9]\\+, [0-9]\\+ left)" # OpenSSL does not allow max_send_frag to be less than 512 # so we use split_send_frag instead for tests lower than 512 below. @@ -13905,8 +13905,8 @@ run_test "Client Handshake defragmentation (256)" \ "$O_NEXT_SRV -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (256 of [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13915,8 +13915,8 @@ run_test "Client Handshake defragmentation (128)" \ "$O_NEXT_SRV -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (128 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13925,8 +13925,8 @@ run_test "Client Handshake defragmentation (64)" \ "$O_NEXT_SRV -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (64 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13935,8 +13935,8 @@ run_test "Client Handshake defragmentation (36)" \ "$O_NEXT_SRV -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (36 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13945,8 +13945,8 @@ run_test "Client Handshake defragmentation (32)" \ "$O_NEXT_SRV -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (32 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13955,8 +13955,8 @@ run_test "Client Handshake defragmentation (16)" \ "$O_NEXT_SRV -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (16 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13965,8 +13965,8 @@ run_test "Client Handshake defragmentation (13)" \ "$O_NEXT_SRV -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (13 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13975,8 +13975,8 @@ run_test "Client Handshake defragmentation (5)" \ "$O_NEXT_SRV -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ - -c "<= handshake" \ - -c "handshake fragment: " + -c "reassembled record" \ + -c "waiting for more fragments (5 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13984,8 +13984,8 @@ run_test "Server Handshake defragmentation (512)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (512 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -13993,8 +13993,8 @@ run_test "Server Handshake defragmentation (513)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (513 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14003,8 +14003,8 @@ run_test "Server Handshake defragmentation (256)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (256 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14013,8 +14013,8 @@ run_test "Server Handshake defragmentation (128)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (128 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14023,8 +14023,8 @@ run_test "Server Handshake defragmentation (64)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (64 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14033,8 +14033,8 @@ run_test "Server Handshake defragmentation (36)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (36 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14043,8 +14043,8 @@ run_test "Server Handshake defragmentation (32)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (32 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14053,8 +14053,8 @@ run_test "Server Handshake defragmentation (16)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (16 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14063,8 +14063,8 @@ run_test "Server Handshake defragmentation (13)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (12 [0-9]\\+, [0-9]\\+ left)" requires_openssl_tls1_3 requires_certificate_authentication @@ -14073,8 +14073,8 @@ run_test "Server Handshake defragmentation (5)" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -s "<= handshake" \ - -s "handshake fragment: " + -s "reassembled record" \ + -s "waiting for more fragments (5 [0-9]\\+, [0-9]\\+ left)" # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 From a1b9117f176e552574cd92304093bf5f71ca59f7 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 7 Feb 2025 14:10:18 +0000 Subject: [PATCH 0153/1548] ssl-opt: Added requires_openssl_3_x to defragmentation tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 80 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 60 insertions(+), 20 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 46751afdf0..0fc099a23e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13874,6 +13874,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication run_test "Client Handshake defragmentation (512)" \ @@ -13881,8 +13882,10 @@ run_test "Client Handshake defragmentation (512)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (512 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -c "waiting for more fragments (512 of [0-9]\\+" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication run_test "Client Handshake defragmentation (513)" \ @@ -13890,7 +13893,8 @@ run_test "Client Handshake defragmentation (513)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (513 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -c "waiting for more fragments (513 of [0-9]\\+" # OpenSSL does not allow max_send_frag to be less than 512 # so we use split_send_frag instead for tests lower than 512 below. @@ -13898,6 +13902,7 @@ run_test "Client Handshake defragmentation (513)" \ # There is an issue with OpenSSL when fragmenting with values less # than 512 bytes in TLS 1.2 so we require TLS 1.3 with these values. +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13906,8 +13911,10 @@ run_test "Client Handshake defragmentation (256)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (256 of [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -c "waiting for more fragments (256 of [0-9]\\+" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13916,8 +13923,10 @@ run_test "Client Handshake defragmentation (128)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (128 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -c "waiting for more fragments (128" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13926,8 +13935,10 @@ run_test "Client Handshake defragmentation (64)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (64 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -c "waiting for more fragments (64" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13936,8 +13947,10 @@ run_test "Client Handshake defragmentation (36)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (36 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -c "waiting for more fragments (36" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13946,8 +13959,10 @@ run_test "Client Handshake defragmentation (32)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (32 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -c "waiting for more fragments (32" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13956,8 +13971,10 @@ run_test "Client Handshake defragmentation (16)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (16 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -c "waiting for more fragments (16" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13966,8 +13983,10 @@ run_test "Client Handshake defragmentation (13)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (13 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -c "waiting for more fragments (13" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -13976,8 +13995,10 @@ run_test "Client Handshake defragmentation (5)" \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ - -c "waiting for more fragments (5 [0-9]\\+, [0-9]\\+ left)" + -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -c "waiting for more fragments (5" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication run_test "Server Handshake defragmentation (512)" \ @@ -13985,8 +14006,10 @@ run_test "Server Handshake defragmentation (512)" \ "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (512 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -s "waiting for more fragments (512" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication run_test "Server Handshake defragmentation (513)" \ @@ -13994,8 +14017,10 @@ run_test "Server Handshake defragmentation (513)" \ "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (513 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -s "waiting for more fragments (513" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14004,8 +14029,10 @@ run_test "Server Handshake defragmentation (256)" \ "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (256 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -s "waiting for more fragments (256" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14014,8 +14041,10 @@ run_test "Server Handshake defragmentation (128)" \ "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (128 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -s "waiting for more fragments (128" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14024,8 +14053,10 @@ run_test "Server Handshake defragmentation (64)" \ "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (64 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -s "waiting for more fragments (64" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14034,8 +14065,10 @@ run_test "Server Handshake defragmentation (36)" \ "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (36 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -s "waiting for more fragments (36" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14044,8 +14077,10 @@ run_test "Server Handshake defragmentation (32)" \ "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (32 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -s "waiting for more fragments (32" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14054,8 +14089,10 @@ run_test "Server Handshake defragmentation (16)" \ "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (16 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -s "waiting for more fragments (16" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14064,8 +14101,10 @@ run_test "Server Handshake defragmentation (13)" \ "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (12 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -s "waiting for more fragments (13" +requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14074,7 +14113,8 @@ run_test "Server Handshake defragmentation (5)" \ "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ - -s "waiting for more fragments (5 [0-9]\\+, [0-9]\\+ left)" + -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -s "waiting for more fragments (5" # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 From a8a298c9d60d70bb5faa28de8e91547bd2e87280 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 7 Feb 2025 17:06:18 +0000 Subject: [PATCH 0154/1548] ssl-opt: Adjusted the wording on handshake fragmentation tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0fc099a23e..269f6b45d2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13877,7 +13877,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication -run_test "Client Handshake defragmentation (512)" \ +run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ "$O_NEXT_SRV -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13888,7 +13888,7 @@ run_test "Client Handshake defragmentation (512)" \ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication -run_test "Client Handshake defragmentation (513)" \ +run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ "$O_NEXT_SRV -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13906,7 +13906,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (256)" \ +run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13918,7 +13918,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (128)" \ +run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13930,7 +13930,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (64)" \ +run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13942,7 +13942,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (36)" \ +run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13954,7 +13954,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (32)" \ +run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13966,7 +13966,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (16)" \ +run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13978,7 +13978,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (13)" \ +run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -13990,7 +13990,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Client Handshake defragmentation (5)" \ +run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ "$O_NEXT_SRV -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14001,7 +14001,7 @@ run_test "Client Handshake defragmentation (5)" \ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication -run_test "Server Handshake defragmentation (512)" \ +run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14012,7 +14012,7 @@ run_test "Server Handshake defragmentation (512)" \ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication -run_test "Server Handshake defragmentation (513)" \ +run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14024,7 +14024,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (256)" \ +run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14036,7 +14036,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (128)" \ +run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14048,7 +14048,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (64)" \ +run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14060,7 +14060,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (36)" \ +run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14072,7 +14072,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (32)" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14084,7 +14084,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (16)" \ +run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14096,7 +14096,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (13)" \ +run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14108,7 +14108,7 @@ requires_openssl_3_x requires_openssl_tls1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Server Handshake defragmentation (5)" \ +run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ From a4dde77cbe57d0b68039c44acedae55e4851fde4 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sat, 8 Feb 2025 23:31:43 +0000 Subject: [PATCH 0155/1548] ssl-opt: Dependency resolving set to use to requires_protocol_version HS deframentation tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 96 ++++++++++++++++++++---------------------------- 1 file changed, 40 insertions(+), 56 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 269f6b45d2..7c9aea9873 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13875,10 +13875,10 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ - "$O_NEXT_SRV -max_send_frag 512 " \ + "$O_NEXT_SRV -tls1_3 -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13886,10 +13886,10 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ -c "waiting for more fragments (512 of [0-9]\\+" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ - "$O_NEXT_SRV -max_send_frag 513 " \ + "$O_NEXT_SRV -tls1_3 -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13903,11 +13903,10 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ # than 512 bytes in TLS 1.2 so we require TLS 1.3 with these values. requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 256 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13915,11 +13914,10 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ -c "waiting for more fragments (256 of [0-9]\\+" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 128 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13927,11 +13925,10 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ -c "waiting for more fragments (128" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 64 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13939,11 +13936,10 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ -c "waiting for more fragments (64" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 36 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13951,11 +13947,10 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ -c "waiting for more fragments (36" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 32 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13963,11 +13958,10 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ -c "waiting for more fragments (32" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 16 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13975,11 +13969,10 @@ run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ -c "waiting for more fragments (16" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 13 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13987,11 +13980,10 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ -c "waiting for more fragments (13" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ - "$O_NEXT_SRV -split_send_frag 5 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13999,118 +13991,110 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ -c "waiting for more fragments (5" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -s "waiting for more fragments (512" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -s "waiting for more fragments (513" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -s "waiting for more fragments (256" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -s "waiting for more fragments (128" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -s "waiting for more fragments (64" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -s "waiting for more fragments (36" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -s "waiting for more fragments (32" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -s "waiting for more fragments (16" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -s "waiting for more fragments (13" requires_openssl_3_x -requires_openssl_tls1_3 +requires_protocol_version tls13 requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ From 85fe73d55db762af5c3ab0f74a2a92fee82fa2fd Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sun, 9 Feb 2025 23:37:34 +0000 Subject: [PATCH 0156/1548] ssl-opt: Added tls 1.2 tests for HS defragmentation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 221 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 221 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7c9aea9873..d22bccafb1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13885,6 +13885,17 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -c "waiting for more fragments (512 of [0-9]\\+" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -max_send_frag 512 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -c "waiting for more fragments (512 of [0-9]\\+" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -13896,6 +13907,17 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -c "waiting for more fragments (513 of [0-9]\\+" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -max_send_frag 513 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -c "waiting for more fragments (513 of [0-9]\\+" + # OpenSSL does not allow max_send_frag to be less than 512 # so we use split_send_frag instead for tests lower than 512 below. @@ -13913,6 +13935,17 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -c "waiting for more fragments (256 of [0-9]\\+" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -c "waiting for more fragments (256 of [0-9]\\+" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -13924,6 +13957,17 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -c "waiting for more fragments (128" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -c "waiting for more fragments (128" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -13935,6 +13979,17 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -c "waiting for more fragments (64" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -c "waiting for more fragments (64" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -13946,6 +14001,17 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -c "waiting for more fragments (36" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -c "waiting for more fragments (36" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -13957,6 +14023,17 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -c "waiting for more fragments (32" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -c "waiting for more fragments (32" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -13968,6 +14045,17 @@ run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -c "waiting for more fragments (16" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=14, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -c "waiting for more fragments (16" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -13979,6 +14067,17 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -c "waiting for more fragments (13" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -c "waiting for more fragments (13" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -13990,6 +14089,17 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -c "waiting for more fragments (5" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14001,6 +14111,17 @@ run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -s "waiting for more fragments (512" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -s "waiting for more fragments (512" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14012,6 +14133,17 @@ run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -s "waiting for more fragments (513" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -s "waiting for more fragments (513" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14023,6 +14155,18 @@ run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -s "waiting for more fragments (256" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -s "waiting for more fragments (256" + + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14034,6 +14178,17 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -s "waiting for more fragments (128" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=128, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -s "waiting for more fragments (128" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14045,6 +14200,17 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -s "waiting for more fragments (64" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=64, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -s "waiting for more fragments (64" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14056,6 +14222,17 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -s "waiting for more fragments (36" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=36, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -s "waiting for more fragments (36" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14067,6 +14244,17 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -s "waiting for more fragments (32" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -s "waiting for more fragments (32" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14078,6 +14266,17 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -s "waiting for more fragments (16" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=16, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -s "waiting for more fragments (16" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14089,6 +14288,17 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -s "waiting for more fragments (13" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=13, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -s "waiting for more fragments (13" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14100,6 +14310,17 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -s "waiting for more fragments (5" +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -s "waiting for more fragments (5" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 41782a9cd0d2fc0e77879e1aab737294edfa8190 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 18 Feb 2025 17:21:22 +0000 Subject: [PATCH 0157/1548] ssl-opt: Added negative-assertion testing, (HS Fragmentation disabled) Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d22bccafb1..855e3c0c3c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13873,6 +13873,15 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth -s "dumping .client hello, compression. (2 bytes)" # Handshake defragmentation testing +requires_openssl_3_x +requires_protocol_version tls13 +requires_certificate_authentication +run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ + "$O_NEXT_SRV" \ + "$P_CLI debug_level=4 " \ + 0 \ + -C "reassembled record" \ + -C "waiting for more fragments" requires_openssl_3_x requires_protocol_version tls13 @@ -14100,6 +14109,16 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" +requires_openssl_3_x +requires_protocol_version tls13 +requires_certificate_authentication +run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -C "reassembled record" \ + -C "waiting for more fragments" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication From 1c106afd22bf51b13dbcde8b7919a02cc4f86a72 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 18 Feb 2025 17:33:22 +0000 Subject: [PATCH 0158/1548] ssl-opt: Added handshake fragmentation tests for 4 byte fragments. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 855e3c0c3c..7d57c4a3f0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14109,7 +14109,6 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" -requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ @@ -14340,6 +14339,28 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -s "waiting for more fragments (5" +requires_protocol_version tls13 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -s "waiting for more fragments (4" + +requires_openssl_3_x +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=4, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -s "waiting for more fragments (4" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 74ce7498d7063958b0036e509d790ebd2e73ad82 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 18 Feb 2025 17:41:18 +0000 Subject: [PATCH 0159/1548] ssl-opt: Added negative tests for handshake fragmentation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 56 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7d57c4a3f0..8268fde352 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14109,6 +14109,27 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" +requires_openssl_3_x +requires_protocol_version tls13 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ + "$P_CLI debug_level=4 " \ + 1 \ + -c "=> ssl_tls13_process_server_hello" \ + -c "handshake message too short: 3" \ + -c "SSL - An invalid SSL record was received" + +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \ + "$P_CLI debug_level=4 " \ + 1 \ + -c "handshake message too short: 3" \ + -c "SSL - An invalid SSL record was received" + requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ @@ -14361,6 +14382,41 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ -s "waiting for more fragments (4" +requires_openssl_3_x +requires_protocol_version tls13 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 1 \ + -s "<= parse client hello" \ + -s "handshake message too short: 3" \ + -s "SSL - An invalid SSL record was received" + +requires_openssl_3_x +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 1 \ + -s "<= parse client hello" \ + -s "handshake message too short: 3" \ + -s "SSL - An invalid SSL record was received" + +requires_openssl_3_x +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ + "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 1 \ + -s "The SSL configuration is tls12 only" \ + -s "bad client hello message" \ + -s "SSL - A message could not be parsed due to a syntactic error" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 36c81f5f05878c717620095874a1c14d52c86db2 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 20 Feb 2025 09:44:46 +0000 Subject: [PATCH 0160/1548] ssl-opt: Added DSA-RSA dependency on TLS1.2 defragmentation testing. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8268fde352..f6795f6b6a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13894,9 +13894,13 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -c "waiting for more fragments (512 of [0-9]\\+" +# Since the removal of the DHE-RSA key exchange, the default openssl server +# certificate does not match what is provided by the testing client. Those +# use-cases are out of scope for defregmentation testing, and should be skipped. requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -max_send_frag 512 " \ "$P_CLI debug_level=4 " \ @@ -13919,6 +13923,7 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -max_send_frag 513 " \ "$P_CLI debug_level=4 " \ @@ -13947,6 +13952,7 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \ "$P_CLI debug_level=4 " \ @@ -13969,6 +13975,7 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \ "$P_CLI debug_level=4 " \ @@ -13991,6 +13998,7 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \ "$P_CLI debug_level=4 " \ @@ -14013,6 +14021,7 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \ "$P_CLI debug_level=4 " \ @@ -14035,6 +14044,7 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \ "$P_CLI debug_level=4 " \ @@ -14057,6 +14067,7 @@ run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=14, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ @@ -14123,6 +14134,7 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \ "$P_CLI debug_level=4 " \ From d708a63857c3fa0462ca61432400693dd08b3b2b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 18 Feb 2025 17:28:27 +0000 Subject: [PATCH 0161/1548] ssl-opt: Updated documentation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f6795f6b6a..54b0065d33 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13873,6 +13873,11 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth -s "dumping .client hello, compression. (2 bytes)" # Handshake defragmentation testing + +# To warrant that the handhake messages are large enough and need to be split +# into fragments, the tests require certificate authentication. The party in control +# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes) +# either from O_NEXT_SRV or test data. requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -13932,12 +13937,6 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -c "waiting for more fragments (513 of [0-9]\\+" -# OpenSSL does not allow max_send_frag to be less than 512 -# so we use split_send_frag instead for tests lower than 512 below. - -# There is an issue with OpenSSL when fragmenting with values less -# than 512 bytes in TLS 1.2 so we require TLS 1.3 with these values. - requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14405,11 +14404,13 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ -s "handshake message too short: 3" \ -s "SSL - An invalid SSL record was received" +# Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing +# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ +run_test "Handshake defragmentation on server: len=3, TLS 1.3 -> 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ From eddbb5a829e4b22e21a02ffe62eb7c00b4165d02 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 19 Feb 2025 11:37:39 +0000 Subject: [PATCH 0162/1548] ChangeLog: Updated the entry for tls-hs-defragmentation Signed-off-by: Minos Galanakis --- ChangeLog.d/tls-hs-defrag-in.txt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt index 55103c9a42..4fd4a4e372 100644 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -3,3 +3,10 @@ Bugfix by the spec. Lack of support was causing handshake failures with some servers, especially with TLS 1.3 in practice (though both protocol version could be affected in principle, and both are fixed now). + The initial fragment for each handshake message must be at least 4 bytes. + + Server-side, defragmentation of the ClientHello message is only + supported if the server accepts TLS 1.3 (regardless of whether the + ClientHello is 1.3 or 1.2). That is, servers configured (either + at compile time or at runtime) to only accept TLS 1.2 will + still fail the handshake if the ClientHello message is fragmented. From a5a8c9f5c9a06a6043cff3778620f5309fae0528 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 20 Feb 2025 20:27:51 +0000 Subject: [PATCH 0163/1548] ssl-opt: Added coverage for hs defragmentation TLS 1.2 tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 57 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 43 insertions(+), 14 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 54b0065d33..cf7dc2412c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14055,7 +14055,7 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication -run_test "Handshake defragmentation on client: len=14, TLS 1.3" \ +run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14067,7 +14067,7 @@ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=14, TLS 1.2" \ +run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ "$P_CLI debug_level=4 " \ 0 \ @@ -14119,6 +14119,28 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" +requires_openssl_3_x +requires_protocol_version tls13 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -c "waiting for more fragments (4" + +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -c "waiting for more fragments (4" + requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14210,13 +14232,12 @@ requires_protocol_version tls12 requires_certificate_authentication run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -s "waiting for more fragments (256" - requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication @@ -14228,8 +14249,11 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -s "waiting for more fragments (128" +# Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing +# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=128, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14251,7 +14275,8 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ -s "waiting for more fragments (64" requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=64, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14273,7 +14298,8 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ -s "waiting for more fragments (36" requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=36, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14295,7 +14321,8 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ -s "waiting for more fragments (32" requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14317,7 +14344,8 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ -s "waiting for more fragments (16" requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=16, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14339,7 +14367,8 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ -s "waiting for more fragments (13" requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=13, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14361,7 +14390,8 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ -s "waiting for more fragments (5" requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14371,6 +14401,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -s "waiting for more fragments (5" +requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ @@ -14404,8 +14435,6 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ -s "handshake message too short: 3" \ -s "SSL - An invalid SSL record was received" -# Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing -# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -14422,7 +14451,7 @@ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.2 -> 1.2" \ "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ From 99ca6680f29dfe7754c87b3cb9580886aed094fd Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 20 Feb 2025 23:24:34 +0000 Subject: [PATCH 0164/1548] ssl-opt: Replaced max_send_frag with split_send_frag Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index cf7dc2412c..818d50dc95 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13892,7 +13892,7 @@ requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -max_send_frag 512 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13907,7 +13907,7 @@ requires_protocol_version tls12 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -max_send_frag 512 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13918,7 +13918,7 @@ requires_openssl_3_x requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -max_send_frag 513 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -13930,7 +13930,7 @@ requires_protocol_version tls12 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -max_send_frag 513 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \ "$P_CLI debug_level=4 " \ 0 \ -c "reassembled record" \ @@ -14177,7 +14177,7 @@ requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ @@ -14188,7 +14188,7 @@ requires_protocol_version tls12 requires_certificate_authentication run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -max_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ @@ -14199,7 +14199,7 @@ requires_protocol_version tls13 requires_certificate_authentication run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ @@ -14210,7 +14210,7 @@ requires_protocol_version tls12 requires_certificate_authentication run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -max_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ From cd6a24b28895a277fe5fa5236c3dce09143d9928 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 24 Feb 2025 09:27:09 +0000 Subject: [PATCH 0165/1548] ssl-opt.sh: Disabled HS Defrag Tests for TLS1.2 where len < 16 Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 818d50dc95..d09005b667 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14086,6 +14086,7 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -c "waiting for more fragments (13" +skip_next_test requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication @@ -14108,6 +14109,7 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" +skip_next_test requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication @@ -14130,6 +14132,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ -c "waiting for more fragments (4" +skip_next_test requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication From 434016e2eb6812be245277ceda39a56713be284c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Feb 2025 18:49:59 +0100 Subject: [PATCH 0166/1548] Keep track of whether mbedtls_ssl_set_hostname() has been called No behavior change apart from now emitting a different log message depending on whether mbedtls_ssl_set_hostname() has been called with NULL or not at all. Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 2 ++ library/ssl_misc.h | 6 ++++++ library/ssl_tls.c | 9 +++----- tests/ssl-opt.sh | 50 ++++++++++++++++++++++++++++++++----------- 4 files changed, 48 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7c3a3d9433..fa46fa7451 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1671,6 +1671,8 @@ struct mbedtls_ssl_context { int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */ /** Mask of `MBEDTLS_SSL_CONTEXT_FLAG_XXX`. + * See `mbedtls_ssl_context_flags_t` in ssl_misc.h. + * * This field is not saved by mbedtls_ssl_session_save(). */ uint32_t MBEDTLS_PRIVATE(flags); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 9f91861f64..2d54172818 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -51,6 +51,12 @@ extern const mbedtls_error_pair_t psa_to_ssl_errors[7]; #define MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED #endif +/** Flag values for mbedtls_ssl_context::flags. */ +typedef enum { + /** Set if mbedtls_ssl_set_hostname() has been called. */ + MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET = 1, +} mbedtls_ssl_context_flags_t; + #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */ #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index dd1beb98b7..998cac2ce4 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2529,12 +2529,7 @@ void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, static int mbedtls_ssl_has_set_hostname_been_called( const mbedtls_ssl_context *ssl) { - /* We can't tell the difference between the case where - * mbedtls_ssl_set_hostname() has not been called at all, and - * the case where it was last called with NULL. For the time - * being, we assume the latter, i.e. we behave as if there had - * been an implicit call to mbedtls_ssl_set_hostname(ssl, NULL). */ - return ssl->hostname != NULL; + return (ssl->flags & MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET) != 0; } #endif @@ -2580,6 +2575,8 @@ int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname) ssl->hostname[hostname_len] = '\0'; } + ssl->flags |= MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET; + return 0; } #endif /* MBEDTLS_X509_CRT_PARSE_C */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e541a81983..ecff16ec8d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5943,9 +5943,11 @@ run_test "Authentication: server goodcert, client none, no trusted CA (1.2)" run_test "Authentication: hostname match, client required" \ "$P_SRV" \ - "$P_CLI auth_mode=required server_name=localhost debug_level=1" \ + "$P_CLI auth_mode=required server_name=localhost debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" @@ -5997,7 +5999,7 @@ run_test "Authentication: hostname mismatch (trailing), client required" \ run_test "Authentication: hostname mismatch, client optional" \ "$P_SRV" \ - "$P_CLI auth_mode=optional server_name=wrong-name debug_level=1" \ + "$P_CLI auth_mode=optional server_name=wrong-name debug_level=2" \ 0 \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ @@ -6005,93 +6007,115 @@ run_test "Authentication: hostname mismatch, client optional" \ run_test "Authentication: hostname mismatch, client none" \ "$P_SRV" \ - "$P_CLI auth_mode=none server_name=wrong-name debug_level=1" \ + "$P_CLI auth_mode=none server_name=wrong-name debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" run_test "Authentication: hostname null, client required" \ "$P_SRV" \ - "$P_CLI auth_mode=required set_hostname=NULL debug_level=1" \ + "$P_CLI auth_mode=required set_hostname=NULL debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" run_test "Authentication: hostname null, client optional" \ "$P_SRV" \ - "$P_CLI auth_mode=optional set_hostname=NULL debug_level=1" \ + "$P_CLI auth_mode=optional set_hostname=NULL debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" run_test "Authentication: hostname null, client none" \ "$P_SRV" \ - "$P_CLI auth_mode=none set_hostname=NULL debug_level=1" \ + "$P_CLI auth_mode=none set_hostname=NULL debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client required" \ "$P_SRV" \ - "$P_CLI auth_mode=required set_hostname=no debug_level=1" \ + "$P_CLI auth_mode=required set_hostname=no debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -c "Certificate verification without having set hostname" \ + -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client optional" \ "$P_SRV" \ - "$P_CLI auth_mode=optional set_hostname=no debug_level=1" \ + "$P_CLI auth_mode=optional set_hostname=no debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -c "Certificate verification without having set hostname" \ + -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client none" \ "$P_SRV" \ - "$P_CLI auth_mode=none set_hostname=no debug_level=1" \ + "$P_CLI auth_mode=none set_hostname=no debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client default, server picks cert, 1.2" \ "$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=1" \ + "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -c "Certificate verification without having set hostname" \ + -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Authentication: hostname unset, client default, server picks cert, 1.3" \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral" \ - "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=1" \ + "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -c "Certificate verification without having set hostname" \ + -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" \ "$P_SRV force_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=1" \ + "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" \ "$P_SRV force_version=tls13 tls13_kex_modes=psk psk=73776f726466697368 psk_identity=foo" \ - "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=1" \ + "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \ 0 \ -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" From 59a51170727c0a903c9a6dcbd4707b500d9cdaa3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Feb 2025 13:46:03 +0100 Subject: [PATCH 0167/1548] Create error code for mbedtls_ssl_set_hostname not called Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index fa46fa7451..0eaec5c8ca 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -169,6 +169,39 @@ #define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00 /** Invalid value in SSL config */ #define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 +/* Error space gap */ +/** Attempt to verify a certificate without an expected hostname. + * This is usually insecure. + * + * In TLS clients, when a client authenticates a server through its + * certificate, the client normally checks three things: + * - the certificate chain must be valid; + * - the chain must start from a trusted CA; + * - the certificate must cover the server name that is expected by the client. + * + * Omitting any of these checks is generally insecure, and can allow a + * malicious server to impersonate a legitimate server. + * + * The third check may be safely skipped in some unusual scenarios, + * such as networks where eavesdropping is a risk but not active attacks, + * or a private PKI where the client equally trusts all servers that are + * accredited by the root CA. + * + * You should call mbedtls_ssl_set_hostname() with the expected server name + * before starting a TLS handshake on a client (unless the client is + * set up to only use PSK-based authentication, which does not rely on the + * host name). If you have determined that server name verification is not + * required for security in your scenario, call mbedtls_ssl_set_hostname() + * with \p NULL as the server name. + * + * This error is raised if all of the following conditions are met: + * + * - A TLS client is configured with the authentication mode + * #MBEDTLS_SSL_VERIFY_REQUIRED (default). + * - Certificate authentication is enabled. + * - The client does not call mbedtls_ssl_set_hostname(). + */ +#define MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME -0x5D80 /* * Constants from RFC 8446 for TLS 1.3 PSK modes From 488b91929dc20d186913eb896202d634c769dbc4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Feb 2025 14:39:02 +0100 Subject: [PATCH 0168/1548] Require calling mbedtls_ssl_set_hostname() for security In a TLS client, when using certificate authentication, the client should check that the certificate is valid for the server name that the client expects. Otherwise, in most scenarios, a malicious server can impersonate another server. Normally, the application code should call mbedtls_ssl_set_hostname(). However, it's easy to forget. So raise an error if mandatory certificate authentication is in effect and mbedtls_ssl_set_hostname() has not been called. Raise the new error code MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME, for easy identification. But don't raise the error if the backward compatibility option MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME is enabled. Signed-off-by: Gilles Peskine --- library/ssl_tls.c | 4 ++++ tests/ssl-opt.sh | 17 ++++++++++------- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 998cac2ce4..6c401b59bd 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8872,6 +8872,10 @@ static int get_hostname_for_verification(mbedtls_ssl_context *ssl, { if (!mbedtls_ssl_has_set_hostname_been_called(ssl)) { MBEDTLS_SSL_DEBUG_MSG(1, ("Certificate verification without having set hostname")); + if (mbedtls_ssl_conf_get_endpoint(ssl->conf) == MBEDTLS_SSL_IS_CLIENT && + ssl->conf->authmode == MBEDTLS_SSL_VERIFY_REQUIRED) { + return MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME; + } } *hostname = ssl->hostname; diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ecff16ec8d..8d417afb1a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -6049,12 +6049,13 @@ run_test "Authentication: hostname null, client none" \ run_test "Authentication: hostname unset, client required" \ "$P_SRV" \ "$P_CLI auth_mode=required set_hostname=no debug_level=2" \ - 0 \ + 1 \ -C "does not match with the expected CN" \ -c "Certificate verification without having set hostname" \ - -c "Certificate verification without CN verification" \ + -C "Certificate verification without CN verification" \ + -c "get_hostname_for_verification() returned -" \ -C "x509_verify_cert() returned -" \ - -C "! mbedtls_ssl_handshake returned" \ + -c "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client optional" \ @@ -6080,10 +6081,11 @@ run_test "Authentication: hostname unset, client none" \ run_test "Authentication: hostname unset, client default, server picks cert, 1.2" \ "$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \ - 0 \ + 1 \ -C "does not match with the expected CN" \ -c "Certificate verification without having set hostname" \ - -c "Certificate verification without CN verification" \ + -C "Certificate verification without CN verification" \ + -c "get_hostname_for_verification() returned -" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" @@ -6091,10 +6093,11 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Authentication: hostname unset, client default, server picks cert, 1.3" \ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral" \ "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \ - 0 \ + 1 \ -C "does not match with the expected CN" \ -c "Certificate verification without having set hostname" \ - -c "Certificate verification without CN verification" \ + -C "Certificate verification without CN verification" \ + -c "get_hostname_for_verification() returned -" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" From 856a3706286b313cd0f22b07b9233348d53c620f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Feb 2025 17:28:49 +0100 Subject: [PATCH 0169/1548] Call mbedtls_ssl_set_hostname in the generic endpoint setup in unit tests Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 44e07efb63..b89ca215f3 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -855,6 +855,10 @@ int mbedtls_test_ssl_endpoint_init( ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); TEST_ASSERT(ret == 0); + if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { + ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost"); + } + #if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) { mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL); From 640512eb90a129187aa24ae4f7e742224d63ad2e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Feb 2025 21:46:00 +0100 Subject: [PATCH 0170/1548] mbedtls_ssl_set_hostname tests: add tests with CA callback Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8d417afb1a..8a44687c52 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5952,6 +5952,18 @@ run_test "Authentication: hostname match, client required" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" +run_test "Authentication: hostname match, client required, CA callback" \ + "$P_SRV" \ + "$P_CLI auth_mode=required server_name=localhost debug_level=3 ca_callback=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -C "Certificate verification without CN verification" \ + -c "use CA callback for X.509 CRT verification" \ + -C "x509_verify_cert() returned -" \ + -C "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + run_test "Authentication: hostname mismatch (wrong), client required" \ "$P_SRV" \ "$P_CLI auth_mode=required server_name=wrong-name debug_level=1" \ @@ -6058,6 +6070,19 @@ run_test "Authentication: hostname unset, client required" \ -c "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" +run_test "Authentication: hostname unset, client required, CA callback" \ + "$P_SRV" \ + "$P_CLI auth_mode=required set_hostname=no debug_level=3 ca_callback=1" \ + 1 \ + -C "does not match with the expected CN" \ + -c "Certificate verification without having set hostname" \ + -C "Certificate verification without CN verification" \ + -c "get_hostname_for_verification() returned -" \ + -C "use CA callback for X.509 CRT verification" \ + -C "x509_verify_cert() returned -" \ + -c "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + run_test "Authentication: hostname unset, client optional" \ "$P_SRV" \ "$P_CLI auth_mode=optional set_hostname=no debug_level=2" \ From 825c3d075a7ac6e11505dfc4a59140282884e1a0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 17 Feb 2025 17:41:54 +0100 Subject: [PATCH 0171/1548] Add a note about calling mbedtls_ssl_set_hostname to mbedtls_ssl_setup Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 0eaec5c8ca..b15bbb6665 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2015,6 +2015,17 @@ void mbedtls_ssl_init(mbedtls_ssl_context *ssl); * \note The PSA crypto subsystem must have been initialized by * calling psa_crypto_init() before calling this function. * + * \note After setting up a client context, if certificate-based + * authentication is enabled, you should call + * mbedtls_ssl_set_hostname() to specifiy the expected + * name of the server. Otherwise, if server authentication + * is required (which is the case by default) and the + * selected key exchange involves a certificate (i.e. is not + * based on a pre-shared key), the certificate authentication + * will fail. See + * #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + * for more information. + * * \param ssl SSL context * \param conf SSL configuration to use * From 02e303ec8669d6691404b09a48bd0e6e0c4fad80 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 17 Feb 2025 17:49:20 +0100 Subject: [PATCH 0172/1548] Changelog entries for requiring mbedls_ssl_set_hostname() in TLS clients Signed-off-by: Gilles Peskine --- ChangeLog.d/mbedtls_ssl_set_hostname.txt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 ChangeLog.d/mbedtls_ssl_set_hostname.txt diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt new file mode 100644 index 0000000000..f5f0fa7e05 --- /dev/null +++ b/ChangeLog.d/mbedtls_ssl_set_hostname.txt @@ -0,0 +1,15 @@ +Default behavior changes + * In TLS clients, if mbedtls_ssl_set_hostname() has not been called, + mbedtls_ssl_handshake() now fails with + MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + if certificate-based authentication of the server is attempted. + This is because authenticating a server without knowing what name + to expect is usually insecure. + +Security + * Note that TLS clients should generally call mbedtls_ssl_set_hostname() + if they use certificate authentication (i.e. not pre-shared keys). + Otherwise, in many scenarios, the server could be impersonated. + The library will now prevent the handshake and return + MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + if mbedtls_ssl_set_hostname() has not been called. From 96073fb997dd6d7ef978f30bb390738691577f69 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Feb 2025 19:12:04 +0100 Subject: [PATCH 0173/1548] Improve documentation of mbedtls_ssl_set_hostname Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b15bbb6665..0fe2399d3a 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3937,16 +3937,19 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, #if defined(MBEDTLS_X509_CRT_PARSE_C) /** * \brief Set or reset the hostname to check against the received - * server certificate. It sets the ServerName TLS extension, - * too, if that extension is enabled. (client-side only) + * peer certificate. On a client, this also sets the + * ServerName TLS extension, if that extension is enabled. + * On a TLS 1.3 client, this also sets the server name in + * the session resumption ticket, if that feature is enabled. * * \param ssl SSL context - * \param hostname the server hostname, may be NULL to clear hostname - - * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. + * \param hostname The server hostname. This may be \c NULL to clear + * the hostname. + * + * \note Maximum hostname length #MBEDTLS_SSL_MAX_HOST_NAME_LEN. * - * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on - * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on + * \return 0 if successful, #MBEDTLS_ERR_SSL_ALLOC_FAILED on + * allocation failure, #MBEDTLS_ERR_SSL_BAD_INPUT_DATA on * too long input hostname. * * Hostname set to the one provided on success (cleared From eb2d29eb6bdce5b90e31ce2a8a4eb1826ee5d8b7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Feb 2025 19:12:16 +0100 Subject: [PATCH 0174/1548] Document the need to call mbedtls_ssl_set_hostname Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 0fe2399d3a..31540249d5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3948,6 +3948,16 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, * * \note Maximum hostname length #MBEDTLS_SSL_MAX_HOST_NAME_LEN. * + * \note If the hostname is \c NULL on a client, then the server + * is not authenticated: it only needs to have a valid + * certificate, not a certificate matching its name. + * Therefore you should always call this function on a client, + * unless the connection is set up to only allow + * pre-shared keys, or in scenarios where server + * impersonation is not a concern. See the documentation of + * #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + * for more details. + * * \return 0 if successful, #MBEDTLS_ERR_SSL_ALLOC_FAILED on * allocation failure, #MBEDTLS_ERR_SSL_BAD_INPUT_DATA on * too long input hostname. From fd89acc7357c53b432141bb2d341ca104f77bc85 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 24 Feb 2025 18:45:49 +0100 Subject: [PATCH 0175/1548] ssl_session_reset: preserve HOSTNAME_SET flag When we don't reset `ssl->hostname`, we must not reset the `MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET` flag either. Signed-off-by: Gilles Peskine --- library/ssl_misc.h | 10 ++++++++++ library/ssl_tls.c | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 2d54172818..fd01aacac7 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -57,6 +57,16 @@ typedef enum { MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET = 1, } mbedtls_ssl_context_flags_t; +/** Flags from ::mbedtls_ssl_context_flags_t to keep in + * mbedtls_ssl_session_reset(). + * + * The flags that are in this list are kept until explicitly updated or + * until mbedtls_ssl_free(). The flags that are not listed here are + * reset to 0 in mbedtls_ssl_session_reset(). + */ +#define MBEDTLS_SSL_CONTEXT_FLAGS_KEEP_AT_SESSION \ + (MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET) + #define MBEDTLS_SSL_INITIAL_HANDSHAKE 0 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */ #define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6c401b59bd..0b072e6a76 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1411,7 +1411,7 @@ int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ssl->state = MBEDTLS_SSL_HELLO_REQUEST; - ssl->flags = 0; + ssl->flags &= MBEDTLS_SSL_CONTEXT_FLAGS_KEEP_AT_SESSION; ssl->tls_version = ssl->conf->max_tls_version; mbedtls_ssl_session_reset_msg_layer(ssl, partial); From c8709c6a85c5d9b2ce88533d60b87b4b95d7b70e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 24 Feb 2025 23:43:07 +0000 Subject: [PATCH 0176/1548] ssl-opt: Removed redundant dependencies: requires_openssl_3_x Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 132 +++++++++++++++-------------------------------- 1 file changed, 41 insertions(+), 91 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d09005b667..6b9ef1d225 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13878,8 +13878,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # into fragments, the tests require certificate authentication. The party in control # of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes) # either from O_NEXT_SRV or test data. -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ "$O_NEXT_SRV" \ @@ -13888,8 +13887,7 @@ run_test "Handshake defragmentation on client (no fragmentation, for referenc -C "reassembled record" \ -C "waiting for more fragments" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \ @@ -13902,8 +13900,7 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ # Since the removal of the DHE-RSA key exchange, the default openssl server # certificate does not match what is provided by the testing client. Those # use-cases are out of scope for defregmentation testing, and should be skipped. -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ @@ -13914,8 +13911,7 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -c "waiting for more fragments (512 of [0-9]\\+" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \ @@ -13925,8 +13921,7 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -c "waiting for more fragments (513 of [0-9]\\+" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ @@ -13937,8 +13932,7 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -c "waiting for more fragments (513 of [0-9]\\+" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \ @@ -13948,8 +13942,7 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -c "waiting for more fragments (256 of [0-9]\\+" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ @@ -13960,8 +13953,7 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -c "waiting for more fragments (256 of [0-9]\\+" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \ @@ -13971,8 +13963,7 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -c "waiting for more fragments (128" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ @@ -13983,8 +13974,7 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -c "waiting for more fragments (128" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \ @@ -13994,8 +13984,7 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -c "waiting for more fragments (64" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ @@ -14006,8 +13995,7 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -c "waiting for more fragments (64" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \ @@ -14017,8 +14005,7 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -c "waiting for more fragments (36" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ @@ -14029,8 +14016,7 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -c "waiting for more fragments (36" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \ @@ -14040,8 +14026,7 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -c "waiting for more fragments (32" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ @@ -14052,8 +14037,7 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -c "waiting for more fragments (32" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \ @@ -14063,8 +14047,7 @@ run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -c "waiting for more fragments (16" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ @@ -14075,8 +14058,7 @@ run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -c "waiting for more fragments (16" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \ @@ -14087,8 +14069,7 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ -c "waiting for more fragments (13" skip_next_test -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \ @@ -14098,8 +14079,7 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -c "waiting for more fragments (13" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \ @@ -14110,8 +14090,7 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ -c "waiting for more fragments (5" skip_next_test -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \ @@ -14121,8 +14100,7 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -c "waiting for more fragments (5" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \ @@ -14133,8 +14111,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ -c "waiting for more fragments (4" skip_next_test -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \ @@ -14144,8 +14121,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ -c "waiting for more fragments (4" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ @@ -14155,8 +14131,7 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ -c "handshake message too short: 3" \ -c "SSL - An invalid SSL record was received" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ @@ -14166,7 +14141,7 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ -c "handshake message too short: 3" \ -c "SSL - An invalid SSL record was received" -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14175,8 +14150,7 @@ run_test "Handshake defragmentation on server (no fragmentation, for referenc -C "reassembled record" \ -C "waiting for more fragments" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14186,8 +14160,7 @@ run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -s "waiting for more fragments (512" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14197,8 +14170,7 @@ run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -s "waiting for more fragments (512" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14208,8 +14180,7 @@ run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -s "waiting for more fragments (513" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14219,8 +14190,7 @@ run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ -s "waiting for more fragments (513" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14230,8 +14200,7 @@ run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -s "waiting for more fragments (256" -requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14241,8 +14210,7 @@ run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ -s "waiting for more fragments (256" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14254,7 +14222,6 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ # Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing # the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14266,8 +14233,7 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -s "waiting for more fragments (128" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14277,7 +14243,6 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -s "waiting for more fragments (64" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14289,8 +14254,7 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ -s "waiting for more fragments (64" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14300,7 +14264,6 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -s "waiting for more fragments (36" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14312,8 +14275,7 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ -s "waiting for more fragments (36" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14323,7 +14285,6 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -s "waiting for more fragments (32" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14335,8 +14296,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ -s "waiting for more fragments (32" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14346,7 +14306,6 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -s "waiting for more fragments (16" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14358,8 +14317,7 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ -s "waiting for more fragments (16" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14369,7 +14327,6 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -s "waiting for more fragments (13" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14381,8 +14338,7 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ -s "waiting for more fragments (13" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14392,7 +14348,6 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -s "waiting for more fragments (5" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14404,8 +14359,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ -s "waiting for more fragments (5" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14415,7 +14369,6 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ -s "waiting for more fragments (4" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14427,8 +14380,7 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.2" \ -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ -s "waiting for more fragments (4" -requires_openssl_3_x -requires_protocol_version tls13 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ @@ -14438,7 +14390,6 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ -s "handshake message too short: 3" \ -s "SSL - An invalid SSL record was received" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -14450,7 +14401,6 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3 -> 1.2" \ -s "handshake message too short: 3" \ -s "SSL - An invalid SSL record was received" -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication From 17170a5ed22954eab7ab65ac0b564582934dfb3a Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 27 Feb 2025 11:40:33 +0000 Subject: [PATCH 0177/1548] ssl-opt: Updated documentation of HS-Defrag tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6b9ef1d225..52ae002655 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14225,7 +14225,7 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14246,7 +14246,7 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14267,7 +14267,7 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14288,7 +14288,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14309,7 +14309,7 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14330,7 +14330,7 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14351,7 +14351,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14372,7 +14372,7 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.2" \ +run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14393,7 +14393,7 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3 -> 1.2" \ +run_test "Handshake defragmentation on server: len=3, TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ @@ -14404,7 +14404,7 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3 -> 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 -> 1.2" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ From 19dbbe095894a623f5ac32393f57219ef60a647c Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 27 Feb 2025 11:45:02 +0000 Subject: [PATCH 0178/1548] analyze_outcomes: Temporary disabled 3 HS Degragmentation tests. Signed-off-by: Minos Galanakis --- tests/scripts/analyze_outcomes.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index e68c2cbf09..7a5c506a95 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -50,6 +50,11 @@ def _has_word_re(words: typing.Iterable[str], # TLS doesn't use restartable ECDH yet. # https://github.com/Mbed-TLS/mbedtls/issues/7294 re.compile(r'EC restart:.*no USE_PSA.*'), + # Temporary disable Handshake defragmentation tests until mbedtls + # pr #10011 has been merged. + 'Handshake defragmentation on client: len=4, TLS 1.2', + 'Handshake defragmentation on client: len=5, TLS 1.2', + 'Handshake defragmentation on client: len=13, TLS 1.2' ], 'test_suite_config.mbedtls_boolean': [ # Missing coverage of test configurations. From 76957cceabebc87acbb363c3971403939d692104 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 27 Feb 2025 14:43:17 +0000 Subject: [PATCH 0179/1548] ssl-opt: Minor typos and documentation fixes. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 52ae002655..84b72e8b4c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13874,10 +13874,9 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing -# To warrant that the handhake messages are large enough and need to be split +# To guarantee that the handhake messages are large enough and need to be split # into fragments, the tests require certificate authentication. The party in control -# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes) -# either from O_NEXT_SRV or test data. +# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ @@ -13897,9 +13896,7 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ -c "waiting for more fragments (512 of [0-9]\\+" -# Since the removal of the DHE-RSA key exchange, the default openssl server -# certificate does not match what is provided by the testing client. Those -# use-cases are out of scope for defregmentation testing, and should be skipped. +#The server uses an ECDSA cert, so make sure we have a compatible key exchange requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -14220,12 +14217,12 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ -s "waiting for more fragments (128" -# Server-side ClientHello degfragmentation is only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing +# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing # the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14246,7 +14243,7 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14267,7 +14264,7 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14288,7 +14285,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14309,7 +14306,7 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14330,7 +14327,7 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14351,7 +14348,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14372,7 +14369,7 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -14393,7 +14390,7 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ @@ -14404,7 +14401,7 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3 Client-Hallo -> requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.3 Client-Hallo -> 1.2 Handhsake" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello" \ "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ From d01ac30cfa941141e49c5c0d561a48565c7a5627 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 27 Feb 2025 15:11:09 +0000 Subject: [PATCH 0180/1548] ssl-opt: Adjusted reference hs defragmentation tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 84b72e8b4c..7fdab715f8 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13877,7 +13877,6 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # To guarantee that the handhake messages are large enough and need to be split # into fragments, the tests require certificate authentication. The party in control # of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ "$O_NEXT_SRV" \ @@ -14138,14 +14137,13 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ -c "handshake message too short: 3" \ -c "SSL - An invalid SSL record was received" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ - -C "reassembled record" \ - -C "waiting for more fragments" + -S "reassembled record" \ + -S "waiting for more fragments" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication From 0dd57a99137a32ce1eae4dd20f452f32248543a4 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 27 Feb 2025 18:02:33 +0000 Subject: [PATCH 0181/1548] ssl-opt: Removed dependencies for HS defrag negative tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7fdab715f8..b758aa2960 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14118,7 +14118,6 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ -c "waiting for more fragments (4" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ "$P_CLI debug_level=4 " \ @@ -14128,8 +14127,6 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ -c "SSL - An invalid SSL record was received" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \ "$P_CLI debug_level=4 " \ @@ -14397,7 +14394,6 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> -s "SSL - An invalid SSL record was received" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello" \ "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ From 4354dc646feb66e32a50e6fb793966934d88c901 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 27 Feb 2025 22:36:58 +0000 Subject: [PATCH 0182/1548] ssl-opt: Re-introduce certificate dependency for HS negative tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b758aa2960..5fc17a4cbd 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14118,6 +14118,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ -c "waiting for more fragments (4" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ "$P_CLI debug_level=4 " \ From 886fa8d71a718079ded28f32fb3008117cf90e69 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 3 Mar 2025 15:31:55 +0100 Subject: [PATCH 0183/1548] psasim: add support for psa_export_public_key_iop This commit also includes regenerated C and H files. Signed-off-by: Valerio Setti --- .../psasim/src/psa_functions_codes.h | 4 + .../psasim/src/psa_sim_crypto_client.c | 318 ++++++++++++++++ .../psasim/src/psa_sim_crypto_server.c | 348 ++++++++++++++++++ .../psasim/src/psa_sim_serialise.c | 36 ++ .../psasim/src/psa_sim_serialise.h | 43 +++ .../psasim/src/psa_sim_serialise.pl | 3 +- 6 files changed, 751 insertions(+), 1 deletion(-) diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h index 4be53c5973..7cb8ea80bd 100644 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h @@ -39,6 +39,10 @@ enum { PSA_DESTROY_KEY, PSA_EXPORT_KEY, PSA_EXPORT_PUBLIC_KEY, + PSA_EXPORT_PUBLIC_KEY_IOP_ABORT, + PSA_EXPORT_PUBLIC_KEY_IOP_COMPLETE, + PSA_EXPORT_PUBLIC_KEY_IOP_GET_NUM_OPS, + PSA_EXPORT_PUBLIC_KEY_IOP_SETUP, PSA_GENERATE_KEY, PSA_GENERATE_KEY_CUSTOM, PSA_GENERATE_KEY_IOP_ABORT, diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index f6efd620cf..e6368ccc6a 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -2725,6 +2725,324 @@ psa_status_t psa_export_public_key( } +psa_status_t psa_export_public_key_iop_abort( + psa_export_public_key_iop_t *operation + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_export_public_key_iop_t_needs(*operation); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_export_public_key_iop_t( + &pos, &remaining, + *operation); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY_IOP_ABORT, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_EXPORT_PUBLIC_KEY_IOP_ABORT server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_export_public_key_iop_t( + &rpos, &rremain, + operation); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_export_public_key_iop_complete( + psa_export_public_key_iop_t *operation, + uint8_t *data, size_t data_size, + size_t *data_length + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_export_public_key_iop_t_needs(*operation) + + psasim_serialise_buffer_needs(data, data_size) + + psasim_serialise_size_t_needs(*data_length); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_export_public_key_iop_t( + &pos, &remaining, + *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer( + &pos, &remaining, + data, data_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t( + &pos, &remaining, + *data_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY_IOP_COMPLETE, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_EXPORT_PUBLIC_KEY_IOP_COMPLETE server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_export_public_key_iop_t( + &rpos, &rremain, + operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + data, data_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t( + &rpos, &rremain, + data_length); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +uint32_t psa_export_public_key_iop_get_num_ops( + psa_export_public_key_iop_t *operation + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + uint32_t value = 0; + + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_export_public_key_iop_t_needs(*operation); + + ser_params = malloc(needed); + if (ser_params == NULL) { + value = 0; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_export_public_key_iop_t( + &pos, &remaining, + *operation); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY_IOP_GET_NUM_OPS, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_EXPORT_PUBLIC_KEY_IOP_GET_NUM_OPS server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_uint32_t( + &rpos, &rremain, + &value); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_export_public_key_iop_t( + &rpos, &rremain, + operation); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return value; +} + + +psa_status_t psa_export_public_key_iop_setup( + psa_export_public_key_iop_t *operation, + mbedtls_svc_key_id_t key + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_export_public_key_iop_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_export_public_key_iop_t( + &pos, &remaining, + *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY_IOP_SETUP, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_EXPORT_PUBLIC_KEY_IOP_SETUP server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_export_public_key_iop_t( + &rpos, &rremain, + operation); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + psa_status_t psa_generate_key( const psa_key_attributes_t *attributes, mbedtls_svc_key_id_t *key diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index 599e55f3e4..cf09842b62 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -3035,6 +3035,354 @@ int psa_export_public_key_wrapper( return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_export_public_key_iop_abort_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_export_public_key_iop_t operation; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_export_public_key_iop_t( + &pos, &remaining, + &operation); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_export_public_key_iop_abort( + &operation + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_psa_export_public_key_iop_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_export_public_key_iop_t( + &rpos, &rremain, + operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_export_public_key_iop_complete_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_export_public_key_iop_t operation; + uint8_t *data = NULL; + size_t data_size; + size_t data_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_export_public_key_iop_t( + &pos, &remaining, + &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer( + &pos, &remaining, + &data, &data_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t( + &pos, &remaining, + &data_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_export_public_key_iop_complete( + &operation, + data, data_size, + &data_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_psa_export_public_key_iop_t_needs(operation) + + psasim_serialise_buffer_needs(data, data_size) + + psasim_serialise_size_t_needs(data_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_export_public_key_iop_t( + &rpos, &rremain, + operation); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer( + &rpos, &rremain, + data, data_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t( + &rpos, &rremain, + data_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(data); + + return 1; // success + +fail: + free(result); + + free(data); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_export_public_key_iop_get_num_ops_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + uint32_t value = 0; + psa_export_public_key_iop_t operation; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_export_public_key_iop_t( + &pos, &remaining, + &operation); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + value = psa_export_public_key_iop_get_num_ops( + &operation + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_uint32_t_needs(value) + + psasim_serialise_psa_export_public_key_iop_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_uint32_t( + &rpos, &rremain, + value); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_export_public_key_iop_t( + &rpos, &rremain, + operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_export_public_key_iop_setup_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_export_public_key_iop_t operation; + mbedtls_svc_key_id_t key; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_export_public_key_iop_t( + &pos, &remaining, + &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_export_public_key_iop_setup( + &operation, + key + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_psa_export_public_key_iop_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_export_public_key_iop_t( + &rpos, &rremain, + operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + // Returns 1 for success, 0 for failure int psa_generate_key_wrapper( uint8_t *in_params, size_t in_params_len, diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c index cd081e479b..0dde934ada 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c @@ -1696,6 +1696,42 @@ int psasim_deserialise_psa_generate_key_iop_t(uint8_t **pos, return 1; } +size_t psasim_serialise_psa_export_public_key_iop_t_needs( + psa_export_public_key_iop_t value) +{ + return sizeof(value); +} + +int psasim_serialise_psa_export_public_key_iop_t(uint8_t **pos, + size_t *remaining, + psa_export_public_key_iop_t value) +{ + if (*remaining < sizeof(value)) { + return 0; + } + + memcpy(*pos, &value, sizeof(value)); + *pos += sizeof(value); + + return 1; +} + +int psasim_deserialise_psa_export_public_key_iop_t(uint8_t **pos, + size_t *remaining, + psa_export_public_key_iop_t *value) +{ + if (*remaining < sizeof(*value)) { + return 0; + } + + memcpy(value, *pos, sizeof(*value)); + + *pos += sizeof(*value); + *remaining -= sizeof(*value); + + return 1; +} + void psa_sim_serialize_reset(void) { memset(hash_operation_handles, 0, diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h index a224d82589..3b6f08e19d 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h @@ -1387,3 +1387,46 @@ int psasim_serialise_psa_generate_key_iop_t(uint8_t **pos, int psasim_deserialise_psa_generate_key_iop_t(uint8_t **pos, size_t *remaining, psa_generate_key_iop_t *value); + +/** Return how much buffer space is needed by \c psasim_serialise_psa_export_public_key_iop_t() + * to serialise a `psa_export_public_key_iop_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_export_public_key_iop_t() to serialise + * the given value. + */ +size_t psasim_serialise_psa_export_public_key_iop_t_needs( + psa_export_public_key_iop_t value); + +/** Serialise a `psa_export_public_key_iop_t` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_psa_export_public_key_iop_t(uint8_t **pos, + size_t *remaining, + psa_export_public_key_iop_t value); + +/** Deserialise a `psa_export_public_key_iop_t` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_export_public_key_iop_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_psa_export_public_key_iop_t(uint8_t **pos, + size_t *remaining, + psa_export_public_key_iop_t *value); diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl index 0dba81e1ef..0c9faf42ef 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl @@ -50,7 +50,8 @@ psa_verify_hash_interruptible_operation_t mbedtls_svc_key_id_t psa_key_agreement_iop_t - sa_generate_key_iop_t); + psa_generate_key_iop_t + psa_export_public_key_iop_t); grep(s/-/ /g, @types); From 1027c4cc3c383f88cba78c51ebe436750da6cf0c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 3 Mar 2025 15:36:00 +0100 Subject: [PATCH 0184/1548] psasim: add support for psa_can_do_hash() This commit also includes regenerated C and H files. Signed-off-by: Valerio Setti --- .../psasim/src/psa_functions_codes.h | 1 + .../psasim/src/psa_sim_crypto_client.c | 62 +++++++++++++ .../psasim/src/psa_sim_crypto_server.c | 87 +++++++++++++++++++ .../psasim/src/psa_sim_generate.pl | 2 + 4 files changed, 152 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h index 7cb8ea80bd..74746b653b 100644 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h @@ -26,6 +26,7 @@ enum { PSA_AEAD_VERIFY, PSA_ASYMMETRIC_DECRYPT, PSA_ASYMMETRIC_ENCRYPT, + PSA_CAN_DO_HASH, PSA_CIPHER_ABORT, PSA_CIPHER_DECRYPT, PSA_CIPHER_DECRYPT_SETUP, diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index e6368ccc6a..635a70545a 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -1544,6 +1544,68 @@ psa_status_t psa_asymmetric_encrypt( } +int psa_can_do_hash( + psa_algorithm_t hash_alg + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + int value = 0; + + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_algorithm_t_needs(hash_alg); + + ser_params = malloc(needed); + if (ser_params == NULL) { + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + hash_alg); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_CAN_DO_HASH, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_CAN_DO_HASH server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_int( + &rpos, &rremain, + &value); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return value; +} + + psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index cf09842b62..bd121c5433 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -1705,6 +1705,73 @@ int psa_asymmetric_encrypt_wrapper( return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_can_do_hash_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + int value = 0; + psa_algorithm_t hash_alg; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &hash_alg); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + value = psa_can_do_hash( + hash_alg + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_int_needs(value); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_int( + &rpos, &rremain, + value); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + // Returns 1 for success, 0 for failure int psa_cipher_abort_wrapper( uint8_t *in_params, size_t in_params_len, @@ -8826,6 +8893,10 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_asymmetric_encrypt_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_CAN_DO_HASH: + ok = psa_can_do_hash_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; case PSA_CIPHER_ABORT: ok = psa_cipher_abort_wrapper(in_params, in_params_len, &out_params, &out_params_len); @@ -8878,6 +8949,22 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_export_public_key_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_EXPORT_PUBLIC_KEY_IOP_ABORT: + ok = psa_export_public_key_iop_abort_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_EXPORT_PUBLIC_KEY_IOP_COMPLETE: + ok = psa_export_public_key_iop_complete_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_EXPORT_PUBLIC_KEY_IOP_GET_NUM_OPS: + ok = psa_export_public_key_iop_get_num_ops_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_EXPORT_PUBLIC_KEY_IOP_SETUP: + ok = psa_export_public_key_iop_setup_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; case PSA_GENERATE_KEY: ok = psa_generate_key_wrapper(in_params, in_params_len, &out_params, &out_params_len); diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index fbceddf8d2..5490337cf8 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -1107,11 +1107,13 @@ sub get_functions my $ret_name = ""; $ret_name = "status" if $ret_type eq "psa_status_t"; $ret_name = "value" if $ret_type eq "uint32_t"; + $ret_name = "value" if $ret_type eq "int"; $ret_name = "(void)" if $ret_type eq "void"; die("ret_name for $ret_type?") unless length($ret_name); my $ret_default = ""; $ret_default = "PSA_ERROR_CORRUPTION_DETECTED" if $ret_type eq "psa_status_t"; $ret_default = "0" if $ret_type eq "uint32_t"; + $ret_default = "0" if $ret_type eq "int"; $ret_default = "(void)" if $ret_type eq "void"; die("ret_default for $ret_type?") unless length($ret_default); From 4773333dc6c32963db11f077c9162fc5806a31b9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 1 Mar 2025 14:28:20 +0100 Subject: [PATCH 0185/1548] New generated file: tests/opt-testcases/handshake-generated.sh Signed-off-by: Gilles Peskine --- framework | 2 +- scripts/make_generated_files.bat | 1 + tests/.gitignore | 1 + tests/CMakeLists.txt | 18 ++++++++++++++++++ tests/Makefile | 7 +++++++ tests/scripts/check-generated-files.sh | 1 + 6 files changed, 29 insertions(+), 1 deletion(-) diff --git a/framework b/framework index 523a12d05b..11e4f5ac1c 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 523a12d05b91301b020e2aa560d9774135e3a801 +Subproject commit 11e4f5ac1c71fe7d803fa5193236560b2e176cea diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index 4982f77dba..bef198f361 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -32,4 +32,5 @@ python framework\scripts\generate_psa_tests.py --directory tf-psa-crypto\tests\s python framework\scripts\generate_test_keys.py --output framework\tests\include\test\test_keys.h || exit /b 1 python tf-psa-crypto\framework\scripts\generate_test_keys.py --output tf-psa-crypto\framework\tests\include\test\test_keys.h || exit /b 1 python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1 +python framework\scripts\generate_tls_handshake_tests.py || exit /b 1 python framework\scripts\generate_tls13_compat_tests.py || exit /b 1 diff --git a/tests/.gitignore b/tests/.gitignore index 997101cc80..a4a0309fa8 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -18,6 +18,7 @@ ###START_GENERATED_FILES### # Generated source files +/opt-testcases/handshake-generated.sh /opt-testcases/tls13-compat.sh /suites/*.generated.data /suites/test_suite_config.mbedtls_boolean.data diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 950c365973..a56a707f41 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -57,6 +57,24 @@ if(GEN_FILES) # change too often in ways that don't affect the result # ((un)commenting some options). ) + + add_custom_command( + OUTPUT + ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh + WORKING_DIRECTORY + ${CMAKE_CURRENT_SOURCE_DIR}/.. + COMMAND + "${MBEDTLS_PYTHON_EXECUTABLE}" + "${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py" + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/tls_test_case.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py + ) + add_custom_target(handshake-generated.sh + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh) + set_target_properties(handshake-generated.sh PROPERTIES EXCLUDE_FROM_ALL NO) + add_dependencies(${ssl_opt_target} handshake-generated.sh) + add_custom_command( OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/tls13-compat.sh diff --git a/tests/Makefile b/tests/Makefile index 7bd9953422..b6f2f8caff 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -64,6 +64,13 @@ GENERATED_FILES += ../framework/tests/include/test/test_keys.h \ # Generated files needed to (fully) run ssl-opt.sh .PHONY: ssl-opt +opt-testcases/handshake-generated.sh: ../framework/scripts/mbedtls_framework/tls_test_case.py +opt-testcases/handshake-generated.sh: ../framework/scripts/generate_tls_handshake_tests.py + echo " Gen $@" + $(PYTHON) ../framework/scripts/generate_tls_handshake_tests.py -o $@ +GENERATED_FILES += opt-testcases/handshake-generated.sh +ssl-opt: opt-testcases/handshake-generated.sh + opt-testcases/tls13-compat.sh: ../framework/scripts/generate_tls13_compat_tests.py echo " Gen $@" $(PYTHON) ../framework/scripts/generate_tls13_compat_tests.py -o $@ diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 8cc341d177..ba10024ee8 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -179,6 +179,7 @@ if in_mbedtls_repo; then check scripts/generate_query_config.pl programs/test/query_config.c check scripts/generate_features.pl library/version_features.c check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c + check framework/scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h # generate_visualc_files enumerates source files (library/*.c). It doesn't From b40d33b7c86c07849001f61d3aa0577d4b2ab016 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 1 Mar 2025 14:26:51 +0100 Subject: [PATCH 0186/1548] Move most TLS handshake defragmentation tests to a separate file Prepare for those test cases to be automatically generated by a script. Signed-off-by: Gilles Peskine --- tests/opt-testcases/handshake-manual.sh | 519 +++++++++++++++++++++++ tests/ssl-opt.sh | 520 +----------------------- 2 files changed, 520 insertions(+), 519 deletions(-) create mode 100644 tests/opt-testcases/handshake-manual.sh diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh new file mode 100644 index 0000000000..8496c0d871 --- /dev/null +++ b/tests/opt-testcases/handshake-manual.sh @@ -0,0 +1,519 @@ +# To guarantee that the handhake messages are large enough and need to be split +# into fragments, the tests require certificate authentication. The party in control +# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). +requires_certificate_authentication +run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ + "$O_NEXT_SRV" \ + "$P_CLI debug_level=4 " \ + 0 \ + -C "reassembled record" \ + -C "waiting for more fragments" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -c "waiting for more fragments (512 of [0-9]\\+" + +#The server uses an ECDSA cert, so make sure we have a compatible key exchange +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -c "waiting for more fragments (512 of [0-9]\\+" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -c "waiting for more fragments (513 of [0-9]\\+" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -c "waiting for more fragments (513 of [0-9]\\+" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -c "waiting for more fragments (256 of [0-9]\\+" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -c "waiting for more fragments (256 of [0-9]\\+" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -c "waiting for more fragments (128" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -c "waiting for more fragments (128" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -c "waiting for more fragments (64" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -c "waiting for more fragments (64" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -c "waiting for more fragments (36" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -c "waiting for more fragments (36" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -c "waiting for more fragments (32" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -c "waiting for more fragments (32" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -c "waiting for more fragments (16" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -c "waiting for more fragments (16" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -c "waiting for more fragments (13" + +skip_next_test +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -c "waiting for more fragments (13" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -c "waiting for more fragments (5" + +skip_next_test +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -c "waiting for more fragments (5" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -c "waiting for more fragments (4" + +skip_next_test +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \ + "$P_CLI debug_level=4 " \ + 0 \ + -c "reassembled record" \ + -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -c "waiting for more fragments (4" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ + "$P_CLI debug_level=4 " \ + 1 \ + -c "=> ssl_tls13_process_server_hello" \ + -c "handshake message too short: 3" \ + -c "SSL - An invalid SSL record was received" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \ + "$P_CLI debug_level=4 " \ + 1 \ + -c "handshake message too short: 3" \ + -c "SSL - An invalid SSL record was received" + +requires_certificate_authentication +run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -S "reassembled record" \ + -S "waiting for more fragments" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -s "waiting for more fragments (512" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ + -s "waiting for more fragments (512" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -s "waiting for more fragments (513" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ + -s "waiting for more fragments (513" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -s "waiting for more fragments (256" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ + -s "waiting for more fragments (256" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -s "waiting for more fragments (128" + +# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing +# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ + -s "waiting for more fragments (128" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -s "waiting for more fragments (64" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ + -s "waiting for more fragments (64" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -s "waiting for more fragments (36" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ + -s "waiting for more fragments (36" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -s "waiting for more fragments (32" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ + -s "waiting for more fragments (32" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -s "waiting for more fragments (16" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ + -s "waiting for more fragments (16" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -s "waiting for more fragments (13" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ + -s "waiting for more fragments (13" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -s "waiting for more fragments (5" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ + -s "waiting for more fragments (5" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -s "waiting for more fragments (4" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "reassembled record" \ + -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ + -s "waiting for more fragments (4" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 1 \ + -s "<= parse client hello" \ + -s "handshake message too short: 3" \ + -s "SSL - An invalid SSL record was received" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 1 \ + -s "<= parse client hello" \ + -s "handshake message too short: 3" \ + -s "SSL - An invalid SSL record was received" diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5fc17a4cbd..40d15152c3 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13874,525 +13874,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Handshake defragmentation testing -# To guarantee that the handhake messages are large enough and need to be split -# into fragments, the tests require certificate authentication. The party in control -# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). -requires_certificate_authentication -run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ - "$O_NEXT_SRV" \ - "$P_CLI debug_level=4 " \ - 0 \ - -C "reassembled record" \ - -C "waiting for more fragments" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -c "waiting for more fragments (512 of [0-9]\\+" - -#The server uses an ECDSA cert, so make sure we have a compatible key exchange -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -c "waiting for more fragments (512 of [0-9]\\+" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -c "waiting for more fragments (513 of [0-9]\\+" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -c "waiting for more fragments (513 of [0-9]\\+" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -c "waiting for more fragments (256 of [0-9]\\+" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -c "waiting for more fragments (256 of [0-9]\\+" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -c "waiting for more fragments (128" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -c "waiting for more fragments (128" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -c "waiting for more fragments (64" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -c "waiting for more fragments (64" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -c "waiting for more fragments (36" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -c "waiting for more fragments (36" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -c "waiting for more fragments (32" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -c "waiting for more fragments (32" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -c "waiting for more fragments (16" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -c "waiting for more fragments (16" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -c "waiting for more fragments (13" - -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -c "waiting for more fragments (13" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -c "waiting for more fragments (5" - -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -c "waiting for more fragments (5" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -c "waiting for more fragments (4" - -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \ - "$P_CLI debug_level=4 " \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -c "waiting for more fragments (4" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ - "$P_CLI debug_level=4 " \ - 1 \ - -c "=> ssl_tls13_process_server_hello" \ - -c "handshake message too short: 3" \ - -c "SSL - An invalid SSL record was received" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \ - "$P_CLI debug_level=4 " \ - 1 \ - -c "handshake message too short: 3" \ - -c "SSL - An invalid SSL record was received" - -requires_certificate_authentication -run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -S "reassembled record" \ - -S "waiting for more fragments" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -s "waiting for more fragments (512" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -s "waiting for more fragments (512" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -s "waiting for more fragments (513" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -s "waiting for more fragments (513" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -s "waiting for more fragments (256" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -s "waiting for more fragments (256" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -s "waiting for more fragments (128" - -# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing -# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -s "waiting for more fragments (128" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -s "waiting for more fragments (64" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -s "waiting for more fragments (64" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -s "waiting for more fragments (36" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -s "waiting for more fragments (36" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -s "waiting for more fragments (32" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -s "waiting for more fragments (32" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -s "waiting for more fragments (16" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -s "waiting for more fragments (16" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -s "waiting for more fragments (13" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -s "waiting for more fragments (13" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -s "waiting for more fragments (5" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -s "waiting for more fragments (5" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -s "waiting for more fragments (4" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -s "waiting for more fragments (4" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 1 \ - -s "<= parse client hello" \ - -s "handshake message too short: 3" \ - -s "SSL - An invalid SSL record was received" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 1 \ - -s "<= parse client hello" \ - -s "handshake message too short: 3" \ - -s "SSL - An invalid SSL record was received" +# Most test cases are in opt-testcases/handshake-generated.sh requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication From aaab090ad87b5c504e5e4f349c8b235faf3aac34 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 1 Mar 2025 13:53:18 +0100 Subject: [PATCH 0187/1548] Normalize whitespace in defragmentation test cases Signed-off-by: Gilles Peskine --- tests/opt-testcases/handshake-manual.sh | 98 ++++++++++++------------- 1 file changed, 49 insertions(+), 49 deletions(-) diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh index 8496c0d871..1b7b9799f3 100644 --- a/tests/opt-testcases/handshake-manual.sh +++ b/tests/opt-testcases/handshake-manual.sh @@ -4,7 +4,7 @@ requires_certificate_authentication run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ "$O_NEXT_SRV" \ - "$P_CLI debug_level=4 " \ + "$P_CLI debug_level=4" \ 0 \ -C "reassembled record" \ -C "waiting for more fragments" @@ -12,8 +12,8 @@ run_test "Handshake defragmentation on client (no fragmentation, for referenc requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 512" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ @@ -24,8 +24,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 512" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ @@ -34,8 +34,8 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 513" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ @@ -45,8 +45,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 513" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ @@ -55,8 +55,8 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 256" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ @@ -66,8 +66,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ @@ -76,8 +76,8 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 128" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ @@ -87,8 +87,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 128" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ @@ -97,8 +97,8 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 64" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ @@ -108,8 +108,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 64" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ @@ -118,8 +118,8 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 36" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ @@ -129,8 +129,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 36" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ @@ -139,8 +139,8 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 32" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ @@ -150,8 +150,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 32" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ @@ -160,8 +160,8 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 16" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ @@ -171,8 +171,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 16" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ @@ -181,8 +181,8 @@ run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 13" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ @@ -192,8 +192,8 @@ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 13" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ @@ -202,8 +202,8 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 5" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ @@ -213,8 +213,8 @@ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 5" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ @@ -223,8 +223,8 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 4" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ @@ -234,8 +234,8 @@ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 4" \ + "$P_CLI debug_level=4" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ @@ -244,8 +244,8 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_3 -split_send_frag 3" \ + "$P_CLI debug_level=4" \ 1 \ -c "=> ssl_tls13_process_server_hello" \ -c "handshake message too short: 3" \ @@ -253,8 +253,8 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \ - "$P_CLI debug_level=4 " \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 3" \ + "$P_CLI debug_level=4" \ 1 \ -c "handshake message too short: 3" \ -c "SSL - An invalid SSL record was received" From 46cb8a2aa91b4f7ff146b6a6c940d9807ee2e313 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 1 Mar 2025 14:12:02 +0100 Subject: [PATCH 0188/1548] Normalize messages in defragmentation test cases Make some test case descriptions and log patterns follow more systematic patterns. Signed-off-by: Gilles Peskine --- tests/opt-testcases/handshake-manual.sh | 94 ++++++++++++------------- 1 file changed, 47 insertions(+), 47 deletions(-) diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh index 1b7b9799f3..087cf66fce 100644 --- a/tests/opt-testcases/handshake-manual.sh +++ b/tests/opt-testcases/handshake-manual.sh @@ -2,7 +2,7 @@ # into fragments, the tests require certificate authentication. The party in control # of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). requires_certificate_authentication -run_test "Handshake defragmentation on client (no fragmentation, for reference)" \ +run_test "Handshake defragmentation on client: no fragmentation, for reference" \ "$O_NEXT_SRV" \ "$P_CLI debug_level=4" \ 0 \ @@ -17,7 +17,7 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -c "waiting for more fragments (512 of [0-9]\\+" + -c "waiting for more fragments (512 of" #The server uses an ECDSA cert, so make sure we have a compatible key exchange requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -29,7 +29,7 @@ run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -c "waiting for more fragments (512 of [0-9]\\+" + -c "waiting for more fragments (512 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -39,7 +39,7 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -c "waiting for more fragments (513 of [0-9]\\+" + -c "waiting for more fragments (513 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -50,7 +50,7 @@ run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -c "waiting for more fragments (513 of [0-9]\\+" + -c "waiting for more fragments (513 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -60,7 +60,7 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -c "waiting for more fragments (256 of [0-9]\\+" + -c "waiting for more fragments (256 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -71,7 +71,7 @@ run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -c "waiting for more fragments (256 of [0-9]\\+" + -c "waiting for more fragments (256 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -81,7 +81,7 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -c "waiting for more fragments (128" + -c "waiting for more fragments (128 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -92,7 +92,7 @@ run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -c "waiting for more fragments (128" + -c "waiting for more fragments (128 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -102,7 +102,7 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -c "waiting for more fragments (64" + -c "waiting for more fragments (64 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -113,7 +113,7 @@ run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -c "waiting for more fragments (64" + -c "waiting for more fragments (64 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -123,7 +123,7 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -c "waiting for more fragments (36" + -c "waiting for more fragments (36 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -134,7 +134,7 @@ run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -c "waiting for more fragments (36" + -c "waiting for more fragments (36 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -144,7 +144,7 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -c "waiting for more fragments (32" + -c "waiting for more fragments (32 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -155,7 +155,7 @@ run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -c "waiting for more fragments (32" + -c "waiting for more fragments (32 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -165,7 +165,7 @@ run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -c "waiting for more fragments (16" + -c "waiting for more fragments (16 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -176,7 +176,7 @@ run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -c "waiting for more fragments (16" + -c "waiting for more fragments (16 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -186,7 +186,7 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -c "waiting for more fragments (13" + -c "waiting for more fragments (13 of" skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -197,7 +197,7 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -c "waiting for more fragments (13" + -c "waiting for more fragments (13 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -207,7 +207,7 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -c "waiting for more fragments (5" + -c "waiting for more fragments (5 of" skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -218,7 +218,7 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -c "waiting for more fragments (5" + -c "waiting for more fragments (5 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -228,7 +228,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -c "waiting for more fragments (4" + -c "waiting for more fragments (4 of" skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -239,7 +239,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ 0 \ -c "reassembled record" \ -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -c "waiting for more fragments (4" + -c "waiting for more fragments (4 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -260,7 +260,7 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ -c "SSL - An invalid SSL record was received" requires_certificate_authentication -run_test "Handshake defragmentation on server (no fragmentation, for reference)." \ +run_test "Handshake defragmentation on server: no fragmentation, for reference" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -275,7 +275,7 @@ run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -s "waiting for more fragments (512" + -s "waiting for more fragments (512 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -285,7 +285,7 @@ run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -s "waiting for more fragments (512" + -s "waiting for more fragments (512 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -295,7 +295,7 @@ run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -s "waiting for more fragments (513" + -s "waiting for more fragments (513 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -305,7 +305,7 @@ run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -s "waiting for more fragments (513" + -s "waiting for more fragments (513 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -315,7 +315,7 @@ run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -s "waiting for more fragments (256" + -s "waiting for more fragments (256 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication @@ -325,7 +325,7 @@ run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -s "waiting for more fragments (256" + -s "waiting for more fragments (256 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -335,7 +335,7 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -s "waiting for more fragments (128" + -s "waiting for more fragments (128 of" # Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing # the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. @@ -348,7 +348,7 @@ run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 Clie 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -s "waiting for more fragments (128" + -s "waiting for more fragments (128 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -358,7 +358,7 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -s "waiting for more fragments (64" + -s "waiting for more fragments (64 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -369,7 +369,7 @@ run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 Clien 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -s "waiting for more fragments (64" + -s "waiting for more fragments (64 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -379,7 +379,7 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -s "waiting for more fragments (36" + -s "waiting for more fragments (36 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -390,7 +390,7 @@ run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 Clien 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -s "waiting for more fragments (36" + -s "waiting for more fragments (36 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -400,7 +400,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -s "waiting for more fragments (32" + -s "waiting for more fragments (32 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -411,7 +411,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 Clien 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -s "waiting for more fragments (32" + -s "waiting for more fragments (32 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -421,7 +421,7 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -s "waiting for more fragments (16" + -s "waiting for more fragments (16 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -432,7 +432,7 @@ run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 Clien 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -s "waiting for more fragments (16" + -s "waiting for more fragments (16 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -442,7 +442,7 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -s "waiting for more fragments (13" + -s "waiting for more fragments (13 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -453,7 +453,7 @@ run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 Clien 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -s "waiting for more fragments (13" + -s "waiting for more fragments (13 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -463,7 +463,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -s "waiting for more fragments (5" + -s "waiting for more fragments (5 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -474,7 +474,7 @@ run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 Client 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -s "waiting for more fragments (5" + -s "waiting for more fragments (5 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -484,7 +484,7 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -s "waiting for more fragments (4" + -s "waiting for more fragments (4 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -495,7 +495,7 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 Client 0 \ -s "reassembled record" \ -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -s "waiting for more fragments (4" + -s "waiting for more fragments (4 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -510,7 +510,7 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \ +run_test "Handshake defragmentation on server: len=3, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ From 5071a253209921c1bf334b3b961cde1299413a4f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 1 Mar 2025 16:38:50 +0100 Subject: [PATCH 0189/1548] Normalize requirements in defragmentation test cases Be more uniform in where certificate authentication and ECDSA are explicitly required. A few test cases now run in PSK-only configurations where they always could. Add a missing requirement on ECDSA to test cases that are currently skipped. Signed-off-by: Gilles Peskine --- tests/opt-testcases/handshake-manual.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh index 087cf66fce..1e118e59c1 100644 --- a/tests/opt-testcases/handshake-manual.sh +++ b/tests/opt-testcases/handshake-manual.sh @@ -1,7 +1,6 @@ # To guarantee that the handhake messages are large enough and need to be split # into fragments, the tests require certificate authentication. The party in control # of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). -requires_certificate_authentication run_test "Handshake defragmentation on client: no fragmentation, for reference" \ "$O_NEXT_SRV" \ "$P_CLI debug_level=4" \ @@ -191,6 +190,7 @@ run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 13" \ "$P_CLI debug_level=4" \ @@ -212,6 +212,7 @@ run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 5" \ "$P_CLI debug_level=4" \ @@ -233,6 +234,7 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 4" \ "$P_CLI debug_level=4" \ @@ -242,7 +244,6 @@ run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ -c "waiting for more fragments (4 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ "$O_NEXT_SRV -tls1_3 -split_send_frag 3" \ "$P_CLI debug_level=4" \ @@ -259,7 +260,6 @@ run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ -c "handshake message too short: 3" \ -c "SSL - An invalid SSL record was received" -requires_certificate_authentication run_test "Handshake defragmentation on server: no fragmentation, for reference" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -498,7 +498,6 @@ run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 Client -s "waiting for more fragments (4 of" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -509,7 +508,6 @@ run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication run_test "Handshake defragmentation on server: len=3, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ From f89bc276033d10b28429d8be04d1f6799fac3251 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 1 Mar 2025 16:48:33 +0100 Subject: [PATCH 0190/1548] Switch to generated handshake tests Replace `tests/opt-testcases/handshake-manual.sh` by `tests/opt-testcases/handshake-generated.sh`. They are identical except for comments. Signed-off-by: Gilles Peskine --- framework | 2 +- tests/opt-testcases/handshake-manual.sh | 517 ------------------------ 2 files changed, 1 insertion(+), 518 deletions(-) delete mode 100644 tests/opt-testcases/handshake-manual.sh diff --git a/framework b/framework index 11e4f5ac1c..f88eb21ff1 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 11e4f5ac1c71fe7d803fa5193236560b2e176cea +Subproject commit f88eb21ff11afe2c9ed553dcdba27166198f90d9 diff --git a/tests/opt-testcases/handshake-manual.sh b/tests/opt-testcases/handshake-manual.sh deleted file mode 100644 index 1e118e59c1..0000000000 --- a/tests/opt-testcases/handshake-manual.sh +++ /dev/null @@ -1,517 +0,0 @@ -# To guarantee that the handhake messages are large enough and need to be split -# into fragments, the tests require certificate authentication. The party in control -# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes). -run_test "Handshake defragmentation on client: no fragmentation, for reference" \ - "$O_NEXT_SRV" \ - "$P_CLI debug_level=4" \ - 0 \ - -C "reassembled record" \ - -C "waiting for more fragments" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=512, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 512" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -c "waiting for more fragments (512 of" - -#The server uses an ECDSA cert, so make sure we have a compatible key exchange -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=512, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 512" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -c "waiting for more fragments (512 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=513, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 513" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -c "waiting for more fragments (513 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=513, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 513" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -c "waiting for more fragments (513 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=256, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 256" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -c "waiting for more fragments (256 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=256, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 256" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -c "waiting for more fragments (256 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=128, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 128" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -c "waiting for more fragments (128 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=128, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 128" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -c "waiting for more fragments (128 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=64, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 64" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -c "waiting for more fragments (64 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=64, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 64" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -c "waiting for more fragments (64 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=36, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 36" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -c "waiting for more fragments (36 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=36, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 36" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -c "waiting for more fragments (36 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=32, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 32" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -c "waiting for more fragments (32 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=32, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 32" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -c "waiting for more fragments (32 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=16, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 16" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -c "waiting for more fragments (16 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=16, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 16" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -c "waiting for more fragments (16 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=13, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 13" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -c "waiting for more fragments (13 of" - -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=13, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 13" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -c "waiting for more fragments (13 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=5, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 5" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -c "waiting for more fragments (5 of" - -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=5, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 5" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -c "waiting for more fragments (5 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on client: len=4, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 4" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -c "waiting for more fragments (4 of" - -skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -run_test "Handshake defragmentation on client: len=4, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 4" \ - "$P_CLI debug_level=4" \ - 0 \ - -c "reassembled record" \ - -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -c "waiting for more fragments (4 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Handshake defragmentation on client: len=3, TLS 1.3" \ - "$O_NEXT_SRV -tls1_3 -split_send_frag 3" \ - "$P_CLI debug_level=4" \ - 1 \ - -c "=> ssl_tls13_process_server_hello" \ - -c "handshake message too short: 3" \ - -c "SSL - An invalid SSL record was received" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "Handshake defragmentation on client: len=3, TLS 1.2" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 3" \ - "$P_CLI debug_level=4" \ - 1 \ - -c "handshake message too short: 3" \ - -c "SSL - An invalid SSL record was received" - -run_test "Handshake defragmentation on server: no fragmentation, for reference" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -S "reassembled record" \ - -S "waiting for more fragments" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=512, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -s "waiting for more fragments (512 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=512, TLS 1.2" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \ - -s "waiting for more fragments (512 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=513, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -s "waiting for more fragments (513 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=513, TLS 1.2" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \ - -s "waiting for more fragments (513 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=256, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -s "waiting for more fragments (256 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=256, TLS 1.2" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \ - -s "waiting for more fragments (256 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -s "waiting for more fragments (128 of" - -# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing -# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello. -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=128, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \ - -s "waiting for more fragments (128 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -s "waiting for more fragments (64 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=64, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \ - -s "waiting for more fragments (64 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -s "waiting for more fragments (36 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=36, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \ - -s "waiting for more fragments (36 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -s "waiting for more fragments (32 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \ - -s "waiting for more fragments (32 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -s "waiting for more fragments (16 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=16, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \ - -s "waiting for more fragments (16 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -s "waiting for more fragments (13 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=13, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \ - -s "waiting for more fragments (13 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -s "waiting for more fragments (5 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=5, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \ - -s "waiting for more fragments (5 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -s "waiting for more fragments (4 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=4, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 0 \ - -s "reassembled record" \ - -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \ - -s "waiting for more fragments (4 of" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Handshake defragmentation on server: len=3, TLS 1.3" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 1 \ - -s "<= parse client hello" \ - -s "handshake message too short: 3" \ - -s "SSL - An invalid SSL record was received" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "Handshake defragmentation on server: len=3, TLS 1.2 TLS 1.3 ClientHello -> 1.2 Handshake" \ - "$P_SRV debug_level=4 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 1 \ - -s "<= parse client hello" \ - -s "handshake message too short: 3" \ - -s "SSL - An invalid SSL record was received" From 5328d8f55c23a8d77f10d5b3e0c6f51e23f46fac Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 3 Mar 2025 15:37:47 +0100 Subject: [PATCH 0191/1548] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 2cfed8e711..25742030e4 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 2cfed8e711554ffc9432209caa62244938a7da7b +Subproject commit 25742030e4eddfb29913cb82642703ee0fe5d0d7 From e0bd20bd585a018b6497dac14934ea9a530a9d1f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 3 Mar 2025 14:10:08 +0100 Subject: [PATCH 0192/1548] Generate handshake defragmentation test cases: update analyze_outcomes Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 7a5c506a95..3946017625 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -34,6 +34,13 @@ def _has_word_re(words: typing.Iterable[str], re.DOTALL) IGNORED_TESTS = { + 'handshake-generated': [ + # Temporary disable Handshake defragmentation tests until mbedtls + # pr #10011 has been merged. + 'Handshake defragmentation on client: len=4, TLS 1.2', + 'Handshake defragmentation on client: len=5, TLS 1.2', + 'Handshake defragmentation on client: len=13, TLS 1.2' + ], 'ssl-opt': [ # We don't run ssl-opt.sh with Valgrind on the CI because # it's extremely slow. We don't intend to change this. @@ -50,11 +57,6 @@ def _has_word_re(words: typing.Iterable[str], # TLS doesn't use restartable ECDH yet. # https://github.com/Mbed-TLS/mbedtls/issues/7294 re.compile(r'EC restart:.*no USE_PSA.*'), - # Temporary disable Handshake defragmentation tests until mbedtls - # pr #10011 has been merged. - 'Handshake defragmentation on client: len=4, TLS 1.2', - 'Handshake defragmentation on client: len=5, TLS 1.2', - 'Handshake defragmentation on client: len=13, TLS 1.2' ], 'test_suite_config.mbedtls_boolean': [ # Missing coverage of test configurations. From 2d23a9a4643ca88d9ca541f4a0af556785040878 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 4 Mar 2025 18:51:27 +0100 Subject: [PATCH 0193/1548] Update framework Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index f88eb21ff1..4a009d4b3c 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit f88eb21ff11afe2c9ed553dcdba27166198f90d9 +Subproject commit 4a009d4b3cf6c55a558d90c92c1aa2d1ea2bb99b From 540e7f3738c1133ac75d2e1a06ea970a8a7e5e4a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 10:29:32 +0100 Subject: [PATCH 0194/1548] programs: remove dh_client and dh_server These sample programs depend on MBEDTLS_DHM_C which is being removed, so they should be as well. Signed-off-by: Valerio Setti --- programs/Makefile | 10 -- programs/README.md | 2 - programs/pkey/CMakeLists.txt | 15 +- programs/pkey/dh_client.c | 288 --------------------------------- programs/pkey/dh_server.c | 306 ----------------------------------- 5 files changed, 1 insertion(+), 620 deletions(-) delete mode 100644 programs/pkey/dh_client.c delete mode 100644 programs/pkey/dh_server.c diff --git a/programs/Makefile b/programs/Makefile index 79bb402f1b..9a4237c3a1 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -41,9 +41,7 @@ APPS = \ hash/generic_sum \ hash/hello \ hash/md_hmac_demo \ - pkey/dh_client \ pkey/dh_genprime \ - pkey/dh_server \ pkey/ecdh_curve25519 \ pkey/ecdsa \ pkey/gen_key \ @@ -177,18 +175,10 @@ hash/md_hmac_demo$(EXEXT): hash/md_hmac_demo.c $(DEP) echo " CC hash/md_hmac_demo.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/md_hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -pkey/dh_client$(EXEXT): pkey/dh_client.c $(DEP) - echo " CC pkey/dh_client.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - pkey/dh_genprime$(EXEXT): pkey/dh_genprime.c $(DEP) echo " CC pkey/dh_genprime.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_genprime.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -pkey/dh_server$(EXEXT): pkey/dh_server.c $(DEP) - echo " CC pkey/dh_server.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - pkey/ecdh_curve25519$(EXEXT): pkey/ecdh_curve25519.c $(DEP) echo " CC pkey/ecdh_curve25519.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdh_curve25519.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/programs/README.md b/programs/README.md index 5e5f40a4c3..2d9c187efa 100644 --- a/programs/README.md +++ b/programs/README.md @@ -41,8 +41,6 @@ This subdirectory mostly contains sample programs that illustrate specific featu ### Diffie-Hellman key exchange examples -* [`pkey/dh_client.c`](pkey/dh_client.c), [`pkey/dh_server.c`](pkey/dh_server.c): secure channel demonstrators (client, server). This pair of programs illustrates how to set up a secure channel using RSA for authentication and Diffie-Hellman to generate a shared AES session key. - * [`pkey/ecdh_curve25519.c`](pkey/ecdh_curve25519.c): demonstration of a elliptic curve Diffie-Hellman (ECDH) key agreement. ### Bignum (`mpi`) usage examples diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt index c782ad4655..df63ffc89c 100644 --- a/programs/pkey/CMakeLists.txt +++ b/programs/pkey/CMakeLists.txt @@ -1,16 +1,3 @@ -set(executables_mbedtls - dh_client - dh_server -) -add_dependencies(${programs_target} ${executables_mbedtls}) - -foreach(exe IN LISTS executables_mbedtls) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${mbedtls_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - set(executables_mbedcrypto dh_genprime ecdh_curve25519 @@ -40,6 +27,6 @@ foreach(exe IN LISTS executables_mbedcrypto) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) endforeach() -install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto} +install(TARGETS ${executables_mbedcrypto} DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c deleted file mode 100644 index a3bc49d3f8..0000000000 --- a/programs/pkey/dh_client.c +++ /dev/null @@ -1,288 +0,0 @@ -/* - * Diffie-Hellman-Merkle key exchange (client side) - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/net_sockets.h" -#include "mbedtls/aes.h" -#include "mbedtls/dhm.h" -#include "mbedtls/rsa.h" -#include "mbedtls/sha256.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#endif - -#define SERVER_NAME "localhost" -#define SERVER_PORT "11999" - -#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " - "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n"); - mbedtls_exit(0); -} - -#elif defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) -int main(void) -{ - mbedtls_printf("MBEDTLS_BLOCK_CIPHER_NO_DECRYPT defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(void) -{ - FILE *f; - - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - unsigned int mdlen; - size_t n, buflen; - mbedtls_net_context server_fd; - - unsigned char *p, *end; - unsigned char buf[2048]; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - mbedtls_mpi N, E; - const char *pers = "dh_client"; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_rsa_context rsa; - mbedtls_dhm_context dhm; - mbedtls_aes_context aes; - - mbedtls_net_init(&server_fd); - mbedtls_dhm_init(&dhm); - mbedtls_aes_init(&aes); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_mpi_init(&N); - mbedtls_mpi_init(&E); - - /* - * 1. Setup the RNG - */ - mbedtls_printf("\n . Seeding the random number generator"); - fflush(stdout); - - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - /* - * 2. Read the server's public RSA key - */ - mbedtls_printf("\n . Reading public key from rsa_pub.txt"); - fflush(stdout); - - if ((f = fopen("rsa_pub.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - mbedtls_rsa_init(&rsa); - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || - (ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret); - fclose(f); - goto exit; - } - fclose(f); - - /* - * 3. Initiate the connection - */ - mbedtls_printf("\n . Connecting to tcp/%s/%s", SERVER_NAME, - SERVER_PORT); - fflush(stdout); - - if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME, - SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret); - goto exit; - } - - /* - * 4a. First get the buffer length - */ - mbedtls_printf("\n . Receiving the server's DH parameters"); - fflush(stdout); - - memset(buf, 0, sizeof(buf)); - - if ((ret = mbedtls_net_recv(&server_fd, buf, 2)) != 2) { - mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret); - goto exit; - } - - n = buflen = (buf[0] << 8) | buf[1]; - if (buflen < 1 || buflen > sizeof(buf)) { - mbedtls_printf(" failed\n ! Got an invalid buffer length\n\n"); - goto exit; - } - - /* - * 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P - */ - memset(buf, 0, sizeof(buf)); - - if ((ret = mbedtls_net_recv(&server_fd, buf, n)) != (int) n) { - mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret); - goto exit; - } - - p = buf, end = buf + buflen; - - if ((ret = mbedtls_dhm_read_params(&dhm, &p, end)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_read_params returned %d\n\n", ret); - goto exit; - } - - n = mbedtls_dhm_get_len(&dhm); - if (n < 64 || n > 512) { - mbedtls_printf(" failed\n ! Invalid DHM modulus size\n\n"); - goto exit; - } - - /* - * 5. Check that the server's RSA signature matches - * the SHA-256 hash of (P,G,Ys) - */ - mbedtls_printf("\n . Verifying the server's RSA signature"); - fflush(stdout); - - p += 2; - - if ((n = (size_t) (end - p)) != mbedtls_rsa_get_len(&rsa)) { - mbedtls_printf(" failed\n ! Invalid RSA signature size\n\n"); - goto exit; - } - - mdlen = (unsigned int) mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)); - if (mdlen == 0) { - mbedtls_printf(" failed\n ! Invalid digest type\n\n"); - goto exit; - } - - if ((ret = mbedtls_sha256(buf, (int) (p - 2 - buf), hash, 0)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256, - mdlen, hash, p)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret); - goto exit; - } - - /* - * 6. Send our public value: Yc = G ^ Xc mod P - */ - mbedtls_printf("\n . Sending own public value to server"); - fflush(stdout); - - n = mbedtls_dhm_get_len(&dhm); - if ((ret = mbedtls_dhm_make_public(&dhm, (int) n, buf, n, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_net_send(&server_fd, buf, n)) != (int) n) { - mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret); - goto exit; - } - - /* - * 7. Derive the shared secret: K = Ys ^ Xc mod P - */ - mbedtls_printf("\n . Shared secret: "); - fflush(stdout); - - if ((ret = mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &n, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret); - goto exit; - } - - for (n = 0; n < 16; n++) { - mbedtls_printf("%02x", buf[n]); - } - - /* - * 8. Setup the AES-256 decryption key - * - * This is an overly simplified example; best practice is - * to hash the shared secret with a random value to derive - * the keying material for the encryption/decryption keys, - * IVs and MACs. - */ - mbedtls_printf("...\n . Receiving and decrypting the ciphertext"); - fflush(stdout); - - ret = mbedtls_aes_setkey_dec(&aes, buf, 256); - if (ret != 0) { - goto exit; - } - - memset(buf, 0, sizeof(buf)); - - if ((ret = mbedtls_net_recv(&server_fd, buf, 16)) != 16) { - mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret); - goto exit; - } - - ret = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_DECRYPT, buf, buf); - if (ret != 0) { - goto exit; - } - buf[16] = '\0'; - mbedtls_printf("\n . Plaintext is \"%s\"\n\n", (char *) buf); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_net_free(&server_fd); - - mbedtls_aes_free(&aes); - mbedtls_rsa_free(&rsa); - mbedtls_dhm_free(&dhm); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_mpi_free(&N); - mbedtls_mpi_free(&E); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C && - MBEDTLS_NET_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c deleted file mode 100644 index 26b48e3ff2..0000000000 --- a/programs/pkey/dh_server.c +++ /dev/null @@ -1,306 +0,0 @@ -/* - * Diffie-Hellman-Merkle key exchange (server side) - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/net_sockets.h" -#include "mbedtls/aes.h" -#include "mbedtls/dhm.h" -#include "mbedtls/rsa.h" -#include "mbedtls/sha256.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#endif - -#define SERVER_PORT "11999" -#define PLAINTEXT "==Hello there!==" - -#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " - "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(void) -{ - FILE *f; - - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - unsigned int mdlen; - size_t n, buflen; - mbedtls_net_context listen_fd, client_fd; - - unsigned char buf[2048]; - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - unsigned char buf2[2]; - const char *pers = "dh_server"; - - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_rsa_context rsa; - mbedtls_dhm_context dhm; - mbedtls_aes_context aes; - - mbedtls_mpi N, P, Q, D, E, dhm_P, dhm_G; - - mbedtls_net_init(&listen_fd); - mbedtls_net_init(&client_fd); - mbedtls_dhm_init(&dhm); - mbedtls_aes_init(&aes); - mbedtls_ctr_drbg_init(&ctr_drbg); - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&dhm_P); - mbedtls_mpi_init(&dhm_G); - /* - * 1. Setup the RNG - */ - mbedtls_printf("\n . Seeding the random number generator"); - fflush(stdout); - - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - /* - * 2a. Read the server's private RSA key - */ - mbedtls_printf("\n . Reading private key from rsa_priv.txt"); - fflush(stdout); - - if ((f = fopen("rsa_priv.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - mbedtls_rsa_init(&rsa); - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", - ret); - fclose(f); - goto exit; - } - fclose(f); - - if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n", - ret); - goto exit; - } - - if ((ret = mbedtls_rsa_complete(&rsa)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n", - ret); - goto exit; - } - - /* - * 2b. Get the DHM modulus and generator - */ - mbedtls_printf("\n . Reading DH parameters from dh_prime.txt"); - fflush(stdout); - - if ((f = fopen("dh_prime.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open dh_prime.txt\n" \ - " ! Please run dh_genprime first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&dhm_P, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&dhm_G, 16, f)) != 0 || - (ret = mbedtls_dhm_set_group(&dhm, &dhm_P, &dhm_G) != 0)) { - mbedtls_printf(" failed\n ! Invalid DH parameter file\n\n"); - fclose(f); - goto exit; - } - - fclose(f); - - /* - * 3. Wait for a client to connect - */ - mbedtls_printf("\n . Waiting for a remote connection"); - fflush(stdout); - - if ((ret = mbedtls_net_bind(&listen_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_net_accept(&listen_fd, &client_fd, - NULL, 0, NULL)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret); - goto exit; - } - - /* - * 4. Setup the DH parameters (P,G,Ys) - */ - mbedtls_printf("\n . Sending the server's DH parameters"); - fflush(stdout); - - memset(buf, 0, sizeof(buf)); - - if ((ret = - mbedtls_dhm_make_params(&dhm, (int) mbedtls_dhm_get_len(&dhm), buf, &n, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret); - goto exit; - } - - /* - * 5. Sign the parameters and send them - */ - - mdlen = (unsigned int) mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)); - if (mdlen == 0) { - mbedtls_printf(" failed\n ! Invalid digest type\n\n"); - goto exit; - } - - if ((ret = mbedtls_sha256(buf, n, hash, 0)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n\n", ret); - goto exit; - } - - const size_t rsa_key_len = mbedtls_rsa_get_len(&rsa); - buf[n] = (unsigned char) (rsa_key_len >> 8); - buf[n + 1] = (unsigned char) (rsa_key_len); - - if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, - MBEDTLS_MD_SHA256, mdlen, - hash, buf + n + 2)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret); - goto exit; - } - - buflen = n + 2 + rsa_key_len; - buf2[0] = (unsigned char) (buflen >> 8); - buf2[1] = (unsigned char) (buflen); - - if ((ret = mbedtls_net_send(&client_fd, buf2, 2)) != 2 || - (ret = mbedtls_net_send(&client_fd, buf, buflen)) != (int) buflen) { - mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret); - goto exit; - } - - /* - * 6. Get the client's public value: Yc = G ^ Xc mod P - */ - mbedtls_printf("\n . Receiving the client's public value"); - fflush(stdout); - - memset(buf, 0, sizeof(buf)); - - n = mbedtls_dhm_get_len(&dhm); - if ((ret = mbedtls_net_recv(&client_fd, buf, n)) != (int) n) { - mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_dhm_read_public(&dhm, buf, n)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret); - goto exit; - } - - /* - * 7. Derive the shared secret: K = Ys ^ Xc mod P - */ - mbedtls_printf("\n . Shared secret: "); - fflush(stdout); - - if ((ret = mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &n, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret); - goto exit; - } - - for (n = 0; n < 16; n++) { - mbedtls_printf("%02x", buf[n]); - } - - /* - * 8. Setup the AES-256 encryption key - * - * This is an overly simplified example; best practice is - * to hash the shared secret with a random value to derive - * the keying material for the encryption/decryption keys - * and MACs. - */ - mbedtls_printf("...\n . Encrypting and sending the ciphertext"); - fflush(stdout); - - ret = mbedtls_aes_setkey_enc(&aes, buf, 256); - if (ret != 0) { - goto exit; - } - memcpy(buf, PLAINTEXT, 16); - ret = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_ENCRYPT, buf, buf); - if (ret != 0) { - goto exit; - } - - if ((ret = mbedtls_net_send(&client_fd, buf, 16)) != 16) { - mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf("\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&dhm_P); - mbedtls_mpi_free(&dhm_G); - - mbedtls_net_free(&client_fd); - mbedtls_net_free(&listen_fd); - - mbedtls_aes_free(&aes); - mbedtls_rsa_free(&rsa); - mbedtls_dhm_free(&dhm); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C && - MBEDTLS_NET_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ From 73cd415c0b95bc815ff17427b9eaba9988c9336f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 10:46:54 +0100 Subject: [PATCH 0195/1548] programs: remove DHM_C from ssl_client2 and ssl_server2 MBEDTLS_DHM_C is being removed so all its occurencies should be removed as well. Signed-off-by: Valerio Setti --- programs/ssl/ssl_client2.c | 22 ---------------- programs/ssl/ssl_server2.c | 51 +------------------------------------- 2 files changed, 1 insertion(+), 72 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f009a3169b..6742925f2a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -71,7 +71,6 @@ int main(void) #define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE #define DFL_TRUNC_HMAC -1 #define DFL_RECSPLIT -1 -#define DFL_DHMLEN -1 #define DFL_RECONNECT 0 #define DFL_RECO_SERVER_NAME NULL #define DFL_RECO_DELAY 0 @@ -234,13 +233,6 @@ int main(void) #define USAGE_MAX_FRAG_LEN "" #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_DHM_C) -#define USAGE_DHMLEN \ - " dhmlen=%%d default: (library default: 1024 bits)\n" -#else -#define USAGE_DHMLEN -#endif - #if defined(MBEDTLS_SSL_ALPN) #define USAGE_ALPN \ " alpn=%%s default: \"\" (disabled)\n" \ @@ -433,7 +425,6 @@ int main(void) USAGE_GROUPS \ USAGE_SIG_ALGS \ USAGE_EARLY_DATA \ - USAGE_DHMLEN \ USAGE_KEY_OPAQUE_ALGS \ "\n" @@ -508,7 +499,6 @@ struct options { unsigned char mfl_code; /* code for maximum fragment length */ int trunc_hmac; /* negotiate truncated hmac or not */ int recsplit; /* enable record splitting? */ - int dhmlen; /* minimum DHM params len in bits */ int reconnect; /* attempt to resume session */ const char *reco_server_name; /* hostname of the server (re-connect) */ int reco_delay; /* delay in seconds before resuming session */ @@ -956,7 +946,6 @@ int main(int argc, char *argv[]) opt.mfl_code = DFL_MFL_CODE; opt.trunc_hmac = DFL_TRUNC_HMAC; opt.recsplit = DFL_RECSPLIT; - opt.dhmlen = DFL_DHMLEN; opt.reconnect = DFL_RECONNECT; opt.reco_server_name = DFL_RECO_SERVER_NAME; opt.reco_delay = DFL_RECO_DELAY; @@ -1388,11 +1377,6 @@ int main(int argc, char *argv[]) if (opt.recsplit < 0 || opt.recsplit > 1) { goto usage; } - } else if (strcmp(p, "dhmlen") == 0) { - opt.dhmlen = atoi(q); - if (opt.dhmlen < 0) { - goto usage; - } } else if (strcmp(p, "query_config") == 0) { opt.query_config_mode = 1; query_config_ret = query_config(q); @@ -1898,12 +1882,6 @@ int main(int argc, char *argv[]) } #endif -#if defined(MBEDTLS_DHM_C) - if (opt.dhmlen != DFL_DHMLEN) { - mbedtls_ssl_conf_dhm_min_bitlen(&conf, opt.dhmlen); - } -#endif - #if defined(MBEDTLS_SSL_ALPN) if (opt.alpn_string != NULL) { if ((ret = mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list)) != 0) { diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index d9e57018ae..dc7ca8f51c 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -58,7 +58,6 @@ int main(void) #endif #include "mbedtls/pk.h" -#include "mbedtls/dhm.h" /* Size of memory to be allocated for the heap, when using the library's memory * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ @@ -127,7 +126,6 @@ int main(void) #define DFL_EARLY_DATA -1 #define DFL_MAX_EARLY_DATA_SIZE ((uint32_t) -1) #define DFL_SIG_ALGS NULL -#define DFL_DHM_FILE NULL #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM #define DFL_COOKIES 1 #define DFL_ANTI_REPLAY -1 @@ -192,9 +190,7 @@ int main(void) " note: if neither crt_file/key_file nor crt_file2/key_file2 are used,\n" \ " preloaded certificate(s) and key(s) are used if available\n" \ " key_pwd2=%%s Password for key specified by key_file2 argument\n" \ - " default: none\n" \ - " dhm_file=%%s File containing Diffie-Hellman parameters\n" \ - " default: preloaded parameters\n" + " default: none\n" #else #define USAGE_IO \ "\n" \ @@ -675,7 +671,6 @@ struct options { const char *groups; /* list of supported groups */ const char *sig_algs; /* supported TLS 1.3 signature algorithms */ const char *alpn_string; /* ALPN supported protocols */ - const char *dhm_file; /* the file with the DH parameters */ int extended_ms; /* allow negotiation of extended MS? */ int etm; /* allow negotiation of encrypt-then-MAC? */ int transport; /* TLS or DTLS? */ @@ -1590,9 +1585,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) ssl_async_key_context_t ssl_async_keys; #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) - mbedtls_dhm_context dhm; -#endif #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_context cache; #endif @@ -1681,9 +1673,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) memset(&ssl_async_keys, 0, sizeof(ssl_async_keys)); #endif -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) - mbedtls_dhm_init(&dhm); -#endif #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_init(&cache); #endif @@ -1793,7 +1782,6 @@ int main(int argc, char *argv[]) opt.max_early_data_size = DFL_MAX_EARLY_DATA_SIZE; #endif opt.sig_algs = DFL_SIG_ALGS; - opt.dhm_file = DFL_DHM_FILE; opt.transport = DFL_TRANSPORT; opt.cookies = DFL_COOKIES; opt.anti_replay = DFL_ANTI_REPLAY; @@ -1943,8 +1931,6 @@ int main(int argc, char *argv[]) opt.key_file2 = q; } else if (strcmp(p, "key_pwd2") == 0) { opt.key_pwd2 = q; - } else if (strcmp(p, "dhm_file") == 0) { - opt.dhm_file = q; } #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) else if (strcmp(p, "async_operations") == 0) { @@ -2787,21 +2773,6 @@ int main(int argc, char *argv[]) key_cert_init2 ? mbedtls_pk_get_name(&pkey2) : "none"); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) - if (opt.dhm_file != NULL) { - mbedtls_printf(" . Loading DHM parameters..."); - fflush(stdout); - - if ((ret = mbedtls_dhm_parse_dhmfile(&dhm, opt.dhm_file)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_dhm_parse_dhmfile returned -0x%04X\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - } -#endif - #if defined(SNI_OPTION) if (opt.sni != NULL) { mbedtls_printf(" . Setting up SNI information..."); @@ -3269,22 +3240,6 @@ int main(int argc, char *argv[]) } #endif -#if defined(MBEDTLS_DHM_C) - /* - * Use different group than default DHM group - */ -#if defined(MBEDTLS_FS_IO) - if (opt.dhm_file != NULL) { - ret = mbedtls_ssl_conf_dh_param_ctx(&conf, &dhm); - } -#endif - if (ret != 0) { - mbedtls_printf(" failed\n mbedtls_ssl_conf_dh_param returned -0x%04X\n\n", - (unsigned int) -ret); - goto exit; - } -#endif - if (opt.min_version != DFL_MIN_VERSION) { mbedtls_ssl_conf_min_tls_version(&conf, opt.min_version); } @@ -4284,10 +4239,6 @@ int main(int argc, char *argv[]) #endif #endif -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) - mbedtls_dhm_free(&dhm); -#endif - #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) { if (ssl_async_keys.slots[i].pk_owned) { From 12e67eaa5b2f9033ba9cee368e1d13660070fd5e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 10:51:31 +0100 Subject: [PATCH 0196/1548] programs: remove DHM_C usage from selftest Signed-off-by: Valerio Setti --- programs/test/selftest.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index e72386f023..41252b6e4c 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -10,7 +10,6 @@ #include "mbedtls/entropy.h" #include "mbedtls/hmac_drbg.h" #include "mbedtls/ctr_drbg.h" -#include "mbedtls/dhm.h" #include "mbedtls/gcm.h" #include "mbedtls/ccm.h" #include "mbedtls/cmac.h" @@ -350,9 +349,6 @@ const selftest_t selftests[] = #if defined(MBEDTLS_ECJPAKE_C) { "ecjpake", mbedtls_ecjpake_self_test }, #endif -#if defined(MBEDTLS_DHM_C) - { "dhm", mbedtls_dhm_self_test }, -#endif #if defined(MBEDTLS_ENTROPY_C) { "entropy", mbedtls_entropy_self_test_wrapper }, #endif From c56cda7ad68c5658405fa1db96898fb1dd36a797 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 10:54:02 +0100 Subject: [PATCH 0197/1548] scripts: query_config.fmt: do not include "dhm.h" The file is being removed together with the removal of MBEDTLS_DHM_C. Signed-off-by: Valerio Setti --- scripts/data_files/query_config.fmt | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt index b60aba010d..9be9674c1d 100644 --- a/scripts/data_files/query_config.fmt +++ b/scripts/data_files/query_config.fmt @@ -34,7 +34,6 @@ #include "mbedtls/ctr_drbg.h" #include "mbedtls/debug.h" #include "mbedtls/des.h" -#include "mbedtls/dhm.h" #include "mbedtls/ecdh.h" #include "mbedtls/ecdsa.h" #include "mbedtls/ecjpake.h" From eb63eb2a6a5ba7135ae798e923660729bd95d88d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 13:32:49 +0100 Subject: [PATCH 0198/1548] etests: remove MBEDTLS_DHM_C/DHM occurrencies Signed-off-by: Valerio Setti --- tests/include/test/certs.h | 2 +- .../components-configuration-crypto.sh | 19 ++++--------------- tests/scripts/components-configuration-tls.sh | 1 - tests/scripts/set_psa_test_dependencies.py | 1 - 4 files changed, 5 insertions(+), 18 deletions(-) diff --git a/tests/include/test/certs.h b/tests/include/test/certs.h index db69536a6f..31f4477c2b 100644 --- a/tests/include/test/certs.h +++ b/tests/include/test/certs.h @@ -1,7 +1,7 @@ /** * \file certs.h * - * \brief Sample certificates and DHM parameters for testing + * \brief Sample certificates for testing */ /* * Copyright The Mbed TLS Contributors diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 34b3107815..8ba4161870 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -668,9 +668,6 @@ component_test_psa_crypto_config_accel_ffdh () { # start with full (USE_PSA and TLS 1.3) helper_libtestdriver1_adjust_config "full" - # Disable the module that's accelerated - scripts/config.py unset MBEDTLS_DHM_C - # Build # ----- @@ -679,7 +676,7 @@ component_test_psa_crypto_config_accel_ffdh () { helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o + not grep mbedtls_psa_ffdh_key_agreement ${BUILTIN_SRC_PATH}/psa_crypto_ffdh.o # Run the tests # ------------- @@ -1178,12 +1175,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_FFDH scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*" - scripts/config.py unset MBEDTLS_DHM_C - else - # When testing ECC and DH instead, we disable DHM. - if [ "$driver_only" -eq 1 ]; then - scripts/config.py unset MBEDTLS_DHM_C - fi fi # Restartable feature is not yet supported by PSA. Once it will in @@ -1255,16 +1246,15 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o - # Also ensure that ECP, RSA, [DHM] or BIGNUM modules were not re-enabled + # Also ensure that ECP, RSA or BIGNUM modules were not re-enabled not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o not grep mbedtls_rsa_ ${BUILTIN_SRC_PATH}/rsa.o not grep mbedtls_mpi_ ${BUILTIN_SRC_PATH}/bignum.o - not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o # Run the tests # ------------- - msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - DHM - BIGNUM" + msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" make test @@ -1362,10 +1352,9 @@ component_test_tfm_config_p256m_driver_accel_ec () { not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o - # Also ensure that ECP, RSA, DHM or BIGNUM modules were not re-enabled + # Also ensure that ECP, RSA or BIGNUM modules were not re-enabled not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o not grep mbedtls_rsa_ ${BUILTIN_SRC_PATH}/rsa.o - not grep mbedtls_dhm_ ${BUILTIN_SRC_PATH}/dhm.o not grep mbedtls_mpi_ ${BUILTIN_SRC_PATH}/bignum.o # Check that p256m was built grep -q p256_ecdsa_ library/libmbedcrypto.a diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 83795012f3..917ceefaa9 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -469,7 +469,6 @@ component_test_tls13_only_psk () { scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_PKCS1_V21 - scripts/config.py unset MBEDTLS_DHM_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py index f68dfcb72b..2267311e44 100755 --- a/tests/scripts/set_psa_test_dependencies.py +++ b/tests/scripts/set_psa_test_dependencies.py @@ -58,7 +58,6 @@ 'MBEDTLS_CMAC_C', 'MBEDTLS_CTR_DRBG_C', 'MBEDTLS_DES_C', - 'MBEDTLS_DHM_C', 'MBEDTLS_ECDH_C', 'MBEDTLS_ECDSA_C', 'MBEDTLS_ECJPAKE_C', From 461899e382d7f4280b9b1a2923fe4ac1033731ca Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 13:34:25 +0100 Subject: [PATCH 0199/1548] analyze_outcomes.py: remove exceptions for MBEDTLS_DHM_C Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index e68c2cbf09..5f8f910a62 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -474,7 +474,7 @@ class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference): DRIVER = 'test_psa_crypto_config_accel_ecc_ffdh_no_bignum' IGNORED_SUITES = [ # Modules replaced by drivers - 'ecp', 'ecdsa', 'ecdh', 'ecjpake', 'dhm', + 'ecp', 'ecdsa', 'ecdh', 'ecjpake', 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw', 'bignum.generated', 'bignum.misc', # Unit tests for the built-in implementation @@ -483,7 +483,6 @@ class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference): IGNORED_TESTS = { 'test_suite_config': [ re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'), - re.compile(r'.*\bMBEDTLS_DHM_C\b.*'), re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'), ], @@ -516,11 +515,7 @@ class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference): class DriverVSReference_ffdh_alg(outcome_analysis.DriverVSReference): REFERENCE = 'test_psa_crypto_config_reference_ffdh' DRIVER = 'test_psa_crypto_config_accel_ffdh' - IGNORED_SUITES = ['dhm'] IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_DHM_C\b.*'), - ], 'test_suite_platform': [ # Incompatible with sanitizers (e.g. ASan). If the driver # component uses a sanitizer but the reference component From 15fd5c99250740b741f560f9b12f70cbb6d274aa Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 13:38:24 +0100 Subject: [PATCH 0200/1548] ssl: remove support for MBEDTLS_DHM_C Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 56 ---------------------------- library/ssl_misc.h | 4 -- library/ssl_tls.c | 86 ------------------------------------------- 3 files changed, 146 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e0c0eae4e2..958ee9bce7 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -24,10 +24,6 @@ #include "mbedtls/x509_crl.h" #endif -#if defined(MBEDTLS_DHM_C) -#include "mbedtls/dhm.h" -#endif - #include "mbedtls/md.h" #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) @@ -1562,11 +1558,6 @@ struct mbedtls_ssl_config { const uint16_t *MBEDTLS_PRIVATE(group_list); /*!< allowed IANA NamedGroups */ -#if defined(MBEDTLS_DHM_C) - mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */ - mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */ -#endif - #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field @@ -1642,10 +1633,6 @@ struct mbedtls_ssl_config { unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */ -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) - unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */ -#endif - /** User data pointer or handle. * * The library sets this to \p 0 when creating a context and does not @@ -3753,49 +3740,6 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) -/** - * \brief Set the Diffie-Hellman public P and G values - * from big-endian binary presentations. - * (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN) - * - * \param conf SSL configuration - * \param dhm_P Diffie-Hellman-Merkle modulus in big-endian binary form - * \param P_len Length of DHM modulus - * \param dhm_G Diffie-Hellman-Merkle generator in big-endian binary form - * \param G_len Length of DHM generator - * - * \return 0 if successful - */ -int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf, - const unsigned char *dhm_P, size_t P_len, - const unsigned char *dhm_G, size_t G_len); - -/** - * \brief Set the Diffie-Hellman public P and G values, - * read from existing context (server-side only) - * - * \param conf SSL configuration - * \param dhm_ctx Diffie-Hellman-Merkle context - * - * \return 0 if successful - */ -int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx); -#endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */ - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) -/** - * \brief Set the minimum length for Diffie-Hellman parameters. - * (Client-side only.) - * (Default: 1024 bits.) - * - * \param conf SSL configuration - * \param bitlen Minimum bit length of the DHM prime - */ -void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, - unsigned int bitlen); -#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ - /** * \brief Set the allowed groups in order of preference. * diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 9f91861f64..9ff0fcaf75 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -763,10 +763,6 @@ struct mbedtls_ssl_handshake_params { const uint16_t *sig_algs; #endif -#if defined(MBEDTLS_DHM_C) - mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) psa_key_type_t xxdh_psa_type; size_t xxdh_psa_bits; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 60f2e1cd6d..ec4272a05f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -911,9 +911,6 @@ static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake) handshake->update_checksum = ssl_update_checksum_start; -#if defined(MBEDTLS_DHM_C) - mbedtls_dhm_init(&handshake->dhm_ctx); -#endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) handshake->psa_pake_ctx = psa_pake_operation_init(); handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT; @@ -2431,57 +2428,6 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type return PSA_SUCCESS; } -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) -int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf, - const unsigned char *dhm_P, size_t P_len, - const unsigned char *dhm_G, size_t G_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_mpi_free(&conf->dhm_P); - mbedtls_mpi_free(&conf->dhm_G); - - if ((ret = mbedtls_mpi_read_binary(&conf->dhm_P, dhm_P, P_len)) != 0 || - (ret = mbedtls_mpi_read_binary(&conf->dhm_G, dhm_G, G_len)) != 0) { - mbedtls_mpi_free(&conf->dhm_P); - mbedtls_mpi_free(&conf->dhm_G); - return ret; - } - - return 0; -} - -int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_mpi_free(&conf->dhm_P); - mbedtls_mpi_free(&conf->dhm_G); - - if ((ret = mbedtls_dhm_get_value(dhm_ctx, MBEDTLS_DHM_PARAM_P, - &conf->dhm_P)) != 0 || - (ret = mbedtls_dhm_get_value(dhm_ctx, MBEDTLS_DHM_PARAM_G, - &conf->dhm_G)) != 0) { - mbedtls_mpi_free(&conf->dhm_P); - mbedtls_mpi_free(&conf->dhm_G); - return ret; - } - - return 0; -} -#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) -/* - * Set the minimum length for Diffie-Hellman parameters - */ -void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, - unsigned int bitlen) -{ - conf->dhm_min_bitlen = bitlen; -} -#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ - #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2) /* @@ -4537,10 +4483,6 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) psa_hash_abort(&handshake->fin_sha384_psa); #endif -#if defined(MBEDTLS_DHM_C) - mbedtls_dhm_free(&handshake->dhm_ctx); -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) psa_pake_abort(&handshake->psa_pake_ctx); /* @@ -5551,10 +5493,6 @@ static int ssl_check_no_sig_alg_duplication(const uint16_t *sig_algs) int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, int endpoint, int transport, int preset) { -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#endif - #if defined(MBEDTLS_DEBUG_C) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) if (ssl_check_no_sig_alg_duplication(ssl_preset_suiteb_sig_algs)) { mbedtls_printf("ssl_preset_suiteb_sig_algs has duplicated entries\n"); @@ -5629,21 +5567,6 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, memset(conf->renego_period + 2, 0xFF, 6); #endif -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) - if (endpoint == MBEDTLS_SSL_IS_SERVER) { - const unsigned char dhm_p[] = - MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; - const unsigned char dhm_g[] = - MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; - - if ((ret = mbedtls_ssl_conf_dh_param_bin(conf, - dhm_p, sizeof(dhm_p), - dhm_g, sizeof(dhm_g))) != 0) { - return ret; - } - } -#endif - #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_EARLY_DATA) @@ -5733,10 +5656,6 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ conf->group_list = ssl_preset_default_groups; - -#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) - conf->dhm_min_bitlen = 1024; -#endif } return 0; @@ -5751,11 +5670,6 @@ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf) return; } -#if defined(MBEDTLS_DHM_C) - mbedtls_mpi_free(&conf->dhm_P); - mbedtls_mpi_free(&conf->dhm_G); -#endif - #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (!mbedtls_svc_key_id_is_null(conf->psk_opaque)) { conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; From ddc4b042f8016df08c1c7c31f021f5faf8f835e6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 13:49:32 +0100 Subject: [PATCH 0201/1548] scripts: generate_errors: remove DHM occurrence Signed-off-by: Valerio Setti --- scripts/generate_errors.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index c05184227c..aae1fc8870 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -40,7 +40,7 @@ ENTROPY ERROR GCM HKDF HMAC_DRBG LMS MD5 NET OID PBKDF2 PLATFORM POLY1305 RIPEMD160 SHA1 SHA256 SHA512 SHA3 THREADING ); -my @high_level_modules = qw( CIPHER DHM ECP MD +my @high_level_modules = qw( CIPHER ECP MD PEM PK PKCS12 PKCS5 RSA SSL X509 PKCS7 ); From d7a465431c20175267e1b5c526d9184c999053eb Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 14:33:59 +0100 Subject: [PATCH 0202/1548] library: do not include dhm.c in the build The file was cancelled from the tf-psa-crypto repo following the removal of MBEDTLS_DHM_C. Signed-off-by: Valerio Setti --- library/Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/library/Makefile b/library/Makefile index b874acf27a..61b2623e2a 100644 --- a/library/Makefile +++ b/library/Makefile @@ -139,7 +139,6 @@ OBJS_CRYPTO= \ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/constant_time.o \ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ctr_drbg.o \ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/des.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/dhm.o \ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecdh.o \ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecdsa.o \ $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecjpake.o \ From 28c645b951c444aee819d9ff33cf33d7f642f515 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 14:34:54 +0100 Subject: [PATCH 0203/1548] docs: remove references to DHM Signed-off-by: Valerio Setti --- doxygen/input/doc_encdec.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/doxygen/input/doc_encdec.h b/doxygen/input/doc_encdec.h index cf77690b36..068e716bf4 100644 --- a/doxygen/input/doc_encdec.h +++ b/doxygen/input/doc_encdec.h @@ -39,8 +39,6 @@ * and \c mbedtls_des3_crypt_cbc()). * - GCM (AES-GCM and CAMELLIA-GCM) (see \c mbedtls_gcm_init()) * - Asymmetric: - * - Diffie-Hellman-Merkle (see \c mbedtls_dhm_read_public(), \c mbedtls_dhm_make_public() - * and \c mbedtls_dhm_calc_secret()). * - RSA (see \c mbedtls_rsa_public() and \c mbedtls_rsa_private()). * - Elliptic Curves over GF(p) (see \c mbedtls_ecp_point_init()). * - Elliptic Curve Digital Signature Algorithm (ECDSA) (see \c mbedtls_ecdsa_init()). From 05c23fbf86b92061326bfb83f16838a0a1e3a010 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 24 Feb 2025 10:02:41 +0100 Subject: [PATCH 0204/1548] ChangeLog: add note for removal of DHM related functions in SSL Signed-off-by: Valerio Setti --- ChangeLog.d/9956.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/9956.txt diff --git a/ChangeLog.d/9956.txt b/ChangeLog.d/9956.txt new file mode 100644 index 0000000000..cea4af1ec6 --- /dev/null +++ b/ChangeLog.d/9956.txt @@ -0,0 +1,6 @@ +Removals + * Following the removal of DHM module (#9972 and TF-PSA-Crypto#175) the + following SSL functions are removed: + - mbedtls_ssl_conf_dh_param_bin + - mbedtls_ssl_conf_dh_param_ctx + - mbedtls_ssl_conf_dhm_min_bitlen From 371a1aab87dbd730f21dbcec330e3a5cd40ff5e9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 4 Mar 2025 10:14:29 +0100 Subject: [PATCH 0205/1548] psasim: update README file The README file content dates back to the early stages of PSASIM development. Since then a lot of things have changed, so the README file required a complete rewrite. Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/README.md | 77 +++++++++--------------- 1 file changed, 29 insertions(+), 48 deletions(-) diff --git a/tests/psa-client-server/psasim/README.md b/tests/psa-client-server/psasim/README.md index 1b950d6b1d..db49ae9473 100644 --- a/tests/psa-client-server/psasim/README.md +++ b/tests/psa-client-server/psasim/README.md @@ -1,61 +1,42 @@ # psasim -This tool simulates a PSA Firmware Framework implementation. -It allows you to develop secure partitions and their clients on a desktop computer. -It should be able to run on all systems that support POSIX and System V IPC: -e.g. macOS, Linux, FreeBSD, and perhaps Windows 10 WSL2. +PSASIM holds necessary C source and header files which allows to test Mbed TLS in a "pure crypto client" scenario, i.e `MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C`. +In practical terms it means that this allow to build PSASIM with Mbed TLS sources and get 2 Linux applications, a client and a server, which are connected through Linux's shared memeory, and in which the client relies on the server to perform all PSA Crypto operations. -Please note that the code in this directory is maintained by the Mbed TLS / PSA Crypto project solely for the purpose of testing the use of Mbed TLS with client/service separation. We do not recommend using this code for any other purpose. In particular: +The goal of PSASIM is _not_ to provide a ready-to-use solution for anyone looking to implement the pure crypto client structure (see [Limitations](#limitations) for details), but to provide an example of TF-PSA-Crypto RPC (Remote Procedure Call) implementation using Mbed TLS. +## Limitations -* This simulator is not intended to pass or demonstrate compliance. -* This code is only intended for simulation and does not have any security goals. It does not isolate services from clients. +In the current implementation: -## Building +- Only Linux PC is supported. +- There can be only 1 client connected to 1 server. +- Shared memory is the only communication medium allowed. Others can be implemented (ex: net sockets), but in terms of simulation speed shared memory proved to be the fastest. +- Server is not secure at all: keys and operation structs are stored on the RAM, so they can easily be dumped. -To build and run the test program make sure you have `make`, `python` and a -C compiler installed and then enter the following commands: +## Testing -```sh -make run -``` +Please refer to `tests/scripts/components-psasim.sh` for guidance on how to build & test PSASIM: -Optionally the `DEBUG=1` command line option can be enabled to increase verbosity: +- `component_test_psasim()`: builds the server and a couple of test clients which are used to evaluate some basic PSA Crypto API commands. +- `component_test_suite_with_psasim()`: builds the server and _all_ the usual test suites (those found under the `/tests/suites/*` folder) which are used by the CI and runs them. A small subset of test suites (`test_suite_constant_time_hmac`,`test_suite_lmots`,`test_suite_lms`) are being skipped, for CI turnover time optimization. They can be run locally if required. -```sh -make DEBUG=1 run -``` +## How to update automatically generated files -Once done with the test, it is possible to clean all the generated files with: +A significant portion of the intermediate code of PSASIM is auto-generated using Perl. In particular: -```sh -make clean -``` +- `psa_sim_serialise.[c|h]`: + - Generated by `psa_sim_serialise.pl`. + - These files provide the serialisation/deserialisation support that is required to pass functions' parameters between client and server. +- `psa_sim_crypto_[client|server].c` and `psa_functions_codes.h`: + - Generated by `psa_sim_generate.pl`. + - `psa_sim_crypto_[client|server].c` provide interfaces for PSA Crypto APIs on client and server sides, while `psa_functions_codes.h` simply enumerates all PSA Crypto APIs. -## Features +These files need to be regenerated whenever some PSA Crypto API is added/deleted/modified. The procedure is as follows: -The implemented API is intended to be compliant with PSA-FF 1.0.0 with the exception of a couple of things that are a work in progress: - -* `psa_notify` support -* "strict" policy in manifest - -The only supported "interrupts" are POSIX signals, which act -as a "virtual interrupt". - -The standard PSA RoT APIs are not included (e.g. cryptography, attestation, lifecycle etc). - -## Design - -The code is designed to be readable rather than fast or secure. -In this implementation only one message is delivered to a -RoT service at a time. -The code is not thread-safe. - -## Unsupported features - -Because this is a simulator there are a few things that -can't be reasonably emulated: - -* Manifest MMIO regions are unsupported -* Manifest priority field is ignored -* Partition IDs are in fact POSIX `pid_t`, which are only assigned at runtime, - making it infeasible to populate pid.h with correct values. +- `psa_sim_serialise.[c|h]`: + - go to `/tests/psa-client-server/psasim/src/` + - run `./psa_sim_serialise.pl h > psa_sim_serialise.h` + - run `./psa_sim_serialise.pl c > psa_sim_serialise.c` +- `psa_sim_crypto_[client|server].c` and `psa_functions_codes.h`: + - go to Mbed TLS' root folder + - run `./tests/psa-client-server/psasim/src/psa_sim_generate.pl` From fc42c22c7b67eea5c717aaecbd3c028dd1892102 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 5 Feb 2025 17:28:03 +0100 Subject: [PATCH 0206/1548] Migrate RSA key exchange tests Signed-off-by: Gabor Mezei --- tests/ssl-opt.sh | 171 ++++++++----------------------- tests/suites/test_suite_ssl.data | 96 ++++++++--------- 2 files changed, 81 insertions(+), 186 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 23b692c723..7972ae5c32 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2502,20 +2502,6 @@ run_test "Opaque key for server authentication: ECDHE-RSA" \ -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: RSA-" \ - "$P_SRV debug_level=3 key_opaque=1 key_opaque_algs=rsa-decrypt,none " \ - "$P_CLI force_version=tls12 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA256" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-RSA-" \ - -s "key types: Opaque, Opaque" \ - -s "Ciphersuite is TLS-RSA-" \ - -S "error" \ - -C "error" - requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 @@ -3618,7 +3604,7 @@ run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=1024" run_test "Encrypt then MAC: default" \ "$P_SRV debug_level=3 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ "$P_CLI debug_level=3" \ 0 \ -c "client hello, adding encrypt_then_mac extension" \ @@ -3630,7 +3616,7 @@ run_test "Encrypt then MAC: default" \ run_test "Encrypt then MAC: client enabled, server disabled" \ "$P_SRV debug_level=3 etm=0 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ "$P_CLI debug_level=3 etm=1" \ 0 \ -c "client hello, adding encrypt_then_mac extension" \ @@ -3642,7 +3628,7 @@ run_test "Encrypt then MAC: client enabled, server disabled" \ run_test "Encrypt then MAC: client enabled, aead cipher" \ "$P_SRV debug_level=3 etm=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI debug_level=3 etm=1" \ 0 \ -c "client hello, adding encrypt_then_mac extension" \ @@ -3654,7 +3640,7 @@ run_test "Encrypt then MAC: client enabled, aead cipher" \ run_test "Encrypt then MAC: client disabled, server enabled" \ "$P_SRV debug_level=3 etm=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ "$P_CLI debug_level=3 etm=0" \ 0 \ -C "client hello, adding encrypt_then_mac extension" \ @@ -3740,7 +3726,7 @@ run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \ run_test "CBC Record splitting: TLS 1.2, no splitting" \ "$P_SRV force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \ request_size=123" \ 0 \ -s "Read from client: 123 bytes read" \ @@ -7776,20 +7762,6 @@ run_test "keyUsage srv 1.2: ECC, keyEncipherment -> fail" \ # Tests for keyUsage in leaf certificates, part 2: # client-side checking of server cert -# -# TLS 1.3 uses only signature, but for 1.2 it depends on the key exchange. -# In 4.0 this will probably change as all TLS 1.2 key exchanges will use -# signatures too, following the removal of RSA #8170 and static ECDH #9201. - -run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, RSA: OK" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \ - "$P_CLI debug_level=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, ECDHE-RSA: OK" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ @@ -7801,16 +7773,6 @@ run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, ECDHE-RSA: OK" -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" -run_test "keyUsage cli 1.2: KeyEncipherment, RSA: OK" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ - "$P_CLI debug_level=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -C "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" - run_test "keyUsage cli 1.2: KeyEncipherment, ECDHE-RSA: fail (hard)" \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \ @@ -7846,31 +7808,6 @@ run_test "keyUsage cli 1.2: DigitalSignature, ECDHE-RSA: OK" \ -C "Processing of the Certificate handshake message failed" \ -c "Ciphersuite is TLS-" -run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail (hard)" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ - "$P_CLI debug_level=3 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 1 \ - -c "bad certificate (usage extensions)" \ - -c "Processing of the Certificate handshake message failed" \ - -C "Ciphersuite is TLS-" \ - -c "send alert level=2 message=43" \ - -c "! Usage does not match the keyUsage extension" - # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT - -run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail (soft)" \ - "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ - -cert $DATA_FILES_PATH/server2.ku-ds.crt" \ - "$P_CLI debug_level=3 auth_mode=optional \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -c "bad certificate (usage extensions)" \ - -C "Processing of the Certificate handshake message failed" \ - -c "Ciphersuite is TLS-" \ - -C "send alert level=2 message=43" \ - -c "! Usage does not match the keyUsage extension" - requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli 1.3: DigitalSignature, RSA: OK" \ @@ -8981,14 +8918,14 @@ run_test "mbedtls_ssl_get_bytes_avail: extra data (max)" \ run_test "Small client packet TLS 1.2 BlockCipher" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 1 bytes read" run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA etm=0" \ 0 \ -s "Read from client: 1 bytes read" @@ -9002,14 +8939,14 @@ run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ run_test "Small client packet TLS 1.2 AEAD" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ + force_ciphersuite=TLS-ECDSA-RSA-WITH-AES-256-CCM" \ 0 \ -s "Read from client: 1 bytes read" run_test "Small client packet TLS 1.2 AEAD shorter tag" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ + force_ciphersuite=TLS-ECDSA-RSA-WITH-AES-256-CCM-8" \ 0 \ -s "Read from client: 1 bytes read" @@ -9035,7 +8972,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS run_test "Small client packet DTLS 1.2" \ "$P_SRV dtls=1 force_version=dtls12" \ "$P_CLI dtls=1 request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 1 bytes read" @@ -9043,7 +8980,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS run_test "Small client packet DTLS 1.2, without EtM" \ "$P_SRV dtls=1 force_version=dtls12 etm=0" \ "$P_CLI dtls=1 request_size=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: 1 bytes read" @@ -9051,13 +8988,13 @@ run_test "Small client packet DTLS 1.2, without EtM" \ run_test "Small server packet TLS 1.2 BlockCipher" \ "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -c "Read from server: 1 bytes read" run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA etm=0" \ 0 \ -c "Read from server: 1 bytes read" @@ -9069,13 +9006,13 @@ run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ run_test "Small server packet TLS 1.2 AEAD" \ "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM" \ 0 \ -c "Read from server: 1 bytes read" run_test "Small server packet TLS 1.2 AEAD shorter tag" \ "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM-8" \ 0 \ -c "Read from server: 1 bytes read" @@ -9099,7 +9036,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS run_test "Small server packet DTLS 1.2" \ "$P_SRV dtls=1 response_size=1 force_version=dtls12" \ "$P_CLI dtls=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -c "Read from server: 1 bytes read" @@ -9107,7 +9044,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS run_test "Small server packet DTLS 1.2, without EtM" \ "$P_SRV dtls=1 response_size=1 force_version=dtls12 etm=0" \ "$P_CLI dtls=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -c "Read from server: 1 bytes read" @@ -9121,7 +9058,7 @@ fragments_for_write() { run_test "Large client packet TLS 1.2 BlockCipher" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=16384 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" @@ -9129,7 +9066,7 @@ run_test "Large client packet TLS 1.2 BlockCipher" \ run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=16384 etm=0 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "Read from client: $MAX_CONTENT_LEN bytes read" @@ -9144,7 +9081,7 @@ run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ run_test "Large client packet TLS 1.2 AEAD" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=16384 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM" \ 0 \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" @@ -9152,7 +9089,7 @@ run_test "Large client packet TLS 1.2 AEAD" \ run_test "Large client packet TLS 1.2 AEAD shorter tag" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=16384 \ - force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM-8" \ 0 \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" @@ -9178,13 +9115,13 @@ run_test "Large client packet TLS 1.3 AEAD shorter tag" \ # The tests below fail when the server's OUT_CONTENT_LEN is less than 16384. run_test "Large server packet TLS 1.2 BlockCipher" \ "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -c "Read from server: 16384 bytes read" run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI etm=0 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ + "$P_CLI etm=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 0 \ -s "16384 bytes written in 1 fragments" \ -c "Read from server: 16384 bytes read" @@ -9197,20 +9134,20 @@ run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ "$P_SRV response_size=16384 trunc_hmac=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 0 \ -s "16384 bytes written in 1 fragments" \ -c "Read from server: 16384 bytes read" run_test "Large server packet TLS 1.2 AEAD" \ "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM" \ 0 \ -c "Read from server: 16384 bytes read" run_test "Large server packet TLS 1.2 AEAD shorter tag" \ "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM-8" \ 0 \ -c "Read from server: 16384 bytes read" @@ -9542,7 +9479,7 @@ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: decrypt, delay=0" \ "$P_SRV \ async_operations=d async_private_delay1=0 async_private_delay2=0" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -s "Async decrypt callback: using key slot " \ -s "Async resume (slot [0-9]): decrypt done, status=0" @@ -9551,38 +9488,12 @@ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: decrypt, delay=1" \ "$P_SRV \ async_operations=d async_private_delay1=1 async_private_delay2=1" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -s "Async decrypt callback: using key slot " \ -s "Async resume (slot [0-9]): call 0 more times." \ -s "Async resume (slot [0-9]): decrypt done, status=0" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: sign callback not present" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1" \ - "$P_CLI force_version=tls12; [ \$? -eq 1 ] && - $P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -S "Async sign callback" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "The own private key or pre-shared key is not set, but needed" \ - -s "Async resume (slot [0-9]): decrypt done, status=0" \ - -s "Successful connection" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt callback not present" \ - "$P_SRV debug_level=1 \ - async_operations=s async_private_delay1=1 async_private_delay2=1" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA; - [ \$? -eq 1 ] && $P_CLI force_version=tls12" \ - 0 \ - -S "Async decrypt callback" \ - -s "! mbedtls_ssl_handshake returned" \ - -s "got no RSA private key" \ - -s "Async resume (slot [0-9]): sign done, status=0" \ - -s "Successful connection" - # key1: ECDSA, key2: RSA; use key1 from slot 0 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: slot 0 used with key1" \ @@ -9673,7 +9584,7 @@ run_test "SSL async private: decrypt, error in start" \ "$P_SRV \ async_operations=d async_private_delay1=1 async_private_delay2=1 \ async_private_error=1" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 1 \ -s "Async decrypt callback: injected error" \ -S "Async resume" \ @@ -9685,7 +9596,7 @@ run_test "SSL async private: decrypt, cancel after start" \ "$P_SRV \ async_operations=d async_private_delay1=1 async_private_delay2=1 \ async_private_error=2" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 1 \ -s "Async decrypt callback: using key slot " \ -S "Async resume" \ @@ -9696,7 +9607,7 @@ run_test "SSL async private: decrypt, error in resume" \ "$P_SRV \ async_operations=d async_private_delay1=1 async_private_delay2=1 \ async_private_error=3" \ - "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 1 \ -s "Async decrypt callback: using key slot " \ -s "Async resume callback: decrypt done but injected error" \ @@ -9797,7 +9708,7 @@ run_test "SSL async private: renegotiation: client-initiated, decrypt" \ async_operations=d async_private_delay1=1 async_private_delay2=1 \ exchanges=2 renegotiation=1" \ "$P_CLI exchanges=2 renegotiation=1 renegotiate=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -s "Async decrypt callback: using key slot " \ -s "Async resume (slot [0-9]): decrypt done, status=0" @@ -9809,7 +9720,7 @@ run_test "SSL async private: renegotiation: server-initiated, decrypt" \ async_operations=d async_private_delay1=1 async_private_delay2=1 \ exchanges=2 renegotiation=1 renegotiate=1" \ "$P_CLI exchanges=2 renegotiation=1 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -s "Async decrypt callback: using key slot " \ -s "Async resume (slot [0-9]): decrypt done, status=0" @@ -9817,10 +9728,10 @@ run_test "SSL async private: renegotiation: server-initiated, decrypt" \ # Tests for ECC extensions (rfc 4492) requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED run_test "Force a non ECC ciphersuite in the client side" \ - "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ + "$P_SRV debug_level=3 psk=73776f726466697368" \ + "$P_CLI debug_level=3 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA256" \ 0 \ -C "client hello, adding supported_groups extension" \ -C "client hello, adding supported_point_formats extension" \ @@ -9828,10 +9739,10 @@ run_test "Force a non ECC ciphersuite in the client side" \ -S "found supported point formats extension" requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED run_test "Force a non ECC ciphersuite in the server side" \ - "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ - "$P_CLI debug_level=3" \ + "$P_SRV debug_level=3 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA256" \ + "$P_CLI debug_level=3 psk=73776f726466697368" \ 0 \ -C "found supported_point_formats extension" \ -S "server hello, supported_point_formats extension" @@ -11792,11 +11703,11 @@ run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ -c "HTTP/1.0 200 OK" client_needs_more_time 2 -run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ +run_test "DTLS proxy: 3d, \"short\" ECDHE-RSA handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \ - force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ + force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 0 \ -s "Extra-header:" \ -c "HTTP/1.0 200 OK" diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index cd0c303e91..1d07c42adf 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -368,9 +368,9 @@ Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0 -Handshake, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:0 +Handshake, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM":MBEDTLS_PK_ECDSA:0 Handshake, ECDHE-RSA-WITH-AES-256-CBC-SHA384 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH @@ -396,9 +396,9 @@ DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1 -DTLS Handshake, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:1 +DTLS Handshake, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM":MBEDTLS_PK_ECDSA:1 DTLS Handshake, ECDHE-RSA-WITH-AES-256-CBC-SHA384 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH @@ -435,22 +435,6 @@ Handshake min/max version check, all -> 1.3 depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_3 -Handshake, select RSA-WITH-AES-256-CBC-SHA256, non-opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - -Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - -Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 @@ -712,53 +696,53 @@ DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256- depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" -DTLS no legacy renegotiation with MFL=512, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" +DTLS no legacy renegotiation with MFL=512, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" -DTLS no legacy renegotiation with MFL=1024, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" +DTLS no legacy renegotiation with MFL=1024, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" -DTLS no legacy renegotiation with MFL=2048, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" +DTLS no legacy renegotiation with MFL=2048, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" -DTLS no legacy renegotiation with MFL=4096, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" +DTLS no legacy renegotiation with MFL=4096, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" -DTLS legacy allow renegotiation with MFL=512, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" +DTLS legacy allow renegotiation with MFL=512, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" -DTLS legacy allow renegotiation with MFL=1024, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" +DTLS legacy allow renegotiation with MFL=1024, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" -DTLS legacy allow renegotiation with MFL=2048, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" +DTLS legacy allow renegotiation with MFL=2048, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" -DTLS legacy allow renegotiation with MFL=4096, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" +DTLS legacy allow renegotiation with MFL=4096, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" -DTLS legacy break handshake renegotiation with MFL=512, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" +DTLS legacy break handshake renegotiation with MFL=512, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-PSK-WITH-AES-128-CCM" -DTLS legacy break handshake renegotiation with MFL=1024, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" +DTLS legacy break handshake renegotiation with MFL=1024, PSK-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-PSK-WITH-AES-128-CCM" -DTLS legacy break handshake renegotiation with MFL=2048, RSA-WITH-AES-128-CCM +DTLS legacy break handshake renegotiation with MFL=2048, PSK-WITH-AES-128-CCM depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-PSK-WITH-AES-128-CCM" -DTLS legacy break handshake renegotiation with MFL=4096, RSA-WITH-AES-128-CCM +DTLS legacy break handshake renegotiation with MFL=4096, PSK-WITH-AES-128-CCM depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-PSK-WITH-AES-128-CCM" DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH From 00ab71035e1398b5fb2328de84989e1151c7223b Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 12 Feb 2025 17:52:22 +0100 Subject: [PATCH 0207/1548] Delete SSL async decryption tests Signed-off-by: Gabor Mezei --- tests/ssl-opt.sh | 78 ------------------------------------------------ 1 file changed, 78 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7972ae5c32..9cec49641d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9475,25 +9475,6 @@ run_test "SSL async private: sign, SNI" \ -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt, delay=0" \ - "$P_SRV \ - async_operations=d async_private_delay1=0 async_private_delay2=0" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -s "Async decrypt callback: using key slot " \ - -s "Async resume (slot [0-9]): decrypt done, status=0" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt, delay=1" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -s "Async decrypt callback: using key slot " \ - -s "Async resume (slot [0-9]): call 0 more times." \ - -s "Async resume (slot [0-9]): decrypt done, status=0" - # key1: ECDSA, key2: RSA; use key1 from slot 0 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: slot 0 used with key1" \ @@ -9579,41 +9560,6 @@ run_test "SSL async private: sign, error in resume" \ -S "Async cancel" \ -s "! mbedtls_ssl_handshake returned" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt, error in start" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1 \ - async_private_error=1" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 1 \ - -s "Async decrypt callback: injected error" \ - -S "Async resume" \ - -S "Async cancel" \ - -s "! mbedtls_ssl_handshake returned" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt, cancel after start" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1 \ - async_private_error=2" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 1 \ - -s "Async decrypt callback: using key slot " \ - -S "Async resume" \ - -s "Async cancel" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -run_test "SSL async private: decrypt, error in resume" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1 \ - async_private_error=3" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 1 \ - -s "Async decrypt callback: using key slot " \ - -s "Async resume callback: decrypt done but injected error" \ - -S "Async cancel" \ - -s "! mbedtls_ssl_handshake returned" - requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: cancel after start then operate correctly" \ "$P_SRV force_version=tls12 \ @@ -9701,30 +9647,6 @@ run_test "SSL async private: renegotiation: server-initiated, sign" \ -s "Async sign callback: using key slot " \ -s "Async resume (slot [0-9]): sign done, status=0" -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "SSL async private: renegotiation: client-initiated, decrypt" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1 \ - exchanges=2 renegotiation=1" \ - "$P_CLI exchanges=2 renegotiation=1 renegotiate=1 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -s "Async decrypt callback: using key slot " \ - -s "Async resume (slot [0-9]): decrypt done, status=0" - -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "SSL async private: renegotiation: server-initiated, decrypt" \ - "$P_SRV \ - async_operations=d async_private_delay1=1 async_private_delay2=1 \ - exchanges=2 renegotiation=1 renegotiate=1" \ - "$P_CLI exchanges=2 renegotiation=1 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ - 0 \ - -s "Async decrypt callback: using key slot " \ - -s "Async resume (slot [0-9]): decrypt done, status=0" - # Tests for ECC extensions (rfc 4492) requires_hash_alg SHA_256 From 9d7fd3dfe1f45cf5e654b6bda6b3088f8cd25865 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 13 Feb 2025 13:30:23 +0100 Subject: [PATCH 0208/1548] Migrate the RSA key exchage tests Migrate to ECDHE-ECDSA instead of PSK Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.data | 72 ++++++++++++++++---------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 1d07c42adf..7772c74fc8 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -696,53 +696,53 @@ DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256- depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" -DTLS no legacy renegotiation with MFL=512, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" +DTLS no legacy renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS no legacy renegotiation with MFL=1024, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" +DTLS no legacy renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS no legacy renegotiation with MFL=2048, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" +DTLS no legacy renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS no legacy renegotiation with MFL=4096, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" +DTLS no legacy renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS legacy allow renegotiation with MFL=512, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" +DTLS legacy allow renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS legacy allow renegotiation with MFL=1024, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" +DTLS legacy allow renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS legacy allow renegotiation with MFL=2048, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" +DTLS legacy allow renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS legacy allow renegotiation with MFL=4096, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-PSK-WITH-AES-128-CCM" +DTLS legacy allow renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS legacy break handshake renegotiation with MFL=512, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-PSK-WITH-AES-128-CCM" +DTLS legacy break handshake renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS legacy break handshake renegotiation with MFL=1024, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-PSK-WITH-AES-128-CCM" +DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS legacy break handshake renegotiation with MFL=2048, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-PSK-WITH-AES-128-CCM" +DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" -DTLS legacy break handshake renegotiation with MFL=4096, PSK-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-PSK-WITH-AES-128-CCM" +DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH From dd7c0f1e661395e3dde5c6b1540fdf9be9d00b2c Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 17 Feb 2025 13:42:46 +0100 Subject: [PATCH 0209/1548] Fix ciphersuit Signed-off-by: Gabor Mezei --- tests/ssl-opt.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9cec49641d..75ab93861b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8939,14 +8939,14 @@ run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ run_test "Small client packet TLS 1.2 AEAD" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=1 \ - force_ciphersuite=TLS-ECDSA-RSA-WITH-AES-256-CCM" \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ 0 \ -s "Read from client: 1 bytes read" run_test "Small client packet TLS 1.2 AEAD shorter tag" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=1 \ - force_ciphersuite=TLS-ECDSA-RSA-WITH-AES-256-CCM-8" \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8" \ 0 \ -s "Read from client: 1 bytes read" @@ -9006,13 +9006,13 @@ run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ run_test "Small server packet TLS 1.2 AEAD" \ "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ 0 \ -c "Read from server: 1 bytes read" run_test "Small server packet TLS 1.2 AEAD shorter tag" \ "$P_SRV response_size=1 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM-8" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8" \ 0 \ -c "Read from server: 1 bytes read" @@ -9081,7 +9081,7 @@ run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ run_test "Large client packet TLS 1.2 AEAD" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=16384 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM" \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ 0 \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" @@ -9089,7 +9089,7 @@ run_test "Large client packet TLS 1.2 AEAD" \ run_test "Large client packet TLS 1.2 AEAD shorter tag" \ "$P_SRV force_version=tls12" \ "$P_CLI request_size=16384 \ - force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM-8" \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8" \ 0 \ -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ -s "Read from client: $MAX_CONTENT_LEN bytes read" @@ -9141,13 +9141,13 @@ run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC run_test "Large server packet TLS 1.2 AEAD" \ "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ 0 \ -c "Read from server: 16384 bytes read" run_test "Large server packet TLS 1.2 AEAD shorter tag" \ "$P_SRV response_size=16384 force_version=tls12" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CCM-8" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8" \ 0 \ -c "Read from server: 16384 bytes read" From ff9b2e742ae5371669fd92a817ec29bf7a26481d Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 17 Feb 2025 13:44:13 +0100 Subject: [PATCH 0210/1548] Delete test cases Only RSA cipgersuits are accepted for these tests and there is no ECDHE-RSA alternative for AES-128-CCM so delete them. Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.data | 48 -------------------------------- 1 file changed, 48 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 7772c74fc8..7ba79ee6da 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -696,54 +696,6 @@ DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256- depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" -DTLS no legacy renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS no legacy renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS no legacy renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS no legacy renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy allow renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy allow renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy allow renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy allow renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy break handshake renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - -DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" - DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" From 973a712dd8d664262a60d6fa7c9dd90200c02410 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 18 Feb 2025 12:31:25 +0100 Subject: [PATCH 0211/1548] Migrate to a usable ciphersuite Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.data | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 7ba79ee6da..fadff46b16 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -368,9 +368,9 @@ Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0 -Handshake, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM":MBEDTLS_PK_ECDSA:0 +Handshake, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256":MBEDTLS_PK_RSA:0 Handshake, ECDHE-RSA-WITH-AES-256-CBC-SHA384 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH @@ -396,9 +396,9 @@ DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1 -DTLS Handshake, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM":MBEDTLS_PK_ECDSA:1 +DTLS Handshake, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256":MBEDTLS_PK_RSA:1 DTLS Handshake, ECDHE-RSA-WITH-AES-256-CBC-SHA384 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH From cdd34742cfd35e311f3c17ce78ab1296594c4302 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 21 Feb 2025 18:07:41 +0100 Subject: [PATCH 0212/1548] Fix test case name Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index fadff46b16..ed6f816a46 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -368,7 +368,7 @@ Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0 -Handshake, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 +Handshake, ECDHE-RSA-WITH-AES-128-CBC-SHA256 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256":MBEDTLS_PK_RSA:0 @@ -396,7 +396,7 @@ DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1 -DTLS Handshake, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 +DTLS Handshake, ECDHE-RSA-WITH-AES-128-CBC-SHA256 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256":MBEDTLS_PK_RSA:1 From ab02cd5e7b7d3a8ffbb26bd800cb7fdfd8351d03 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 21 Feb 2025 18:10:45 +0100 Subject: [PATCH 0213/1548] Revert "Delete test cases" This reverts commit ecc5d31139dc6877f135e8090e805c250e32a31d. Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.data | 48 ++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index ed6f816a46..818997a55b 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -696,6 +696,54 @@ DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256- depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" +DTLS no legacy renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS no legacy renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS no legacy renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS no legacy renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS legacy allow renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS legacy allow renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS legacy allow renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS legacy allow renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS legacy break handshake renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + +DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" + DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" From 8adcfc8240146288c2e5691031720255ae12d3c8 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 26 Feb 2025 17:37:33 +0100 Subject: [PATCH 0214/1548] Add ECDSA ciphersuite support for `resize_buffer` tests Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.data | 12 ++++++++++++ tests/suites/test_suite_ssl.function | 10 ++++++++-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 818997a55b..c3c5866b8d 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -613,39 +613,51 @@ DTLS serialization with MFL=4096 resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096 DTLS no legacy renegotiation with MFL=512 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS no legacy renegotiation with MFL=1024 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS no legacy renegotiation with MFL=2048 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS no legacy renegotiation with MFL=4096 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=512 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=1024 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=2048 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=4096 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy break handshake renegotiation with MFL=512 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS legacy break handshake renegotiation with MFL=1024 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS legacy break handshake renegotiation with MFL=2048 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS legacy break handshake renegotiation with MFL=4096 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 2b50f0e3f2..7479f9ba95 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2825,7 +2825,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, int serialize, int dtls, char *cipher) { @@ -2843,6 +2843,12 @@ void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, } options.resize_buffers = 1; + const mbedtls_ssl_ciphersuite_t *ciphersuite = + mbedtls_ssl_ciphersuite_from_string(cipher); + if (ciphersuite != NULL) { + options.pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite); + } + mbedtls_test_ssl_perform_handshake(&options); /* The goto below is used to avoid an "unused label" warning.*/ @@ -2862,7 +2868,7 @@ void resize_buffers_serialize_mfl(int mfl) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation, char *cipher) { From c27757b1ebeb171d6b3541ad7c4405e5ab476dd6 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 27 Feb 2025 11:30:11 +0100 Subject: [PATCH 0215/1548] Add new test component New test component added to run test cases with ECDHE_ECDSA ciphersuits and without TLS 1.3. Signed-off-by: Gabor Mezei --- tests/scripts/components-configuration-tls.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 83795012f3..f2ac152634 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -277,6 +277,10 @@ component_full_without_ecdhe_ecdsa_and_tls13 () { MBEDTLS_SSL_PROTO_TLS1_3" } +component_full_without_tls13 () { + build_full_minus_something_and_test_tls "MBEDTLS_SSL_PROTO_TLS1_3" +} + component_build_no_ssl_srv () { msg "build: full config except SSL server, make, gcc" # ~ 30s scripts/config.py full From 92e49e1bca7b4fd8f679aa9118d04ad44eeab81f Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 4 Mar 2025 11:57:08 +0100 Subject: [PATCH 0216/1548] Update comment Signed-off-by: Gabor Mezei --- tests/scripts/components-configuration-tls.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index f2ac152634..293e88e8f3 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -242,8 +242,8 @@ component_test_small_mbedtls_ssl_dtls_max_buffering () { tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" } -# Common helper for component_full_without_ecdhe_ecdsa() and -# component_full_without_ecdhe_ecdsa_and_tls13() which: +# Common helper for component_full_without_ecdhe_ecdsa(), +# component_full_without_ecdhe_ecdsa_and_tls13() and component_full_without_tls13 which: # - starts from the "full" configuration minus the list of symbols passed in # as 1st parameter # - build From dcbe4ce9db23b5cff44ff9a9b002c2415857b8ee Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 4 Mar 2025 11:58:02 +0100 Subject: [PATCH 0217/1548] Update dependencies Pre-existing but not having TLS 1.3 in the build does not seem to be necessary actually. These test functions set the dtls flag when calling `test_resize_buffers` and then `test_resize_buffers` sets the `options.dtls` flag which eventually forces the TLS 1.2 version of the protocol (in `mbedtls_test_ssl_endpoint_init()` call of `mbedtls_ssl_config_defaults()` with `MBEDTLS_SSL_TRANSPORT_DATAGRAM` as the transport). Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 7479f9ba95..08ecd672f1 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2858,7 +2858,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void resize_buffers_serialize_mfl(int mfl) { test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, @@ -2868,7 +2868,7 @@ void resize_buffers_serialize_mfl(int mfl) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation, char *cipher) { From ea4df49272119ee10af7ef42f41ff504793d882a Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 4 Mar 2025 17:17:09 +0100 Subject: [PATCH 0218/1548] Update test dependencies Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.data | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index c3c5866b8d..565588bea6 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -709,51 +709,51 @@ depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_K resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS no legacy renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS no legacy renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS no legacy renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS no legacy renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS legacy allow renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS legacy allow renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS legacy allow renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS legacy allow renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS legacy break handshake renegotiation with MFL=512, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-ECDSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-ECDSA-WITH-AES-128-CCM" DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384 From 2e5a7ea9bc4301745c0234225b18218f4af3edc3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Feb 2025 23:11:09 +0100 Subject: [PATCH 0219/1548] Fix Doxygen markup Pacify `clang -Wdocumentation`. Signed-off-by: Gilles Peskine --- programs/ssl/ssl_test_lib.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 6fc3d73072..bc5cce51a0 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -243,8 +243,8 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, * - free the provided PK context and re-initilize it as an opaque PK context * wrapping the PSA key imported in the above step. * - * \param[in/out] pk On input the non-opaque PK context which contains the - * key to be wrapped. On output the re-initialized PK + * \param[in,out] pk On input, the non-opaque PK context which contains the + * key to be wrapped. On output, the re-initialized PK * context which represents the opaque version of the one * provided as input. * \param[in] psa_alg The primary algorithm that will be associated to the From 9bdc8aa80b3d8df7286273cf2710e1d658d147c5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 Feb 2025 21:29:59 +0100 Subject: [PATCH 0220/1548] Tweak "waiting for more handshake fragments" log message In preparation for reworking mbedtls_ssl_prepare_handshake_record(), tweak the "waiting for more handshake fragments" log message in ssl_consume_current_message(), and add a similar one in mbedtls_ssl_prepare_handshake_record(). Assert both. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index a87785cfea..a9310aa976 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3054,6 +3054,9 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) ssl->in_hdr = ssl->in_msg + ssl->in_msglen; ssl->in_msglen = 0; mbedtls_ssl_update_in_pointers(ssl); + MBEDTLS_SSL_DEBUG_MSG(3, ("Prepare: waiting for more handshake fragments %" + MBEDTLS_PRINTF_SIZET "/%" MBEDTLS_PRINTF_SIZET, + ssl->in_hsfraglen, ssl->in_hslen)); return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; } if (ssl->in_hsfraglen > 0) { @@ -4438,11 +4441,9 @@ static int ssl_consume_current_message(mbedtls_ssl_context *ssl) if (ssl->in_hsfraglen != 0) { /* Not all handshake fragments have arrived, do not consume. */ - MBEDTLS_SSL_DEBUG_MSG(3, - ("waiting for more fragments (%" MBEDTLS_PRINTF_SIZET " of %" - MBEDTLS_PRINTF_SIZET ", %" MBEDTLS_PRINTF_SIZET " left)", - ssl->in_hsfraglen, ssl->in_hslen, - ssl->in_hslen - ssl->in_hsfraglen)); + MBEDTLS_SSL_DEBUG_MSG(3, ("Consume: waiting for more handshake fragments %" + MBEDTLS_PRINTF_SIZET "/%" MBEDTLS_PRINTF_SIZET, + ssl->in_hsfraglen, ssl->in_hslen)); return 0; } From 07027722cbe091f2fe8f446e4805dcc93f604bda Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 3 Mar 2025 16:46:10 +0100 Subject: [PATCH 0221/1548] Tweak handshake fragment log message In preparation for reworking mbedtls_ssl_prepare_handshake_record(), tweak the "handshake fragment:" log message. This changes what information is displayed when a record contains data beyond the expected end of the handshake message. This case is currently untested and its handling will change in a subsequent commit. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index a9310aa976..12d46c305a 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3042,13 +3042,14 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) int ret; const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; MBEDTLS_SSL_DEBUG_MSG(3, - ("handshake fragment: %" MBEDTLS_PRINTF_SIZET " .. %" - MBEDTLS_PRINTF_SIZET " of %" - MBEDTLS_PRINTF_SIZET " msglen %" MBEDTLS_PRINTF_SIZET, + ("handshake fragment: %" MBEDTLS_PRINTF_SIZET + ", %" MBEDTLS_PRINTF_SIZET + "..%" MBEDTLS_PRINTF_SIZET + " of %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen, ssl->in_hsfraglen, - ssl->in_hsfraglen + - (hs_remain <= ssl->in_msglen ? hs_remain : ssl->in_msglen), - ssl->in_hslen, ssl->in_msglen)); + ssl->in_hsfraglen + ssl->in_msglen, + ssl->in_hslen)); if (ssl->in_msglen < hs_remain) { ssl->in_hsfraglen += ssl->in_msglen; ssl->in_hdr = ssl->in_msg + ssl->in_msglen; From 7a17696c3414d10970fedc135dac7f8bcdf893a6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 Feb 2025 21:59:12 +0100 Subject: [PATCH 0222/1548] mbedtls_ssl_prepare_handshake_record(): refactor first fragment prep Minor refactoring of the initial checks and preparation when receiving the first fragment. Use `ssl->in_hsfraglen` to determine whether there is a pending handshake fragment, for consistency, and possibly for more robustness in case handshake fragments are mixed with non-handshake records (although this is not currently supported anyway). Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 12d46c305a..a8c79172fc 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2962,16 +2962,19 @@ static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl) int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) { - /* First handshake fragment must at least include the header. */ - if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl) && ssl->in_hslen == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen)); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } + if (ssl->in_hsfraglen == 0) { + /* The handshake message must at least include the header. + * We may not have the full message yet in case of fragmentation. + * To simplify the code, we insist on having the header (and in + * particular the handshake message length) in the first + * fragment. */ + if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen)); + return MBEDTLS_ERR_SSL_INVALID_RECORD; + } - if (ssl->in_hslen == 0) { ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); - ssl->in_hsfraglen = 0; } MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen =" From 235eae9e0381c889b0d011971fe2c8123652a073 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 Feb 2025 22:02:52 +0100 Subject: [PATCH 0223/1548] mbedtls_ssl_prepare_handshake_record(): log offsets after decryption Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index a8c79172fc..cba6096eb4 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2982,6 +2982,14 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) MBEDTLS_PRINTF_SIZET, ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen)); + if (ssl->transform_in != NULL) { + MBEDTLS_SSL_DEBUG_MSG(4, ("decrypted handshake message:" + " iv-buf=%d hdr-buf=%d hdr-buf=%d", + (int) (ssl->in_iv - ssl->in_buf), + (int) (ssl->in_hdr - ssl->in_buf), + (int) (ssl->in_msg - ssl->in_buf))); + } + #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; From e85ece6584d9fae3a3f3661619d0223e6482acff Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 Feb 2025 22:24:56 +0100 Subject: [PATCH 0224/1548] Handshake defragmentation: reassemble incrementally Reassemble handshake fragments incrementally instead of all at the end. That is, every time we receive a non-initial handshake fragment, append it to the initial fragment. Since we only have to deal with at most two handshake fragments at the same time, this simplifies the code (no re-parsing of a record) and is a little more memory-efficient (no need to store one record header per record). This commit also fixes a bug. The previous code did not calculate offsets correctly when records use an explicit IV, which is the case in TLS 1.2 with CBC (encrypt-then-MAC or not), GCM and CCM encryption (i.e. all but null and ChachaPoly). This led to the wrong data when an encrypted handshake message was fragmented (Finished or renegotiation). The new code handles this correctly. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 162 ++++++++++++++++++++---------- tests/scripts/analyze_outcomes.py | 7 -- 2 files changed, 110 insertions(+), 59 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index cba6096eb4..454b1ebbdd 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3049,64 +3049,122 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) } } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - if (ssl->in_hsfraglen <= ssl->in_hslen) { - int ret; - const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; - MBEDTLS_SSL_DEBUG_MSG(3, - ("handshake fragment: %" MBEDTLS_PRINTF_SIZET - ", %" MBEDTLS_PRINTF_SIZET - "..%" MBEDTLS_PRINTF_SIZET - " of %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen, - ssl->in_hsfraglen, - ssl->in_hsfraglen + ssl->in_msglen, - ssl->in_hslen)); - if (ssl->in_msglen < hs_remain) { - ssl->in_hsfraglen += ssl->in_msglen; - ssl->in_hdr = ssl->in_msg + ssl->in_msglen; - ssl->in_msglen = 0; - mbedtls_ssl_update_in_pointers(ssl); + { + unsigned char *const reassembled_record_start = + ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; + unsigned char *const payload_start = + reassembled_record_start + mbedtls_ssl_in_hdr_len(ssl); + unsigned char *payload_end = payload_start + ssl->in_hsfraglen; + + if (ssl->in_hsfraglen != 0) { + /* We already had a handshake fragment. Prepare to append + * to the initial segment. */ + MBEDTLS_SSL_DEBUG_MSG(3, + ("subsequent handshake fragment: %" MBEDTLS_PRINTF_SIZET + ", %" MBEDTLS_PRINTF_SIZET + "..%" MBEDTLS_PRINTF_SIZET + " of %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen, + ssl->in_hsfraglen, + ssl->in_hsfraglen + ssl->in_msglen, + ssl->in_hslen)); + + const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; + if (ssl->in_msglen > hs_remain) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Handshake fragment too long: %" + MBEDTLS_PRINTF_SIZET " but only %" + MBEDTLS_PRINTF_SIZET " of %" + MBEDTLS_PRINTF_SIZET " remain", + ssl->in_msglen, + hs_remain, + ssl->in_hslen)); + return MBEDTLS_ERR_SSL_INVALID_RECORD; + } + } else if (ssl->in_msglen == ssl->in_hslen) { + /* This is the sole fragment. */ + /* Emit a log message in the same format as when there are + * multiple fragments, for ease of matching. */ + MBEDTLS_SSL_DEBUG_MSG(3, + ("sole handshake fragment: %" MBEDTLS_PRINTF_SIZET + ", %" MBEDTLS_PRINTF_SIZET + "..%" MBEDTLS_PRINTF_SIZET + " of %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen, + ssl->in_hsfraglen, + ssl->in_hsfraglen + ssl->in_msglen, + ssl->in_hslen)); + } else { + /* This is the first fragment of many. */ + MBEDTLS_SSL_DEBUG_MSG(3, + ("initial handshake fragment: %" MBEDTLS_PRINTF_SIZET + ", %" MBEDTLS_PRINTF_SIZET + "..%" MBEDTLS_PRINTF_SIZET + " of %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen, + ssl->in_hsfraglen, + ssl->in_hsfraglen + ssl->in_msglen, + ssl->in_hslen)); + } + + /* Move the received handshake fragment to have the whole message + * (at least the part received so far) in a single segment at a + * known offset in the input buffer. + * - When receiving a non-initial handshake fragment, append it to + * the initial segment. + * - Even the initial handshake fragment is moved, if it was + * encrypted with an explicit IV: decryption leaves the payload + * after the explicit IV, but here we move it to start where the + * IV was. + */ +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + size_t const in_buf_len = ssl->in_buf_len; +#else + size_t const in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; +#endif + if (payload_end + ssl->in_hsfraglen > ssl->in_buf + in_buf_len) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("Shouldn't happen: no room to move handshake fragment %" + MBEDTLS_PRINTF_SIZET " from %p to %p (buf=%p len=%" + MBEDTLS_PRINTF_SIZET ")", + ssl->in_msglen, + ssl->in_msg, payload_end, + ssl->in_buf, in_buf_len)); + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } + memmove(payload_end, ssl->in_msg, ssl->in_msglen); + + ssl->in_hsfraglen += ssl->in_msglen; + payload_end += ssl->in_msglen; + + if (ssl->in_hsfraglen < ssl->in_hslen) { MBEDTLS_SSL_DEBUG_MSG(3, ("Prepare: waiting for more handshake fragments %" - MBEDTLS_PRINTF_SIZET "/%" MBEDTLS_PRINTF_SIZET, + MBEDTLS_PRINTF_SIZET "/%" + MBEDTLS_PRINTF_SIZET, ssl->in_hsfraglen, ssl->in_hslen)); - return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; - } - if (ssl->in_hsfraglen > 0) { - /* - * At in_first_hdr we have a sequence of records that cover the next handshake - * record, each with its own record header that we need to remove. - * Note that the reassembled record size may not equal the size of the message, - * there may be more messages after it, complete or partial. - */ - unsigned char *in_first_hdr = ssl->in_buf + MBEDTLS_SSL_SEQUENCE_NUMBER_LEN; - unsigned char *p = in_first_hdr, *q = NULL; - size_t merged_rec_len = 0; - do { - mbedtls_record rec; - ret = ssl_parse_record_header(ssl, p, mbedtls_ssl_in_hdr_len(ssl), &rec); - if (ret != 0) { - return ret; - } - merged_rec_len += rec.data_len; - p = rec.buf + rec.buf_len; - if (q != NULL) { - memmove(q, rec.buf + rec.data_offset, rec.data_len); - q += rec.data_len; - } else { - q = p; - } - } while (merged_rec_len < ssl->in_hslen); - ssl->in_hdr = in_first_hdr; + ssl->in_hdr = payload_end; + ssl->in_msglen = 0; mbedtls_ssl_update_in_pointers(ssl); - ssl->in_msglen = merged_rec_len; - /* Adjust message length. */ - MBEDTLS_PUT_UINT16_BE(merged_rec_len, ssl->in_len, 0); + return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; + } else { + ssl->in_msglen = ssl->in_hsfraglen; ssl->in_hsfraglen = 0; + ssl->in_hdr = reassembled_record_start; + mbedtls_ssl_update_in_pointers(ssl); + + /* Update the record length in the fully reassembled record */ + if (ssl->in_msglen > 0xffff) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("Shouldn't happen: in_msglen=%" + MBEDTLS_PRINTF_SIZET " > 0xffff", + ssl->in_msglen)); + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } + MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0); + MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record", - ssl->in_hdr, mbedtls_ssl_in_hdr_len(ssl) + merged_rec_len); + ssl->in_hdr, + mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen); } - } else { - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } return 0; diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 3946017625..e68c2cbf09 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -34,13 +34,6 @@ def _has_word_re(words: typing.Iterable[str], re.DOTALL) IGNORED_TESTS = { - 'handshake-generated': [ - # Temporary disable Handshake defragmentation tests until mbedtls - # pr #10011 has been merged. - 'Handshake defragmentation on client: len=4, TLS 1.2', - 'Handshake defragmentation on client: len=5, TLS 1.2', - 'Handshake defragmentation on client: len=13, TLS 1.2' - ], 'ssl-opt': [ # We don't run ssl-opt.sh with Valgrind on the CI because # it's extremely slow. We don't intend to change this. From 90a9593bbd3ec343e16d73cbaf998f8e5768a9b6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Feb 2025 23:57:20 +0100 Subject: [PATCH 0225/1548] Fix dodgy printf calls Pacify `clang -Wformat-pedantic`. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 454b1ebbdd..9d8857dfa6 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3127,8 +3127,8 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) MBEDTLS_PRINTF_SIZET " from %p to %p (buf=%p len=%" MBEDTLS_PRINTF_SIZET ")", ssl->in_msglen, - ssl->in_msg, payload_end, - ssl->in_buf, in_buf_len)); + (void *) ssl->in_msg, (void *) payload_end, + (void *) ssl->in_buf, in_buf_len)); return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } memmove(payload_end, ssl->in_msg, ssl->in_msglen); From 36edd48c61c9c86edd9d3774496c83d12d2cfaa5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Mar 2025 17:41:59 +0100 Subject: [PATCH 0226/1548] Document the limitations of TLS handshake message defragmentation Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 0c0c8bb4d2..85255498b2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4360,6 +4360,24 @@ void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, * with \c mbedtls_ssl_read()), not handshake messages. * With DTLS, this affects both ApplicationData and handshake. * + * \note Defragmentation of incoming handshake messages in TLS + * (excluding DTLS) is supported with some limitations: + * - On an Mbed TLS server that only accepts TLS 1.2, + * the initial ClientHello message must not be fragmented. + * A TLS 1.2 ClientHello may be fragmented if the server + * also accepts TLS 1.3 connections (meaning + * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the + * accepted versions have not been restricted with + * mbedtls_ssl_conf_max_tls_version() or the like). + * - A ClientHello message that initiates a renegotiation + * must not be fragmented. + * - The first fragment of a handshake message must be + * at least 4 bytes long. + * - Non-handshake records must not be interleaved between + * the fragments of a handshake message. (This is permitted + * in TLS 1.2 but not in TLS 1.3, but Mbed TLS rejects it + * even in TLS 1.2.) + * * \note This sets the maximum length for a record's payload, * excluding record overhead that will be added to it, see * \c mbedtls_ssl_get_record_expansion(). From 1b785e2201b9c3047cee8a86caa3ba2718aeee3b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Mar 2025 17:44:20 +0100 Subject: [PATCH 0227/1548] Refer to the API documentation for details Signed-off-by: Gilles Peskine --- ChangeLog.d/tls-hs-defrag-in.txt | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt index 4fd4a4e372..748f95c104 100644 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -1,12 +1,7 @@ Bugfix - * Support re-assembly of fragmented handshake messages in TLS, as mandated - by the spec. Lack of support was causing handshake failures with some - servers, especially with TLS 1.3 in practice (though both protocol - version could be affected in principle, and both are fixed now). - The initial fragment for each handshake message must be at least 4 bytes. - - Server-side, defragmentation of the ClientHello message is only - supported if the server accepts TLS 1.3 (regardless of whether the - ClientHello is 1.3 or 1.2). That is, servers configured (either - at compile time or at runtime) to only accept TLS 1.2 will - still fail the handshake if the ClientHello message is fragmented. + * Support re-assembly of fragmented handshake messages in TLS (both + 1.2 and 1.3). The lack of support was causing handshake failures with + some servers, especially with TLS 1.3 in practice. There are a few + limitations, notably a fragmented ClientHello is only supported when + TLS 1.3 support is enabled. See the documentation of + mbedtls_ssl_conf_max_frag_len() for details. From e4a3fc2f5818729fc13739448c9518f41094d627 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 3 Mar 2025 17:53:53 +0100 Subject: [PATCH 0228/1548] Update framework Changed log messages and added more tests in `tests/opt-testcases/handshake-generated.sh`. Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 4a009d4b3c..8d85112a44 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 4a009d4b3cf6c55a558d90c92c1aa2d1ea2bb99b +Subproject commit 8d85112a44d052a5d89cb0a135e162384da42584 From 0851ec93444b55b1dbb0db7cec3c4845f9cefcd3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Mar 2025 15:15:20 +0100 Subject: [PATCH 0229/1548] Fix end check before memmove Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 9d8857dfa6..ad3bf57592 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3121,7 +3121,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) #else size_t const in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; #endif - if (payload_end + ssl->in_hsfraglen > ssl->in_buf + in_buf_len) { + if (payload_end + ssl->in_msglen > ssl->in_buf + in_buf_len) { MBEDTLS_SSL_DEBUG_MSG(1, ("Shouldn't happen: no room to move handshake fragment %" MBEDTLS_PRINTF_SIZET " from %p to %p (buf=%p len=%" From 149509362b9fe44001e523492dfb56cac94550ae Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 6 Mar 2025 16:06:42 +0100 Subject: [PATCH 0230/1548] TLS context serialization needs an AEAD ciphersuite Signed-off-by: Gabor Mezei --- tests/include/test/ssl_helpers.h | 7 +++++++ tests/suites/test_suite_ssl.function | 29 ++++++++++++++++++++++++---- 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index e5b8d74416..910329dd0d 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -70,6 +70,13 @@ defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY #endif + +#if defined(PSA_WANT_ALG_GCM) ||\ + defined(PSA_WANT_ALG_CCM) ||\ + defined(PSA_WANT_ALG_CHACHA20_POLY1305) +#define MBEDTLS_TEST_HAS_AEAD_ALG +#endif + enum { #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ tls13_label_ ## name, diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 08ecd672f1..7d8bf90efd 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2858,13 +2858,34 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void resize_buffers_serialize_mfl(int mfl) { + /* Choose an AEAD ciphersuite */ + const int *ciphersuites = mbedtls_ssl_list_ciphersuites(); + const mbedtls_ssl_ciphersuite_t *ciphersuite = NULL; + int i = 0; + while (ciphersuites[i] != 0) { + ciphersuite = mbedtls_ssl_ciphersuite_from_id(ciphersuites[i]); + + if (ciphersuite->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { + const mbedtls_ssl_mode_t mode = +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM) + mbedtls_ssl_get_mode_from_ciphersuite(0, ciphersuite); +#else + mbedtls_ssl_get_mode_from_ciphersuite(ciphersuite); +#endif + if (mode == MBEDTLS_SSL_MODE_AEAD) + break; + } + + i++; + } + + TEST_ASSERT(ciphersuite != NULL); + test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, - (char *) ""); - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; + (char *) ciphersuite->name); } /* END_CASE */ From 15c072f0de4555c4810acec14e074c01ddf871de Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Mar 2025 19:03:00 +0100 Subject: [PATCH 0231/1548] Fix handshake defragmentation when the record has multiple messages A handshake record may contain multiple handshake messages, or multiple fragments (there can be the final fragment of a pending message, then zero or more whole messages, and an initial fragment of an incomplete message). This was previously untested, but supported, so don't break it. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 43 ++++++++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index ad3bf57592..acd05b0382 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3055,6 +3055,15 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) unsigned char *const payload_start = reassembled_record_start + mbedtls_ssl_in_hdr_len(ssl); unsigned char *payload_end = payload_start + ssl->in_hsfraglen; + /* How many more bytes we want to have a complete handshake message. */ + const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; + /* How many bytes of the current record are part of the first + * handshake message. There may be more handshake messages (possibly + * incomplete) in the same record; if so, we leave them after the + * current record, and ssl_consume_current_message() will take + * care of consuming the next handshake message. */ + const size_t hs_this_fragment_len = + ssl->in_msglen > hs_remain ? hs_remain : ssl->in_msglen; if (ssl->in_hsfraglen != 0) { /* We already had a handshake fragment. Prepare to append @@ -3066,21 +3075,9 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) " of %" MBEDTLS_PRINTF_SIZET, ssl->in_msglen, ssl->in_hsfraglen, - ssl->in_hsfraglen + ssl->in_msglen, + ssl->in_hsfraglen + hs_this_fragment_len, ssl->in_hslen)); - - const size_t hs_remain = ssl->in_hslen - ssl->in_hsfraglen; - if (ssl->in_msglen > hs_remain) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Handshake fragment too long: %" - MBEDTLS_PRINTF_SIZET " but only %" - MBEDTLS_PRINTF_SIZET " of %" - MBEDTLS_PRINTF_SIZET " remain", - ssl->in_msglen, - hs_remain, - ssl->in_hslen)); - return MBEDTLS_ERR_SSL_INVALID_RECORD; - } - } else if (ssl->in_msglen == ssl->in_hslen) { + } else if (hs_this_fragment_len == ssl->in_hslen) { /* This is the sole fragment. */ /* Emit a log message in the same format as when there are * multiple fragments, for ease of matching. */ @@ -3091,7 +3088,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) " of %" MBEDTLS_PRINTF_SIZET, ssl->in_msglen, ssl->in_hsfraglen, - ssl->in_hsfraglen + ssl->in_msglen, + ssl->in_hsfraglen + hs_this_fragment_len, ssl->in_hslen)); } else { /* This is the first fragment of many. */ @@ -3102,7 +3099,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) " of %" MBEDTLS_PRINTF_SIZET, ssl->in_msglen, ssl->in_hsfraglen, - ssl->in_hsfraglen + ssl->in_msglen, + ssl->in_hsfraglen + hs_this_fragment_len, ssl->in_hslen)); } @@ -3154,16 +3151,24 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) /* Update the record length in the fully reassembled record */ if (ssl->in_msglen > 0xffff) { MBEDTLS_SSL_DEBUG_MSG(1, - ("Shouldn't happen: in_msglen=%" + ("Shouldn't happen: in_hslen=%" MBEDTLS_PRINTF_SIZET " > 0xffff", ssl->in_msglen)); return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0); + size_t record_len = mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen; MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record", - ssl->in_hdr, - mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen); + ssl->in_hdr, record_len); + if (ssl->in_hslen < ssl->in_msglen) { + MBEDTLS_SSL_DEBUG_MSG(3, + ("More handshake messages in the record: " + "%" MBEDTLS_PRINTF_SIZET " + " + "%" MBEDTLS_PRINTF_SIZET, + ssl->in_hslen, + ssl->in_msglen - ssl->in_hslen)); + } } } From afb254c5fed409cf3811e468aae82a72198f38ae Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Mar 2025 19:23:22 +0100 Subject: [PATCH 0232/1548] Unify handshake fragment log messages There is no longer any different processing at this point, just near-identical log messages. Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 51 +++++++++++++---------------------------------- 1 file changed, 14 insertions(+), 37 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index acd05b0382..851c0df394 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3065,43 +3065,20 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) const size_t hs_this_fragment_len = ssl->in_msglen > hs_remain ? hs_remain : ssl->in_msglen; - if (ssl->in_hsfraglen != 0) { - /* We already had a handshake fragment. Prepare to append - * to the initial segment. */ - MBEDTLS_SSL_DEBUG_MSG(3, - ("subsequent handshake fragment: %" MBEDTLS_PRINTF_SIZET - ", %" MBEDTLS_PRINTF_SIZET - "..%" MBEDTLS_PRINTF_SIZET - " of %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen, - ssl->in_hsfraglen, - ssl->in_hsfraglen + hs_this_fragment_len, - ssl->in_hslen)); - } else if (hs_this_fragment_len == ssl->in_hslen) { - /* This is the sole fragment. */ - /* Emit a log message in the same format as when there are - * multiple fragments, for ease of matching. */ - MBEDTLS_SSL_DEBUG_MSG(3, - ("sole handshake fragment: %" MBEDTLS_PRINTF_SIZET - ", %" MBEDTLS_PRINTF_SIZET - "..%" MBEDTLS_PRINTF_SIZET - " of %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen, - ssl->in_hsfraglen, - ssl->in_hsfraglen + hs_this_fragment_len, - ssl->in_hslen)); - } else { - /* This is the first fragment of many. */ - MBEDTLS_SSL_DEBUG_MSG(3, - ("initial handshake fragment: %" MBEDTLS_PRINTF_SIZET - ", %" MBEDTLS_PRINTF_SIZET - "..%" MBEDTLS_PRINTF_SIZET - " of %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen, - ssl->in_hsfraglen, - ssl->in_hsfraglen + hs_this_fragment_len, - ssl->in_hslen)); - } + MBEDTLS_SSL_DEBUG_MSG(3, + ("%s handshake fragment: %" MBEDTLS_PRINTF_SIZET + ", %" MBEDTLS_PRINTF_SIZET + "..%" MBEDTLS_PRINTF_SIZET + " of %" MBEDTLS_PRINTF_SIZET, + (ssl->in_hsfraglen != 0 ? + "subsequent" : + hs_this_fragment_len == ssl->in_hslen ? + "sole" : + "initial"), + ssl->in_msglen, + ssl->in_hsfraglen, + ssl->in_hsfraglen + hs_this_fragment_len, + ssl->in_hslen)); /* Move the received handshake fragment to have the whole message * (at least the part received so far) in a single segment at a From b8f1e4bae3fa26743ee3dfe43f22c2425dbb2db9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Mar 2025 21:32:08 +0100 Subject: [PATCH 0233/1548] Pacify uncrustify Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 851c0df394..3c7ff8279f 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3141,8 +3141,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) if (ssl->in_hslen < ssl->in_msglen) { MBEDTLS_SSL_DEBUG_MSG(3, ("More handshake messages in the record: " - "%" MBEDTLS_PRINTF_SIZET " + " - "%" MBEDTLS_PRINTF_SIZET, + "%" MBEDTLS_PRINTF_SIZET " + %" MBEDTLS_PRINTF_SIZET, ssl->in_hslen, ssl->in_msglen - ssl->in_hslen)); } From dab1cb5b4515c683e0016b381afc0b1bd30b797b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Mar 2025 21:30:23 +0100 Subject: [PATCH 0234/1548] Note unused variables when debugging is disabled Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 3c7ff8279f..cc133be273 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3064,6 +3064,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) * care of consuming the next handshake message. */ const size_t hs_this_fragment_len = ssl->in_msglen > hs_remain ? hs_remain : ssl->in_msglen; + (void) hs_this_fragment_len; MBEDTLS_SSL_DEBUG_MSG(3, ("%s handshake fragment: %" MBEDTLS_PRINTF_SIZET @@ -3136,6 +3137,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) MBEDTLS_PUT_UINT16_BE(ssl->in_msglen, ssl->in_len, 0); size_t record_len = mbedtls_ssl_in_hdr_len(ssl) + ssl->in_msglen; + (void) record_len; MBEDTLS_SSL_DEBUG_BUF(4, "reassembled record", ssl->in_hdr, record_len); if (ssl->in_hslen < ssl->in_msglen) { From 692d855b4dbb1f361b67f5e945f4c4108c4ff62f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Feb 2025 15:53:19 +0100 Subject: [PATCH 0235/1548] tf-psa-crypto: udpate reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 25742030e4..7d60bf1078 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 25742030e4eddfb29913cb82642703ee0fe5d0d7 +Subproject commit 7d60bf1078578bfc809f1516c195c54cefdb510d From e34ec86370b340bc845a91ea0b08e016c84c9d92 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 10:43:39 +0100 Subject: [PATCH 0236/1548] Fix a log message Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index cc133be273..d91e8300a6 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3129,7 +3129,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) /* Update the record length in the fully reassembled record */ if (ssl->in_msglen > 0xffff) { MBEDTLS_SSL_DEBUG_MSG(1, - ("Shouldn't happen: in_hslen=%" + ("Shouldn't happen: in_msglen=%" MBEDTLS_PRINTF_SIZET " > 0xffff", ssl->in_msglen)); return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; From 8829aa336c6c9398a52225948380ff8170a31e07 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 7 Mar 2025 13:21:37 +0100 Subject: [PATCH 0237/1548] Fix code style Signed-off-by: Gabor Mezei --- tests/include/test/ssl_helpers.h | 4 ++-- tests/suites/test_suite_ssl.function | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 910329dd0d..ef4927f72e 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -71,8 +71,8 @@ #define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY #endif -#if defined(PSA_WANT_ALG_GCM) ||\ - defined(PSA_WANT_ALG_CCM) ||\ +#if defined(PSA_WANT_ALG_GCM) || \ + defined(PSA_WANT_ALG_CCM) || \ defined(PSA_WANT_ALG_CHACHA20_POLY1305) #define MBEDTLS_TEST_HAS_AEAD_ALG #endif diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 7d8bf90efd..e9584dcc1f 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2875,8 +2875,9 @@ void resize_buffers_serialize_mfl(int mfl) #else mbedtls_ssl_get_mode_from_ciphersuite(ciphersuite); #endif - if (mode == MBEDTLS_SSL_MODE_AEAD) + if (mode == MBEDTLS_SSL_MODE_AEAD) { break; + } } i++; From 816b7126806f2faf63eb0b3b8207d5c6b071f10c Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 7 Mar 2025 17:20:59 +0000 Subject: [PATCH 0238/1548] TLS1.2: Check for failures in Finished calculation If the calc_finished function returns an error code, don't ignore it but instead return the error code to stop the handshake as the Finished message may be incorrect. Signed-off-by: David Horstmann --- library/ssl_tls.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0b072e6a76..b740358c13 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7570,6 +7570,7 @@ int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl) ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret); + return ret; } /* @@ -7683,6 +7684,7 @@ int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl) ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret); + return ret; } if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { From 6408113fe2f11d8ed3a35ee721761d9c8ab54da6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Feb 2025 10:33:58 +0100 Subject: [PATCH 0239/1548] tests: move component_test_tf_psa_crypto_cmake_as_package to tf-psa-crypto Signed-off-by: Valerio Setti --- tests/scripts/components-build-system.sh | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh index 91a999e10a..3108aa7b92 100644 --- a/tests/scripts/components-build-system.sh +++ b/tests/scripts/components-build-system.sh @@ -123,27 +123,6 @@ component_test_cmake_as_package () { fi } -component_test_tf_psa_crypto_cmake_as_package () { - # Remove existing generated files so that we use the ones CMake - # generates - make neat - - msg "build: cmake 'as-package' build" - root_dir="$(pwd)" - cd tf-psa-crypto/programs/test/cmake_package - build_variant_dir="$(pwd)" - cmake . - make - ./cmake_package - if [[ "$OSTYPE" == linux* ]]; then - PKG_CONFIG_PATH="${build_variant_dir}/tf-psa-crypto/pkgconfig" \ - ${root_dir}/framework/scripts/pkgconfig.sh \ - tfpsacrypto - # This is the EXPECTED package name. Renaming it could break consumers - # of pkg-config, consider carefully. - fi -} - support_test_cmake_as_package () { support_test_cmake_out_of_source } From 0cfe54e4e07736a00e4f4810130bf994d1739552 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 5 Mar 2025 15:49:08 +0000 Subject: [PATCH 0240/1548] remove RNG parameters from SSL API's Signed-off-by: Ben Taylor --- include/mbedtls/ssl_cookie.h | 4 +--- include/mbedtls/ssl_ticket.h | 5 ----- library/ssl_cookie.c | 6 +----- library/ssl_ticket.c | 22 +++++++++++++--------- programs/fuzz/fuzz_dtlsserver.c | 2 +- programs/fuzz/fuzz_server.c | 2 -- programs/ssl/dtls_server.c | 3 +-- programs/ssl/ssl_server2.c | 5 +---- 8 files changed, 18 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h index afeb07b0fd..ec54f614d3 100644 --- a/include/mbedtls/ssl_cookie.h +++ b/include/mbedtls/ssl_cookie.h @@ -55,9 +55,7 @@ void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx); /** * \brief Setup cookie context (generate keys) */ -int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); +int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx); /** * \brief Set expiration delay for cookies diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index ef97e8f024..5a2e4876e5 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -68,8 +68,6 @@ typedef struct mbedtls_ssl_ticket_context { uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */ /** Callback for getting (pseudo-)random numbers */ - int(*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */ #if defined(MBEDTLS_THREADING_C) mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); @@ -90,8 +88,6 @@ void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx); * \brief Prepare context to be actually used * * \param ctx Context to be set up - * \param f_rng RNG callback function (mandatory) - * \param p_rng RNG callback context * \param alg AEAD cipher to use for ticket protection. * \param key_type Cryptographic key type to use. * \param key_bits Cryptographic key size to use in bits. @@ -116,7 +112,6 @@ void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx); * or a specific MBEDTLS_ERR_XXX error code */ int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime); diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 01b90e14b1..11811ee30f 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -81,16 +81,12 @@ void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx) mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_cookie_ctx)); } -int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) +int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_algorithm_t alg; - (void) f_rng; - (void) p_rng; alg = mbedtls_md_psa_alg_from_type(COOKIE_MD); if (alg == 0) { diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 8653e2ddda..c10d36fb59 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -75,11 +75,15 @@ static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx, */ key->lifetime = ctx->ticket_lifetime; - if ((ret = ctx->f_rng(ctx->p_rng, key->name, sizeof(key->name))) != 0) { + if ((ret = psa_crypto_init()) != 0) { return ret; } - if ((ret = ctx->f_rng(ctx->p_rng, buf, sizeof(buf))) != 0) { + if ((ret = psa_generate_random(key->name, sizeof(key->name))) != 0) { + return ret; + } + + if ((ret = psa_generate_random(buf, sizeof(buf))) != 0) { return ret; } @@ -185,7 +189,6 @@ int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx, * Setup context for actual use */ int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime) { @@ -199,9 +202,6 @@ int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - ctx->f_rng = f_rng; - ctx->p_rng = p_rng; - ctx->ticket_lifetime = lifetime; ctx->keys[0].alg = alg; @@ -254,7 +254,7 @@ int mbedtls_ssl_ticket_write(void *p_ticket, *tlen = 0; - if (ctx == NULL || ctx->f_rng == NULL) { + if (ctx == NULL) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } @@ -278,7 +278,11 @@ int mbedtls_ssl_ticket_write(void *p_ticket, memcpy(key_name, key->name, TICKET_KEY_NAME_BYTES); - if ((ret = ctx->f_rng(ctx->p_rng, iv, TICKET_IV_BYTES)) != 0) { + if ((ret = psa_crypto_init()) != 0) { + goto cleanup; + } + + if ((ret = psa_generate_random(iv, TICKET_IV_BYTES)) != 0) { goto cleanup; } @@ -355,7 +359,7 @@ int mbedtls_ssl_ticket_parse(void *p_ticket, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if (ctx == NULL || ctx->f_rng == NULL) { + if (ctx == NULL) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index c2dbef86c6..d215f7ac7f 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -108,7 +108,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } #endif - if (mbedtls_ssl_cookie_setup(&cookie_ctx, dummy_random, &ctr_drbg) != 0) { + if (mbedtls_ssl_cookie_setup(&cookie_ctx) != 0) { goto exit; } diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 28f9e336ca..09436542e6 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -132,8 +132,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) if (options & 0x4) { if (mbedtls_ssl_ticket_setup(&ticket_ctx, //context - dummy_random, //f_rng - &ctr_drbg, //p_rng PSA_ALG_GCM, //alg PSA_KEY_TYPE_AES, //key_type 256, //key_bits diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 6430ed2a2f..e881c91aee 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -216,8 +216,7 @@ int main(void) goto exit; } - if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx)) != 0) { printf(" failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret); goto exit; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index dc7ca8f51c..a81cc88c0c 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2971,8 +2971,6 @@ int main(int argc, char *argv[]) #endif /* MBEDTLS_HAVE_TIME */ { if ((ret = mbedtls_ssl_ticket_setup(&ticket_ctx, - rng_get, - &rng, opt.ticket_alg, opt.ticket_key_type, opt.ticket_key_bits, @@ -3014,8 +3012,7 @@ int main(int argc, char *argv[]) if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { #if defined(MBEDTLS_SSL_COOKIE_C) if (opt.cookies > 0) { - if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx, - rng_get, &rng)) != 0) { + if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx)) != 0) { mbedtls_printf(" failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret); goto exit; } From 857144c9c2983cc7f30bd6c8019674cf6979acb5 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 10 Mar 2025 13:45:22 +0000 Subject: [PATCH 0241/1548] removed psa_crypto_init from library as this is supposed to be called by the application Signed-off-by: Ben Taylor --- library/ssl_ticket.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index c10d36fb59..7b0391924a 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -75,10 +75,6 @@ static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx, */ key->lifetime = ctx->ticket_lifetime; - if ((ret = psa_crypto_init()) != 0) { - return ret; - } - if ((ret = psa_generate_random(key->name, sizeof(key->name))) != 0) { return ret; } @@ -278,10 +274,6 @@ int mbedtls_ssl_ticket_write(void *p_ticket, memcpy(key_name, key->name, TICKET_KEY_NAME_BYTES); - if ((ret = psa_crypto_init()) != 0) { - goto cleanup; - } - if ((ret = psa_generate_random(iv, TICKET_IV_BYTES)) != 0) { goto cleanup; } From 5e838bd0e8a3f432dc2d7b7efe03eeb99518a874 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Feb 2025 14:37:33 +0100 Subject: [PATCH 0242/1548] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 7d60bf1078..7d941e84a5 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 7d60bf1078578bfc809f1516c195c54cefdb510d +Subproject commit 7d941e84a5b5c77f642186075ef45b3cc3214d57 From e26a060194d347ade965050fe94bfb665b8f4d83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 5 Mar 2025 12:52:18 +0100 Subject: [PATCH 0243/1548] Cleanly reject non-HS in-between HS fragments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_msg.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index d91e8300a6..f5ea8dd277 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -4889,6 +4889,18 @@ int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + /* If we're in the middle of a fragmented TLS handshake message, + * we don't accept any other message type. For TLS 1.3, the spec forbids + * interleaving other message types between handshake fragments. For TLS + * 1.2, the spec does not forbid it but we do. */ + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM && + ssl->in_hsfraglen != 0 && + ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("non-handshake message in the middle" + " of a fragmented handshake message")); + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; + } + /* * Handle particular types of records */ From d8f9e22b5e7f5aa896c2a923fe0e67c160b0c3af Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Mar 2025 13:45:27 +0100 Subject: [PATCH 0244/1548] Move the defragmentation documentation to mbedtls_ssl_handshake Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 85255498b2..41dc13f627 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4360,23 +4360,9 @@ void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, * with \c mbedtls_ssl_read()), not handshake messages. * With DTLS, this affects both ApplicationData and handshake. * - * \note Defragmentation of incoming handshake messages in TLS - * (excluding DTLS) is supported with some limitations: - * - On an Mbed TLS server that only accepts TLS 1.2, - * the initial ClientHello message must not be fragmented. - * A TLS 1.2 ClientHello may be fragmented if the server - * also accepts TLS 1.3 connections (meaning - * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the - * accepted versions have not been restricted with - * mbedtls_ssl_conf_max_tls_version() or the like). - * - A ClientHello message that initiates a renegotiation - * must not be fragmented. - * - The first fragment of a handshake message must be - * at least 4 bytes long. - * - Non-handshake records must not be interleaved between - * the fragments of a handshake message. (This is permitted - * in TLS 1.2 but not in TLS 1.3, but Mbed TLS rejects it - * even in TLS 1.2.) + * \note Defragmentation of TLS handshake messages is supported + * with some limitations. See the documentation of + * mbedtls_ssl_handshake() for details. * * \note This sets the maximum length for a record's payload, * excluding record overhead that will be added to it, see @@ -4867,6 +4853,24 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * currently being processed might or might not contain further * DTLS records. * + * \note Defragmentation of incoming handshake messages in TLS + * (excluding DTLS) is supported with some limitations: + * - On an Mbed TLS server that only accepts TLS 1.2, + * the initial ClientHello message must not be fragmented. + * A TLS 1.2 ClientHello may be fragmented if the server + * also accepts TLS 1.3 connections (meaning + * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the + * accepted versions have not been restricted with + * mbedtls_ssl_conf_max_tls_version() or the like). + * - A ClientHello message that initiates a renegotiation + * must not be fragmented. + * - The first fragment of a handshake message must be + * at least 4 bytes long. + * - Non-handshake records must not be interleaved between + * the fragments of a handshake message. (This is permitted + * in TLS 1.2 but not in TLS 1.3, but Mbed TLS rejects it + * even in TLS 1.2.) + * * \note The PSA crypto subsystem must have been initialized by * calling psa_crypto_init() before calling this function. */ From 80facedad9742ee83584bfcfe6ebdc30af223563 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Mar 2025 13:47:14 +0100 Subject: [PATCH 0245/1548] ClientHello may be fragmented in renegotiation Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 41dc13f627..469364d3f7 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4862,8 +4862,6 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the * accepted versions have not been restricted with * mbedtls_ssl_conf_max_tls_version() or the like). - * - A ClientHello message that initiates a renegotiation - * must not be fragmented. * - The first fragment of a handshake message must be * at least 4 bytes long. * - Non-handshake records must not be interleaved between From d9c858039e524f5f3460bed520991cf09575ab2e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Mar 2025 13:47:49 +0100 Subject: [PATCH 0246/1548] Clarify DTLS Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 469364d3f7..e28c8ee73d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4854,7 +4854,7 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * DTLS records. * * \note Defragmentation of incoming handshake messages in TLS - * (excluding DTLS) is supported with some limitations: + * is supported with some limitations: * - On an Mbed TLS server that only accepts TLS 1.2, * the initial ClientHello message must not be fragmented. * A TLS 1.2 ClientHello may be fragmented if the server @@ -4862,6 +4862,7 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the * accepted versions have not been restricted with * mbedtls_ssl_conf_max_tls_version() or the like). + * This limitation does not apply to DTLS. * - The first fragment of a handshake message must be * at least 4 bytes long. * - Non-handshake records must not be interleaved between From 5ea94e6cd1ab8a89ee75284144412e2495607cf7 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 11 Mar 2025 15:52:48 +0000 Subject: [PATCH 0247/1548] Add changelog entry for TLS 1.2 Finished fix Signed-off-by: David Horstmann --- ChangeLog.d/tls12-check-finished-calc.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/tls12-check-finished-calc.txt diff --git a/ChangeLog.d/tls12-check-finished-calc.txt b/ChangeLog.d/tls12-check-finished-calc.txt new file mode 100644 index 0000000000..cd52d32ffd --- /dev/null +++ b/ChangeLog.d/tls12-check-finished-calc.txt @@ -0,0 +1,6 @@ +Security + * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed + or there was a cryptographic hardware failure when calculating the + Finished message, it could be calculated incorrectly. This would break + the security guarantees of the TLS handshake. + CVE-2025-27810 From 2b78a5abfa2a19b6ec38066a080a6b6d10ad23fc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Mar 2025 10:07:33 +0100 Subject: [PATCH 0248/1548] State globally that the limitations don't apply to DTLS Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e28c8ee73d..4547976e30 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4853,8 +4853,10 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * currently being processed might or might not contain further * DTLS records. * - * \note Defragmentation of incoming handshake messages in TLS - * is supported with some limitations: + * \note In TLS, reception of fragmented handshake messages is + * supported with some limitations (those limitations do + * not apply to DTLS, where defragmentation is fully + * supported): * - On an Mbed TLS server that only accepts TLS 1.2, * the initial ClientHello message must not be fragmented. * A TLS 1.2 ClientHello may be fragmented if the server @@ -4862,7 +4864,6 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the * accepted versions have not been restricted with * mbedtls_ssl_conf_max_tls_version() or the like). - * This limitation does not apply to DTLS. * - The first fragment of a handshake message must be * at least 4 bytes long. * - Non-handshake records must not be interleaved between From 4c30cd8e492e9230a68afa2f85a83368449f7eec Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Mar 2025 10:08:14 +0100 Subject: [PATCH 0249/1548] Update the location of defragmentation limitations Signed-off-by: Gilles Peskine --- ChangeLog.d/tls-hs-defrag-in.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt index 748f95c104..6bab02a029 100644 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -4,4 +4,4 @@ Bugfix some servers, especially with TLS 1.3 in practice. There are a few limitations, notably a fragmented ClientHello is only supported when TLS 1.3 support is enabled. See the documentation of - mbedtls_ssl_conf_max_frag_len() for details. + mbedtls_ssl_handshake() for details. From 122105269ad0299a0df0b140df13d5f3f0bcf658 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 28 Feb 2025 16:22:33 +0100 Subject: [PATCH 0250/1548] Run test_suite_debug without MBEDTLS_SSL_TLS_C MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Move the suite's global dependency on MBEDTLS_SSL_TLS_C to the individual test cases. Add an preprocesor guard around string_debug to prevent warning about unused functions. Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_debug.function | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index a71db14eca..b4692ca1f3 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -9,6 +9,7 @@ struct buffer_data { char *ptr; }; +#if defined(MBEDTLS_SSL_TLS_C) static void string_debug(void *data, int level, const char *file, int line, const char *str) { struct buffer_data *buffer = (struct buffer_data *) data; @@ -44,14 +45,15 @@ static void string_debug(void *data, int level, const char *file, int line, cons buffer->ptr = p; } +#endif /* MBEDTLS_SSL_TLS_C */ /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_DEBUG_C:MBEDTLS_SSL_TLS_C + * depends_on:MBEDTLS_DEBUG_C * END_DEPENDENCIES */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C */ void debug_print_msg_threshold(int threshold, int level, char *file, int line, char *result_str) { @@ -89,7 +91,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C */ void mbedtls_debug_print_ret(char *file, int line, char *text, int value, char *result_str) { @@ -124,7 +126,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C */ void mbedtls_debug_print_buf(char *file, int line, char *text, data_t *data, char *result_str) { @@ -159,7 +161,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void mbedtls_debug_print_crt(char *crt_file, char *file, int line, char *prefix, char *result_str) { @@ -199,7 +201,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_BIGNUM_C */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C:MBEDTLS_BIGNUM_C */ void mbedtls_debug_print_mpi(char *value, char *file, int line, char *prefix, char *result_str) { From c6a8bf0f8e10aa853969161f88a2c4c7e0bf4333 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 28 Feb 2025 22:32:15 +0100 Subject: [PATCH 0251/1548] Test handling of format macros defined in debug.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_debug.data | 7 +++++++ tests/suites/test_suite_debug.function | 28 ++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index c8f40a0c5b..af153b9013 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -1,3 +1,10 @@ +# printf_int_expr expects a smuggled string expression as its first parameter +printf "%" MBEDTLS_PRINTF_SIZET, 0 +printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_SIZET:sizeof(size_t):0:"0" + +printf "%" MBEDTLS_PRINTF_LONGLONG, 0 +printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_LONGLONG:sizeof(long long):0:"0" + Debug print msg (threshold 1, level 0) debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index b4692ca1f3..a8a8c68fa3 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -53,6 +53,34 @@ static void string_debug(void *data, int level, const char *file, int line, cons * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void printf_int_expr(intmax_t smuggle_format_expr, /* TODO: teach test framework about string expressions */ + intmax_t sizeof_x, intmax_t x, char *result) +{ + const char *format = (char *) ((uintptr_t) smuggle_format_expr); + char *output = NULL; + const size_t n = strlen(result); + + /* Nominal case: buffer just large enough */ + TEST_CALLOC(output, n + 1); + if ((size_t) sizeof_x <= sizeof(int)) { // Any smaller integers would be promoted to an int due to calling a vararg function + TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (int) x)); + } else if (sizeof_x == sizeof(long)) { + TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (long) x)); + } else if (sizeof_x == sizeof(long long)) { + TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (long long) x)); + } else { + TEST_FAIL( + "sizeof_x <= sizeof(int) || sizeof_x == sizeof(long) || sizeof_x == sizeof(long long)"); + } + TEST_MEMORY_COMPARE(result, n + 1, output, n + 1); + +exit: + mbedtls_free(output); + output = NULL; +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C */ void debug_print_msg_threshold(int threshold, int level, char *file, int line, char *result_str) From 154066d118f64058a088f77670cdaa1a20157c5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Sun, 2 Mar 2025 00:58:11 +0100 Subject: [PATCH 0252/1548] Add testcase for MBEDTLS_PRINTF_MS_TIME MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_debug.data | 3 +++ tests/suites/test_suite_debug.function | 9 +++++++++ 2 files changed, 12 insertions(+) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index af153b9013..e7bdf69a8f 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -5,6 +5,9 @@ printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_SIZET:sizeof(size_t):0:"0" printf "%" MBEDTLS_PRINTF_LONGLONG, 0 printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_LONGLONG:sizeof(long long):0:"0" +printf "%" MBEDTLS_PRINTF_MS_TIME, 0 +printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_MS_TIME:MBEDTLS_MS_TIME_SIZE:0:"0" + Debug print msg (threshold 1, level 0) debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index a8a8c68fa3..af91ea43f0 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -4,6 +4,15 @@ #include "mbedtls/pk.h" #include +// Use a macro instead of sizeof(mbedtls_ms_time_t) because the expression store +// doesn't exclude entries based on depends_on headers, which would cause failures +// in builds without MBEDTLS_HAVE_TIME +#if defined(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO) +# define MBEDTLS_MS_TIME_SIZE sizeof(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO) +#else +# define MBEDTLS_MS_TIME_SIZE sizeof(int64_t) +#endif + struct buffer_data { char buf[2000]; char *ptr; From 58bb7ecd9486daaf3d954a15a1f7d0e72de37617 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Sun, 2 Mar 2025 01:17:02 +0100 Subject: [PATCH 0253/1548] Disable fatal assertions in Windows printf tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Windows CRT treats any invalid format specifiers passed to the CRT as fatal assertion failures. Disable thie behaviour temporarily while testing if the format specifiers we use are supported. Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_debug.function | 40 ++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index af91ea43f0..36ab9bde23 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -4,6 +4,11 @@ #include "mbedtls/pk.h" #include +#if defined(_WIN32) +# include +# include +#endif + // Use a macro instead of sizeof(mbedtls_ms_time_t) because the expression store // doesn't exclude entries based on depends_on headers, which would cause failures // in builds without MBEDTLS_HAVE_TIME @@ -55,6 +60,23 @@ static void string_debug(void *data, int level, const char *file, int line, cons buffer->ptr = p; } #endif /* MBEDTLS_SSL_TLS_C */ + +#if defined(_WIN32) +static void noop_invalid_parameter_handler( + const wchar_t *expression, + const wchar_t *function, + const wchar_t *file, + unsigned int line, + uintptr_t pReserved) +{ + (void) expression; + (void) function; + (void) file; + (void) line; + (void) pReserved; +} +#endif /* _WIN32 */ + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -66,6 +88,17 @@ static void string_debug(void *data, int level, const char *file, int line, cons void printf_int_expr(intmax_t smuggle_format_expr, /* TODO: teach test framework about string expressions */ intmax_t sizeof_x, intmax_t x, char *result) { +#if defined(_WIN32) + /* Windows treats any invalid format specifiers passsed to the CRT as fatal assertion failures. + Disable this behaviour temporarily, so the rest of the test cases can complete. */ + _invalid_parameter_handler saved_handler = + _set_invalid_parameter_handler(noop_invalid_parameter_handler); + + // Disable assertion pop-up window in Debug builds + int saved_report_mode = _CrtSetReportMode(_CRT_ASSERT, _CRTDBG_REPORT_MODE); + _CrtSetReportMode(_CRT_ASSERT, _CRTDBG_MODE_DEBUG); +#endif + const char *format = (char *) ((uintptr_t) smuggle_format_expr); char *output = NULL; const size_t n = strlen(result); @@ -87,6 +120,13 @@ void printf_int_expr(intmax_t smuggle_format_expr, /* TODO: teach test framework exit: mbedtls_free(output); output = NULL; + +#if defined(_WIN32) + // Restore default Windows behaviour + _set_invalid_parameter_handler(saved_handler); + _CrtSetReportMode(_CRT_ASSERT, saved_report_mode); + (void) saved_report_mode; +#endif } /* END_CASE */ From becb21e66858acd4f0814d2e32cce63a460e79e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 28 Feb 2025 22:39:09 +0100 Subject: [PATCH 0254/1548] Fix MSVC version guard for C99 format size specifiers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Visual Studio 2013 (_MSC_VER == 1800) doesn't support %zu - only use it on 2015 and above (_MSC_VER >= 1900). %ldd works on Visual Studio 2013, but this patch keeps the two macro definitions together, for simplicity's sake. Signed-off-by: Bence Szépkúti --- ChangeLog.d/fix-msvc-version-guard-format-zu.txt | 5 +++++ include/mbedtls/debug.h | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/fix-msvc-version-guard-format-zu.txt diff --git a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt new file mode 100644 index 0000000000..637388ecaa --- /dev/null +++ b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that + occurred whenever SSL debugging was enabled on a copy of Mbed TLS built + with Visual Studio 2013. + Fixes #10017. diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 424ed4b3fd..a940ef7821 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -108,16 +108,16 @@ * * This module provides debugging functions. */ -#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) +#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1900) #include #define MBEDTLS_PRINTF_SIZET PRIuPTR #define MBEDTLS_PRINTF_LONGLONG "I64d" #else \ - /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */ + /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1900) */ #define MBEDTLS_PRINTF_SIZET "zu" #define MBEDTLS_PRINTF_LONGLONG "lld" #endif \ - /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */ + /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1900) */ #if !defined(MBEDTLS_PRINTF_MS_TIME) #include From ebe1f811c88856d3c6c1a17eedcec4c4b4875569 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Sat, 1 Mar 2025 23:53:47 +0100 Subject: [PATCH 0255/1548] Remove Everest VS2010 compatibility headers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These headers were necessary for compatibility with Visual Studio 2010, and interfere with the system headers on Visual Studio 2013+, eg. when building Mbed TLS using the .sln file shipped with the project. Move the still-required definition of "inline" to callconv.h, where the definition for GCC also lives. Signed-off-by: Bence Szépkúti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 7d941e84a5..399c5f9e1d 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 7d941e84a5b5c77f642186075ef45b3cc3214d57 +Subproject commit 399c5f9e1d71cb177eb0c16cb934755b409abe23 From cd1ece7846fa9f32f7e8c2af99c2d263031145f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 7 Mar 2025 17:22:40 +0100 Subject: [PATCH 0256/1548] Never use %zu on MinGW MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- include/mbedtls/debug.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index a940ef7821..8e1bd83a1a 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -108,7 +108,7 @@ * * This module provides debugging functions. */ -#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1900) +#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) #include #define MBEDTLS_PRINTF_SIZET PRIuPTR #define MBEDTLS_PRINTF_LONGLONG "I64d" From a4c9233292caad5612c135ddbf1c005c9cd04fb3 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 12 Mar 2025 15:25:17 +0000 Subject: [PATCH 0257/1548] Updated framework pointer. Signed-off-by: Minos Galanakis --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 8d85112a44..cab0c5fe19 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 8d85112a44d052a5d89cb0a135e162384da42584 +Subproject commit cab0c5fe19d5747cb9603552b80ebe64b9c67fdd From 9ea950417640b0a4a505c31bd7fbdb4c25d71a38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Sat, 8 Mar 2025 00:40:47 +0100 Subject: [PATCH 0258/1548] Update changelog to call out MinGW MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- ChangeLog.d/fix-msvc-version-guard-format-zu.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt index 637388ecaa..eefda618ca 100644 --- a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt +++ b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt @@ -1,5 +1,5 @@ Bugfix * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that occurred whenever SSL debugging was enabled on a copy of Mbed TLS built - with Visual Studio 2013. + with Visual Studio 2013 or MinGW. Fixes #10017. From 011b6cb1c5395b4ffe9c3ac5d42098db6137da3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Sat, 8 Mar 2025 01:02:37 +0100 Subject: [PATCH 0259/1548] Fix comments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- include/mbedtls/debug.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 8e1bd83a1a..e6f5dadb14 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -113,11 +113,11 @@ #define MBEDTLS_PRINTF_SIZET PRIuPTR #define MBEDTLS_PRINTF_LONGLONG "I64d" #else \ - /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1900) */ + /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */ #define MBEDTLS_PRINTF_SIZET "zu" #define MBEDTLS_PRINTF_LONGLONG "lld" #endif \ - /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1900) */ + /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */ #if !defined(MBEDTLS_PRINTF_MS_TIME) #include From 46e0b1cac9098cdaf30f8adc5bfa1f93f2627701 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 12 Mar 2025 16:43:38 +0100 Subject: [PATCH 0260/1548] Use dummy typedef instead of macro MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use a dummy definition of mbedtls_ms_time_t in builds without MBEDTLS_HAVE_TIME. Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_debug.data | 2 +- tests/suites/test_suite_debug.function | 10 +++------- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index e7bdf69a8f..af26dfd72d 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -6,7 +6,7 @@ printf "%" MBEDTLS_PRINTF_LONGLONG, 0 printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_LONGLONG:sizeof(long long):0:"0" printf "%" MBEDTLS_PRINTF_MS_TIME, 0 -printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_MS_TIME:MBEDTLS_MS_TIME_SIZE:0:"0" +printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0:"0" Debug print msg (threshold 1, level 0) debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 36ab9bde23..dc3d2888df 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -9,13 +9,9 @@ # include #endif -// Use a macro instead of sizeof(mbedtls_ms_time_t) because the expression store -// doesn't exclude entries based on depends_on headers, which would cause failures -// in builds without MBEDTLS_HAVE_TIME -#if defined(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO) -# define MBEDTLS_MS_TIME_SIZE sizeof(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO) -#else -# define MBEDTLS_MS_TIME_SIZE sizeof(int64_t) +// Dummy type for builds without MBEDTLS_HAVE_TIME +#if !defined(MBEDTLS_HAVE_TIME) +typedef int64_t mbedtls_ms_time_t; #endif struct buffer_data { From 24f11a366da5823d57bc6e34d272752acab96d88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 12 Mar 2025 17:08:46 +0100 Subject: [PATCH 0261/1548] Use an array of strings instead of pointer smuggling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_debug.data | 7 +++---- tests/suites/test_suite_debug.function | 17 ++++++++++++++--- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index af26dfd72d..0989e61089 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -1,12 +1,11 @@ -# printf_int_expr expects a smuggled string expression as its first parameter printf "%" MBEDTLS_PRINTF_SIZET, 0 -printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_SIZET:sizeof(size_t):0:"0" +printf_int_expr:PRINTF_SIZET:sizeof(size_t):0:"0" printf "%" MBEDTLS_PRINTF_LONGLONG, 0 -printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_LONGLONG:sizeof(long long):0:"0" +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0:"0" printf "%" MBEDTLS_PRINTF_MS_TIME, 0 -printf_int_expr:(uintptr_t) "%" MBEDTLS_PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0:"0" +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0:"0" Debug print msg (threshold 1, level 0) debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index dc3d2888df..f3c8ff6196 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -14,6 +14,18 @@ typedef int64_t mbedtls_ms_time_t; #endif +typedef enum { + PRINTF_SIZET, + PRINTF_LONGLONG, + PRINTF_MS_TIME, +} printf_format_indicator_t; + +const char *const printf_formats[] = { + [PRINTF_SIZET] = "%" MBEDTLS_PRINTF_SIZET, + [PRINTF_LONGLONG] = "%" MBEDTLS_PRINTF_LONGLONG, + [PRINTF_MS_TIME] = "%" MBEDTLS_PRINTF_MS_TIME, +}; + struct buffer_data { char buf[2000]; char *ptr; @@ -81,8 +93,7 @@ static void noop_invalid_parameter_handler( */ /* BEGIN_CASE */ -void printf_int_expr(intmax_t smuggle_format_expr, /* TODO: teach test framework about string expressions */ - intmax_t sizeof_x, intmax_t x, char *result) +void printf_int_expr(int format_indicator, intmax_t sizeof_x, intmax_t x, char *result) { #if defined(_WIN32) /* Windows treats any invalid format specifiers passsed to the CRT as fatal assertion failures. @@ -95,7 +106,7 @@ void printf_int_expr(intmax_t smuggle_format_expr, /* TODO: teach test framework _CrtSetReportMode(_CRT_ASSERT, _CRTDBG_MODE_DEBUG); #endif - const char *format = (char *) ((uintptr_t) smuggle_format_expr); + const char *format = printf_formats[format_indicator]; char *output = NULL; const size_t n = strlen(result); From daa14a4212bdb88fd8e62e22944c899ac3830331 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 12 Feb 2025 16:20:01 +0000 Subject: [PATCH 0262/1548] ssl-opt: Added fragmented HS tests for SSL_VARIABLE_BUFFER_LENGTH. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0736d0e3d0..d260cb7498 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13711,7 +13711,7 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello" \ +run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello (unsupported)" \ "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 1 \ @@ -13719,6 +13719,24 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello" \ -s "bad client hello message" \ -s "SSL - A message could not be parsed due to a syntactic error" +# Test Server Buffer resizing with fragmented handshake on TLS1.2 +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH +requires_max_content_len 1025 +run_test "Handshake defragmentation on server with buffer resizing: len=256, MFL=1024" \ + "$P_SRV debug_level=4 auth_mode=required" \ + "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -maxfraglen 1024 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "Reallocating in_buf" \ + -s "Reallocating out_buf" \ + -s "reassembled record" \ + -s "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ + -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 5aaa6e048bb0e46d9b014d7df7b44f792603f6b2 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 12 Feb 2025 18:23:09 +0000 Subject: [PATCH 0263/1548] ssl-opt: Added fragmented HS tests for client-initiated renegotiation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d260cb7498..d2ebaaee51 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -103,12 +103,14 @@ if [ -n "${OPENSSL_NEXT:-}" ]; then O_NEXT_SRV_NO_CERT="$OPENSSL_NEXT s_server -www " O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile $DATA_FILES_PATH/test-ca_cat12.crt" O_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client" + O_NEXT_CLI_RENEGOTIATE="echo 'R' | $OPENSSL_NEXT s_client" else O_NEXT_SRV=false O_NEXT_SRV_NO_CERT=false O_NEXT_SRV_EARLY_DATA=false O_NEXT_CLI_NO_CERT=false O_NEXT_CLI=false + O_NEXT_CLI_RENEGOTIATE=false fi if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then @@ -13737,6 +13739,43 @@ run_test "Handshake defragmentation on server with buffer resizing: len=256, -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" +# Test Client initiated renegotiation with fragmented handshake on TLS1.2 +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation with client-initiated renegotiation: len=256" \ + "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + 0 \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -s "=> renegotiate" \ + -S "write hello request" \ + -s "reassembled record" \ + -s "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ + -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ + +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation with client-initiated renegotiation: len=512" \ + "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + 0 \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -s "=> renegotiate" \ + -S "write hello request" \ + -s "reassembled record" \ + -s "initial handshake fragment: 512, 0..512 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ + -s "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 529188f30bbd304bb84acace66cdc6d7135cf84b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 6 Mar 2025 15:09:39 +0000 Subject: [PATCH 0264/1548] ssl-opt: Added fragmented HS tests for server-initiated renegotiation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d2ebaaee51..3d9ddd9eb4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13776,6 +13776,37 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= -s "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ -s "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ +# Test Server initiated renegotiation with fragmented handshake on TLS1.2 +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation with server-initiated renegotiation: len=300" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 300 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ + 0 \ + -c "initial handshake fragment: 300, 0..300 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 300/[0-9]\\+" \ + -c "Consume: waiting for more handshake fragments 300/[0-9]\\+" \ + -c "client hello, adding renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" + +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation with server-initiated renegotiation: len=512" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ + 0 \ + -c "initial handshake fragment: 512, 0..512 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ + -c "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ + -c "client hello, adding renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 05009c736c146a94ad2d4090cb0e8f2e684bc2e8 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 6 Mar 2025 15:19:53 +0000 Subject: [PATCH 0265/1548] Added Mock Renegotiation negative test for testing. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 3d9ddd9eb4..2ec090609f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13807,6 +13807,22 @@ run_test "Handshake defragmentation with server-initiated renegotiation: len= -c "found renegotiation extension" \ -c "=> renegotiate" +# Mock negative test to demonstrate the failure with n-bit sized fragments, where ClientHello < n. +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation mock with server-initiated renegotation: len=256 renego_delay=default(16)" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ + 1 \ + -c "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ + -c "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ + -c "client hello, adding renegotiation extension" \ + -c "found renegotiation extension" \ + -c "renegotiation requested, but not honored by server" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 7134e52decd3866e393d1ebdc925c5ffd530ca0d Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 6 Mar 2025 18:51:09 +0000 Subject: [PATCH 0266/1548] programs -> ssl_client2.c: Added option renego_delay to set record buffer depth. Signed-off-by: Minos Galanakis --- programs/ssl/ssl_client2.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 6742925f2a..d5c2a63ff7 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -75,6 +75,7 @@ int main(void) #define DFL_RECO_SERVER_NAME NULL #define DFL_RECO_DELAY 0 #define DFL_RECO_MODE 1 +#define DFL_RENEGO_DELAY -2 #define DFL_CID_ENABLED 0 #define DFL_CID_VALUE "" #define DFL_CID_ENABLED_RENEGO -1 @@ -298,7 +299,8 @@ int main(void) #if defined(MBEDTLS_SSL_RENEGOTIATION) #define USAGE_RENEGO \ " renegotiation=%%d default: 0 (disabled)\n" \ - " renegotiate=%%d default: 0 (disabled)\n" + " renegotiate=%%d default: 0 (disabled)\n" \ + " renego_delay=%%d default: -2 (library default)\n" #else #define USAGE_RENEGO "" #endif @@ -938,6 +940,7 @@ int main(int argc, char *argv[]) opt.renegotiation = DFL_RENEGOTIATION; opt.allow_legacy = DFL_ALLOW_LEGACY; opt.renegotiate = DFL_RENEGOTIATE; + opt.renego_delay = DFL_RENEGO_DELAY; opt.exchanges = DFL_EXCHANGES; opt.min_version = DFL_MIN_VERSION; opt.max_version = DFL_MAX_VERSION; @@ -1172,6 +1175,8 @@ int main(int argc, char *argv[]) break; default: goto usage; } + } else if (strcmp(p, "renego_delay") == 0) { + opt.renego_delay = (atoi(q)); } else if (strcmp(p, "renegotiate") == 0) { opt.renegotiate = atoi(q); if (opt.renegotiate < 0 || opt.renegotiate > 1) { @@ -1923,6 +1928,9 @@ int main(int argc, char *argv[]) } #if defined(MBEDTLS_SSL_RENEGOTIATION) mbedtls_ssl_conf_renegotiation(&conf, opt.renegotiation); + if (opt.renego_delay != DFL_RENEGO_DELAY) { + mbedtls_ssl_conf_renegotiation_enforced(&conf, opt.renego_delay); + } #endif #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) @@ -2467,6 +2475,8 @@ int main(int argc, char *argv[]) } mbedtls_printf(" ok\n"); } + + #endif /* MBEDTLS_SSL_RENEGOTIATION */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) From 87be69a3fc99efa2504114267ee309978fe11879 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 7 Mar 2025 09:58:10 +0000 Subject: [PATCH 0267/1548] sll-opt: Added refence fix for the Mock HS Defrag test using renegotitiation delay Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2ec090609f..7ea00d2bbc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13823,6 +13823,22 @@ run_test "Handshake defragmentation mock with server-initiated renegotation: -c "found renegotiation extension" \ -c "renegotiation requested, but not honored by server" +# Fixing the above mock negative using the new renego_delay parameter +requires_openssl_3_x +requires_protocol_version tls12 +requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation mock with server-initiated renegotiation: len=256 renego_delay=32" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$P_CLI debug_level=3 allow_legacy=1 renegotiation=1 renego_delay=32 request_page=/reneg" \ + 0 \ + -c "initial handshake fragment: 200, 0..200 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 200/[0-9]\\+" \ + -c "Consume: waiting for more handshake fragments 200/[0-9]\\+" \ + -c "client hello, adding renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 135ebd3241b3f817d03fe7f609036bb6613fe1bd Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 14:03:38 +0000 Subject: [PATCH 0268/1548] ssl-opt: Removed mock-tests from HS renegotiation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 44 ++++++-------------------------------------- 1 file changed, 6 insertions(+), 38 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7ea00d2bbc..19e4b95610 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13781,13 +13781,13 @@ requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with server-initiated renegotiation: len=300" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 300 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ +run_test "Handshake defragmentation with server-initiated renegotiation: len=256" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$P_CLI debug_level=3 renegotiation=1 renego_delay=32 request_page=/reneg" \ 0 \ - -c "initial handshake fragment: 300, 0..300 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 300/[0-9]\\+" \ - -c "Consume: waiting for more handshake fragments 300/[0-9]\\+" \ + -c "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ + -c "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ -c "client hello, adding renegotiation extension" \ -c "found renegotiation extension" \ -c "=> renegotiate" @@ -13807,38 +13807,6 @@ run_test "Handshake defragmentation with server-initiated renegotiation: len= -c "found renegotiation extension" \ -c "=> renegotiate" -# Mock negative test to demonstrate the failure with n-bit sized fragments, where ClientHello < n. -requires_openssl_3_x -requires_protocol_version tls12 -requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation mock with server-initiated renegotation: len=256 renego_delay=default(16)" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ - 1 \ - -c "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ - -c "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "renegotiation requested, but not honored by server" - -# Fixing the above mock negative using the new renego_delay parameter -requires_openssl_3_x -requires_protocol_version tls12 -requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation mock with server-initiated renegotiation: len=256 renego_delay=32" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 allow_legacy=1 renegotiation=1 renego_delay=32 request_page=/reneg" \ - 0 \ - -c "initial handshake fragment: 200, 0..200 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 200/[0-9]\\+" \ - -c "Consume: waiting for more handshake fragments 200/[0-9]\\+" \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" - # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From 990a10909df5c6069df924d5b2d1a6f1c3ffd4f8 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 14:06:38 +0000 Subject: [PATCH 0269/1548] ssl-opt: Fragmented HS renegotiation, updated documentation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 19e4b95610..b680c11eb5 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13721,7 +13721,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello (u -s "bad client hello message" \ -s "SSL - A message could not be parsed due to a syntactic error" -# Test Server Buffer resizing with fragmented handshake on TLS1.2 +# Test server-side buffer resizing with fragmented handshake on TLS1.2 requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication @@ -13739,7 +13739,7 @@ run_test "Handshake defragmentation on server with buffer resizing: len=256, -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" -# Test Client initiated renegotiation with fragmented handshake on TLS1.2 +# Test client-initiated renegotiation with fragmented handshake on TLS1.2 requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication @@ -13776,7 +13776,13 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= -s "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ -s "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ -# Test Server initiated renegotiation with fragmented handshake on TLS1.2 +# Test server-initiated renegotiation with fragmented handshake on TLS1.2 +# Note: The /reneg endpoint serves as a directive for OpenSSL's s_server +# to initiate a handshake renegotiation. +# Note: Adjusting the renegotiation delay beyond the library's default value +# of 16 is necessary, as it sets the maximum record depth to match it. +# Splitting messages during the renegotiation process requires a deeper +# stack to accommodate the increased processing complexity. requires_openssl_3_x requires_protocol_version tls12 requires_certificate_authentication From a7b19aa8572e93da788d74fa9b222e0f2549fb7e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 14:17:25 +0000 Subject: [PATCH 0270/1548] ssl-opt: Refactored fragmented HS renegotiation tests. - Switched to using MBEDTLS_SSL_PROTO_TLS1_2 for dependency. - Re-ordered tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 59 ++++++++++++++++++++++++------------------------ 1 file changed, 30 insertions(+), 29 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b680c11eb5..2aa124874c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13723,7 +13723,7 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello (u # Test server-side buffer resizing with fragmented handshake on TLS1.2 requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH @@ -13741,12 +13741,12 @@ run_test "Handshake defragmentation on server with buffer resizing: len=256, # Test client-initiated renegotiation with fragmented handshake on TLS1.2 requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with client-initiated renegotiation: len=256" \ +run_test "Handshake defragmentation with client-initiated renegotiation: len=512" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ - "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ 0 \ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ -s "found renegotiation extension" \ @@ -13754,17 +13754,17 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= -s "=> renegotiate" \ -S "write hello request" \ -s "reassembled record" \ - -s "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ - -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ + -s "initial handshake fragment: 512, 0..512 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ + -s "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with client-initiated renegotiation: len=512" \ +run_test "Handshake defragmentation with client-initiated renegotiation: len=256" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ - "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ 0 \ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ -s "found renegotiation extension" \ @@ -13772,11 +13772,27 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= -s "=> renegotiate" \ -S "write hello request" \ -s "reassembled record" \ - -s "initial handshake fragment: 512, 0..512 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ - -s "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ + -s "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ + -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ # Test server-initiated renegotiation with fragmented handshake on TLS1.2 +requires_openssl_3_x +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation with server-initiated renegotiation: len=512" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ + 0 \ + -c "initial handshake fragment: 512, 0..512 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ + -c "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ + -c "client hello, adding renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" + + # Note: The /reneg endpoint serves as a directive for OpenSSL's s_server # to initiate a handshake renegotiation. # Note: Adjusting the renegotiation delay beyond the library's default value @@ -13784,7 +13800,7 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= # Splitting messages during the renegotiation process requires a deeper # stack to accommodate the increased processing complexity. requires_openssl_3_x -requires_protocol_version tls12 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation with server-initiated renegotiation: len=256" \ @@ -13798,21 +13814,6 @@ run_test "Handshake defragmentation with server-initiated renegotiation: len= -c "found renegotiation extension" \ -c "=> renegotiate" -requires_openssl_3_x -requires_protocol_version tls12 -requires_certificate_authentication -requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with server-initiated renegotiation: len=512" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ - 0 \ - -c "initial handshake fragment: 512, 0..512 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ - -c "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ - -c "client hello, adding renegotiation extension" \ - -c "found renegotiation extension" \ - -c "=> renegotiate" - # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From ae54c749fca3f4c8c74bebcaeefd8c740243bfdf Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 14:19:48 +0000 Subject: [PATCH 0271/1548] ssl-opt: Added coverage for client-initiated fragmented HS renegotiation tests. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2aa124874c..9e5930a269 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13776,6 +13776,43 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ +requires_openssl_3_x +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_certificate_authentication +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation with client-initiated renegotiation: len=128" \ + "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + 0 \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -s "=> renegotiate" \ + -S "write hello request" \ + -s "reassembled record" \ + -s "initial handshake fragment: 128, 0..128 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 128/[0-9]\\+" \ + -s "Consume: waiting for more handshake fragments 128/[0-9]\\+" \ + +requires_openssl_3_x +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation with client-initiated renegotiation: len=4" \ + "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + 0 \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -s "=> renegotiate" \ + -S "write hello request" \ + -s "reassembled record" \ + -s "initial handshake fragment: 4, 0..4 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 4/[0-9]\\+" \ + -s "Consume: waiting for more handshake fragments 4/[0-9]\\+" \ + # Test server-initiated renegotiation with fragmented handshake on TLS1.2 requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 From 70be67b97e1fe1119be949d89e062549c1057e4b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 17:00:45 +0000 Subject: [PATCH 0272/1548] ssl-opt: Fragmented HS renegotiation, updated matching regex Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9e5930a269..17dc43a42c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13735,9 +13735,9 @@ run_test "Handshake defragmentation on server with buffer resizing: len=256, -s "Reallocating in_buf" \ -s "Reallocating out_buf" \ -s "reassembled record" \ - -s "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ - -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" + -s "initial handshake fragment: 256, 0\\.\\.256 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 256/" \ + -s "Consume: waiting for more handshake fragments 256/" # Test client-initiated renegotiation with fragmented handshake on TLS1.2 requires_openssl_3_x @@ -13754,9 +13754,9 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= -s "=> renegotiate" \ -S "write hello request" \ -s "reassembled record" \ - -s "initial handshake fragment: 512, 0..512 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ - -s "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ + -s "initial handshake fragment: 512, 0\\.\\.512 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 512/" \ + -s "Consume: waiting for more handshake fragments 512/" \ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -13772,9 +13772,9 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= -s "=> renegotiate" \ -S "write hello request" \ -s "reassembled record" \ - -s "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ - -s "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ + -s "initial handshake fragment: 256, 0\\.\\.256 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 256/" \ + -s "Consume: waiting for more handshake fragments 256/" \ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -13791,9 +13791,9 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= -s "=> renegotiate" \ -S "write hello request" \ -s "reassembled record" \ - -s "initial handshake fragment: 128, 0..128 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 128/[0-9]\\+" \ - -s "Consume: waiting for more handshake fragments 128/[0-9]\\+" \ + -s "initial handshake fragment: 128, 0\\.\\.128 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 128/" \ + -s "Consume: waiting for more handshake fragments 128/" \ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -13809,9 +13809,9 @@ run_test "Handshake defragmentation with client-initiated renegotiation: len= -s "=> renegotiate" \ -S "write hello request" \ -s "reassembled record" \ - -s "initial handshake fragment: 4, 0..4 of [0-9]\\+" \ - -s "Prepare: waiting for more handshake fragments 4/[0-9]\\+" \ - -s "Consume: waiting for more handshake fragments 4/[0-9]\\+" \ + -s "initial handshake fragment: 4, 0\\.\\.4 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 4/" \ + -s "Consume: waiting for more handshake fragments 4/" \ # Test server-initiated renegotiation with fragmented handshake on TLS1.2 requires_openssl_3_x @@ -13822,9 +13822,9 @@ run_test "Handshake defragmentation with server-initiated renegotiation: len= "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ 0 \ - -c "initial handshake fragment: 512, 0..512 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \ - -c "Consume: waiting for more handshake fragments 512/[0-9]\\+" \ + -c "initial handshake fragment: 512, 0\\.\\.512 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 512/" \ + -c "Consume: waiting for more handshake fragments 512/" \ -c "client hello, adding renegotiation extension" \ -c "found renegotiation extension" \ -c "=> renegotiate" @@ -13844,9 +13844,9 @@ run_test "Handshake defragmentation with server-initiated renegotiation: len= "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=3 renegotiation=1 renego_delay=32 request_page=/reneg" \ 0 \ - -c "initial handshake fragment: 256, 0..256 of [0-9]\\+" \ - -c "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \ - -c "Consume: waiting for more handshake fragments 256/[0-9]\\+" \ + -c "initial handshake fragment: 256, 0\\.\\.256 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 256/" \ + -c "Consume: waiting for more handshake fragments 256/" \ -c "client hello, adding renegotiation extension" \ -c "found renegotiation extension" \ -c "=> renegotiate" From af0e60b38f534029f361efcc03c6a33676ec611d Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 17:08:01 +0000 Subject: [PATCH 0273/1548] ssl-opt: Fragmented HS renegotiation, adjusted test names for consistency. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 17dc43a42c..07323858e4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13728,7 +13728,7 @@ requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH requires_max_content_len 1025 -run_test "Handshake defragmentation on server with buffer resizing: len=256, MFL=1024" \ +run_test "Handshake defragmentation on server: len=256, buffer resizing with MFL=1024" \ "$P_SRV debug_level=4 auth_mode=required" \ "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -maxfraglen 1024 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ @@ -13744,7 +13744,7 @@ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with client-initiated renegotiation: len=512" \ +run_test "Handshake defragmentation on server: len=512, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ 0 \ @@ -13762,7 +13762,7 @@ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with client-initiated renegotiation: len=256" \ +run_test "Handshake defragmentation on server: len=256, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ 0 \ @@ -13781,7 +13781,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with client-initiated renegotiation: len=128" \ +run_test "Handshake defragmentation on server: len=128, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ 0 \ @@ -13799,7 +13799,7 @@ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with client-initiated renegotiation: len=4" \ +run_test "Handshake defragmentation on server: len=4, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ 0 \ @@ -13818,7 +13818,7 @@ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with server-initiated renegotiation: len=512" \ +run_test "Handshake defragmentation on client: len=512, server-initiated renegotation" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ 0 \ @@ -13840,7 +13840,7 @@ requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation with server-initiated renegotiation: len=256" \ +run_test "Handshake defragmentation on client: len=256, server-initiated renegotation" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=3 renegotiation=1 renego_delay=32 request_page=/reneg" \ 0 \ From 9b2e4b80e706762efd2dd50127872b937307e8e3 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 17:10:12 +0000 Subject: [PATCH 0274/1548] ssl-opt: Fragmented HS renegotiation, removed requires_openssl_3_x dependency. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 07323858e4..447a30de68 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13722,7 +13722,6 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello (u -s "SSL - A message could not be parsed due to a syntactic error" # Test server-side buffer resizing with fragmented handshake on TLS1.2 -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -13740,7 +13739,6 @@ run_test "Handshake defragmentation on server: len=256, buffer resizing with -s "Consume: waiting for more handshake fragments 256/" # Test client-initiated renegotiation with fragmented handshake on TLS1.2 -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -13758,7 +13756,6 @@ run_test "Handshake defragmentation on server: len=512, client-initiated rene -s "Prepare: waiting for more handshake fragments 512/" \ -s "Consume: waiting for more handshake fragments 512/" \ -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -13776,7 +13773,6 @@ run_test "Handshake defragmentation on server: len=256, client-initiated rene -s "Prepare: waiting for more handshake fragments 256/" \ -s "Consume: waiting for more handshake fragments 256/" \ -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_certificate_authentication @@ -13795,7 +13791,6 @@ run_test "Handshake defragmentation on server: len=128, client-initiated rene -s "Prepare: waiting for more handshake fragments 128/" \ -s "Consume: waiting for more handshake fragments 128/" \ -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -13814,7 +13809,6 @@ run_test "Handshake defragmentation on server: len=4, client-initiated renego -s "Consume: waiting for more handshake fragments 4/" \ # Test server-initiated renegotiation with fragmented handshake on TLS1.2 -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -13836,7 +13830,6 @@ run_test "Handshake defragmentation on client: len=512, server-initiated rene # of 16 is necessary, as it sets the maximum record depth to match it. # Splitting messages during the renegotiation process requires a deeper # stack to accommodate the increased processing complexity. -requires_openssl_3_x requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION From 0b830f145f0898695924d1fbe8178b9b74c3abad Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 17:11:09 +0000 Subject: [PATCH 0275/1548] ssl-opt: Fragmented HS renegotiation, removed requires_certificate_authentication dependency. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 447a30de68..98dc61e60b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13723,7 +13723,6 @@ run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello (u # Test server-side buffer resizing with fragmented handshake on TLS1.2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH requires_max_content_len 1025 @@ -13740,7 +13739,6 @@ run_test "Handshake defragmentation on server: len=256, buffer resizing with # Test client-initiated renegotiation with fragmented handshake on TLS1.2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on server: len=512, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ @@ -13757,7 +13755,6 @@ run_test "Handshake defragmentation on server: len=512, client-initiated rene -s "Consume: waiting for more handshake fragments 512/" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on server: len=256, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ @@ -13775,7 +13772,6 @@ run_test "Handshake defragmentation on server: len=256, client-initiated rene requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on server: len=128, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ @@ -13810,7 +13806,6 @@ run_test "Handshake defragmentation on server: len=4, client-initiated renego # Test server-initiated renegotiation with fragmented handshake on TLS1.2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on client: len=512, server-initiated renegotation" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ @@ -13831,7 +13826,6 @@ run_test "Handshake defragmentation on client: len=512, server-initiated rene # Splitting messages during the renegotiation process requires a deeper # stack to accommodate the increased processing complexity. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on client: len=256, server-initiated renegotation" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ From df4ddfdf0ce3f668c6646b6859ef397cbff4352a Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 17:24:04 +0000 Subject: [PATCH 0276/1548] ssl-opt: Fragmented HS renegotiation, removed -legacy_renegotiation argument. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 98dc61e60b..0b3442dd3b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13808,7 +13808,7 @@ run_test "Handshake defragmentation on server: len=4, client-initiated renego requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on client: len=512, server-initiated renegotation" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ 0 \ -c "initial handshake fragment: 512, 0\\.\\.512 of [0-9]\\+" \ @@ -13828,7 +13828,7 @@ run_test "Handshake defragmentation on client: len=512, server-initiated rene requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on client: len=256, server-initiated renegotation" \ - "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -legacy_renegotiation -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=3 renegotiation=1 renego_delay=32 request_page=/reneg" \ 0 \ -c "initial handshake fragment: 256, 0\\.\\.256 of [0-9]\\+" \ From a8f14384f8ca36246a067d236f61186375295c1b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 11 Mar 2025 17:29:33 +0000 Subject: [PATCH 0277/1548] ssl-opt: Updated O_NEXT_CLI_RENEGOTIATE used by fragmented HS renegotiation with certificates. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0b3442dd3b..7ee8e33565 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -103,7 +103,7 @@ if [ -n "${OPENSSL_NEXT:-}" ]; then O_NEXT_SRV_NO_CERT="$OPENSSL_NEXT s_server -www " O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile $DATA_FILES_PATH/test-ca_cat12.crt" O_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client" - O_NEXT_CLI_RENEGOTIATE="echo 'R' | $OPENSSL_NEXT s_client" + O_NEXT_CLI_RENEGOTIATE="echo 'R' | $OPENSSL_NEXT s_client -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" else O_NEXT_SRV=false O_NEXT_SRV_NO_CERT=false @@ -13742,7 +13742,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on server: len=512, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ - "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 512 -connect 127.0.0.1:+$SRV_PORT" \ 0 \ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ -s "found renegotiation extension" \ @@ -13758,7 +13758,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on server: len=256, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ - "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -connect 127.0.0.1:+$SRV_PORT" \ 0 \ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ -s "found renegotiation extension" \ @@ -13775,7 +13775,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on server: len=128, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ - "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 128 -connect 127.0.0.1:+$SRV_PORT" \ 0 \ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ -s "found renegotiation extension" \ @@ -13792,7 +13792,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on server: len=4, client-initiated renegotation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ - "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -connect 127.0.0.1:+$SRV_PORT" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 4 -connect 127.0.0.1:+$SRV_PORT" \ 0 \ -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ -s "found renegotiation extension" \ From 1d78c7d58d9f30ca5de5ba93908550627be5bac6 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 12 Mar 2025 01:07:58 +0000 Subject: [PATCH 0278/1548] ssl-opt: Added client-initiated server-rejected renegotation test. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7ee8e33565..ff8f4d5e65 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13804,6 +13804,20 @@ run_test "Handshake defragmentation on server: len=4, client-initiated renego -s "Prepare: waiting for more handshake fragments 4/" \ -s "Consume: waiting for more handshake fragments 4/" \ +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation on server: len=4, client-initiated server-rejected renegotation" \ + "$P_SRV debug_level=4 exchanges=2 renegotiation=0 auth_mode=required" \ + "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 4 -connect 127.0.0.1:+$SRV_PORT" \ + 1 \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "refusing renegotiation, sending alert" \ + -s "server hello, secure renegotiation extension" \ + -s "initial handshake fragment: 4, 0\\.\\.4 of [0-9]\\+" \ + -s "Prepare: waiting for more handshake fragments 4/" \ + -s "Consume: waiting for more handshake fragments 4/" \ + # Test server-initiated renegotiation with fragmented handshake on TLS1.2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION From 641e08e2aa3a1c703943f4149ceda240528b3886 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 13 Mar 2025 11:42:05 +0000 Subject: [PATCH 0279/1548] ssl-opt: Updated documentation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ff8f4d5e65..e4756c0ad5 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13835,10 +13835,11 @@ run_test "Handshake defragmentation on client: len=512, server-initiated rene # Note: The /reneg endpoint serves as a directive for OpenSSL's s_server # to initiate a handshake renegotiation. -# Note: Adjusting the renegotiation delay beyond the library's default value -# of 16 is necessary, as it sets the maximum record depth to match it. -# Splitting messages during the renegotiation process requires a deeper -# stack to accommodate the increased processing complexity. +# Note: Adjusting the renegotiation delay beyond the library's default +# value of 16 is necessary. This parameter defines the maximum +# number of records received before renegotiation is completed. +# By fragmenting records and thereby increasing their quantity, +# the default threshold can be reached more quickly. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on client: len=256, server-initiated renegotation" \ From edebcc04f8e7d5d3a084b6ee1bcd5cdbc4a8fd91 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 13 Mar 2025 15:52:00 +0000 Subject: [PATCH 0280/1548] Fix typos in the 3.0 migration guide Signed-off-by: David Horstmann --- docs/3.0-migration-guide.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index 42af9dbaf2..a1747bcb4c 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -349,7 +349,7 @@ original names of those functions. The renamed functions are: | `mbedtls_sha512_finish_ret` | `mbedtls_sha512_finish` | | `mbedtls_sha512_ret` | `mbedtls_sha512` | -To migrate to the this change the user can keep the `*_ret` names in their code +To migrate to this change the user can keep the `*_ret` names in their code and include the `compat_2.x.h` header file which holds macros with proper renaming or to rename those functions in their code according to the list from mentioned header file. @@ -409,7 +409,7 @@ using the multi-part API. Previously, the documentation didn't state explicitly if it was OK to call `mbedtls_cipher_check_tag()` or `mbedtls_cipher_write_tag()` directly after the last call to `mbedtls_cipher_update()` — that is, without calling -`mbedtls_cipher_finish()` in-between. If you code was missing that call, +`mbedtls_cipher_finish()` in-between. If your code was missing that call, please add it and be prepared to get as much as 15 bytes of output. Currently the output is always 0 bytes, but it may be more when alternative @@ -422,7 +422,7 @@ This change affects users of the MD2, MD4, RC4, Blowfish and XTEA algorithms. They are already niche or obsolete and most of them are weak or broken. For those reasons possible users should consider switching to modern and safe -alternatives to be found in literature. +alternatives to be found in the literature. ### Deprecated functions were removed from cipher @@ -806,11 +806,11 @@ multiple times on the same SSL configuration. In Mbed TLS 2.x, users would observe later calls overwriting the effect of earlier calls, with the prevailing PSK being the one that has been configured last. In Mbed TLS 3.0, -calling `mbedtls_ssl_conf_[opaque_]psk()` multiple times +calling `mbedtls_ssl_conf_psk[_opaque]()` multiple times will return an error, leaving the first PSK intact. To achieve equivalent functionality when migrating to Mbed TLS 3.0, -users calling `mbedtls_ssl_conf_[opaque_]psk()` multiple times should +users calling `mbedtls_ssl_conf_psk[_opaque]()` multiple times should remove all but the last call, so that only one call to _either_ `mbedtls_ssl_conf_psk()` _or_ `mbedtls_ssl_conf_psk_opaque()` remains. From 079d7909a1704b1a0a160dffcc4497deb648aea9 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 13 Mar 2025 16:49:08 +0000 Subject: [PATCH 0281/1548] Add note about MBEDTLS_PRIVATE() in 3.6 Note that in the Mbed TLS 3.6 LTS, users can generally rely on being able to access struct members through the MBEDTLS_PRIVATE() macro, since we try to maintain ABI stability within an LTS version. Signed-off-by: David Horstmann --- docs/3.0-migration-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index a1747bcb4c..02f5b49124 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -71,7 +71,7 @@ If you were accessing structure fields directly, and these fields are not docume If no accessor function exists, please open an [enhancement request against Mbed TLS](https://github.com/Mbed-TLS/mbedtls/issues/new?template=feature_request.md) and describe your use case. The Mbed TLS development team is aware that some useful accessor functions are missing in the 3.0 release, and we expect to add them to the first minor release(s) (3.1, etc.). -As a last resort, you can access the field `foo` of a structure `bar` by writing `bar.MBEDTLS_PRIVATE(foo)`. Note that you do so at your own risk, since such code is likely to break in a future minor version of Mbed TLS. +As a last resort, you can access the field `foo` of a structure `bar` by writing `bar.MBEDTLS_PRIVATE(foo)`. Note that you do so at your own risk, since such code is likely to break in a future minor version of Mbed TLS. However, in the Mbed TLS 3.6 LTS this is generally a safe way to access struct members because LTS versions try to maintain ABI stability. ### Move part of timing module out of the library From e35672940c4815fb8f011c7e4a7e40774a130f21 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 13 Mar 2025 16:53:27 +0000 Subject: [PATCH 0282/1548] Update broken link to PSA driver dev examples This link is broken in development as the document has been moved to the TF-PSA-Crypto repository. Signed-off-by: David Horstmann --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b00d21ae50..448f37294f 100644 --- a/README.md +++ b/README.md @@ -299,7 +299,7 @@ However, it does not aim to implement the whole specification; in particular it Mbed TLS supports drivers for cryptographic accelerators, secure elements and random generators. This is work in progress. Please note that the driver interfaces are not fully stable yet and may change without notice. We intend to preserve backward compatibility for application code (using the PSA Crypto API), but the code of the drivers may have to change in future minor releases of Mbed TLS. -Please see the [PSA driver example and guide](docs/psa-driver-example-and-guide.md) for information on writing a driver. +Please see the [PSA driver example and guide](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-driver-example-and-guide.md) for information on writing a driver. License ------- From f475a15d5da6fbfbdd3aedcfce3e5d9761b596aa Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 13 Mar 2025 11:43:53 +0000 Subject: [PATCH 0283/1548] ssl-opt: Disabled the renegotiation delay for fragmented HS renegotiation. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e4756c0ad5..1e71bef7f7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13840,11 +13840,12 @@ run_test "Handshake defragmentation on client: len=512, server-initiated rene # number of records received before renegotiation is completed. # By fragmenting records and thereby increasing their quantity, # the default threshold can be reached more quickly. +# Setting it to -1 disables that policy's enforment. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on client: len=256, server-initiated renegotation" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - "$P_CLI debug_level=3 renegotiation=1 renego_delay=32 request_page=/reneg" \ + "$P_CLI debug_level=3 renegotiation=1 renego_delay=-1 request_page=/reneg" \ 0 \ -c "initial handshake fragment: 256, 0\\.\\.256 of [0-9]\\+" \ -c "Prepare: waiting for more handshake fragments 256/" \ From 6637ef798f756fa82269fe1750831e47b8b8f451 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Feb 2025 13:19:45 +0100 Subject: [PATCH 0284/1548] New test function inject_client_content_on_the_wire() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Not used for real stuff so far, just getting the tooling in place. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls13_server.c | 3 ++ tests/src/test_helpers/ssl_helpers.c | 13 +++++ tests/suites/test_suite_ssl.data | 29 +++++++++++ tests/suites/test_suite_ssl.function | 72 ++++++++++++++++++++++++++++ 4 files changed, 117 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 7273eb9392..acb65e38d2 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1365,6 +1365,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } if (ret == 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("no supported_versions extension")); return SSL_CLIENT_HELLO_TLS1_2; } @@ -1386,6 +1387,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, * the TLS version to negotiate. */ if (MBEDTLS_SSL_VERSION_TLS1_2 == ret) { + MBEDTLS_SSL_DEBUG_MSG(2, ("supported_versions without 1.3")); return SSL_CLIENT_HELLO_TLS1_2; } } @@ -1964,6 +1966,7 @@ static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) } ssl->keep_current_message = 1; ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; + MBEDTLS_SSL_DEBUG_MSG(1, ("non-1.3 ClientHello left for later processing")); return 0; } diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 44e07efb63..3c3bb6a54a 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -28,9 +28,22 @@ void mbedtls_test_ssl_log_analyzer(void *ctx, int level, { mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx; +/* Change 0 to 1 for debugging of test cases that use this function. */ +#if 0 + const char *q, *basename; + /* Extract basename from file */ + for (q = basename = file; *q != '\0'; q++) { + if (*q == '/' || *q == '\\') { + basename = q + 1; + } + } + printf("%s:%04d: |%d| %s", + basename, line, level, str); +#else (void) level; (void) line; (void) file; +#endif if (NULL != p && NULL != p->pattern && diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 565588bea6..18c5a410cc 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3329,3 +3329,32 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:3:3 TLS 1.3 srv, max early data size, HRR, 98, wsz=49 tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 + +# 1.2 minimal ClientHello breakdown: +# 160303rlrl - record header, 2-byte record contents len +# 01hlhlhl - handshake header, 3-byte handshake message len +# 0303 - protocol version: 1.2 +# 0123456789abcdef (repeated, 4 times total) - 32-byte "random" +# 00 - session ID (empty) +# 0002cvcv - ciphersuite list: 2-byte len + list of 2-byte values (see below) +# 0100 - compression methods: 1-byte len then "null" (only legal value now) +# [then end, or extensions] +# elel - 2-byte extensions length +# ... +# +# Note: currently our TLS "1.3 or 1.2" code requires extension length to be +# present even it it's 0. This is not strictly compliant but doesn't matter +# much in practice as these days everyone wants to use signature_algorithms +# (for hashes better than SHA-1), secure_renego (even if you have renego +# disabled), and most people want either ECC or PSK related extensions. +# +# Note: cccc is currently not assigned, so can be used get a consistent +# "no matching ciphersuite" behaviour regardless of the configuration. +# 002f is MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, MTI in 1.2, but removed in 4.0. +Inject ClientHello - TLS 1.2 good (for reference) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_HAVE_CBC +inject_client_content_on_the_wire:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002002f01000000":"<= parse client hello":0 + +Inject ClientHello - TLS 1.2 unknown ciphersuite (for reference) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +inject_client_content_on_the_wire:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index e9584dcc1f..9bdb02344c 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5013,3 +5013,75 @@ exit: PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE */ +void inject_client_content_on_the_wire(int state, data_t *hello, char *log_pattern, + int expected_ret) +{ + /* This function allows us to inject content at a specific state + * in the handshake, or when it's completed. The content is injected + * on the mock TCP socket, as if we were an active network attacker. + * + * This function is suitable to inject: + * - crafted records, at any point; + * - valid records that contain crafted handshake messages, but only + * when the traffic is still unprotected (for TLS 1.2 that's most of the + * handshake, for TLS 1.3 that's only the Hello messages); + * - handshake messages that are fragmented in a specific way, + * under the same conditions as above. + */ + enum { BUFFSIZE = 16384 }; + mbedtls_test_ssl_endpoint server, client; + mbedtls_platform_zeroize(&server, sizeof(server)); + mbedtls_platform_zeroize(&client, sizeof(client)); + mbedtls_test_handshake_test_options options; + mbedtls_test_init_handshake_options(&options); + mbedtls_test_ssl_log_pattern srv_pattern; + memset(&srv_pattern, 0, sizeof(srv_pattern)); + int ret = -1; + + PSA_INIT(); + + srv_pattern.pattern = log_pattern; + options.srv_log_obj = &srv_pattern; + options.srv_log_fun = mbedtls_test_ssl_log_analyzer; + mbedtls_debug_set_threshold(3); + + ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + &options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, + &options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket, + BUFFSIZE); + TEST_EQUAL(ret, 0); + + /* Make the server move to the required state */ + ret = mbedtls_test_move_handshake_to_state(&client.ssl, &server.ssl, state); + TEST_EQUAL(ret, 0); + + /* Send the crafted message */ + ret = mbedtls_test_mock_tcp_send_b(&client.socket, hello->x, hello->len); + TEST_ASSERT(ret >= 0 && (size_t) ret == hello->len); + + /* Have the server process it. + * Need the loop because a server that support 1.3 and 1.2 + * will process a 1.2 ClientHello in two steps. + */ + do { + ret = mbedtls_ssl_handshake_step(&server.ssl); + } while (ret == 0 && server.ssl.state == state); + TEST_EQUAL(ret, expected_ret); + TEST_EQUAL(srv_pattern.counter, 1); + +exit: + mbedtls_test_free_handshake_options(&options); + mbedtls_test_ssl_endpoint_free(&server, NULL); + mbedtls_test_ssl_endpoint_free(&client, NULL); + mbedtls_debug_set_threshold(0); + PSA_DONE(); +} +/* END_CASE */ From e9166523907803ff2dd5655bf5578d972f8440f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Feb 2025 12:36:28 +0100 Subject: [PATCH 0285/1548] Add supported_curves/groups extension MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This allows us to use a ciphersuite that will still be supported in 4.0. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.data | 28 +++++++++++++++++++++------- tests/suites/test_suite_ssl.function | 13 ++++++++----- 2 files changed, 29 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 18c5a410cc..57e99ec851 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3330,7 +3330,7 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:3:3 TLS 1.3 srv, max early data size, HRR, 98, wsz=49 tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 -# 1.2 minimal ClientHello breakdown: +# (Minimal) ClientHello breakdown: # 160303rlrl - record header, 2-byte record contents len # 01hlhlhl - handshake header, 3-byte handshake message len # 0303 - protocol version: 1.2 @@ -3338,23 +3338,37 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 # 00 - session ID (empty) # 0002cvcv - ciphersuite list: 2-byte len + list of 2-byte values (see below) # 0100 - compression methods: 1-byte len then "null" (only legal value now) -# [then end, or extensions] +# [then end, or extensions, see notes below] # elel - 2-byte extensions length # ... +# 000a - elliptic_curves aka supported_groups +# 0004 - extension length +# 0002 - length of named_curve_list / named_group_list +# 0017 - secp256r1 aka NIST P-256 +# ... # # Note: currently our TLS "1.3 or 1.2" code requires extension length to be # present even it it's 0. This is not strictly compliant but doesn't matter # much in practice as these days everyone wants to use signature_algorithms # (for hashes better than SHA-1), secure_renego (even if you have renego # disabled), and most people want either ECC or PSK related extensions. +# See https://github.com/Mbed-TLS/mbedtls/issues/9963 +# +# Also, currently we won't negotiate ECC ciphersuites unless at least the +# supported_groups extension is present, see +# https://github.com/Mbed-TLS/mbedtls/issues/7458 # # Note: cccc is currently not assigned, so can be used get a consistent # "no matching ciphersuite" behaviour regardless of the configuration. -# 002f is MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, MTI in 1.2, but removed in 4.0. +# c02b is MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (1.2) + +# See "ClientHello breakdown" above +# MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 Inject ClientHello - TLS 1.2 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_HAVE_CBC -inject_client_content_on_the_wire:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002002f01000000":"<= parse client hello":0 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 +# See "ClientHello breakdown" above Inject ClientHello - TLS 1.2 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -inject_client_content_on_the_wire:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C +inject_client_content_on_the_wire:MBEDTLS_PK_RSA:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9bdb02344c..1116e67dce 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5015,8 +5015,9 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void inject_client_content_on_the_wire(int state, data_t *hello, char *log_pattern, - int expected_ret) +void inject_client_content_on_the_wire(int pk_alg, + int state, data_t *data, + char *log_pattern, int expected_ret) { /* This function allows us to inject content at a specific state * in the handshake, or when it's completed. The content is injected @@ -5045,7 +5046,9 @@ void inject_client_content_on_the_wire(int state, data_t *hello, char *log_patte srv_pattern.pattern = log_pattern; options.srv_log_obj = &srv_pattern; options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - mbedtls_debug_set_threshold(3); + mbedtls_debug_set_threshold(5); + + options.pk_alg = pk_alg; ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, &options, NULL, NULL, NULL); @@ -5064,8 +5067,8 @@ void inject_client_content_on_the_wire(int state, data_t *hello, char *log_patte TEST_EQUAL(ret, 0); /* Send the crafted message */ - ret = mbedtls_test_mock_tcp_send_b(&client.socket, hello->x, hello->len); - TEST_ASSERT(ret >= 0 && (size_t) ret == hello->len); + ret = mbedtls_test_mock_tcp_send_b(&client.socket, data->x, data->len); + TEST_ASSERT(ret >= 0 && (size_t) ret == data->len); /* Have the server process it. * Need the loop because a server that support 1.3 and 1.2 From 4afdf340dd7069076e059897245aa04bc3fb7ca2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 13 Feb 2025 13:00:37 +0100 Subject: [PATCH 0286/1548] Add reference tests with 1.3 ClientHello MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.data | 34 ++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 57e99ec851..1381112221 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3346,6 +3346,19 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 # 0002 - length of named_curve_list / named_group_list # 0017 - secp256r1 aka NIST P-256 # ... +# 002b - supported version (for TLS 1.3) +# 0003 - extension length +# 02 - length of versions +# 0304 - TLS 1.3 ("SSL 3.4") +# ... +# 000d - signature algorithms +# 0004 - extension length +# 0002 - SignatureSchemeList length +# 0403 - ecdsa_secp256r1_sha256 +# ... +# 0033 - key share +# 0002 - extension length +# 0000 - length of client_shares (empty is valid) # # Note: currently our TLS "1.3 or 1.2" code requires extension length to be # present even it it's 0. This is not strictly compliant but doesn't matter @@ -3358,9 +3371,17 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 # supported_groups extension is present, see # https://github.com/Mbed-TLS/mbedtls/issues/7458 # +# For TLS 1.3 with ephemeral key exchange, mandatory extensions are: +# - supported versions (as for all of TLS 1.3) +# - supported groups +# - key share +# - signature algorithms +# (see ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange()). +# # Note: cccc is currently not assigned, so can be used get a consistent # "no matching ciphersuite" behaviour regardless of the configuration. # c02b is MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (1.2) +# 1301 is MBEDTLS_TLS1_3_AES_128_GCM_SHA256 (1.3) # See "ClientHello breakdown" above # MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 @@ -3369,6 +3390,19 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBE inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 # See "ClientHello breakdown" above +# Same as the above test with s/c02b/cccc/ as the ciphersuite Inject ClientHello - TLS 1.2 unknown ciphersuite (for reference) depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C inject_client_content_on_the_wire:MBEDTLS_PK_RSA:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 good (for reference) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 + +# See "ClientHello breakdown" above +# Same as the above test with s/1301/cccc/ as the ciphersuite +Inject ClientHello - TLS 1.3 unknown ciphersuite (for reference) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc0100001d000a000400020017002b0003020304000d000400020403003300020000":"No matched ciphersuite":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE From de7aac782efc82f54320aaf8089bdb2bc59e5726 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 17 Feb 2025 10:08:50 +0100 Subject: [PATCH 0287/1548] Add test to TLS 1.3 ClientHello fragmentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.data | 54 ++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 1381112221..81100ff5d9 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3406,3 +3406,57 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 Inject ClientHello - TLS 1.3 unknown ciphersuite (for reference) depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc0100001d000a000400020017002b0003020304000d000400020403003300020000":"No matched ciphersuite":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 3 + 73 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000301000016030300494803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 2 + 74 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300020100160303004a004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 1 + 75 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000101160303004b00004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 0 + 76 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030000160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"ssl_get_next_record() returned":MBEDTLS_ERR_SSL_INVALID_RECORD + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 72 + 4 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 73 + 3 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 74 + 2 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"reassembled record":0 From 5d0a921e7aeea12ae2add90a723b87cf33a20abd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 17 Feb 2025 11:22:29 +0100 Subject: [PATCH 0288/1548] Add test with non-HS record in-between HS fragments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two of these tests reveal bugs in the code, so they're commented out for now. For the other tests, the high-level behaviour is OK (break the handshake) but the details of why are IMO not good: they should be rejected because interleaving non-HS record between HS fragments is not valid according to the spec. To be fixed in future commits. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.data | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 81100ff5d9..9eba64adda 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3460,3 +3460,33 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 4 + appdata + 72 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300040100004817030300020102160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"Receive unexpected handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +##Inject ClientHello - TLS 1.3 fragmented 4 + alert(warn) + 72 ~rejected~ (currently loops forever) +##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"received unexpected message type during handshake":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 4 + alert(fatal) + 72 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002025a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +##Inject ClientHello - TLS 1.3 fragmented 4 + CCS + 72 ~rejected~ (currently loops forever) +##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048140303000101160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 4 + invalid type + 72 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481003030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"unknown record type":MBEDTLS_ERR_SSL_INVALID_RECORD From 73247c6e19a7bf83e89f540ffb3640eb1749693f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 24 Feb 2025 09:53:26 +0100 Subject: [PATCH 0289/1548] Fix dependency issues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.data | 32 ++++++++++++++-------------- tests/suites/test_suite_ssl.function | 2 +- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 9eba64adda..f2fe1f5e8c 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3398,95 +3398,95 @@ inject_client_content_on_the_wire:MBEDTLS_PK_RSA:MBEDTLS_SSL_CLIENT_HELLO:"16030 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # Same as the above test with s/1301/cccc/ as the ciphersuite Inject ClientHello - TLS 1.3 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc0100001d000a000400020017002b0003020304000d000400020403003300020000":"No matched ciphersuite":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 3 + 73 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000301000016030300494803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 2 + 74 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300020100160303004a004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 1 + 75 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000101160303004b00004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 0 + 76 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030000160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"ssl_get_next_record() returned":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 72 + 4 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 3 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 74 + 2 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + appdata + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300040100004817030300020102160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"Receive unexpected handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 ##Inject ClientHello - TLS 1.3 fragmented 4 + alert(warn) + 72 ~rejected~ (currently loops forever) -##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY ##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"received unexpected message type during handshake":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + alert(fatal) + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002025a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 ##Inject ClientHello - TLS 1.3 fragmented 4 + CCS + 72 ~rejected~ (currently loops forever) -##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY ##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048140303000101160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + invalid type + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481003030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"unknown record type":MBEDTLS_ERR_SSL_INVALID_RECORD diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 1116e67dce..bb51e64b7d 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5014,7 +5014,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_DEBUG_C */ void inject_client_content_on_the_wire(int pk_alg, int state, data_t *data, char *log_pattern, int expected_ret) From ae567ad011abffdcad54c9ac64cf735004b7570e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 25 Feb 2025 10:32:20 +0100 Subject: [PATCH 0290/1548] Add missing dependency declaration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This guards the definition of mbedtls_test_ssl_endpoint which we rely on, so the function won't compile without it. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index bb51e64b7d..9630fe091d 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5014,7 +5014,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_DEBUG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ void inject_client_content_on_the_wire(int pk_alg, int state, data_t *data, char *log_pattern, int expected_ret) From e760d7be41b4d0d52037b1032b3e96f737d1d809 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 25 Feb 2025 10:50:29 +0100 Subject: [PATCH 0291/1548] Fix curve dependencies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In addition to secp256r1 for the handshake, we need secp384r1 as it's used by the CA certificate. Caught by depends.py curves Also, for the "unknown ciphersuite" 1.2 test, use the same key type and all the same dependencies as of the "good" test above, to avoid having to determine a second set of correct dependencies just for this one. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.data | 38 ++++++++++++++++---------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index f2fe1f5e8c..d4cdf97afc 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3386,107 +3386,107 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 # See "ClientHello breakdown" above # MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 Inject ClientHello - TLS 1.2 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1 inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 # See "ClientHello breakdown" above # Same as the above test with s/c02b/cccc/ as the ciphersuite Inject ClientHello - TLS 1.2 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C -inject_client_content_on_the_wire:MBEDTLS_PK_RSA:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # Same as the above test with s/1301/cccc/ as the ciphersuite Inject ClientHello - TLS 1.3 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc0100001d000a000400020017002b0003020304000d000400020403003300020000":"No matched ciphersuite":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 3 + 73 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000301000016030300494803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 2 + 74 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300020100160303004a004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 1 + 75 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000101160303004b00004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 0 + 76 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030000160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"ssl_get_next_record() returned":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 72 + 4 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 3 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 74 + 2 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"reassembled record":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + appdata + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300040100004817030300020102160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"Receive unexpected handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 ##Inject ClientHello - TLS 1.3 fragmented 4 + alert(warn) + 72 ~rejected~ (currently loops forever) -##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY ##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"received unexpected message type during handshake":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + alert(fatal) + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002025a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 ##Inject ClientHello - TLS 1.3 fragmented 4 + CCS + 72 ~rejected~ (currently loops forever) -##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY ##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048140303000101160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + invalid type + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481003030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"unknown record type":MBEDTLS_ERR_SSL_INVALID_RECORD From 6e79ff5bb529b36c39e3e11e72d81061dd38e2b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 25 Feb 2025 10:56:10 +0100 Subject: [PATCH 0292/1548] Fix hash dependencies for TLS 1.2 tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We're not sending a signature_algorithm extension, which means SHA-1. Caught by depends.py hashes Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index d4cdf97afc..7c2f03ec28 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3386,13 +3386,13 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 # See "ClientHello breakdown" above # MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 Inject ClientHello - TLS 1.2 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 # See "ClientHello breakdown" above # Same as the above test with s/c02b/cccc/ as the ciphersuite Inject ClientHello - TLS 1.2 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE # See "ClientHello breakdown" above From 1bed827d22dbe97a3030e7c7765b592d9549d957 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 26 Feb 2025 13:01:10 +0100 Subject: [PATCH 0293/1548] New test function for large ClientHello MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.data | 21 +++++ tests/suites/test_suite_ssl.function | 112 +++++++++++++++++++++++++++ 2 files changed, 133 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 7c2f03ec28..2c9d197930 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3490,3 +3490,24 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 Inject ClientHello - TLS 1.3 fragmented 4 + invalid type + 72 rejected depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481003030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"unknown record type":MBEDTLS_ERR_SSL_INVALID_RECORD + +Send large fragmented ClientHello: 4 bytes too large +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: 1 byte too large +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 3:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #1 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #2 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:1:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #3 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:2:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #4 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:3:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #5 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:4:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9630fe091d..c4d57f79e2 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5088,3 +5088,115 @@ exit: PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +void send_large_fragmented_hello(int hs_len_int, int first_frag_content_len_int, + char *log_pattern, int expected_ret) +{ + /* This function sends a long message (claiming to be a ClientHello) + * fragmented in 1-byte fragments (except the initial fragment). + * The purpose is to test how the stack reacts when receiving: + * - a message larger than our buffer; + * - a message smaller than our buffer, but where the intermediate size of + * holding all the fragments (including overhead) is larger than our + * buffer. + */ + enum { BUFFSIZE = 16384 }; + mbedtls_test_ssl_endpoint server, client; + mbedtls_platform_zeroize(&server, sizeof(server)); + mbedtls_platform_zeroize(&client, sizeof(client)); + + mbedtls_test_handshake_test_options options; + mbedtls_test_init_handshake_options(&options); + + mbedtls_test_ssl_log_pattern srv_pattern; + memset(&srv_pattern, 0, sizeof(srv_pattern)); + + unsigned char *first_frag = NULL; + int ret = -1; + + size_t hs_len = (size_t) hs_len_int; + size_t first_frag_content_len = (size_t) first_frag_content_len_int; + + PSA_INIT(); + + srv_pattern.pattern = log_pattern; + options.srv_log_obj = &srv_pattern; + options.srv_log_fun = mbedtls_test_ssl_log_analyzer; + mbedtls_debug_set_threshold(5); + + ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + &options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, + &options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket, + BUFFSIZE); + TEST_EQUAL(ret, 0); + + /* Make the server move past the initial dummy state */ + ret = mbedtls_test_move_handshake_to_state(&client.ssl, &server.ssl, + MBEDTLS_SSL_CLIENT_HELLO); + TEST_EQUAL(ret, 0); + + /* Prepare initial fragment */ + const size_t first_len = 5 // record header, see below + + 4 // handshake header, see balow + + first_frag_content_len; + TEST_CALLOC(first_frag, first_len); + unsigned char *p = first_frag; + // record header + // record type: handshake + *p++ = 0x16, + // record version (actually common to TLS 1.2 and TLS 1.3) + *p++ = 0x03, + *p++ = 0x03, + // record length: two bytes + *p++ = (unsigned char) (((4 + first_frag_content_len) >> 8) & 0xff); + *p++ = (unsigned char) (((4 + first_frag_content_len) >> 0) & 0xff); + // handshake header + // handshake type: ClientHello + *p++ = 0x01, + // handshake length: three bytes + *p++ = (unsigned char) ((hs_len >> 16) & 0xff); + *p++ = (unsigned char) ((hs_len >> 8) & 0xff); + *p++ = (unsigned char) ((hs_len >> 0) & 0xff); + // handshake content: dummy value + memset(p, 0x2a, first_frag_content_len); + + /* Send initial fragment and have the server process it. */ + ret = mbedtls_test_mock_tcp_send_b(&client.socket, first_frag, first_len); + TEST_ASSERT(ret >= 0 && (size_t) ret == first_len); + + ret = mbedtls_ssl_handshake_step(&server.ssl); + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); + + /* Dummy 1-byte fragment to repeatedly send next */ + const unsigned char next[] = { + 0x16, 0x03, 0x03, 0x00, 0x01, // record header (see above) + 0x2a, // Dummy handshake message content + }; + for (size_t left = hs_len - first_frag_content_len; left != 0; left--) { + ret = mbedtls_test_mock_tcp_send_b(&client.socket, next, sizeof(next)); + TEST_ASSERT(ret >= 0 && (size_t) ret == sizeof(next)); + + ret = mbedtls_ssl_handshake_step(&server.ssl); + if (ret != MBEDTLS_ERR_SSL_WANT_READ) { + break; + } + } + TEST_EQUAL(ret, expected_ret); + TEST_EQUAL(srv_pattern.counter, 1); + +exit: + mbedtls_test_free_handshake_options(&options); + mbedtls_test_ssl_endpoint_free(&server, NULL); + mbedtls_test_ssl_endpoint_free(&client, NULL); + mbedtls_debug_set_threshold(0); + mbedtls_free(first_frag); + PSA_DONE(); +} +/* END_CASE */ From 299f94a5d2f95e25b84c462ba61ca1500ead10a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 4 Mar 2025 10:12:25 +0100 Subject: [PATCH 0294/1548] Fix dependency issues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Declare the same dependencies as for the previous TLS 1.3 tests, except for part that varies with the cipher suite (ie AES-GCM). Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c4d57f79e2..993ae55b41 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5089,7 +5089,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY */ void send_large_fragmented_hello(int hs_len_int, int first_frag_content_len_int, char *log_pattern, int expected_ret) { @@ -5125,6 +5125,9 @@ void send_large_fragmented_hello(int hs_len_int, int first_frag_content_len_int, options.srv_log_fun = mbedtls_test_ssl_log_analyzer; mbedtls_debug_set_threshold(5); + // Does't really matter but we want to know to declare dependencies. + options.pk_alg = MBEDTLS_PK_ECDSA; + ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, &options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); From 55d9124bb0b422413bbd4ed1facc15d528e26877 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 4 Mar 2025 10:18:30 +0100 Subject: [PATCH 0295/1548] Move new tests to their own data file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.data | 182 -------------------- tests/suites/test_suite_ssl.tls-defrag.data | 181 +++++++++++++++++++ 2 files changed, 181 insertions(+), 182 deletions(-) create mode 100644 tests/suites/test_suite_ssl.tls-defrag.data diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 2c9d197930..565588bea6 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3329,185 +3329,3 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:3:3 TLS 1.3 srv, max early data size, HRR, 98, wsz=49 tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 - -# (Minimal) ClientHello breakdown: -# 160303rlrl - record header, 2-byte record contents len -# 01hlhlhl - handshake header, 3-byte handshake message len -# 0303 - protocol version: 1.2 -# 0123456789abcdef (repeated, 4 times total) - 32-byte "random" -# 00 - session ID (empty) -# 0002cvcv - ciphersuite list: 2-byte len + list of 2-byte values (see below) -# 0100 - compression methods: 1-byte len then "null" (only legal value now) -# [then end, or extensions, see notes below] -# elel - 2-byte extensions length -# ... -# 000a - elliptic_curves aka supported_groups -# 0004 - extension length -# 0002 - length of named_curve_list / named_group_list -# 0017 - secp256r1 aka NIST P-256 -# ... -# 002b - supported version (for TLS 1.3) -# 0003 - extension length -# 02 - length of versions -# 0304 - TLS 1.3 ("SSL 3.4") -# ... -# 000d - signature algorithms -# 0004 - extension length -# 0002 - SignatureSchemeList length -# 0403 - ecdsa_secp256r1_sha256 -# ... -# 0033 - key share -# 0002 - extension length -# 0000 - length of client_shares (empty is valid) -# -# Note: currently our TLS "1.3 or 1.2" code requires extension length to be -# present even it it's 0. This is not strictly compliant but doesn't matter -# much in practice as these days everyone wants to use signature_algorithms -# (for hashes better than SHA-1), secure_renego (even if you have renego -# disabled), and most people want either ECC or PSK related extensions. -# See https://github.com/Mbed-TLS/mbedtls/issues/9963 -# -# Also, currently we won't negotiate ECC ciphersuites unless at least the -# supported_groups extension is present, see -# https://github.com/Mbed-TLS/mbedtls/issues/7458 -# -# For TLS 1.3 with ephemeral key exchange, mandatory extensions are: -# - supported versions (as for all of TLS 1.3) -# - supported groups -# - key share -# - signature algorithms -# (see ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange()). -# -# Note: cccc is currently not assigned, so can be used get a consistent -# "no matching ciphersuite" behaviour regardless of the configuration. -# c02b is MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (1.2) -# 1301 is MBEDTLS_TLS1_3_AES_128_GCM_SHA256 (1.3) - -# See "ClientHello breakdown" above -# MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 -Inject ClientHello - TLS 1.2 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 - -# See "ClientHello breakdown" above -# Same as the above test with s/c02b/cccc/ as the ciphersuite -Inject ClientHello - TLS 1.2 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 - -# See "ClientHello breakdown" above -# Same as the above test with s/1301/cccc/ as the ciphersuite -Inject ClientHello - TLS 1.3 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc0100001d000a000400020017002b0003020304000d000400020403003300020000":"No matched ciphersuite":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"reassembled record":0 - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 3 + 73 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000301000016030300494803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 2 + 74 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300020100160303004a004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 1 + 75 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000101160303004b00004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 0 + 76 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030000160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"ssl_get_next_record() returned":MBEDTLS_ERR_SSL_INVALID_RECORD - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 72 + 4 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"reassembled record":0 - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 73 + 3 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"reassembled record":0 - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 74 + 2 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"reassembled record":0 - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"reassembled record":0 - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 4 + appdata + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300040100004817030300020102160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"Receive unexpected handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -##Inject ClientHello - TLS 1.3 fragmented 4 + alert(warn) + 72 ~rejected~ (currently loops forever) -##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"received unexpected message type during handshake":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 4 + alert(fatal) + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002025a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -##Inject ClientHello - TLS 1.3 fragmented 4 + CCS + 72 ~rejected~ (currently loops forever) -##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048140303000101160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE - -# See "ClientHello breakdown" above -# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -Inject ClientHello - TLS 1.3 fragmented 4 + invalid type + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481003030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"unknown record type":MBEDTLS_ERR_SSL_INVALID_RECORD - -Send large fragmented ClientHello: 4 bytes too large -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: 1 byte too large -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 3:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #1 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #2 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:1:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #3 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:2:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #4 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:3:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #5 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:4:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data new file mode 100644 index 0000000000..e1c469cde0 --- /dev/null +++ b/tests/suites/test_suite_ssl.tls-defrag.data @@ -0,0 +1,181 @@ +# (Minimal) ClientHello breakdown: +# 160303rlrl - record header, 2-byte record contents len +# 01hlhlhl - handshake header, 3-byte handshake message len +# 0303 - protocol version: 1.2 +# 0123456789abcdef (repeated, 4 times total) - 32-byte "random" +# 00 - session ID (empty) +# 0002cvcv - ciphersuite list: 2-byte len + list of 2-byte values (see below) +# 0100 - compression methods: 1-byte len then "null" (only legal value now) +# [then end, or extensions, see notes below] +# elel - 2-byte extensions length +# ... +# 000a - elliptic_curves aka supported_groups +# 0004 - extension length +# 0002 - length of named_curve_list / named_group_list +# 0017 - secp256r1 aka NIST P-256 +# ... +# 002b - supported version (for TLS 1.3) +# 0003 - extension length +# 02 - length of versions +# 0304 - TLS 1.3 ("SSL 3.4") +# ... +# 000d - signature algorithms +# 0004 - extension length +# 0002 - SignatureSchemeList length +# 0403 - ecdsa_secp256r1_sha256 +# ... +# 0033 - key share +# 0002 - extension length +# 0000 - length of client_shares (empty is valid) +# +# Note: currently our TLS "1.3 or 1.2" code requires extension length to be +# present even it it's 0. This is not strictly compliant but doesn't matter +# much in practice as these days everyone wants to use signature_algorithms +# (for hashes better than SHA-1), secure_renego (even if you have renego +# disabled), and most people want either ECC or PSK related extensions. +# See https://github.com/Mbed-TLS/mbedtls/issues/9963 +# +# Also, currently we won't negotiate ECC ciphersuites unless at least the +# supported_groups extension is present, see +# https://github.com/Mbed-TLS/mbedtls/issues/7458 +# +# For TLS 1.3 with ephemeral key exchange, mandatory extensions are: +# - supported versions (as for all of TLS 1.3) +# - supported groups +# - key share +# - signature algorithms +# (see ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange()). +# +# Note: cccc is currently not assigned, so can be used get a consistent +# "no matching ciphersuite" behaviour regardless of the configuration. +# c02b is MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (1.2) +# 1301 is MBEDTLS_TLS1_3_AES_128_GCM_SHA256 (1.3) + +# See "ClientHello breakdown" above +# MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 +Inject ClientHello - TLS 1.2 good (for reference) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 + +# See "ClientHello breakdown" above +# Same as the above test with s/c02b/cccc/ as the ciphersuite +Inject ClientHello - TLS 1.2 unknown ciphersuite (for reference) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 good (for reference) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 + +# See "ClientHello breakdown" above +# Same as the above test with s/1301/cccc/ as the ciphersuite +Inject ClientHello - TLS 1.3 unknown ciphersuite (for reference) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc0100001d000a000400020017002b0003020304000d000400020403003300020000":"No matched ciphersuite":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 3 + 73 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000301000016030300494803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 2 + 74 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300020100160303004a004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 1 + 75 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000101160303004b00004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 0 + 76 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030000160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"ssl_get_next_record() returned":MBEDTLS_ERR_SSL_INVALID_RECORD + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 72 + 4 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 73 + 3 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 74 + 2 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"reassembled record":0 + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 4 + appdata + 72 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300040100004817030300020102160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"Receive unexpected handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +##Inject ClientHello - TLS 1.3 fragmented 4 + alert(warn) + 72 ~rejected~ (currently loops forever) +##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"received unexpected message type during handshake":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 4 + alert(fatal) + 72 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002025a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +##Inject ClientHello - TLS 1.3 fragmented 4 + CCS + 72 ~rejected~ (currently loops forever) +##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048140303000101160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +Inject ClientHello - TLS 1.3 fragmented 4 + invalid type + 72 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481003030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"unknown record type":MBEDTLS_ERR_SSL_INVALID_RECORD + +Send large fragmented ClientHello: 4 bytes too large +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: 1 byte too large +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 3:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #1 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #2 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:1:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #3 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:2:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #4 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:3:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit without overhead #5 +send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:4:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA From 1038b22d74a27d9111d12fc8d737c413f2e39ee8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 5 Mar 2025 11:53:09 +0100 Subject: [PATCH 0296/1548] Reduce the level of logging used in tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This should avoid running into a bug with printf format specifiers one windows. It's also a logical move for actual tests: I used the highest debug level for discovery, but we don't need that all the time. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls13_server.c | 2 +- tests/suites/test_suite_ssl.function | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index acb65e38d2..1dde4ab3c9 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -91,7 +91,7 @@ static void ssl_tls13_select_ciphersuite( return; } - MBEDTLS_SSL_DEBUG_MSG(2, ("No matched ciphersuite, psk_ciphersuite_id=%x, psk_hash_alg=%lx", + MBEDTLS_SSL_DEBUG_MSG(1, ("No matched ciphersuite, psk_ciphersuite_id=%x, psk_hash_alg=%lx", (unsigned) psk_ciphersuite_id, (unsigned long) psk_hash_alg)); } diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 993ae55b41..c365fd674f 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5046,7 +5046,7 @@ void inject_client_content_on_the_wire(int pk_alg, srv_pattern.pattern = log_pattern; options.srv_log_obj = &srv_pattern; options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - mbedtls_debug_set_threshold(5); + mbedtls_debug_set_threshold(1); options.pk_alg = pk_alg; @@ -5078,7 +5078,11 @@ void inject_client_content_on_the_wire(int pk_alg, ret = mbedtls_ssl_handshake_step(&server.ssl); } while (ret == 0 && server.ssl.state == state); TEST_EQUAL(ret, expected_ret); - TEST_EQUAL(srv_pattern.counter, 1); + /* If we're expected to suceeed and we do, that's enough. + * If we're expected to fail, also check it was in the expected way. */ + if (expected_ret != 0) { + TEST_EQUAL(srv_pattern.counter, 1); + } exit: mbedtls_test_free_handshake_options(&options); @@ -5123,7 +5127,7 @@ void send_large_fragmented_hello(int hs_len_int, int first_frag_content_len_int, srv_pattern.pattern = log_pattern; options.srv_log_obj = &srv_pattern; options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - mbedtls_debug_set_threshold(5); + mbedtls_debug_set_threshold(1); // Does't really matter but we want to know to declare dependencies. options.pk_alg = MBEDTLS_PK_ECDSA; From 757040c47f1ea5473ee18f331ddb5c3aad01f8bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 5 Mar 2025 12:52:18 +0100 Subject: [PATCH 0297/1548] Cleanly reject non-HS in-between HS fragments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.tls-defrag.data | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data index e1c469cde0..eb4e58deeb 100644 --- a/tests/suites/test_suite_ssl.tls-defrag.data +++ b/tests/suites/test_suite_ssl.tls-defrag.data @@ -133,25 +133,25 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + appdata + 72 rejected depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300040100004817030300020102160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"Receive unexpected handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300040100004817030300020102160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -##Inject ClientHello - TLS 1.3 fragmented 4 + alert(warn) + 72 ~rejected~ (currently loops forever) -##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"received unexpected message type during handshake":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE +Inject ClientHello - TLS 1.3 fragmented 4 + alert(warn) + 72 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + alert(fatal) + 72 rejected depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002025a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002025a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 -##Inject ClientHello - TLS 1.3 fragmented 4 + CCS + 72 ~rejected~ (currently loops forever) -##depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -##inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048140303000101160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"is a fatal alert message":MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE +Inject ClientHello - TLS 1.3 fragmented 4 + CCS + 72 rejected +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048140303000101160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 From 4f1b38a65e70067a004a29d7b69352ded6fe9b79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 7 Mar 2025 12:36:08 +0100 Subject: [PATCH 0298/1548] Adapt "large ClientHello" tests to incremental MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.tls-defrag.data | 51 +++++++++++++-------- 1 file changed, 31 insertions(+), 20 deletions(-) diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data index eb4e58deeb..76797a08e8 100644 --- a/tests/suites/test_suite_ssl.tls-defrag.data +++ b/tests/suites/test_suite_ssl.tls-defrag.data @@ -159,23 +159,34 @@ Inject ClientHello - TLS 1.3 fragmented 4 + invalid type + 72 rejected depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481003030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"unknown record type":MBEDTLS_ERR_SSL_INVALID_RECORD -Send large fragmented ClientHello: 4 bytes too large -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: 1 byte too large -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 3:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #1 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #2 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:1:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #3 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:2:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #4 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:3:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA - -Send large fragmented ClientHello: would fit without overhead #5 -send_large_fragmented_hello:MBEDTLS_SSL_IN_CONTENT_LEN - 4:4:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA +# The buffer is actually larger than IN_CONTENT_LEN as we leave room for +# record protection overhead (IV, MAC/tag, padding (up to 256 bytes)), CID... +# The maximum size for an unencrypted (and without CID with is DTLS only) +# handshake message we can hold in the buffer is +# MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 4 +# (the 4 is for the handshake header). +# However, due to overhead, fragmented messages need to be 5 bytes shorter in +# order to actually fit (leave room for an extra record header). +Send large fragmented ClientHello: reassembled 1 byte larger than the buffer +send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 3:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would just fit except for overhead +send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 4:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit except for overhead (1) +send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 5:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit except for overhead (2) +send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 6:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit except for overhead (3) +send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 7:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +Send large fragmented ClientHello: would fit except for overhead (4) +send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 8:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA + +# Since we're sending dummy contents (all 0x2a) for the ClientHello, +# the first thing that's going to fail is the version check. The fact that we +# got around to checking it confirms reassembly completed sucessfully. +Send large fragmented ClientHello: just fits +send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 9:0:"Unsupported version of TLS":MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION From 2285d6122d01694c9530fe091cad823e64d365c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 7 Mar 2025 12:53:43 +0100 Subject: [PATCH 0299/1548] Add test for length larger than 2^16 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.tls-defrag.data | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data index 76797a08e8..b062ee2421 100644 --- a/tests/suites/test_suite_ssl.tls-defrag.data +++ b/tests/suites/test_suite_ssl.tls-defrag.data @@ -190,3 +190,10 @@ send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - # got around to checking it confirms reassembly completed sucessfully. Send large fragmented ClientHello: just fits send_large_fragmented_hello:MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 9:0:"Unsupported version of TLS":MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION + +# We're generating a virtual record header for the reassembled HS message, +# which requires that the length fits in two bytes. Of course we won't get +# there because if the length doesn't fit in two bytes then the message won't +# fit in the buffer, but still add a test just in case. +Send large fragmented ClientHello: length doesn't fit in two bytes +send_large_fragmented_hello:0x10000:0:"requesting more data than fits":MBEDTLS_ERR_SSL_BAD_INPUT_DATA From ed873f9e59f9642e8886cdb47946bccf3ec91d49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Mar 2025 10:12:30 +0100 Subject: [PATCH 0300/1548] Adjust logic around log pattern MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is more flexible: the test data gets to decide whether we want to assert the presence of a pattern or not. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 4 +--- tests/suites/test_suite_ssl.tls-defrag.data | 14 +++++++------- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c365fd674f..e48cae74b1 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5078,9 +5078,7 @@ void inject_client_content_on_the_wire(int pk_alg, ret = mbedtls_ssl_handshake_step(&server.ssl); } while (ret == 0 && server.ssl.state == state); TEST_EQUAL(ret, expected_ret); - /* If we're expected to suceeed and we do, that's enough. - * If we're expected to fail, also check it was in the expected way. */ - if (expected_ret != 0) { + if (strlen(log_pattern) != 0) { TEST_EQUAL(srv_pattern.counter, 1); } diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data index b062ee2421..a99632cc7f 100644 --- a/tests/suites/test_suite_ssl.tls-defrag.data +++ b/tests/suites/test_suite_ssl.tls-defrag.data @@ -55,7 +55,7 @@ # MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 Inject ClientHello - TLS 1.2 good (for reference) depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"":0 # See "ClientHello breakdown" above # Same as the above test with s/c02b/cccc/ as the ciphersuite @@ -67,7 +67,7 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 good (for reference) depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"":0 # See "ClientHello breakdown" above # Same as the above test with s/1301/cccc/ as the ciphersuite @@ -79,7 +79,7 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"reassembled record":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 @@ -109,25 +109,25 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 72 + 4 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"reassembled record":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 3 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"reassembled record":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 74 + 2 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"reassembled record":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"reassembled record":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 From e5ddf36a660c6e3eb8a263f79fcaa908624f0e6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Mar 2025 10:17:51 +0100 Subject: [PATCH 0301/1548] Add test cases for EOF in the middle of fragments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.tls-defrag.data | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data index a99632cc7f..531d463d6d 100644 --- a/tests/suites/test_suite_ssl.tls-defrag.data +++ b/tests/suites/test_suite_ssl.tls-defrag.data @@ -75,6 +75,22 @@ Inject ClientHello - TLS 1.3 unknown ciphersuite (for reference) depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc0100001d000a000400020017002b0003020304000d000400020403003300020000":"No matched ciphersuite":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +# The purpose of this test case is to ensure nothing bad happens when the +# connection is closed while we're waiting for more fragments. +Inject ClientHello - TLS 1.3 4 + 71 then EOF (missing 1 byte) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004703030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200":"":MBEDTLS_ERR_SSL_WANT_READ + +# See "ClientHello breakdown" above +# ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 +# The purpose of this test case is to ensure nothing bad happens when the +# connection is closed while we're waiting for more fragments. +Inject ClientHello - TLS 1.3 4 then EOF (missing 72 bytes) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048":"":MBEDTLS_ERR_SSL_WANT_READ + # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK From f4a67cf892b99a5d20a1098546847cb167d92234 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Mar 2025 10:26:36 +0100 Subject: [PATCH 0302/1548] Fix a typo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.tls-defrag.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data index 531d463d6d..b3822b002e 100644 --- a/tests/suites/test_suite_ssl.tls-defrag.data +++ b/tests/suites/test_suite_ssl.tls-defrag.data @@ -177,7 +177,7 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # The buffer is actually larger than IN_CONTENT_LEN as we leave room for # record protection overhead (IV, MAC/tag, padding (up to 256 bytes)), CID... -# The maximum size for an unencrypted (and without CID with is DTLS only) +# The maximum size for an unencrypted (and without CID which is DTLS only) # handshake message we can hold in the buffer is # MBEDTLS_SSL_IN_BUFFER_LEN - MBEDTLS_SSL_HEADER_LEN - 4 # (the 4 is for the handshake header). From 47d0b796af42d2c2ed95f500a118f41052108016 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Mar 2025 10:27:49 +0100 Subject: [PATCH 0303/1548] Improve a test assertion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit That way if it ever fails it will print the values. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index e48cae74b1..23b8031389 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5068,7 +5068,7 @@ void inject_client_content_on_the_wire(int pk_alg, /* Send the crafted message */ ret = mbedtls_test_mock_tcp_send_b(&client.socket, data->x, data->len); - TEST_ASSERT(ret >= 0 && (size_t) ret == data->len); + TEST_EQUAL(ret, (int) data->len); /* Have the server process it. * Need the loop because a server that support 1.3 and 1.2 From af4606d7433b78348621a0ff7349f9a8d5125706 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 11 Mar 2025 12:12:51 +0100 Subject: [PATCH 0304/1548] Re-introduce log asserts on positive cases MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 6 ++---- tests/suites/test_suite_ssl.tls-defrag.data | 18 +++++++++--------- 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 23b8031389..ac7bfad2ee 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5046,7 +5046,7 @@ void inject_client_content_on_the_wire(int pk_alg, srv_pattern.pattern = log_pattern; options.srv_log_obj = &srv_pattern; options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - mbedtls_debug_set_threshold(1); + mbedtls_debug_set_threshold(3); options.pk_alg = pk_alg; @@ -5078,9 +5078,7 @@ void inject_client_content_on_the_wire(int pk_alg, ret = mbedtls_ssl_handshake_step(&server.ssl); } while (ret == 0 && server.ssl.state == state); TEST_EQUAL(ret, expected_ret); - if (strlen(log_pattern) != 0) { - TEST_EQUAL(srv_pattern.counter, 1); - } + TEST_ASSERT(srv_pattern.counter >= 1); exit: mbedtls_test_free_handshake_options(&options); diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data index b3822b002e..8fca923e06 100644 --- a/tests/suites/test_suite_ssl.tls-defrag.data +++ b/tests/suites/test_suite_ssl.tls-defrag.data @@ -55,7 +55,7 @@ # MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 Inject ClientHello - TLS 1.2 good (for reference) depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 # See "ClientHello breakdown" above # Same as the above test with s/c02b/cccc/ as the ciphersuite @@ -67,7 +67,7 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 good (for reference) depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # Same as the above test with s/1301/cccc/ as the ciphersuite @@ -81,7 +81,7 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # connection is closed while we're waiting for more fragments. Inject ClientHello - TLS 1.3 4 + 71 then EOF (missing 1 byte) depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004703030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200":"":MBEDTLS_ERR_SSL_WANT_READ +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004703030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200":"waiting for more handshake fragments":MBEDTLS_ERR_SSL_WANT_READ # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 @@ -89,13 +89,13 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # connection is closed while we're waiting for more fragments. Inject ClientHello - TLS 1.3 4 then EOF (missing 72 bytes) depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048":"":MBEDTLS_ERR_SSL_WANT_READ +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048":"waiting for more handshake fragments":MBEDTLS_ERR_SSL_WANT_READ # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 @@ -125,25 +125,25 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 72 + 4 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 3 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 74 + 2 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY -inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"":0 +inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 From 6dcfdf1f48a1b146520aa4162b69bcd571b5cc6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 Mar 2025 09:35:51 +0100 Subject: [PATCH 0305/1548] Adapt dependencies to the new world MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 2 +- tests/suites/test_suite_ssl.tls-defrag.data | 40 ++++++++++----------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index ac7bfad2ee..6b491d4ceb 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5089,7 +5089,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY */ void send_large_fragmented_hello(int hs_len_int, int first_frag_content_len_int, char *log_pattern, int expected_ret) { diff --git a/tests/suites/test_suite_ssl.tls-defrag.data b/tests/suites/test_suite_ssl.tls-defrag.data index 8fca923e06..7817c4f501 100644 --- a/tests/suites/test_suite_ssl.tls-defrag.data +++ b/tests/suites/test_suite_ssl.tls-defrag.data @@ -54,25 +54,25 @@ # See "ClientHello breakdown" above # MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 with secp256r1 Inject ClientHello - TLS 1.2 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1 inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300370100003303030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002c02b01000008000a000400020017":"<= parse client hello":0 # See "ClientHello breakdown" above # Same as the above test with s/c02b/cccc/ as the ciphersuite Inject ClientHello - TLS 1.2 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1 inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303002f0100002b03030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc01000000":"got no ciphersuites in common":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 good (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # Same as the above test with s/1301/cccc/ as the ciphersuite Inject ClientHello - TLS 1.3 unknown ciphersuite (for reference) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef000002cccc0100001d000a000400020017002b0003020304000d000400020403003300020000":"No matched ciphersuite":MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE # See "ClientHello breakdown" above @@ -80,7 +80,7 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # The purpose of this test case is to ensure nothing bad happens when the # connection is closed while we're waiting for more fragments. Inject ClientHello - TLS 1.3 4 + 71 then EOF (missing 1 byte) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004703030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200":"waiting for more handshake fragments":MBEDTLS_ERR_SSL_WANT_READ # See "ClientHello breakdown" above @@ -88,91 +88,91 @@ inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160 # The purpose of this test case is to ensure nothing bad happens when the # connection is closed while we're waiting for more fragments. Inject ClientHello - TLS 1.3 4 then EOF (missing 72 bytes) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048":"waiting for more handshake fragments":MBEDTLS_ERR_SSL_WANT_READ # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + 72 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 3 + 73 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000301000016030300494803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 2 + 74 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300020100160303004a004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 1 + 75 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000101160303004b00004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"handshake message too short":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 0 + 76 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030000160303004c0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"ssl_get_next_record() returned":MBEDTLS_ERR_SSL_INVALID_RECORD # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 72 + 4 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300480100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033160303000400020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 3 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300490100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033001603030003020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 74 + 2 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004a0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000216030300020000":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 73 + 1 OK -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303004b0100004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d0004000204030033000200160303000100":"key exchange mode\: ephemeral":0 # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + appdata + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"16030300040100004817030300020102160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + alert(warn) + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + alert(fatal) + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481503030002025a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + CCS + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"160303000401000048140303000101160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"non-handshake message in the middle of a fragmented handshake message":MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE # See "ClientHello breakdown" above # ephemeral with secp256r1 + MBEDTLS_TLS1_3_AES_128_GCM_SHA256 Inject ClientHello - TLS 1.3 fragmented 4 + invalid type + 72 rejected -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_HAVE_AES:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_GCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY inject_client_content_on_the_wire:MBEDTLS_PK_ECDSA:MBEDTLS_SSL_CLIENT_HELLO:"1603030004010000481003030002015a160303004803030123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef00000213010100001d000a000400020017002b0003020304000d000400020403003300020000":"unknown record type":MBEDTLS_ERR_SSL_INVALID_RECORD # The buffer is actually larger than IN_CONTENT_LEN as we leave room for From 1d181102fe88ba846ad22721c3f46c416c850489 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 14 Mar 2025 10:50:20 +0000 Subject: [PATCH 0306/1548] Reword slightly to be more tentative We don't guarantee ABI stability, but we do try to maintain it where we can. Signed-off-by: David Horstmann --- docs/3.0-migration-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index 02f5b49124..e927667b7e 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -71,7 +71,7 @@ If you were accessing structure fields directly, and these fields are not docume If no accessor function exists, please open an [enhancement request against Mbed TLS](https://github.com/Mbed-TLS/mbedtls/issues/new?template=feature_request.md) and describe your use case. The Mbed TLS development team is aware that some useful accessor functions are missing in the 3.0 release, and we expect to add them to the first minor release(s) (3.1, etc.). -As a last resort, you can access the field `foo` of a structure `bar` by writing `bar.MBEDTLS_PRIVATE(foo)`. Note that you do so at your own risk, since such code is likely to break in a future minor version of Mbed TLS. However, in the Mbed TLS 3.6 LTS this is generally a safe way to access struct members because LTS versions try to maintain ABI stability. +As a last resort, you can access the field `foo` of a structure `bar` by writing `bar.MBEDTLS_PRIVATE(foo)`. Note that you do so at your own risk, since such code is likely to break in a future minor version of Mbed TLS. In the Mbed TLS 3.6 LTS this will tend to be safer than in a normal minor release because LTS versions try to maintain ABI stability. ### Move part of timing module out of the library From dfc082e16cb7d469d0955214e2682c012f93720f Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 18 Mar 2025 10:25:24 +0000 Subject: [PATCH 0307/1548] ssl-opt: Fixed a minor typo. Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1e71bef7f7..7707d97d13 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13740,7 +13740,7 @@ run_test "Handshake defragmentation on server: len=256, buffer resizing with # Test client-initiated renegotiation with fragmented handshake on TLS1.2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on server: len=512, client-initiated renegotation" \ +run_test "Handshake defragmentation on server: len=512, client-initiated renegotiation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 512 -connect 127.0.0.1:+$SRV_PORT" \ 0 \ @@ -13756,7 +13756,7 @@ run_test "Handshake defragmentation on server: len=512, client-initiated rene requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on server: len=256, client-initiated renegotation" \ +run_test "Handshake defragmentation on server: len=256, client-initiated renegotiation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -connect 127.0.0.1:+$SRV_PORT" \ 0 \ @@ -13773,7 +13773,7 @@ run_test "Handshake defragmentation on server: len=256, client-initiated rene requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on server: len=128, client-initiated renegotation" \ +run_test "Handshake defragmentation on server: len=128, client-initiated renegotiation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 128 -connect 127.0.0.1:+$SRV_PORT" \ 0 \ @@ -13790,7 +13790,7 @@ run_test "Handshake defragmentation on server: len=128, client-initiated rene requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on server: len=4, client-initiated renegotation" \ +run_test "Handshake defragmentation on server: len=4, client-initiated renegotiation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 4 -connect 127.0.0.1:+$SRV_PORT" \ 0 \ @@ -13807,7 +13807,7 @@ run_test "Handshake defragmentation on server: len=4, client-initiated renego requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on server: len=4, client-initiated server-rejected renegotation" \ +run_test "Handshake defragmentation on server: len=4, client-initiated server-rejected renegotiation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=0 auth_mode=required" \ "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 4 -connect 127.0.0.1:+$SRV_PORT" \ 1 \ @@ -13821,7 +13821,7 @@ run_test "Handshake defragmentation on server: len=4, client-initiated server # Test server-initiated renegotiation with fragmented handshake on TLS1.2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on client: len=512, server-initiated renegotation" \ +run_test "Handshake defragmentation on client: len=512, server-initiated renegotiation" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \ 0 \ @@ -13843,7 +13843,7 @@ run_test "Handshake defragmentation on client: len=512, server-initiated rene # Setting it to -1 disables that policy's enforment. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -run_test "Handshake defragmentation on client: len=256, server-initiated renegotation" \ +run_test "Handshake defragmentation on client: len=256, server-initiated renegotiation" \ "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=3 renegotiation=1 renego_delay=-1 request_page=/reneg" \ 0 \ From 625c8fd2d9d39f7618cf4de081857483471dae1d Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 18 Mar 2025 10:31:37 +0000 Subject: [PATCH 0308/1548] ssl-opt: Added 4 and 128 bytes tests to HS defragmentation for server initiated reneg Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 44 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 9 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7707d97d13..6a5e7603c8 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13819,6 +13819,15 @@ run_test "Handshake defragmentation on server: len=4, client-initiated server -s "Consume: waiting for more handshake fragments 4/" \ # Test server-initiated renegotiation with fragmented handshake on TLS1.2 + +# Note: The /reneg endpoint serves as a directive for OpenSSL's s_server +# to initiate a handshake renegotiation. +# Note: Adjusting the renegotiation delay beyond the library's default +# value of 16 is necessary. This parameter defines the maximum +# number of records received before renegotiation is completed. +# By fragmenting records and thereby increasing their quantity, +# the default threshold can be reached more quickly. +# Setting it to -1 disables that policy's enforment. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on client: len=512, server-initiated renegotiation" \ @@ -13832,15 +13841,6 @@ run_test "Handshake defragmentation on client: len=512, server-initiated rene -c "found renegotiation extension" \ -c "=> renegotiate" - -# Note: The /reneg endpoint serves as a directive for OpenSSL's s_server -# to initiate a handshake renegotiation. -# Note: Adjusting the renegotiation delay beyond the library's default -# value of 16 is necessary. This parameter defines the maximum -# number of records received before renegotiation is completed. -# By fragmenting records and thereby increasing their quantity, -# the default threshold can be reached more quickly. -# Setting it to -1 disables that policy's enforment. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on client: len=256, server-initiated renegotiation" \ @@ -13854,6 +13854,32 @@ run_test "Handshake defragmentation on client: len=256, server-initiated rene -c "found renegotiation extension" \ -c "=> renegotiate" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation on client: len=128, server-initiated renegotiation" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$P_CLI debug_level=3 renegotiation=1 renego_delay=-1 request_page=/reneg" \ + 0 \ + -c "initial handshake fragment: 128, 0\\.\\.128 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 128/" \ + -c "Consume: waiting for more handshake fragments 128/" \ + -c "client hello, adding renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION +run_test "Handshake defragmentation on client: len=4, server-initiated renegotiation" \ + "$O_NEXT_SRV -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$P_CLI debug_level=3 renegotiation=1 renego_delay=-1 request_page=/reneg" \ + 0 \ + -c "initial handshake fragment: 4, 0\\.\\.4 of [0-9]\\+" \ + -c "Prepare: waiting for more handshake fragments 4/" \ + -c "Consume: waiting for more handshake fragments 4/" \ + -c "client hello, adding renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From e1e27300a2c9fe452207bbab2a11a102cec76f25 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 26 Feb 2025 18:06:05 +0100 Subject: [PATCH 0309/1548] Remove `MBEDTLS_KEY_EXCHANGE_RSA_ENABLED` config option Signed-off-by: Gabor Mezei --- docs/architecture/tls13-support.md | 1 - docs/proposed/config-split.md | 1 - include/mbedtls/check_config.h | 9 +- include/mbedtls/config_adjust_ssl.h | 1 - include/mbedtls/mbedtls_config.h | 25 --- include/mbedtls/ssl.h | 3 - include/mbedtls/ssl_ciphersuites.h | 6 +- library/ssl_ciphersuites.c | 168 -------------- library/ssl_tls12_client.c | 98 +-------- library/ssl_tls12_server.c | 206 ------------------ tests/include/test/ssl_helpers.h | 3 +- .../components-configuration-crypto.sh | 2 - tests/scripts/depends.py | 1 - tests/ssl-opt.sh | 8 +- 14 files changed, 8 insertions(+), 524 deletions(-) diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md index aa09e302d2..f49e9194ba 100644 --- a/docs/architecture/tls13-support.md +++ b/docs/architecture/tls13-support.md @@ -116,7 +116,6 @@ Support description | | | | MBEDTLS_KEY_EXCHANGE_PSK_ENABLED | n/a (2) | | MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED | n/a | - | MBEDTLS_KEY_EXCHANGE_RSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED | n/a | diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index 1baab356b2..6f3b5bd246 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -396,7 +396,6 @@ PSA_WANT_\* macros as in current `crypto_config.h`. #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #define MBEDTLS_SSL_ALL_ALERT_MESSAGES #define MBEDTLS_SSL_ALPN //#define MBEDTLS_SSL_ASYNC_PRIVATE diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index c2b5200bc3..4328f7198c 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -87,12 +87,6 @@ #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" #endif -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ - !defined(MBEDTLS_PKCS1_V15) ) -#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ ( !defined(PSA_WANT_ALG_JPAKE) || \ !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \ @@ -155,8 +149,7 @@ #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + !(defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h index 7070283fd7..2221e5b2e7 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/config_adjust_ssl.h @@ -61,7 +61,6 @@ #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET #undef MBEDTLS_SSL_RENEGOTIATION -#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index dd9ccacdee..2dc475b9f7 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -360,31 +360,6 @@ */ #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -/** - * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - * - * Enable the RSA-only based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15, - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - */ -#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - /** * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 681584b3d7..2ea09bbfa3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -650,9 +650,6 @@ /* Dummy type used only for its size */ union mbedtls_ssl_premaster_secret { unsigned char dummy; /* Make the union non-empty even with SSL disabled */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */ -#endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 5d5b4b94b8..7db620ec4b 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -201,8 +201,7 @@ typedef enum { } mbedtls_key_exchange_type_t; /* Key exchanges using a certificate */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) @@ -260,8 +259,7 @@ typedef enum { #endif /* Key exchanges that don't involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED #endif diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index e4cc226327..6e4370b795 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -490,116 +490,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_SHA_384) && \ - defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_1) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_CCM) - { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_SHORT_TAG, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CCM */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ - -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) #if defined(PSA_WANT_KEY_TYPE_AES) #if defined(PSA_WANT_ALG_SHA_1) @@ -947,29 +837,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -#if defined(PSA_WANT_ALG_MD5) - { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #if defined(PSA_WANT_ALG_SHA_1) { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA", @@ -1019,41 +886,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(PSA_WANT_KEY_TYPE_ARIA) -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 36f79cb202..c06844db76 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1732,83 +1732,6 @@ static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -/* - * Generate a pre-master secret and encrypt it with the server's RSA key - */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_write_encrypted_pms(mbedtls_ssl_context *ssl, - size_t offset, size_t *olen, - size_t pms_offset) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len_bytes = 2; - unsigned char *p = ssl->handshake->premaster + pms_offset; - mbedtls_pk_context *peer_pk; - - if (offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small for encrypted pms")); - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - /* - * Generate (part of) the pre-master as - * struct { - * ProtocolVersion client_version; - * opaque random[46]; - * } PreMasterSecret; - */ - mbedtls_ssl_write_version(p, ssl->conf->transport, - MBEDTLS_SSL_VERSION_TLS1_2); - - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p + 2, 46)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret); - return ret; - } - - ssl->handshake->pmslen = 48; - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - peer_pk = &ssl->handshake->peer_pubkey; -#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (ssl->session_negotiate->peer_cert == NULL) { - /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - peer_pk = &ssl->session_negotiate->peer_cert->pk; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - /* - * Now write it out, encrypted - */ - if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_RSA)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("certificate key type mismatch")); - return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - - if ((ret = mbedtls_pk_encrypt(peer_pk, - p, ssl->handshake->pmslen, - ssl->out_msg + offset + len_bytes, olen, - MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_rsa_pkcs1_encrypt", ret); - return ret; - } - - if (len_bytes == 2) { - MBEDTLS_PUT_UINT16_BE(*olen, ssl->out_msg, offset); - *olen += 2; - } - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* We don't need the peer's public key anymore. Free it. */ - mbedtls_pk_free(peer_pk); -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL @@ -1902,16 +1825,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server key exchange")); -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange")); - ssl->state++; - return 0; - } - ((void) p); - ((void) end); -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || @@ -2742,15 +2655,6 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) } else #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { - header_len = 4; - if ((ret = ssl_write_encrypted_pms(ssl, header_len, - &content_len, 0)) != 0) { - return ret; - } - } else -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { header_len = 4; @@ -2768,7 +2672,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) return ret; } } else -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ { ((void) ciphersuite_info); MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index a302af48ed..5a143fc3ba 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3181,194 +3181,6 @@ static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl) return 0; } -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_resume_decrypt_pms(mbedtls_ssl_context *ssl, - unsigned char *peer_pms, - size_t *peer_pmslen, - size_t peer_pmssize) -{ - int ret = ssl->conf->f_async_resume(ssl, - peer_pms, peer_pmslen, peer_pmssize); - if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { - ssl->handshake->async_in_progress = 0; - mbedtls_ssl_set_async_operation_data(ssl, NULL); - } - MBEDTLS_SSL_DEBUG_RET(2, "ssl_decrypt_encrypted_pms", ret); - return ret; -} -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_decrypt_encrypted_pms(mbedtls_ssl_context *ssl, - const unsigned char *p, - const unsigned char *end, - unsigned char *peer_pms, - size_t *peer_pmslen, - size_t peer_pmssize) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_x509_crt *own_cert = mbedtls_ssl_own_cert(ssl); - if (own_cert == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no local certificate")); - return MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE; - } - mbedtls_pk_context *public_key = &own_cert->pk; - mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl); - size_t len = mbedtls_pk_get_len(public_key); - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - /* If we have already started decoding the message and there is an ongoing - * decryption operation, resume signing. */ - if (ssl->handshake->async_in_progress != 0) { - MBEDTLS_SSL_DEBUG_MSG(2, ("resuming decryption operation")); - return ssl_resume_decrypt_pms(ssl, - peer_pms, peer_pmslen, peer_pmssize); - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - - /* - * Prepare to decrypt the premaster using own private RSA key - */ - if (p + 2 > end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - if (*p++ != MBEDTLS_BYTE_1(len) || - *p++ != MBEDTLS_BYTE_0(len)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - if (p + len != end) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - /* - * Decrypt the premaster secret - */ -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ssl->conf->f_async_decrypt_start != NULL) { - ret = ssl->conf->f_async_decrypt_start(ssl, - mbedtls_ssl_own_cert(ssl), - p, len); - switch (ret) { - case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: - /* act as if f_async_decrypt_start was null */ - break; - case 0: - ssl->handshake->async_in_progress = 1; - return ssl_resume_decrypt_pms(ssl, - peer_pms, - peer_pmslen, - peer_pmssize); - case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: - ssl->handshake->async_in_progress = 1; - return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS; - default: - MBEDTLS_SSL_DEBUG_RET(1, "f_async_decrypt_start", ret); - return ret; - } - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - - if (!mbedtls_pk_can_do(private_key, MBEDTLS_PK_RSA)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("got no RSA private key")); - return MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED; - } - - ret = mbedtls_pk_decrypt(private_key, p, len, - peer_pms, peer_pmslen, peer_pmssize, - ssl->conf->f_rng, ssl->conf->p_rng); - return ret; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl, - const unsigned char *p, - const unsigned char *end, - size_t pms_offset) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *pms = ssl->handshake->premaster + pms_offset; - unsigned char ver[2]; - unsigned char fake_pms[48], peer_pms[48]; - size_t peer_pmslen; - mbedtls_ct_condition_t diff; - - /* In case of a failure in decryption, the decryption may write less than - * 2 bytes of output, but we always read the first two bytes. It doesn't - * matter in the end because diff will be nonzero in that case due to - * ret being nonzero, and we only care whether diff is 0. - * But do initialize peer_pms and peer_pmslen for robustness anyway. This - * also makes memory analyzers happy (don't access uninitialized memory, - * even if it's an unsigned char). */ - peer_pms[0] = peer_pms[1] = ~0; - peer_pmslen = 0; - - ret = ssl_decrypt_encrypted_pms(ssl, p, end, - peer_pms, - &peer_pmslen, - sizeof(peer_pms)); - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { - return ret; - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - - mbedtls_ssl_write_version(ver, ssl->conf->transport, - ssl->session_negotiate->tls_version); - - /* Avoid data-dependent branches while checking for invalid - * padding, to protect against timing-based Bleichenbacher-type - * attacks. */ - diff = mbedtls_ct_bool(ret); - diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pmslen, 48)); - diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[0], ver[0])); - diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[1], ver[1])); - - /* - * Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding - * must not cause the connection to end immediately; instead, send a - * bad_record_mac later in the handshake. - * To protect against timing-based variants of the attack, we must - * not have any branch that depends on whether the decryption was - * successful. In particular, always generate the fake premaster secret, - * regardless of whether it will ultimately influence the output or not. - */ - ret = ssl->conf->f_rng(ssl->conf->p_rng, fake_pms, sizeof(fake_pms)); - if (ret != 0) { - /* It's ok to abort on an RNG failure, since this does not reveal - * anything about the RSA decryption. */ - return ret; - } - -#if defined(MBEDTLS_SSL_DEBUG_ALL) - if (diff != MBEDTLS_CT_FALSE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); - } -#endif - - if (sizeof(ssl->handshake->premaster) < pms_offset || - sizeof(ssl->handshake->premaster) - pms_offset < 48) { - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - ssl->handshake->pmslen = 48; - - /* Set pms to either the true or the fake PMS, without - * data-dependent branches. */ - mbedtls_ct_memcpy_if(diff, pms, fake_pms, peer_pms, ssl->handshake->pmslen); - - return 0; -} -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_client_psk_identity(mbedtls_ssl_context *ssl, unsigned char **p, @@ -3435,16 +3247,6 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client key exchange")); -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA && - (ssl->handshake->async_in_progress != 0)) { - /* We've already read a record and there is an asynchronous - * operation in progress to decrypt it. So skip reading the - * record. */ - MBEDTLS_SSL_DEBUG_MSG(3, ("will resume decryption of previously-read record")); - } else -#endif if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); return ret; @@ -3635,14 +3437,6 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { - if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 0)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_parse_encrypted_pms_secret"), ret); - return ret; - } - } else -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { if ((ret = mbedtls_psa_ecjpake_read_round( diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index ef4927f72e..3ba314f832 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -66,8 +66,7 @@ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) #define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY #endif diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 8ba4161870..3d58895550 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1165,7 +1165,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT # Also disable key exchanges that depend on RSA - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED @@ -1525,7 +1524,6 @@ component_test_new_psa_want_key_pair_symbol () { scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED scripts/config.py unset MBEDTLS_RSA_C scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index a08ede54a5..816d2debae 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -315,7 +315,6 @@ def test(self, options): 'PSA_WANT_ALG_RSA_OAEP', 'PSA_WANT_ALG_RSA_PSS'], 'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT', 'PSA_WANT_ALG_RSA_PKCS1V15_SIGN'], 'MBEDTLS_RSA_C': ['MBEDTLS_PKCS1_V15', diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6a5e7603c8..7692017784 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -311,8 +311,7 @@ requires_any_configs_disabled() { SKIP_NEXT="YES" } -TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ +TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" @@ -320,9 +319,8 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" -TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" +TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" requires_certificate_authentication () { if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 From 5814e3e5660a0b9115afef81f65de50894b88420 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 26 Feb 2025 18:12:50 +0100 Subject: [PATCH 0310/1548] Remove `MBEDTLS_KEY_EXCHANGE_RSA` key exchange type Signed-off-by: Gabor Mezei --- include/mbedtls/ssl_ciphersuites.h | 1 - library/ssl_ciphersuites.c | 5 ----- library/ssl_ciphersuites_internal.h | 3 --- library/ssl_tls.c | 4 ---- 4 files changed, 13 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 7db620ec4b..31610b0a9a 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -190,7 +190,6 @@ extern "C" { */ typedef enum { MBEDTLS_KEY_EXCHANGE_NONE = 0, - MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_KEY_EXCHANGE_PSK, diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 6e4370b795..958668ebf7 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1220,7 +1220,6 @@ size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersui mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: return MBEDTLS_PK_RSA; @@ -1239,8 +1238,6 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphe psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_RSA: - return PSA_ALG_RSA_PKCS1V15_CRYPT; case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: return PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); @@ -1260,8 +1257,6 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_RSA: - return PSA_KEY_USAGE_DECRYPT; case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return PSA_KEY_USAGE_SIGN_HASH; diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index b60acdc5f8..a7981dbdf6 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -44,7 +44,6 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t switch (info->MBEDTLS_PRIVATE(key_exchange)) { case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_PSK: return 1; @@ -71,7 +70,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuit static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: @@ -86,7 +84,6 @@ static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_cip static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3572f3f631..5cfb83968a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8708,10 +8708,6 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, recv_endpoint == MBEDTLS_SSL_IS_CLIENT) { /* TLS 1.2 server part of the key exchange */ switch (ciphersuite->key_exchange) { - case MBEDTLS_KEY_EXCHANGE_RSA: - usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT; - break; - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; From 3c7db0e5a8eef21f20bb3a3b20aa7875f3d7b9d2 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 27 Feb 2025 12:44:24 +0100 Subject: [PATCH 0311/1548] Remove `MBEDTLS_TLS_RSA_*` ciphersuite macros Signed-off-by: Gabor Mezei --- include/mbedtls/ssl_ciphersuites.h | 31 ------------------------------ library/ssl_ciphersuites.c | 23 ---------------------- 2 files changed, 54 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 31610b0a9a..b03123107c 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -24,28 +24,11 @@ extern "C" { /* * Supported ciphersuites (Official IANA names) */ -#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */ -#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */ - #define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */ -#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F - -#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA 0x35 - -#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B /**< Weak! */ -#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D /**< TLS 1.2 */ - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x41 - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D -#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D /**< TLS 1.2 */ - #define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9 /**< TLS 1.2 */ @@ -54,10 +37,6 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */ #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */ -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA /**< TLS 1.2 */ - -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */ - #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 @@ -100,8 +79,6 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 0xC03A #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 0xC03B -#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */ @@ -110,8 +87,6 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */ @@ -136,8 +111,6 @@ extern "C" { #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079 -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */ @@ -155,10 +128,6 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B -#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */ -#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */ diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 958668ebf7..b979cad94f 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -110,22 +110,14 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, /* All AES-256 suites */ - MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_RSA_WITH_AES_256_CCM, - MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, /* All CAMELLIA-256 suites */ - MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, @@ -134,28 +126,18 @@ static const int ciphersuite_preference[] = /* All ARIA-256 suites */ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, - MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, /* All AES-128 suites */ - MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_RSA_WITH_AES_128_CCM, - MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, /* All CAMELLIA-128 suites */ - MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, @@ -164,10 +146,8 @@ static const int ciphersuite_preference[] = /* All ARIA-128 suites */ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, - MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, /* The PSK suites */ MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, @@ -198,9 +178,6 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, - MBEDTLS_TLS_RSA_WITH_NULL_SHA256, - MBEDTLS_TLS_RSA_WITH_NULL_SHA, - MBEDTLS_TLS_RSA_WITH_NULL_MD5, MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, MBEDTLS_TLS_PSK_WITH_NULL_SHA384, From 3ee9a8cf49537d3dcb857c3361fd635868d7579e Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 27 Feb 2025 12:53:40 +0100 Subject: [PATCH 0312/1548] Remove `TLS-RSA` related test cases Signed-off-by: Gabor Mezei --- tests/compat.sh | 23 ----------------------- tests/context-info.sh | 10 ---------- 2 files changed, 33 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index de8c1bb18a..975d8dc3d9 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -327,17 +327,6 @@ add_common_ciphersuites() TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 \ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 \ TLS_ECDHE_RSA_WITH_NULL_SHA \ - TLS_RSA_WITH_AES_128_CBC_SHA \ - TLS_RSA_WITH_AES_128_CBC_SHA256 \ - TLS_RSA_WITH_AES_128_GCM_SHA256 \ - TLS_RSA_WITH_AES_256_CBC_SHA \ - TLS_RSA_WITH_AES_256_CBC_SHA256 \ - TLS_RSA_WITH_AES_256_GCM_SHA384 \ - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA \ - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA \ - TLS_RSA_WITH_NULL_MD5 \ - TLS_RSA_WITH_NULL_SHA \ - TLS_RSA_WITH_NULL_SHA256 \ " ;; @@ -388,8 +377,6 @@ add_openssl_ciphersuites() TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 \ TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 \ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \ - TLS_RSA_WITH_ARIA_128_GCM_SHA256 \ - TLS_RSA_WITH_ARIA_256_GCM_SHA384 \ " ;; @@ -437,14 +424,6 @@ add_gnutls_ciphersuites() TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \ TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \ - TLS_RSA_WITH_AES_128_CCM \ - TLS_RSA_WITH_AES_128_CCM_8 \ - TLS_RSA_WITH_AES_256_CCM \ - TLS_RSA_WITH_AES_256_CCM_8 \ - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 \ - TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 \ " ;; @@ -506,8 +485,6 @@ add_mbedtls_ciphersuites() M_CIPHERS="$M_CIPHERS \ TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 \ TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 \ - TLS_RSA_WITH_ARIA_128_CBC_SHA256 \ - TLS_RSA_WITH_ARIA_256_CBC_SHA384 \ " ;; diff --git a/tests/context-info.sh b/tests/context-info.sh index 6c08b865ba..066bd3d589 100755 --- a/tests/context-info.sh +++ b/tests/context-info.sh @@ -241,16 +241,6 @@ run_test "Default configuration, client" \ -u "basic constraints.* CA=false$" \ -n "bytes left to analyze from context" -run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, server" \ - "srv_ciphersuite.txt" \ - -n "ERROR" \ - -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \ - -run_test "Ciphersuite TLS-RSA-WITH-AES-256-CCM-8, client" \ - "cli_ciphersuite.txt" \ - -n "ERROR" \ - -u "ciphersuite.* TLS-RSA-WITH-AES-256-CCM-8$" \ - run_test "No packing, server" \ "srv_no_packing.txt" \ -n "ERROR" \ From e99e591179bb585fb2ad6861e26c7e0e0fe37aca Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 27 Feb 2025 13:41:24 +0100 Subject: [PATCH 0313/1548] Remove key exchange based on encryption/decryption Signed-off-by: Gabor Mezei --- include/mbedtls/ssl.h | 79 +------------------------------------ library/ssl_misc.h | 1 - library/ssl_tls.c | 2 - library/ssl_tls12_server.c | 1 - programs/ssl/ssl_client2.c | 4 +- programs/ssl/ssl_server2.c | 27 ++----------- programs/ssl/ssl_test_lib.c | 5 --- programs/ssl/ssl_test_lib.h | 1 - 8 files changed, 7 insertions(+), 113 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2ea09bbfa3..6c37fc3703 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -999,71 +999,6 @@ typedef int mbedtls_ssl_async_sign_t(mbedtls_ssl_context *ssl, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len); - -/** - * \brief Callback type: start external decryption operation. - * - * This callback is called during an SSL handshake to start - * an RSA decryption operation using an - * external processor. The parameter \p cert contains - * the public key; it is up to the callback function to - * determine how to access the associated private key. - * - * This function typically sends or enqueues a request, and - * does not wait for the operation to complete. This allows - * the handshake step to be non-blocking. - * - * The parameters \p ssl and \p cert are guaranteed to remain - * valid throughout the handshake. On the other hand, this - * function must save the contents of \p input if the value - * is needed for later processing, because the \p input buffer - * is no longer valid after this function returns. - * - * This function may call mbedtls_ssl_set_async_operation_data() - * to store an operation context for later retrieval - * by the resume or cancel callback. - * - * \warning RSA decryption as used in TLS is subject to a potential - * timing side channel attack first discovered by Bleichenbacher - * in 1998. This attack can be remotely exploitable - * in practice. To avoid this attack, you must ensure that - * if the callback performs an RSA decryption, the time it - * takes to execute and return the result does not depend - * on whether the RSA decryption succeeded or reported - * invalid padding. - * - * \param ssl The SSL connection instance. It should not be - * modified other than via - * mbedtls_ssl_set_async_operation_data(). - * \param cert Certificate containing the public key. - * In simple cases, this is one of the pointers passed to - * mbedtls_ssl_conf_own_cert() when configuring the SSL - * connection. However, if other callbacks are used, this - * property may not hold. For example, if an SNI callback - * is registered with mbedtls_ssl_conf_sni(), then - * this callback determines what certificate is used. - * \param input Buffer containing the input ciphertext. This buffer - * is no longer valid when the function returns. - * \param input_len Size of the \p input buffer in bytes. - * - * \return 0 if the operation was started successfully and the SSL - * stack should call the resume callback immediately. - * \return #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation - * was started successfully and the SSL stack should return - * immediately without calling the resume callback yet. - * \return #MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH if the external - * processor does not support this key. The SSL stack will - * use the private key object instead. - * \return Any other error indicates a fatal failure and is - * propagated up the call chain. The callback should - * use \c MBEDTLS_ERR_PK_xxx error codes, and must not - * use \c MBEDTLS_ERR_SSL_xxx error codes except as - * directed in the documentation of this callback. - */ -typedef int mbedtls_ssl_async_decrypt_t(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - const unsigned char *input, - size_t input_len); #endif /* MBEDTLS_X509_CRT_PARSE_C */ /** @@ -1071,8 +1006,7 @@ typedef int mbedtls_ssl_async_decrypt_t(mbedtls_ssl_context *ssl, * * This callback is called during an SSL handshake to resume * an external operation started by the - * ::mbedtls_ssl_async_sign_t or - * ::mbedtls_ssl_async_decrypt_t callback. + * ::mbedtls_ssl_async_sign_t callback. * * This function typically checks the status of a pending * request or causes the request queue to make progress, and @@ -1538,7 +1472,6 @@ struct mbedtls_ssl_config { #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */ - mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */ mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */ @@ -2854,17 +2787,10 @@ static inline uintptr_t mbedtls_ssl_get_user_data_n( * external processor does not support any signature * operation; in this case the private key object * associated with the certificate will be used. - * \param f_async_decrypt Callback to start a decryption operation. See - * the description of ::mbedtls_ssl_async_decrypt_t - * for more information. This may be \c NULL if the - * external processor does not support any decryption - * operation; in this case the private key object - * associated with the certificate will be used. * \param f_async_resume Callback to resume an asynchronous operation. See * the description of ::mbedtls_ssl_async_resume_t * for more information. This may not be \c NULL unless - * \p f_async_sign and \p f_async_decrypt are both - * \c NULL. + * \p f_async_sign is \c NULL. * \param f_async_cancel Callback to cancel an asynchronous operation. See * the description of ::mbedtls_ssl_async_cancel_t * for more information. This may be \c NULL if @@ -2876,7 +2802,6 @@ static inline uintptr_t mbedtls_ssl_get_user_data_n( */ void mbedtls_ssl_conf_async_private_cb(mbedtls_ssl_config *conf, mbedtls_ssl_async_sign_t *f_async_sign, - mbedtls_ssl_async_decrypt_t *f_async_decrypt, mbedtls_ssl_async_resume_t *f_async_resume, mbedtls_ssl_async_cancel_t *f_async_cancel, void *config_data); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 164a23037a..d12cee3ceb 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -985,7 +985,6 @@ struct mbedtls_ssl_handshake_params { #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) /** Asynchronous operation context. This field is meant for use by the * asynchronous operation callbacks (mbedtls_ssl_config::f_async_sign_start, - * mbedtls_ssl_config::f_async_decrypt_start, * mbedtls_ssl_config::f_async_resume, mbedtls_ssl_config::f_async_cancel). * The library does not use it internally. */ void *user_async_ctx; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5cfb83968a..46fb92464d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2737,13 +2737,11 @@ void mbedtls_ssl_set_export_keys_cb(mbedtls_ssl_context *ssl, void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf, mbedtls_ssl_async_sign_t *f_async_sign, - mbedtls_ssl_async_decrypt_t *f_async_decrypt, mbedtls_ssl_async_resume_t *f_async_resume, mbedtls_ssl_async_cancel_t *f_async_cancel, void *async_config_data) { conf->f_async_sign_start = f_async_sign; - conf->f_async_decrypt_start = f_async_decrypt; conf->f_async_resume = f_async_resume; conf->f_async_cancel = f_async_cancel; conf->p_async_config_data = async_config_data; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 5a143fc3ba..542d1f0957 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -693,7 +693,6 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, int key_type_matches = 0; #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) key_type_matches = ((ssl->conf->f_async_sign_start != NULL || - ssl->conf->f_async_decrypt_start != NULL || mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage)) && mbedtls_pk_can_do_ext(&cur->cert->pk, pk_alg, pk_usage)); #else diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d5c2a63ff7..6ed073eef5 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -348,10 +348,10 @@ int main(void) #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */ #define USAGE_KEY_OPAQUE_ALGS \ - " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \ + " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \ " comma-separated pair of values among the following:\n" \ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ - " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \ + " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \ " ecdsa-sign, ecdh, none (only acceptable for\n" \ " the second value).\n" \ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a81cc88c0c..8a0e18aefd 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -210,7 +210,7 @@ int main(void) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #define USAGE_SSL_ASYNC \ - " async_operations=%%c... d=decrypt, s=sign (default: -=off)\n" \ + " async_operations=%%c... s=sign (default: -=off)\n" \ " async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \ " async_private_delay2=%%d Asynchronous delay for key_file2 and sni\n" \ " default: -1 (not asynchronous)\n" \ @@ -478,13 +478,13 @@ int main(void) " key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \ " comma-separated pair of values among the following:\n" \ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ - " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \ + " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \ " ecdsa-sign, ecdh, none (only acceptable for\n" \ " the second value).\n" \ " key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \ " comma-separated pair of values among the following:\n" \ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \ - " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \ + " rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \ " ecdsa-sign, ecdh, none (only acceptable for\n" \ " the second value).\n" #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -1227,16 +1227,6 @@ static int ssl_async_sign(mbedtls_ssl_context *ssl, hash, hash_len); } -static int ssl_async_decrypt(mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - const unsigned char *input, - size_t input_len) -{ - return ssl_async_start(ssl, cert, - ASYNC_OP_DECRYPT, MBEDTLS_MD_NONE, - input, input_len); -} - static int ssl_async_resume(mbedtls_ssl_context *ssl, unsigned char *output, size_t *output_len, @@ -1257,12 +1247,6 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl, } switch (ctx->operation_type) { - case ASYNC_OP_DECRYPT: - ret = mbedtls_pk_decrypt(key_slot->pk, - ctx->input, ctx->input_len, - output, output_len, output_size, - config_data->f_rng, config_data->p_rng); - break; case ASYNC_OP_SIGN: ret = mbedtls_pk_sign(key_slot->pk, ctx->md_alg, @@ -3118,13 +3102,9 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if (opt.async_operations[0] != '-') { mbedtls_ssl_async_sign_t *sign = NULL; - mbedtls_ssl_async_decrypt_t *decrypt = NULL; const char *r; for (r = opt.async_operations; *r; r++) { switch (*r) { - case 'd': - decrypt = ssl_async_decrypt; - break; case 's': sign = ssl_async_sign; break; @@ -3137,7 +3117,6 @@ int main(int argc, char *argv[]) ssl_async_keys.p_rng = &rng; mbedtls_ssl_conf_async_private_cb(&conf, sign, - decrypt, ssl_async_resume, ssl_async_cancel, &ssl_async_keys); diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 2c68489ba6..acc01a2182 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -197,7 +197,6 @@ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2) strcmp(*alg1, "rsa-sign-pss-sha256") != 0 && strcmp(*alg1, "rsa-sign-pss-sha384") != 0 && strcmp(*alg1, "rsa-sign-pss-sha512") != 0 && - strcmp(*alg1, "rsa-decrypt") != 0 && strcmp(*alg1, "ecdsa-sign") != 0 && strcmp(*alg1, "ecdh") != 0) { return 1; @@ -208,7 +207,6 @@ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2) strcmp(*alg1, "rsa-sign-pss-sha256") != 0 && strcmp(*alg1, "rsa-sign-pss-sha384") != 0 && strcmp(*alg1, "rsa-sign-pss-sha512") != 0 && - strcmp(*alg2, "rsa-decrypt") != 0 && strcmp(*alg2, "ecdsa-sign") != 0 && strcmp(*alg2, "ecdh") != 0 && strcmp(*alg2, "none") != 0) { @@ -245,9 +243,6 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, } else if (strcmp(algs[i], "rsa-sign-pss-sha512") == 0) { *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_512); *usage |= PSA_KEY_USAGE_SIGN_HASH; - } else if (strcmp(algs[i], "rsa-decrypt") == 0) { - *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT; - *usage |= PSA_KEY_USAGE_DECRYPT; } else if (strcmp(algs[i], "ecdsa-sign") == 0) { *psa_algs[i] = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); *usage |= PSA_KEY_USAGE_SIGN_HASH; diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index bc5cce51a0..c001a2afa1 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -202,7 +202,6 @@ int rng_get(void *p_rng, unsigned char *output, size_t output_len); * Coma-separated pair of values among the following: * - "rsa-sign-pkcs1" * - "rsa-sign-pss" - * - "rsa-decrypt" * - "ecdsa-sign" * - "ecdh" * - "none" (only acceptable for the second value). From 3ead04a12dd70107c2e3e57e238c648045f52934 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 27 Feb 2025 14:30:35 +0100 Subject: [PATCH 0314/1548] Remove/migrate tests for key exchange based on decryption Signed-off-by: Gabor Mezei --- tests/ssl-opt.sh | 57 ++++++++---------------------------------------- 1 file changed, 9 insertions(+), 48 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7692017784..222895f22b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2305,20 +2305,6 @@ run_test "Opaque key for server authentication: ECDH-" \ -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid key: decrypt with ECC key, no async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=rsa-decrypt,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "error" \ - -c "error" \ - -c "Public key type mismatch" - requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_RSA_C @@ -2335,20 +2321,6 @@ run_test "Opaque key for server authentication: invalid key: ecdh with RSA ke -c "error" \ -c "Public key type mismatch" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key, async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=rsa-decrypt,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "got ciphersuites in common, but none of them usable" \ - -s "error" \ - -c "error" - requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE @@ -2437,8 +2409,8 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: no suitable algorithm found" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,none" \ - "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ + "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,none" \ + "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ 1 \ -c "key type: Opaque" \ -s "key types: Opaque, Opaque" \ @@ -2450,8 +2422,8 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: suitable algorithm found" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ - "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ + "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ + "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ 0 \ -c "key type: Opaque" \ -s "key types: Opaque, Opaque" \ @@ -2477,8 +2449,8 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ - "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ + "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=rsa-sign-pkcs1,none key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ + "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ 0 \ -c "key type: Opaque" \ -s "key types: Opaque, Opaque" \ @@ -7723,12 +7695,12 @@ run_test "keyUsage srv 1.2: RSA, digitalSignature -> ECDHE-RSA" \ 0 \ -c "Ciphersuite is TLS-ECDHE-RSA-WITH-" -run_test "keyUsage srv 1.2: RSA, keyEncipherment -> RSA" \ +run_test "keyUsage srv 1.2: RSA, keyEncipherment -> fail" \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ crt_file=$DATA_FILES_PATH/server2.ku-ke.crt" \ "$P_CLI" \ - 0 \ - -c "Ciphersuite is TLS-RSA-WITH-" + 1 \ + -C "Ciphersuite is " run_test "keyUsage srv 1.2: RSA, keyAgreement -> fail" \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ @@ -8860,17 +8832,6 @@ run_test "ECJPAKE: working, DTLS, nolog" \ # Test for ClientHello without extensions -# Without extensions, ECC is impossible (no curve negotiation). -requires_config_enabled MBEDTLS_RSA_C -requires_gnutls -run_test "ClientHello without extensions: RSA" \ - "$P_SRV force_version=tls12 debug_level=3" \ - "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \ - 0 \ - -s "Ciphersuite is .*-RSA-WITH-.*" \ - -S "Ciphersuite is .*-EC.*" \ - -s "dumping 'client hello extensions' (0 bytes)" - requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED requires_gnutls run_test "ClientHello without extensions: PSK" \ From 58535da8d09ea178d44f6992a8b0771c076784a4 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 3 Mar 2025 15:43:50 +0100 Subject: [PATCH 0315/1548] Only check for certificates if it is supported Signed-off-by: Gabor Mezei --- library/ssl_tls12_server.c | 6 +++++- programs/ssl/ssl_test_common_source.c | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 542d1f0957..fb88cf2956 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -654,6 +654,7 @@ static int ssl_check_key_curve(mbedtls_pk_context *pk, * Try picking a certificate for this ciphersuite, * return 0 on success and -1 on failure. */ +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_pick_cert(mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info) @@ -744,6 +745,8 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, return -1; } +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ + #endif /* MBEDTLS_X509_CRT_PARSE_C */ /* @@ -806,6 +809,8 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, } #endif +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) + #if defined(MBEDTLS_X509_CRT_PARSE_C) /* * Final check: if ciphersuite requires us to have a @@ -821,7 +826,6 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, } #endif -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* If the ciphersuite requires signing, check whether * a suitable hash algorithm is present. */ sig_type = mbedtls_ssl_get_ciphersuite_sig_alg(suite_info); diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 6c7eed5e58..354e97ef90 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -315,6 +315,7 @@ uint16_t ssl_sig_algs_for_test[] = { }; #endif /* MBEDTLS_X509_CRT_PARSE_C */ +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if defined(MBEDTLS_X509_CRT_PARSE_C) /** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function * for more info. @@ -352,7 +353,6 @@ static int x509_crt_verify_info(char *buf, size_t size, const char *prefix, } #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) static void mbedtls_print_supported_sig_algs(void) { mbedtls_printf("supported signature algorithms:\n"); From 47c6277480739494f6edb0d6f5f3b9eee7c11ff8 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 7 Mar 2025 13:42:04 +0100 Subject: [PATCH 0316/1548] Update dependencies Let the TLS context serialiazation tests to run with other than RSA ciphersuites. Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 6b491d4ceb..00283082f5 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2858,7 +2858,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG */ void resize_buffers_serialize_mfl(int mfl) { /* Choose an AEAD ciphersuite */ From aeea5e65af31b09f5e8df0262cff970eab9fb461 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 10 Mar 2025 13:05:28 +0100 Subject: [PATCH 0317/1548] Add changelog entry Signed-off-by: Gabor Mezei --- ChangeLog.d/remove_RSA_key_exchange.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/remove_RSA_key_exchange.txt diff --git a/ChangeLog.d/remove_RSA_key_exchange.txt b/ChangeLog.d/remove_RSA_key_exchange.txt new file mode 100644 index 0000000000..a0513a104c --- /dev/null +++ b/ChangeLog.d/remove_RSA_key_exchange.txt @@ -0,0 +1,2 @@ +Removals + * Remove support for the RSA key exchange in TLS 1.2. \ No newline at end of file From 817a1553b9d0e07a8e9fef37a582a8b1471b8fb6 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 10 Mar 2025 16:58:17 +0100 Subject: [PATCH 0318/1548] Add missing newline Signed-off-by: Gabor Mezei --- ChangeLog.d/remove_RSA_key_exchange.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/remove_RSA_key_exchange.txt b/ChangeLog.d/remove_RSA_key_exchange.txt index a0513a104c..f9baaf1701 100644 --- a/ChangeLog.d/remove_RSA_key_exchange.txt +++ b/ChangeLog.d/remove_RSA_key_exchange.txt @@ -1,2 +1,2 @@ Removals - * Remove support for the RSA key exchange in TLS 1.2. \ No newline at end of file + * Remove support for the RSA key exchange in TLS 1.2. From 9ee58e43e151814cf024910fef2eb7033d5d374e Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 10 Mar 2025 22:31:35 +0100 Subject: [PATCH 0319/1548] Update test dependencies Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 00283082f5..7f4c65cfbe 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2825,7 +2825,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, int serialize, int dtls, char *cipher) { @@ -2858,7 +2858,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG */ void resize_buffers_serialize_mfl(int mfl) { /* Choose an AEAD ciphersuite */ @@ -2890,7 +2890,7 @@ void resize_buffers_serialize_mfl(int mfl) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation, char *cipher) { From 10018fc82e6955ab53310e85dbe8177f2c4e722e Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 12 Mar 2025 12:05:35 +0100 Subject: [PATCH 0320/1548] Do not remeove macro from design doc Signed-off-by: Gabor Mezei --- docs/proposed/config-split.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index 6f3b5bd246..1baab356b2 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -396,6 +396,7 @@ PSA_WANT_\* macros as in current `crypto_config.h`. #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #define MBEDTLS_SSL_ALL_ALERT_MESSAGES #define MBEDTLS_SSL_ALPN //#define MBEDTLS_SSL_ASYNC_PRIVATE From 1ac784c5a5a633a43a13fd7a15e098127bf0defa Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 20 Mar 2025 09:15:47 +0100 Subject: [PATCH 0321/1548] Fix test case migration Signed-off-by: Gabor Mezei --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 222895f22b..0634c26a67 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2449,7 +2449,7 @@ requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \ - "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=rsa-sign-pkcs1,none key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ + "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ 0 \ -c "key type: Opaque" \ From 5ba9b57cbd699b0e2e9fd7875635b949e6a5900f Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 20 Mar 2025 09:17:05 +0100 Subject: [PATCH 0322/1548] Convert test function to a static function The `resize_buffers` function is no more used as a test function to convert it to a static function. Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ssl.function | 78 +++++++++++++++------------- 1 file changed, 42 insertions(+), 36 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 7f4c65cfbe..3f84458797 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -63,6 +63,45 @@ exit: } #endif +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ + defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ + defined(PSA_WANT_ECC_SECP_R1_384) && \ + defined(PSA_WANT_ALG_SHA_256) +/* + * Test function to perform a handshake using the mfl extension and with + * setting the resize buffer option. + */ +static void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, + int serialize, int dtls, char *cipher) +{ + mbedtls_test_handshake_test_options options; + mbedtls_test_init_handshake_options(&options); + + options.mfl = mfl; + options.cipher = cipher; + options.renegotiate = renegotiation; + options.legacy_renegotiation = legacy_renegotiation; + options.serialize = serialize; + options.dtls = dtls; + if (dtls) { + options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; + } + options.resize_buffers = 1; + + const mbedtls_ssl_ciphersuite_t *ciphersuite = + mbedtls_ssl_ciphersuite_from_string(cipher); + if (ciphersuite != NULL) { + options.pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite); + } + + mbedtls_test_ssl_perform_handshake(&options); + + mbedtls_test_free_handshake_options(&options); +} + +#endif + #if defined(PSA_WANT_ALG_GCM) || defined(PSA_WANT_ALG_CHACHA20_POLY1305) #define TEST_GCM_OR_CHACHAPOLY_ENABLED #endif @@ -2825,39 +2864,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ -void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, - int serialize, int dtls, char *cipher) -{ - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - - options.mfl = mfl; - options.cipher = cipher; - options.renegotiate = renegotiation; - options.legacy_renegotiation = legacy_renegotiation; - options.serialize = serialize; - options.dtls = dtls; - if (dtls) { - options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; - } - options.resize_buffers = 1; - - const mbedtls_ssl_ciphersuite_t *ciphersuite = - mbedtls_ssl_ciphersuite_from_string(cipher); - if (ciphersuite != NULL) { - options.pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite); - } - - mbedtls_test_ssl_perform_handshake(&options); - - /* The goto below is used to avoid an "unused label" warning.*/ - goto exit; -exit: - mbedtls_test_free_handshake_options(&options); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_AEAD_ALG */ void resize_buffers_serialize_mfl(int mfl) { @@ -2885,8 +2891,8 @@ void resize_buffers_serialize_mfl(int mfl) TEST_ASSERT(ciphersuite != NULL); - test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, - (char *) ciphersuite->name); + resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, + (char *) ciphersuite->name); } /* END_CASE */ @@ -2894,7 +2900,7 @@ void resize_buffers_serialize_mfl(int mfl) void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation, char *cipher) { - test_resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher); + resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher); /* The goto below is used to avoid an "unused label" warning.*/ goto exit; } From 2c7f38823deefd51981dbe17faed98c86714f7f7 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 20 Mar 2025 17:56:11 +0100 Subject: [PATCH 0323/1548] Update framework Signed-off-by: Gabor Mezei --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index cab0c5fe19..72b5acd590 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit cab0c5fe19d5747cb9603552b80ebe64b9c67fdd +Subproject commit 72b5acd590097ee9d108b024bf727d752d18f97d From 998760ae5db2330a6d2f09c4464cc47d2fe9b061 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Mon, 24 Mar 2025 11:37:33 +0000 Subject: [PATCH 0324/1548] Define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS in every sample program Add #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS to every sample program before the first include so that mbedtls doesn't break with future privatization work. Signed-off-by: Felix Conway --- programs/aes/crypt_and_hash.c | 1 + programs/cipher/cipher_aead_demo.c | 2 ++ programs/fuzz/fuzz_client.c | 2 ++ programs/fuzz/fuzz_dtlsclient.c | 2 ++ programs/fuzz/fuzz_dtlsserver.c | 2 ++ programs/fuzz/fuzz_pkcs7.c | 2 ++ programs/fuzz/fuzz_privkey.c | 2 ++ programs/fuzz/fuzz_pubkey.c | 2 ++ programs/fuzz/fuzz_server.c | 2 ++ programs/fuzz/fuzz_x509crl.c | 2 ++ programs/fuzz/fuzz_x509crt.c | 2 ++ programs/fuzz/fuzz_x509csr.c | 2 ++ programs/fuzz/onefile.c | 2 ++ programs/hash/generic_sum.c | 2 ++ programs/hash/hello.c | 2 ++ programs/hash/md_hmac_demo.c | 2 ++ programs/pkey/dh_genprime.c | 2 ++ programs/pkey/ecdh_curve25519.c | 2 ++ programs/pkey/ecdsa.c | 2 ++ programs/pkey/gen_key.c | 2 ++ programs/pkey/key_app.c | 2 ++ programs/pkey/key_app_writer.c | 2 ++ programs/pkey/mpi_demo.c | 2 ++ programs/pkey/pk_decrypt.c | 2 ++ programs/pkey/pk_encrypt.c | 2 ++ programs/pkey/pk_sign.c | 2 ++ programs/pkey/pk_verify.c | 2 ++ programs/pkey/rsa_decrypt.c | 2 ++ programs/pkey/rsa_encrypt.c | 2 ++ programs/pkey/rsa_genkey.c | 2 ++ programs/pkey/rsa_sign.c | 2 ++ programs/pkey/rsa_sign_pss.c | 2 ++ programs/pkey/rsa_verify.c | 2 ++ programs/pkey/rsa_verify_pss.c | 2 ++ programs/random/gen_entropy.c | 2 ++ programs/random/gen_random_ctr_drbg.c | 2 ++ programs/ssl/dtls_client.c | 2 ++ programs/ssl/dtls_server.c | 2 ++ programs/ssl/mini_client.c | 2 ++ programs/ssl/ssl_client1.c | 2 ++ programs/ssl/ssl_context_info.c | 2 ++ programs/ssl/ssl_fork_server.c | 2 ++ programs/ssl/ssl_mail_client.c | 2 ++ programs/ssl/ssl_pthread_server.c | 2 ++ programs/ssl/ssl_server.c | 2 ++ programs/test/cmake_package/cmake_package.c | 2 ++ programs/test/cmake_package_install/cmake_package_install.c | 2 ++ programs/test/cmake_subproject/cmake_subproject.c | 2 ++ programs/test/dlopen.c | 2 ++ programs/test/selftest.c | 2 ++ programs/test/udp_proxy.c | 2 ++ programs/util/pem2der.c | 2 ++ programs/util/strerror.c | 2 ++ programs/wince_main.c | 2 ++ programs/x509/cert_app.c | 2 ++ programs/x509/cert_req.c | 2 ++ programs/x509/cert_write.c | 2 ++ programs/x509/crl_app.c | 2 ++ programs/x509/load_roots.c | 2 ++ programs/x509/req_app.c | 2 ++ 60 files changed, 119 insertions(+) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index b2cd704710..e3bfb3c615 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -10,6 +10,7 @@ * set before mbedtls_config.h, which pulls in glibc's features.h indirectly. * Harmless on other platforms. */ #define _POSIX_C_SOURCE 200112L +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/build_info.h" diff --git a/programs/cipher/cipher_aead_demo.c b/programs/cipher/cipher_aead_demo.c index 83fcce5878..533af34fc5 100644 --- a/programs/cipher/cipher_aead_demo.c +++ b/programs/cipher/cipher_aead_demo.c @@ -31,6 +31,8 @@ /* First include Mbed TLS headers to get the Mbed TLS configuration and * platform definitions that we'll use in this program. Also include * standard C headers for functions we'll use here. */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/cipher.h" diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 07ca96efa8..209422399f 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index 6581dcb1e6..e667d8b3d0 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include #include #include diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index d215f7ac7f..404c4ad304 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include #include #include diff --git a/programs/fuzz/fuzz_pkcs7.c b/programs/fuzz/fuzz_pkcs7.c index 38b4dc1399..9ec9351794 100644 --- a/programs/fuzz/fuzz_pkcs7.c +++ b/programs/fuzz/fuzz_pkcs7.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include #include "mbedtls/pkcs7.h" #include "common.h" diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index 753096406d..1a5fbba9ae 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include #include #include diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index b2500e57c2..69e85e0380 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include #include #include "mbedtls/pk.h" diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 09436542e6..64fe32d268 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index e8dacd90b6..2840fbbb0c 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include #include "mbedtls/x509_crl.h" #include "common.h" diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index 74d3b077c6..29331b94d4 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include #include "mbedtls/x509_crt.h" #include "common.h" diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 4c123f8e0d..e0aaabc019 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include #include "mbedtls/x509_csr.h" #include "common.h" diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c index 2d4330abc3..6c02a641da 100644 --- a/programs/fuzz/onefile.c +++ b/programs/fuzz/onefile.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include #include #include diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index 3fd2b00891..ac776deb87 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/hash/hello.c b/programs/hash/hello.c index 8caae88518..19408f37fe 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/hash/md_hmac_demo.c b/programs/hash/md_hmac_demo.c index 494e9efaa4..0fe0700ce4 100644 --- a/programs/hash/md_hmac_demo.c +++ b/programs/hash/md_hmac_demo.c @@ -26,6 +26,8 @@ /* First include Mbed TLS headers to get the Mbed TLS configuration and * platform definitions that we'll use in this program. Also include * standard C headers for functions we'll use here. */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/md.h" diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index 6872e61e33..ebaf9265f3 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index fedfcc9fe8..952d487c9e 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index 5664b8c4e5..a4988b0b48 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 99999c7a5b..f1ed511241 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index d01aa88525..b064078016 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index d34cbe1fb0..b9b477b839 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c index e83aa3259c..a9c3190bf3 100644 --- a/programs/pkey/mpi_demo.c +++ b/programs/pkey/mpi_demo.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 3dbfde02bc..a7b9001fc9 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index a3a7c1b4db..28a849b38f 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index c1640d66a3..af52583201 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 7b88cabf89..8ae612bdf6 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index a84af50d78..c2c313ac1a 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 6538f8a999..e1ed252bb2 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index dc58215f79..3dfa8529eb 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index 0e32e13d96..e88e4e33b6 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 430536a554..e4f27f337a 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index e3f32bb4d2..af6156cdba 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 4b5336d706..2bb140fe4e 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c index 887b2c9883..eb85b62690 100644 --- a/programs/random/gen_entropy.c +++ b/programs/random/gen_entropy.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index 0eecf0ad49..793c8ac88c 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index f7f417f741..3277e525f8 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index e881c91aee..d1c2a8c1c6 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index cac630e29e..39d07ab378 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -6,6 +6,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index a6ab8587b4..bd2572bc21 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index cbe9c6dccc..63391cd01e 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/debug.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 1bd18c1f19..b9598585bf 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index bdeef9b655..d3354caf73 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -11,6 +11,8 @@ #define _POSIX_C_SOURCE 200112L #define _XOPEN_SOURCE 600 +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index d8213cb14e..a1c583aabc 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -6,6 +6,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 9a90d1d440..4b101d39ad 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/test/cmake_package/cmake_package.c b/programs/test/cmake_package/cmake_package.c index 729800ad88..f7d5230f46 100644 --- a/programs/test/cmake_package/cmake_package.c +++ b/programs/test/cmake_package/cmake_package.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/test/cmake_package_install/cmake_package_install.c b/programs/test/cmake_package_install/cmake_package_install.c index 44a2adadf5..fb68883fee 100644 --- a/programs/test/cmake_package_install/cmake_package_install.c +++ b/programs/test/cmake_package_install/cmake_package_install.c @@ -6,6 +6,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c index 8b4f18e288..efab789553 100644 --- a/programs/test/cmake_subproject/cmake_subproject.c +++ b/programs/test/cmake_subproject/cmake_subproject.c @@ -6,6 +6,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index 3a0f37d4ba..ec4ee7ea77 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 41252b6e4c..546716f12d 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/entropy.h" diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 43d2e8cf73..6e9ebf9a28 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -12,6 +12,8 @@ */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #if defined(MBEDTLS_PLATFORM_C) diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index 177365b87c..9515ed43d2 100644 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/util/strerror.c b/programs/util/strerror.c index 316f28614b..e20bed6e8f 100644 --- a/programs/util/strerror.c +++ b/programs/util/strerror.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/wince_main.c b/programs/wince_main.c index e817b9f5f5..de11162291 100644 --- a/programs/wince_main.c +++ b/programs/wince_main.c @@ -7,6 +7,8 @@ #if defined(_WIN32_WCE) +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include extern int main(int, const char **); diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index cb1e5bc4e7..1de439ce8b 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 0dc4c971c7..1be335c0ad 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index b15e2818c5..5993f24657 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index 5e3fd5a941..fee8b693ce 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index d14537fd47..2ae7c9b017 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index fff0983f0e..2929d687d4 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -5,6 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" From a7e14dc9eb764f529aa915b0f69e4005c5c54b4f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 16 Sep 2024 13:10:11 +0200 Subject: [PATCH 0325/1548] Don't expect added error codes Signed-off-by: Gilles Peskine --- library/ssl_tls.c | 2 +- library/ssl_tls13_generic.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 46fb92464d..7eb181e373 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7004,7 +7004,7 @@ static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ switch (ret) { case 0: /*ok*/ - case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND: + case MBEDTLS_ERR_OID_NOT_FOUND: /* Ignore certificate with an unknown algorithm: maybe a prior certificate was already trusted. */ break; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 6a7d502723..1076dea393 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -518,7 +518,7 @@ int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl, switch (ret) { case 0: /*ok*/ break; - case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND: + case MBEDTLS_ERR_OID_NOT_FOUND: /* Ignore certificate with an unknown algorithm: maybe a prior certificate was already trusted. */ break; From c8c1a393e0eb338c600645ce389f46e4a48435fa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 24 Jan 2025 15:42:17 +0100 Subject: [PATCH 0326/1548] Changelog entry for error code space unification Signed-off-by: Gilles Peskine --- ChangeLog.d/error-unification.txt | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 ChangeLog.d/error-unification.txt diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt new file mode 100644 index 0000000000..e1790d29d2 --- /dev/null +++ b/ChangeLog.d/error-unification.txt @@ -0,0 +1,7 @@ +API changes + * The PSA and Mbed TLS error space are now unified. This means that + mbedtls_xxx() functions can return PSA_ERROR_xxx values. + There is no longer a distinction between "low-level" and "high-level" + Mbed TLS error codes.. + This will not affect most applications since in both cases, the + error values are between -32767 and -1 as before. From 275951292c138072366a34a6408bd1d152045929 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 24 Jan 2025 14:53:49 +0100 Subject: [PATCH 0327/1548] Update crypto submodule Signed-off-by: Gilles Peskine --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 399c5f9e1d..332798582b 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 399c5f9e1d71cb177eb0c16cb934755b409abe23 +Subproject commit 332798582bccda6e5f90dbe85dd8898d5dbdf652 From 1ffdb18cdbc05dcc3d110540513c9bd2e570a647 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 24 Jan 2025 15:46:11 +0100 Subject: [PATCH 0328/1548] Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr() Just removed from the API. We can greatly simplify error.c but that will be for later. Signed-off-by: Gilles Peskine --- ChangeLog.d/error-unification.txt | 4 ++++ include/mbedtls/error.h | 30 ------------------------------ scripts/data_files/error.fmt | 4 ++-- 3 files changed, 6 insertions(+), 32 deletions(-) diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt index e1790d29d2..a19e60c008 100644 --- a/ChangeLog.d/error-unification.txt +++ b/ChangeLog.d/error-unification.txt @@ -5,3 +5,7 @@ API changes Mbed TLS error codes.. This will not affect most applications since in both cases, the error values are between -32767 and -1 as before. + +Removals + * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(), + since these concepts no longer exists. There is just mbedtls_strerror(). diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 8b7c19aa5f..7abb00fd03 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -30,36 +30,6 @@ extern "C" { */ void mbedtls_strerror(int errnum, char *buffer, size_t buflen); -/** - * \brief Translate the high-level part of an Mbed TLS error code into a string - * representation. - * - * This function returns a const pointer to an un-modifiable string. The caller - * must not try to modify the string. It is intended to be used mostly for - * logging purposes. - * - * \param error_code error code - * - * \return The string representation of the error code, or \c NULL if the error - * code is unknown. - */ -const char *mbedtls_high_level_strerr(int error_code); - -/** - * \brief Translate the low-level part of an Mbed TLS error code into a string - * representation. - * - * This function returns a const pointer to an un-modifiable string. The caller - * must not try to modify the string. It is intended to be used mostly for - * logging purposes. - * - * \param error_code error code - * - * \return The string representation of the error code, or \c NULL if the error - * code is unknown. - */ -const char *mbedtls_low_level_strerr(int error_code); - #ifdef __cplusplus } #endif diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index b75a9ab4ec..14522ecd20 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -20,7 +20,7 @@ HEADER_INCLUDED -const char *mbedtls_high_level_strerr(int error_code) +static const char *mbedtls_high_level_strerr(int error_code) { int high_level_error_code; @@ -43,7 +43,7 @@ const char *mbedtls_high_level_strerr(int error_code) return NULL; } -const char *mbedtls_low_level_strerr(int error_code) +static const char *mbedtls_low_level_strerr(int error_code) { int low_level_error_code; From 61621cbb5d43da24320322995a6cdc64a47fdba7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Jan 2025 12:13:36 +0100 Subject: [PATCH 0329/1548] Don't allow psa_xxx() to return MBEDTLS_ERR_XXX Signed-off-by: Gilles Peskine --- ChangeLog.d/error-unification.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt index a19e60c008..bcf5ba1f3d 100644 --- a/ChangeLog.d/error-unification.txt +++ b/ChangeLog.d/error-unification.txt @@ -1,10 +1,10 @@ API changes - * The PSA and Mbed TLS error space are now unified. This means that - mbedtls_xxx() functions can return PSA_ERROR_xxx values. + * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx() + functions can now return PSA_ERROR_xxx values. There is no longer a distinction between "low-level" and "high-level" - Mbed TLS error codes.. - This will not affect most applications since in both cases, the - error values are between -32767 and -1 as before. + Mbed TLS error codes. + This will not affect most applications since the error values are + between -32767 and -1 as before. Removals * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(), From 858b829436771176027012b46f4dd2ac5b903d5b Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 25 Mar 2025 10:06:53 +0000 Subject: [PATCH 0330/1548] Add define to fuzz/common.c and ssl/ssl_test_lib.c Signed-off-by: Felix Conway --- programs/fuzz/common.c | 2 ++ programs/ssl/ssl_test_lib.c | 1 + 2 files changed, 3 insertions(+) diff --git a/programs/fuzz/common.c b/programs/fuzz/common.c index 98aa4037b3..41fa858a41 100644 --- a/programs/fuzz/common.c +++ b/programs/fuzz/common.c @@ -1,3 +1,5 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + #include "common.h" #include #include diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index acc01a2182..6aa60fbfb6 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -8,6 +8,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "ssl_test_lib.h" From bc7cd93b5f5f685d8b313b7e7f177a32b05bcdcc Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 25 Mar 2025 14:10:10 +0000 Subject: [PATCH 0331/1548] Add missing credit for set_hostname issue Correctly credit Daniel Stenberg as the reporter of the mbedtls_ssl_set_hostname() issue. This was previously missed. Signed-off-by: David Horstmann --- ChangeLog.d/mbedtls_ssl_set_hostname.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt index f5f0fa7e05..250a5baafa 100644 --- a/ChangeLog.d/mbedtls_ssl_set_hostname.txt +++ b/ChangeLog.d/mbedtls_ssl_set_hostname.txt @@ -13,3 +13,4 @@ Security The library will now prevent the handshake and return MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME if mbedtls_ssl_set_hostname() has not been called. + Reported by Daniel Stenberg. From 440cb2aac296d07afc9ec111977bf24d54dc4061 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 5 Mar 2025 09:40:08 +0000 Subject: [PATCH 0332/1548] Remove RNG from x509 and PK remove the f_rng and p_rng parameter from x509 and PK. Signed-off-by: Ben Taylor --- include/mbedtls/x509_crt.h | 15 +------- include/mbedtls/x509_csr.h | 14 +------ library/ssl_tls12_client.c | 2 +- library/ssl_tls12_server.c | 4 +- library/ssl_tls13_generic.c | 3 +- library/x509write_crt.c | 14 ++----- library/x509write_csr.c | 21 +++-------- programs/fuzz/fuzz_dtlsserver.c | 3 +- programs/fuzz/fuzz_privkey.c | 3 +- programs/fuzz/fuzz_server.c | 3 +- programs/pkey/key_app.c | 3 +- programs/pkey/key_app_writer.c | 3 +- programs/pkey/pk_decrypt.c | 6 +-- programs/pkey/pk_encrypt.c | 3 +- programs/pkey/pk_sign.c | 6 +-- programs/pkey/rsa_sign_pss.c | 6 +-- programs/ssl/dtls_server.c | 4 +- programs/ssl/ssl_client2.c | 4 +- programs/ssl/ssl_fork_server.c | 3 +- programs/ssl/ssl_mail_client.c | 7 +--- programs/ssl/ssl_pthread_server.c | 3 +- programs/ssl/ssl_server.c | 3 +- programs/ssl/ssl_server2.c | 23 +++++------ programs/x509/cert_req.c | 12 ++---- programs/x509/cert_write.c | 20 ++++------ tests/src/test_helpers/ssl_helpers.c | 12 ++---- tests/suites/test_suite_x509write.function | 44 ++++++++++------------ 27 files changed, 83 insertions(+), 161 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 5943cfcfa5..9817d35a7d 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -1140,17 +1140,11 @@ void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx); * \param ctx certificate to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter * * \return length of data written if successful, or a specific * error code - * - * \note \p f_rng is used for the signature operation. */ -int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); +int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); #if defined(MBEDTLS_PEM_WRITE_C) /** @@ -1159,16 +1153,11 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, s * \param ctx certificate to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter * * \return 0 if successful, or a specific error code * - * \note \p f_rng is used for the signature operation. */ -int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); +int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); #endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_X509_CRT_WRITE_C */ diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 08e585f3f3..f9eb04d333 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -337,17 +337,12 @@ void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx); * \param ctx CSR to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter * * \return length of data written if successful, or a specific * error code * - * \note \p f_rng is used for the signature operation. */ -int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); +int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); #if defined(MBEDTLS_PEM_WRITE_C) /** @@ -357,16 +352,11 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, si * \param ctx CSR to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function. This must not be \c NULL. - * \param p_rng RNG parameter * * \return 0 if successful, or a specific error code * - * \note \p f_rng is used for the signature operation. */ -int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); +int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); #endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_X509_CSR_WRITE_C */ diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index c06844db76..e0743e1a6a 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2827,7 +2827,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) ssl->out_msg + 6 + offset, out_buf_len - 6 - offset, &n, - ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx)) != 0) { + rs_ctx)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index fb88cf2956..84d5994ca0 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3035,9 +3035,7 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, md_alg, hash, hashlen, ssl->out_msg + ssl->out_msglen + 2, out_buf_len - ssl->out_msglen - 2, - signature_len, - ssl->conf->f_rng, - ssl->conf->p_rng)) != 0) { + signature_len)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); return ret; } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 1076dea393..deba2ae1e0 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -978,8 +978,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, if ((ret = mbedtls_pk_sign_ext(pk_type, own_key, md_alg, verify_hash, verify_hash_len, - p + 4, (size_t) (end - (p + 4)), &signature_len, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) { MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s", mbedtls_ssl_sig_alg_to_str(*sig_alg))); MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret); diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 8a476978a1..7d207481c2 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -379,9 +379,7 @@ static int x509_write_time(unsigned char **p, unsigned char *start, } int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, - unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) + unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *sig_oid; @@ -571,8 +569,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg, - hash, hash_length, sig, sizeof(sig), &sig_len, - f_rng, p_rng)) != 0) { + hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) { return ret; } @@ -614,15 +611,12 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, #if defined(MBEDTLS_PEM_WRITE_C) int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt, - unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) + unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; - if ((ret = mbedtls_x509write_crt_der(crt, buf, size, - f_rng, p_rng)) < 0) { + if ((ret = mbedtls_x509write_crt_der(crt, buf, size)) < 0) { return ret; } diff --git a/library/x509write_csr.c b/library/x509write_csr.c index dd75d8f898..e65ddb07f4 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -131,9 +131,7 @@ int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx, static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - unsigned char *sig, size_t sig_size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) + unsigned char *sig, size_t sig_size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *sig_oid; @@ -218,8 +216,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0, - sig, sig_size, &sig_len, - f_rng, p_rng)) != 0) { + sig, sig_size, &sig_len)) != 0) { return ret; } @@ -274,9 +271,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, } int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, - size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) + size_t size) { int ret; unsigned char *sig; @@ -286,8 +281,7 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, } ret = x509write_csr_der_internal(ctx, buf, size, - sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE, - f_rng, p_rng); + sig, MBEDTLS_PK_SIGNATURE_MAX_SIZE); mbedtls_free(sig); @@ -298,15 +292,12 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, #define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n" #if defined(MBEDTLS_PEM_WRITE_C) -int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) +int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen = 0; - if ((ret = mbedtls_x509write_csr_der(ctx, buf, size, - f_rng, p_rng)) < 0) { + if ((ret = mbedtls_x509write_csr_der(ctx, buf, size)) < 0) { return ret; } diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 404c4ad304..740dea5aaf 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -82,8 +82,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) return 1; } if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - dummy_random, &ctr_drbg) != 0) { + mbedtls_test_srv_key_len, NULL, 0) != 0) { return 1; } #endif diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index 1a5fbba9ae..8055603c64 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -44,8 +44,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) goto exit; } - ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0, - dummy_random, &ctr_drbg); + ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0); if (ret == 0) { #if defined(MBEDTLS_RSA_C) if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 64fe32d268..857b1b64f9 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -91,8 +91,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) return 1; } if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - dummy_random, &ctr_drbg) != 0) { + mbedtls_test_srv_key_len, NULL, 0) != 0) { return 1; } #endif diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index b064078016..2be584266a 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -248,8 +248,7 @@ int main(int argc, char *argv[]) goto cleanup; } - ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password, - mbedtls_ctr_drbg_random, &ctr_drbg); + ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password); if (ret != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index b9b477b839..e36130bcd1 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -363,8 +363,7 @@ int main(int argc, char *argv[]) goto exit; } - ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL, - mbedtls_ctr_drbg_random, &ctr_drbg); + ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL); if (ret != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x", (unsigned int) -ret); diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index a7b9001fc9..d2bfde50f0 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -89,8 +89,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n . Reading private key from '%s'", argv[1]); fflush(stdout); - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "", - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret); goto exit; @@ -119,8 +118,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n . Decrypting the encrypted data"); fflush(stdout); - if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result), - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result))) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_decrypt returned -0x%04x\n", (unsigned int) -ret); goto exit; diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 28a849b38f..1ab2a3d60e 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -105,8 +105,7 @@ int main(int argc, char *argv[]) fflush(stdout); if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]), - buf, &olen, sizeof(buf), - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + buf, &olen, sizeof(buf))) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_encrypt returned -0x%04x\n", (unsigned int) -ret); goto exit; diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index af52583201..92d96608e3 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -85,8 +85,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n . Reading private key from '%s'", argv[1]); fflush(stdout); - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "", - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) { mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]); goto exit; } @@ -106,8 +105,7 @@ int main(int argc, char *argv[]) } if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, sizeof(buf), &olen, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + buf, sizeof(buf), &olen)) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret); goto exit; } diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index e4f27f337a..a5e06fb197 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -86,8 +86,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n . Reading private key from '%s'", argv[1]); fflush(stdout); - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "", - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) { mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]); mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret); goto exit; @@ -120,8 +119,7 @@ int main(int argc, char *argv[]) } if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, sizeof(buf), &olen, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + buf, sizeof(buf), &olen)) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_sign returned %d\n\n", ret); goto exit; } diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index d1c2a8c1c6..a10a6e6bb2 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -165,9 +165,7 @@ int main(void) (const unsigned char *) mbedtls_test_srv_key, mbedtls_test_srv_key_len, NULL, - 0, - mbedtls_ctr_drbg_random, - &ctr_drbg); + 0); if (ret != 0) { printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); goto exit; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 6ed073eef5..e4efadc0d1 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1736,12 +1736,12 @@ int main(int argc, char *argv[]) } else #if defined(MBEDTLS_FS_IO) if (strlen(opt.key_file)) { - ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd, rng_get, &rng); + ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd); } else #endif { ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_cli_key, - mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng); } + mbedtls_test_cli_key_len, NULL, 0); } if (ret != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", (unsigned int) -ret); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index b9598585bf..f1eb21f3d9 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -138,8 +138,7 @@ int main(void) } ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - mbedtls_ctr_drbg_random, &ctr_drbg); + mbedtls_test_srv_key_len, NULL, 0); if (ret != 0) { mbedtls_printf(" failed! mbedtls_pk_parse_key returned %d\n\n", ret); goto exit; diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index d3354caf73..69aefef7db 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -514,8 +514,7 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_FS_IO) if (strlen(opt.key_file)) { - ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "", - mbedtls_ctr_drbg_random, &ctr_drbg); + ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, ""); } else #endif #if defined(MBEDTLS_PEM_PARSE_C) @@ -524,9 +523,7 @@ int main(int argc, char *argv[]) (const unsigned char *) mbedtls_test_cli_key, mbedtls_test_cli_key_len, NULL, - 0, - mbedtls_ctr_drbg_random, - &ctr_drbg); + 0); } #else { diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index a1c583aabc..1214eb83fa 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -379,8 +379,7 @@ int main(void) mbedtls_pk_init(&pkey); ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - mbedtls_ctr_drbg_random, &ctr_drbg); + mbedtls_test_srv_key_len, NULL, 0); if (ret != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); goto exit; diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 4b101d39ad..0f27b8227d 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -144,8 +144,7 @@ int main(void) } ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0, - mbedtls_ctr_drbg_random, &ctr_drbg); + mbedtls_test_srv_key_len, NULL, 0); if (ret != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); goto exit; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 8a0e18aefd..556e906498 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -824,7 +824,7 @@ static sni_entry *sni_parse(char *sni_string) mbedtls_pk_init(new->key); if (mbedtls_x509_crt_parse_file(new->cert, crt_file) != 0 || - mbedtls_pk_parse_keyfile(new->key, key_file, "", rng_get, &rng) != 0) { + mbedtls_pk_parse_keyfile(new->key, key_file, "") != 0) { goto error; } @@ -1175,8 +1175,7 @@ static int ssl_async_start(mbedtls_ssl_context *ssl, * public key. */ for (slot = 0; slot < config_data->slots_used; slot++) { if (mbedtls_pk_check_pair(&cert->pk, - config_data->slots[slot].pk, - rng_get, &rng) == 0) { + config_data->slots[slot].pk) == 0) { break; } } @@ -1247,12 +1246,16 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl, } switch (ctx->operation_type) { + case ASYNC_OP_DECRYPT: + ret = mbedtls_pk_decrypt(key_slot->pk, + ctx->input, ctx->input_len, + output, output_len, output_size); + break; case ASYNC_OP_SIGN: ret = mbedtls_pk_sign(key_slot->pk, ctx->md_alg, ctx->input, ctx->input_len, - output, output_size, output_len, - config_data->f_rng, config_data->p_rng); + output, output_size, output_len); break; default: mbedtls_printf( @@ -2637,7 +2640,7 @@ int main(int argc, char *argv[]) if (strlen(opt.key_file) && strcmp(opt.key_file, "none") != 0) { key_cert_init++; if ((ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, - opt.key_pwd, rng_get, &rng)) != 0) { + opt.key_pwd)) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", (unsigned int) -ret); goto exit; @@ -2659,7 +2662,7 @@ int main(int argc, char *argv[]) if (strlen(opt.key_file2) && strcmp(opt.key_file2, "none") != 0) { key_cert_init2++; if ((ret = mbedtls_pk_parse_keyfile(&pkey2, opt.key_file2, - opt.key_pwd2, rng_get, &rng)) != 0) { + opt.key_pwd2)) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n", (unsigned int) -ret); goto exit; @@ -2686,8 +2689,7 @@ int main(int argc, char *argv[]) } if ((ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key_rsa, - mbedtls_test_srv_key_rsa_len, NULL, 0, - rng_get, &rng)) != 0) { + mbedtls_test_srv_key_rsa_len, NULL, 0)) != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", (unsigned int) -ret); goto exit; @@ -2704,8 +2706,7 @@ int main(int argc, char *argv[]) } if ((ret = mbedtls_pk_parse_key(&pkey2, (const unsigned char *) mbedtls_test_srv_key_ec, - mbedtls_test_srv_key_ec_len, NULL, 0, - rng_get, &rng)) != 0) { + mbedtls_test_srv_key_ec_len, NULL, 0)) != 0) { mbedtls_printf(" failed\n ! pk_parse_key2 returned -0x%x\n\n", (unsigned int) -ret); goto exit; diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 1be335c0ad..f09e93863a 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -109,9 +109,7 @@ struct options { mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */ } opt; -static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) +static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file) { int ret; FILE *f; @@ -119,7 +117,7 @@ static int write_certificate_request(mbedtls_x509write_csr *req, const char *out size_t len = 0; memset(output_buf, 0, 4096); - if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096, f_rng, p_rng)) < 0) { + if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096)) < 0) { return ret; } @@ -454,8 +452,7 @@ int main(int argc, char *argv[]) mbedtls_printf(" . Loading the private key ..."); fflush(stdout); - ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password, - mbedtls_ctr_drbg_random, &ctr_drbg); + ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password); if (ret != 0) { mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned %d", ret); @@ -472,8 +469,7 @@ int main(int argc, char *argv[]) mbedtls_printf(" . Writing the certificate request ..."); fflush(stdout); - if ((ret = write_certificate_request(&req, opt.output_file, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = write_certificate_request(&req, opt.output_file)) != 0) { mbedtls_printf(" failed\n ! write_certificate_request %d", ret); goto exit; } diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 5993f24657..9776dc1c37 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -206,9 +206,7 @@ struct options { int format; /* format */ } opt; -static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) +static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file) { int ret; FILE *f; @@ -218,8 +216,7 @@ static int write_certificate(mbedtls_x509write_cert *crt, const char *output_fil memset(output_buf, 0, 4096); if (opt.format == FORMAT_DER) { - ret = mbedtls_x509write_crt_der(crt, output_buf, 4096, - f_rng, p_rng); + ret = mbedtls_x509write_crt_der(crt, output_buf, 4096); if (ret < 0) { return ret; } @@ -227,8 +224,7 @@ static int write_certificate(mbedtls_x509write_cert *crt, const char *output_fil len = ret; output_start = output_buf + 4096 - len; } else { - ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096, - f_rng, p_rng); + ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096); if (ret < 0) { return ret; } @@ -780,7 +776,7 @@ int main(int argc, char *argv[]) fflush(stdout); ret = mbedtls_pk_parse_keyfile(&loaded_subject_key, opt.subject_key, - opt.subject_pwd, mbedtls_ctr_drbg_random, &ctr_drbg); + opt.subject_pwd); if (ret != 0) { mbedtls_strerror(ret, buf, sizeof(buf)); mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile " @@ -795,7 +791,7 @@ int main(int argc, char *argv[]) fflush(stdout); ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key, opt.issuer_key, - opt.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg); + opt.issuer_pwd); if (ret != 0) { mbedtls_strerror(ret, buf, sizeof(buf)); mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile " @@ -806,8 +802,7 @@ int main(int argc, char *argv[]) // Check if key and issuer certificate match // if (strlen(opt.issuer_crt)) { - if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key, - mbedtls_ctr_drbg_random, &ctr_drbg) != 0) { + if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key) != 0) { mbedtls_printf(" failed\n ! issuer_key does not match " "issuer certificate\n\n"); goto exit; @@ -984,8 +979,7 @@ int main(int argc, char *argv[]) mbedtls_printf(" . Writing the certificate..."); fflush(stdout); - if ((ret = write_certificate(&crt, opt.output_file, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { + if ((ret = write_certificate(&crt, opt.output_file)) != 0) { mbedtls_strerror(ret, buf, sizeof(buf)); mbedtls_printf(" failed\n ! write_certificate -0x%04x - %s\n\n", (unsigned int) -ret, buf); diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 3c3bb6a54a..1ebd5a6fa7 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -652,8 +652,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_srv_key_rsa_der, - mbedtls_test_srv_key_rsa_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); + mbedtls_test_srv_key_rsa_der_len, NULL, 0); TEST_ASSERT(ret == 0); } else { ret = mbedtls_x509_crt_parse( @@ -665,8 +664,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_srv_key_ec_der, - mbedtls_test_srv_key_ec_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); + mbedtls_test_srv_key_ec_der_len, NULL, 0); TEST_ASSERT(ret == 0); } } else { @@ -680,8 +678,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_cli_key_rsa_der, - mbedtls_test_cli_key_rsa_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); + mbedtls_test_cli_key_rsa_der_len, NULL, 0); TEST_ASSERT(ret == 0); } else { ret = mbedtls_x509_crt_parse( @@ -693,8 +690,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_cli_key_ec_der, - mbedtls_test_cli_key_ec_der_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL); + mbedtls_test_cli_key_ec_der_len, NULL, 0); TEST_ASSERT(ret == 0); } } diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index d1df9e3912..376cd12337 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -23,13 +23,18 @@ static int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL, olen, input, output, output_max_len); } + static int mbedtls_rsa_sign_func(void *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) { - return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, f_rng, p_rng, - md_alg, hashlen, hash, sig); + return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + md_alg, + hashlen, + hash, + sig); } static size_t mbedtls_rsa_key_len_func(void *ctx) { @@ -210,8 +215,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, mbedtls_pk_init(&key); MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL, - mbedtls_test_rnd_std_rand, NULL) == 0); + TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0); mbedtls_x509write_csr_set_md_alg(&req, md_type); mbedtls_x509write_csr_set_key(&req, &key); @@ -229,8 +233,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, TEST_ASSERT(mbedtls_x509write_csr_set_subject_alternative_name(&req, san_list) == 0); } - ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf), - mbedtls_test_rnd_pseudo_rand, &rnd_info); + ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf)); TEST_ASSERT(ret == 0); pem_len = strlen((char *) buf); @@ -254,9 +257,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf), - mbedtls_test_rnd_pseudo_rand, - &rnd_info); + der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf)); TEST_ASSERT(der_len >= 0); if (der_len == 0) { @@ -271,8 +272,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, #else der_len -= 1; #endif - ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len), - mbedtls_test_rnd_pseudo_rand, &rnd_info); + ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len)); TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); exit: @@ -306,8 +306,7 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage, memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); - TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL, - mbedtls_test_rnd_std_rand, NULL) == 0); + TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0); /* Turn the PK context into an opaque one. */ TEST_EQUAL(mbedtls_pk_get_psa_attributes(&key, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0); @@ -326,8 +325,7 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage, TEST_ASSERT(mbedtls_x509write_csr_set_ns_cert_type(&req, cert_type) == 0); } - ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1, - mbedtls_test_rnd_pseudo_rand, &rnd_info); + ret = mbedtls_x509write_csr_pem(&req, buf, sizeof(buf) - 1); TEST_ASSERT(ret == 0); @@ -431,10 +429,10 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, MD_OR_USE_PSA_INIT(); TEST_ASSERT(mbedtls_pk_parse_keyfile(&subject_key, subject_key_file, - subject_pwd, mbedtls_test_rnd_std_rand, NULL) == 0); + subject_pwd) == 0); TEST_ASSERT(mbedtls_pk_parse_keyfile(&issuer_key, issuer_key_file, - issuer_pwd, mbedtls_test_rnd_std_rand, NULL) == 0); + issuer_pwd) == 0); issuer_key_type = mbedtls_pk_get_type(&issuer_key); @@ -522,8 +520,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, if (set_subjectAltNames) { TEST_ASSERT(mbedtls_x509write_crt_set_subject_alternative_name(&crt, san_list) == 0); } - ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf), - mbedtls_test_rnd_pseudo_rand, &rnd_info); + ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf)); TEST_ASSERT(ret == 0); pem_len = strlen((char *) buf); @@ -565,9 +562,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); } - der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf), - mbedtls_test_rnd_pseudo_rand, - &rnd_info); + der_len = mbedtls_x509write_crt_der(&crt, buf, sizeof(buf)); TEST_ASSERT(der_len >= 0); if (der_len == 0) { @@ -625,8 +620,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, #endif der_len -= 1; - ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len), - mbedtls_test_rnd_pseudo_rand, &rnd_info); + ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len)); TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); exit: From 3b11f4113fa344d9f914e84aea924c44a2640cc5 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 10 Mar 2025 11:23:02 +0000 Subject: [PATCH 0333/1548] Update tf-psa-crypto to include dependencies. Signed-off-by: Ben Taylor --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 332798582b..f5b4a9ce21 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 332798582bccda6e5f90dbe85dd8898d5dbdf652 +Subproject commit f5b4a9ce21ea86c00163e175540c2f7d26c65a36 From a465aa489918743388f899f0fbc47b5e2e8e08d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 26 Mar 2025 10:08:50 +0100 Subject: [PATCH 0334/1548] The LTS branch 2.28 is now EOL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .github/pull_request_template.md | 1 - BRANCHES.md | 4 ---- 2 files changed, 5 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index a637fe4c20..e48e44beda 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -14,7 +14,6 @@ If the provided content is part of the present PR remove the # symbol. - [ ] **TF-PSA-Crypto PR** provided # | not required because: - [ ] **framework PR** provided Mbed-TLS/mbedtls-framework# | not required - [ ] **3.6 PR** provided # | not required because: -- [ ] **2.28 PR** provided # | not required because: - **tests** provided | not required because: diff --git a/BRANCHES.md b/BRANCHES.md index bcceda883a..49f7e289bb 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -11,7 +11,6 @@ At any point in time, we have a number of maintained branches, currently consist as well as all the new features and bug fixes and security fixes. - One or more long-time support (LTS) branches: these only get bug fixes and security fixes. Currently, the supported LTS branches are: -- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28). - [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6). We retain a number of historical branches, whose names are prefixed by `archive/`, @@ -108,8 +107,5 @@ The following branches are currently maintained: - [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6) maintained until March 2027, see . -- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28) - maintained until the end of 2024, see - . Users are urged to always use the latest version of a maintained branch. From ae5f6c4de1bbecaafa1eb100a7032c98b812fe28 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 11 Mar 2025 07:02:23 +0100 Subject: [PATCH 0335/1548] scripts: config.py: remove references to MBEDTLS_PSA_CRYPTO_SE_C Signed-off-by: Valerio Setti --- scripts/config.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index 3508ce4797..417f6e25a2 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -162,7 +162,6 @@ def full_adapter(name, value, active): 'MBEDTLS_PLATFORM_FPRINTF_ALT', # requires FILE* from stdio.h 'MBEDTLS_PLATFORM_NV_SEED_ALT', # requires a filesystem and ENTROPY_NV_SEED 'MBEDTLS_PLATFORM_TIME_ALT', # requires a clock and HAVE_TIME - 'MBEDTLS_PSA_CRYPTO_SE_C', # requires a filesystem and PSA_CRYPTO_STORAGE_C 'MBEDTLS_PSA_CRYPTO_STORAGE_C', # requires a filesystem 'MBEDTLS_PSA_ITS_FILE_C', # requires a filesystem 'MBEDTLS_THREADING_C', # requires a threading interface @@ -238,7 +237,6 @@ def continuation(name, value, active): return continuation DEPRECATED = frozenset([ - 'MBEDTLS_PSA_CRYPTO_SE_C', *PSA_DEPRECATED_FEATURE ]) def no_deprecated_adapter(adapter): From 9f2939c56d7407f53e2024146554bf90314c88a0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 11 Mar 2025 07:03:08 +0100 Subject: [PATCH 0336/1548] test: components: remove references to MBEDTLS_PSA_CRYPTO_SE_C Signed-off-by: Valerio Setti --- tests/scripts/components-configuration.sh | 1 - tests/scripts/components-sanitizers.sh | 4 ---- 2 files changed, 5 deletions(-) diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index cee4d632f3..2dfa6d2114 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -277,7 +277,6 @@ component_test_no_platform () { scripts/config.py unset MBEDTLS_PLATFORM_C scripts/config.py unset MBEDTLS_NET_C scripts/config.py unset MBEDTLS_FS_IO - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh index 454d1407f6..45d0960a1d 100644 --- a/tests/scripts/components-sanitizers.sh +++ b/tests/scripts/components-sanitizers.sh @@ -114,9 +114,6 @@ component_test_tsan () { # Interruptible ECC tests are not thread safe scripts/config.py unset MBEDTLS_ECP_RESTARTABLE - # The deprecated MBEDTLS_PSA_CRYPTO_SE_C interface is not thread safe. - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C - CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan . make @@ -189,4 +186,3 @@ component_release_test_valgrind_psa () { msg "test: main suites, Valgrind (full config)" make memcheck } - From ba66794fb4048b8d65587f901ad98c386a86da3f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 11 Mar 2025 12:24:32 +0100 Subject: [PATCH 0337/1548] library: remove psa_crypto_se.c from Makefile Following the removal of MBEDTLS_PSA_CRYPTO_SE_C the file was removed from tf-psa-crypto. Signed-off-by: Valerio Setti --- library/Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/library/Makefile b/library/Makefile index 61b2623e2a..1c0e4d942a 100644 --- a/library/Makefile +++ b/library/Makefile @@ -113,7 +113,6 @@ OBJS_CRYPTO= \ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o \ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_client.o \ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_se.o \ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_slot_management.o \ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_storage.o \ $(TF_PSA_CRYPTO_CORE_PATH)/psa_its_file.o \ From b33e06c56fe9c3e2e39bdb8f41eb4c0c3875d466 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 21 Mar 2025 15:32:09 +0100 Subject: [PATCH 0338/1548] tests: psasim: remove references to mbedtls_psa_register_se_key() Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/src/psa_sim_generate.pl | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 5490337cf8..5770deaa80 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -29,7 +29,6 @@ 'mbedtls_psa_get_stats', # uses unsupported type 'mbedtls_psa_inject_entropy', # not in the default config, generally not for client use anyway 'mbedtls_psa_platform_get_builtin_key', # not in the default config, uses unsupported type - 'mbedtls_psa_register_se_key', # not in the default config, generally not for client use anyway 'psa_get_key_slot_number', # not in the default config, uses unsupported type 'psa_key_derivation_verify_bytes', # not implemented yet 'psa_key_derivation_verify_key', # not implemented yet From f0ca71cb3cd180574def971d470df80e9c4e2d11 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Mar 2025 14:19:03 +0100 Subject: [PATCH 0339/1548] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 72b5acd590..2b03d62924 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 72b5acd590097ee9d108b024bf727d752d18f97d +Subproject commit 2b03d629240c0c23a0bfa5444f005b8d9b6f8ba8 From a881db924fc40e81bf3e9409981d5761956765c0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Mar 2025 14:19:17 +0100 Subject: [PATCH 0340/1548] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index f5b4a9ce21..5048bced5e 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit f5b4a9ce21ea86c00163e175540c2f7d26c65a36 +Subproject commit 5048bced5e1c000c0e3888be8126eb63a2b91937 From fc66d5876d973cc93864b8db9dbf29ff30bda755 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 20 Feb 2025 14:49:52 +0000 Subject: [PATCH 0341/1548] Delete some sample programs Signed-off-by: Ben Taylor --- ChangeLog.d/9964.txt | 25 ++ programs/.gitignore | 22 - programs/CMakeLists.txt | 4 - programs/Makefile | 100 ----- programs/README.md | 45 -- programs/aes/CMakeLists.txt | 15 - programs/aes/crypt_and_hash.c | 578 -------------------------- programs/cipher/CMakeLists.txt | 15 - programs/cipher/cipher_aead_demo.c | 261 ------------ programs/hash/CMakeLists.txt | 17 - programs/hash/generic_sum.c | 211 ---------- programs/hash/hello.c | 47 --- programs/hash/md_hmac_demo.c | 138 ------ programs/pkey/CMakeLists.txt | 13 - programs/pkey/dh_genprime.c | 163 -------- programs/pkey/ecdh_curve25519.c | 191 --------- programs/pkey/ecdsa.c | 222 ---------- programs/pkey/key_app.c | 369 ---------------- programs/pkey/key_app_writer.c | 495 ---------------------- programs/pkey/mpi_demo.c | 86 ---- programs/pkey/pk_decrypt.c | 153 ------- programs/pkey/pk_encrypt.c | 155 ------- programs/pkey/rsa_decrypt.c | 174 -------- programs/pkey/rsa_encrypt.c | 151 ------- programs/pkey/rsa_genkey.c | 143 ------- programs/pkey/rsa_sign.c | 157 ------- programs/pkey/rsa_verify.c | 136 ------ programs/random/CMakeLists.txt | 16 - programs/random/gen_entropy.c | 77 ---- programs/random/gen_random_ctr_drbg.c | 109 ----- programs/wince_main.c | 33 -- 31 files changed, 25 insertions(+), 4296 deletions(-) create mode 100644 ChangeLog.d/9964.txt delete mode 100644 programs/aes/CMakeLists.txt delete mode 100644 programs/aes/crypt_and_hash.c delete mode 100644 programs/cipher/CMakeLists.txt delete mode 100644 programs/cipher/cipher_aead_demo.c delete mode 100644 programs/hash/CMakeLists.txt delete mode 100644 programs/hash/generic_sum.c delete mode 100644 programs/hash/hello.c delete mode 100644 programs/hash/md_hmac_demo.c delete mode 100644 programs/pkey/dh_genprime.c delete mode 100644 programs/pkey/ecdh_curve25519.c delete mode 100644 programs/pkey/ecdsa.c delete mode 100644 programs/pkey/key_app.c delete mode 100644 programs/pkey/key_app_writer.c delete mode 100644 programs/pkey/mpi_demo.c delete mode 100644 programs/pkey/pk_decrypt.c delete mode 100644 programs/pkey/pk_encrypt.c delete mode 100644 programs/pkey/rsa_decrypt.c delete mode 100644 programs/pkey/rsa_encrypt.c delete mode 100644 programs/pkey/rsa_genkey.c delete mode 100644 programs/pkey/rsa_sign.c delete mode 100644 programs/pkey/rsa_verify.c delete mode 100644 programs/random/CMakeLists.txt delete mode 100644 programs/random/gen_entropy.c delete mode 100644 programs/random/gen_random_ctr_drbg.c delete mode 100644 programs/wince_main.c diff --git a/ChangeLog.d/9964.txt b/ChangeLog.d/9964.txt new file mode 100644 index 0000000000..ca0cc4b48d --- /dev/null +++ b/ChangeLog.d/9964.txt @@ -0,0 +1,25 @@ +Removals + * Removal of the following sample programs: + pkey/rsa_genkey.c + pkey/pk_decrypt.c + pkey/dh_genprime.c + pkey/rsa_verify.c + pkey/mpi_demo.c + pkey/rsa_decrypt.c + pkey/key_app.c + pkey/dh_server.c + pkey/ecdh_curve25519.c + pkey/pk_encrypt.c + pkey/rsa_sign.c + pkey/key_app_writer.c + pkey/dh_client.c + pkey/ecdsa.c + pkey/rsa_encrypt.c + wince_main.c + aes/crypt_and_hash.c + random/gen_random_ctr_drbg.c + random/gen_entropy.c + hash/md_hmac_demo.c + hash/hello.c + hash/generic_sum.c + cipher/cipher_aead_demo.c diff --git a/programs/.gitignore b/programs/.gitignore index 939e405952..7eaf38d85b 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -5,36 +5,14 @@ *.sln *.vcxproj -aes/crypt_and_hash -cipher/cipher_aead_demo -hash/generic_sum -hash/hello -hash/md_hmac_demo hash/md5sum hash/sha1sum hash/sha2sum -pkey/dh_client -pkey/dh_genprime -pkey/dh_server -pkey/ecdh_curve25519 -pkey/ecdsa pkey/gen_key -pkey/key_app -pkey/key_app_writer -pkey/mpi_demo -pkey/pk_decrypt -pkey/pk_encrypt pkey/pk_sign pkey/pk_verify -pkey/rsa_decrypt -pkey/rsa_encrypt -pkey/rsa_genkey -pkey/rsa_sign pkey/rsa_sign_pss -pkey/rsa_verify pkey/rsa_verify_pss -random/gen_entropy -random/gen_random_ctr_drbg ssl/dtls_client ssl/dtls_server ssl/mini_client diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt index 2c23c48c66..1e5b2a4b67 100644 --- a/programs/CMakeLists.txt +++ b/programs/CMakeLists.txt @@ -1,14 +1,10 @@ set(programs_target "${MBEDTLS_TARGET_PREFIX}programs") add_custom_target(${programs_target}) -add_subdirectory(aes) -add_subdirectory(cipher) if (NOT WIN32) add_subdirectory(fuzz) endif() -add_subdirectory(hash) add_subdirectory(pkey) -add_subdirectory(random) add_subdirectory(ssl) add_subdirectory(test) add_subdirectory(util) diff --git a/programs/Makefile b/programs/Makefile index 9a4237c3a1..b26429061e 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -36,28 +36,10 @@ LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs ## Note: Variables cannot be used to define an apps path. This cannot be ## substituted by the script generate_visualc_files.pl. APPS = \ - aes/crypt_and_hash \ - cipher/cipher_aead_demo \ - hash/generic_sum \ - hash/hello \ - hash/md_hmac_demo \ - pkey/dh_genprime \ - pkey/ecdh_curve25519 \ - pkey/ecdsa \ pkey/gen_key \ - pkey/key_app \ - pkey/key_app_writer \ - pkey/mpi_demo \ - pkey/pk_decrypt \ - pkey/pk_encrypt \ pkey/pk_sign \ pkey/pk_verify \ - pkey/rsa_decrypt \ - pkey/rsa_encrypt \ - pkey/rsa_genkey \ - pkey/rsa_sign \ pkey/rsa_sign_pss \ - pkey/rsa_verify \ pkey/rsa_verify_pss \ ../tf-psa-crypto/programs/psa/aead_demo \ ../tf-psa-crypto/programs/psa/crypto_examples \ @@ -65,8 +47,6 @@ APPS = \ ../tf-psa-crypto/programs/psa/key_ladder_demo \ ../tf-psa-crypto/programs/psa/psa_constant_names \ ../tf-psa-crypto/programs/psa/psa_hash \ - random/gen_entropy \ - random/gen_random_ctr_drbg \ ssl/dtls_client \ ssl/dtls_server \ ssl/mini_client \ @@ -155,62 +135,10 @@ test/query_config.c: echo " Gen $@" $(PERL) ../scripts/generate_query_config.pl -aes/crypt_and_hash$(EXEXT): aes/crypt_and_hash.c $(DEP) - echo " CC aes/crypt_and_hash.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/crypt_and_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -cipher/cipher_aead_demo$(EXEXT): cipher/cipher_aead_demo.c $(DEP) - echo " CC cipher/cipher_aead_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) cipher/cipher_aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -hash/generic_sum$(EXEXT): hash/generic_sum.c $(DEP) - echo " CC hash/generic_sum.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/generic_sum.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -hash/hello$(EXEXT): hash/hello.c $(DEP) - echo " CC hash/hello.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/hello.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -hash/md_hmac_demo$(EXEXT): hash/md_hmac_demo.c $(DEP) - echo " CC hash/md_hmac_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/md_hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/dh_genprime$(EXEXT): pkey/dh_genprime.c $(DEP) - echo " CC pkey/dh_genprime.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_genprime.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/ecdh_curve25519$(EXEXT): pkey/ecdh_curve25519.c $(DEP) - echo " CC pkey/ecdh_curve25519.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdh_curve25519.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/ecdsa$(EXEXT): pkey/ecdsa.c $(DEP) - echo " CC pkey/ecdsa.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdsa.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - pkey/gen_key$(EXEXT): pkey/gen_key.c $(DEP) echo " CC pkey/gen_key.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/gen_key.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -pkey/key_app$(EXEXT): pkey/key_app.c $(DEP) - echo " CC pkey/key_app.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/key_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/key_app_writer$(EXEXT): pkey/key_app_writer.c $(DEP) - echo " CC pkey/key_app_writer.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/key_app_writer.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/mpi_demo$(EXEXT): pkey/mpi_demo.c $(DEP) - echo " CC pkey/mpi_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/mpi_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/pk_decrypt$(EXEXT): pkey/pk_decrypt.c $(DEP) - echo " CC pkey/pk_decrypt.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_decrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/pk_encrypt$(EXEXT): pkey/pk_encrypt.c $(DEP) - echo " CC pkey/pk_encrypt.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - pkey/pk_sign$(EXEXT): pkey/pk_sign.c $(DEP) echo " CC pkey/pk_sign.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -219,18 +147,6 @@ pkey/pk_verify$(EXEXT): pkey/pk_verify.c $(DEP) echo " CC pkey/pk_verify.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -pkey/rsa_genkey$(EXEXT): pkey/rsa_genkey.c $(DEP) - echo " CC pkey/rsa_genkey.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_genkey.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_sign$(EXEXT): pkey/rsa_sign.c $(DEP) - echo " CC pkey/rsa_sign.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_verify$(EXEXT): pkey/rsa_verify.c $(DEP) - echo " CC pkey/rsa_verify.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - pkey/rsa_sign_pss$(EXEXT): pkey/rsa_sign_pss.c $(DEP) echo " CC pkey/rsa_sign_pss.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -239,14 +155,6 @@ pkey/rsa_verify_pss$(EXEXT): pkey/rsa_verify_pss.c $(DEP) echo " CC pkey/rsa_verify_pss.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -pkey/rsa_decrypt$(EXEXT): pkey/rsa_decrypt.c $(DEP) - echo " CC pkey/rsa_decrypt.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_decrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_encrypt$(EXEXT): pkey/rsa_encrypt.c $(DEP) - echo " CC pkey/rsa_encrypt.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - ../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP) echo " CC psa/aead_demo.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -271,14 +179,6 @@ pkey/rsa_encrypt$(EXEXT): pkey/rsa_encrypt.c $(DEP) echo " CC psa/psa_hash.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -random/gen_entropy$(EXEXT): random/gen_entropy.c $(DEP) - echo " CC random/gen_entropy.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_entropy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -random/gen_random_ctr_drbg$(EXEXT): random/gen_random_ctr_drbg.c $(DEP) - echo " CC random/gen_random_ctr_drbg.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_random_ctr_drbg.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - ssl/dtls_client$(EXEXT): ssl/dtls_client.c $(DEP) echo " CC ssl/dtls_client.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/programs/README.md b/programs/README.md index 2d9c187efa..9239e8a603 100644 --- a/programs/README.md +++ b/programs/README.md @@ -3,61 +3,16 @@ Mbed TLS sample programs This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs. -## Symmetric cryptography (AES) examples - -* [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface. - -## Hash (digest) examples - -* [`hash/generic_sum.c`](hash/generic_sum.c): file hash calculator and verifier, demonstrating the message digest (`md`) interface. - -* [`hash/hello.c`](hash/hello.c): hello-world program for MD5. - -## Public-key cryptography examples - ### Generic public-key cryptography (`pk`) examples * [`pkey/gen_key.c`](pkey/gen_key.c): generates a key for any of the supported public-key algorithms (RSA or ECC) and writes it to a file that can be used by the other pk sample programs. -* [`pkey/key_app.c`](pkey/key_app.c): loads a PEM or DER public key or private key file and dumps its content. - -* [`pkey/key_app_writer.c`](pkey/key_app_writer.c): loads a PEM or DER public key or private key file and writes it to a new PEM or DER file. - -* [`pkey/pk_encrypt.c`](pkey/pk_encrypt.c), [`pkey/pk_decrypt.c`](pkey/pk_decrypt.c): loads a PEM or DER public/private key file and uses the key to encrypt/decrypt a short string through the generic public-key interface. - * [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): loads a PEM or DER private/public key file and uses the key to sign/verify a short string. ### ECDSA and RSA signature examples -* [`pkey/ecdsa.c`](pkey/ecdsa.c): generates an ECDSA key, signs a fixed message and verifies the signature. - -* [`pkey/rsa_encrypt.c`](pkey/rsa_encrypt.c), [`pkey/rsa_decrypt.c`](pkey/rsa_decrypt.c): loads an RSA public/private key and uses it to encrypt/decrypt a short string through the low-level RSA interface. - -* [`pkey/rsa_genkey.c`](pkey/rsa_genkey.c): generates an RSA key and writes it to a file that can be used with the other RSA sample programs. - -* [`pkey/rsa_sign.c`](pkey/rsa_sign.c), [`pkey/rsa_verify.c`](pkey/rsa_verify.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSA PKCS#1 v1.5 algorithm. - * [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSASSA-PSS algorithm. -### Diffie-Hellman key exchange examples - -* [`pkey/ecdh_curve25519.c`](pkey/ecdh_curve25519.c): demonstration of a elliptic curve Diffie-Hellman (ECDH) key agreement. - -### Bignum (`mpi`) usage examples - -* [`pkey/dh_genprime.c`](pkey/dh_genprime.c): shows how to use the bignum (`mpi`) interface to generate Diffie-Hellman parameters. - -* [`pkey/mpi_demo.c`](pkey/mpi_demo.c): demonstrates operations on big integers. - -## Random number generator (RNG) examples - -* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data. - Note: most applications should only use the entropy generator to seed a cryptographic pseudorandom generator, as illustrated by `random/gen_random_ctr_drbg.c`. - -* [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): shows how to use the default entropy sources to seed a pseudorandom generator, and how to use the resulting random generator to generate random data. - -## SSL/TLS examples - ### SSL/TLS sample applications * [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response. diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt deleted file mode 100644 index c5128b1b4d..0000000000 --- a/programs/aes/CMakeLists.txt +++ /dev/null @@ -1,15 +0,0 @@ -set(executables - crypt_and_hash -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c deleted file mode 100644 index e3bfb3c615..0000000000 --- a/programs/aes/crypt_and_hash.c +++ /dev/null @@ -1,578 +0,0 @@ -/* - * \brief Generic file encryption program using generic wrappers for configured - * security. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* Enable definition of fileno() even when compiling with -std=c99. Must be - * set before mbedtls_config.h, which pulls in glibc's features.h indirectly. - * Harmless on other platforms. */ -#define _POSIX_C_SOURCE 200112L -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_MD_C) && \ - defined(MBEDTLS_FS_IO) -#include "mbedtls/cipher.h" -#include "mbedtls/md.h" -#include "mbedtls/platform_util.h" - -#include -#include -#include -#endif - -#if defined(_WIN32) -#include -#if !defined(_WIN32_WCE) -#include -#endif -#else -#include -#include -#endif - -#define MODE_ENCRYPT 0 -#define MODE_DECRYPT 1 - -#define USAGE \ - "\n crypt_and_hash \n" \ - "\n : 0 = encrypt, 1 = decrypt\n" \ - "\n example: crypt_and_hash 0 file file.aes AES-128-CBC SHA1 hex:E76B2413958B00E193\n" \ - "\n" - -#if !defined(MBEDTLS_CIPHER_C) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_CIPHER_C and/or MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - int ret = 1, i; - unsigned n; - int exit_code = MBEDTLS_EXIT_FAILURE; - int mode; - size_t keylen, ilen, olen; - FILE *fkey, *fin = NULL, *fout = NULL; - - char *p; - unsigned char IV[16]; - unsigned char key[512]; - unsigned char digest[MBEDTLS_MD_MAX_SIZE]; - unsigned char buffer[1024]; - unsigned char output[1024]; - unsigned char diff; - - const mbedtls_cipher_info_t *cipher_info; - const mbedtls_md_info_t *md_info; - mbedtls_cipher_context_t cipher_ctx; - mbedtls_md_context_t md_ctx; - mbedtls_cipher_mode_t cipher_mode; - unsigned int cipher_block_size; - unsigned char md_size; -#if defined(_WIN32_WCE) - long filesize, offset; -#elif defined(_WIN32) - LARGE_INTEGER li_size; - __int64 filesize, offset; -#else - off_t filesize, offset; -#endif - - mbedtls_cipher_init(&cipher_ctx); - mbedtls_md_init(&md_ctx); - - /* - * Parse the command-line arguments. - */ - if (argc != 7) { - const int *list; - - mbedtls_printf(USAGE); - - mbedtls_printf("Available ciphers:\n"); - list = mbedtls_cipher_list(); - while (*list) { - cipher_info = mbedtls_cipher_info_from_type(*list); - const char *name = mbedtls_cipher_info_get_name(cipher_info); - - if (name) { - mbedtls_printf(" %s\n", mbedtls_cipher_info_get_name(cipher_info)); - } - list++; - } - - mbedtls_printf("\nAvailable message digests:\n"); - list = mbedtls_md_list(); - while (*list) { - md_info = mbedtls_md_info_from_type(*list); - mbedtls_printf(" %s\n", mbedtls_md_get_name(md_info)); - list++; - } - - goto exit; - } - - mode = atoi(argv[1]); - - if (mode != MODE_ENCRYPT && mode != MODE_DECRYPT) { - mbedtls_fprintf(stderr, "invalid operation mode\n"); - goto exit; - } - - if (strcmp(argv[2], argv[3]) == 0) { - mbedtls_fprintf(stderr, "input and output filenames must differ\n"); - goto exit; - } - - if ((fin = fopen(argv[2], "rb")) == NULL) { - mbedtls_fprintf(stderr, "fopen(%s,rb) failed\n", argv[2]); - goto exit; - } - - if ((fout = fopen(argv[3], "wb+")) == NULL) { - mbedtls_fprintf(stderr, "fopen(%s,wb+) failed\n", argv[3]); - goto exit; - } - - /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */ - mbedtls_setbuf(fin, NULL); - mbedtls_setbuf(fout, NULL); - - /* - * Read the Cipher and MD from the command line - */ - cipher_info = mbedtls_cipher_info_from_string(argv[4]); - if (cipher_info == NULL) { - mbedtls_fprintf(stderr, "Cipher '%s' not found\n", argv[4]); - goto exit; - } - if ((ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info)) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_setup failed\n"); - goto exit; - } - - md_info = mbedtls_md_info_from_string(argv[5]); - if (md_info == NULL) { - mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[5]); - goto exit; - } - - if (mbedtls_md_setup(&md_ctx, md_info, 1) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_setup failed\n"); - goto exit; - } - - /* - * Read the secret key from file or command line - */ - if ((fkey = fopen(argv[6], "rb")) != NULL) { - keylen = fread(key, 1, sizeof(key), fkey); - fclose(fkey); - } else { - if (memcmp(argv[6], "hex:", 4) == 0) { - p = &argv[6][4]; - keylen = 0; - - while (sscanf(p, "%02X", (unsigned int *) &n) > 0 && - keylen < (int) sizeof(key)) { - key[keylen++] = (unsigned char) n; - p += 2; - } - } else { - keylen = strlen(argv[6]); - - if (keylen > (int) sizeof(key)) { - keylen = (int) sizeof(key); - } - - memcpy(key, argv[6], keylen); - } - } - -#if defined(_WIN32_WCE) - filesize = fseek(fin, 0L, SEEK_END); -#else -#if defined(_WIN32) - /* - * Support large files (> 2Gb) on Win32 - */ - li_size.QuadPart = 0; - li_size.LowPart = - SetFilePointer((HANDLE) _get_osfhandle(_fileno(fin)), - li_size.LowPart, &li_size.HighPart, FILE_END); - - if (li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR) { - mbedtls_fprintf(stderr, "SetFilePointer(0,FILE_END) failed\n"); - goto exit; - } - - filesize = li_size.QuadPart; -#else - if ((filesize = lseek(fileno(fin), 0, SEEK_END)) < 0) { - perror("lseek"); - goto exit; - } -#endif -#endif - - if (fseek(fin, 0, SEEK_SET) < 0) { - mbedtls_fprintf(stderr, "fseek(0,SEEK_SET) failed\n"); - goto exit; - } - - md_size = mbedtls_md_get_size(md_info); - cipher_block_size = mbedtls_cipher_get_block_size(&cipher_ctx); - - if (mode == MODE_ENCRYPT) { - /* - * Generate the initialization vector as: - * IV = MD( filesize || filename )[0..15] - */ - for (i = 0; i < 8; i++) { - buffer[i] = (unsigned char) (filesize >> (i << 3)); - } - - p = argv[2]; - - if (mbedtls_md_starts(&md_ctx) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_starts() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, buffer, 8) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, (unsigned char *) p, strlen(p)) - != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_finish() returned error\n"); - goto exit; - } - - memcpy(IV, digest, 16); - - /* - * Append the IV at the beginning of the output. - */ - if (fwrite(IV, 1, 16, fout) != 16) { - mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", 16); - goto exit; - } - - /* - * Hash the IV and the secret key together 8192 times - * using the result to setup the AES context and HMAC. - */ - memset(digest, 0, 32); - memcpy(digest, IV, 16); - - for (i = 0; i < 8192; i++) { - if (mbedtls_md_starts(&md_ctx) != 0) { - mbedtls_fprintf(stderr, - "mbedtls_md_starts() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, digest, 32) != 0) { - mbedtls_fprintf(stderr, - "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, key, keylen) != 0) { - mbedtls_fprintf(stderr, - "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, - "mbedtls_md_finish() returned error\n"); - goto exit; - } - - } - - if (mbedtls_cipher_setkey(&cipher_ctx, - digest, - (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), - MBEDTLS_ENCRYPT) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_setkey() returned error\n"); - goto exit; - } - if (mbedtls_cipher_set_iv(&cipher_ctx, IV, 16) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_set_iv() returned error\n"); - goto exit; - } - if (mbedtls_cipher_reset(&cipher_ctx) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_reset() returned error\n"); - goto exit; - } - - if (mbedtls_md_hmac_starts(&md_ctx, digest, 32) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_starts() returned error\n"); - goto exit; - } - - /* - * Encrypt and write the ciphertext. - */ - for (offset = 0; offset < filesize; offset += cipher_block_size) { - ilen = ((unsigned int) filesize - offset > cipher_block_size) ? - cipher_block_size : (unsigned int) (filesize - offset); - - if (fread(buffer, 1, ilen, fin) != ilen) { - mbedtls_fprintf(stderr, "fread(%ld bytes) failed\n", (long) ilen); - goto exit; - } - - if (mbedtls_cipher_update(&cipher_ctx, buffer, ilen, output, &olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_update() returned error\n"); - goto exit; - } - - if (mbedtls_md_hmac_update(&md_ctx, output, olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n"); - goto exit; - } - - if (fwrite(output, 1, olen, fout) != olen) { - mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen); - goto exit; - } - } - - if (mbedtls_cipher_finish(&cipher_ctx, output, &olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_finish() returned error\n"); - goto exit; - } - if (mbedtls_md_hmac_update(&md_ctx, output, olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n"); - goto exit; - } - - if (fwrite(output, 1, olen, fout) != olen) { - mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen); - goto exit; - } - - /* - * Finally write the HMAC. - */ - if (mbedtls_md_hmac_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_finish() returned error\n"); - goto exit; - } - - if (fwrite(digest, 1, md_size, fout) != md_size) { - mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", md_size); - goto exit; - } - } - - if (mode == MODE_DECRYPT) { - /* - * The encrypted file must be structured as follows: - * - * 00 .. 15 Initialization Vector - * 16 .. 31 Encrypted Block #1 - * .. - * N*16 .. (N+1)*16 - 1 Encrypted Block #N - * (N+1)*16 .. (N+1)*16 + n Hash(ciphertext) - */ - if (filesize < 16 + md_size) { - mbedtls_fprintf(stderr, "File too short to be encrypted.\n"); - goto exit; - } - - if (cipher_block_size == 0) { - mbedtls_fprintf(stderr, "Invalid cipher block size: 0. \n"); - goto exit; - } - - /* - * Check the file size. - */ - cipher_mode = mbedtls_cipher_info_get_mode(cipher_info); - if (cipher_mode != MBEDTLS_MODE_GCM && - cipher_mode != MBEDTLS_MODE_CTR && - cipher_mode != MBEDTLS_MODE_CFB && - cipher_mode != MBEDTLS_MODE_OFB && - ((filesize - md_size) % cipher_block_size) != 0) { - mbedtls_fprintf(stderr, "File content not a multiple of the block size (%u).\n", - cipher_block_size); - goto exit; - } - - /* - * Subtract the IV + HMAC length. - */ - filesize -= (16 + md_size); - - /* - * Read the IV and original filesize modulo 16. - */ - if (fread(buffer, 1, 16, fin) != 16) { - mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", 16); - goto exit; - } - - memcpy(IV, buffer, 16); - - /* - * Hash the IV and the secret key together 8192 times - * using the result to setup the AES context and HMAC. - */ - memset(digest, 0, 32); - memcpy(digest, IV, 16); - - for (i = 0; i < 8192; i++) { - if (mbedtls_md_starts(&md_ctx) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_starts() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, digest, 32) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, key, keylen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_finish() returned error\n"); - goto exit; - } - } - - if (mbedtls_cipher_setkey(&cipher_ctx, - digest, - (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), - MBEDTLS_DECRYPT) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_setkey() returned error\n"); - goto exit; - } - - if (mbedtls_cipher_set_iv(&cipher_ctx, IV, 16) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_set_iv() returned error\n"); - goto exit; - } - - if (mbedtls_cipher_reset(&cipher_ctx) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_reset() returned error\n"); - goto exit; - } - - if (mbedtls_md_hmac_starts(&md_ctx, digest, 32) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_starts() returned error\n"); - goto exit; - } - - /* - * Decrypt and write the plaintext. - */ - for (offset = 0; offset < filesize; offset += cipher_block_size) { - ilen = ((unsigned int) filesize - offset > cipher_block_size) ? - cipher_block_size : (unsigned int) (filesize - offset); - - if (fread(buffer, 1, ilen, fin) != ilen) { - mbedtls_fprintf(stderr, "fread(%u bytes) failed\n", - cipher_block_size); - goto exit; - } - - if (mbedtls_md_hmac_update(&md_ctx, buffer, ilen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n"); - goto exit; - } - if (mbedtls_cipher_update(&cipher_ctx, buffer, ilen, output, - &olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_update() returned error\n"); - goto exit; - } - - if (fwrite(output, 1, olen, fout) != olen) { - mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen); - goto exit; - } - } - - /* - * Verify the message authentication code. - */ - if (mbedtls_md_hmac_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_finish() returned error\n"); - goto exit; - } - - if (fread(buffer, 1, md_size, fin) != md_size) { - mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", md_size); - goto exit; - } - - /* Use constant-time buffer comparison */ - diff = 0; - for (i = 0; i < md_size; i++) { - diff |= digest[i] ^ buffer[i]; - } - - if (diff != 0) { - mbedtls_fprintf(stderr, "HMAC check failed: wrong key, " - "or file corrupted.\n"); - goto exit; - } - - /* - * Write the final block of data - */ - if (mbedtls_cipher_finish(&cipher_ctx, output, &olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_finish() returned error\n"); - goto exit; - } - - if (fwrite(output, 1, olen, fout) != olen) { - mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen); - goto exit; - } - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - if (fin) { - fclose(fin); - } - if (fout) { - fclose(fout); - } - - /* Zeroize all command line arguments to also cover - the case when the user has missed or reordered some, - in which case the key might not be in argv[6]. */ - for (i = 0; i < argc; i++) { - mbedtls_platform_zeroize(argv[i], strlen(argv[i])); - } - - mbedtls_platform_zeroize(IV, sizeof(IV)); - mbedtls_platform_zeroize(key, sizeof(key)); - mbedtls_platform_zeroize(buffer, sizeof(buffer)); - mbedtls_platform_zeroize(output, sizeof(output)); - mbedtls_platform_zeroize(digest, sizeof(digest)); - - mbedtls_cipher_free(&cipher_ctx); - mbedtls_md_free(&md_ctx); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */ diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt deleted file mode 100644 index d6483011a0..0000000000 --- a/programs/cipher/CMakeLists.txt +++ /dev/null @@ -1,15 +0,0 @@ -set(executables - cipher_aead_demo -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/cipher/cipher_aead_demo.c b/programs/cipher/cipher_aead_demo.c deleted file mode 100644 index 533af34fc5..0000000000 --- a/programs/cipher/cipher_aead_demo.c +++ /dev/null @@ -1,261 +0,0 @@ -/** - * Cipher API multi-part AEAD demonstration. - * - * This program AEAD-encrypts a message, using the algorithm and key size - * specified on the command line, using the multi-part API. - * - * It comes with a companion program psa/aead_demo.c, which does the same - * operations with the PSA Crypto API. The goal is that comparing the two - * programs will help people migrating to the PSA Crypto API. - * - * When used with multi-part AEAD operations, the `mbedtls_cipher_context` - * serves a triple purpose (1) hold the key, (2) store the algorithm when no - * operation is active, and (3) save progress information for the current - * operation. With PSA those roles are held by disinct objects: (1) a - * psa_key_id_t to hold the key, a (2) psa_algorithm_t to represent the - * algorithm, and (3) a psa_operation_t for multi-part progress. - * - * On the other hand, with PSA, the algorithms encodes the desired tag length; - * with Cipher the desired tag length needs to be tracked separately. - * - * This program and its companion psa/aead_demo.c illustrate this by doing the - * same sequence of multi-part AEAD computation with both APIs; looking at the - * two side by side should make the differences and similarities clear. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* First include Mbed TLS headers to get the Mbed TLS configuration and - * platform definitions that we'll use in this program. Also include - * standard C headers for functions we'll use here. */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/cipher.h" - -#include -#include -#include - -/* If the build options we need are not enabled, compile a placeholder. */ -#if !defined(MBEDTLS_CIPHER_C) || \ - !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \ - !defined(MBEDTLS_CHACHAPOLY_C) -int main(void) -{ - printf("MBEDTLS_MD_C and/or " - "MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or " - "MBEDTLS_CHACHAPOLY_C not defined\r\n"); - return 0; -} -#else - -/* The real program starts here. */ - -const char usage[] = - "Usage: cipher_aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]"; - -/* Dummy data for encryption: IV/nonce, additional data, 2-part message */ -const unsigned char iv1[12] = { 0x00 }; -const unsigned char add_data1[] = { 0x01, 0x02 }; -const unsigned char msg1_part1[] = { 0x03, 0x04 }; -const unsigned char msg1_part2[] = { 0x05, 0x06, 0x07 }; - -/* Dummy data (2nd message) */ -const unsigned char iv2[12] = { 0x10 }; -const unsigned char add_data2[] = { 0x11, 0x12 }; -const unsigned char msg2_part1[] = { 0x13, 0x14 }; -const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 }; - -/* Maximum total size of the messages */ -#define MSG1_SIZE (sizeof(msg1_part1) + sizeof(msg1_part2)) -#define MSG2_SIZE (sizeof(msg2_part1) + sizeof(msg2_part2)) -#define MSG_MAX_SIZE (MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE) - -/* Dummy key material - never do this in production! - * 32-byte is enough to all the key size supported by this program. */ -const unsigned char key_bytes[32] = { 0x2a }; - -/* Print the contents of a buffer in hex */ -static void print_buf(const char *title, unsigned char *buf, size_t len) -{ - printf("%s:", title); - for (size_t i = 0; i < len; i++) { - printf(" %02x", buf[i]); - } - printf("\n"); -} - -/* Run an Mbed TLS function and bail out if it fails. - * A string description of the error code can be recovered with: - * programs/util/strerror */ -#define CHK(expr) \ - do \ - { \ - ret = (expr); \ - if (ret != 0) \ - { \ - printf("Error %d at line %d: %s\n", \ - ret, \ - __LINE__, \ - #expr); \ - goto exit; \ - } \ - } while (0) - -/* - * Prepare encryption material: - * - interpret command-line argument - * - set up key - * - outputs: context and tag length, which together hold all the information - */ -static int aead_prepare(const char *info, - mbedtls_cipher_context_t *ctx, - size_t *tag_len) -{ - int ret; - - /* Convert arg to type + tag_len */ - mbedtls_cipher_type_t type; - if (strcmp(info, "aes128-gcm") == 0) { - type = MBEDTLS_CIPHER_AES_128_GCM; - *tag_len = 16; - } else if (strcmp(info, "aes256-gcm") == 0) { - type = MBEDTLS_CIPHER_AES_256_GCM; - *tag_len = 16; - } else if (strcmp(info, "aes128-gcm_8") == 0) { - type = MBEDTLS_CIPHER_AES_128_GCM; - *tag_len = 8; - } else if (strcmp(info, "chachapoly") == 0) { - type = MBEDTLS_CIPHER_CHACHA20_POLY1305; - *tag_len = 16; - } else { - puts(usage); - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; - } - - /* Prepare context for the given type */ - CHK(mbedtls_cipher_setup(ctx, - mbedtls_cipher_info_from_type(type))); - - /* Import key */ - int key_len = mbedtls_cipher_get_key_bitlen(ctx); - CHK(mbedtls_cipher_setkey(ctx, key_bytes, key_len, MBEDTLS_ENCRYPT)); - -exit: - return ret; -} - -/* - * Print out some information. - * - * All of this information was present in the command line argument, but his - * function demonstrates how each piece can be recovered from (ctx, tag_len). - */ -static void aead_info(const mbedtls_cipher_context_t *ctx, size_t tag_len) -{ - mbedtls_cipher_type_t type = mbedtls_cipher_get_type(ctx); - const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type(type); - const char *ciph = mbedtls_cipher_info_get_name(info); - int key_bits = mbedtls_cipher_get_key_bitlen(ctx); - mbedtls_cipher_mode_t mode = mbedtls_cipher_get_cipher_mode(ctx); - - const char *mode_str = mode == MBEDTLS_MODE_GCM ? "GCM" - : mode == MBEDTLS_MODE_CHACHAPOLY ? "ChachaPoly" - : "???"; - - printf("%s, %d, %s, %u\n", - ciph, key_bits, mode_str, (unsigned) tag_len); -} - -/* - * Encrypt a 2-part message. - */ -static int aead_encrypt(mbedtls_cipher_context_t *ctx, size_t tag_len, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *part1, size_t part1_len, - const unsigned char *part2, size_t part2_len) -{ - int ret; - size_t olen; -#define MAX_TAG_LENGTH 16 - unsigned char out[MSG_MAX_SIZE + MAX_TAG_LENGTH]; - unsigned char *p = out; - - CHK(mbedtls_cipher_set_iv(ctx, iv, iv_len)); - CHK(mbedtls_cipher_reset(ctx)); - CHK(mbedtls_cipher_update_ad(ctx, ad, ad_len)); - CHK(mbedtls_cipher_update(ctx, part1, part1_len, p, &olen)); - p += olen; - CHK(mbedtls_cipher_update(ctx, part2, part2_len, p, &olen)); - p += olen; - CHK(mbedtls_cipher_finish(ctx, p, &olen)); - p += olen; - CHK(mbedtls_cipher_write_tag(ctx, p, tag_len)); - p += tag_len; - - olen = p - out; - print_buf("out", out, olen); - -exit: - return ret; -} - -/* - * AEAD demo: set up key/alg, print out info, encrypt messages. - */ -static int aead_demo(const char *info) -{ - int ret = 0; - - mbedtls_cipher_context_t ctx; - size_t tag_len; - - mbedtls_cipher_init(&ctx); - - CHK(aead_prepare(info, &ctx, &tag_len)); - - aead_info(&ctx, tag_len); - - CHK(aead_encrypt(&ctx, tag_len, - iv1, sizeof(iv1), add_data1, sizeof(add_data1), - msg1_part1, sizeof(msg1_part1), - msg1_part2, sizeof(msg1_part2))); - CHK(aead_encrypt(&ctx, tag_len, - iv2, sizeof(iv2), add_data2, sizeof(add_data2), - msg2_part1, sizeof(msg2_part1), - msg2_part2, sizeof(msg2_part2))); - -exit: - mbedtls_cipher_free(&ctx); - - return ret; -} - - -/* - * Main function - */ -int main(int argc, char **argv) -{ - /* Check usage */ - if (argc != 2) { - puts(usage); - return 1; - } - - int ret; - - /* Run the demo */ - CHK(aead_demo(argv[1])); - -exit: - return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; -} - -#endif diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt deleted file mode 100644 index d23db0443e..0000000000 --- a/programs/hash/CMakeLists.txt +++ /dev/null @@ -1,17 +0,0 @@ -set(executables - generic_sum - hello - md_hmac_demo -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c deleted file mode 100644 index ac776deb87..0000000000 --- a/programs/hash/generic_sum.c +++ /dev/null @@ -1,211 +0,0 @@ -/* - * generic message digest layer demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_MD_C) && defined(MBEDTLS_FS_IO) -#include "mbedtls/md.h" - -#include -#include -#endif - -#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -static int generic_wrapper(const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum) -{ - int ret = mbedtls_md_file(md_info, filename, sum); - - if (ret == 1) { - mbedtls_fprintf(stderr, "failed to open: %s\n", filename); - } - - if (ret == 2) { - mbedtls_fprintf(stderr, "failed to read: %s\n", filename); - } - - return ret; -} - -static int generic_print(const mbedtls_md_info_t *md_info, char *filename) -{ - int i; - unsigned char sum[MBEDTLS_MD_MAX_SIZE]; - - if (generic_wrapper(md_info, filename, sum) != 0) { - return 1; - } - - for (i = 0; i < mbedtls_md_get_size(md_info); i++) { - mbedtls_printf("%02x", sum[i]); - } - - mbedtls_printf(" %s\n", filename); - return 0; -} - -static int generic_check(const mbedtls_md_info_t *md_info, char *filename) -{ - int i; - size_t n; - FILE *f; - int nb_err1, nb_err2; - int nb_tot1, nb_tot2; - unsigned char sum[MBEDTLS_MD_MAX_SIZE]; - char line[1024]; - char diff; -#if defined(__clang_analyzer__) - char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { }; -#else - char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1]; -#endif - - if ((f = fopen(filename, "rb")) == NULL) { - mbedtls_printf("failed to open: %s\n", filename); - return 1; - } - - nb_err1 = nb_err2 = 0; - nb_tot1 = nb_tot2 = 0; - - memset(line, 0, sizeof(line)); - - n = sizeof(line); - - while (fgets(line, (int) n - 1, f) != NULL) { - n = strlen(line); - - if (n < (size_t) 2 * mbedtls_md_get_size(md_info) + 4) { - mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info)); - continue; - } - - if (line[2 * mbedtls_md_get_size(md_info)] != ' ' || - line[2 * mbedtls_md_get_size(md_info) + 1] != ' ') { - mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info)); - continue; - } - - if (line[n - 1] == '\n') { - n--; line[n] = '\0'; - } - if (line[n - 1] == '\r') { - n--; line[n] = '\0'; - } - - nb_tot1++; - - if (generic_wrapper(md_info, line + 2 + 2 * mbedtls_md_get_size(md_info), sum) != 0) { - nb_err1++; - continue; - } - - nb_tot2++; - - for (i = 0; i < mbedtls_md_get_size(md_info); i++) { - sprintf(buf + i * 2, "%02x", sum[i]); - } - - /* Use constant-time buffer comparison */ - diff = 0; - for (i = 0; i < 2 * mbedtls_md_get_size(md_info); i++) { - diff |= line[i] ^ buf[i]; - } - - if (diff != 0) { - nb_err2++; - mbedtls_fprintf(stderr, "wrong checksum: %s\n", line + 66); - } - - n = sizeof(line); - } - - if (nb_err1 != 0) { - mbedtls_printf("WARNING: %d (out of %d) input files could " - "not be read\n", nb_err1, nb_tot1); - } - - if (nb_err2 != 0) { - mbedtls_printf("WARNING: %d (out of %d) computed checksums did " - "not match\n", nb_err2, nb_tot2); - } - - fclose(f); - - return nb_err1 != 0 || nb_err2 != 0; -} - -int main(int argc, char *argv[]) -{ - int ret = 1, i; - int exit_code = MBEDTLS_EXIT_FAILURE; - const mbedtls_md_info_t *md_info; - mbedtls_md_context_t md_ctx; - - mbedtls_md_init(&md_ctx); - - if (argc < 2) { - const int *list; - - mbedtls_printf("print mode: generic_sum ...\n"); - mbedtls_printf("check mode: generic_sum -c \n"); - - mbedtls_printf("\nAvailable message digests:\n"); - list = mbedtls_md_list(); - while (*list) { - md_info = mbedtls_md_info_from_type(*list); - mbedtls_printf(" %s\n", mbedtls_md_get_name(md_info)); - list++; - } - - mbedtls_exit(exit_code); - } - - /* - * Read the MD from the command line - */ - md_info = mbedtls_md_info_from_string(argv[1]); - if (md_info == NULL) { - mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[1]); - mbedtls_exit(exit_code); - } - if (mbedtls_md_setup(&md_ctx, md_info, 0)) { - mbedtls_fprintf(stderr, "Failed to initialize context.\n"); - mbedtls_exit(exit_code); - } - - ret = 0; - if (argc == 4 && strcmp("-c", argv[2]) == 0) { - ret |= generic_check(md_info, argv[3]); - goto exit; - } - - for (i = 2; i < argc; i++) { - ret |= generic_print(md_info, argv[i]); - } - - if (ret == 0) { - exit_code = MBEDTLS_EXIT_SUCCESS; - } - -exit: - mbedtls_md_free(&md_ctx); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */ diff --git a/programs/hash/hello.c b/programs/hash/hello.c deleted file mode 100644 index 19408f37fe..0000000000 --- a/programs/hash/hello.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Classic "Hello, world" demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_MD5_C) -#include "mbedtls/md5.h" -#endif - -#if !defined(MBEDTLS_MD5_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_MD5_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(void) -{ - int i, ret; - unsigned char digest[16]; - char str[] = "Hello, world!"; - - mbedtls_printf("\n MD5('%s') = ", str); - - if ((ret = mbedtls_md5((unsigned char *) str, 13, digest)) != 0) { - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - for (i = 0; i < 16; i++) { - mbedtls_printf("%02x", digest[i]); - } - - mbedtls_printf("\n\n"); - - mbedtls_exit(MBEDTLS_EXIT_SUCCESS); -} -#endif /* MBEDTLS_MD5_C */ diff --git a/programs/hash/md_hmac_demo.c b/programs/hash/md_hmac_demo.c deleted file mode 100644 index 0fe0700ce4..0000000000 --- a/programs/hash/md_hmac_demo.c +++ /dev/null @@ -1,138 +0,0 @@ -/** - * MD API multi-part HMAC demonstration. - * - * This programs computes the HMAC of two messages using the multi-part API. - * - * This is a companion to psa/hmac_demo.c, doing the same operations with the - * legacy MD API. The goal is that comparing the two programs will help people - * migrating to the PSA Crypto API. - * - * When it comes to multi-part HMAC operations, the `mbedtls_md_context` - * serves a dual purpose (1) hold the key, and (2) save progress information - * for the current operation. With PSA those roles are held by two disinct - * objects: (1) a psa_key_id_t to hold the key, and (2) a psa_operation_t for - * multi-part progress. - * - * This program and its companion psa/hmac_demo.c illustrate this by doing the - * same sequence of multi-part HMAC computation with both APIs; looking at the - * two side by side should make the differences and similarities clear. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* First include Mbed TLS headers to get the Mbed TLS configuration and - * platform definitions that we'll use in this program. Also include - * standard C headers for functions we'll use here. */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/md.h" - -#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize - -#include -#include - -/* If the build options we need are not enabled, compile a placeholder. */ -#if !defined(MBEDTLS_MD_C) -int main(void) -{ - printf("MBEDTLS_MD_C not defined\r\n"); - return 0; -} -#else - -/* The real program starts here. */ - -/* Dummy inputs for HMAC */ -const unsigned char msg1_part1[] = { 0x01, 0x02 }; -const unsigned char msg1_part2[] = { 0x03, 0x04 }; -const unsigned char msg2_part1[] = { 0x05, 0x05 }; -const unsigned char msg2_part2[] = { 0x06, 0x06 }; - -/* Dummy key material - never do this in production! - * This example program uses SHA-256, so a 32-byte key makes sense. */ -const unsigned char key_bytes[32] = { 0 }; - -/* Print the contents of a buffer in hex */ -static void print_buf(const char *title, unsigned char *buf, size_t len) -{ - printf("%s:", title); - for (size_t i = 0; i < len; i++) { - printf(" %02x", buf[i]); - } - printf("\n"); -} - -/* Run an Mbed TLS function and bail out if it fails. - * A string description of the error code can be recovered with: - * programs/util/strerror */ -#define CHK(expr) \ - do \ - { \ - ret = (expr); \ - if (ret != 0) \ - { \ - printf("Error %d at line %d: %s\n", \ - ret, \ - __LINE__, \ - #expr); \ - goto exit; \ - } \ - } while (0) - -/* - * This function demonstrates computation of the HMAC of two messages using - * the multipart API. - */ -static int hmac_demo(void) -{ - int ret; - const mbedtls_md_type_t alg = MBEDTLS_MD_SHA256; - unsigned char out[MBEDTLS_MD_MAX_SIZE]; // safe but not optimal - - mbedtls_md_context_t ctx; - - mbedtls_md_init(&ctx); - - /* prepare context and load key */ - // the last argument to setup is 1 to enable HMAC (not just hashing) - const mbedtls_md_info_t *info = mbedtls_md_info_from_type(alg); - CHK(mbedtls_md_setup(&ctx, info, 1)); - CHK(mbedtls_md_hmac_starts(&ctx, key_bytes, sizeof(key_bytes))); - - /* compute HMAC(key, msg1_part1 | msg1_part2) */ - CHK(mbedtls_md_hmac_update(&ctx, msg1_part1, sizeof(msg1_part1))); - CHK(mbedtls_md_hmac_update(&ctx, msg1_part2, sizeof(msg1_part2))); - CHK(mbedtls_md_hmac_finish(&ctx, out)); - print_buf("msg1", out, mbedtls_md_get_size(info)); - - /* compute HMAC(key, msg2_part1 | msg2_part2) */ - CHK(mbedtls_md_hmac_reset(&ctx)); // prepare for new operation - CHK(mbedtls_md_hmac_update(&ctx, msg2_part1, sizeof(msg2_part1))); - CHK(mbedtls_md_hmac_update(&ctx, msg2_part2, sizeof(msg2_part2))); - CHK(mbedtls_md_hmac_finish(&ctx, out)); - print_buf("msg2", out, mbedtls_md_get_size(info)); - -exit: - mbedtls_md_free(&ctx); - mbedtls_platform_zeroize(out, sizeof(out)); - - return ret; -} - -int main(void) -{ - int ret; - - CHK(hmac_demo()); - -exit: - return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; -} - -#endif diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt index df63ffc89c..a2b1836d58 100644 --- a/programs/pkey/CMakeLists.txt +++ b/programs/pkey/CMakeLists.txt @@ -1,21 +1,8 @@ set(executables_mbedcrypto - dh_genprime - ecdh_curve25519 - ecdsa gen_key - key_app - key_app_writer - mpi_demo - pk_encrypt - pk_decrypt pk_sign pk_verify - rsa_decrypt - rsa_encrypt - rsa_genkey - rsa_sign rsa_sign_pss - rsa_verify rsa_verify_pss ) add_dependencies(${programs_target} ${executables_mbedcrypto}) diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c deleted file mode 100644 index ebaf9265f3..0000000000 --- a/programs/pkey/dh_genprime.c +++ /dev/null @@ -1,163 +0,0 @@ -/* - * Diffie-Hellman-Merkle key exchange (prime generation) - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_GENPRIME) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_GENPRIME not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/bignum.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include - -#define USAGE \ - "\n usage: dh_genprime param=<>...\n" \ - "\n acceptable parameters:\n" \ - " bits=%%d default: 2048\n" - -#define DFL_BITS 2048 - -/* - * Note: G = 4 is always a quadratic residue mod P, - * so it is a generator of order Q (with P = 2*Q+1). - */ -#define GENERATOR "4" - - -int main(int argc, char **argv) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_mpi G, P, Q; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "dh_genprime"; - FILE *fout; - int nbits = DFL_BITS; - int i; - char *p, *q; - - mbedtls_mpi_init(&G); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "bits") == 0) { - nbits = atoi(q); - if (nbits < 0 || nbits > MBEDTLS_MPI_MAX_BITS) { - goto usage; - } - } else { - goto usage; - } - } - - if ((ret = mbedtls_mpi_read_string(&G, 10, GENERATOR)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_string returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ! Generating large primes may take minutes!\n"); - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Generating the modulus, please wait..."); - fflush(stdout); - - /* - * This can take a long time... - */ - if ((ret = mbedtls_mpi_gen_prime(&P, nbits, 1, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_gen_prime returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Verifying that Q = (P-1)/2 is prime..."); - fflush(stdout); - - if ((ret = mbedtls_mpi_sub_int(&Q, &P, 1)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_sub_int returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_mpi_div_int(&Q, NULL, &Q, 2)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_div_int returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_mpi_is_prime_ext(&Q, 50, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_is_prime returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Exporting the value in dh_prime.txt..."); - fflush(stdout); - - if ((fout = fopen("dh_prime.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create dh_prime.txt\n\n"); - goto exit; - } - - if (((ret = mbedtls_mpi_write_file("P = ", &P, 16, fout)) != 0) || - ((ret = mbedtls_mpi_write_file("G = ", &G, 16, fout)) != 0)) { - mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret); - fclose(fout); - goto exit; - } - - mbedtls_printf(" ok\n\n"); - fclose(fout); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_mpi_free(&G); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO && - MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */ diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c deleted file mode 100644 index 952d487c9e..0000000000 --- a/programs/pkey/ecdh_curve25519.c +++ /dev/null @@ -1,191 +0,0 @@ -/* - * Example ECDHE with Curve25519 program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_ECDH_C) || \ - !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ECDH_C and/or " - "MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C " - "not defined\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/ecdh.h" - -#include - - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_ecdh_context ctx_cli, ctx_srv; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char cli_to_srv[36], srv_to_cli[33]; - const char pers[] = "ecdh"; - - size_t srv_olen; - size_t cli_olen; - unsigned char secret_cli[32] = { 0 }; - unsigned char secret_srv[32] = { 0 }; - const unsigned char *p_cli_to_srv = cli_to_srv; - - ((void) argc); - ((void) argv); - - mbedtls_ecdh_init(&ctx_cli); - mbedtls_ecdh_init(&ctx_srv); - mbedtls_ctr_drbg_init(&ctr_drbg); - - /* - * Initialize random number generation - */ - mbedtls_printf(" . Seed the random number generator..."); - fflush(stdout); - - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, - (const unsigned char *) pers, - sizeof(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Client: initialize context and generate keypair - */ - mbedtls_printf(" . Set up client context, generate EC key pair..."); - fflush(stdout); - - ret = mbedtls_ecdh_setup(&ctx_cli, MBEDTLS_ECP_DP_CURVE25519); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_setup returned %d\n", ret); - goto exit; - } - - ret = mbedtls_ecdh_make_params(&ctx_cli, &cli_olen, cli_to_srv, - sizeof(cli_to_srv), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_make_params returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Server: initialize context and generate keypair - */ - mbedtls_printf(" . Server: read params, generate public key..."); - fflush(stdout); - - ret = mbedtls_ecdh_read_params(&ctx_srv, &p_cli_to_srv, - p_cli_to_srv + sizeof(cli_to_srv)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_read_params returned %d\n", - ret); - goto exit; - } - - ret = mbedtls_ecdh_make_public(&ctx_srv, &srv_olen, srv_to_cli, - sizeof(srv_to_cli), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_make_public returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Client: read public key - */ - mbedtls_printf(" . Client: read public key..."); - fflush(stdout); - - ret = mbedtls_ecdh_read_public(&ctx_cli, srv_to_cli, - sizeof(srv_to_cli)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_read_public returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Calculate secrets - */ - mbedtls_printf(" . Calculate secrets..."); - fflush(stdout); - - ret = mbedtls_ecdh_calc_secret(&ctx_cli, &cli_olen, secret_cli, - sizeof(secret_cli), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_calc_secret returned %d\n", - ret); - goto exit; - } - - ret = mbedtls_ecdh_calc_secret(&ctx_srv, &srv_olen, secret_srv, - sizeof(secret_srv), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_calc_secret returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Verification: are the computed secrets equal? - */ - mbedtls_printf(" . Check if both calculated secrets are equal..."); - fflush(stdout); - - ret = memcmp(secret_srv, secret_cli, srv_olen); - if (ret != 0 || (cli_olen != srv_olen)) { - mbedtls_printf(" failed\n ! Shared secrets not equal.\n"); - goto exit; - } - - mbedtls_printf(" ok\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_ecdh_free(&ctx_srv); - mbedtls_ecdh_free(&ctx_cli); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c deleted file mode 100644 index a4988b0b48..0000000000 --- a/programs/pkey/ecdsa.c +++ /dev/null @@ -1,222 +0,0 @@ -/* - * Example ECDSA program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_ECDSA_C) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/ecdsa.h" -#include "mbedtls/sha256.h" - -#include -#endif - -/* - * Uncomment to show key and signature details - */ -#define VERBOSE - -/* - * Uncomment to force use of a specific curve - */ -#define ECPARAMS MBEDTLS_ECP_DP_SECP192R1 - -#if !defined(ECPARAMS) -#define ECPARAMS mbedtls_ecp_curve_list()->grp_id -#endif - -#if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n"); - mbedtls_exit(0); -} -#else -#if defined(VERBOSE) -static void dump_buf(const char *title, unsigned char *buf, size_t len) -{ - size_t i; - - mbedtls_printf("%s", title); - for (i = 0; i < len; i++) { - mbedtls_printf("%c%c", "0123456789ABCDEF" [buf[i] / 16], - "0123456789ABCDEF" [buf[i] % 16]); - } - mbedtls_printf("\n"); -} - -static void dump_pubkey(const char *title, mbedtls_ecdsa_context *key) -{ - unsigned char buf[300]; - size_t len; - - if (mbedtls_ecp_write_public_key(key, MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, buf, sizeof(buf)) != 0) { - mbedtls_printf("internal error\n"); - return; - } - - dump_buf(title, buf, len); -} -#else -#define dump_buf(a, b, c) -#define dump_pubkey(a, b) -#endif - - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_ecdsa_context ctx_sign, ctx_verify; - mbedtls_ecp_point Q; - mbedtls_ecp_point_init(&Q); - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char message[100]; - unsigned char hash[32]; - unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; - size_t sig_len; - const char *pers = "ecdsa"; - ((void) argv); - - mbedtls_ecdsa_init(&ctx_sign); - mbedtls_ecdsa_init(&ctx_verify); - mbedtls_ctr_drbg_init(&ctr_drbg); - - memset(sig, 0, sizeof(sig)); - memset(message, 0x25, sizeof(message)); - - if (argc != 1) { - mbedtls_printf("usage: ecdsa\n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - /* - * Generate a key pair for signing - */ - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Generating key pair..."); - fflush(stdout); - - if ((ret = mbedtls_ecdsa_genkey(&ctx_sign, ECPARAMS, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret); - goto exit; - } - - mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(&ctx_sign); - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id(grp_id); - mbedtls_printf(" ok (key size: %d bits)\n", (int) curve_info->bit_size); - - dump_pubkey(" + Public key: ", &ctx_sign); - - /* - * Compute message hash - */ - mbedtls_printf(" . Computing message hash..."); - fflush(stdout); - - if ((ret = mbedtls_sha256(message, sizeof(message), hash, 0)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - dump_buf(" + Hash: ", hash, sizeof(hash)); - - /* - * Sign message hash - */ - mbedtls_printf(" . Signing message hash..."); - fflush(stdout); - - if ((ret = mbedtls_ecdsa_write_signature(&ctx_sign, MBEDTLS_MD_SHA256, - hash, sizeof(hash), - sig, sizeof(sig), &sig_len, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdsa_write_signature returned %d\n", ret); - goto exit; - } - mbedtls_printf(" ok (signature length = %u)\n", (unsigned int) sig_len); - - dump_buf(" + Signature: ", sig, sig_len); - - /* - * Transfer public information to verifying context - * - * We could use the same context for verification and signatures, but we - * chose to use a new one in order to make it clear that the verifying - * context only needs the public key (Q), and not the private key (d). - */ - mbedtls_printf(" . Preparing verification context..."); - fflush(stdout); - - if ((ret = mbedtls_ecp_export(&ctx_sign, NULL, NULL, &Q)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecp_export returned %d\n", ret); - goto exit; - } - - if ((ret = mbedtls_ecp_set_public_key(grp_id, &ctx_verify, &Q)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecp_set_public_key returned %d\n", ret); - goto exit; - } - - /* - * Verify signature - */ - mbedtls_printf(" ok\n . Verifying signature..."); - fflush(stdout); - - if ((ret = mbedtls_ecdsa_read_signature(&ctx_verify, - hash, sizeof(hash), - sig, sig_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdsa_read_signature returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_ecdsa_free(&ctx_verify); - mbedtls_ecdsa_free(&ctx_sign); - mbedtls_ecp_point_free(&Q); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && - ECPARAMS */ diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c deleted file mode 100644 index 2be584266a..0000000000 --- a/programs/pkey/key_app.c +++ /dev/null @@ -1,369 +0,0 @@ -/* - * Key reading application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && \ - defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/rsa.h" -#include "mbedtls/pk.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#endif - -#define MODE_NONE 0 -#define MODE_PRIVATE 1 -#define MODE_PUBLIC 2 - -#define DFL_MODE MODE_NONE -#define DFL_FILENAME "keyfile.key" -#define DFL_PASSWORD "" -#define DFL_PASSWORD_FILE "" -#define DFL_DEBUG_LEVEL 0 - -#define USAGE \ - "\n usage: key_app param=<>...\n" \ - "\n acceptable parameters:\n" \ - " mode=private|public default: none\n" \ - " filename=%%s default: keyfile.key\n" \ - " password=%%s default: \"\"\n" \ - " password_file=%%s default: \"\"\n" \ - "\n" - -#if !defined(MBEDTLS_BIGNUM_C) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or " - "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -#if defined(MBEDTLS_ECP_C) -static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) -{ - int ret = 0; - - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id( - mbedtls_ecp_keypair_get_group_id(ecp)); - mbedtls_printf("curve: %s\n", curve_info->name); - - mbedtls_ecp_group grp; - mbedtls_ecp_group_init(&grp); - mbedtls_mpi D; - mbedtls_mpi_init(&D); - mbedtls_ecp_point pt; - mbedtls_ecp_point_init(&pt); - mbedtls_mpi X, Y; - mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); - - MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, - (has_private ? &D : NULL), - &pt)); - - unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; - size_t len = 0; - MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( - &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, point_bin, sizeof(point_bin))); - switch (mbedtls_ecp_get_type(&grp)) { - case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: - if ((len & 1) == 0 || point_bin[0] != 0x04) { - /* Point in an unxepected format. This shouldn't happen. */ - ret = -1; - goto cleanup; - } - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); - break; - case MBEDTLS_ECP_TYPE_MONTGOMERY: - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - break; - default: - mbedtls_printf( - "This program does not yet support listing coordinates for this curve type.\n"); - break; - } - - if (has_private) { - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - } - -cleanup: - mbedtls_ecp_group_free(&grp); - mbedtls_mpi_free(&D); - mbedtls_ecp_point_free(&pt); - mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); - return ret; -} -#endif - -/* - * global options - */ -struct options { - int mode; /* the mode to run the application in */ - const char *filename; /* filename of the key file */ - const char *password; /* password for the private key */ - const char *password_file; /* password_file for the private key */ -} opt; - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - char buf[1024]; - int i; - char *p, *q; - - const char *pers = "pkey/key_app"; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - - mbedtls_pk_context pk; - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - - /* - * Set to sane values - */ - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - - mbedtls_pk_init(&pk); - memset(buf, 0, sizeof(buf)); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto cleanup; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto cleanup; - } - - opt.mode = DFL_MODE; - opt.filename = DFL_FILENAME; - opt.password = DFL_PASSWORD; - opt.password_file = DFL_PASSWORD_FILE; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "mode") == 0) { - if (strcmp(q, "private") == 0) { - opt.mode = MODE_PRIVATE; - } else if (strcmp(q, "public") == 0) { - opt.mode = MODE_PUBLIC; - } else { - goto usage; - } - } else if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else if (strcmp(p, "password") == 0) { - opt.password = q; - } else if (strcmp(p, "password_file") == 0) { - opt.password_file = q; - } else { - goto usage; - } - } - - if (opt.mode == MODE_PRIVATE) { - if (strlen(opt.password) && strlen(opt.password_file)) { - mbedtls_printf("Error: cannot have both password and password_file\n"); - goto usage; - } - - if (strlen(opt.password_file)) { - FILE *f; - - mbedtls_printf("\n . Loading the password file ..."); - if ((f = fopen(opt.password_file, "rb")) == NULL) { - mbedtls_printf(" failed\n ! fopen returned NULL\n"); - goto cleanup; - } - if (fgets(buf, sizeof(buf), f) == NULL) { - fclose(f); - mbedtls_printf("Error: fgets() failed to retrieve password\n"); - goto cleanup; - } - fclose(f); - - i = (int) strlen(buf); - if (buf[i - 1] == '\n') { - buf[i - 1] = '\0'; - } - if (buf[i - 2] == '\r') { - buf[i - 2] = '\0'; - } - opt.password = buf; - } - - /* - * 1.1. Load the key - */ - mbedtls_printf("\n . Loading the private key ..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto cleanup; - } - - ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto cleanup; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2 Print the key - */ - mbedtls_printf(" . Key information ...\n"); -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk); - - if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 || - (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto cleanup; - } - - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N: ", &N, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E: ", &E, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("D: ", &D, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("P: ", &P, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q: ", &Q, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DP: ", &DP, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("QP: ", &QP, 16, NULL)); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(pk), 1) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto cleanup; - } - } else -#endif - { - mbedtls_printf("Do not know how to print key information for this type\n"); - goto cleanup; - } - } else if (opt.mode == MODE_PUBLIC) { - /* - * 1.1. Load the key - */ - mbedtls_printf("\n . Loading the public key ..."); - fflush(stdout); - - ret = mbedtls_pk_parse_public_keyfile(&pk, opt.filename); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto cleanup; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" . Key information ...\n"); -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk); - - if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL, - NULL, &E)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto cleanup; - } - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N: ", &N, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E: ", &E, 16, NULL)); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(pk), 0) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto cleanup; - } - } else -#endif - { - mbedtls_printf("Do not know how to print key information for this type\n"); - goto cleanup; - } - } else { - goto usage; - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -cleanup: - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_pk_free(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c deleted file mode 100644 index e36130bcd1..0000000000 --- a/programs/pkey/key_app_writer.c +++ /dev/null @@ -1,495 +0,0 @@ -/* - * Key writing application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_PK_WRITE_C) || \ - !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_BIGNUM_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_BIGNUM_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/pk.h" - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include - -#if defined(MBEDTLS_PEM_WRITE_C) -#define USAGE_OUT \ - " output_file=%%s default: keyfile.pem\n" \ - " output_format=pem|der default: pem\n" -#else -#define USAGE_OUT \ - " output_file=%%s default: keyfile.der\n" \ - " output_format=der default: der\n" -#endif - -#if defined(MBEDTLS_PEM_WRITE_C) -#define DFL_OUTPUT_FILENAME "keyfile.pem" -#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_PEM -#else -#define DFL_OUTPUT_FILENAME "keyfile.der" -#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_DER -#endif - -#define DFL_MODE MODE_NONE -#define DFL_FILENAME "keyfile.key" -#define DFL_DEBUG_LEVEL 0 -#define DFL_OUTPUT_MODE OUTPUT_MODE_NONE - -#define MODE_NONE 0 -#define MODE_PRIVATE 1 -#define MODE_PUBLIC 2 - -#define OUTPUT_MODE_NONE 0 -#define OUTPUT_MODE_PRIVATE 1 -#define OUTPUT_MODE_PUBLIC 2 - -#define OUTPUT_FORMAT_PEM 0 -#define OUTPUT_FORMAT_DER 1 - -#define USAGE \ - "\n usage: key_app_writer param=<>...\n" \ - "\n acceptable parameters:\n" \ - " mode=private|public default: none\n" \ - " filename=%%s default: keyfile.key\n" \ - " output_mode=private|public default: none\n" \ - USAGE_OUT \ - "\n" - - -/* - * global options - */ -struct options { - int mode; /* the mode to run the application in */ - const char *filename; /* filename of the key file */ - int output_mode; /* the output mode to use */ - const char *output_file; /* where to store the constructed key file */ - int output_format; /* the output format to use */ -} opt; - -static int write_public_key(mbedtls_pk_context *key, const char *output_file) -{ - int ret; - FILE *f; - unsigned char output_buf[16000]; - unsigned char *c = output_buf; - size_t len = 0; - - memset(output_buf, 0, 16000); - -#if defined(MBEDTLS_PEM_WRITE_C) - if (opt.output_format == OUTPUT_FORMAT_PEM) { - if ((ret = mbedtls_pk_write_pubkey_pem(key, output_buf, 16000)) != 0) { - return ret; - } - - len = strlen((char *) output_buf); - } else -#endif - { - if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf, 16000)) < 0) { - return ret; - } - - len = ret; - c = output_buf + sizeof(output_buf) - len; - } - - if ((f = fopen(output_file, "w")) == NULL) { - return -1; - } - - if (fwrite(c, 1, len, f) != len) { - fclose(f); - return -1; - } - - fclose(f); - - return 0; -} - -static int write_private_key(mbedtls_pk_context *key, const char *output_file) -{ - int ret; - FILE *f; - unsigned char output_buf[16000]; - unsigned char *c = output_buf; - size_t len = 0; - - memset(output_buf, 0, 16000); - -#if defined(MBEDTLS_PEM_WRITE_C) - if (opt.output_format == OUTPUT_FORMAT_PEM) { - if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) { - return ret; - } - - len = strlen((char *) output_buf); - } else -#endif - { - if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) { - return ret; - } - - len = ret; - c = output_buf + sizeof(output_buf) - len; - } - - if ((f = fopen(output_file, "w")) == NULL) { - return -1; - } - - if (fwrite(c, 1, len, f) != len) { - fclose(f); - return -1; - } - - fclose(f); - - return 0; -} - -#if defined(MBEDTLS_ECP_C) -static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) -{ - int ret = 0; - - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id( - mbedtls_ecp_keypair_get_group_id(ecp)); - mbedtls_printf("curve: %s\n", curve_info->name); - - mbedtls_ecp_group grp; - mbedtls_ecp_group_init(&grp); - mbedtls_mpi D; - mbedtls_mpi_init(&D); - mbedtls_ecp_point pt; - mbedtls_ecp_point_init(&pt); - mbedtls_mpi X, Y; - mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); - - MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, - (has_private ? &D : NULL), - &pt)); - - unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; - size_t len = 0; - MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( - &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, point_bin, sizeof(point_bin))); - switch (mbedtls_ecp_get_type(&grp)) { - case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: - if ((len & 1) == 0 || point_bin[0] != 0x04) { - /* Point in an unxepected format. This shouldn't happen. */ - ret = -1; - goto cleanup; - } - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); - break; - case MBEDTLS_ECP_TYPE_MONTGOMERY: - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - break; - default: - mbedtls_printf( - "This program does not yet support listing coordinates for this curve type.\n"); - break; - } - - if (has_private) { - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - } - -cleanup: - mbedtls_ecp_group_free(&grp); - mbedtls_mpi_free(&D); - mbedtls_ecp_point_free(&pt); - mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); - return ret; -} -#endif - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; -#if defined(MBEDTLS_ERROR_C) - char buf[200]; -#endif - int i; - char *p, *q; - - const char *pers = "pkey/key_app"; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - - mbedtls_pk_context key; -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; -#endif /* MBEDTLS_RSA_C */ - - /* - * Set to sane values - */ - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - - mbedtls_pk_init(&key); -#if defined(MBEDTLS_ERROR_C) - memset(buf, 0, sizeof(buf)); -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); -#endif /* MBEDTLS_RSA_C */ - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - opt.mode = DFL_MODE; - opt.filename = DFL_FILENAME; - opt.output_mode = DFL_OUTPUT_MODE; - opt.output_file = DFL_OUTPUT_FILENAME; - opt.output_format = DFL_OUTPUT_FORMAT; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "mode") == 0) { - if (strcmp(q, "private") == 0) { - opt.mode = MODE_PRIVATE; - } else if (strcmp(q, "public") == 0) { - opt.mode = MODE_PUBLIC; - } else { - goto usage; - } - } else if (strcmp(p, "output_mode") == 0) { - if (strcmp(q, "private") == 0) { - opt.output_mode = OUTPUT_MODE_PRIVATE; - } else if (strcmp(q, "public") == 0) { - opt.output_mode = OUTPUT_MODE_PUBLIC; - } else { - goto usage; - } - } else if (strcmp(p, "output_format") == 0) { -#if defined(MBEDTLS_PEM_WRITE_C) - if (strcmp(q, "pem") == 0) { - opt.output_format = OUTPUT_FORMAT_PEM; - } else -#endif - if (strcmp(q, "der") == 0) { - opt.output_format = OUTPUT_FORMAT_DER; - } else { - goto usage; - } - } else if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else if (strcmp(p, "output_file") == 0) { - opt.output_file = q; - } else { - goto usage; - } - } - - if (opt.mode == MODE_NONE && opt.output_mode != OUTPUT_MODE_NONE) { - mbedtls_printf("\nCannot output a key without reading one.\n"); - goto exit; - } - - if (opt.mode == MODE_PUBLIC && opt.output_mode == OUTPUT_MODE_PRIVATE) { - mbedtls_printf("\nCannot output a private key from a public key.\n"); - goto exit; - } - - if (opt.mode == MODE_PRIVATE) { - /* - * 1.1. Load the key - */ - mbedtls_printf("\n . Loading the private key ..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2 Print the key - */ - mbedtls_printf(" . Key information ...\n"); - -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key); - - if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 || - (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto exit; - } - - mbedtls_mpi_write_file("N: ", &N, 16, NULL); - mbedtls_mpi_write_file("E: ", &E, 16, NULL); - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - mbedtls_mpi_write_file("P: ", &P, 16, NULL); - mbedtls_mpi_write_file("Q: ", &Q, 16, NULL); - mbedtls_mpi_write_file("DP: ", &DP, 16, NULL); - mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL); - mbedtls_mpi_write_file("QP: ", &QP, 16, NULL); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto exit; - } - } else -#endif - mbedtls_printf("key type not supported yet\n"); - - } else if (opt.mode == MODE_PUBLIC) { - /* - * 1.1. Load the key - */ - mbedtls_printf("\n . Loading the public key ..."); - fflush(stdout); - - ret = mbedtls_pk_parse_public_keyfile(&key, opt.filename); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_key returned -0x%04x", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2 Print the key - */ - mbedtls_printf(" . Key information ...\n"); - -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key); - - if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL, - NULL, &E)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto exit; - } - mbedtls_mpi_write_file("N: ", &N, 16, NULL); - mbedtls_mpi_write_file("E: ", &E, 16, NULL); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(key), 0) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto exit; - } - } else -#endif - mbedtls_printf("key type not supported yet\n"); - } else { - goto usage; - } - - if (opt.output_mode == OUTPUT_MODE_PUBLIC) { - write_public_key(&key, opt.output_file); - } - if (opt.output_mode == OUTPUT_MODE_PRIVATE) { - write_private_key(&key, opt.output_file); - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - if (exit_code != MBEDTLS_EXIT_SUCCESS) { -#ifdef MBEDTLS_ERROR_C - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" - %s\n", buf); */ -#else - mbedtls_printf("\n"); -#endif - } - -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); -#endif /* MBEDTLS_RSA_C */ - - mbedtls_pk_free(&key); - - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_exit(exit_code); -} -#endif /* program viability conditions */ diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c deleted file mode 100644 index a9c3190bf3..0000000000 --- a/programs/pkey/mpi_demo.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Simple MPI demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_FS_IO) -#include "mbedtls/bignum.h" - -#include -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(void) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_mpi E, P, Q, N, H, D, X, Y, Z; - - mbedtls_mpi_init(&E); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&N); - mbedtls_mpi_init(&H); mbedtls_mpi_init(&D); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); - mbedtls_mpi_init(&Z); - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P, 10, "2789")); - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&Q, 10, "3203")); - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&E, 10, "257")); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&N, &P, &Q)); - - mbedtls_printf("\n Public key:\n\n"); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" N = ", &N, 10, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" E = ", &E, 10, NULL)); - - mbedtls_printf("\n Private key:\n\n"); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" P = ", &P, 10, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Q = ", &Q, 10, NULL)); - -#if defined(MBEDTLS_GENPRIME) - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&P, &P, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&Q, &Q, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&H, &P, &Q)); - MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&D, &E, &H)); - - mbedtls_mpi_write_file(" D = E^-1 mod (P-1)*(Q-1) = ", - &D, 10, NULL); -#else - mbedtls_printf("\nTest skipped (MBEDTLS_GENPRIME not defined).\n\n"); -#endif - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&X, 10, "55555")); - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Y, &X, &E, &N, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Z, &Y, &D, &N, NULL)); - - mbedtls_printf("\n RSA operation:\n\n"); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" X (plaintext) = ", &X, 10, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Y (ciphertext) = X^E mod N = ", &Y, 10, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Z (decrypted) = Y^D mod N = ", &Z, 10, NULL)); - mbedtls_printf("\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -cleanup: - mbedtls_mpi_free(&E); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&N); - mbedtls_mpi_free(&H); mbedtls_mpi_free(&D); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); - mbedtls_mpi_free(&Z); - - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("\nAn error occurred.\n"); - } - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c deleted file mode 100644 index d2bfde50f0..0000000000 --- a/programs/pkey/pk_decrypt.c +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Public key-based simple decryption program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/pk.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - unsigned c; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i, olen = 0; - mbedtls_pk_context pk; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char result[1024]; - unsigned char buf[512]; - const char *pers = "mbedtls_pk_decrypt"; - ((void) argv); - - mbedtls_pk_init(&pk); - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - - memset(result, 0, sizeof(result)); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc != 2) { - mbedtls_printf("usage: mbedtls_pk_decrypt \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . Reading private key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Extract the RSA encrypted value from the text file - */ - if ((f = fopen("result-enc.txt", "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", "result-enc.txt"); - ret = 1; - goto exit; - } - - i = 0; - while (fscanf(f, "%02X", (unsigned int *) &c) > 0 && - i < (int) sizeof(buf)) { - buf[i++] = (unsigned char) c; - } - - fclose(f); - - /* - * Decrypt the encrypted RSA data and print the result. - */ - mbedtls_printf("\n . Decrypting the encrypted data"); - fflush(stdout); - - if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_decrypt returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . OK\n\n"); - - mbedtls_printf("The decrypted result is: '%s'\n\n", result); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_pk_free(&pk); - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, (char *) buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c deleted file mode 100644 index 1ab2a3d60e..0000000000 --- a/programs/pkey/pk_encrypt.c +++ /dev/null @@ -1,155 +0,0 @@ -/* - * RSA simple data encryption program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \ - defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/pk.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i, olen = 0; - mbedtls_pk_context pk; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char input[1024]; - unsigned char buf[512]; - const char *pers = "mbedtls_pk_encrypt"; - - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - mbedtls_pk_init(&pk); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc != 3) { - mbedtls_printf("usage: mbedtls_pk_encrypt \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . Reading public key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - if (strlen(argv[2]) > 100) { - mbedtls_printf(" Input data larger than 100 characters.\n\n"); - goto exit; - } - - memcpy(input, argv[2], strlen(argv[2])); - - /* - * Calculate the RSA encryption of the hash. - */ - mbedtls_printf("\n . Generating the encrypted value"); - fflush(stdout); - - if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]), - buf, &olen, sizeof(buf))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_encrypt returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Write the signature into result-enc.txt - */ - if ((f = fopen("result-enc.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", - "result-enc.txt"); - ret = 1; - goto exit; - } - - for (i = 0; i < olen; i++) { - mbedtls_fprintf(f, "%02X%s", buf[i], - (i + 1) % 16 == 0 ? "\r\n" : " "); - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", "result-enc.txt"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_pk_free(&pk); - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, (char *) buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C && - MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c deleted file mode 100644 index c2c313ac1a..0000000000 --- a/programs/pkey/rsa_decrypt.c +++ /dev/null @@ -1,174 +0,0 @@ -/* - * RSA simple decryption program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/rsa.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include - -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - unsigned c; - size_t i; - mbedtls_rsa_context rsa; - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char result[1024]; - unsigned char buf[512]; - const char *pers = "rsa_decrypt"; - ((void) argv); - - memset(result, 0, sizeof(result)); - - if (argc != 1) { - mbedtls_printf("usage: rsa_decrypt\n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - mbedtls_exit(exit_code); - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - mbedtls_rsa_init(&rsa); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen(pers)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", - ret); - goto exit; - } - - mbedtls_printf("\n . Reading private key from rsa_priv.txt"); - fflush(stdout); - - if ((f = fopen("rsa_priv.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", - ret); - fclose(f); - goto exit; - } - fclose(f); - - if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n", - ret); - goto exit; - } - - if ((ret = mbedtls_rsa_complete(&rsa)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n", - ret); - goto exit; - } - - /* - * Extract the RSA encrypted value from the text file - */ - if ((f = fopen("result-enc.txt", "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", "result-enc.txt"); - goto exit; - } - - i = 0; - - while (fscanf(f, "%02X", (unsigned int *) &c) > 0 && - i < (int) sizeof(buf)) { - buf[i++] = (unsigned char) c; - } - - fclose(f); - - if (i != mbedtls_rsa_get_len(&rsa)) { - mbedtls_printf("\n ! Invalid RSA signature format\n\n"); - goto exit; - } - - /* - * Decrypt the encrypted RSA data and print the result. - */ - mbedtls_printf("\n . Decrypting the encrypted data"); - fflush(stdout); - - ret = mbedtls_rsa_pkcs1_decrypt(&rsa, mbedtls_ctr_drbg_random, - &ctr_drbg, &i, - buf, result, 1024); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n", - ret); - goto exit; - } - - mbedtls_printf("\n . OK\n\n"); - - mbedtls_printf("The decrypted result is: '%s'\n\n", result); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_rsa_free(&rsa); - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c deleted file mode 100644 index e1ed252bb2..0000000000 --- a/programs/pkey/rsa_encrypt.c +++ /dev/null @@ -1,151 +0,0 @@ -/* - * RSA simple data encryption program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \ - defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/rsa.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_rsa_context rsa; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char input[1024]; - unsigned char buf[512]; - const char *pers = "rsa_encrypt"; - mbedtls_mpi N, E; - - if (argc != 2) { - mbedtls_printf("usage: rsa_encrypt \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - mbedtls_exit(exit_code); - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); - mbedtls_rsa_init(&rsa); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - - ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen(pers)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", - ret); - goto exit; - } - - mbedtls_printf("\n . Reading public key from rsa_pub.txt"); - fflush(stdout); - - if ((f = fopen("rsa_pub.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", - ret); - fclose(f); - goto exit; - } - fclose(f); - - if ((ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n", - ret); - goto exit; - } - - if (strlen(argv[1]) > 100) { - mbedtls_printf(" Input data larger than 100 characters.\n\n"); - goto exit; - } - - memcpy(input, argv[1], strlen(argv[1])); - - /* - * Calculate the RSA encryption of the hash. - */ - mbedtls_printf("\n . Generating the RSA encrypted value"); - fflush(stdout); - - ret = mbedtls_rsa_pkcs1_encrypt(&rsa, mbedtls_ctr_drbg_random, - &ctr_drbg, strlen(argv[1]), input, buf); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n", - ret); - goto exit; - } - - /* - * Write the signature into result-enc.txt - */ - if ((f = fopen("result-enc.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", "result-enc.txt"); - goto exit; - } - - for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) { - mbedtls_fprintf(f, "%02X%s", buf[i], - (i + 1) % 16 == 0 ? "\r\n" : " "); - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", "result-enc.txt"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_rsa_free(&rsa); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C && - MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c deleted file mode 100644 index 3dfa8529eb..0000000000 --- a/programs/pkey/rsa_genkey.c +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Example RSA key generation program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/bignum.h" -#include "mbedtls/rsa.h" - -#include -#include -#endif - -#define KEY_SIZE 2048 -#define EXPONENT 65537 - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_GENPRIME) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(void) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_rsa_context rsa; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - FILE *fpub = NULL; - FILE *fpriv = NULL; - const char *pers = "rsa_genkey"; - - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_rsa_init(&rsa); - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE); - fflush(stdout); - - if ((ret = mbedtls_rsa_gen_key(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE, - EXPONENT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_gen_key returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Exporting the public key in rsa_pub.txt...."); - fflush(stdout); - - if ((ret = mbedtls_rsa_export(&rsa, &N, &P, &Q, &D, &E)) != 0 || - (ret = mbedtls_rsa_export_crt(&rsa, &DP, &DQ, &QP)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto exit; - } - - if ((fpub = fopen("rsa_pub.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! could not open rsa_pub.txt for writing\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpub)) != 0 || - (ret = mbedtls_mpi_write_file("E = ", &E, 16, fpub)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Exporting the private key in rsa_priv.txt..."); - fflush(stdout); - - if ((fpriv = fopen("rsa_priv.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! could not open rsa_priv.txt for writing\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("E = ", &E, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("D = ", &D, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("P = ", &P, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("Q = ", &Q, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("DP = ", &DP, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("DQ = ", &DQ, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("QP = ", &QP, 16, fpriv)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret); - goto exit; - } - mbedtls_printf(" ok\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - if (fpub != NULL) { - fclose(fpub); - } - - if (fpriv != NULL) { - fclose(fpriv); - } - - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - mbedtls_rsa_free(&rsa); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C && - MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c deleted file mode 100644 index e88e4e33b6..0000000000 --- a/programs/pkey/rsa_sign.c +++ /dev/null @@ -1,157 +0,0 @@ -/* - * RSA/SHA-256 signature creation program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_MD_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/rsa.h" - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_rsa_context rsa; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - char filename[512]; - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - - mbedtls_rsa_init(&rsa); - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - if (argc != 2) { - mbedtls_printf("usage: rsa_sign \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Reading private key from rsa_priv.txt"); - fflush(stdout); - - if ((f = fopen("rsa_priv.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret); - fclose(f); - goto exit; - } - fclose(f); - - if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n", - ret); - goto exit; - } - - if ((ret = mbedtls_rsa_complete(&rsa)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n", - ret); - goto exit; - } - - mbedtls_printf("\n . Checking the private key"); - fflush(stdout); - if ((ret = mbedtls_rsa_check_privkey(&rsa)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_check_privkey failed with -0x%0x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Compute the SHA-256 hash of the input file, - * then calculate the RSA signature of the hash. - */ - mbedtls_printf("\n . Generating the RSA/SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[1], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[1]); - goto exit; - } - - if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, NULL, NULL, MBEDTLS_MD_SHA256, - 32, hash, buf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Write the signature into .sig - */ - mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]); - - if ((f = fopen(filename, "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", argv[1]); - goto exit; - } - - for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) { - mbedtls_fprintf(f, "%02X%s", buf[i], - (i + 1) % 16 == 0 ? "\r\n" : " "); - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", filename); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_rsa_free(&rsa); - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c deleted file mode 100644 index af6156cdba..0000000000 --- a/programs/pkey/rsa_verify.c +++ /dev/null @@ -1,136 +0,0 @@ -/* - * RSA/SHA-256 signature verification program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_MD_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/rsa.h" - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - unsigned c; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_rsa_context rsa; - mbedtls_mpi N, E; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - char filename[512]; - - mbedtls_rsa_init(&rsa); - mbedtls_mpi_init(&N); - mbedtls_mpi_init(&E); - - if (argc != 2) { - mbedtls_printf("usage: rsa_verify \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Reading public key from rsa_pub.txt"); - fflush(stdout); - - if ((f = fopen("rsa_pub.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || - (ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret); - fclose(f); - goto exit; - } - fclose(f); - - /* - * Extract the RSA signature from the text file - */ - mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]); - - if ((f = fopen(filename, "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", filename); - goto exit; - } - - i = 0; - while (fscanf(f, "%02X", (unsigned int *) &c) > 0 && - i < (int) sizeof(buf)) { - buf[i++] = (unsigned char) c; - } - - fclose(f); - - if (i != mbedtls_rsa_get_len(&rsa)) { - mbedtls_printf("\n ! Invalid RSA signature format\n\n"); - goto exit; - } - - /* - * Compute the SHA-256 hash of the input file and - * verify the signature - */ - mbedtls_printf("\n . Verifying the RSA/SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[1], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[1]); - goto exit; - } - - if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256, - 32, hash, buf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . OK (the signature is valid)\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_rsa_free(&rsa); - mbedtls_mpi_free(&N); - mbedtls_mpi_free(&E); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_FS_IO */ diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt deleted file mode 100644 index 76cb8407af..0000000000 --- a/programs/random/CMakeLists.txt +++ /dev/null @@ -1,16 +0,0 @@ -set(executables - gen_entropy - gen_random_ctr_drbg -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c deleted file mode 100644 index eb85b62690..0000000000 --- a/programs/random/gen_entropy.c +++ /dev/null @@ -1,77 +0,0 @@ -/** - * \brief Use and generate multiple entropies calls into a file - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) -#include "mbedtls/entropy.h" - -#include -#endif - -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int i, k, ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_entropy_context entropy; - unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; - - if (argc < 2) { - mbedtls_fprintf(stderr, "usage: %s \n", argv[0]); - mbedtls_exit(exit_code); - } - - if ((f = fopen(argv[1], "wb+")) == NULL) { - mbedtls_printf("failed to open '%s' for writing.\n", argv[1]); - mbedtls_exit(exit_code); - } - - mbedtls_entropy_init(&entropy); - - for (i = 0, k = 768; i < k; i++) { - ret = mbedtls_entropy_func(&entropy, buf, sizeof(buf)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_entropy_func returned -%04X\n", - (unsigned int) ret); - goto cleanup; - } - - fwrite(buf, 1, sizeof(buf), f); - - mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \ - "%% done\r", - (long) (sizeof(buf) * k / 1024), - argv[1], - (100 * (float) (i + 1)) / k); - fflush(stdout); - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -cleanup: - mbedtls_printf("\n"); - - fclose(f); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_ENTROPY_C */ diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c deleted file mode 100644 index 793c8ac88c..0000000000 --- a/programs/random/gen_random_ctr_drbg.c +++ /dev/null @@ -1,109 +0,0 @@ -/** - * \brief Use and generate random data into a file via the CTR_DBRG based on AES - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_FS_IO) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#endif - -#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int i, k, ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - unsigned char buf[1024]; - - mbedtls_ctr_drbg_init(&ctr_drbg); - - if (argc < 2) { - mbedtls_fprintf(stderr, "usage: %s \n", argv[0]); - mbedtls_exit(exit_code); - } - - if ((f = fopen(argv[1], "wb+")) == NULL) { - mbedtls_printf("failed to open '%s' for writing.\n", argv[1]); - mbedtls_exit(exit_code); - } - - mbedtls_entropy_init(&entropy); - ret = mbedtls_ctr_drbg_seed(&ctr_drbg, - mbedtls_entropy_func, - &entropy, - (const unsigned char *) "RANDOM_GEN", - 10); - if (ret != 0) { - mbedtls_printf("failed in mbedtls_ctr_drbg_seed: %d\n", ret); - goto cleanup; - } - mbedtls_ctr_drbg_set_prediction_resistance(&ctr_drbg, MBEDTLS_CTR_DRBG_PR_OFF); - -#if defined(MBEDTLS_FS_IO) - ret = mbedtls_ctr_drbg_update_seed_file(&ctr_drbg, "seedfile"); - - if (ret == MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR) { - mbedtls_printf("Failed to open seedfile. Generating one.\n"); - ret = mbedtls_ctr_drbg_write_seed_file(&ctr_drbg, "seedfile"); - if (ret != 0) { - mbedtls_printf("failed in mbedtls_ctr_drbg_write_seed_file: %d\n", ret); - goto cleanup; - } - } else if (ret != 0) { - mbedtls_printf("failed in mbedtls_ctr_drbg_update_seed_file: %d\n", ret); - goto cleanup; - } -#endif - - for (i = 0, k = 768; i < k; i++) { - ret = mbedtls_ctr_drbg_random(&ctr_drbg, buf, sizeof(buf)); - if (ret != 0) { - mbedtls_printf("failed!\n"); - goto cleanup; - } - - fwrite(buf, 1, sizeof(buf), f); - - mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \ - "%% done\r", - (long) (sizeof(buf) * k / 1024), - argv[1], - (100 * (float) (i + 1)) / k); - fflush(stdout); - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -cleanup: - mbedtls_printf("\n"); - - fclose(f); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */ diff --git a/programs/wince_main.c b/programs/wince_main.c deleted file mode 100644 index de11162291..0000000000 --- a/programs/wince_main.c +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Windows CE console application entry point - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#if defined(_WIN32_WCE) - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include - -extern int main(int, const char **); - -int _tmain(int argc, _TCHAR *targv[]) -{ - char **argv; - int i; - - argv = (char **) calloc(argc, sizeof(char *)); - - for (i = 0; i < argc; i++) { - size_t len; - len = _tcslen(targv[i]) + 1; - argv[i] = (char *) calloc(len, sizeof(char)); - wcstombs(argv[i], targv[i], len); - } - - return main(argc, argv); -} - -#endif /* defined(_WIN32_WCE) */ From 47111a1cb1efe636d22bcdb6c3105a2a8e1a5d21 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 6 Mar 2025 11:35:00 +0000 Subject: [PATCH 0342/1548] initial remove of mbedtls_ssl_conf_rng Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 11 ----------- library/ssl_tls.c | 8 -------- programs/fuzz/fuzz_client.c | 1 - programs/fuzz/fuzz_dtlsclient.c | 1 - programs/fuzz/fuzz_dtlsserver.c | 1 - programs/fuzz/fuzz_server.c | 1 - programs/ssl/dtls_client.c | 1 - programs/ssl/dtls_server.c | 1 - programs/ssl/mini_client.c | 2 -- programs/ssl/ssl_client1.c | 1 - programs/ssl/ssl_client2.c | 1 - programs/ssl/ssl_fork_server.c | 1 - programs/ssl/ssl_mail_client.c | 1 - programs/ssl/ssl_pthread_server.c | 1 - programs/ssl/ssl_server.c | 1 - programs/ssl/ssl_server2.c | 1 - programs/x509/cert_app.c | 1 - tests/src/test_helpers/ssl_helpers.c | 1 - tests/suites/test_suite_debug.function | 5 ----- tests/suites/test_suite_ssl.function | 6 ------ 20 files changed, 47 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 6c37fc3703..fa382253ca 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2060,17 +2060,6 @@ void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, void *p_vrfy); #endif /* MBEDTLS_X509_CRT_PARSE_C */ -/** - * \brief Set the random number generator callback - * - * \param conf SSL configuration - * \param f_rng RNG function (mandatory) - * \param p_rng RNG parameter - */ -void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); - /** * \brief Set the debug callback * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7eb181e373..8f90fa1b98 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1526,14 +1526,6 @@ void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, } #endif /* MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) -{ - conf->f_rng = f_rng; - conf->p_rng = p_rng; -} - void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf, void (*f_dbg)(void *, int, const char *, int, const char *), void *p_dbg) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 209422399f..03a6337d48 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -142,7 +142,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes srand(1); - mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); if (mbedtls_ssl_setup(&ssl, &conf) != 0) { goto exit; diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index e667d8b3d0..31c6c9bdd6 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -85,7 +85,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); #endif mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); - mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); if (mbedtls_ssl_setup(&ssl, &conf) != 0) { goto exit; diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 740dea5aaf..2228d070aa 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -100,7 +100,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) srand(1); - mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 857b1b64f9..a1e03d4502 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -113,7 +113,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } srand(1); - mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 3277e525f8..26eb20d49f 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -169,7 +169,6 @@ int main(int argc, char *argv[]) * Production code should set a proper ca chain and use REQUIRED. */ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS); diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index a10a6e6bb2..0e155fd0d2 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -200,7 +200,6 @@ int main(void) goto exit; } - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS); diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 39d07ab378..e3adb3cf8a 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -187,8 +187,6 @@ int main(void) goto exit; } - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); - #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk), (const unsigned char *) psk_id, sizeof(psk_id) - 1); diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index bd2572bc21..dba8aab658 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -150,7 +150,6 @@ int main(void) * but makes interop easier in this simplified example */ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index e4efadc0d1..6a5fca57de 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1906,7 +1906,6 @@ int main(int argc, char *argv[]) #endif #endif /* MBEDTLS_HAVE_TIME */ } - mbedtls_ssl_conf_rng(&conf, rng_get, &rng); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index f1eb21f3d9..f8752bb604 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -160,7 +160,6 @@ int main(void) goto exit; } - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 69aefef7db..521bc5418a 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -571,7 +571,6 @@ int main(int argc, char *argv[]) * but makes interop easier in this simplified example */ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) { diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 1214eb83fa..5701a7b838 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -401,7 +401,6 @@ int main(void) goto exit; } - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_mutexed_debug, stdout); /* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 0f27b8227d..2f26ca4801 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -179,7 +179,6 @@ int main(void) goto exit; } - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); #if defined(MBEDTLS_SSL_CACHE_C) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 556e906498..633822297e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2925,7 +2925,6 @@ int main(int argc, char *argv[]) #endif #endif /* MBEDTLS_HAVE_TIME */ } - mbedtls_ssl_conf_rng(&conf, rng_get, &rng); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); #if defined(MBEDTLS_SSL_CACHE_C) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 1de439ce8b..d9d5bb60ac 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -383,7 +383,6 @@ int main(int argc, char *argv[]) mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); } - mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 1ebd5a6fa7..bffb35372b 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -767,7 +767,6 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_init(&(ep->ssl)); mbedtls_ssl_config_init(&(ep->conf)); - mbedtls_ssl_conf_rng(&(ep->conf), mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL); TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0); diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index f3c8ff6196..57b8f4e175 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -156,7 +156,6 @@ void debug_print_msg_threshold(int threshold, int level, char *file, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -194,7 +193,6 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -229,7 +227,6 @@ void mbedtls_debug_print_buf(char *file, int line, char *text, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -267,7 +264,6 @@ void mbedtls_debug_print_crt(char *crt_file, char *file, int line, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -306,7 +302,6 @@ void mbedtls_debug_print_mpi(char *value, char *file, int line, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 3f84458797..25aa44fc09 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1219,7 +1219,6 @@ void ssl_dtls_replay(data_t *prevs, data_t *new, int ret) MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_PRESET_DEFAULT) == 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -3033,7 +3032,6 @@ void conf_version(int endpoint, int transport, mbedtls_ssl_conf_transport(&conf, transport); mbedtls_ssl_conf_min_tls_version(&conf, min_tls_version); mbedtls_ssl_conf_max_tls_version(&conf, max_tls_version); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == expected_ssl_setup_result); TEST_EQUAL(mbedtls_ssl_conf_get_endpoint( @@ -3058,7 +3056,6 @@ void conf_group() mbedtls_ssl_config conf; mbedtls_ssl_config_init(&conf); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); @@ -3168,7 +3165,6 @@ void cookie_parsing(data_t *cookie, int exp_ret) MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); TEST_EQUAL(mbedtls_ssl_check_dtls_clihlo_cookie(&ssl, ssl.cli_id, @@ -3223,7 +3219,6 @@ void cid_sanity() MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT) == 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -3482,7 +3477,6 @@ void ssl_ecjpake_set_password(int use_opaque_arg) MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); From 602b2968caa8c38277eeaf86b55ab22510a28c43 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 7 Mar 2025 15:52:50 +0000 Subject: [PATCH 0343/1548] pre-test version of the mbedtls_ssl_conf_rng removal Signed-off-by: Ben Taylor --- library/ssl_client.c | 7 +++---- library/ssl_misc.h | 4 +--- library/ssl_msg.c | 13 +++---------- library/ssl_tls.c | 10 +++++----- library/ssl_tls12_server.c | 9 +++++---- library/ssl_tls13_server.c | 7 +++---- tests/suites/test_suite_ssl.function | 9 +++------ 7 files changed, 23 insertions(+), 36 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index be4d621d6c..f8abfde377 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -725,8 +725,7 @@ static int ssl_generate_random(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_HAVE_TIME */ } - ret = ssl->conf->f_rng(ssl->conf->p_rng, - randbytes + gmt_unix_time_len, + ret = psa_generate_random(randbytes + gmt_unix_time_len, MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len); return ret; } @@ -867,8 +866,8 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl) if (session_id_len != session_negotiate->id_len) { session_negotiate->id_len = session_id_len; if (session_id_len > 0) { - ret = ssl->conf->f_rng(ssl->conf->p_rng, - session_negotiate->id, + + ret = psa_generate_random(session_negotiate->id, session_id_len); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "creating session id failed", ret); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index d12cee3ceb..e51a3df5ed 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1721,9 +1721,7 @@ void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform, - mbedtls_record *rec, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); + mbedtls_record *rec); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, mbedtls_ssl_transform *transform, diff --git a/library/ssl_msg.c b/library/ssl_msg.c index f5ea8dd277..96c1a7c96e 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -801,9 +801,7 @@ static void ssl_build_record_nonce(unsigned char *dst_iv, int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform, - mbedtls_record *rec, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) + mbedtls_record *rec) { mbedtls_ssl_mode_t ssl_mode; int auth_done = 0; @@ -1140,10 +1138,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, * Prepend per-record IV for block cipher in TLS v1.2 as per * Method 1 (6.2.3.2. in RFC4346 and RFC5246) */ - if (f_rng == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("No PRNG provided to encrypt_record routine")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } if (rec->data_offset < transform->ivlen) { MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); @@ -1153,7 +1147,7 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, /* * Generate IV */ - ret = f_rng(p_rng, transform->iv_enc, transform->ivlen); + ret = psa_generate_random(transform->iv_enc, transform->ivlen); if (ret != 0) { return ret; } @@ -2725,8 +2719,7 @@ int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, int force_flush) rec.cid_len = 0; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec, - ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "ssl_encrypt_buf", ret); return ret; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8f90fa1b98..20a2538290 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1223,11 +1223,6 @@ static int ssl_conf_check(const mbedtls_ssl_context *ssl) return ret; } - if (ssl->conf->f_rng == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided")); - return MBEDTLS_ERR_SSL_NO_RNG; - } - /* Space for further checks */ return 0; @@ -1249,6 +1244,7 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, if ((ret = ssl_conf_check(ssl)) != 0) { return ret; } + ssl->tls_version = ssl->conf->max_tls_version; /* @@ -1289,6 +1285,10 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, goto error; } + if((ret = psa_crypto_init()) != 0) { + goto error; + } + return 0; error: diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 84d5994ca0..d3c422369a 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2133,14 +2133,14 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %" MBEDTLS_PRINTF_LONGLONG, (long long) t)); #else - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 4)) != 0) { + if ((ret = psa_generate_random(ssl->conf->p_rng, p, 4)) != 0) { return ret; } p += 4; #endif /* MBEDTLS_HAVE_TIME */ - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 20)) != 0) { + if ((ret = psa_generate_random(p, 20)) != 0) { return ret; } p += 20; @@ -2166,7 +2166,8 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) } else #endif { - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 8)) != 0) { + + if ((ret = psa_generate_random(p, 8)) != 0) { return ret; } } @@ -2197,7 +2198,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_SESSION_TICKETS */ { ssl->session_negotiate->id_len = n = 32; - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, ssl->session_negotiate->id, + if ((ret = psa_generate_random(ssl->session_negotiate->id, n)) != 0) { return ret; } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 1dde4ab3c9..4ef23f8fc2 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1996,7 +1996,7 @@ static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) unsigned char *server_randbytes = ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN; - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes, + if ((ret = psa_generate_random(server_randbytes, MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret); return ret; @@ -3172,8 +3172,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, #endif /* Generate ticket_age_add */ - if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, - (unsigned char *) &session->ticket_age_add, + if ((ret = psa_generate_random((unsigned char *) &session->ticket_age_add, sizeof(session->ticket_age_add)) != 0)) { MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_age_add", ret); return ret; @@ -3182,7 +3181,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, (unsigned int) session->ticket_age_add)); /* Generate ticket_nonce */ - ret = ssl->conf->f_rng(ssl->conf->p_rng, ticket_nonce, ticket_nonce_size); + ret = psa_generate_random(ticket_nonce, ticket_nonce_size); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_nonce", ret); return ret; diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 25aa44fc09..743b53c007 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1340,8 +1340,7 @@ void ssl_crypt_record(int cipher_type, int hash_id, rec_backup = rec; /* Encrypt record */ - ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec, - mbedtls_test_rnd_std_rand, NULL); + ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec); TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); if (ret != 0) { continue; @@ -1494,8 +1493,7 @@ void ssl_crypt_record_small(int cipher_type, int hash_id, rec_backup = rec; /* Encrypt record */ - ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec, - mbedtls_test_rnd_std_rand, NULL); + ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec); if (ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { /* It's ok if the output buffer is too small. We do insist @@ -1948,8 +1946,7 @@ void ssl_tls13_record_protection(int ciphersuite, memset(&rec.ctr[0], 0, 8); rec.ctr[7] = ctr; - TEST_ASSERT(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec, - NULL, NULL) == 0); + TEST_ASSERT(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec) == 0); if (padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) { TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len, From fd52984896a4cb6359987e227b914a42901e7384 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 10 Mar 2025 08:27:42 +0000 Subject: [PATCH 0344/1548] resolved ci failures Signed-off-by: Ben Taylor --- library/ssl_msg.c | 2 -- library/ssl_tls12_server.c | 3 +-- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 96c1a7c96e..847b1daf2a 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -827,8 +827,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, * for CBC transformations in TLS 1.2. */ #if !(defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ defined(MBEDTLS_SSL_PROTO_TLS1_2)) - ((void) f_rng); - ((void) p_rng); #endif MBEDTLS_SSL_DEBUG_MSG(2, ("=> encrypt buf")); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index d3c422369a..055e75ad8b 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2133,7 +2133,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %" MBEDTLS_PRINTF_LONGLONG, (long long) t)); #else - if ((ret = psa_generate_random(ssl->conf->p_rng, p, 4)) != 0) { + if ((ret = psa_generate_random(p, 4)) != 0) { return ret; } @@ -2166,7 +2166,6 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) } else #endif { - if ((ret = psa_generate_random(p, 8)) != 0) { return ret; } From 6ff2da196a3d6ab2f93409ba7a915031d16d0e29 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 17 Mar 2025 09:26:20 +0000 Subject: [PATCH 0345/1548] added further debug Signed-off-by: Ben Taylor --- library/ssl_tls.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 20a2538290..1656f83336 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4467,10 +4467,13 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { + if (ssl->conf != NULL) { + if (ssl->conf->f_async_cancel != NULL) { + if(handshake->async_in_progress != 0) { ssl->conf->f_async_cancel(ssl); handshake->async_in_progress = 0; - } + }}} + #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(PSA_WANT_ALG_SHA_256) From d5d707842ce6fba99af8e72947f464d7faf58de3 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 18 Mar 2025 09:16:14 +0000 Subject: [PATCH 0346/1548] removed NR psa-init Signed-off-by: Ben Taylor --- library/ssl_tls.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1656f83336..3b62df4ca9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1285,10 +1285,6 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, goto error; } - if((ret = psa_crypto_init()) != 0) { - goto error; - } - return 0; error: From 0deda0e34ca23ff36fa6904d4ba681931863e0c4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 18 Mar 2025 11:27:37 +0000 Subject: [PATCH 0347/1548] Update debug Signed-off-by: Ben Taylor --- library/ssl_tls13_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 4ef23f8fc2..6fa90d444f 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1998,7 +1998,7 @@ static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) if ((ret = psa_generate_random(server_randbytes, MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret); + MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_random", ret); return ret; } From 1cd1e01897a2c8b1a10654852bfcee51d19f7fc3 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 18 Mar 2025 11:50:39 +0000 Subject: [PATCH 0348/1548] Correct code style Signed-off-by: Ben Taylor --- library/ssl_client.c | 4 ++-- library/ssl_tls.c | 12 +++++++----- library/ssl_tls12_server.c | 2 +- library/ssl_tls13_server.c | 4 ++-- 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index f8abfde377..cb57a97669 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -726,7 +726,7 @@ static int ssl_generate_random(mbedtls_ssl_context *ssl) } ret = psa_generate_random(randbytes + gmt_unix_time_len, - MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len); + MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len); return ret; } @@ -868,7 +868,7 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl) if (session_id_len > 0) { ret = psa_generate_random(session_negotiate->id, - session_id_len); + session_id_len); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "creating session id failed", ret); return ret; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3b62df4ca9..2a759832bf 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4464,11 +4464,13 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if (ssl->conf != NULL) { - if (ssl->conf->f_async_cancel != NULL) { - if(handshake->async_in_progress != 0) { - ssl->conf->f_async_cancel(ssl); - handshake->async_in_progress = 0; - }}} + if (ssl->conf->f_async_cancel != NULL) { + if (handshake->async_in_progress != 0) { + ssl->conf->f_async_cancel(ssl); + handshake->async_in_progress = 0; + } + } + } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 055e75ad8b..e1785504b6 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2198,7 +2198,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) { ssl->session_negotiate->id_len = n = 32; if ((ret = psa_generate_random(ssl->session_negotiate->id, - n)) != 0) { + n)) != 0) { return ret; } } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6fa90d444f..dc50bee868 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1997,7 +1997,7 @@ static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN; if ((ret = psa_generate_random(server_randbytes, - MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) { + MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_random", ret); return ret; } @@ -3173,7 +3173,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, /* Generate ticket_age_add */ if ((ret = psa_generate_random((unsigned char *) &session->ticket_age_add, - sizeof(session->ticket_age_add)) != 0)) { + sizeof(session->ticket_age_add)) != 0)) { MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_age_add", ret); return ret; } From 1f091466c153739923180dbbf6179674fa65d290 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 19 Mar 2025 08:00:14 +0000 Subject: [PATCH 0349/1548] tidy up syntax Signed-off-by: Ben Taylor --- library/ssl_tls.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2a759832bf..f0da0ddce7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4464,11 +4464,9 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if (ssl->conf != NULL) { - if (ssl->conf->f_async_cancel != NULL) { - if (handshake->async_in_progress != 0) { + if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { ssl->conf->f_async_cancel(ssl); handshake->async_in_progress = 0; - } } } From 9774e9a176c26c15447f3032c7ea9a67a6429e4f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 19 Mar 2025 11:45:38 +0000 Subject: [PATCH 0350/1548] corrected code style Signed-off-by: Ben Taylor --- library/ssl_tls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f0da0ddce7..776b8da337 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4465,8 +4465,8 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if (ssl->conf != NULL) { if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { - ssl->conf->f_async_cancel(ssl); - handshake->async_in_progress = 0; + ssl->conf->f_async_cancel(ssl); + handshake->async_in_progress = 0; } } From fb68b8cf57e865e7175af74ed069384bae093f35 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 19 Mar 2025 13:35:56 +0000 Subject: [PATCH 0351/1548] Remove empty ifdef Signed-off-by: Ben Taylor --- library/ssl_msg.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 847b1daf2a..be0dc92720 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -823,12 +823,6 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, ((void) ssl); #endif - /* The PRNG is used for dynamic IV generation that's used - * for CBC transformations in TLS 1.2. */ -#if !(defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ - defined(MBEDTLS_SSL_PROTO_TLS1_2)) -#endif - MBEDTLS_SSL_DEBUG_MSG(2, ("=> encrypt buf")); if (transform == NULL) { From 03c05c336ef035251dd170120b8bad1ca8f882c3 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 19 Mar 2025 13:36:13 +0000 Subject: [PATCH 0352/1548] Remove additional line Signed-off-by: Ben Taylor --- library/ssl_tls.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 776b8da337..619e8db311 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1244,7 +1244,6 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, if ((ret = ssl_conf_check(ssl)) != 0) { return ret; } - ssl->tls_version = ssl->conf->max_tls_version; /* From b9f83b3d07f9bc397ec4e60c2410a05064823b31 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 19 Mar 2025 13:51:42 +0000 Subject: [PATCH 0353/1548] Remove srand from fuzz Signed-off-by: Ben Taylor --- programs/fuzz/fuzz_client.c | 2 -- programs/fuzz/fuzz_dtlsclient.c | 1 - programs/fuzz/fuzz_dtlsserver.c | 3 --- programs/fuzz/fuzz_server.c | 2 -- 4 files changed, 8 deletions(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 03a6337d48..6d3b73fa93 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -141,8 +141,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) //There may be other options to add : // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes - srand(1); - if (mbedtls_ssl_setup(&ssl, &conf) != 0) { goto exit; } diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index 31c6c9bdd6..efe1362275 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -68,7 +68,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - srand(1); if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { goto exit; diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 2228d070aa..31eb514275 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -98,9 +98,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) goto exit; } - - srand(1); - #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) { diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index a1e03d4502..bb9dd0a58c 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -112,8 +112,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) goto exit; } - srand(1); - #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) { From c12152e53e430b9c76917144e258f4ac59761d62 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 21 Mar 2025 11:03:04 +0000 Subject: [PATCH 0354/1548] corrected style Signed-off-by: Ben Taylor --- library/ssl_tls.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 619e8db311..7fbb0b5b50 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4462,11 +4462,9 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ssl->conf != NULL) { - if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { - ssl->conf->f_async_cancel(ssl); - handshake->async_in_progress = 0; - } + if (ssl->conf != NULL && ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { + ssl->conf->f_async_cancel(ssl); + handshake->async_in_progress = 0; } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ From 8224e7126220b05291bfbec4a4986a812a7b7211 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 21 Mar 2025 12:02:16 +0000 Subject: [PATCH 0355/1548] remove NULL guard Signed-off-by: Ben Taylor --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7fbb0b5b50..4635a85913 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4462,7 +4462,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if (ssl->conf != NULL && ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { + if(ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { ssl->conf->f_async_cancel(ssl); handshake->async_in_progress = 0; } From cd2660fb0efbdd3525141a0578ccd1d2de24d87d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 21 Mar 2025 13:13:29 +0000 Subject: [PATCH 0356/1548] fixed code style Signed-off-by: Ben Taylor --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4635a85913..94de3430cc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4462,7 +4462,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if(ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { + if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { ssl->conf->f_async_cancel(ssl); handshake->async_in_progress = 0; } From ddbf729ef7a222e5ffbf254c762db67a7135de31 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 7 Mar 2025 09:33:33 +0100 Subject: [PATCH 0357/1548] Add directory and list arguments to generate_visualc_files.pl Signed-off-by: Ronald Cron --- scripts/generate_visualc_files.pl | 32 +++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 053040a9c5..32935f26f2 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -11,9 +11,18 @@ use warnings; use strict; +use Getopt::Long; use Digest::MD5 'md5_hex'; +# Declare variables for options my $vsx_dir = "visualc/VS2017"; +my $list = 0; # Default off + +GetOptions( + "directory=s" => \$vsx_dir, # Target directory + "list" => \$list # Only list generated files +) or die "Invalid options\n"; + my $vsx_ext = "vcxproj"; my $vsx_app_tpl_file = "scripts/data_files/vs2017-app-template.$vsx_ext"; my $vsx_main_tpl_file = "scripts/data_files/vs2017-main-template.$vsx_ext"; @@ -280,7 +289,9 @@ sub main { # Remove old files to ensure that, for example, project files from deleted # apps are not kept - del_vsx_files(); + if (not $list) { + del_vsx_files(); + } my @app_list = get_app_list(); my @header_dirs = ( @@ -313,13 +324,22 @@ sub main { map { s!/!\\!g } @headers; map { s!/!\\!g } @sources; - gen_app_files( @app_list ); + if ($list) { + foreach my $app (@app_list) { + $app =~ s/.*\///; + print "$vsx_dir/$app.$vsx_ext\n"; + } + print "$vsx_main_file\n"; + print "$vsx_sln_file\n"; + } else { + gen_app_files( @app_list ); - gen_main_file( \@headers, \@sources, - $vsx_hdr_tpl, $vsx_src_tpl, - $vsx_main_tpl_file, $vsx_main_file ); + gen_main_file( \@headers, \@sources, + $vsx_hdr_tpl, $vsx_src_tpl, + $vsx_main_tpl_file, $vsx_main_file ); - gen_vsx_solution( @app_list ); + gen_vsx_solution( @app_list ); + } return 0; } From a1e1c2ce3c2ff2a1d2d033679a870f7f3ff5da29 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 14 Feb 2025 17:41:33 +0100 Subject: [PATCH 0358/1548] Update framework pointer Signed-off-by: Ronald Cron --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 2b03d62924..28dc4cae3f 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 2b03d629240c0c23a0bfa5444f005b8d9b6f8ba8 +Subproject commit 28dc4cae3f71f5425dd42953c6f2f38d49123bee From 81a674eee8096ce43253e3d29b0c2cc0d8836e10 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 11 Mar 2025 12:53:45 +0100 Subject: [PATCH 0359/1548] Adapt to generate_config_tests.py changes Adapt builds and check-generated-files.sh to the fact that generate_config_tests.py does not generate test_suite_config.psa_boolean.data in Mbed TLS 4.x context anymore. Signed-off-by: Ronald Cron --- scripts/make_generated_files.bat | 4 ++-- tests/CMakeLists.txt | 11 ++--------- tests/Makefile | 21 ++++++++++++++------- tests/scripts/check-generated-files.sh | 8 ++++---- 4 files changed, 22 insertions(+), 22 deletions(-) diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index bef198f361..f632d32e9f 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -21,12 +21,12 @@ perl scripts\generate_visualc_files.pl || exit /b 1 @rem @@@@ programs\** @@@@ cd tf-psa-crypto python scripts\generate_psa_constants.py || exit /b 1 +python framework\scripts\generate_config_tests.py || exit /b 1 cd .. @rem @@@@ tests\** @@@@ python framework\scripts\generate_bignum_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 -python framework\scripts\generate_config_tests.py tests\suites\test_suite_config.mbedtls_boolean.data || exit /b 1 -python framework\scripts\generate_config_tests.py --directory tf-psa-crypto\tests\suites tests\suites\test_suite_config.psa_boolean.data || exit /b 1 +python framework\scripts\generate_config_tests.py || exit /b 1 python framework\scripts\generate_ecp_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 python framework\scripts\generate_psa_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 python framework\scripts\generate_test_keys.py --output framework\tests\include\test\test_keys.h || exit /b 1 diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index a56a707f41..ce63d23769 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -19,15 +19,9 @@ execute_process( WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/.. OUTPUT_VARIABLE - base_config_generated_data_files_raw) + base_config_generated_data_files) string(REGEX REPLACE "[^;]*/" "" - base_config_generated_data_files_raw "${base_config_generated_data_files_raw}") -# Can be replace by list(FILTER ...) when CI CMake version is >=3.6 -foreach(file ${base_config_generated_data_files_raw}) - if(${file} MATCHES "mbedtls") - list(APPEND base_config_generated_data_files ${file}) - endif() -endforeach() + base_config_generated_data_files "${base_config_generated_data_files}") # Derive generated file paths in the build directory. The generated data # files go into the suites/ subdirectory. @@ -50,7 +44,6 @@ if(GEN_FILES) ${MBEDTLS_PYTHON_EXECUTABLE} ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py --directory ${CMAKE_CURRENT_BINARY_DIR}/suites - ${config_generated_data_files} DEPENDS ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py # Do not declare the configuration files as dependencies: they diff --git a/tests/Makefile b/tests/Makefile index b6f2f8caff..c44369b47d 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -25,16 +25,23 @@ $(error "$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list" failed) endif GENERATED_CRYPTO_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES) -GENERATED_CONFIG_DATA_FILES_RAW := $(patsubst tests/%,%,$(shell \ +GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(patsubst tests/%,%,$(shell \ $(PYTHON) ../framework/scripts/generate_config_tests.py --list || \ echo FAILED \ )) -ifeq ($(GENERATED_CONFIG_DATA_FILES),FAILED) +ifeq ($(GENERATED_MBEDTLS_CONFIG_DATA_FILES),FAILED) $(error "$(PYTHON) ../framework/scripts/generate_config_tests.py --list" failed) endif -GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(foreach file,$(GENERATED_CONFIG_DATA_FILES_RAW),$(if $(findstring mbedtls,$(file)),$(file),)) -GENERATED_PSA_CONFIG_DATA_FILES := $(foreach file,$(GENERATED_CONFIG_DATA_FILES_RAW),$(if $(findstring psa,$(file)),$(addprefix ../tf-psa-crypto/tests/,$(file)),)) -GENERATED_CONFIG_DATA_FILES := $(GENERATED_MBEDTLS_CONFIG_DATA_FILES)$(GENERATED_PSA_CONFIG_DATA_FILES) + +GENERATED_PSA_CONFIG_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ + $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list || \ + echo FAILED \ +)) +ifeq ($(GENERATED_PSA_CONFIG_DATA_FILES),FAILED) +$(error "$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list" failed) +endif + +GENERATED_CONFIG_DATA_FILES := $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) $(GENERATED_PSA_CONFIG_DATA_FILES) GENERATED_DATA_FILES += $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_CONFIG_DATA_FILES) @@ -112,8 +119,8 @@ generated_config_test_data: ../framework/scripts/mbedtls_framework/test_case.py generated_config_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py generated_config_test_data: echo " Gen $(GENERATED_CONFIG_DATA_FILES)" - $(PYTHON) ../framework/scripts/generate_config_tests.py $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) - $(PYTHON) ../framework/scripts/generate_config_tests.py --directory ../tf-psa-crypto/tests/suites $(GENERATED_PSA_CONFIG_DATA_FILES) + $(PYTHON) ../framework/scripts/generate_config_tests.py + cd ../tf-psa-crypto && $(PYTHON) ./framework/scripts/generate_config_tests.py .SECONDARY: generated_config_test_data $(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index ba10024ee8..2e104ee29a 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -141,10 +141,10 @@ check() if [ -d tf-psa-crypto ]; then cd tf-psa-crypto check scripts/generate_psa_constants.py ./programs/psa/psa_constant_names_generated.c - check ../framework/scripts/generate_bignum_tests.py $(../framework/scripts/generate_bignum_tests.py --list) - check ../framework/scripts/generate_config_tests.py tests/suites/test_suite_config.psa_boolean.data - check ../framework/scripts/generate_ecp_tests.py $(../framework/scripts/generate_ecp_tests.py --list) - check ../framework/scripts/generate_psa_tests.py $(../framework/scripts/generate_psa_tests.py --list) + check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bignum_tests.py --list) + check framework/scripts/generate_config_tests.py $(framework/scripts/generate_config_tests.py --list) + check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list) + check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list) cd .. # Generated files that are present in the repository even in the development # branch. (This is intended to be temporary, until the generator scripts are From 99226e9b9b04f62a3815724d11231a0c37e93766 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 14 Feb 2025 15:43:22 +0100 Subject: [PATCH 0360/1548] cmake: Generate test_keys.h and test_certs.h in the build tree Signed-off-by: Ronald Cron --- CMakeLists.txt | 16 ++++++++++------ scripts/generate_visualc_files.pl | 7 +++++++ scripts/make_generated_files.bat | 16 ++++++++-------- tests/.gitignore | 4 ++-- tests/CMakeLists.txt | 1 + tests/Makefile | 16 ++++++++-------- tests/scripts/check-generated-files.sh | 4 ++-- tests/src/certs.c | 2 +- 8 files changed, 39 insertions(+), 27 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 9f23c3b2f7..a099356389 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -420,20 +420,22 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) if(GEN_FILES) add_custom_command( OUTPUT - ${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h + ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h + COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test COMMAND "${MBEDTLS_PYTHON_EXECUTABLE}" "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py" "--output" - "${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h" + "${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h" DEPENDS ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py ) add_custom_target(mbedtls_test_keys_header - DEPENDS ${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h) + DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h) add_dependencies(mbedtls_test mbedtls_test_keys_header) endif() target_include_directories(mbedtls_test + PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/tests/include PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include PRIVATE tests/include PRIVATE include @@ -454,20 +456,22 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) if(GEN_FILES) add_custom_command( OUTPUT - ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h + ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h + COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test COMMAND "${MBEDTLS_PYTHON_EXECUTABLE}" "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py" "--output" - "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h" + "${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h" DEPENDS ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py ) add_custom_target(mbedtls_test_certs_header - DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h) + DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h) add_dependencies(mbedtls_test_helpers mbedtls_test_certs_header) endif() target_include_directories(mbedtls_test_helpers + PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/tests/include PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include PRIVATE tests/include PRIVATE include diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 32935f26f2..81521896b4 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -42,6 +42,8 @@ my $crypto_source_dir = 'tf-psa-crypto/drivers/builtin/src'; my $tls_test_source_dir = 'tests/src'; my $tls_test_header_dir = 'tests/include/test'; +my $crypto_test_source_dir = 'tf-psa-crypto/tests/src'; +my $crypto_test_header_dir = 'tf-psa-crypto/tests/include/test'; my $test_source_dir = 'framework/tests/src'; my $test_header_dir = 'framework/tests/include/test'; my $test_drivers_header_dir = 'framework/tests/include/test/drivers'; @@ -68,6 +70,7 @@ tf-psa-crypto/drivers/everest/include/everest/vs2013 tf-psa-crypto/drivers/everest/include/everest/kremlib tests/include + tf-psa-crypto/tests/include framework/tests/include framework/tests/programs ); @@ -131,9 +134,11 @@ sub check_dirs { && -d $crypto_source_dir && -d $test_source_dir && -d $tls_test_source_dir + && -d $crypto_test_source_dir && -d $test_drivers_source_dir && -d $test_header_dir && -d $tls_test_header_dir + && -d $crypto_test_header_dir && -d $test_drivers_header_dir && -d $mbedtls_programs_dir && -d $framework_programs_dir @@ -300,6 +305,7 @@ sub main { $psa_header_dir, $test_header_dir, $tls_test_header_dir, + $crypto_test_header_dir, $test_drivers_header_dir, $tls_source_dir, $crypto_core_source_dir, @@ -314,6 +320,7 @@ sub main { $crypto_source_dir, $test_source_dir, $tls_test_source_dir, + $crypto_test_source_dir, $test_drivers_source_dir, @thirdparty_source_dirs, ); diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index f632d32e9f..418b6681a3 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -7,17 +7,12 @@ @rem the "CC" environment variable must point to a C compiler. @rem @@@@ library\** @@@@ -@rem psa_crypto_driver_wrappers.h needs to be generated prior to -@rem generate_visualc_files.pl being invoked. python tf-psa-crypto\scripts\generate_driver_wrappers.py || exit /b 1 perl scripts\generate_errors.pl || exit /b 1 perl scripts\generate_query_config.pl || exit /b 1 perl scripts\generate_features.pl || exit /b 1 python framework\scripts\generate_ssl_debug_helpers.py || exit /b 1 -@rem @@@@ Build @@@@ -perl scripts\generate_visualc_files.pl || exit /b 1 - @rem @@@@ programs\** @@@@ cd tf-psa-crypto python scripts\generate_psa_constants.py || exit /b 1 @@ -29,8 +24,13 @@ python framework\scripts\generate_bignum_tests.py --directory tf-psa-crypto\test python framework\scripts\generate_config_tests.py || exit /b 1 python framework\scripts\generate_ecp_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 python framework\scripts\generate_psa_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 -python framework\scripts\generate_test_keys.py --output framework\tests\include\test\test_keys.h || exit /b 1 -python tf-psa-crypto\framework\scripts\generate_test_keys.py --output tf-psa-crypto\framework\tests\include\test\test_keys.h || exit /b 1 -python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1 +python framework\scripts\generate_test_keys.py --output tests\include\test\test_keys.h || exit /b 1 +python tf-psa-crypto\framework\scripts\generate_test_keys.py --output tf-psa-crypto\tests\include\test\test_keys.h || exit /b 1 +python framework\scripts\generate_test_cert_macros.py --output tests\include\test\test_certs.h || exit /b 1 python framework\scripts\generate_tls_handshake_tests.py || exit /b 1 python framework\scripts\generate_tls13_compat_tests.py || exit /b 1 + +@rem @@@@ Build @@@@ +@rem Call generate_visualc_files.pl last to be sure everything else has been +@rem generated before. +perl scripts\generate_visualc_files.pl || exit /b 1 diff --git a/tests/.gitignore b/tests/.gitignore index a4a0309fa8..e58c8f0554 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -22,6 +22,6 @@ /opt-testcases/tls13-compat.sh /suites/*.generated.data /suites/test_suite_config.mbedtls_boolean.data -/src/test_keys.h -/src/test_certs.h +/include/test/test_keys.h +/include/test/test_certs.h ###END_GENERATED_FILES### diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index ce63d23769..d12133d300 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -176,6 +176,7 @@ function(add_test_suite suite_name) # files are automatically included because the library targets declare # them as PUBLIC. target_include_directories(test_suite_${data_name} + PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../framework/tests/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library diff --git a/tests/Makefile b/tests/Makefile index c44369b47d..87a6ca1777 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -64,9 +64,9 @@ endif GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_DATA_FILES) GENERATED_FILES = $(GENERATED_DATA_FILES) $(GENERATED_CRYPTO_DATA_FILES) -GENERATED_FILES += ../framework/tests/include/test/test_keys.h \ - ../tf-psa-crypto/framework/tests/include/test/test_keys.h \ - src/test_certs.h +GENERATED_FILES += include/test/test_keys.h \ + ../tf-psa-crypto/tests/include/test/test_keys.h \ + include/test/test_certs.h # Generated files needed to (fully) run ssl-opt.sh .PHONY: ssl-opt @@ -184,16 +184,16 @@ all: $(BINARIES) $(CRYPTO_BINARIES) mbedtls_test: $(MBEDTLS_TEST_OBJS) -src/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \ +include/test/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \ $($(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies) echo " Gen $@" $(PYTHON) ../framework/scripts/generate_test_cert_macros.py --output $@ -../framework/tests/include/test/test_keys.h: ../framework/scripts/generate_test_keys.py +include/test/test_keys.h: ../framework/scripts/generate_test_keys.py echo " Gen $@" $(PYTHON) ../framework/scripts/generate_test_keys.py --output $@ -../tf-psa-crypto/framework/tests/include/test/test_keys.h: ../tf-psa-crypto/framework/scripts/generate_test_keys.py +../tf-psa-crypto/tests/include/test/test_keys.h: ../tf-psa-crypto/framework/scripts/generate_test_keys.py echo " Gen $@" $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_test_keys.py --output $@ @@ -204,8 +204,8 @@ ifdef RECORD_PSA_STATUS_COVERAGE_LOG # therefore the wildcard enumeration above doesn't include it. TEST_OBJS_DEPS += ../framework/tests/include/test/instrument_record_status.h endif -TEST_OBJS_DEPS += src/test_certs.h ../framework/tests/include/test/test_keys.h \ - ../tf-psa-crypto/framework/tests/include/test/test_keys.h +TEST_OBJS_DEPS += include/test/test_certs.h include/test/test_keys.h \ + ../tf-psa-crypto/tests/include/test/test_keys.h # Rule to compile common test C files in framework ../framework/tests/src/%.o : ../framework/tests/src/%.c $(TEST_OBJS_DEPS) diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 2e104ee29a..e3c8e08afe 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -171,7 +171,7 @@ else check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c fi -check framework/scripts/generate_test_keys.py framework/tests/include/test/test_keys.h +check framework/scripts/generate_test_keys.py tests/include/test/test_keys.h # Additional checks for Mbed TLS only if in_mbedtls_repo; then @@ -181,7 +181,7 @@ if in_mbedtls_repo; then check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c check framework/scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh - check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h + check framework/scripts/generate_test_cert_macros.py tests/include/test/test_certs.h # generate_visualc_files enumerates source files (library/*.c). It doesn't # care about their content, but the files must exist. So it must run after # the step that creates or updates these files. diff --git a/tests/src/certs.c b/tests/src/certs.c index bacc846754..d1af5b2aa4 100644 --- a/tests/src/certs.c +++ b/tests/src/certs.c @@ -13,7 +13,7 @@ #include "mbedtls/pk.h" -#include "test_certs.h" +#include "test/test_certs.h" /* * From aa5c159e36b74b4e037a494f96ea9ebda2682bc2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 7 Mar 2025 09:34:41 +0100 Subject: [PATCH 0361/1548] all.sh: check generated files: Use make_generated_files.py Signed-off-by: Ronald Cron --- tests/scripts/components-basic-checks.sh | 44 +++++++++++++++++------- 1 file changed, 31 insertions(+), 13 deletions(-) diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 3ee88a3c21..cd311ebd84 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -17,20 +17,38 @@ component_check_recursion () { } component_check_generated_files () { - msg "Check: check-generated-files, files generated with make" # 2s + msg "Check make_generated_files.py consistency" + make neat + $FRAMEWORK/scripts/make_generated_files.py + $FRAMEWORK/scripts/make_generated_files.py --check + make neat + + msg "Check files generated with make" + MBEDTLS_ROOT_DIR="$PWD" make generated_files - tests/scripts/check-generated-files.sh - - msg "Check: check-generated-files -u, files present" # 2s - tests/scripts/check-generated-files.sh -u - # Check that the generated files are considered up to date. - tests/scripts/check-generated-files.sh - - msg "Check: check-generated-files -u, files absent" # 2s - command make neat - tests/scripts/check-generated-files.sh -u - # Check that the generated files are considered up to date. - tests/scripts/check-generated-files.sh + $FRAMEWORK/scripts/make_generated_files.py --check + + cd tf-psa-crypto + ./framework/scripts/make_generated_files.py --check + + msg "Check files generated with cmake" + cd "$MBEDTLS_ROOT_DIR" + mkdir "$OUT_OF_SOURCE_DIR" + cd "$OUT_OF_SOURCE_DIR" + cmake -D GEN_FILES=ON "$MBEDTLS_ROOT_DIR" + make + cd "$MBEDTLS_ROOT_DIR" + + # Files for MS Visual Studio are not generated with cmake thus copy the + # ones generated with make to pacify make_generated_files.py check. + # Files for MS Visual Studio are rather on their way out thus not adding + # support for them with cmake. + cp -Rf visualc "$OUT_OF_SOURCE_DIR" + + $FRAMEWORK/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR" --check + + cd tf-psa-crypto + ./framework/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR/tf-psa-crypto" --check # This component ends with the generated files present in the source tree. # This is necessary for subsequent components! From 4cd8fbbb2d7cdcf73b7fd9c5b0c75fab29c7a771 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 17 Mar 2025 15:33:43 +0100 Subject: [PATCH 0362/1548] Use TF_PSA_CRYPTO_ROOT_DIR Signed-off-by: Ronald Cron --- tests/scripts/components-basic-checks.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index cd311ebd84..85731a1710 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -28,7 +28,7 @@ component_check_generated_files () { make generated_files $FRAMEWORK/scripts/make_generated_files.py --check - cd tf-psa-crypto + cd $TF_PSA_CRYPTO_ROOT_DIR ./framework/scripts/make_generated_files.py --check msg "Check files generated with cmake" @@ -47,7 +47,7 @@ component_check_generated_files () { $FRAMEWORK/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR" --check - cd tf-psa-crypto + cd $TF_PSA_CRYPTO_ROOT_DIR ./framework/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR/tf-psa-crypto" --check # This component ends with the generated files present in the source tree. From b9d7b5f1651766ecf82875252bfb89821679dca6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 14 Feb 2025 17:44:31 +0100 Subject: [PATCH 0363/1548] Update TF-PSA-Crypto pointer Signed-off-by: Ronald Cron --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 5048bced5e..43ea7fa25c 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 5048bced5e1c000c0e3888be8126eb63a2b91937 +Subproject commit 43ea7fa25cd8a288c5b75dbb0b4eb47df6ffca8b From 7a84f0f3a950bafbf35f0deba70d6a53eefd6286 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 27 Mar 2025 09:34:21 +0000 Subject: [PATCH 0364/1548] removed rng parameters from struct mbedtls_ssl_config Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index fa382253ca..9a02a6a8c2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1405,10 +1405,6 @@ struct mbedtls_ssl_config { void(*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *); void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */ - /** Callback for getting (pseudo-)random numbers */ - int(*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */ - /** Callback to retrieve a session from the cache */ mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache); /** Callback to store a session into the cache */ From 05a978752b357f4c9890b3f9c27907a111a61fad Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 20 Mar 2025 13:22:59 +0000 Subject: [PATCH 0365/1548] Remove MBEDTLS_PK_RSA_ALT Signed-off-by: Ben Taylor --- tests/suites/test_suite_x509write.function | 44 ---------------------- 1 file changed, 44 deletions(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 376cd12337..107d9235a4 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -11,37 +11,6 @@ #include "mbedtls/pk.h" #include "mbedtls/psa_util.h" -#if defined(MBEDTLS_PEM_WRITE_C) && \ - defined(MBEDTLS_X509_CRT_WRITE_C) && \ - defined(MBEDTLS_X509_CRT_PARSE_C) && \ - defined(PSA_WANT_ALG_SHA_1) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT) -static int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, - const unsigned char *input, unsigned char *output, - size_t output_max_len) -{ - return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL, - olen, input, output, output_max_len); -} - -static int mbedtls_rsa_sign_func(void *ctx, - mbedtls_md_type_t md_alg, unsigned int hashlen, - const unsigned char *hash, unsigned char *sig) -{ - return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - md_alg, - hashlen, - hash, - sig); -} -static size_t mbedtls_rsa_key_len_func(void *ctx) -{ - return ((const mbedtls_rsa_context *) ctx)->len; -} -#endif - #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C) static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) @@ -436,19 +405,6 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, issuer_key_type = mbedtls_pk_get_type(&issuer_key); -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT) - /* For RSA PK contexts, create a copy as an alternative RSA context. */ - if (pk_wrap == 1 && issuer_key_type == MBEDTLS_PK_RSA) { - TEST_ASSERT(mbedtls_pk_setup_rsa_alt(&issuer_key_alt, - mbedtls_pk_rsa(issuer_key), - mbedtls_rsa_decrypt_func, - mbedtls_rsa_sign_func, - mbedtls_rsa_key_len_func) == 0); - - key = &issuer_key_alt; - } -#endif - #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Turn the issuer PK context into an opaque one. */ if (pk_wrap == 2) { From d1c2d254ca780ec65f4769210f3d829e08541262 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 19 Mar 2025 13:18:19 +0000 Subject: [PATCH 0366/1548] Add ChangeLog for rng removal Signed-off-by: Ben Taylor --- ChangeLog.d/removal-of-rng.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/removal-of-rng.txt diff --git a/ChangeLog.d/removal-of-rng.txt b/ChangeLog.d/removal-of-rng.txt new file mode 100644 index 0000000000..414dde12dc --- /dev/null +++ b/ChangeLog.d/removal-of-rng.txt @@ -0,0 +1,5 @@ +API changes + * All API functions now use the PSA random generator psa_get_random() + internally. As a consequence, functions no longer take RNG parameters. + Please refer to the migration guide at : + tf-psa-crypto/docs/4.0-migration-guide.md. From b430f8235cd71e48cd67998da615614dde7db47b Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 20 Mar 2025 07:24:20 +0000 Subject: [PATCH 0367/1548] removed whitespace Signed-off-by: Ben Taylor --- ChangeLog.d/removal-of-rng.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/removal-of-rng.txt b/ChangeLog.d/removal-of-rng.txt index 414dde12dc..a8a19f4ee3 100644 --- a/ChangeLog.d/removal-of-rng.txt +++ b/ChangeLog.d/removal-of-rng.txt @@ -1,5 +1,5 @@ API changes - * All API functions now use the PSA random generator psa_get_random() + * All API functions now use the PSA random generator psa_get_random() internally. As a consequence, functions no longer take RNG parameters. Please refer to the migration guide at : tf-psa-crypto/docs/4.0-migration-guide.md. From 92efce2b84cb6de71cbf284dbe302b9360a4da8f Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 19 Mar 2025 09:31:59 +0000 Subject: [PATCH 0368/1548] [development] Remove code relating to MBEDTLS_PSA_INJECT_ENTROPY Signed-off-by: Felix Conway --- .gitignore | 2 -- docs/proposed/config-split.md | 1 - scripts/config.py | 1 - tests/configs/user-config-for-test.h | 29 ------------------- .../psasim/src/psa_sim_generate.pl | 1 - .../components-configuration-crypto.sh | 15 ---------- tf-psa-crypto | 2 +- 7 files changed, 1 insertion(+), 50 deletions(-) delete mode 100644 tests/configs/user-config-for-test.h diff --git a/.gitignore b/.gitignore index 2917cfbef9..9226eecb4c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,5 @@ # Random seed file created by test scripts and sample programs seedfile -# MBEDTLS_PSA_INJECT_ENTROPY seed file created by the test framework -00000000ffffff52.psa_its # Log files created by all.sh to reduce the logs in case a component runs # successfully quiet-make.* diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index 1baab356b2..1ed3cc773f 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -247,7 +247,6 @@ PSA_WANT_\* macros as in current `crypto_config.h`. //#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER //#define MBEDTLS_PSA_CRYPTO_SPM #define MBEDTLS_PSA_CRYPTO_STORAGE_C -//#define MBEDTLS_PSA_INJECT_ENTROPY #define MBEDTLS_PSA_ITS_FILE_C #define MBEDTLS_PSA_KEY_STORE_DYNAMIC //#define MBEDTLS_PSA_STATIC_KEY_SLOTS diff --git a/scripts/config.py b/scripts/config.py index 417f6e25a2..3fc3614dc7 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -96,7 +96,6 @@ def realfull_adapter(_name, _value, _active): 'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # interface and behavior change 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) - 'MBEDTLS_PSA_INJECT_ENTROPY', # conflicts with platform entropy sources 'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h deleted file mode 100644 index f230fd3c5c..0000000000 --- a/tests/configs/user-config-for-test.h +++ /dev/null @@ -1,29 +0,0 @@ -/* TF_PSA_CRYPTO_USER_CONFIG_FILE for testing. - * Only used for a few test configurations. - * - * Typical usage (note multiple levels of quoting): - * make CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) -/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform - * functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO - * and #MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO. The job of these functions - * is to read and write from the entropy seed file, which is located - * in the PSA ITS file whose uid is #PSA_CRYPTO_ITS_RANDOM_SEED_UID. - * (These could have been provided as library functions, but for historical - * reasons, they weren't, and so each integrator has to provide a copy - * of these functions.) - * - * Provide implementations of these functions for testing. */ -#include -int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len); -int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len); -#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_test_inject_entropy_seed_read -#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_test_inject_entropy_seed_write -#endif /* MBEDTLS_PSA_INJECT_ENTROPY */ diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 5770deaa80..3eec226e16 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -27,7 +27,6 @@ 'mbedtls_psa_crypto_free', # redefined rather than wrapped 'mbedtls_psa_external_get_random', # not in the default config, uses unsupported type 'mbedtls_psa_get_stats', # uses unsupported type - 'mbedtls_psa_inject_entropy', # not in the default config, generally not for client use anyway 'mbedtls_psa_platform_get_builtin_key', # not in the default config, uses unsupported type 'psa_get_key_slot_number', # not in the default config, uses unsupported type 'psa_key_derivation_verify_bytes', # not implemented yet diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 3d58895550..cb66e371cb 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -261,21 +261,6 @@ component_test_psa_external_rng_use_psa_crypto () { tests/ssl-opt.sh -f 'Default\|opaque' } -component_test_psa_inject_entropy () { - msg "build: full + MBEDTLS_PSA_INJECT_ENTROPY" - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_INJECT_ENTROPY - scripts/config.py set MBEDTLS_ENTROPY_NV_SEED - scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT - scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_READ - scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_WRITE - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS" - - msg "test: full + MBEDTLS_PSA_INJECT_ENTROPY" - make test -} - component_full_no_pkparse_pkwrite () { msg "build: full without pkparse and pkwrite" diff --git a/tf-psa-crypto b/tf-psa-crypto index 43ea7fa25c..893f536dae 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 43ea7fa25cd8a288c5b75dbb0b4eb47df6ffca8b +Subproject commit 893f536dae31f358516de6d9e851da7c18f5f53e From 133f7aab2c937e4bb8db266df00367b7745cd547 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 19 Mar 2025 14:38:47 +0000 Subject: [PATCH 0369/1548] Add MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES to ignore list for CI With the removal of the component_test_psa_inject_entropy test, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES is no longer set in any tests, and so the CI will complain unless it is added to the ignore list. Signed-off-by: Felix Conway --- tests/scripts/analyze_outcomes.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 5f8f910a62..c7c9ed5810 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -118,10 +118,11 @@ def _has_word_re(words: typing.Iterable[str], # Untested platform-specific optimizations. # https://github.com/Mbed-TLS/mbedtls/issues/9588 'Config: MBEDTLS_HAVE_SSE2', - # Obsolete configuration option, to be replaced by + # Obsolete configuration options, to be replaced by # PSA entropy drivers. # https://github.com/Mbed-TLS/mbedtls/issues/8150 'Config: MBEDTLS_NO_PLATFORM_ENTROPY', + 'Config: MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # Untested aspect of the platform interface. # https://github.com/Mbed-TLS/mbedtls/issues/9589 'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', From 48426b12ef36ef107d1d8cac4dbc43c6a30e91f8 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 26 Mar 2025 13:57:45 +0000 Subject: [PATCH 0370/1548] Add MBEDTLS_PSA_INJECT_ENTROPY back into config-split.md Signed-off-by: Felix Conway --- docs/proposed/config-split.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index 1ed3cc773f..1baab356b2 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -247,6 +247,7 @@ PSA_WANT_\* macros as in current `crypto_config.h`. //#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER //#define MBEDTLS_PSA_CRYPTO_SPM #define MBEDTLS_PSA_CRYPTO_STORAGE_C +//#define MBEDTLS_PSA_INJECT_ENTROPY #define MBEDTLS_PSA_ITS_FILE_C #define MBEDTLS_PSA_KEY_STORE_DYNAMIC //#define MBEDTLS_PSA_STATIC_KEY_SLOTS From 1459e75d3d7d715867e0759c37c9a133a05ca4f4 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Fri, 28 Mar 2025 10:36:00 +0000 Subject: [PATCH 0371/1548] Update tf-psa-crypto pointer Signed-off-by: Felix Conway --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 893f536dae..d66b78e4ad 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 893f536dae31f358516de6d9e851da7c18f5f53e +Subproject commit d66b78e4ad1f7a61502e3dcf62daed177facc03f From bd81c9d0f710e62a5a493d1c053a87c2db78f78a Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 22 Jul 2024 14:43:56 +0200 Subject: [PATCH 0372/1548] Implement TLS-Exporter feature The TLS-Exporter is a function to derive shared symmetric keys for the server and client from the secrets generated during the handshake. It is defined in RFC 8446, Section 7.5 for TLS 1.3 and in RFC 5705 for TLS 1.2. Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 24 ++++++++++ library/ssl_tls.c | 95 ++++++++++++++++++++++++++++++++++++++++ library/ssl_tls13_keys.c | 34 ++++++++++++++ library/ssl_tls13_keys.h | 16 +++++++ 4 files changed, 169 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 9a02a6a8c2..5bd0b04903 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5388,6 +5388,30 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen); + /** + * \brief TLS-Exporter to derive shared symmetric keys between server and client. + * + * \param ctx SSL context from which to export keys. Must have finished the handshake. + * \param out Output buffer of length at least key_len bytes. + * \param key_len Length of the key to generate in bytes. Must be < 2^16 in TLS 1.3. + * \param label Label for which to generate the key of length label_len. + * \param label_len Length of label in bytes. Must be < 251 in TLS 1.3. + * \param context Context of the key. Can be NULL if context_len or use_context is 0. + * \param context_len Length of context. Must be < 2^16 in TLS1.2. + * \param use_context Indicates if a context should be used in deriving the key. + * + * \note TLS 1.2 makes a distinction between a 0-length context and no context. + * This is why the use_context argument exists. TLS 1.3 does not make + * this distinction. If use_context is 0 and TLS 1.3 is used, context and + * context_len are ignored and a 0-length context is used. + * + * \return 0 on success. An SSL specific error on failure. + */ + int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, + uint8_t *out, size_t key_len, + const char *label, size_t label_len, + const unsigned char *context, size_t context_len, + int use_context); #ifdef __cplusplus } #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 94de3430cc..4c7ce1ee96 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -18,6 +18,7 @@ #include "mbedtls/ssl.h" #include "ssl_client.h" #include "ssl_debug_helpers.h" +#include "ssl_tls13_keys.h" #include "debug_internal.h" #include "mbedtls/error.h" @@ -8929,4 +8930,98 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *ssl, + const mbedtls_md_type_t hash_alg, + uint8_t *out, const size_t key_len, + const char *label, const size_t label_len, + const unsigned char *context, const size_t context_len, + const int use_context) +{ + int ret = 0; + size_t prf_input_len = use_context ? 64 + 2 + context_len : 64; + unsigned char *prf_input = NULL; + char *label_str = NULL; + + if (use_context && context_len >= (1 << 16)) { + ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + goto exit; + } + + prf_input = mbedtls_calloc(prf_input_len, sizeof(unsigned char)); + label_str = mbedtls_calloc(label_len + 1, sizeof(char)); + if (prf_input == NULL || label_str == NULL) { + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto exit; + } + + memcpy(label_str, label, label_len); + label_str[label_len] = '\0'; + + /* The input to the PRF is client_random, then server_random. + * If a context is provided, this is then followed by the context length + * as a 16-bit big-endian integer, and then the context itself. */ + memcpy(prf_input, ssl->transform->randbytes + 32, 32); + memcpy(prf_input + 32, ssl->transform->randbytes, 32); + if (use_context) { + prf_input[64] = (unsigned char)((context_len >> 8) & 0xff); + prf_input[65] = (unsigned char)(context_len & 0xff); + memcpy(prf_input + 66, context, context_len); + } + ret = tls_prf_generic(hash_alg, ssl->session->master, 48, label_str, + prf_input, prf_input_len, + out, key_len); + +exit: + mbedtls_free(prf_input); + mbedtls_free(label_str); + return ret; +} + +static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, + const mbedtls_md_type_t hash_alg, + uint8_t *out, const size_t key_len, + const char *label, const size_t label_len, + const unsigned char *context, const size_t context_len) +{ + const psa_algorithm_t psa_hash_alg = mbedtls_md_psa_alg_from_type(hash_alg); + const size_t hash_len = PSA_HASH_LENGTH(hash_alg); + const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; + + if (key_len > 0xff || label_len > 250) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + return mbedtls_ssl_tls13_exporter(psa_hash_alg, secret, hash_len, + (const unsigned char *)label, label_len, + context, context_len, out, key_len); +} + +int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, + uint8_t *out, const size_t key_len, + const char *label, const size_t label_len, + const unsigned char *context, const size_t context_len, + const int use_context) +{ + if (!mbedtls_ssl_is_handshake_over(ssl)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + int ciphersuite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl(ssl); + const mbedtls_ssl_ciphersuite_t *ciphersuite = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); + const mbedtls_md_type_t hash_alg = ciphersuite->mac; + + switch (mbedtls_ssl_get_version_number(ssl)) { + case MBEDTLS_SSL_VERSION_TLS1_2: + return mbedtls_ssl_tls12_export_keying_material(ssl, hash_alg, out, key_len, + label, label_len, + context, context_len, use_context); + case MBEDTLS_SSL_VERSION_TLS1_3: + return mbedtls_ssl_tls13_export_keying_material(ssl, hash_alg, out, key_len, label, label_len, + use_context ? context : NULL, + use_context ? context_len : 0); + default: + return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; + } +} + #endif /* MBEDTLS_SSL_TLS_C */ diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index a421a06de4..38b342ea8b 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1824,4 +1824,38 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ +int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg, + const unsigned char *secret, const size_t secret_len, + const unsigned char *label, const size_t label_len, + const unsigned char *context_value, const size_t context_len, + unsigned char *out, const size_t out_len) +{ + size_t hash_len = PSA_HASH_LENGTH(hash_alg); + unsigned char hkdf_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE]; + unsigned char hashed_context[PSA_HASH_MAX_SIZE]; + size_t hashed_context_len = 0; + int ret = 0; + psa_status_t status = 0; + + ret = mbedtls_ssl_tls13_derive_secret(hash_alg, secret, secret_len, label, label_len, NULL, 0, + MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, hkdf_secret, hash_len); + if (ret != 0) { + goto exit; + } + + status = psa_hash_compute(hash_alg, context_value, context_len, hashed_context, hash_len, &hashed_context_len); + if (status != PSA_SUCCESS) { + ret = PSA_TO_MBEDTLS_ERR(status); + goto exit; + } + ret = mbedtls_ssl_tls13_hkdf_expand_label(hash_alg, hkdf_secret, hash_len, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exporter), + hashed_context, hashed_context_len, + out, out_len); + +exit: + mbedtls_platform_zeroize(hkdf_secret, sizeof(hkdf_secret)); + return ret; +} + #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index d3a4c6c992..41604c7e29 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -646,6 +646,22 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, size_t *psk_len); #endif +/** + * \brief Calculate TLS-Exporter function as defined in RFC 8446, Section 7.5. + * + * \param[in] hash_alg The hash algorithm. + * \param[in] secret The secret to use. (Should be the exporter master secret.) + * \param[in] secret_len Length of secret. + * \param[in] label The label of the exported key. + * \param[in] label_len The length of label. + * \param[out] out The output buffer for the exported key. Must have room for at least out_len bytes. + * \param[in] out_len Length of the key to generate. +int mbedtls_ssl_tls13_exporter(psa_algorithm_t hash_alg, + const unsigned char *secret, size_t secret_len, + const unsigned char *label, size_t label_len, + const unsigned char *context_value, size_t context_len, + unsigned char *out, size_t out_len); + #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */ From 32ba7f4a17e0e9b82dd9d99909c8f370ebca02f9 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 22 Jul 2024 14:44:09 +0200 Subject: [PATCH 0373/1548] Add TLS-Exporter options to ssl_server2 The program prints out the derived symmetric key for testing purposes. Signed-off-by: Max Fillinger --- programs/ssl/ssl_server2.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 633822297e..c179435332 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -70,6 +70,8 @@ int main(void) #define DFL_NBIO 0 #define DFL_EVENT 0 #define DFL_READ_TIMEOUT 0 +#define DFL_EXP_LABEL NULL +#define DFL_EXP_LEN 20 #define DFL_CA_FILE "" #define DFL_CA_PATH "" #define DFL_CRT_FILE "" @@ -517,6 +519,10 @@ int main(void) " event=%%d default: 0 (loop)\n" \ " options: 1 (level-triggered, implies nbio=1),\n" \ " read_timeout=%%d default: 0 ms (no timeout)\n" \ + " exp_label=%%s Label to input into TLS-Exporter\n" \ + " default: None (don't try to export a key)\n" \ + " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ + " default: 20\n" \ "\n" \ USAGE_DTLS \ USAGE_SRTP \ @@ -608,6 +614,8 @@ struct options { int nbio; /* should I/O be blocking? */ int event; /* loop or event-driven IO? level or edge triggered? */ uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */ + const char *exp_label; /* label to input into mbedtls_ssl_export_keying_material() */ + int exp_len; /* Lenght of key to export using mbedtls_ssl_export_keying_material() */ int response_size; /* pad response with header to requested size */ uint16_t buffer_size; /* IO buffer size */ const char *ca_file; /* the file with the CA certificate(s) */ @@ -1704,6 +1712,8 @@ int main(int argc, char *argv[]) opt.cid_val = DFL_CID_VALUE; opt.cid_val_renego = DFL_CID_VALUE_RENEGO; opt.read_timeout = DFL_READ_TIMEOUT; + opt.exp_label = DFL_EXP_LABEL; + opt.exp_len = DFL_EXP_LEN; opt.ca_file = DFL_CA_FILE; opt.ca_path = DFL_CA_PATH; opt.crt_file = DFL_CRT_FILE; @@ -1883,6 +1893,10 @@ int main(int argc, char *argv[]) } } else if (strcmp(p, "read_timeout") == 0) { opt.read_timeout = atoi(q); + } else if (strcmp(p, "exp_label") == 0) { + opt.exp_label = q; + } else if (strcmp(p, "exp_len") == 0) { + opt.exp_len = atoi(q); } else if (strcmp(p, "buffer_size") == 0) { opt.buffer_size = atoi(q); if (opt.buffer_size < 1) { @@ -3605,6 +3619,27 @@ int main(int argc, char *argv[]) mbedtls_printf("\n"); } + if (opt.exp_label != NULL && opt.exp_len > 0) { + unsigned char *exported_key = calloc((size_t)opt.exp_len, sizeof(unsigned int)); + if (exported_key == NULL) { + mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len); + ret = 3; + goto exit; + } + ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t)opt.exp_len, + opt.exp_label, strlen(opt.exp_label), + NULL, 0, 0); + if (ret != 0) { + goto exit; + } + mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", opt.exp_len, opt.exp_label); + for (i = 0; i < opt.exp_len; i++) { + mbedtls_printf("%02X", exported_key[i]); + } + mbedtls_printf("\n\n"); + fflush(stdout); + } + #if defined(MBEDTLS_SSL_DTLS_SRTP) else if (opt.use_srtp != 0) { size_t j = 0; From b2718e17e61151a6a6262aff5dae2c8c729a1f23 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 22 Jul 2024 15:09:24 +0200 Subject: [PATCH 0374/1548] Add TLS-Exporter options to ssl_client2 Prints out the exported key on the command line for testing purposes. Signed-off-by: Max Fillinger --- programs/ssl/ssl_client2.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 6a5fca57de..5ad2327afc 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -102,6 +102,8 @@ int main(void) #define DFL_NSS_KEYLOG 0 #define DFL_NSS_KEYLOG_FILE NULL #define DFL_SKIP_CLOSE_NOTIFY 0 +#define DFL_EXP_LABEL NULL +#define DFL_EXP_LEN 20 #define DFL_QUERY_CONFIG_MODE 0 #define DFL_USE_SRTP 0 #define DFL_SRTP_FORCE_PROFILE 0 @@ -389,6 +391,10 @@ int main(void) " read_timeout=%%d default: 0 ms (no timeout)\n" \ " max_resend=%%d default: 0 (no resend on timeout)\n" \ " skip_close_notify=%%d default: 0 (send close_notify)\n" \ + " exp_label=%%s Label to input into TLS-Exporter\n" \ + " default: None (don't try to export a key)\n" \ + " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ + " default: 20\n" \ "\n" \ USAGE_DTLS \ USAGE_CID \ @@ -534,6 +540,8 @@ struct options { * after renegotiation */ int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ + const char *exp_label; /* label to input into mbedtls_ssl_export_keying_material() */ + int exp_len; /* Lenght of key to export using mbedtls_ssl_export_keying_material() */ #if defined(MBEDTLS_SSL_EARLY_DATA) int early_data; /* early data enablement flag */ #endif @@ -1412,6 +1420,10 @@ int main(int argc, char *argv[]) if (opt.skip_close_notify < 0 || opt.skip_close_notify > 1) { goto usage; } + } else if (strcmp(p, "exp_label") == 0) { + opt.exp_label = q; + } else if (strcmp(p, "exp_len") == 0) { + opt.exp_len = atoi(q); } else if (strcmp(p, "use_srtp") == 0) { opt.use_srtp = atoi(q); } else if (strcmp(p, "srtp_force_profile") == 0) { @@ -2485,6 +2497,27 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + if (opt.exp_label != NULL && opt.exp_len > 0) { + unsigned char *exported_key = calloc((size_t)opt.exp_len, sizeof(unsigned int)); + if (exported_key == NULL) { + mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len); + ret = 3; + goto exit; + } + ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t)opt.exp_len, + opt.exp_label, strlen(opt.exp_label), + NULL, 0, 0); + if (ret != 0) { + goto exit; + } + mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", opt.exp_len, opt.exp_label); + for (i = 0; i < opt.exp_len; i++) { + mbedtls_printf("%02X", exported_key[i]); + } + mbedtls_printf("\n\n"); + fflush(stdout); + } + /* * 6. Write the GET request */ From b84cb4b0492944d1e6577295d3964d705691eaaa Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Thu, 25 Jul 2024 16:16:02 +0200 Subject: [PATCH 0375/1548] Add changelog entry for TLS-Exporter feature Signed-off-by: Max Fillinger --- ChangeLog.d/add-tls-exporter.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/add-tls-exporter.txt diff --git a/ChangeLog.d/add-tls-exporter.txt b/ChangeLog.d/add-tls-exporter.txt new file mode 100644 index 0000000000..c752a18e1d --- /dev/null +++ b/ChangeLog.d/add-tls-exporter.txt @@ -0,0 +1,4 @@ +Features: + * Add the function mbedtls_ssl_export_keying_material() which allows the + client and server to extract additional shared symmetric keys from an SSL + session, according to the TLS-Exporter specification in RFC 8446 and 5705. From 136fe9e4be154d3dec46d65445cdb7d46d697df3 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 9 Aug 2024 18:54:36 +0200 Subject: [PATCH 0376/1548] Fix commented out function declaration Signed-off-by: Max Fillinger --- library/ssl_tls13_keys.h | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 41604c7e29..07b970aaf6 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -656,6 +656,7 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, * \param[in] label_len The length of label. * \param[out] out The output buffer for the exported key. Must have room for at least out_len bytes. * \param[in] out_len Length of the key to generate. + */ int mbedtls_ssl_tls13_exporter(psa_algorithm_t hash_alg, const unsigned char *secret, size_t secret_len, const unsigned char *label, size_t label_len, From c7986427d4c343dc03961515246ded61c392f943 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 9 Aug 2024 19:46:15 +0200 Subject: [PATCH 0377/1548] Add test for TLS-Exporter in TLS 1.3 Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.data | 5 +++++ tests/suites/test_suite_ssl.function | 31 ++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 565588bea6..25cb965e85 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -2791,6 +2791,11 @@ SSL TLS 1.3 Key schedule: Derive-Secret( ., "res master", hash) depends_on:PSA_WANT_ALG_SHA_256 ssl_tls13_derive_secret:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406" +SSL TLS 1.3 Exporter +# Based on the "exp master" key from RFC 8448, expected result calculated with a HMAC-SHA256 calculator. +depends_on:PSA_WANT_ALG_SHA_256 +ssl_tls13_exporter:PSA_ALG_SHA_256:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4":"test":"context value":32:"83d0fac39f87c1b4fbcd261369f31149c535391a9199bd4c5daf89fe259c2e94" + SSL TLS 1.3 Key schedule: Early secrets derivation helper # Vector from RFC 8448 depends_on:PSA_WANT_ALG_SHA_256 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 743b53c007..e5c770a8e9 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1695,6 +1695,37 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ +void ssl_tls13_exporter(int hash_alg, + data_t *secret, + char *label, + char *context_value, + int desired_length, + data_t *expected) +{ + unsigned char dst[100]; + + /* Check sanity of test parameters. */ + TEST_ASSERT((size_t) desired_length <= sizeof(dst)); + TEST_ASSERT((size_t) desired_length == expected->len); + + PSA_INIT(); + + TEST_ASSERT(mbedtls_ssl_tls13_exporter( + (psa_algorithm_t) hash_alg, + secret->x, secret->len, + (unsigned char *)label, strlen(label), + (unsigned char *)context_value, strlen(context_value), + dst, desired_length) == 0); + + TEST_MEMORY_COMPARE(dst, desired_length, + expected->x, desired_length); + +exit: + PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ void ssl_tls13_derive_early_secrets(int hash_alg, data_t *secret, From 334c367052d739e22b14fcbf41630c9461b8cb8d Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 12 Aug 2024 11:20:39 +0200 Subject: [PATCH 0378/1548] Simplify mbedtls_ssl_tls13_exporter RFC 8446 made it look like we can't use Derive-Secret for the second step, but actually, Transcript-Hash and Hash are the same thing, so we can. Signed-off-by: Max Fillinger --- library/ssl_tls13_keys.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 38b342ea8b..e2ddaa7086 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1832,26 +1832,17 @@ int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg, { size_t hash_len = PSA_HASH_LENGTH(hash_alg); unsigned char hkdf_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE]; - unsigned char hashed_context[PSA_HASH_MAX_SIZE]; - size_t hashed_context_len = 0; int ret = 0; - psa_status_t status = 0; ret = mbedtls_ssl_tls13_derive_secret(hash_alg, secret, secret_len, label, label_len, NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, hkdf_secret, hash_len); if (ret != 0) { goto exit; } - - status = psa_hash_compute(hash_alg, context_value, context_len, hashed_context, hash_len, &hashed_context_len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - ret = mbedtls_ssl_tls13_hkdf_expand_label(hash_alg, hkdf_secret, hash_len, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exporter), - hashed_context, hashed_context_len, - out, out_len); + ret = mbedtls_ssl_tls13_derive_secret(hash_alg, hkdf_secret, hash_len, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exporter), + context_value, context_len, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, + out, out_len); exit: mbedtls_platform_zeroize(hkdf_secret, sizeof(hkdf_secret)); From 81dfc8830bedf49de26a33ce3f4a74c0e3cc3149 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 12 Aug 2024 12:51:02 +0200 Subject: [PATCH 0379/1548] Actually set exporter defaults in ssl_client2 Signed-off-by: Max Fillinger --- programs/ssl/ssl_client2.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 5ad2327afc..71592ef987 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -984,6 +984,8 @@ int main(int argc, char *argv[]) opt.nss_keylog = DFL_NSS_KEYLOG; opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE; opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY; + opt.exp_label = DFL_EXP_LABEL; + opt.exp_len = DFL_EXP_LEN; opt.query_config_mode = DFL_QUERY_CONFIG_MODE; opt.use_srtp = DFL_USE_SRTP; opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE; From 91cff4406bf3f3aea5b56f65fba97443d3f0efce Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 12 Aug 2024 13:20:46 +0200 Subject: [PATCH 0380/1548] Fix key_len check in TLS-Exporter The length of the generated key must fit into a uint16_t, so it must not be larger than 0xffff. Signed-off-by: Max Fillinger --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4c7ce1ee96..5f5ea39318 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8987,7 +8987,7 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, const size_t hash_len = PSA_HASH_LENGTH(hash_alg); const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; - if (key_len > 0xff || label_len > 250) { + if (key_len > 0xffff || label_len > 250) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } From 9c9989fc6d7044434596dadb4caedafb36786c3f Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 14 Aug 2024 16:44:50 +0200 Subject: [PATCH 0381/1548] Fix mismatches in function declarations Missed some const keywords in function declarations. Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 8 ++++---- library/ssl_tls.c | 8 ++++---- library/ssl_tls13_keys.h | 10 +++++----- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 5bd0b04903..5f2bdf3372 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5408,10 +5408,10 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * \return 0 on success. An SSL specific error on failure. */ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, - uint8_t *out, size_t key_len, - const char *label, size_t label_len, - const unsigned char *context, size_t context_len, - int use_context); + uint8_t *out, const size_t key_len, + const char *label, const size_t label_len, + const unsigned char *context, const size_t context_len, + const int use_context); #ifdef __cplusplus } #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5f5ea39318..afbf76af71 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8997,10 +8997,10 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, } int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, - uint8_t *out, const size_t key_len, - const char *label, const size_t label_len, - const unsigned char *context, const size_t context_len, - const int use_context) + uint8_t *out, const size_t key_len, + const char *label, const size_t label_len, + const unsigned char *context, const size_t context_len, + const int use_context) { if (!mbedtls_ssl_is_handshake_over(ssl)) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 07b970aaf6..a4b012f36e 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -657,11 +657,11 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, * \param[out] out The output buffer for the exported key. Must have room for at least out_len bytes. * \param[in] out_len Length of the key to generate. */ -int mbedtls_ssl_tls13_exporter(psa_algorithm_t hash_alg, - const unsigned char *secret, size_t secret_len, - const unsigned char *label, size_t label_len, - const unsigned char *context_value, size_t context_len, - unsigned char *out, size_t out_len); +int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg, + const unsigned char *secret, const size_t secret_len, + const unsigned char *label, const size_t label_len, + const unsigned char *context_value, const size_t context_len, + uint8_t *out, const size_t out_len); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ From 55619940206c9de34af5b92f946ba2df2d28cabf Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 20 Sep 2024 15:22:06 +0200 Subject: [PATCH 0382/1548] Fix typos in comment Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 5f2bdf3372..dc13713d14 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5397,7 +5397,7 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * \param label Label for which to generate the key of length label_len. * \param label_len Length of label in bytes. Must be < 251 in TLS 1.3. * \param context Context of the key. Can be NULL if context_len or use_context is 0. - * \param context_len Length of context. Must be < 2^16 in TLS1.2. + * \param context_len Length of context. Must be < 2^16 in TLS 1.2. * \param use_context Indicates if a context should be used in deriving the key. * * \note TLS 1.2 makes a distinction between a 0-length context and no context. From ae7d66a1d5c383f1d8f42e5851667a25fcf37cc0 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 20 Sep 2024 17:50:16 +0200 Subject: [PATCH 0383/1548] Fix doxygen comment parameter name Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index dc13713d14..fd7b0f6a61 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5391,7 +5391,7 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, /** * \brief TLS-Exporter to derive shared symmetric keys between server and client. * - * \param ctx SSL context from which to export keys. Must have finished the handshake. + * \param ssl SSL context from which to export keys. Must have finished the handshake. * \param out Output buffer of length at least key_len bytes. * \param key_len Length of the key to generate in bytes. Must be < 2^16 in TLS 1.3. * \param label Label for which to generate the key of length label_len. From 9073e041fce7536fc0b13a6e48478400b4365633 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 20 Sep 2024 17:57:52 +0200 Subject: [PATCH 0384/1548] Fix TLS exporter changelog entry Signed-off-by: Max Fillinger --- ChangeLog.d/add-tls-exporter.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/add-tls-exporter.txt b/ChangeLog.d/add-tls-exporter.txt index c752a18e1d..2b06c5f294 100644 --- a/ChangeLog.d/add-tls-exporter.txt +++ b/ChangeLog.d/add-tls-exporter.txt @@ -1,4 +1,4 @@ -Features: +Features * Add the function mbedtls_ssl_export_keying_material() which allows the client and server to extract additional shared symmetric keys from an SSL session, according to the TLS-Exporter specification in RFC 8446 and 5705. From 7b72220d421bca2d64bcfa7ec16040d863273ea3 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Sat, 21 Sep 2024 10:48:57 +0200 Subject: [PATCH 0385/1548] Fix coding style Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 40 ++++++++++++++-------------- library/ssl_tls.c | 31 ++++++++++++++------- library/ssl_tls13_keys.c | 14 +++++++--- programs/ssl/ssl_client2.c | 8 +++--- programs/ssl/ssl_server2.c | 8 +++--- tests/suites/test_suite_ssl.function | 4 +-- 6 files changed, 63 insertions(+), 42 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index fd7b0f6a61..c011b9e4d9 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5388,26 +5388,26 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen); - /** - * \brief TLS-Exporter to derive shared symmetric keys between server and client. - * - * \param ssl SSL context from which to export keys. Must have finished the handshake. - * \param out Output buffer of length at least key_len bytes. - * \param key_len Length of the key to generate in bytes. Must be < 2^16 in TLS 1.3. - * \param label Label for which to generate the key of length label_len. - * \param label_len Length of label in bytes. Must be < 251 in TLS 1.3. - * \param context Context of the key. Can be NULL if context_len or use_context is 0. - * \param context_len Length of context. Must be < 2^16 in TLS 1.2. - * \param use_context Indicates if a context should be used in deriving the key. - * - * \note TLS 1.2 makes a distinction between a 0-length context and no context. - * This is why the use_context argument exists. TLS 1.3 does not make - * this distinction. If use_context is 0 and TLS 1.3 is used, context and - * context_len are ignored and a 0-length context is used. - * - * \return 0 on success. An SSL specific error on failure. - */ - int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, +/** + * \brief TLS-Exporter to derive shared symmetric keys between server and client. + * + * \param ssl SSL context from which to export keys. Must have finished the handshake. + * \param out Output buffer of length at least key_len bytes. + * \param key_len Length of the key to generate in bytes. Must be < 2^16 in TLS 1.3. + * \param label Label for which to generate the key of length label_len. + * \param label_len Length of label in bytes. Must be < 251 in TLS 1.3. + * \param context Context of the key. Can be NULL if context_len or use_context is 0. + * \param context_len Length of context. Must be < 2^16 in TLS 1.2. + * \param use_context Indicates if a context should be used in deriving the key. + * + * \note TLS 1.2 makes a distinction between a 0-length context and no context. + * This is why the use_context argument exists. TLS 1.3 does not make + * this distinction. If use_context is 0 and TLS 1.3 is used, context and + * context_len are ignored and a 0-length context is used. + * + * \return 0 on success. An SSL specific error on failure. + */ +int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, const char *label, const size_t label_len, const unsigned char *context, const size_t context_len, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index afbf76af71..661ae29cc8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8932,9 +8932,12 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *ssl, const mbedtls_md_type_t hash_alg, - uint8_t *out, const size_t key_len, - const char *label, const size_t label_len, - const unsigned char *context, const size_t context_len, + uint8_t *out, + const size_t key_len, + const char *label, + const size_t label_len, + const unsigned char *context, + const size_t context_len, const int use_context) { int ret = 0; @@ -8963,8 +8966,8 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s memcpy(prf_input, ssl->transform->randbytes + 32, 32); memcpy(prf_input + 32, ssl->transform->randbytes, 32); if (use_context) { - prf_input[64] = (unsigned char)((context_len >> 8) & 0xff); - prf_input[65] = (unsigned char)(context_len & 0xff); + prf_input[64] = (unsigned char) ((context_len >> 8) & 0xff); + prf_input[65] = (unsigned char) (context_len & 0xff); memcpy(prf_input + 66, context, context_len); } ret = tls_prf_generic(hash_alg, ssl->session->master, 48, label_str, @@ -8979,9 +8982,12 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, const mbedtls_md_type_t hash_alg, - uint8_t *out, const size_t key_len, - const char *label, const size_t label_len, - const unsigned char *context, const size_t context_len) + uint8_t *out, + const size_t key_len, + const char *label, + const size_t label_len, + const unsigned char *context, + const size_t context_len) { const psa_algorithm_t psa_hash_alg = mbedtls_md_psa_alg_from_type(hash_alg); const size_t hash_len = PSA_HASH_LENGTH(hash_alg); @@ -8992,7 +8998,7 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, } return mbedtls_ssl_tls13_exporter(psa_hash_alg, secret, hash_len, - (const unsigned char *)label, label_len, + (const unsigned char *) label, label_len, context, context_len, out, key_len); } @@ -9016,7 +9022,12 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, label, label_len, context, context_len, use_context); case MBEDTLS_SSL_VERSION_TLS1_3: - return mbedtls_ssl_tls13_export_keying_material(ssl, hash_alg, out, key_len, label, label_len, + return mbedtls_ssl_tls13_export_keying_material(ssl, + hash_alg, + out, + key_len, + label, + label_len, use_context ? context : NULL, use_context ? context_len : 0); default: diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index e2ddaa7086..ef897e88be 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1835,14 +1835,20 @@ int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg, int ret = 0; ret = mbedtls_ssl_tls13_derive_secret(hash_alg, secret, secret_len, label, label_len, NULL, 0, - MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, hkdf_secret, hash_len); + MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, hkdf_secret, + hash_len); if (ret != 0) { goto exit; } - ret = mbedtls_ssl_tls13_derive_secret(hash_alg, hkdf_secret, hash_len, + ret = mbedtls_ssl_tls13_derive_secret(hash_alg, + hkdf_secret, + hash_len, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exporter), - context_value, context_len, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, - out, out_len); + context_value, + context_len, + MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, + out, + out_len); exit: mbedtls_platform_zeroize(hkdf_secret, sizeof(hkdf_secret)); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 71592ef987..e443635b00 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2500,19 +2500,21 @@ int main(int argc, char *argv[]) #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ if (opt.exp_label != NULL && opt.exp_len > 0) { - unsigned char *exported_key = calloc((size_t)opt.exp_len, sizeof(unsigned int)); + unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); if (exported_key == NULL) { mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len); ret = 3; goto exit; } - ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t)opt.exp_len, + ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t) opt.exp_len, opt.exp_label, strlen(opt.exp_label), NULL, 0, 0); if (ret != 0) { goto exit; } - mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", opt.exp_len, opt.exp_label); + mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", + opt.exp_len, + opt.exp_label); for (i = 0; i < opt.exp_len; i++) { mbedtls_printf("%02X", exported_key[i]); } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c179435332..88d2e3deaf 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3620,19 +3620,21 @@ int main(int argc, char *argv[]) } if (opt.exp_label != NULL && opt.exp_len > 0) { - unsigned char *exported_key = calloc((size_t)opt.exp_len, sizeof(unsigned int)); + unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); if (exported_key == NULL) { mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len); ret = 3; goto exit; } - ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t)opt.exp_len, + ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t) opt.exp_len, opt.exp_label, strlen(opt.exp_label), NULL, 0, 0); if (ret != 0) { goto exit; } - mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", opt.exp_len, opt.exp_label); + mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", + opt.exp_len, + opt.exp_label); for (i = 0; i < opt.exp_len; i++) { mbedtls_printf("%02X", exported_key[i]); } diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index e5c770a8e9..ab61e03465 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1714,8 +1714,8 @@ void ssl_tls13_exporter(int hash_alg, TEST_ASSERT(mbedtls_ssl_tls13_exporter( (psa_algorithm_t) hash_alg, secret->x, secret->len, - (unsigned char *)label, strlen(label), - (unsigned char *)context_value, strlen(context_value), + (unsigned char *) label, strlen(label), + (unsigned char *) context_value, strlen(context_value), dst, desired_length) == 0); TEST_MEMORY_COMPARE(dst, desired_length, From 29beade80faabc9c4a2807323736d8517033e269 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Sat, 21 Sep 2024 11:06:28 +0200 Subject: [PATCH 0386/1548] Fix build when one of TLS 1.2 or 1.3 is disabled Signed-off-by: Max Fillinger --- library/ssl_tls.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 661ae29cc8..b6d7b4bafc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8930,6 +8930,7 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *ssl, const mbedtls_md_type_t hash_alg, uint8_t *out, @@ -8979,7 +8980,9 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s mbedtls_free(label_str); return ret; } +#endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, const mbedtls_md_type_t hash_alg, uint8_t *out, @@ -9001,6 +9004,7 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, (const unsigned char *) label, label_len, context, context_len, out, key_len); } +#endif int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, @@ -9017,10 +9021,13 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, const mbedtls_md_type_t hash_alg = ciphersuite->mac; switch (mbedtls_ssl_get_version_number(ssl)) { +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: return mbedtls_ssl_tls12_export_keying_material(ssl, hash_alg, out, key_len, label, label_len, context, context_len, use_context); +#endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) case MBEDTLS_SSL_VERSION_TLS1_3: return mbedtls_ssl_tls13_export_keying_material(ssl, hash_alg, @@ -9030,6 +9037,7 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, label_len, use_context ? context : NULL, use_context ? context_len : 0); +#endif default: return MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; } From e10c9849e23b8f5657764415d0d3baebb99f8992 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Sun, 22 Sep 2024 01:28:12 +0200 Subject: [PATCH 0387/1548] Fix coding style Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c011b9e4d9..d88e67cec5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5408,10 +5408,10 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * \return 0 on success. An SSL specific error on failure. */ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, - uint8_t *out, const size_t key_len, - const char *label, const size_t label_len, - const unsigned char *context, const size_t context_len, - const int use_context); + uint8_t *out, const size_t key_len, + const char *label, const size_t label_len, + const unsigned char *context, const size_t context_len, + const int use_context); #ifdef __cplusplus } #endif From 48150f5dc3641204dc6c7d262a1281e9c55be087 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 18 Oct 2024 16:19:39 +0200 Subject: [PATCH 0388/1548] Store randbytes for TLS 1.2 TLS-Exporter Previously, if MBEDTLS_SSL_CONTEXT_SERIALIZATION is not defined, randbytes are not stored after the handshake is done, but they are needed for TLS-Exporter in TLS 1.2. This commit also saves randbytes if MBEDTLS_SSL_PROTO_TLS1_2 is defined. Signed-off-by: Max Fillinger --- library/ssl_misc.h | 6 +++--- library/ssl_tls.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e51a3df5ed..0f74cd5303 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1118,10 +1118,10 @@ struct mbedtls_ssl_transform { unsigned char out_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || defined(MBEDTLS_SSL_PROTO_TLS1_2) /* We need the Hello random bytes in order to re-derive keys from the - * Master Secret and other session info, - * see ssl_tls12_populate_transform() */ + * Master Secret and other session info, see ssl_tls12_populate_transform(). + * They are also needed for the TLS 1.2 TLS-Exporter. */ unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN + MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; /*!< ServerHello.random+ClientHello.random */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b6d7b4bafc..38b69809fc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7746,7 +7746,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ transform->tls_version = tls_version; -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || defined(MBEDTLS_SSL_PROTO_TLS1_2) memcpy(transform->randbytes, randbytes, sizeof(transform->randbytes)); #endif From f2dda15ce8260fbb2a458694d37dc35afec2f956 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 23 Oct 2024 15:47:23 +0200 Subject: [PATCH 0389/1548] Add label length argument to tls_prf_generic() This way, it's not required that the label is null-terminated. This allows us to avoid an allocation in mbedtls_ssl_tls12_export_keying_material(). Signed-off-by: Max Fillinger --- library/ssl_tls.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 38b69809fc..a62d4e1962 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6192,7 +6192,7 @@ static psa_status_t setup_psa_key_derivation(psa_key_derivation_operation_t *der MBEDTLS_CHECK_RETURN_CRITICAL static int tls_prf_generic(mbedtls_md_type_t md_type, const unsigned char *secret, size_t slen, - const char *label, + const char *label, size_t label_len, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen) { @@ -6232,7 +6232,7 @@ static int tls_prf_generic(mbedtls_md_type_t md_type, NULL, 0, random, rlen, (unsigned char const *) label, - (size_t) strlen(label), + label_len, NULL, 0, dlen); if (status != PSA_SUCCESS) { @@ -6273,7 +6273,7 @@ static int tls_prf_sha256(const unsigned char *secret, size_t slen, unsigned char *dstbuf, size_t dlen) { return tls_prf_generic(MBEDTLS_MD_SHA256, secret, slen, - label, random, rlen, dstbuf, dlen); + label, strlen(label), random, rlen, dstbuf, dlen); } #endif /* PSA_WANT_ALG_SHA_256*/ @@ -6285,7 +6285,7 @@ static int tls_prf_sha384(const unsigned char *secret, size_t slen, unsigned char *dstbuf, size_t dlen) { return tls_prf_generic(MBEDTLS_MD_SHA384, secret, slen, - label, random, rlen, dstbuf, dlen); + label, strlen(label), random, rlen, dstbuf, dlen); } #endif /* PSA_WANT_ALG_SHA_384*/ @@ -8944,7 +8944,6 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s int ret = 0; size_t prf_input_len = use_context ? 64 + 2 + context_len : 64; unsigned char *prf_input = NULL; - char *label_str = NULL; if (use_context && context_len >= (1 << 16)) { ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -8952,15 +8951,11 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s } prf_input = mbedtls_calloc(prf_input_len, sizeof(unsigned char)); - label_str = mbedtls_calloc(label_len + 1, sizeof(char)); - if (prf_input == NULL || label_str == NULL) { + if (prf_input == NULL) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; } - memcpy(label_str, label, label_len); - label_str[label_len] = '\0'; - /* The input to the PRF is client_random, then server_random. * If a context is provided, this is then followed by the context length * as a 16-bit big-endian integer, and then the context itself. */ @@ -8971,13 +8966,13 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s prf_input[65] = (unsigned char) (context_len & 0xff); memcpy(prf_input + 66, context, context_len); } - ret = tls_prf_generic(hash_alg, ssl->session->master, 48, label_str, + ret = tls_prf_generic(hash_alg, ssl->session->master, 48, + label, label_len, prf_input, prf_input_len, out, key_len); exit: mbedtls_free(prf_input); - mbedtls_free(label_str); return ret; } #endif From 155cea090025bc9846a66c0889c66b62330c38ce Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 23 Oct 2024 16:32:54 +0200 Subject: [PATCH 0390/1548] Use fewer magic numbers in TLS-Exporter functions Signed-off-by: Max Fillinger --- library/ssl_tls.c | 47 +++++++++++++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 18 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a62d4e1962..d8fbd77b91 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8942,36 +8942,43 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s const int use_context) { int ret = 0; - size_t prf_input_len = use_context ? 64 + 2 + context_len : 64; unsigned char *prf_input = NULL; - if (use_context && context_len >= (1 << 16)) { - ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - goto exit; + /* The input to the PRF is client_random, then server_random. + * If a context is provided, this is then followed by the context length + * as a 16-bit big-endian integer, and then the context itself. */ + const size_t randbytes_len = MBEDTLS_CLIENT_HELLO_RANDOM_LEN + MBEDTLS_SERVER_HELLO_RANDOM_LEN; + size_t prf_input_len = randbytes_len; + if (use_context) { + if (context_len > UINT16_MAX) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + /* This does not overflow a 32-bit size_t because the current value of + * prf_input_len is 64 (length of client_random + server_random) and + * context_len fits into two bytes (checked above). */ + prf_input_len += sizeof(uint16_t) + context_len; } prf_input = mbedtls_calloc(prf_input_len, sizeof(unsigned char)); if (prf_input == NULL) { - ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; - goto exit; + return MBEDTLS_ERR_SSL_ALLOC_FAILED; } - /* The input to the PRF is client_random, then server_random. - * If a context is provided, this is then followed by the context length - * as a 16-bit big-endian integer, and then the context itself. */ - memcpy(prf_input, ssl->transform->randbytes + 32, 32); - memcpy(prf_input + 32, ssl->transform->randbytes, 32); + memcpy(prf_input, + ssl->transform->randbytes + MBEDTLS_SERVER_HELLO_RANDOM_LEN, + MBEDTLS_CLIENT_HELLO_RANDOM_LEN); + memcpy(prf_input + MBEDTLS_CLIENT_HELLO_RANDOM_LEN, + ssl->transform->randbytes, + MBEDTLS_SERVER_HELLO_RANDOM_LEN); if (use_context) { - prf_input[64] = (unsigned char) ((context_len >> 8) & 0xff); - prf_input[65] = (unsigned char) (context_len & 0xff); - memcpy(prf_input + 66, context, context_len); + MBEDTLS_PUT_UINT16_BE(context_len, prf_input, randbytes_len); + memcpy(prf_input + randbytes_len + sizeof(uint16_t), context, context_len); } - ret = tls_prf_generic(hash_alg, ssl->session->master, 48, + ret = tls_prf_generic(hash_alg, ssl->session->master, sizeof(ssl->session->master), label, label_len, prf_input, prf_input_len, out, key_len); - -exit: mbedtls_free(prf_input); return ret; } @@ -8991,7 +8998,11 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, const size_t hash_len = PSA_HASH_LENGTH(hash_alg); const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; - if (key_len > 0xffff || label_len > 250) { + /* Check that the label and key_len fit into the HkdfLabel struct as defined + * in RFC 8446, Section 7.1. key_len must fit into an uint16 and the label + * must be at most 250 bytes long. (The struct allows up to 256 bytes for + * the label, but it is prefixed with "tls13 ".) */ + if (key_len > UINT16_MAX || label_len > 250) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } From dbe864569e247fd481678bf4d08d8c2a06906829 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 23 Oct 2024 17:21:40 +0200 Subject: [PATCH 0391/1548] Fix typos in comments Signed-off-by: Max Fillinger --- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index e443635b00..ffb2afaac6 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -541,7 +541,7 @@ struct options { int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ const char *exp_label; /* label to input into mbedtls_ssl_export_keying_material() */ - int exp_len; /* Lenght of key to export using mbedtls_ssl_export_keying_material() */ + int exp_len; /* Length of key to export using mbedtls_ssl_export_keying_material() */ #if defined(MBEDTLS_SSL_EARLY_DATA) int early_data; /* early data enablement flag */ #endif diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 88d2e3deaf..881c9fa77e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -615,7 +615,7 @@ struct options { int event; /* loop or event-driven IO? level or edge triggered? */ uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */ const char *exp_label; /* label to input into mbedtls_ssl_export_keying_material() */ - int exp_len; /* Lenght of key to export using mbedtls_ssl_export_keying_material() */ + int exp_len; /* Length of key to export using mbedtls_ssl_export_keying_material() */ int response_size; /* pad response with header to requested size */ uint16_t buffer_size; /* IO buffer size */ const char *ca_file; /* the file with the CA certificate(s) */ From c9f2c9adbac2cf5d88ef35861163690d204ae79d Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 23 Oct 2024 17:24:03 +0200 Subject: [PATCH 0392/1548] Revert "Store randbytes for TLS 1.2 TLS-Exporter" This reverts commit cb01dd1333f8083af469e9a0c59f316f1eb0cfe3. Signed-off-by: Max Fillinger --- library/ssl_misc.h | 6 +++--- library/ssl_tls.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 0f74cd5303..e51a3df5ed 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1118,10 +1118,10 @@ struct mbedtls_ssl_transform { unsigned char out_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) /* We need the Hello random bytes in order to re-derive keys from the - * Master Secret and other session info, see ssl_tls12_populate_transform(). - * They are also needed for the TLS 1.2 TLS-Exporter. */ + * Master Secret and other session info, + * see ssl_tls12_populate_transform() */ unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN + MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; /*!< ServerHello.random+ClientHello.random */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d8fbd77b91..f1b7994440 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7746,7 +7746,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ transform->tls_version = tls_version; -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) memcpy(transform->randbytes, randbytes, sizeof(transform->randbytes)); #endif From 281fb791166465ad50db97e4b0e47f51e9b2d867 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 23 Oct 2024 18:35:09 +0200 Subject: [PATCH 0393/1548] Remove TLS 1.2 Exporter if we don't have randbytes The TLS-Exporter in TLS 1.2 requires client_random and server_random. Unless MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined, these aren't stored after the handshake is completed. Therefore, mbedtls_ssl_export_keying_material() exists only if either MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined or MBEDTLS_SSL_PROTO_TLS1_2 is *not* defined. Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 2 ++ library/ssl_tls.c | 9 +++++++-- programs/ssl/ssl_client2.c | 12 +++++++----- programs/ssl/ssl_server2.c | 12 +++++++----- 4 files changed, 23 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index d88e67cec5..9ded4e6d22 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5407,11 +5407,13 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * * \return 0 on success. An SSL specific error on failure. */ + #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2) int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, const char *label, const size_t label_len, const unsigned char *context, const size_t context_len, const int use_context); +#endif #ifdef __cplusplus } #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f1b7994440..e4450b681d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8930,6 +8930,9 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2) + #if defined(MBEDTLS_SSL_PROTO_TLS1_2) static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *ssl, const mbedtls_md_type_t hash_alg, @@ -8982,7 +8985,7 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s mbedtls_free(prf_input); return ret; } -#endif +#endif /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, @@ -9010,7 +9013,7 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, (const unsigned char *) label, label_len, context, context_len, out, key_len); } -#endif +#endif /* defined(MBEDTLS_SSL_PROTO_TLS1_3) */ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, @@ -9049,4 +9052,6 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, } } +#endif /* defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2) */ + #endif /* MBEDTLS_SSL_TLS_C */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index ffb2afaac6..9e38f690af 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -336,7 +336,11 @@ int main(void) " in the form of base64 code (serialize option\n" \ " must be set)\n" \ " default: \"\" (do nothing)\n" \ - " option: a file path\n" + " option: a file path\n" \ + " exp_label=%%s Label to input into TLS-Exporter\n" \ + " default: None (don't try to export a key)\n" \ + " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ + " default: 20\n" #else #define USAGE_SERIALIZATION "" #endif @@ -391,10 +395,6 @@ int main(void) " read_timeout=%%d default: 0 ms (no timeout)\n" \ " max_resend=%%d default: 0 (no resend on timeout)\n" \ " skip_close_notify=%%d default: 0 (send close_notify)\n" \ - " exp_label=%%s Label to input into TLS-Exporter\n" \ - " default: None (don't try to export a key)\n" \ - " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ - " default: 20\n" \ "\n" \ USAGE_DTLS \ USAGE_CID \ @@ -2499,6 +2499,7 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) if (opt.exp_label != NULL && opt.exp_len > 0) { unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); if (exported_key == NULL) { @@ -2521,6 +2522,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n\n"); fflush(stdout); } +#endif /* defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) */ /* * 6. Write the GET request diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 881c9fa77e..9eab6cddb1 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -471,7 +471,11 @@ int main(void) " in the form of base64 code (serialize option\n" \ " must be set)\n" \ " default: \"\" (do nothing)\n" \ - " option: a file path\n" + " option: a file path\n" \ + " exp_label=%%s Label to input into TLS-Exporter\n" \ + " default: None (don't try to export a key)\n" \ + " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ + " default: 20\n" #else #define USAGE_SERIALIZATION "" #endif @@ -519,10 +523,6 @@ int main(void) " event=%%d default: 0 (loop)\n" \ " options: 1 (level-triggered, implies nbio=1),\n" \ " read_timeout=%%d default: 0 ms (no timeout)\n" \ - " exp_label=%%s Label to input into TLS-Exporter\n" \ - " default: None (don't try to export a key)\n" \ - " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ - " default: 20\n" \ "\n" \ USAGE_DTLS \ USAGE_SRTP \ @@ -3619,6 +3619,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n"); } +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) if (opt.exp_label != NULL && opt.exp_len > 0) { unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); if (exported_key == NULL) { @@ -3641,6 +3642,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n\n"); fflush(stdout); } +#endif /* defined(MBEDTLS_SSL_CONTEXT_SERIALZIATION) */ #if defined(MBEDTLS_SSL_DTLS_SRTP) else if (opt.use_srtp != 0) { From 2fe35f61bf90ea0d589ce2485482356a1263c017 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 25 Oct 2024 00:52:24 +0200 Subject: [PATCH 0394/1548] Create MBEDTLS_SSL_KEYING_MATERIAL_EXPORT option Add the option MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to mbedtls_config.h to control if the function mbedtls_ssl_export_keying_material() should be available. By default, the option is disabled. This is because the exporter for TLS 1.2 requires client_random and server_random need to be stored after the handshake is complete. Signed-off-by: Max Fillinger --- include/mbedtls/mbedtls_config.h | 14 ++++++++++++++ include/mbedtls/ssl.h | 10 +++++++++- library/ssl_misc.h | 7 ++++--- library/ssl_tls.c | 7 +++---- programs/ssl/ssl_client2.c | 21 ++++++++++++++------- programs/ssl/ssl_server2.c | 15 +++++++++++---- 6 files changed, 55 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 2dc475b9f7..ca1486dbdf 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -737,6 +737,20 @@ */ //#define MBEDTLS_SSL_RECORD_SIZE_LIMIT +/* + * \def MBEDTLS_SSL_KEYING_MATERIAL_EXPORT + * + * When this option is enabled, the client and server can extract additional + * shared symmetric keys after an SSL handshake using the function + * mbedtls_ssl_export_keying_material(). + * + * The process for deriving the keys is specified in RFC 5705 for TLS 1.2 and + * in RFC 8446, Section 7.5, for TLS 1.3. + * + * Uncomment this macro to enable mbedtls_ssl_export_keying_material(). + */ +//#define MBEDTLS_SSL_KEYING_MATERIAL_EXPORT + /** * \def MBEDTLS_SSL_RENEGOTIATION * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 9ded4e6d22..8383ead054 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -676,6 +676,14 @@ union mbedtls_ssl_premaster_secret { /* Length in number of bytes of the TLS sequence number */ #define MBEDTLS_SSL_SEQUENCE_NUMBER_LEN 8 +/* Helper to state that client_random and server_random need to be stored + * after the handshake is complete. This is required for context serialization + * and for the keying material exporter in TLS 1.2. */ +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || \ + (defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) && defined(MBEDTLS_SSL_PROTO_TLS1_2)) +#define MBEDTLS_SSL_KEEP_RANDBYTES +#endif + #ifdef __cplusplus extern "C" { #endif @@ -5407,7 +5415,7 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * * \return 0 on success. An SSL specific error on failure. */ - #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, const char *label, const size_t label_len, diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e51a3df5ed..596e7bc833 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1118,10 +1118,11 @@ struct mbedtls_ssl_transform { unsigned char out_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +#if defined(MBEDTLS_SSL_KEEP_RANDBYTES) /* We need the Hello random bytes in order to re-derive keys from the - * Master Secret and other session info, - * see ssl_tls12_populate_transform() */ + * Master Secret and other session info and for the keying material + * exporter in TLS 1.2. + * See ssl_tls12_populate_transform() */ unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN + MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; /*!< ServerHello.random+ClientHello.random */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e4450b681d..c20a68d2e0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7746,7 +7746,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */ transform->tls_version = tls_version; -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +#if defined(MBEDTLS_SSL_KEEP_RANDBYTES) memcpy(transform->randbytes, randbytes, sizeof(transform->randbytes)); #endif @@ -8930,8 +8930,7 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *ssl, @@ -9052,6 +9051,6 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, } } -#endif /* defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || !defined(MBEDTLS_SSL_PROTO_TLS1_2) */ +#endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ #endif /* MBEDTLS_SSL_TLS_C */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 9e38f690af..061096bdf0 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -336,11 +336,7 @@ int main(void) " in the form of base64 code (serialize option\n" \ " must be set)\n" \ " default: \"\" (do nothing)\n" \ - " option: a file path\n" \ - " exp_label=%%s Label to input into TLS-Exporter\n" \ - " default: None (don't try to export a key)\n" \ - " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ - " default: 20\n" + " option: a file path\n" #else #define USAGE_SERIALIZATION "" #endif @@ -370,6 +366,16 @@ int main(void) #define USAGE_TLS1_3_KEY_EXCHANGE_MODES "" #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ +#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) +#define USAGE_EXPORT \ + " exp_label=%%s Label to input into TLS-Exporter\n" \ + " default: None (don't try to export a key)\n" \ + " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ + " default: 20\n" +#else +#define USAGE_EXPORT "" +#endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ + /* USAGE is arbitrarily split to stay under the portable string literal * length limit: 4095 bytes in C99. */ #define USAGE1 \ @@ -456,6 +462,7 @@ int main(void) " otherwise. The expansion of the macro\n" \ " is printed if it is defined\n" \ USAGE_SERIALIZATION \ + USAGE_EXPORT \ "\n" /* @@ -2499,7 +2506,7 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) if (opt.exp_label != NULL && opt.exp_len > 0) { unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); if (exported_key == NULL) { @@ -2522,7 +2529,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n\n"); fflush(stdout); } -#endif /* defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) */ +#endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ /* * 6. Write the GET request diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 9eab6cddb1..5186006886 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -471,13 +471,19 @@ int main(void) " in the form of base64 code (serialize option\n" \ " must be set)\n" \ " default: \"\" (do nothing)\n" \ - " option: a file path\n" \ + " option: a file path\n" +#else +#define USAGE_SERIALIZATION "" +#endif + +#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) +#define USAGE_EXPORT \ " exp_label=%%s Label to input into TLS-Exporter\n" \ " default: None (don't try to export a key)\n" \ " exp_len=%%d Length of key to extract from TLS-Exporter \n" \ " default: 20\n" #else -#define USAGE_SERIALIZATION "" +#define USAGE_EXPORT "" #endif #define USAGE_KEY_OPAQUE_ALGS \ @@ -587,6 +593,7 @@ int main(void) " otherwise. The expansion of the macro\n" \ " is printed if it is defined\n" \ USAGE_SERIALIZATION \ + USAGE_EXPORT \ "\n" #define PUT_UINT64_BE(out_be, in_le, i) \ @@ -3619,7 +3626,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n"); } -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) if (opt.exp_label != NULL && opt.exp_len > 0) { unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); if (exported_key == NULL) { @@ -3642,7 +3649,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n\n"); fflush(stdout); } -#endif /* defined(MBEDTLS_SSL_CONTEXT_SERIALZIATION) */ +#endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ #if defined(MBEDTLS_SSL_DTLS_SRTP) else if (opt.use_srtp != 0) { From 51bec543bb90092c81548bc6297f21d6ff67bac2 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 28 Oct 2024 13:14:39 +0100 Subject: [PATCH 0395/1548] Enable MBEDTLS_SSL_KEYING_MATERIAL_EXPORT by default Signed-off-by: Max Fillinger --- include/mbedtls/mbedtls_config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index ca1486dbdf..40e16e108a 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -747,9 +747,9 @@ * The process for deriving the keys is specified in RFC 5705 for TLS 1.2 and * in RFC 8446, Section 7.5, for TLS 1.3. * - * Uncomment this macro to enable mbedtls_ssl_export_keying_material(). + * Comment this macro to disable mbedtls_ssl_export_keying_material(). */ -//#define MBEDTLS_SSL_KEYING_MATERIAL_EXPORT +#define MBEDTLS_SSL_KEYING_MATERIAL_EXPORT /** * \def MBEDTLS_SSL_RENEGOTIATION From 07473882541ee08aa886b0152f75ce23be45dbe5 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 28 Oct 2024 14:44:25 +0100 Subject: [PATCH 0396/1548] Fix #endif comment Signed-off-by: Max Fillinger --- library/ssl_misc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 596e7bc833..9a2485db9d 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1126,7 +1126,7 @@ struct mbedtls_ssl_transform { unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN + MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; /*!< ServerHello.random+ClientHello.random */ -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ +#endif /* defined(MBEDTLS_SSL_KEEP_RANDBYTES) */ }; /* From a5b63c5e40c438a2aedc434890acb4b9459b17c4 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 28 Oct 2024 14:46:46 +0100 Subject: [PATCH 0397/1548] Mention MBEDTLS_SSL_KEYING_MATERIAL_EXPORT in change log Signed-off-by: Max Fillinger --- ChangeLog.d/add-tls-exporter.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog.d/add-tls-exporter.txt b/ChangeLog.d/add-tls-exporter.txt index 2b06c5f294..1aea653e09 100644 --- a/ChangeLog.d/add-tls-exporter.txt +++ b/ChangeLog.d/add-tls-exporter.txt @@ -2,3 +2,5 @@ Features * Add the function mbedtls_ssl_export_keying_material() which allows the client and server to extract additional shared symmetric keys from an SSL session, according to the TLS-Exporter specification in RFC 8446 and 5705. + This requires MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to be defined in + mbedtls_config.h. From cf007ca8bba163c73f947eafaa527e2b94073f75 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Tue, 29 Oct 2024 16:57:09 +0100 Subject: [PATCH 0398/1548] Add more tests for keying material export Signed-off-by: Max Fillinger --- tests/include/test/ssl_helpers.h | 7 + tests/src/test_helpers/ssl_helpers.c | 49 ++++++ tests/suites/test_suite_ssl.data | 64 ++++++++ tests/suites/test_suite_ssl.function | 231 ++++++++++++++++++++++++++- 4 files changed, 350 insertions(+), 1 deletion(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 3ba314f832..772278135a 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -589,6 +589,13 @@ int mbedtls_test_ssl_exchange_data( mbedtls_ssl_context *ssl_2, int msg_len_2, const int expected_fragments_2); +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +int mbedtls_test_ssl_do_handshake_with_endpoints( + mbedtls_test_ssl_endpoint *server_ep, + mbedtls_test_ssl_endpoint *client_ep, + mbedtls_ssl_protocol_version proto); +#endif /* defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) */ + #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) void mbedtls_test_ssl_perform_handshake( mbedtls_test_handshake_test_options *options); diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index bffb35372b..65ad10c6f4 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2028,6 +2028,55 @@ static int check_ssl_version( } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +int mbedtls_test_ssl_do_handshake_with_endpoints( + mbedtls_test_ssl_endpoint *server_ep, + mbedtls_test_ssl_endpoint *client_ep, + mbedtls_ssl_protocol_version proto) +{ + enum { BUFFSIZE = 1024 }; + + int ret = -1; + mbedtls_test_handshake_test_options options; + + mbedtls_test_init_handshake_options(&options); + options.server_min_version = proto; + options.client_min_version = proto; + options.server_max_version = proto; + options.client_max_version = proto; + + ret = mbedtls_test_ssl_endpoint_init(client_ep, MBEDTLS_SSL_IS_CLIENT, &options, + NULL, NULL, NULL); + if (ret != 0) { + return ret; + } + ret = mbedtls_test_ssl_endpoint_init(server_ep, MBEDTLS_SSL_IS_SERVER, &options, + NULL, NULL, NULL); + if (ret != 0) { + return ret; + } + + ret = mbedtls_test_mock_socket_connect(&client_ep->socket, &server_ep->socket, BUFFSIZE); + if (ret != 0) { + return ret; + } + + ret = mbedtls_test_move_handshake_to_state(&server_ep->ssl, &client_ep->ssl, MBEDTLS_SSL_HANDSHAKE_OVER); + if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + return ret; + } + ret = mbedtls_test_move_handshake_to_state(&client_ep->ssl, &server_ep->ssl, MBEDTLS_SSL_HANDSHAKE_OVER); + if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + return ret; + } + if (!mbedtls_ssl_is_handshake_over(&client_ep->ssl) || !mbedtls_ssl_is_handshake_over(&server_ep->ssl)) { + return -1; + } + + return 0; +} +#endif /* defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) */ + #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) void mbedtls_test_ssl_perform_handshake( mbedtls_test_handshake_test_options *options) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 25cb965e85..ad0d2851f3 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3334,3 +3334,67 @@ tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:3:3 TLS 1.3 srv, max early data size, HRR, 98, wsz=49 tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 + +TLS 1.2 Keying Material Exporter: Consistent results, no context +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:24:0 + +TLS 1.2 Keying Material Exporter: Consistent results, with context +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:24:1 + +TLS 1.2 Keying Material Exporter: Consistent results, large keys +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:UINT16_MAX:0 + +TLS 1.2 Keying Material Exporter: Uses label +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +ssl_tls_exporter_uses_label:MBEDTLS_SSL_VERSION_TLS1_2 + +TLS 1.2 Keying Material Exporter: Uses context +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +ssl_tls_exporter_uses_context:MBEDTLS_SSL_VERSION_TLS1_2 + +TLS 1.2 Keying Material Exporter: Context too long +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_2:24:251:UINT16_MAX + 1 + +TLS 1.2 Keying Material Exporter: Handshake not done +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_2:1:MBEDTLS_SSL_SERVER_CERTIFICATE + +TLS 1.3 Keying Material Exporter: Consistent results, no context +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:0 + +TLS 1.3 Keying Material Exporter: Consistent results, with context +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:1 + +TLS 1.3 Keying Material Exporter: Consistent results, large keys +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:UINT16_MAX:0 + +TLS 1.3 Keying Material Exporter: Uses label +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +ssl_tls_exporter_uses_label:MBEDTLS_SSL_VERSION_TLS1_3 + +TLS 1.3 Keying Material Exporter: Uses context +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +ssl_tls_exporter_uses_context:MBEDTLS_SSL_VERSION_TLS1_3 + +TLS 1.3 Keying Material Exporter: Uses length +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +ssl_tls13_exporter_uses_length + +TLS 1.3 Keying Material Exporter: Exported key too long +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:UINT16_MAX + 1:20:20 + +TLS 1.3 Keying Material Exporter: Label too long +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:24:251:10 + +TLS 1.3 Keying Material Exporter: Handshake not done +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_3:1:MBEDTLS_SSL_SERVER_CERTIFICATE diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index ab61e03465..33012493e9 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1695,7 +1695,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ void ssl_tls13_exporter(int hash_alg, data_t *secret, char *label, @@ -5229,5 +5229,234 @@ exit: mbedtls_debug_set_threshold(0); mbedtls_free(first_frag); PSA_DONE(); +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int use_context) +{ + /* Test that the client and server generate the same key. */ + + int ret = -1; + uint8_t *key_buffer_server = NULL; + uint8_t *key_buffer_client = NULL; + mbedtls_test_ssl_endpoint client_ep, server_ep; + + MD_OR_USE_PSA_INIT(); + + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, proto); + TEST_ASSERT(ret == 0); + + TEST_ASSERT(exported_key_length > 0); + TEST_CALLOC(key_buffer_server, exported_key_length); + TEST_CALLOC(key_buffer_client, exported_key_length); + + char label[] = "test-label"; + unsigned char context[128] = { 0 }; + ret = mbedtls_ssl_export_keying_material(&server_ep.ssl, + key_buffer_server, (size_t)exported_key_length, + label, sizeof(label), + context, sizeof(context), use_context); + TEST_ASSERT(ret == 0); + ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, + key_buffer_client, (size_t)exported_key_length, + label, sizeof(label), + context, sizeof(context), use_context); + TEST_ASSERT(ret == 0); + TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, (size_t)exported_key_length) == 0); + +exit: + MD_OR_USE_PSA_DONE(); + mbedtls_free(key_buffer_server); + mbedtls_free(key_buffer_client); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +void ssl_tls_exporter_uses_label(int proto) +{ + /* Test that the client and server export different keys when using different labels. */ + + int ret = -1; + mbedtls_test_ssl_endpoint client_ep, server_ep; + + MD_OR_USE_PSA_INIT(); + + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, proto); + TEST_ASSERT(ret == 0); + + char label_server[] = "test-label-server"; + char label_client[] = "test-label-client"; + uint8_t key_buffer_server[24] = { 0 }; + uint8_t key_buffer_client[24] = { 0 }; + unsigned char context[128] = { 0 }; + ret = mbedtls_ssl_export_keying_material(&server_ep.ssl, + key_buffer_server, sizeof(key_buffer_server), + label_server, sizeof(label_server), + context, sizeof(context), 1); + TEST_ASSERT(ret == 0); + ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, + key_buffer_client, sizeof(key_buffer_client), + label_client, sizeof(label_client), + context, sizeof(context), 1); + TEST_ASSERT(ret == 0); + TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); + +exit: + MD_OR_USE_PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +void ssl_tls_exporter_uses_context(int proto) +{ + /* Test that the client and server export different keys when using different contexts. */ + + int ret = -1; + mbedtls_test_ssl_endpoint client_ep, server_ep; + + MD_OR_USE_PSA_INIT(); + + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, proto); + TEST_ASSERT(ret == 0); + + char label[] = "test-label"; + uint8_t key_buffer_server[24] = { 0 }; + uint8_t key_buffer_client[24] = { 0 }; + unsigned char context_server[128] = { 0 }; + unsigned char context_client[128] = { 23 }; + ret = mbedtls_ssl_export_keying_material(&server_ep.ssl, + key_buffer_server, sizeof(key_buffer_server), + label, sizeof(label), + context_server, sizeof(context_server), 1); + TEST_ASSERT(ret == 0); + ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, + key_buffer_client, sizeof(key_buffer_client), + label, sizeof(label), + context_client, sizeof(context_client), 1); + TEST_ASSERT(ret == 0); + TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); + +exit: + MD_OR_USE_PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +void ssl_tls13_exporter_uses_length(void) +{ + /* In TLS 1.3, when two keys are exported with the same parameters except one is shorter, + * the shorter key should NOT be a prefix of the longer one. */ + + int ret = -1; + mbedtls_test_ssl_endpoint client_ep, server_ep; + + MD_OR_USE_PSA_INIT(); + + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, MBEDTLS_SSL_VERSION_TLS1_3); + TEST_ASSERT(ret == 0); + + char label[] = "test-label"; + uint8_t key_buffer_server[16] = { 0 }; + uint8_t key_buffer_client[24] = { 0 }; + unsigned char context[128] = { 0 }; + ret = mbedtls_ssl_export_keying_material(&server_ep.ssl, + key_buffer_server, sizeof(key_buffer_server), + label, sizeof(label), + context, sizeof(context), 1); + TEST_ASSERT(ret == 0); + ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, + key_buffer_client, sizeof(key_buffer_client), + label, sizeof(label), + context, sizeof(context), 1); + TEST_ASSERT(ret == 0); + TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); + +exit: + MD_OR_USE_PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +void ssl_tls_exporter_rejects_bad_parameters( + int proto, int exported_key_length, int label_length, int context_length) +{ + MD_OR_USE_PSA_INIT(); + + int ret = -1; + uint8_t *key_buffer = NULL; + char *label = NULL; + uint8_t *context = NULL; + mbedtls_test_ssl_endpoint client_ep, server_ep; + + TEST_ASSERT(exported_key_length > 0); + TEST_ASSERT(label_length > 0); + TEST_ASSERT(context_length > 0); + TEST_CALLOC(key_buffer, exported_key_length); + TEST_CALLOC(label, label_length); + TEST_CALLOC(context, context_length); + + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, proto); + TEST_ASSERT(ret == 0); + + ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, + key_buffer, exported_key_length, + label, label_length, + context, context_length, 1); + TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + +exit: + MD_OR_USE_PSA_DONE(); + mbedtls_free(key_buffer); + mbedtls_free(label); + mbedtls_free(context); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +void ssl_tls_exporter_too_early(int proto, int check_server, int state) +{ + enum { BUFFSIZE = 1024 }; + + int ret = -1; + mbedtls_test_ssl_endpoint server_ep, client_ep; + + mbedtls_test_handshake_test_options options; + mbedtls_test_init_handshake_options(&options); + options.server_min_version = proto; + options.client_min_version = proto; + options.server_max_version = proto; + options.client_max_version = proto; + + MD_OR_USE_PSA_INIT(); + + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, &options, + NULL, NULL, NULL); + TEST_ASSERT(ret == 0); + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &options, + NULL, NULL, NULL); + TEST_ASSERT(ret == 0); + + ret = mbedtls_test_mock_socket_connect(&client_ep.socket, &server_ep.socket, BUFFSIZE); + TEST_ASSERT(ret == 0); + + if (check_server) { + ret = mbedtls_test_move_handshake_to_state(&server_ep.ssl, &client_ep.ssl, state); + } else { + ret = mbedtls_test_move_handshake_to_state(&client_ep.ssl, &server_ep.ssl, state); + } + TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_WANT_READ || MBEDTLS_ERR_SSL_WANT_WRITE); + + char label[] = "test-label"; + uint8_t key_buffer[24] = { 0 }; + ret = mbedtls_ssl_export_keying_material(check_server ? &server_ep.ssl : &client_ep.ssl, + key_buffer, sizeof(key_buffer), + label, sizeof(label), + NULL, 0, 0); + + /* FIXME: A more appropriate error code should be created for this case. */ + TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + +exit: + MD_OR_USE_PSA_DONE(); } /* END_CASE */ From 28916ac8feb83852de9f94f7d2dcb6857d17991d Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Tue, 29 Oct 2024 18:49:30 +0100 Subject: [PATCH 0399/1548] Increase allowed output size of HKDF-Expand-Label Signed-off-by: Max Fillinger --- library/ssl_tls13_keys.c | 12 +++++------- library/ssl_tls13_keys.h | 12 +++++------- tests/suites/test_suite_ssl.data | 2 +- 3 files changed, 11 insertions(+), 15 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index ef897e88be..895176d0c6 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -107,15 +107,13 @@ static void ssl_tls13_hkdf_encode_label( unsigned char *p = dst; - /* Add the size of the expanded key material. - * We're hardcoding the high byte to 0 here assuming that we never use - * TLS 1.3 HKDF key expansion to more than 255 Bytes. */ -#if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > 255 -#error "The implementation of ssl_tls13_hkdf_encode_label() is not fit for the \ - value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN" + /* Add the size of the expanded key material. */ +#if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > UINT16_MAX +#error "The desired key length must fit into an uint16 but \ + MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN is greater than UINT16_MAX" #endif - *p++ = 0; + *p++ = MBEDTLS_BYTE_1(desired_length); *p++ = MBEDTLS_BYTE_0(desired_length); /* Add label incl. prefix */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index a4b012f36e..31ffe4481e 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -70,13 +70,11 @@ extern const struct mbedtls_ssl_tls13_labels_struct mbedtls_ssl_tls13_labels; PSA_HASH_MAX_SIZE /* Maximum desired length for expanded key material generated - * by HKDF-Expand-Label. - * - * Warning: If this ever needs to be increased, the implementation - * ssl_tls13_hkdf_encode_label() in ssl_tls13_keys.c needs to be - * adjusted since it currently assumes that HKDF key expansion - * is never used with more than 255 Bytes of output. */ -#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN 255 + * by HKDF-Expand-Label. This algorithm can output up to 255 * hash_size + * bytes of key material where hash_size is the output size of the + * underlying hash function. */ +#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN \ + (255 * MBEDTLS_TLS1_3_MD_MAX_SIZE) /** * \brief The \c HKDF-Expand-Label function from diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index ad0d2851f3..2f3b1ebee6 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3373,7 +3373,7 @@ ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:1 TLS 1.3 Keying Material Exporter: Consistent results, large keys depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:UINT16_MAX:0 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:1024:0 TLS 1.3 Keying Material Exporter: Uses label depends_on:MBEDTLS_SSL_PROTO_TLS1_3 From 3e1291866d50de06be5201163b876b0ed21da39f Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Tue, 29 Oct 2024 19:18:54 +0100 Subject: [PATCH 0400/1548] Fix output size check for key material exporter HKDF-Expand can produce at most 255 * hash_size bytes of key material, so this limit applies to the TLS 1.3 key material exporter. Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 3 ++- library/ssl_tls.c | 15 ++++++++++----- tests/suites/test_suite_ssl.data | 4 ++-- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8383ead054..e3772891b0 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5401,7 +5401,8 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * * \param ssl SSL context from which to export keys. Must have finished the handshake. * \param out Output buffer of length at least key_len bytes. - * \param key_len Length of the key to generate in bytes. Must be < 2^16 in TLS 1.3. + * \param key_len Length of the key to generate in bytes. In TLS 1.3, this can be at most + * 8160 if SHA256 is used as hash function or 12240 if SHA384 is used. * \param label Label for which to generate the key of length label_len. * \param label_len Length of label in bytes. Must be < 251 in TLS 1.3. * \param context Context of the key. Can be NULL if context_len or use_context is 0. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c20a68d2e0..79bd623ebd 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9000,11 +9000,16 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, const size_t hash_len = PSA_HASH_LENGTH(hash_alg); const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; - /* Check that the label and key_len fit into the HkdfLabel struct as defined - * in RFC 8446, Section 7.1. key_len must fit into an uint16 and the label - * must be at most 250 bytes long. (The struct allows up to 256 bytes for - * the label, but it is prefixed with "tls13 ".) */ - if (key_len > UINT16_MAX || label_len > 250) { + /* Validate the length of the label and the desired key length. The key + * length can be at most 255 * hash_len by definition of HKDF-Expand in + * RFC 5869. + * + * The length of the label must be at most 250 bytes long to fit into the + * HkdfLabel struct as defined in RFC 8446, Section 7.1. This struct also + * requires that key_len fits into a uint16, but until we have to deal with + * a hash function with more than 2048 bits of output, the 255 * hash_len + * limit will guarantee that. */ + if (key_len > 255 * hash_len || label_len > 250) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 2f3b1ebee6..692cb9ba74 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3373,7 +3373,7 @@ ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:1 TLS 1.3 Keying Material Exporter: Consistent results, large keys depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:1024:0 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:255 * 32:0 TLS 1.3 Keying Material Exporter: Uses label depends_on:MBEDTLS_SSL_PROTO_TLS1_3 @@ -3389,7 +3389,7 @@ ssl_tls13_exporter_uses_length TLS 1.3 Keying Material Exporter: Exported key too long depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:UINT16_MAX + 1:20:20 +ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:255 * 48 + 1:20:20 TLS 1.3 Keying Material Exporter: Label too long depends_on:MBEDTLS_SSL_PROTO_TLS1_3 From 8f12e312234466e7a8633a1d14860e932dbfb0e7 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 30 Oct 2024 00:29:37 +0100 Subject: [PATCH 0401/1548] Exportert tests: Free endpoints and options Signed-off-by: Max Fillinger --- tests/include/test/ssl_helpers.h | 1 + tests/src/test_helpers/ssl_helpers.c | 16 +++++++------- tests/suites/test_suite_ssl.function | 33 +++++++++++++++++++++++----- 3 files changed, 37 insertions(+), 13 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 772278135a..769749da4f 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -593,6 +593,7 @@ int mbedtls_test_ssl_exchange_data( int mbedtls_test_ssl_do_handshake_with_endpoints( mbedtls_test_ssl_endpoint *server_ep, mbedtls_test_ssl_endpoint *client_ep, + mbedtls_test_handshake_test_options *options, mbedtls_ssl_protocol_version proto); #endif /* defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 65ad10c6f4..354ca13bfc 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2032,25 +2032,25 @@ static int check_ssl_version( int mbedtls_test_ssl_do_handshake_with_endpoints( mbedtls_test_ssl_endpoint *server_ep, mbedtls_test_ssl_endpoint *client_ep, + mbedtls_test_handshake_test_options *options, mbedtls_ssl_protocol_version proto) { enum { BUFFSIZE = 1024 }; int ret = -1; - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); - options.server_min_version = proto; - options.client_min_version = proto; - options.server_max_version = proto; - options.client_max_version = proto; + mbedtls_test_init_handshake_options(options); + options->server_min_version = proto; + options->client_min_version = proto; + options->server_max_version = proto; + options->client_max_version = proto; - ret = mbedtls_test_ssl_endpoint_init(client_ep, MBEDTLS_SSL_IS_CLIENT, &options, + ret = mbedtls_test_ssl_endpoint_init(client_ep, MBEDTLS_SSL_IS_CLIENT, options, NULL, NULL, NULL); if (ret != 0) { return ret; } - ret = mbedtls_test_ssl_endpoint_init(server_ep, MBEDTLS_SSL_IS_SERVER, &options, + ret = mbedtls_test_ssl_endpoint_init(server_ep, MBEDTLS_SSL_IS_SERVER, options, NULL, NULL, NULL); if (ret != 0) { return ret; diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 33012493e9..099e0e10b0 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5240,10 +5240,11 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int uint8_t *key_buffer_server = NULL; uint8_t *key_buffer_client = NULL; mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); - ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, proto); + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); TEST_ASSERT(ret == 0); TEST_ASSERT(exported_key_length > 0); @@ -5266,6 +5267,9 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int exit: MD_OR_USE_PSA_DONE(); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_free_handshake_options(&options); mbedtls_free(key_buffer_server); mbedtls_free(key_buffer_client); } @@ -5278,10 +5282,11 @@ void ssl_tls_exporter_uses_label(int proto) int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); - ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, proto); + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); TEST_ASSERT(ret == 0); char label_server[] = "test-label-server"; @@ -5302,6 +5307,9 @@ void ssl_tls_exporter_uses_label(int proto) TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); exit: + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_free_handshake_options(&options); MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -5313,10 +5321,11 @@ void ssl_tls_exporter_uses_context(int proto) int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); - ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, proto); + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); TEST_ASSERT(ret == 0); char label[] = "test-label"; @@ -5337,6 +5346,9 @@ void ssl_tls_exporter_uses_context(int proto) TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); exit: + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_free_handshake_options(&options); MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -5349,10 +5361,11 @@ void ssl_tls13_exporter_uses_length(void) int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); - ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, MBEDTLS_SSL_VERSION_TLS1_3); + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, MBEDTLS_SSL_VERSION_TLS1_3); TEST_ASSERT(ret == 0); char label[] = "test-label"; @@ -5372,6 +5385,9 @@ void ssl_tls13_exporter_uses_length(void) TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); exit: + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_free_handshake_options(&options); MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -5387,6 +5403,7 @@ void ssl_tls_exporter_rejects_bad_parameters( char *label = NULL; uint8_t *context = NULL; mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options options; TEST_ASSERT(exported_key_length > 0); TEST_ASSERT(label_length > 0); @@ -5395,7 +5412,7 @@ void ssl_tls_exporter_rejects_bad_parameters( TEST_CALLOC(label, label_length); TEST_CALLOC(context, context_length); - ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, proto); + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); TEST_ASSERT(ret == 0); ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, @@ -5406,6 +5423,9 @@ void ssl_tls_exporter_rejects_bad_parameters( exit: MD_OR_USE_PSA_DONE(); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_free_handshake_options(&options); mbedtls_free(key_buffer); mbedtls_free(label); mbedtls_free(context); @@ -5458,5 +5478,8 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) exit: MD_OR_USE_PSA_DONE(); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_free_handshake_options(&options); } /* END_CASE */ From 8a2d2adf8cce4522629bf6b9805412ad7d90cc6d Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 30 Oct 2024 00:39:54 +0100 Subject: [PATCH 0402/1548] Exporter tests: Initialize allocated memory Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.function | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 099e0e10b0..b759d94690 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5251,6 +5251,9 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int TEST_CALLOC(key_buffer_server, exported_key_length); TEST_CALLOC(key_buffer_client, exported_key_length); + memset(key_buffer_server, 0, exported_key_length); + memset(key_buffer_client, 0, exported_key_length); + char label[] = "test-label"; unsigned char context[128] = { 0 }; ret = mbedtls_ssl_export_keying_material(&server_ep.ssl, @@ -5412,6 +5415,10 @@ void ssl_tls_exporter_rejects_bad_parameters( TEST_CALLOC(label, label_length); TEST_CALLOC(context, context_length); + memset(key_buffer, 0, exported_key_length); + memset(label, 0, label_length); + memset(context, 0, context_length); + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); TEST_ASSERT(ret == 0); From ea1e777c0189e7302f24fb547c53e16fb168e2f5 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 30 Oct 2024 00:49:10 +0100 Subject: [PATCH 0403/1548] Coding style cleanup Signed-off-by: Max Fillinger --- tests/src/test_helpers/ssl_helpers.c | 11 ++++++++--- tests/suites/test_suite_ssl.function | 11 +++++++---- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 354ca13bfc..672e94c2cb 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2061,15 +2061,20 @@ int mbedtls_test_ssl_do_handshake_with_endpoints( return ret; } - ret = mbedtls_test_move_handshake_to_state(&server_ep->ssl, &client_ep->ssl, MBEDTLS_SSL_HANDSHAKE_OVER); + ret = mbedtls_test_move_handshake_to_state(&server_ep->ssl, + &client_ep->ssl, + MBEDTLS_SSL_HANDSHAKE_OVER); if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { return ret; } - ret = mbedtls_test_move_handshake_to_state(&client_ep->ssl, &server_ep->ssl, MBEDTLS_SSL_HANDSHAKE_OVER); + ret = mbedtls_test_move_handshake_to_state(&client_ep->ssl, + &server_ep->ssl, + MBEDTLS_SSL_HANDSHAKE_OVER); if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { return ret; } - if (!mbedtls_ssl_is_handshake_over(&client_ep->ssl) || !mbedtls_ssl_is_handshake_over(&server_ep->ssl)) { + if (!mbedtls_ssl_is_handshake_over(&client_ep->ssl) || + !mbedtls_ssl_is_handshake_over(&server_ep->ssl)) { return -1; } diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index b759d94690..1961e2e7e0 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5257,16 +5257,16 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int char label[] = "test-label"; unsigned char context[128] = { 0 }; ret = mbedtls_ssl_export_keying_material(&server_ep.ssl, - key_buffer_server, (size_t)exported_key_length, + key_buffer_server, (size_t) exported_key_length, label, sizeof(label), context, sizeof(context), use_context); TEST_ASSERT(ret == 0); ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, - key_buffer_client, (size_t)exported_key_length, + key_buffer_client, (size_t) exported_key_length, label, sizeof(label), context, sizeof(context), use_context); TEST_ASSERT(ret == 0); - TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, (size_t)exported_key_length) == 0); + TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, (size_t) exported_key_length) == 0); exit: MD_OR_USE_PSA_DONE(); @@ -5368,7 +5368,10 @@ void ssl_tls13_exporter_uses_length(void) MD_OR_USE_PSA_INIT(); - ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, MBEDTLS_SSL_VERSION_TLS1_3); + ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, + &client_ep, + &options, + MBEDTLS_SSL_VERSION_TLS1_3); TEST_ASSERT(ret == 0); char label[] = "test-label"; From 364afea9d3f1c29633019d23c941c89ac985f6d6 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 30 Oct 2024 18:58:50 +0100 Subject: [PATCH 0404/1548] Exporter tests: Fix possible uninitialized variable use Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.function | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 1961e2e7e0..aaf6eb0c5d 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5402,8 +5402,6 @@ exit: void ssl_tls_exporter_rejects_bad_parameters( int proto, int exported_key_length, int label_length, int context_length) { - MD_OR_USE_PSA_INIT(); - int ret = -1; uint8_t *key_buffer = NULL; char *label = NULL; @@ -5418,9 +5416,7 @@ void ssl_tls_exporter_rejects_bad_parameters( TEST_CALLOC(label, label_length); TEST_CALLOC(context, context_length); - memset(key_buffer, 0, exported_key_length); - memset(label, 0, label_length); - memset(context, 0, context_length); + MD_OR_USE_PSA_INIT(); ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); TEST_ASSERT(ret == 0); From 9dc7b19a6a1e750dccc1ae16f13cb616868d3d56 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Thu, 31 Oct 2024 12:43:19 +0100 Subject: [PATCH 0405/1548] Exporter tests: Free endpoints before PSA_DONE() Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index aaf6eb0c5d..84286eb7ce 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5269,12 +5269,12 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, (size_t) exported_key_length) == 0); exit: - MD_OR_USE_PSA_DONE(); mbedtls_test_ssl_endpoint_free(&server_ep, NULL); mbedtls_test_ssl_endpoint_free(&client_ep, NULL); mbedtls_test_free_handshake_options(&options); mbedtls_free(key_buffer_server); mbedtls_free(key_buffer_client); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -5428,13 +5428,13 @@ void ssl_tls_exporter_rejects_bad_parameters( TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); exit: - MD_OR_USE_PSA_DONE(); mbedtls_test_ssl_endpoint_free(&server_ep, NULL); mbedtls_test_ssl_endpoint_free(&client_ep, NULL); mbedtls_test_free_handshake_options(&options); mbedtls_free(key_buffer); mbedtls_free(label); mbedtls_free(context); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -5483,9 +5483,9 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); exit: - MD_OR_USE_PSA_DONE(); mbedtls_test_ssl_endpoint_free(&server_ep, NULL); mbedtls_test_ssl_endpoint_free(&client_ep, NULL); mbedtls_test_free_handshake_options(&options); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ From a9a9e99a6b3ddfdce2e1084a103230f7768ca8b6 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Thu, 31 Oct 2024 15:31:55 +0100 Subject: [PATCH 0406/1548] Exporter tests: Reduce key size in long key tests Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 692cb9ba74..017ab8529a 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3345,7 +3345,7 @@ ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:24:1 TLS 1.2 Keying Material Exporter: Consistent results, large keys depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:UINT16_MAX:0 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:255 * 32:0 TLS 1.2 Keying Material Exporter: Uses label depends_on:MBEDTLS_SSL_PROTO_TLS1_2 From c6fd1a24d27055c250dff9258ac9f595dfc5969b Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 1 Nov 2024 16:05:34 +0100 Subject: [PATCH 0407/1548] Use one maximum key_len for all exported keys Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 14 ++++++++++---- library/ssl_tls.c | 19 ++++++++++--------- tests/suites/test_suite_ssl.data | 6 +++--- 3 files changed, 23 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e3772891b0..7304a3bfc0 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5396,15 +5396,22 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen); +#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) +/* Maximum value for key_len in mbedtls_ssl_export_keying material. Depending on the TLS + * version and the negotiated ciphersuite, larger keys could in principle be exported, + * but for simplicity, we define one limit that works in all cases. TLS 1.3 with SHA256 + * has the strictest limit: 255 blocks of SHA256 output, or 8160 bytes. */ +#define MBEDTLS_SSL_EXPORT_MAX_KEY_LEN 8160 + /** * \brief TLS-Exporter to derive shared symmetric keys between server and client. * * \param ssl SSL context from which to export keys. Must have finished the handshake. * \param out Output buffer of length at least key_len bytes. - * \param key_len Length of the key to generate in bytes. In TLS 1.3, this can be at most - * 8160 if SHA256 is used as hash function or 12240 if SHA384 is used. + * \param key_len Length of the key to generate in bytes, must be at most + * MBEDTLS_SSL_EXPORT_MAX_KEY_LEN (8160). * \param label Label for which to generate the key of length label_len. - * \param label_len Length of label in bytes. Must be < 251 in TLS 1.3. + * \param label_len Length of label in bytes. Must be at most 250 in TLS 1.3. * \param context Context of the key. Can be NULL if context_len or use_context is 0. * \param context_len Length of context. Must be < 2^16 in TLS 1.2. * \param use_context Indicates if a context should be used in deriving the key. @@ -5416,7 +5423,6 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * * \return 0 on success. An SSL specific error on failure. */ -#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, const char *label, const size_t label_len, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 79bd623ebd..46197c95ca 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9000,16 +9000,13 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, const size_t hash_len = PSA_HASH_LENGTH(hash_alg); const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; - /* Validate the length of the label and the desired key length. The key - * length can be at most 255 * hash_len by definition of HKDF-Expand in - * RFC 5869. + /* The length of the label must be at most 250 bytes to fit into the HkdfLabel + * struct as defined in RFC 8446, Section 7.1. * - * The length of the label must be at most 250 bytes long to fit into the - * HkdfLabel struct as defined in RFC 8446, Section 7.1. This struct also - * requires that key_len fits into a uint16, but until we have to deal with - * a hash function with more than 2048 bits of output, the 255 * hash_len - * limit will guarantee that. */ - if (key_len > 255 * hash_len || label_len > 250) { + * The length of the context is unlimited even though the context field in the + * struct can only hold up to 256 bytes. This is because we place a *hash* of + * the context in the field. */ + if (label_len > 250) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } @@ -9029,6 +9026,10 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } + if (key_len > MBEDTLS_SSL_EXPORT_MAX_KEY_LEN) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + int ciphersuite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl(ssl); const mbedtls_ssl_ciphersuite_t *ciphersuite = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); const mbedtls_md_type_t hash_alg = ciphersuite->mac; diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 017ab8529a..6d6812c4e6 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3345,7 +3345,7 @@ ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:24:1 TLS 1.2 Keying Material Exporter: Consistent results, large keys depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:255 * 32:0 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_EXPORT_MAX_KEY_LEN:0 TLS 1.2 Keying Material Exporter: Uses label depends_on:MBEDTLS_SSL_PROTO_TLS1_2 @@ -3373,7 +3373,7 @@ ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:1 TLS 1.3 Keying Material Exporter: Consistent results, large keys depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:255 * 32:0 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_EXPORT_MAX_KEY_LEN:0 TLS 1.3 Keying Material Exporter: Uses label depends_on:MBEDTLS_SSL_PROTO_TLS1_3 @@ -3389,7 +3389,7 @@ ssl_tls13_exporter_uses_length TLS 1.3 Keying Material Exporter: Exported key too long depends_on:MBEDTLS_SSL_PROTO_TLS1_3 -ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:255 * 48 + 1:20:20 +ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_EXPORT_MAX_KEY_LEN + 1:20:20 TLS 1.3 Keying Material Exporter: Label too long depends_on:MBEDTLS_SSL_PROTO_TLS1_3 From 8e0b8c9d9f851053697e53eeff35fdf37efc7b0a Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 1 Nov 2024 14:14:19 +0100 Subject: [PATCH 0408/1548] Exporter tests: Add missing depends-ons Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.data | 32 ++++++++++++++-------------- tests/suites/test_suite_ssl.function | 12 +++++------ 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 6d6812c4e6..50ad780e2b 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3336,65 +3336,65 @@ TLS 1.3 srv, max early data size, HRR, 98, wsz=49 tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 TLS 1.2 Keying Material Exporter: Consistent results, no context -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:24:0 TLS 1.2 Keying Material Exporter: Consistent results, with context -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:24:1 TLS 1.2 Keying Material Exporter: Consistent results, large keys -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_EXPORT_MAX_KEY_LEN:0 TLS 1.2 Keying Material Exporter: Uses label -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY ssl_tls_exporter_uses_label:MBEDTLS_SSL_VERSION_TLS1_2 TLS 1.2 Keying Material Exporter: Uses context -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY ssl_tls_exporter_uses_context:MBEDTLS_SSL_VERSION_TLS1_2 TLS 1.2 Keying Material Exporter: Context too long -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_2:24:251:UINT16_MAX + 1 TLS 1.2 Keying Material Exporter: Handshake not done -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_2:1:MBEDTLS_SSL_SERVER_CERTIFICATE TLS 1.3 Keying Material Exporter: Consistent results, no context -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:0 TLS 1.3 Keying Material Exporter: Consistent results, with context -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:1 TLS 1.3 Keying Material Exporter: Consistent results, large keys -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_EXPORT_MAX_KEY_LEN:0 TLS 1.3 Keying Material Exporter: Uses label -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 ssl_tls_exporter_uses_label:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3 Keying Material Exporter: Uses context -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 ssl_tls_exporter_uses_context:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3 Keying Material Exporter: Uses length -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 ssl_tls13_exporter_uses_length TLS 1.3 Keying Material Exporter: Exported key too long -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_EXPORT_MAX_KEY_LEN + 1:20:20 TLS 1.3 Keying Material Exporter: Label too long -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:24:251:10 TLS 1.3 Keying Material Exporter: Handshake not done -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_3:1:MBEDTLS_SSL_SERVER_CERTIFICATE diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 84286eb7ce..74d824ac82 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5231,7 +5231,7 @@ exit: PSA_DONE(); /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int use_context) { /* Test that the client and server generate the same key. */ @@ -5278,7 +5278,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void ssl_tls_exporter_uses_label(int proto) { /* Test that the client and server export different keys when using different labels. */ @@ -5317,7 +5317,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void ssl_tls_exporter_uses_context(int proto) { /* Test that the client and server export different keys when using different contexts. */ @@ -5356,7 +5356,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void ssl_tls13_exporter_uses_length(void) { /* In TLS 1.3, when two keys are exported with the same parameters except one is shorter, @@ -5398,7 +5398,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void ssl_tls_exporter_rejects_bad_parameters( int proto, int exported_key_length, int label_length, int context_length) { @@ -5438,7 +5438,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void ssl_tls_exporter_too_early(int proto, int check_server, int state) { enum { BUFFSIZE = 1024 }; From d6e0095478a14b3978ea033ce5670e72154e678a Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Tue, 5 Nov 2024 19:45:41 +0100 Subject: [PATCH 0409/1548] Exporter tests: Don't use unavailbable constant Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 50ad780e2b..0a1d0e0ca5 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3345,7 +3345,7 @@ ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:24:1 TLS 1.2 Keying Material Exporter: Consistent results, large keys depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_EXPORT_MAX_KEY_LEN:0 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_2:255 * 32:0 TLS 1.2 Keying Material Exporter: Uses label depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY @@ -3373,7 +3373,7 @@ ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:1 TLS 1.3 Keying Material Exporter: Consistent results, large keys depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 -ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_EXPORT_MAX_KEY_LEN:0 +ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:255 * 32:0 TLS 1.3 Keying Material Exporter: Uses label depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 @@ -3389,7 +3389,7 @@ ssl_tls13_exporter_uses_length TLS 1.3 Keying Material Exporter: Exported key too long depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 -ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_EXPORT_MAX_KEY_LEN + 1:20:20 +ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:255 * 32 + 1:20:20 TLS 1.3 Keying Material Exporter: Label too long depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 From ee467aae6957d4b89f04f6bd26392c339dd755a8 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 8 Nov 2024 22:17:33 +0100 Subject: [PATCH 0410/1548] mbedtls_test_ssl_do_handshake_with_endpoints: Zeroize endpoints Signed-off-by: Max Fillinger --- tests/src/test_helpers/ssl_helpers.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 672e94c2cb..020631ad5a 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2039,6 +2039,9 @@ int mbedtls_test_ssl_do_handshake_with_endpoints( int ret = -1; + mbedtls_platform_zeroize(server_ep, sizeof(mbedtls_test_ssl_endpoint)); + mbedtls_platform_zeroize(client_ep, sizeof(mbedtls_test_ssl_endpoint)); + mbedtls_test_init_handshake_options(options); options->server_min_version = proto; options->client_min_version = proto; From 92b7a7e233e686ad3371651a9f6153514f5f6545 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 11 Nov 2024 17:50:34 +0100 Subject: [PATCH 0411/1548] ssl-opt.sh: Add tests for keying material export Signed-off-by: Max Fillinger --- tests/ssl-opt.sh | 65 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0634c26a67..ad4d8c3e40 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1191,6 +1191,26 @@ check_server_hello_time() { fi } +# Extract the exported key from the output. +get_exported_key() { + OUTPUT="$1" + EXPORTED_KEY1=$(sed -n '/Exporting key of length 20 with label ".*": /s/.*: //p' $OUTPUT) +} + +# Check that the exported key from the output matches the one obtained in get_exported_key(). +check_exported_key() { + OUTPUT="$1" + EXPORTED_KEY2=$(sed -n '/Exporting key of length 20 with label ".*": /s/.*: //p' $OUTPUT) + test "$EXPORTED_KEY1" = "$EXPORTED_KEY2" +} + +# Check that the exported key from the output matches the one obtained in get_exported_key(). +check_exported_key_openssl() { + OUTPUT="$1" + EXPORTED_KEY2=0x$(sed -n '/Keying material: /s/.*: //p' $OUTPUT) + test "$EXPORTED_KEY1" = "$EXPORTED_KEY2" +} + # Get handshake memory usage from server or client output and put it into the variable specified by the first argument handshake_memory_get() { OUTPUT_VARIABLE="$1" @@ -1933,6 +1953,34 @@ run_tests_memory_after_handshake() run_test_memory_after_handshake_with_mfl 512 "$MEMORY_USAGE_MFL_16K" } +run_test_export_keying_material() { + unset EXPORTED_KEY1 + unset EXPORTED_KEY2 + TLS_VERSION="$1" + run_test "TLS $TLS_VERSION: Export keying material" \ + "$P_SRV debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ + "$P_CLI debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ + 0 \ + -s "Exporting key of length 20 with label \".*\": 0x" \ + -c "Exporting key of length 20 with label \".*\": 0x" \ + -f get_exported_key \ + -F check_exported_key +} + +run_test_export_keying_material_openssl_compat() { + unset EXPORTED_KEY1 + unset EXPORTED_KEY2 + TLS_VERSION="$1" + run_test "TLS $TLS_VERSION: Export keying material (OpenSSL compatibility)" \ + "$P_SRV debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ + "$O_CLI -keymatexport=test-label" \ + 0 \ + -s "Exporting key of length 20 with label \".*\": 0x" \ + -c "Keying material exporter:" \ + -F get_exported_key \ + -f check_exported_key_openssl +} + cleanup() { rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION rm -f context_srv.txt @@ -2954,6 +3002,23 @@ run_test "Saving the serialized context to a file" \ 0 \ -s "Save serialized context to a file... ok" \ -c "Save serialized context to a file... ok" + +requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT +requires_protocol_version tls12 +run_test_export_keying_material tls12 + +requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT +requires_protocol_version tls12 +run_test_export_keying_material_openssl_compat tls12 + +requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT +requires_protocol_version tls13 +run_test_export_keying_material tls13 + +requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT +requires_protocol_version tls13 +run_test_export_keying_material_openssl_compat tls13 + rm -f context_srv.txt rm -f context_cli.txt From 144cccecb7abe37d2c96af77ad8e543ec0b8befc Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 13 Nov 2024 15:19:03 +0100 Subject: [PATCH 0412/1548] Fix memory leak in example programs Signed-off-by: Max Fillinger --- programs/ssl/ssl_client2.c | 2 ++ programs/ssl/ssl_server2.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 061096bdf0..9b69b170bc 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2518,6 +2518,7 @@ int main(int argc, char *argv[]) opt.exp_label, strlen(opt.exp_label), NULL, 0, 0); if (ret != 0) { + mbedtls_free(exported_key); goto exit; } mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", @@ -2528,6 +2529,7 @@ int main(int argc, char *argv[]) } mbedtls_printf("\n\n"); fflush(stdout); + mbedtls_free(exported_key); } #endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 5186006886..a0a3a68009 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3638,6 +3638,7 @@ int main(int argc, char *argv[]) opt.exp_label, strlen(opt.exp_label), NULL, 0, 0); if (ret != 0) { + mbedtls_free(exported_key); goto exit; } mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", @@ -3648,6 +3649,7 @@ int main(int argc, char *argv[]) } mbedtls_printf("\n\n"); fflush(stdout); + mbedtls_free(exported_key); } #endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ From f8059db4ee5b99dec2d4c93961d9e1d7163e4bca Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 13 Nov 2024 15:27:23 +0100 Subject: [PATCH 0413/1548] Print names of new tests properly Signed-off-by: Max Fillinger --- tests/ssl-opt.sh | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ad4d8c3e40..698c53a5b2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1957,7 +1957,13 @@ run_test_export_keying_material() { unset EXPORTED_KEY1 unset EXPORTED_KEY2 TLS_VERSION="$1" - run_test "TLS $TLS_VERSION: Export keying material" \ + + case $TLS_VERSION in + tls12) TLS_VERSION_PRINT="TLS 1.2";; + tls13) TLS_VERSION_PRINT="TLS 1.3";; + esac + + run_test "$TLS_VERSION_PRINT: Export keying material" \ "$P_SRV debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ "$P_CLI debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ 0 \ @@ -1971,7 +1977,13 @@ run_test_export_keying_material_openssl_compat() { unset EXPORTED_KEY1 unset EXPORTED_KEY2 TLS_VERSION="$1" - run_test "TLS $TLS_VERSION: Export keying material (OpenSSL compatibility)" \ + + case TLS_VERSION in + tls12) TLS_VERSION_PRINT="TLS 1.2";; + tls13) TLS_VERSION_PRINT="TLS 1.3";; + esac + + run_test "$TLS_VERSION_PRINT: Export keying material (OpenSSL compatibility)" \ "$P_SRV debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ "$O_CLI -keymatexport=test-label" \ 0 \ From 6d53a3a647af3c6e6cba6c534c156d8d6d9da4be Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Thu, 14 Nov 2024 15:28:05 +0100 Subject: [PATCH 0414/1548] Fix openssl s_client invocation Signed-off-by: Max Fillinger --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 698c53a5b2..0d13964198 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1985,7 +1985,7 @@ run_test_export_keying_material_openssl_compat() { run_test "$TLS_VERSION_PRINT: Export keying material (OpenSSL compatibility)" \ "$P_SRV debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ - "$O_CLI -keymatexport=test-label" \ + "$O_CLI -keymatexport test-label" \ 0 \ -s "Exporting key of length 20 with label \".*\": 0x" \ -c "Keying material exporter:" \ From 7b97712164f810095b1b7f59ab8e94d753b0409e Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Thu, 14 Nov 2024 15:32:01 +0100 Subject: [PATCH 0415/1548] Remove exporter compatibility test for TLS 1.3 The openssl version in the docker image doesn't support TLS 1.3, so we can't run the test. Signed-off-by: Max Fillinger --- tests/ssl-opt.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0d13964198..d7f795a7b6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3027,10 +3027,6 @@ requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT requires_protocol_version tls13 run_test_export_keying_material tls13 -requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT -requires_protocol_version tls13 -run_test_export_keying_material_openssl_compat tls13 - rm -f context_srv.txt rm -f context_cli.txt From 4e21703bcf35596305207b43996a762511691306 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Thu, 14 Nov 2024 17:50:42 +0100 Subject: [PATCH 0416/1548] Add fixed compatibility test for TLS 1.3 Exporter When testing TLS 1.3, use O_NEXT_CLI. Signed-off-by: Max Fillinger --- tests/ssl-opt.sh | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d7f795a7b6..85d2bb398b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1978,14 +1978,14 @@ run_test_export_keying_material_openssl_compat() { unset EXPORTED_KEY2 TLS_VERSION="$1" - case TLS_VERSION in - tls12) TLS_VERSION_PRINT="TLS 1.2";; - tls13) TLS_VERSION_PRINT="TLS 1.3";; + case $TLS_VERSION in + tls12) TLS_VERSION_PRINT="TLS 1.2"; OPENSSL_CLIENT="$O_CLI";; + tls13) TLS_VERSION_PRINT="TLS 1.3"; OPENSSL_CLIENT="$O_NEXT_CLI";; esac run_test "$TLS_VERSION_PRINT: Export keying material (OpenSSL compatibility)" \ "$P_SRV debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \ - "$O_CLI -keymatexport test-label" \ + "$OPENSSL_CLIENT -keymatexport test-label" \ 0 \ -s "Exporting key of length 20 with label \".*\": 0x" \ -c "Keying material exporter:" \ @@ -3027,6 +3027,11 @@ requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT requires_protocol_version tls13 run_test_export_keying_material tls13 +requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT +requires_protocol_version tls13 +requires_openssl_next +run_test_export_keying_material_openssl_compat tls13 + rm -f context_srv.txt rm -f context_cli.txt From 22728dc5e335af5370594f11ecfdae438ca79827 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Thu, 14 Nov 2024 20:41:03 +0100 Subject: [PATCH 0417/1548] Use mbedtls_calloc, not regular calloc Also fix the allocation size. Signed-off-by: Max Fillinger --- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 9b69b170bc..8fea581b16 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2508,7 +2508,7 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) if (opt.exp_label != NULL && opt.exp_len > 0) { - unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); + unsigned char *exported_key = mbedtls_calloc((size_t) opt.exp_len, sizeof(unsigned char)); if (exported_key == NULL) { mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len); ret = 3; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a0a3a68009..3c9fb7e2e0 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3628,7 +3628,7 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) if (opt.exp_label != NULL && opt.exp_len > 0) { - unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); + unsigned char *exported_key = mbedtls_calloc((size_t) opt.exp_len, sizeof(unsigned char)); if (exported_key == NULL) { mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len); ret = 3; From d23579c746b636160f2ca0cd251da4705b22236f Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Thu, 14 Nov 2024 21:11:26 +0100 Subject: [PATCH 0418/1548] Fix requirements for TLS 1.3 Exporter compat test Signed-off-by: Max Fillinger --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 85d2bb398b..90b31433d6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3028,8 +3028,8 @@ requires_protocol_version tls13 run_test_export_keying_material tls13 requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT -requires_protocol_version tls13 -requires_openssl_next +requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_openssl_tls1_3_with_compatible_ephemeral run_test_export_keying_material_openssl_compat tls13 rm -f context_srv.txt From 53d91685024d0e999cac045cdf30c63a9431b0b7 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 18 Nov 2024 18:22:51 +0100 Subject: [PATCH 0419/1548] Document BAD_INPUT_DATA error in key material exporter Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 4 +++- library/ssl_tls.c | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7304a3bfc0..a0e6074713 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5421,7 +5421,9 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * this distinction. If use_context is 0 and TLS 1.3 is used, context and * context_len are ignored and a 0-length context is used. * - * \return 0 on success. An SSL specific error on failure. + * \return 0 on success. + * \return MBEDTLS_ERR_SSL_BAD_INPUT_DATA if the handshake is not yet completed. + * \return An SSL-specific error on failure. */ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 46197c95ca..7ea8e3217e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9023,6 +9023,7 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, const int use_context) { if (!mbedtls_ssl_is_handshake_over(ssl)) { + /* TODO: Change this to a more appropriate error code when one is available. */ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } From 9c5bae5026bd884ca4b5c794a443714d06927db1 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Thu, 21 Nov 2024 12:33:46 +0100 Subject: [PATCH 0420/1548] Fix max. label length in key material exporter Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 2 +- library/ssl_tls.c | 6 +++--- tests/suites/test_suite_ssl.data | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index a0e6074713..88a31f2c36 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5411,7 +5411,7 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * \param key_len Length of the key to generate in bytes, must be at most * MBEDTLS_SSL_EXPORT_MAX_KEY_LEN (8160). * \param label Label for which to generate the key of length label_len. - * \param label_len Length of label in bytes. Must be at most 250 in TLS 1.3. + * \param label_len Length of label in bytes. Must be at most 249 in TLS 1.3. * \param context Context of the key. Can be NULL if context_len or use_context is 0. * \param context_len Length of context. Must be < 2^16 in TLS 1.2. * \param use_context Indicates if a context should be used in deriving the key. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7ea8e3217e..9812a2a7fc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9000,13 +9000,13 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, const size_t hash_len = PSA_HASH_LENGTH(hash_alg); const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; - /* The length of the label must be at most 250 bytes to fit into the HkdfLabel + /* The length of the label must be at most 249 bytes to fit into the HkdfLabel * struct as defined in RFC 8446, Section 7.1. * * The length of the context is unlimited even though the context field in the - * struct can only hold up to 256 bytes. This is because we place a *hash* of + * struct can only hold up to 255 bytes. This is because we place a *hash* of * the context in the field. */ - if (label_len > 250) { + if (label_len > 249) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 0a1d0e0ca5..52b8db0988 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3393,7 +3393,7 @@ ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:255 * 32 + 1: TLS 1.3 Keying Material Exporter: Label too long depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 -ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:24:251:10 +ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:24:250:10 TLS 1.3 Keying Material Exporter: Handshake not done depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 From 9f843332e819e8e216b121b1926568abae063034 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 25 Nov 2024 20:21:29 +0100 Subject: [PATCH 0421/1548] Exporter: Add min. and max. label tests Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.data | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 52b8db0988..1931b00fca 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -2796,6 +2796,16 @@ SSL TLS 1.3 Exporter depends_on:PSA_WANT_ALG_SHA_256 ssl_tls13_exporter:PSA_ALG_SHA_256:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4":"test":"context value":32:"83d0fac39f87c1b4fbcd261369f31149c535391a9199bd4c5daf89fe259c2e94" +SSL TLS 1.3 Exporter, 0-byte label and context +# Expected output taken from OpenSSL. +depends_on:PSA_WANT_ALG_SHA_384 +ssl_tls13_exporter:PSA_ALG_SHA_384:"9f355772f34017927ecc81d16e653c7408f945e7f62dc632d3f59e6310ef49401e62a2e3be886e3f930d4bf6300ce30a":"":"":20:"18268580D7C6769194794A84B7A3EE35317DB88A" + +SSL TLS 1.3 Exporter, 249-byte label and 0-byte context +# Expected output taken from OpenSSL. +depends_on:PSA_WANT_ALG_SHA_384 +ssl_tls13_exporter:PSA_ALG_SHA_384:"c453aeae318ebae00617c430a0066cf586593a4b0150219107420798933cf9e6e4434337cccc2cae5429dc4f77401e39":"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef012345678":"":20:"259531766AAA10FBAB6BF2D11D23264B321743D9" + SSL TLS 1.3 Key schedule: Early secrets derivation helper # Vector from RFC 8448 depends_on:PSA_WANT_ALG_SHA_256 From 5826883ca5dd39aad5305be5926cbfd960585e58 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 25 Nov 2024 20:38:04 +0100 Subject: [PATCH 0422/1548] Allow maximum label length in Hkdf-Expand-Label Previously, the length of the label was limited to the maximal length that would be used in the TLS 1.3 key schedule. With the keying material exporter, labels of up to 249 bytes may be used. Signed-off-by: Max Fillinger --- library/ssl_tls13_keys.c | 6 +++--- library/ssl_tls13_keys.h | 5 +++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 895176d0c6..ff4aa0e87a 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -64,7 +64,7 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = * hardcoding the writing of the high bytes. * - (label, label_len): label + label length, without "tls13 " prefix * The label length MUST be less than or equal to - * MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN + * MBEDTLS_SSL_TLS1_3_HKDF_LABEL_MAX_LABEL_LEN. * It is the caller's responsibility to ensure this. * All (label, label length) pairs used in TLS 1.3 * can be obtained via MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(). @@ -91,7 +91,7 @@ static const char tls13_label_prefix[6] = "tls13 "; #define SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN \ SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( \ sizeof(tls13_label_prefix) + \ - MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN, \ + MBEDTLS_SSL_TLS1_3_HKDF_LABEL_MAX_LABEL_LEN, \ MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN) static void ssl_tls13_hkdf_encode_label( @@ -147,7 +147,7 @@ int mbedtls_ssl_tls13_hkdf_expand_label( psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - if (label_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN) { + if (label_len > MBEDTLS_SSL_TLS1_3_HKDF_LABEL_MAX_LABEL_LEN) { /* Should never happen since this is an internal * function, and we know statically which labels * are allowed. */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 31ffe4481e..14f6e4876c 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -60,8 +60,9 @@ extern const struct mbedtls_ssl_tls13_labels_struct mbedtls_ssl_tls13_labels; mbedtls_ssl_tls13_labels.LABEL, \ MBEDTLS_SSL_TLS1_3_LBL_LEN(LABEL) -#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN \ - sizeof(union mbedtls_ssl_tls13_labels_union) +/* Maximum length of the label field in the HkdfLabel struct defined in + * RFC 8446, Section 7.1, excluding the "tls13 " prefix. */ +#define MBEDTLS_SSL_TLS1_3_HKDF_LABEL_MAX_LABEL_LEN 249 /* The maximum length of HKDF contexts used in the TLS 1.3 standard. * Since contexts are always hashes of message transcripts, this can From ee33b31f0bd5208b75cd3bc6551306c9a28c23fa Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 2 Dec 2024 19:26:13 +0100 Subject: [PATCH 0423/1548] Fix HkdfLabel comment Signed-off-by: Max Fillinger --- library/ssl_tls13_keys.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index ff4aa0e87a..00297af3b0 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -56,12 +56,8 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = * }; * * Parameters: - * - desired_length: Length of expanded key material - * Even though the standard allows expansion to up to - * 2**16 Bytes, TLS 1.3 never uses expansion to more than - * 255 Bytes, so we require `desired_length` to be at most - * 255. This allows us to save a few Bytes of code by - * hardcoding the writing of the high bytes. + * - desired_length: Length of expanded key material. + * As the type implies, this must be less than 2**16 bytes. * - (label, label_len): label + label length, without "tls13 " prefix * The label length MUST be less than or equal to * MBEDTLS_SSL_TLS1_3_HKDF_LABEL_MAX_LABEL_LEN. From af2035fcad40ee1ff868679b9f90310b518bb3b0 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 2 Dec 2024 19:34:40 +0100 Subject: [PATCH 0424/1548] Fix mistake in previous comment change Signed-off-by: Max Fillinger --- library/ssl_tls13_keys.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 00297af3b0..0d6c391394 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -57,7 +57,12 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = * * Parameters: * - desired_length: Length of expanded key material. - * As the type implies, this must be less than 2**16 bytes. + * The length field can hold numbers up to 2**16, but HKDF + * can only generate outputs of up to 255 * HASH_LEN bytes. + * It is the caller's responsibility to ensure that this + * limit is not exceeded. In TLS 1.3, SHA256 is the hash + * function with the smallest block size, so a length + * <= 255 * 32 = 8160 is always safe. * - (label, label_len): label + label length, without "tls13 " prefix * The label length MUST be less than or equal to * MBEDTLS_SSL_TLS1_3_HKDF_LABEL_MAX_LABEL_LEN. From 7577c9e3737401d29e96c41af76f68f31bc1eab7 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 17 Jan 2025 14:10:08 +0100 Subject: [PATCH 0425/1548] Fix doxygen for MBEDTLS_SSL_KEYING_MATERIAL_EXPORT Error was introduced while resolving a merge conflict. Signed-off-by: Max Fillinger --- include/mbedtls/mbedtls_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 40e16e108a..d5a488341d 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -737,7 +737,7 @@ */ //#define MBEDTLS_SSL_RECORD_SIZE_LIMIT -/* +/** * \def MBEDTLS_SSL_KEYING_MATERIAL_EXPORT * * When this option is enabled, the client and server can extract additional From 29f8f9a49d5fcdefbde261f56614c57b30a2192d Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Tue, 21 Jan 2025 21:40:04 +0100 Subject: [PATCH 0426/1548] Fix dependencies for TLS-Exporter tests Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.data | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 1931b00fca..378c5339fe 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3374,37 +3374,37 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_2:1:MBEDTLS_SSL_SERVER_CERTIFICATE TLS 1.3 Keying Material Exporter: Consistent results, no context -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:0 TLS 1.3 Keying Material Exporter: Consistent results, with context -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:24:1 TLS 1.3 Keying Material Exporter: Consistent results, large keys -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls_exporter_consistent_result:MBEDTLS_SSL_VERSION_TLS1_3:255 * 32:0 TLS 1.3 Keying Material Exporter: Uses label -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls_exporter_uses_label:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3 Keying Material Exporter: Uses context -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls_exporter_uses_context:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3 Keying Material Exporter: Uses length -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls13_exporter_uses_length TLS 1.3 Keying Material Exporter: Exported key too long -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:255 * 32 + 1:20:20 TLS 1.3 Keying Material Exporter: Label too long -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:24:250:10 TLS 1.3 Keying Material Exporter: Handshake not done -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_PKCS1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_3:1:MBEDTLS_SSL_SERVER_CERTIFICATE From 1a1ec2fccee002bb886a960fc0909f29fca3a7dd Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Fri, 28 Mar 2025 17:54:08 +0100 Subject: [PATCH 0427/1548] Fix up merge conflict resolution Signed-off-by: Max Fillinger --- tests/suites/test_suite_ssl.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 74d824ac82..8ec582ab9e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5229,6 +5229,7 @@ exit: mbedtls_debug_set_threshold(0); mbedtls_free(first_frag); PSA_DONE(); +} /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ From 8e2d40dbecd537305ff6de94fbdfe6ecbb392cc1 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 29 Mar 2025 10:01:40 +0100 Subject: [PATCH 0428/1548] Remove all.sh wrapper Now that in TF-PSA-Crypto CI, the TF-PSA-Crypto all.sh components are run in pure TF-PSA-Crypto context, there is no need to run them as part of mbedtls CI anymore. The all.sh wrapper wrapping ./tests/scripts/mbedtls-all.sh and ./tf-psa-crypto/tests/scripts/all.sh can be removed. Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 112 ------------------------------------------- 1 file changed, 112 deletions(-) delete mode 100755 tests/scripts/all.sh diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh deleted file mode 100755 index b1261bfc15..0000000000 --- a/tests/scripts/all.sh +++ /dev/null @@ -1,112 +0,0 @@ -#! /usr/bin/env bash - -# all.sh (transitional wrapper) -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This is a transitional wrapper that's only meant for the CI. -# Developers should directly invoke on or two of: -# - tests/scripts/mbedtls-all.sh ... -# - (cd tf-psa-crypto && tests/scripts/all.sh ...) -# -# During the transition, it's illegal for a tf-psa-crypto component to have -# the same name as an mbedtls components; since this wrapper handles both -# sides at once, component names need to be globally unique. Once the -# transition period is over, unicity on each side will be enough. -# -# For context, here are the steps of the transition: -# 1. We have an all.sh in tf-psa-crypto but for now we don't invoke it directly -# on the CI, only through this transitional wrapper in mbedtls. (tf-psa-crypto -# doesn't have its own CI initially and runs Mbed TLS's instead.) -# 2. We move all relevant components to tf-psa-crypto so that it gets the level of -# coverage we want. We need to make sure the new names are unique. -# 3. We change the CI job on tf-psa-crypto to stop checking out mbedtls and running -# its all.sh - instead we do the normal thing of checking out tf-psa-crypto and -# running its all.sh. (In two steps: (a) add the new job, (b) remove the old -# one.) -# 4. We remove the transitional wrapper in mbedtls and we're now free to rename -# tf-psa-crypto components as we want. If we followed a consistent naming -# pattern, this can be as simple as s/_tf_psa_crypto// in components-*.sh. - -# This script must be invoked from the project's root. - -# There are exactly 4 ways this is invoked in the CI: -# 1. tests/scripts/all.sh --help -# 2. tests/scripts/all.sh --list-all-components -# 3. tests/scripts/all.sh --list-components -# 4. tests/scripts/all.sh --seed 4 --keep-going single_component_name -# This wrapper does not support other invocations. - -set -eu - -# Cases 1-3 -if [ "$#" -eq 1 ]; then - if [ "$1" = '--help' ]; then - # It doesn't matter which one we use, they're the same - tests/scripts/mbedtls-all.sh "$1" - exit 0 - fi - if [ "$1" = '--list-all-components' -o "$1" = '--list-components' ]; then - # Invoke both - tests/scripts/mbedtls-all.sh "$1" - (cd tf-psa-crypto && tests/scripts/all.sh "$1") - exit 0 - fi -fi - -if [ "$#" -ne 4 -o "${1:-unset}" != '--seed' -o "${3:-unset}" != '--keep-going' ]; then - echo "This invocation is not supported by the transitional wrapper." >&2 - echo "See the comments at the top of $0." >&2 - exit 1 -fi - -# Case 4: invoke the right all.sh for this component -comp_name=$4 - -# Get the list of components available on each side. -COMP_MBEDTLS=$(tests/scripts/mbedtls-all.sh --list-all-components | tr '\n' ' ') -COMP_CRYPTO=$(cd tf-psa-crypto && tests/scripts/all.sh --list-all-components | tr '\n' ' ') - -# tell if $1 is in space-separated list $2 -is_in() { - needle=$1 - haystack=$2 - case " $haystack " in - *" $needle "*) echo 1;; - *) echo 0;; - esac -} - -is_crypto=$(is_in "$comp_name" "$COMP_CRYPTO") -is_mbedtls=$(is_in "$comp_name" "$COMP_MBEDTLS") - -# Component should be on exactly one side (see comment near the top). -if [ "$is_crypto" -eq 1 -a "$is_mbedtls" -eq 1 ]; then - echo "Component '$comp_name' is both in crypto and Mbed TLS". >&2 - echo "See the comments at the top of $0." >&2 - exit 1 -fi -if [ "$is_crypto" -eq 0 -a "$is_mbedtls" -eq 0 ]; then - echo "Component '$comp_name' is neither in crypto nor in Mbed TLS". >&2 - echo "See the comments at the top of $0." >&2 - exit 1 -fi - - -# Invoke the real thing -if [ "$is_crypto" -eq 1 ]; then - # Make sure the path to the outcomes file is absolute. This is done by - # pre_prepare_outcome_file() however by the time it runs we've already - # changed the working directory, so do it now. - if [ -n "${MBEDTLS_TEST_OUTCOME_FILE+set}" ]; then - case "$MBEDTLS_TEST_OUTCOME_FILE" in - [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";; - esac - export MBEDTLS_TEST_OUTCOME_FILE - fi - cd tf-psa-crypto - exec tests/scripts/all.sh "$@" -else - exec tests/scripts/mbedtls-all.sh "$@" -fi From 5d9b9d244f0a4714b7c13070c4acb0af2585e253 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 29 Mar 2025 10:06:38 +0100 Subject: [PATCH 0429/1548] Rename mbedtls-all.sh to just all.sh Signed-off-by: Ronald Cron --- tests/scripts/{mbedtls-all.sh => all.sh} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tests/scripts/{mbedtls-all.sh => all.sh} (100%) diff --git a/tests/scripts/mbedtls-all.sh b/tests/scripts/all.sh similarity index 100% rename from tests/scripts/mbedtls-all.sh rename to tests/scripts/all.sh From 444db895f78af26475287bb4b742c6e6a6e352ed Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 27 Mar 2025 11:36:08 +0100 Subject: [PATCH 0430/1548] Remove check-generated-files.sh Signed-off-by: Ronald Cron --- README.md | 2 +- tests/scripts/check-generated-files.sh | 189 ------------------------- visualc/VS2017/.gitignore | 2 +- 3 files changed, 2 insertions(+), 191 deletions(-) delete mode 100755 tests/scripts/check-generated-files.sh diff --git a/README.md b/README.md index 448f37294f..fc1536e23c 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ Any of the following methods are available to generate the configuration-indepen * If not cross-compiling, running `make` with any target, or just `make`, will automatically generate required files. * On non-Windows systems, when not cross-compiling, CMake will generate the required files automatically. * Run `make generated_files` to generate all the configuration-independent files. -* On Unix/POSIX systems, run `tests/scripts/check-generated-files.sh -u` to generate all the configuration-independent files. +* On Unix/POSIX systems, run `framework/scripts/make_generated_files.py` to generate all the configuration-independent files. * On Windows, run `scripts\make_generated_files.bat` to generate all the configuration-independent files. ### Make diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh deleted file mode 100755 index e3c8e08afe..0000000000 --- a/tests/scripts/check-generated-files.sh +++ /dev/null @@ -1,189 +0,0 @@ -#! /usr/bin/env sh - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# Purpose -# -# Check if generated files are up-to-date. - -set -eu - -if [ $# -ne 0 ] && [ "$1" = "--help" ]; then - cat <&2 - exit 1 -fi - -UPDATE= -LIST= -while getopts lu OPTLET; do - case $OPTLET in - l) LIST=1;; - u) UPDATE=1;; - esac -done - -# check SCRIPT FILENAME[...] -# check SCRIPT DIRECTORY -# Run SCRIPT and check that it does not modify any of the specified files. -# In the first form, there can be any number of FILENAMEs, which must be -# regular files. -# In the second form, there must be a single DIRECTORY, standing for the -# list of files in the directory. Running SCRIPT must not modify any file -# in the directory and must not add or remove files either. -# If $UPDATE is empty, abort with an error status if a file is modified. -check() -{ - SCRIPT=$1 - shift - - if [ -n "$LIST" ]; then - printf '%s\n' "$@" - return - fi - - directory= - if [ -d "$1" ]; then - directory="$1" - rm -f "$directory"/*.bak - set -- "$1"/* - fi - - for FILE in "$@"; do - if [ -e "$FILE" ]; then - cp -p "$FILE" "$FILE.bak" - else - rm -f "$FILE.bak" - fi - done - - # In the case of the config tests, generate only the files to be checked - # by the caller as they are divided into Mbed TLS and TF-PSA-Crypto - # specific ones. - if [ "${SCRIPT##*/}" = "generate_config_tests.py" ]; then - "$SCRIPT" "$@" - else - "$SCRIPT" - fi - - # Compare the script output to the old files and remove backups - for FILE in "$@"; do - if diff "$FILE" "$FILE.bak" >/dev/null 2>&1; then - # Move the original file back so that $FILE's timestamp doesn't - # change (avoids spurious rebuilds with make). - mv "$FILE.bak" "$FILE" - else - echo "'$FILE' was either modified or deleted by '$SCRIPT'" - if [ -z "$UPDATE" ]; then - exit 1 - else - rm -f "$FILE.bak" - fi - fi - done - - if [ -n "$directory" ]; then - old_list="$*" - set -- "$directory"/* - new_list="$*" - # Check if there are any new files - if [ "$old_list" != "$new_list" ]; then - echo "Files were deleted or created by '$SCRIPT'" - echo "Before: $old_list" - echo "After: $new_list" - if [ -z "$UPDATE" ]; then - exit 1 - fi - fi - fi -} - -# Note: if the format of calls to the "check" function changes, update -# framework/scripts/code_style.py accordingly. For generated C source files (*.h or *.c), -# the format must be "check SCRIPT FILENAME...". For other source files, -# any shell syntax is permitted (including e.g. command substitution). - -# Note: Instructions to generate those files are replicated in: -# - **/Makefile (to (re)build them with make) -# - **/CMakeLists.txt (to (re)build them with cmake) -# - scripts/make_generated_files.bat (to generate them under Windows) - -# These checks are common to Mbed TLS and TF-PSA-Crypto - -# The first case is temporary for the hybrid situation with a tf-psa-crypto -# directory in Mbed TLS that is not just a TF-PSA-Crypto submodule. -if [ -d tf-psa-crypto ]; then - cd tf-psa-crypto - check scripts/generate_psa_constants.py ./programs/psa/psa_constant_names_generated.c - check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bignum_tests.py --list) - check framework/scripts/generate_config_tests.py $(framework/scripts/generate_config_tests.py --list) - check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list) - check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list) - cd .. - # Generated files that are present in the repository even in the development - # branch. (This is intended to be temporary, until the generator scripts are - # fully reviewed and the build scripts support a generated header file.) - check framework/scripts/generate_psa_wrappers.py tf-psa-crypto/tests/include/test/psa_test_wrappers.h tf-psa-crypto/tests/src/psa_test_wrappers.c - check tf-psa-crypto/scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \ - ${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c - check framework/scripts/generate_config_tests.py tests/suites/test_suite_config.mbedtls_boolean.data -else - check scripts/generate_psa_constants.py ./programs/psa/psa_constant_names_generated.c - check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bignum_tests.py --list) - if in_tf_psa_crypto_repo; then - check framework/scripts/generate_config_tests.py tests/suites/test_suite_config.psa_boolean.data - else - check framework/scripts/generate_config_tests.py tests/suites/test_suite_config.mbedtls_boolean.data - fi - check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list) - check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list) - check scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \ - ${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c - # Generated files that are present in the repository even in the development - # branch. (This is intended to be temporary, until the generator scripts are - # fully reviewed and the build scripts support a generated header file.) - check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c -fi - -check framework/scripts/generate_test_keys.py tests/include/test/test_keys.h - -# Additional checks for Mbed TLS only -if in_mbedtls_repo; then - check scripts/generate_errors.pl library/error.c - check scripts/generate_query_config.pl programs/test/query_config.c - check scripts/generate_features.pl library/version_features.c - check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c - check framework/scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh - check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh - check framework/scripts/generate_test_cert_macros.py tests/include/test/test_certs.h - # generate_visualc_files enumerates source files (library/*.c). It doesn't - # care about their content, but the files must exist. So it must run after - # the step that creates or updates these files. - check scripts/generate_visualc_files.pl visualc/VS2017 -fi diff --git a/visualc/VS2017/.gitignore b/visualc/VS2017/.gitignore index a9ded4aab2..e45eaf68fb 100644 --- a/visualc/VS2017/.gitignore +++ b/visualc/VS2017/.gitignore @@ -1,4 +1,4 @@ -# Files that may be left over from check-generated-files.sh +# Files that may be left over from make_generated-files.py --check /*.bak # Visual Studio artifacts From 762c80199d62feebbac1e00400bbaab75de0bfff Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 27 Mar 2025 11:36:42 +0100 Subject: [PATCH 0431/1548] Use make_generated_files.py in make_generated_files.bat Signed-off-by: Ronald Cron --- scripts/make_generated_files.bat | 29 ++++------------------------- 1 file changed, 4 insertions(+), 25 deletions(-) diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index 418b6681a3..f10b23b705 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -6,31 +6,10 @@ @rem * Either a C compiler called "cc" must be on the PATH, or @rem the "CC" environment variable must point to a C compiler. -@rem @@@@ library\** @@@@ -python tf-psa-crypto\scripts\generate_driver_wrappers.py || exit /b 1 -perl scripts\generate_errors.pl || exit /b 1 -perl scripts\generate_query_config.pl || exit /b 1 -perl scripts\generate_features.pl || exit /b 1 -python framework\scripts\generate_ssl_debug_helpers.py || exit /b 1 - -@rem @@@@ programs\** @@@@ +@rem @@@@ tf-psa-crypto @@@@ cd tf-psa-crypto -python scripts\generate_psa_constants.py || exit /b 1 -python framework\scripts\generate_config_tests.py || exit /b 1 +python framework\scripts\make_generated_files.py || exit /b 1 cd .. -@rem @@@@ tests\** @@@@ -python framework\scripts\generate_bignum_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 -python framework\scripts\generate_config_tests.py || exit /b 1 -python framework\scripts\generate_ecp_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 -python framework\scripts\generate_psa_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1 -python framework\scripts\generate_test_keys.py --output tests\include\test\test_keys.h || exit /b 1 -python tf-psa-crypto\framework\scripts\generate_test_keys.py --output tf-psa-crypto\tests\include\test\test_keys.h || exit /b 1 -python framework\scripts\generate_test_cert_macros.py --output tests\include\test\test_certs.h || exit /b 1 -python framework\scripts\generate_tls_handshake_tests.py || exit /b 1 -python framework\scripts\generate_tls13_compat_tests.py || exit /b 1 - -@rem @@@@ Build @@@@ -@rem Call generate_visualc_files.pl last to be sure everything else has been -@rem generated before. -perl scripts\generate_visualc_files.pl || exit /b 1 +@rem @@@@ mbedtls @@@@ +python framework\scripts\make_generated_files.py || exit /b 1 From 96121ed94f97493583e005eac96b092f4a0b74ac Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 29 Mar 2025 09:49:00 +0100 Subject: [PATCH 0432/1548] Update framework pointer Signed-off-by: Ronald Cron --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 28dc4cae3f..b5b3d94f4d 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 28dc4cae3f71f5425dd42953c6f2f38d49123bee +Subproject commit b5b3d94f4d82047dc3430adabd6cc209cd206bcd From 33770e75c3cf5de5c497834011168cab0531f8d1 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 31 Mar 2025 11:35:31 +0200 Subject: [PATCH 0433/1548] Update tf-psa-crypto pointer Signed-off-by: Ronald Cron --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index d66b78e4ad..69190f0c6c 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit d66b78e4ad1f7a61502e3dcf62daed177facc03f +Subproject commit 69190f0c6ce18cbf73aada630323bffff758c82b From 09e35e7ac882496bb3a4fc0c4a5f9f70d297dd76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 4 Apr 2025 12:59:49 +0200 Subject: [PATCH 0434/1548] Update bug report template for security issues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .github/ISSUE_TEMPLATE/bug_report.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index c2031125ce..4f135f0a74 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -7,6 +7,12 @@ assignees: '' --- +NOTE: if the bug you are reporting has or may have security implications, +we ask that you report it privately to + +so that we can prepare and release a fix before publishing the details. +See [SECURITY.md](https://github.com/Mbed-TLS/mbedtls/blob/development/SECURITY.md). + ### Summary @@ -25,6 +31,10 @@ Additional environment information: ### Actual behavior +NOTE: if the actual behaviour evokes memory corruption (like a crash or an error +from a memory checker), then the bug should be assumed to have security +implications (until proven otherwise), and we ask what you report it privately, +see the note at the some of this template. ### Steps to reproduce From 0690a63472f2b49256fccf044daccabec30407d9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Feb 2025 09:27:36 +0100 Subject: [PATCH 0435/1548] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index b5b3d94f4d..a39ba59344 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit b5b3d94f4d82047dc3430adabd6cc209cd206bcd +Subproject commit a39ba59344fd4f1d0ee267ca414b9420d5dca9f5 From 48e5c958a76dd726722c0fb29a77232616c20efc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Feb 2025 09:27:49 +0100 Subject: [PATCH 0436/1548] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 69190f0c6c..4a9f29b05c 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 69190f0c6ce18cbf73aada630323bffff758c82b +Subproject commit 4a9f29b05c661bd874c75d80339fcce00adea4e0 From f02784bb2c00ec60917873a440e531217ea0ec49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 7 Apr 2025 10:49:49 +0200 Subject: [PATCH 0437/1548] Tune wording MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - add more emphasis - fix a typo Signed-off-by: Manuel Pégourié-Gonnard --- .github/ISSUE_TEMPLATE/bug_report.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 4f135f0a74..15f44aaa0b 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -7,7 +7,7 @@ assignees: '' --- -NOTE: if the bug you are reporting has or may have security implications, +**WARNING:** if the bug you are reporting has or may have security implications, we ask that you report it privately to so that we can prepare and release a fix before publishing the details. @@ -31,10 +31,10 @@ Additional environment information: ### Actual behavior -NOTE: if the actual behaviour evokes memory corruption (like a crash or an error +**WARNING:* if the actual behaviour suggests memory corruption (like a crash or an error from a memory checker), then the bug should be assumed to have security implications (until proven otherwise), and we ask what you report it privately, -see the note at the some of this template. +see the note at the top of this template. ### Steps to reproduce From 55b8bb43e7dddbfab42aed1f14328d3e3d55b716 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 8 Apr 2025 09:44:34 +0200 Subject: [PATCH 0438/1548] Check the status of mbedtls_ssl_set_hostname() Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 91efd1c813..6c5d50c47d 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -865,6 +865,7 @@ int mbedtls_test_ssl_endpoint_init( if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost"); + TEST_EQUAL(ret, 0); } #if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) From 946bf1460870116651262c4a8e7c9fdc8922795d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 8 Apr 2025 09:48:40 +0200 Subject: [PATCH 0439/1548] Fix some test helper functions returning 0 on some failures Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 6c5d50c47d..445f2eba9b 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -611,6 +611,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, { int i = 0; int ret = -1; + int ok = 0; mbedtls_test_ssl_endpoint_certificate *cert = NULL; #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; @@ -733,7 +734,13 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, cert->pkey); TEST_ASSERT(ret == 0); + ok = 1; + exit: + if (ret == 0 && !ok) { + /* Exiting due to a test assertion that isn't ret == 0 */ + ret = -1; + } if (ret != 0) { test_ssl_endpoint_certificate_free(ep); } @@ -902,7 +909,13 @@ int mbedtls_test_ssl_endpoint_init( TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n); mbedtls_ssl_set_user_data_p(&ep->ssl, ep); + return 0; + exit: + if (ret == 0) { + /* Exiting due to a test assertion that isn't ret == 0 */ + ret = -1; + } return ret; } @@ -2542,6 +2555,7 @@ int mbedtls_test_get_tls13_ticket( mbedtls_ssl_session *session) { int ret = -1; + int ok = 0; unsigned char buf[64]; mbedtls_test_ssl_endpoint client_ep, server_ep; @@ -2578,10 +2592,16 @@ int mbedtls_test_get_tls13_ticket( ret = mbedtls_ssl_get_session(&(client_ep.ssl), session); TEST_EQUAL(ret, 0); + ok = 1; + exit: mbedtls_test_ssl_endpoint_free(&client_ep, NULL); mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + if (ret == 0 && !ok) { + /* Exiting due to a test assertion that isn't ret == 0 */ + ret = -1; + } return ret; } #endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C && From e6605f9185c6c6d345123023a1f790161784f557 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 8 Apr 2025 14:26:29 +0100 Subject: [PATCH 0440/1548] Adjust build scripts to accommodate public header move Signed-off-by: Felix Conway --- programs/test/generate_cpp_dummy_build.sh | 4 +++ tests/Makefile | 31 ++++------------- tests/libtestdriver1_rewrite.pl | 41 +++++++++++++++++++++++ tf-psa-crypto | 2 +- 4 files changed, 52 insertions(+), 26 deletions(-) create mode 100644 tests/libtestdriver1_rewrite.pl diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh index d27c7ae124..05bdd34c94 100755 --- a/programs/test/generate_cpp_dummy_build.sh +++ b/programs/test/generate_cpp_dummy_build.sh @@ -52,6 +52,10 @@ EOF esac done + for header in tf-psa-crypto/include/mbedtls/*.h; do + echo "#include \"${header#tf-psa-crypto/include/}\"" + done + for header in tf-psa-crypto/include/psa/*.h; do case ${header#tf-psa-crypto/include/} in psa/crypto_config.h) :;; # not meant for direct inclusion diff --git a/tests/Makefile b/tests/Makefile index 87a6ca1777..783f766438 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -324,25 +324,6 @@ test: check perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@ # Generate test library - -# Perl code that is executed to transform each original line from a library -# source file into the corresponding line in the test driver copy of the -# library. Add a LIBTESTDRIVER1_/libtestdriver1_ to mbedtls_xxx and psa_xxx -# symbols. -define libtestdriver1_rewrite := - s!^(\s*#\s*include\s*[\"<])mbedtls/build_info.h!$${1}libtestdriver1/include/mbedtls/build_info.h!; \ - s!^(\s*#\s*include\s*[\"<])mbedtls/mbedtls_config.h!$${1}libtestdriver1/include/mbedtls/mbedtls_config.h!; \ - s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_x509.h!$${1}libtestdriver1/include/mbedtls/config_adjust_x509.h!; \ - s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_ssl.h!$${1}libtestdriver1/include/mbedtls/config_adjust_ssl.h!; \ - s!^(\s*#\s*include\s*[\"<])mbedtls/check_config.h!$${1}libtestdriver1/include/mbedtls/check_config.h!; \ - s!^(\s*#\s*include\s*[\"<])mbedtls/!$${1}libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/!; \ - s!^(\s*#\s*include\s*[\"<])psa/!$${1}libtestdriver1/tf-psa-crypto/include/psa/!; \ - s!^(\s*#\s*include\s*[\"<])tf-psa-crypto/!$${1}libtestdriver1/tf-psa-crypto/include/tf-psa-crypto/!; \ - next if /^\s*#\s*include/; \ - s/\b(?=MBEDTLS_|PSA_|TF_PSA_CRYPTO_)/LIBTESTDRIVER1_/g; \ - s/\b(?=mbedtls_|psa_|tf_psa_crypto_)/libtestdriver1_/g; -endef - libtestdriver1.a: rm -Rf ./libtestdriver1 mkdir ./libtestdriver1 @@ -384,12 +365,12 @@ libtestdriver1.a: # Prefix MBEDTLS_* PSA_* symbols with LIBTESTDRIVER1_ as well as # mbedtls_* psa_* symbols with libtestdriver1_ to avoid symbol clash # when this test driver library is linked with the Mbed TLS library. - perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/library/*.[ch] - perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/include/*/*.h - perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/core/*.[ch] - perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/include/*/*.h - perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h - perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/drivers/builtin/src/*.[ch] + perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/library/*.[ch] + perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/include/*/*.h + perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/core/*.[ch] + perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/include/*/*.h + perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h + perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/src/*.[ch] $(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a diff --git a/tests/libtestdriver1_rewrite.pl b/tests/libtestdriver1_rewrite.pl new file mode 100644 index 0000000000..c9790bbaf9 --- /dev/null +++ b/tests/libtestdriver1_rewrite.pl @@ -0,0 +1,41 @@ +#!/usr/bin/perl + +# Perl code that is executed to transform each original line from a library +# source file into the corresponding line in the test driver copy of the +# library. Add a LIBTESTDRIVER1_/libtestdriver1_ to mbedtls_xxx and psa_xxx +# symbols. + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +use warnings; +use File::Basename; + +my @public_files = map { basename($_) } glob("../tf-psa-crypto/include/mbedtls/*.h"); + +my $public_files_regex = join('|', map { quotemeta($_) } @public_files); + +while (<>) { + s!^(\s*#\s*include\s*[\"<])mbedtls/build_info.h!${1}libtestdriver1/include/mbedtls/build_info.h!; + s!^(\s*#\s*include\s*[\"<])mbedtls/mbedtls_config.h!${1}libtestdriver1/include/mbedtls/mbedtls_config.h!; + s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_x509.h!${1}libtestdriver1/include/mbedtls/config_adjust_x509.h!; + s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_ssl.h!${1}libtestdriver1/include/mbedtls/config_adjust_ssl.h!; + s!^(\s*#\s*include\s*[\"<])mbedtls/check_config.h!${1}libtestdriver1/include/mbedtls/check_config.h!; + # Files in include/mbedtls and drivers/builtin/include/mbedtls are both + # included in files via #include mbedtls/.h, so when expanding to the + # full path make sure that files in include/mbedtls are not expanded + # to driver/builtin/include/mbedtls. + if ( $public_files_regex ) { + s!^(\s*#\s*include\s*[\"<])mbedtls/($public_files_regex)!${1}libtestdriver1/tf-psa-crypto/include/mbedtls/${2}!; + } + s!^(\s*#\s*include\s*[\"<])mbedtls/!${1}libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/!; + s!^(\s*#\s*include\s*[\"<])psa/!${1}libtestdriver1/tf-psa-crypto/include/psa/!; + s!^(\s*#\s*include\s*[\"<])tf-psa-crypto/!${1}libtestdriver1/tf-psa-crypto/include/tf-psa-crypto/!; + if (/^\s*#\s*include/) { + print; + next; + } + s/\b(?=MBEDTLS_|PSA_|TF_PSA_CRYPTO_)/LIBTESTDRIVER1_/g; + s/\b(?=mbedtls_|psa_|tf_psa_crypto_)/libtestdriver1_/g; + print; +} diff --git a/tf-psa-crypto b/tf-psa-crypto index 4a9f29b05c..d653d1b02d 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 4a9f29b05c661bd874c75d80339fcce00adea4e0 +Subproject commit d653d1b02d71d1579bc6e6281a2f9ef814eea3e9 From 1ef121c9b9d61217e0f2b272559c63b700e1a9f9 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 9 Apr 2025 09:51:13 +0100 Subject: [PATCH 0441/1548] Move script and update shebang to fix CI Signed-off-by: Felix Conway --- tests/Makefile | 12 ++++++------ tests/{ => scripts}/libtestdriver1_rewrite.pl | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) rename tests/{ => scripts}/libtestdriver1_rewrite.pl (99%) diff --git a/tests/Makefile b/tests/Makefile index 783f766438..45231cd9a5 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -365,12 +365,12 @@ libtestdriver1.a: # Prefix MBEDTLS_* PSA_* symbols with LIBTESTDRIVER1_ as well as # mbedtls_* psa_* symbols with libtestdriver1_ to avoid symbol clash # when this test driver library is linked with the Mbed TLS library. - perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/library/*.[ch] - perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/include/*/*.h - perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/core/*.[ch] - perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/include/*/*.h - perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h - perl -i ./libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/src/*.[ch] + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/library/*.[ch] + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/include/*/*.h + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/core/*.[ch] + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/include/*/*.h + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/src/*.[ch] $(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a diff --git a/tests/libtestdriver1_rewrite.pl b/tests/scripts/libtestdriver1_rewrite.pl similarity index 99% rename from tests/libtestdriver1_rewrite.pl rename to tests/scripts/libtestdriver1_rewrite.pl index c9790bbaf9..202575d855 100644 --- a/tests/libtestdriver1_rewrite.pl +++ b/tests/scripts/libtestdriver1_rewrite.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl # Perl code that is executed to transform each original line from a library # source file into the corresponding line in the test driver copy of the From 52bed3fcef6a707db5a42f31d72014c80836c84c Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 9 Apr 2025 11:35:29 +0100 Subject: [PATCH 0442/1548] Update tf-psa-crypto & framework pointers Signed-off-by: Felix Conway --- framework | 2 +- tf-psa-crypto | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/framework b/framework index a39ba59344..bf36088bd3 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit a39ba59344fd4f1d0ee267ca414b9420d5dca9f5 +Subproject commit bf36088bd373fe5dbe56fb5d05d25af35a56a175 diff --git a/tf-psa-crypto b/tf-psa-crypto index d653d1b02d..ced1c6df90 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit d653d1b02d71d1579bc6e6281a2f9ef814eea3e9 +Subproject commit ced1c6df90b49ef39849d9cb8a0c540fb672a478 From f670ba5e522f0ed116bf6951faebeb3a62493495 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 15:09:32 +0100 Subject: [PATCH 0443/1548] Always call mbedtls_ssl_handshake_set_state Call a single function for all handshake state changes, for easier tracing. Signed-off-by: Gilles Peskine --- library/ssl_misc.h | 6 ++++++ library/ssl_msg.c | 4 ++-- library/ssl_tls.c | 34 +++++++++++++++++----------------- library/ssl_tls12_client.c | 36 ++++++++++++++++++------------------ library/ssl_tls12_server.c | 34 +++++++++++++++++----------------- 5 files changed, 60 insertions(+), 54 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index de8e0dae23..ce62c2c987 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1304,12 +1304,18 @@ int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl); void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl); + static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl, mbedtls_ssl_states state) { ssl->state = (int) state; } +static inline void mbedtls_ssl_handshake_increment_state(mbedtls_ssl_context *ssl) +{ + mbedtls_ssl_handshake_set_state(ssl, ssl->state + 1); +} + MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl); diff --git a/library/ssl_msg.c b/library/ssl_msg.c index be0dc92720..f1fe0ec8e5 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5044,7 +5044,7 @@ int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl) ssl->out_msglen = 1; ssl->out_msg[0] = 1; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); @@ -5106,7 +5106,7 @@ int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl) mbedtls_ssl_update_in_pointers(ssl); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse change cipher spec")); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5a668a4660..75dde2b8ee 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1409,7 +1409,7 @@ int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ssl->state = MBEDTLS_SSL_HELLO_REQUEST; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_REQUEST); ssl->flags &= MBEDTLS_SSL_CONTEXT_FLAGS_KEEP_AT_SESSION; ssl->tls_version = ssl->conf->max_tls_version; @@ -4235,7 +4235,7 @@ int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl) switch (ssl->state) { case MBEDTLS_SSL_HELLO_REQUEST: - ssl->state = MBEDTLS_SSL_CLIENT_HELLO; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); ret = 0; break; @@ -4386,7 +4386,7 @@ int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl) } #endif - ssl->state = MBEDTLS_SSL_HELLO_REQUEST; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_REQUEST); ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS; if ((ret = mbedtls_ssl_handshake(ssl)) != 0) { @@ -5144,7 +5144,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl, * Most of them already set to the correct value by mbedtls_ssl_init() and * mbedtls_ssl_reset(), so we only need to set the remaining ones. */ - ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; /* Adjust pointers for header fields of outgoing records to @@ -6726,7 +6726,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -6743,7 +6743,7 @@ int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -6766,7 +6766,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -6774,7 +6774,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { if (ssl->handshake->client_auth == 0) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } } @@ -6828,7 +6828,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); @@ -7282,7 +7282,7 @@ int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl) exit: if (ret == 0) { - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); } #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) @@ -7460,7 +7460,7 @@ void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl) #endif mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl); - ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER); MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup")); } @@ -7504,16 +7504,16 @@ int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl) if (ssl->handshake->resume != 0) { #if defined(MBEDTLS_SSL_CLI_C) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); } #endif #if defined(MBEDTLS_SSL_SRV_C) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC); } #endif } else { - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); } /* @@ -7639,16 +7639,16 @@ int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl) if (ssl->handshake->resume != 0) { #if defined(MBEDTLS_SSL_CLI_C) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC); } #endif #if defined(MBEDTLS_SSL_SRV_C) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); } #endif } else { - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); } #if defined(MBEDTLS_SSL_PROTO_DTLS) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index e0743e1a6a..df7dfbfa61 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1118,7 +1118,7 @@ static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl) ssl->handshake->cookie_len = cookie_len; /* Start over at ClientHello */ - ssl->state = MBEDTLS_SSL_CLIENT_HELLO; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); ret = mbedtls_ssl_reset_checksum(ssl); if (0 != ret) { MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_reset_checksum"), ret); @@ -1327,7 +1327,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) ssl->session_negotiate->ciphersuite != i || ssl->session_negotiate->id_len != n || memcmp(ssl->session_negotiate->id, buf + 35, n) != 0) { - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); ssl->handshake->resume = 0; #if defined(MBEDTLS_HAVE_TIME) ssl->session_negotiate->start = mbedtls_time(NULL); @@ -1336,7 +1336,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) ssl->session_negotiate->id_len = n; memcpy(ssl->session_negotiate->id, buf + 35, n); } else { - ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC); } MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed", @@ -1839,7 +1839,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) } MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } ((void) p); @@ -2147,7 +2147,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ exit: - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server key exchange")); @@ -2165,7 +2165,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -2192,7 +2192,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -2210,7 +2210,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); ssl->handshake->client_auth = (ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST); @@ -2381,7 +2381,7 @@ static int ssl_parse_server_hello_done(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_DECODE_ERROR; } - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { @@ -2683,7 +2683,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); @@ -2712,7 +2712,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -2754,14 +2754,14 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } if (ssl->handshake->client_auth == 0 || mbedtls_ssl_own_cert(ssl) == NULL) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -2843,7 +2843,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); @@ -2917,7 +2917,7 @@ static int ssl_parse_new_session_ticket(mbedtls_ssl_context *ssl) /* We're not waiting for a NewSessionTicket message any more */ ssl->handshake->new_session_ticket = 0; - ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC); /* * Zero-length ticket means the server changed his mind and doesn't want @@ -2978,13 +2978,13 @@ int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_SESSION_TICKETS) if (ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC && ssl->handshake->new_session_ticket != 0) { - ssl->state = MBEDTLS_SSL_NEW_SESSION_TICKET; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_NEW_SESSION_TICKET); } #endif switch (ssl->state) { case MBEDTLS_SSL_HELLO_REQUEST: - ssl->state = MBEDTLS_SSL_CLIENT_HELLO; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); break; /* @@ -3069,7 +3069,7 @@ int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl) case MBEDTLS_SSL_FLUSH_BUFFERS: MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); break; case MBEDTLS_SSL_HANDSHAKE_WRAPUP: diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index e1785504b6..2b2b49f2b0 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1597,7 +1597,7 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) ssl->session_negotiate->ciphersuite = ciphersuites[i]; ssl->handshake->ciphersuite_info = ciphersuite_info; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { @@ -2015,7 +2015,7 @@ static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; - ssl->state = MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT); if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); @@ -2183,7 +2183,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) * New session, create a new session id, * unless we're about to issue a session ticket */ - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); #if defined(MBEDTLS_HAVE_TIME) ssl->session_negotiate->start = mbedtls_time(NULL); @@ -2207,7 +2207,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) * Resuming a session */ n = ssl->session_negotiate->id_len; - ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC); if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); @@ -2333,7 +2333,7 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -2356,7 +2356,7 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) { @@ -3080,7 +3080,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) /* Key exchanges not involving ephemeral keys don't use * ServerKeyExchange, so end here. */ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write server key exchange")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ @@ -3134,7 +3134,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); @@ -3156,7 +3156,7 @@ static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO_DONE; - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { @@ -3461,7 +3461,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) return ret; } - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client key exchange")); @@ -3479,7 +3479,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } @@ -3505,20 +3505,20 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) if (ssl->session_negotiate->peer_cert == NULL) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ if (ssl->session_negotiate->peer_cert_digest == NULL) { MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); return 0; } #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ @@ -3530,7 +3530,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) return ret; } - ssl->state++; + mbedtls_ssl_handshake_increment_state(ssl); /* Process the message contents */ if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || @@ -3714,7 +3714,7 @@ int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl) switch (ssl->state) { case MBEDTLS_SSL_HELLO_REQUEST: - ssl->state = MBEDTLS_SSL_CLIENT_HELLO; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); break; /* @@ -3803,7 +3803,7 @@ int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl) case MBEDTLS_SSL_FLUSH_BUFFERS: MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP); break; case MBEDTLS_SSL_HANDSHAKE_WRAPUP: From c67befee6afb6e22f7f506ef6110041f62071319 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 20:45:29 +0100 Subject: [PATCH 0444/1548] Add a log message on every SSL state transition Signed-off-by: Gilles Peskine --- library/ssl_misc.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index ce62c2c987..e82c6250e4 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -16,6 +16,9 @@ #include "mbedtls/error.h" #include "mbedtls/ssl.h" +#include "mbedtls/debug.h" +#include "debug_internal.h" + #include "mbedtls/cipher.h" #include "psa/crypto.h" @@ -1305,9 +1308,21 @@ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl); void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl); +#if defined(MBEDTLS_DEBUG_C) +/* Declared in "ssl_debug_helpers.h". We can't include this file from + * "ssl_misc.h" because it includes "ssl_misc.h" because it needs some + * type definitions. TODO: split the type definitions and the helper + * functions into different headers. + */ +const char *mbedtls_ssl_states_str(mbedtls_ssl_states state); +#endif + static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl, mbedtls_ssl_states state) { + MBEDTLS_SSL_DEBUG_MSG(3, ("handshake state: %d (%s) -> %d (%s)", + ssl->state, mbedtls_ssl_states_str(ssl->state), + state, mbedtls_ssl_states_str(state))); ssl->state = (int) state; } From a4bf00227f5d534fc8dfaa85e3c4f447e138ff64 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 20:37:49 +0100 Subject: [PATCH 0445/1548] Document gotcha of move_handshake_to_state A single call to move_handshake_to_state() can't do a full handshake. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 3ba314f832..0ca02700a6 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -476,6 +476,18 @@ void mbedtls_test_ssl_endpoint_free( * /p second_ssl is used as second endpoint and their sockets have to be * connected before calling this function. * + * For example, to perform a full handshake: + * ``` + * mbedtls_test_move_handshake_to_state( + * &server.ssl, &client.ssl, + * MBEDTLS_SSL_HANDSHAKE_OVER); + * mbedtls_test_move_handshake_to_state( + * &client.ssl, &client.ssl, + * MBEDTLS_SSL_HANDSHAKE_OVER); + * ``` + * Note that you need both calls to reach the handshake-over state on + * both sides. + * * \retval 0 on success, otherwise error code. */ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, From 92122edf4b8d0b5dda73379fa895cdca51021910 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 20:40:50 +0100 Subject: [PATCH 0446/1548] Create handshake record coalescing tests Create tests that coalesce the handshake messages in the first flight from the server. This lets us test the behavior of the library when a handshake record contains multiple handshake messages. Only non-protected (non-encrypted, non-authenticated) handshake messages are supported. The test code works for all protocol versions, but it is only effective in TLS 1.2. In TLS 1.3, there is only a single non-encrypted handshake record, so we can't test records containing more than one handshake message without a lot more work. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 232 +++++++++++++++++++++++ tests/suites/test_suite_ssl.records.data | 26 +++ 2 files changed, 258 insertions(+) create mode 100644 tests/suites/test_suite_ssl.records.data diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 743b53c007..278656c194 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -106,6 +106,98 @@ static void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, #define TEST_GCM_OR_CHACHAPOLY_ENABLED #endif +typedef enum { + RECOMBINE_NOMINAL, /* param: ignored */ + RECOMBINE_COALESCE, /* param: min number of records */ +} recombine_records_instruction_t; + +/* Coalesce TLS handshake records. + * DTLS is not supported. + * Encrypted or authenticated handshake records are not supported. + * Assume the buffer content is a valid sequence of records. + */ +static int recombine_coalesce_handshake_records(mbedtls_test_ssl_buffer *buf, + int max) +{ + const size_t header_length = 5; + TEST_LE_U(header_length, buf->content_length); + if (buf->buffer[0] != MBEDTLS_SSL_MSG_HANDSHAKE) { + return 0; + } + + size_t record_length = MBEDTLS_GET_UINT16_BE(buf->buffer, header_length - 2); + TEST_LE_U(header_length + record_length, buf->content_length); + + int count; + for (count = 1; count < max; count++) { + size_t next_start = header_length + record_length; + if (next_start >= buf->content_length) { + /* We've already reached the last record. */ + break; + } + + TEST_LE_U(next_start + header_length, buf->content_length); + if (buf->buffer[next_start] != MBEDTLS_SSL_MSG_HANDSHAKE) { + /* There's another record, but it isn't a handshake record. */ + break; + } + size_t next_length = + MBEDTLS_GET_UINT16_BE(buf->buffer, next_start + header_length - 2); + TEST_LE_U(next_start + header_length + next_length, buf->content_length); + + /* Erase the next record header */ + memmove(buf->buffer + next_start, + buf->buffer + next_start + header_length, + buf->content_length - next_start); + buf->content_length -= header_length; + /* Update the first record length */ + record_length += next_length; + TEST_LE_U(record_length, 0xffff); + MBEDTLS_PUT_UINT16_BE(record_length, buf->buffer, header_length - 2); + } + + return count; + +exit: + return -1; +} + +static int recombine_records(mbedtls_test_ssl_endpoint *server, + recombine_records_instruction_t instruction, + int param) +{ + mbedtls_test_ssl_buffer *buf = server->socket.output; + int ret; + + /* buf is a circular buffer. For simplicity, this code assumes that + * the data is located at the beginning. This should be ok since + * this function is only meant to be used on the first flight + * emitted by a server. */ + TEST_EQUAL(buf->start, 0); + + switch (instruction) { + case RECOMBINE_NOMINAL: + break; + + case RECOMBINE_COALESCE: + ret = recombine_coalesce_handshake_records(buf, param); + if (param == INT_MAX) { + TEST_LE_S(1, ret); + } else { + TEST_EQUAL(ret, param); + } + break; + + default: + TEST_FAIL("Instructions not understood"); + } + + return 1; + +exit: + return 0; +} + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -2840,6 +2932,146 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void recombine_server_first_flight(int version, + int instruction, int param, + char *client_log, char *server_log, + int goal_state, int expected_ret) +{ + enum { BUFFSIZE = 17000 }; + mbedtls_test_ssl_endpoint client = { 0 }; + mbedtls_test_ssl_endpoint server = { 0 }; + mbedtls_test_handshake_test_options client_options; + mbedtls_test_init_handshake_options(&client_options); + mbedtls_test_handshake_test_options server_options; + mbedtls_test_init_handshake_options(&server_options); +#if defined(MBEDTLS_DEBUG_C) + mbedtls_test_ssl_log_pattern cli_pattern = { .pattern = client_log }; + mbedtls_test_ssl_log_pattern srv_pattern = { .pattern = server_log }; +#endif + int ret = 0; + + MD_OR_USE_PSA_INIT(); +#if defined(MBEDTLS_DEBUG_C) + mbedtls_debug_set_threshold(3); +#endif + + client_options.client_min_version = version; + client_options.client_max_version = version; +#if defined(MBEDTLS_DEBUG_C) + client_options.cli_log_obj = &cli_pattern; + client_options.cli_log_fun = mbedtls_test_ssl_log_analyzer; +#else + (void) cli_pattern; +#endif + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, + &client_options, NULL, NULL, + NULL), 0); +#if defined(MBEDTLS_DEBUG_C) + mbedtls_ssl_conf_dbg(&client.conf, client_options.cli_log_fun, + client_options.cli_log_obj); +#endif + + server_options.server_min_version = version; + server_options.server_max_version = version; +#if defined(MBEDTLS_DEBUG_C) + server_options.srv_log_obj = &srv_pattern; + server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; +#else + (void) srv_pattern; +#endif + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + &server_options, NULL, NULL, + NULL), 0); +#if defined(MBEDTLS_DEBUG_C) + mbedtls_ssl_conf_dbg(&server.conf, server_options.srv_log_fun, + server_options.srv_log_obj); +#endif + + TEST_EQUAL(mbedtls_test_mock_socket_connect(&client.socket, + &server.socket, + BUFFSIZE), 0); + + /* Client: emit the first flight from the client */ + while (ret == 0) { + mbedtls_test_set_step(client.ssl.state); + ret = mbedtls_ssl_handshake_step(&client.ssl); + } + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); + ret = 0; + TEST_EQUAL(client.ssl.state, MBEDTLS_SSL_SERVER_HELLO); + + /* Server: parse the first flight from the client + * and emit the first flight from the server */ + while (ret == 0) { + mbedtls_test_set_step(1000 + server.ssl.state); + ret = mbedtls_ssl_handshake_step(&server.ssl); + } + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); + ret = 0; + TEST_EQUAL(server.ssl.state, MBEDTLS_SSL_SERVER_HELLO_DONE + 1); + + /* Recombine the first flight from the server */ + TEST_ASSERT(recombine_records(&server, instruction, param)); + + /* Client: parse the first flight from the server + * and emit the second flight from the client */ + while (ret == 0 && !mbedtls_ssl_is_handshake_over(&client.ssl)) { + mbedtls_test_set_step(client.ssl.state); + ret = mbedtls_ssl_handshake_step(&client.ssl); + if (client.ssl.state == goal_state && ret != 0) { + TEST_EQUAL(ret, expected_ret); + goto goal_reached; + } + } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + if (version >= MBEDTLS_SSL_VERSION_TLS1_3 && + goal_state >= MBEDTLS_SSL_HANDSHAKE_OVER) { + TEST_EQUAL(ret, 0); + } else +#endif + { + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); + } + ret = 0; + + /* Server: parse the first flight from the client + * and emit the second flight from the server */ + while (ret == 0 && !mbedtls_ssl_is_handshake_over(&server.ssl)) { + mbedtls_test_set_step(1000 + server.ssl.state); + ret = mbedtls_ssl_handshake_step(&server.ssl); + } + TEST_EQUAL(ret, 0); + + /* Client: parse the second flight from the server */ + while (ret == 0 && !mbedtls_ssl_is_handshake_over(&client.ssl)) { + mbedtls_test_set_step(client.ssl.state); + ret = mbedtls_ssl_handshake_step(&client.ssl); + } + if (client.ssl.state == goal_state) { + TEST_EQUAL(ret, expected_ret); + } else { + TEST_EQUAL(ret, 0); + } + +goal_reached: +#if defined(MBEDTLS_DEBUG_C) + TEST_ASSERT(cli_pattern.counter >= 1); + TEST_ASSERT(srv_pattern.counter >= 1); +#endif + +exit: + mbedtls_test_ssl_endpoint_free(&client, NULL); + mbedtls_test_ssl_endpoint_free(&server, NULL); + mbedtls_test_free_handshake_options(&client_options); + mbedtls_test_free_handshake_options(&server_options); + MD_OR_USE_PSA_DONE(); +#if defined(MBEDTLS_DEBUG_C) + mbedtls_debug_set_threshold(0); +#endif +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void renegotiation(int legacy_renegotiation) { diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data new file mode 100644 index 0000000000..e31fbbd23a --- /dev/null +++ b/tests/suites/test_suite_ssl.records.data @@ -0,0 +1,26 @@ +Recombine server flight 1: TLS 1.2, nominal +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 + +Recombine server flight 1: TLS 1.3, nominal +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 + +Recombine server flight 1: TLS 1.2, coalesce 2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:2:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 + +Recombine server flight 1: TLS 1.2, coalesce 3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:3:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 + +Recombine server flight 1: TLS 1.2, coalesce all +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 + +# TLS 1.3 has a single non-encrypted handshake record, so this doesn't +# actually perform any coalescing. Run the test case anyway, but this does +# very little beyond exercising the test code itself a little. +Recombine server flight 1: TLS 1.3, coalesce all +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 From 7c1dbeff4908b23dbced56694bc17263fd7e0eb7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 20:48:01 +0100 Subject: [PATCH 0447/1548] Test split, coalesced-split and empty handshake records Signed-off-by: Gilles Peskine --- library/ssl_msg.c | 1 + tests/suites/test_suite_ssl.function | 122 +++++++++++++++++++++++ tests/suites/test_suite_ssl.records.data | 88 ++++++++++++++++ 3 files changed, 211 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index f1fe0ec8e5..dba8d74ba1 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3699,6 +3699,7 @@ static int ssl_parse_record_header(mbedtls_ssl_context const *ssl, rec->buf_len = rec->data_offset + rec->data_len; if (rec->data_len == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("rejecting empty record")); return MBEDTLS_ERR_SSL_INVALID_RECORD; } diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 278656c194..577249c1d8 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -108,9 +108,100 @@ static void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, typedef enum { RECOMBINE_NOMINAL, /* param: ignored */ + RECOMBINE_SPLIT_FIRST, /* param: offset of split (<=0 means from end) */ + RECOMBINE_INSERT_EMPTY, /* param: offset (<0 means from end) */ RECOMBINE_COALESCE, /* param: min number of records */ + RECOMBINE_COALESCE_SPLIT_ONCE, /* param: offset of split (<=0 means from end) */ + RECOMBINE_COALESCE_SPLIT_ENDS, /* the hairiest one? param: offset, must be >0 */ } recombine_records_instruction_t; +/* Split the first record into two pieces of lengths offset and + * record_length-offset. If offset is zero or negative, count from the end of + * the record. */ +static int recombine_split_first_record(mbedtls_test_ssl_buffer *buf, + int offset) +{ + const size_t header_length = 5; + TEST_LE_U(header_length, buf->content_length); + size_t record_length = MBEDTLS_GET_UINT16_BE(buf->buffer, header_length - 2); + + if (offset > 0) { + TEST_LE_S(offset, record_length); + } else { + TEST_LE_S(-offset, record_length); + offset = record_length + offset; + } + + /* Check that we have room to insert a record header */ + TEST_LE_U(buf->content_length + header_length, buf->capacity); + + /* Make room for a record header */ + size_t new_record_start = header_length + offset; + size_t new_content_start = new_record_start + header_length; + memmove(buf->buffer + new_content_start, + buf->buffer + new_record_start, + buf->content_length - new_record_start); + buf->content_length += header_length; + + /* Construct a header for the new record based on the existing one */ + memcpy(buf->buffer + new_record_start, buf->buffer, header_length); + MBEDTLS_PUT_UINT16_BE(record_length - offset, + buf->buffer, new_content_start - 2); + + /* Adjust the length of the first record */ + MBEDTLS_PUT_UINT16_BE(offset, buf->buffer, header_length - 2); + + return 0; + +exit: + return -1; +} + +/* Insert an empty record at the given offset. If offset is negative, + * count from the end of the first record. */ +static int recombine_insert_empty_record(mbedtls_test_ssl_buffer *buf, + int offset) +{ + const size_t header_length = 5; + TEST_LE_U(header_length, buf->content_length); + size_t record_length = MBEDTLS_GET_UINT16_BE(buf->buffer, header_length - 2); + + if (offset >= 0) { + TEST_LE_S(offset, record_length); + } else { + TEST_LE_S(-offset, record_length); + offset = record_length + offset; + } + + /* Check that we have room to insert two record headers */ + TEST_LE_U(buf->content_length + 2 * header_length, buf->capacity); + + /* Make room for an empty record and a record header */ + size_t empty_record_start = header_length + offset; + size_t empty_content_start = empty_record_start + header_length; + size_t tail_record_start = empty_content_start; + size_t tail_content_start = tail_record_start + header_length; + memmove(buf->buffer + tail_content_start, + buf->buffer + tail_record_start, + buf->content_length - tail_record_start); + buf->content_length += 2 * header_length; + + /* Construct headers for the new records based on the existing one */ + memcpy(buf->buffer + empty_record_start, buf->buffer, header_length); + MBEDTLS_PUT_UINT16_BE(0, buf->buffer, empty_content_start - 2); + memcpy(buf->buffer + tail_record_start, buf->buffer, header_length); + MBEDTLS_PUT_UINT16_BE(record_length - offset, + buf->buffer, tail_content_start - 2); + + /* Adjust the length of the first record */ + MBEDTLS_PUT_UINT16_BE(offset, buf->buffer, header_length - 2); + + return 0; + +exit: + return -1; +} + /* Coalesce TLS handshake records. * DTLS is not supported. * Encrypted or authenticated handshake records are not supported. @@ -179,6 +270,16 @@ static int recombine_records(mbedtls_test_ssl_endpoint *server, case RECOMBINE_NOMINAL: break; + case RECOMBINE_SPLIT_FIRST: + ret = recombine_split_first_record(buf, param); + TEST_LE_S(0, ret); + break; + + case RECOMBINE_INSERT_EMPTY: + ret = recombine_insert_empty_record(buf, param); + TEST_LE_S(0, ret); + break; + case RECOMBINE_COALESCE: ret = recombine_coalesce_handshake_records(buf, param); if (param == INT_MAX) { @@ -188,6 +289,27 @@ static int recombine_records(mbedtls_test_ssl_endpoint *server, } break; + case RECOMBINE_COALESCE_SPLIT_ONCE: + ret = recombine_coalesce_handshake_records(buf, INT_MAX); + /* Require at least two coalesced records, otherwise this + * doesn't lead to a meaningful test (use + * RECOMBINE_SPLIT_FIRST instead). */ + TEST_LE_S(2, ret); + ret = recombine_split_first_record(buf, param); + TEST_LE_S(0, ret); + break; + + case RECOMBINE_COALESCE_SPLIT_ENDS: + ret = recombine_coalesce_handshake_records(buf, INT_MAX); + /* Accept a single record, which will be split at both ends */ + TEST_LE_S(1, ret); + TEST_LE_S(1, param); + ret = recombine_split_first_record(buf, -param); + TEST_LE_S(0, ret); + ret = recombine_split_first_record(buf, param); + TEST_LE_S(0, ret); + break; + default: TEST_FAIL("Instructions not understood"); } diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data index e31fbbd23a..ca19393fd5 100644 --- a/tests/suites/test_suite_ssl.records.data +++ b/tests/suites/test_suite_ssl.records.data @@ -24,3 +24,91 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:INT_ Recombine server flight 1: TLS 1.3, coalesce all depends_on:MBEDTLS_SSL_PROTO_TLS1_3 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 + +Recombine server flight 1: TLS 1.2, split first at 4 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 + +Recombine server flight 1: TLS 1.3, split first at 4 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 + +Recombine server flight 1: TLS 1.2, split first at end-1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 + +Recombine server flight 1: TLS 1.3, split first at end-1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 + +# The library doesn't support an initial handshake fragment that doesn't +# contain the full 4-byte handshake header. +Recombine server flight 1: TLS 1.2, split first at 3 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:3:"handshake message too short\: 3":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.3, split first at 3 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:3:"handshake message too short\: 3":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.2, split first at 2 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:2:"handshake message too short\: 2":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.3, split first at 2 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:2:"handshake message too short\: 2":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.2, split first at 1 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:1:"handshake message too short\: 1":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.3, split first at 1 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:1:"handshake message too short\: 1":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.2, insert empty record after first (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_CERTIFICATE:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.3, insert empty record after first (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:0:"rejecting empty record":"":MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.2, insert empty record at start (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_EMPTY:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.3, insert empty record at start (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_EMPTY:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.2, insert empty record at 42 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_EMPTY:42:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.3, insert empty record at 42 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_EMPTY:42:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +# Since there is a single unencrypted handshake message in the first flight +# from the server, and the test code that recombines handshake records can only +# handle plaintext records, we can't have TLS 1.3 tests with coalesced +# handshake messages. Hence most coalesce-and-split test cases are 1.2-only. + +Recombine server flight 1: TLS 1.2, coalesce and split at 4 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_ONCE:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 + +# The last message of the first flight from the server is ServerHelloDone, +# which is an empty handshake message, i.e. of length 4. The library doesn't +# support fragmentation of a handshake message, so the last place where we +# can split the flight is 4+1 = 5 bytes before it ends, with 1 byte in the +# previous handshake message and 4 bytes of ServerHelloDone including header. +Recombine server flight 1: TLS 1.2, coalesce and split at end-5 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_ONCE:-5:"subsequent handshake fragment\: 5,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 + +Recombine server flight 1: TLS 1.2, coalesce and split at both ends +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_ENDS:5:"subsequent handshake fragment\: 5,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 From 7ab9fb6d147e5afab97882b8bd612c66f9094189 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 22:26:36 +0100 Subject: [PATCH 0448/1548] Pacify ancient clang -Wmissing-initializer Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 577249c1d8..91ffe35ee8 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3061,8 +3061,10 @@ void recombine_server_first_flight(int version, int goal_state, int expected_ret) { enum { BUFFSIZE = 17000 }; - mbedtls_test_ssl_endpoint client = { 0 }; - mbedtls_test_ssl_endpoint server = { 0 }; + mbedtls_test_ssl_endpoint client; + memset(&client, 0, sizeof(client)); + mbedtls_test_ssl_endpoint server; + memset(&server, 0, sizeof(server)); mbedtls_test_handshake_test_options client_options; mbedtls_test_init_handshake_options(&client_options); mbedtls_test_handshake_test_options server_options; From bc694b3cbdcafdc4c750906523bf802b273cb4c1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 22:28:23 +0100 Subject: [PATCH 0449/1548] Fix printf of enum The enum is promoted to `int`, so `%d` is a correct format, but `gcc -Wformat` complains. Signed-off-by: Gilles Peskine --- library/ssl_misc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e82c6250e4..f52f784476 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1322,7 +1322,7 @@ static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG(3, ("handshake state: %d (%s) -> %d (%s)", ssl->state, mbedtls_ssl_states_str(ssl->state), - state, mbedtls_ssl_states_str(state))); + (int) state, mbedtls_ssl_states_str(state))); ssl->state = (int) state; } From 074267282f266e6baf88a71bd836f1fb9434ac16 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 23:01:42 +0100 Subject: [PATCH 0450/1548] Fix the build in PSK-only configurations Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 91ffe35ee8..ca85578b5b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -115,6 +115,8 @@ typedef enum { RECOMBINE_COALESCE_SPLIT_ENDS, /* the hairiest one? param: offset, must be >0 */ } recombine_records_instruction_t; +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) + /* Split the first record into two pieces of lengths offset and * record_length-offset. If offset is zero or negative, count from the end of * the record. */ @@ -320,6 +322,8 @@ exit: return 0; } +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -3054,7 +3058,9 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* This test case doesn't actually depend on certificates, + * but our helper code for mbedtls_test_ssl_endpoint does. */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ void recombine_server_first_flight(int version, int instruction, int param, char *client_log, char *server_log, From c34ea472fb96531d7277823b620ec262472689e2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Mar 2025 23:04:23 +0100 Subject: [PATCH 0451/1548] Fix the build without MBEDTLS_DEBUG_C Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index ca85578b5b..061adba762 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3078,6 +3078,9 @@ void recombine_server_first_flight(int version, #if defined(MBEDTLS_DEBUG_C) mbedtls_test_ssl_log_pattern cli_pattern = { .pattern = client_log }; mbedtls_test_ssl_log_pattern srv_pattern = { .pattern = server_log }; +#else + (void) client_log; + (void) server_log; #endif int ret = 0; @@ -3091,8 +3094,6 @@ void recombine_server_first_flight(int version, #if defined(MBEDTLS_DEBUG_C) client_options.cli_log_obj = &cli_pattern; client_options.cli_log_fun = mbedtls_test_ssl_log_analyzer; -#else - (void) cli_pattern; #endif TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, &client_options, NULL, NULL, @@ -3107,8 +3108,6 @@ void recombine_server_first_flight(int version, #if defined(MBEDTLS_DEBUG_C) server_options.srv_log_obj = &srv_pattern; server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; -#else - (void) srv_pattern; #endif TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, &server_options, NULL, NULL, From 5e3c0bd82bcb14742b168d0a3621935d5949a300 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 10 Mar 2025 14:02:42 +0100 Subject: [PATCH 0452/1548] Also test inserting non-empty, non-handshake records Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 60 +++++++++++++++++++----- tests/suites/test_suite_ssl.records.data | 40 ++++++++++++++++ 2 files changed, 89 insertions(+), 11 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 061adba762..52e887af6d 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -110,6 +110,7 @@ typedef enum { RECOMBINE_NOMINAL, /* param: ignored */ RECOMBINE_SPLIT_FIRST, /* param: offset of split (<=0 means from end) */ RECOMBINE_INSERT_EMPTY, /* param: offset (<0 means from end) */ + RECOMBINE_INSERT_RECORD, /* param: record type */ RECOMBINE_COALESCE, /* param: min number of records */ RECOMBINE_COALESCE_SPLIT_ONCE, /* param: offset of split (<=0 means from end) */ RECOMBINE_COALESCE_SPLIT_ENDS, /* the hairiest one? param: offset, must be >0 */ @@ -161,8 +162,9 @@ exit: /* Insert an empty record at the given offset. If offset is negative, * count from the end of the first record. */ -static int recombine_insert_empty_record(mbedtls_test_ssl_buffer *buf, - int offset) +static int recombine_insert_record(mbedtls_test_ssl_buffer *buf, + int offset, + uint8_t inserted_record_type) { const size_t header_length = 5; TEST_LE_U(header_length, buf->content_length); @@ -175,22 +177,50 @@ static int recombine_insert_empty_record(mbedtls_test_ssl_buffer *buf, offset = record_length + offset; } - /* Check that we have room to insert two record headers */ - TEST_LE_U(buf->content_length + 2 * header_length, buf->capacity); + uint8_t inserted_content[42] = { 0 }; + size_t inserted_content_length = 0; + switch (inserted_record_type) { + case MBEDTLS_SSL_MSG_ALERT: + inserted_content[0] = MBEDTLS_SSL_ALERT_LEVEL_WARNING; + inserted_content[1] = MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION; + inserted_content_length = 2; + break; + case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: + inserted_content[0] = 0x01; + inserted_content_length = 1; + break; + case MBEDTLS_SSL_MSG_APPLICATION_DATA: + inserted_content_length = sizeof(inserted_content); + break; + default: + /* Leave the content empty */ + break; + } + + /* Check that we have room to insert two record headers plus the new + * content. */ + TEST_LE_U(buf->content_length + 2 * header_length + inserted_content_length, + buf->capacity); /* Make room for an empty record and a record header */ - size_t empty_record_start = header_length + offset; - size_t empty_content_start = empty_record_start + header_length; - size_t tail_record_start = empty_content_start; + size_t inserted_record_start = header_length + offset; + size_t inserted_content_start = inserted_record_start + header_length; + size_t tail_record_start = inserted_content_start + inserted_content_length; size_t tail_content_start = tail_record_start + header_length; memmove(buf->buffer + tail_content_start, buf->buffer + tail_record_start, buf->content_length - tail_record_start); buf->content_length += 2 * header_length; - /* Construct headers for the new records based on the existing one */ - memcpy(buf->buffer + empty_record_start, buf->buffer, header_length); - MBEDTLS_PUT_UINT16_BE(0, buf->buffer, empty_content_start - 2); + /* Construct the inserted record based on the existing one */ + memcpy(buf->buffer + inserted_record_start, buf->buffer, header_length); + buf->buffer[inserted_record_start] = inserted_record_type; + MBEDTLS_PUT_UINT16_BE(inserted_content_length, + buf->buffer, inserted_content_start - 2); + memcpy(buf->buffer + inserted_content_start, + inserted_content, inserted_content_length); + + /* Construct header for the last fragment based on the existing one */ memcpy(buf->buffer + tail_record_start, buf->buffer, header_length); MBEDTLS_PUT_UINT16_BE(record_length - offset, buf->buffer, tail_content_start - 2); @@ -278,7 +308,15 @@ static int recombine_records(mbedtls_test_ssl_endpoint *server, break; case RECOMBINE_INSERT_EMPTY: - ret = recombine_insert_empty_record(buf, param); + /* Insert an empty handshake record. */ + ret = recombine_insert_record(buf, param, MBEDTLS_SSL_MSG_HANDSHAKE); + TEST_LE_S(0, ret); + break; + + case RECOMBINE_INSERT_RECORD: + /* Insert an extra record at a position where splitting + * would be ok. */ + ret = recombine_insert_record(buf, 5, param); TEST_LE_S(0, ret); break; diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data index ca19393fd5..2acbbe9f4f 100644 --- a/tests/suites/test_suite_ssl.records.data +++ b/tests/suites/test_suite_ssl.records.data @@ -91,6 +91,46 @@ Recombine server flight 1: TLS 1.3, insert empty record at 42 (bad) depends_on:MBEDTLS_SSL_PROTO_TLS1_3 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_EMPTY:42:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD +Recombine server flight 1: TLS 1.2, insert ChangeCipherSpec record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +Recombine server flight 1: TLS 1.3, insert ChangeCipherSpec record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +Recombine server flight 1: TLS 1.2, insert alert record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_ALERT:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +Recombine server flight 1: TLS 1.3, insert alert record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_ALERT:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +Recombine server flight 1: TLS 1.2, insert data record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_APPLICATION_DATA:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +Recombine server flight 1: TLS 1.3, insert data record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_APPLICATION_DATA:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE + +Recombine server flight 1: TLS 1.2, insert CID record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CID:"unknown record type":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.3, insert CID record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CID:"unknown record type":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.2, insert unknown record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:255:"unknown record type 255":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + +Recombine server flight 1: TLS 1.3, insert unknown record at 5 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:255:"unknown record type 255":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD + # Since there is a single unencrypted handshake message in the first flight # from the server, and the test code that recombines handshake records can only # handle plaintext records, we can't have TLS 1.3 tests with coalesced From 84ccbd800206db97f2334704b3d0e01be82c49fb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 10 Mar 2025 14:16:46 +0100 Subject: [PATCH 0453/1548] Simulate closing the connection mid-message Simulate the server closing the connection after a partial handshake message. These test cases don't send a close_notify alert. The test cases "insert alert record" exercise what happens if the server sends an alert. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 47 ++++++++++++++++++++++++ tests/suites/test_suite_ssl.records.data | 8 ++++ 2 files changed, 55 insertions(+) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 52e887af6d..3081257cb8 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -109,6 +109,7 @@ static void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, typedef enum { RECOMBINE_NOMINAL, /* param: ignored */ RECOMBINE_SPLIT_FIRST, /* param: offset of split (<=0 means from end) */ + RECOMBINE_TRUNCATE_FIRST, /* param: offset of truncation (<=0 means from end) */ RECOMBINE_INSERT_EMPTY, /* param: offset (<0 means from end) */ RECOMBINE_INSERT_RECORD, /* param: record type */ RECOMBINE_COALESCE, /* param: min number of records */ @@ -160,6 +161,39 @@ exit: return -1; } +/* Truncate the first record, keeping only the first offset bytes. + * If offset is zero or negative, count from the end of the record. + * Remove the subsequent records. + */ +static int recombine_truncate_first_record(mbedtls_test_ssl_buffer *buf, + int offset) +{ + const size_t header_length = 5; + TEST_LE_U(header_length, buf->content_length); + size_t record_length = MBEDTLS_GET_UINT16_BE(buf->buffer, header_length - 2); + + if (offset > 0) { + TEST_LE_S(offset, record_length); + } else { + TEST_LE_S(-offset, record_length); + offset = record_length + offset; + } + + /* Adjust the length of the first record */ + MBEDTLS_PUT_UINT16_BE(offset, buf->buffer, header_length - 2); + + /* Wipe the rest */ + size_t truncated_end = header_length + offset; + memset(buf->buffer + truncated_end, '!', + buf->content_length - truncated_end); + buf->content_length = truncated_end; + + return 0; + +exit: + return -1; +} + /* Insert an empty record at the given offset. If offset is negative, * count from the end of the first record. */ static int recombine_insert_record(mbedtls_test_ssl_buffer *buf, @@ -307,6 +341,11 @@ static int recombine_records(mbedtls_test_ssl_endpoint *server, TEST_LE_S(0, ret); break; + case RECOMBINE_TRUNCATE_FIRST: + ret = recombine_truncate_first_record(buf, param); + TEST_LE_S(0, ret); + break; + case RECOMBINE_INSERT_EMPTY: /* Insert an empty handshake record. */ ret = recombine_insert_record(buf, param, MBEDTLS_SSL_MSG_HANDSHAKE); @@ -3204,6 +3243,14 @@ void recombine_server_first_flight(int version, /* Server: parse the first flight from the client * and emit the second flight from the server */ + if (instruction == RECOMBINE_TRUNCATE_FIRST) { + /* Close without a notification. The case of closing with a + * notification is tested via RECOMBINE_INSERT_RECORD to insert + * an alert record (which we reject, making the client SSL + * context become invalid). */ + mbedtls_test_mock_socket_close(&server.socket); + goto goal_reached; + } while (ret == 0 && !mbedtls_ssl_is_handshake_over(&server.ssl)) { mbedtls_test_set_step(1000 + server.ssl.state); ret = mbedtls_ssl_handshake_step(&server.ssl); diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data index 2acbbe9f4f..e94f554c69 100644 --- a/tests/suites/test_suite_ssl.records.data +++ b/tests/suites/test_suite_ssl.records.data @@ -67,6 +67,14 @@ Recombine server flight 1: TLS 1.3, split first at 1 (bad) depends_on:MBEDTLS_SSL_PROTO_TLS1_3 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:1:"handshake message too short\: 1":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD +Recombine server flight 1: TLS 1.2, truncate at 4 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_TRUNCATE_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_WANT_READ + +Recombine server flight 1: TLS 1.3, truncate at 4 (bad) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_TRUNCATE_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_WANT_READ + Recombine server flight 1: TLS 1.2, insert empty record after first (bad) depends_on:MBEDTLS_SSL_PROTO_TLS1_2 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_CERTIFICATE:MBEDTLS_ERR_SSL_INVALID_RECORD From 161cadd1cc6097a7324bb65024e4bfc9f10236df Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 10 Mar 2025 14:24:22 +0100 Subject: [PATCH 0454/1548] Fix copypasta Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 0ca02700a6..c0c110105d 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -482,7 +482,7 @@ void mbedtls_test_ssl_endpoint_free( * &server.ssl, &client.ssl, * MBEDTLS_SSL_HANDSHAKE_OVER); * mbedtls_test_move_handshake_to_state( - * &client.ssl, &client.ssl, + * &client.ssl, &server.ssl, * MBEDTLS_SSL_HANDSHAKE_OVER); * ``` * Note that you need both calls to reach the handshake-over state on From eb48890bd5bdecf988ef1726895a7f6d0e94ff75 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 10 Mar 2025 14:29:59 +0100 Subject: [PATCH 0455/1548] Remove redundant setup mbedtls_test_ssl_endpoint_init() already takes care of setting up debugging. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 8 -------- 1 file changed, 8 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 3081257cb8..85c252492c 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3175,10 +3175,6 @@ void recombine_server_first_flight(int version, TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, &client_options, NULL, NULL, NULL), 0); -#if defined(MBEDTLS_DEBUG_C) - mbedtls_ssl_conf_dbg(&client.conf, client_options.cli_log_fun, - client_options.cli_log_obj); -#endif server_options.server_min_version = version; server_options.server_max_version = version; @@ -3189,10 +3185,6 @@ void recombine_server_first_flight(int version, TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, &server_options, NULL, NULL, NULL), 0); -#if defined(MBEDTLS_DEBUG_C) - mbedtls_ssl_conf_dbg(&server.conf, server_options.srv_log_fun, - server_options.srv_log_obj); -#endif TEST_EQUAL(mbedtls_test_mock_socket_connect(&client.socket, &server.socket, From c0721e0e8ecfa49567c2ffd2df1019ea65a2e96a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 10 Mar 2025 14:53:16 +0100 Subject: [PATCH 0456/1548] Improve documentation Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 19 ++++++++++++++++--- tests/suites/test_suite_ssl.records.data | 2 +- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 85c252492c..8a77df5edf 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -112,9 +112,9 @@ typedef enum { RECOMBINE_TRUNCATE_FIRST, /* param: offset of truncation (<=0 means from end) */ RECOMBINE_INSERT_EMPTY, /* param: offset (<0 means from end) */ RECOMBINE_INSERT_RECORD, /* param: record type */ - RECOMBINE_COALESCE, /* param: min number of records */ + RECOMBINE_COALESCE, /* param: number of records (INT_MAX=all) */ RECOMBINE_COALESCE_SPLIT_ONCE, /* param: offset of split (<=0 means from end) */ - RECOMBINE_COALESCE_SPLIT_ENDS, /* the hairiest one? param: offset, must be >0 */ + RECOMBINE_COALESCE_SPLIT_BOTH_ENDS, /* param: offset, must be >0 */ } recombine_records_instruction_t; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) @@ -272,6 +272,10 @@ exit: * DTLS is not supported. * Encrypted or authenticated handshake records are not supported. * Assume the buffer content is a valid sequence of records. + * + * Coalesce only the first max records, or all the records if there are + * fewer than max. + * Return the number of coalesced records, or -1 on error. */ static int recombine_coalesce_handshake_records(mbedtls_test_ssl_buffer *buf, int max) @@ -361,6 +365,9 @@ static int recombine_records(mbedtls_test_ssl_endpoint *server, case RECOMBINE_COALESCE: ret = recombine_coalesce_handshake_records(buf, param); + /* If param != INT_MAX, enforce that there were that many + * records to coalesce. In particular, 1 < param < INT_MAX + * ensures that library will see some coalesced records. */ if (param == INT_MAX) { TEST_LE_S(1, ret); } else { @@ -378,7 +385,7 @@ static int recombine_records(mbedtls_test_ssl_endpoint *server, TEST_LE_S(0, ret); break; - case RECOMBINE_COALESCE_SPLIT_ENDS: + case RECOMBINE_COALESCE_SPLIT_BOTH_ENDS: ret = recombine_coalesce_handshake_records(buf, INT_MAX); /* Accept a single record, which will be split at both ends */ TEST_LE_S(1, ret); @@ -3143,6 +3150,12 @@ void recombine_server_first_flight(int version, char *client_log, char *server_log, int goal_state, int expected_ret) { + /* Make sure we have a buffer that's large enough for the longest + * data that the library might ever send, plus a bit extra so that + * we can inject more content. The library won't ever send more than + * 2^14 bytes of handshake messages, so we round that up. In practice + * we could surely get away with a much smaller buffer. The main + * variable part is the server certificate. */ enum { BUFFSIZE = 17000 }; mbedtls_test_ssl_endpoint client; memset(&client, 0, sizeof(client)); diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data index e94f554c69..edc2754356 100644 --- a/tests/suites/test_suite_ssl.records.data +++ b/tests/suites/test_suite_ssl.records.data @@ -159,4 +159,4 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLI Recombine server flight 1: TLS 1.2, coalesce and split at both ends depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_ENDS:5:"subsequent handshake fragment\: 5,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_BOTH_ENDS:5:"subsequent handshake fragment\: 5,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 From 0a1996f8eea4907393ef73c27528e12033ad3ca1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 26 Mar 2025 12:41:19 +0100 Subject: [PATCH 0457/1548] Tighten dependency declarations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These are not optimal. For example, the tests should in principle be able to run in builds without ECDSA, by using RSA certs instead. Ideally PSK should work too. However, getting optimal dependencies would be a lot of work that's largely orthogonal to the purpose of this PR, so we'll settle for good enough. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8a77df5edf..78f48e5b57 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3144,7 +3144,7 @@ exit: /* This test case doesn't actually depend on certificates, * but our helper code for mbedtls_test_ssl_endpoint does. */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY */ void recombine_server_first_flight(int version, int instruction, int param, char *client_log, char *server_log, @@ -3179,6 +3179,10 @@ void recombine_server_first_flight(int version, mbedtls_debug_set_threshold(3); #endif + // Does't really matter but we want to know to declare dependencies. + client_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.pk_alg = MBEDTLS_PK_ECDSA; + client_options.client_min_version = version; client_options.client_max_version = version; #if defined(MBEDTLS_DEBUG_C) From 921a2acf8bf8366eb2f4b1fe80437289b42850cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Mar 2025 11:47:13 +0100 Subject: [PATCH 0458/1548] Improve dependency declarations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The function depends on MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED which is basically MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED || MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED The individual test cases depend on the specific TLS version. This is not precise enough. In a build with both TLS versions enabled, we could have cert-based key exchange in one version but not in the other. So, we need the 1.3 tests to depend on the 1.3 cert-based key exchange and similarly for 1.2. For 1.2, cert-based key exchange means ECDHE-{RSA,ECDSA} or ECDH-{RSA,ECDSA}. Since the test function sets an ECC cert for the server, we want one of the ECDSA ones. So, the minimal dependency would be ECDH_ECDSA || ECDHE_ECDSA. Since dependencies with || are inconvenient to express, and anyway ECDH_ECDSA (static ECDH) is something we'd like to remove in 4.0 if we can find the time, I chose to just depend on ECDHE_ECDSA. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.records.data | 74 ++++++++++++------------ 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data index edc2754356..3ec79183ba 100644 --- a/tests/suites/test_suite_ssl.records.data +++ b/tests/suites/test_suite_ssl.records.data @@ -1,142 +1,142 @@ Recombine server flight 1: TLS 1.2, nominal -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.3, nominal -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 Recombine server flight 1: TLS 1.2, coalesce 2 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:2:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.2, coalesce 3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:3:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.2, coalesce all -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 # TLS 1.3 has a single non-encrypted handshake record, so this doesn't # actually perform any coalescing. Run the test case anyway, but this does # very little beyond exercising the test code itself a little. Recombine server flight 1: TLS 1.3, coalesce all -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 Recombine server flight 1: TLS 1.2, split first at 4 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.3, split first at 4 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 Recombine server flight 1: TLS 1.2, split first at end-1 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.3, split first at end-1 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 # The library doesn't support an initial handshake fragment that doesn't # contain the full 4-byte handshake header. Recombine server flight 1: TLS 1.2, split first at 3 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:3:"handshake message too short\: 3":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, split first at 3 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:3:"handshake message too short\: 3":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, split first at 2 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:2:"handshake message too short\: 2":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, split first at 2 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:2:"handshake message too short\: 2":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, split first at 1 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:1:"handshake message too short\: 1":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, split first at 1 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:1:"handshake message too short\: 1":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, truncate at 4 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_TRUNCATE_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_WANT_READ Recombine server flight 1: TLS 1.3, truncate at 4 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_TRUNCATE_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_WANT_READ Recombine server flight 1: TLS 1.2, insert empty record after first (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_CERTIFICATE:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert empty record after first (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:0:"rejecting empty record":"":MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, insert empty record at start (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_EMPTY:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert empty record at start (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_EMPTY:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, insert empty record at 42 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_EMPTY:42:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert empty record at 42 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_EMPTY:42:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, insert ChangeCipherSpec record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.3, insert ChangeCipherSpec record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.2, insert alert record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_ALERT:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.3, insert alert record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_ALERT:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.2, insert data record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_APPLICATION_DATA:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.3, insert data record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_APPLICATION_DATA:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.2, insert CID record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CID:"unknown record type":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert CID record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CID:"unknown record type":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, insert unknown record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:255:"unknown record type 255":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert unknown record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:255:"unknown record type 255":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD # Since there is a single unencrypted handshake message in the first flight @@ -145,7 +145,7 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD # handshake messages. Hence most coalesce-and-split test cases are 1.2-only. Recombine server flight 1: TLS 1.2, coalesce and split at 4 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_ONCE:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 # The last message of the first flight from the server is ServerHelloDone, @@ -154,9 +154,9 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLI # can split the flight is 4+1 = 5 bytes before it ends, with 1 byte in the # previous handshake message and 4 bytes of ServerHelloDone including header. Recombine server flight 1: TLS 1.2, coalesce and split at end-5 -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_ONCE:-5:"subsequent handshake fragment\: 5,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.2, coalesce and split at both ends -depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_BOTH_ENDS:5:"subsequent handshake fragment\: 5,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 From 1f471a1f38a4e4abcaf379ad7c9ca293693f2dd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Mar 2025 12:44:32 +0100 Subject: [PATCH 0459/1548] Tighten dependencies again MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This one is overly tight: TLS 1.3 actually only depends on ChachaPoly || (AES && (GCM || CCM)) Furthermore, this should really be reflected in check_config.h. Individual test cases should be able to just request PROTO_TLS1_3 and know that there is ciphersuite that works. However, resolving that seems out of scope for this PR. (It would also involve updating depends.py for example.) So, use a dependency that's stricted than necessary. IMO it's still good enough as most configs we test will have ChachaPoly. However it would be good to revisit this when a cleaner solution is implemented. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.records.data | 32 ++++++++++++------------ 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data index 3ec79183ba..c54458cf4b 100644 --- a/tests/suites/test_suite_ssl.records.data +++ b/tests/suites/test_suite_ssl.records.data @@ -3,7 +3,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.3, nominal -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 Recombine server flight 1: TLS 1.2, coalesce 2 @@ -22,7 +22,7 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:INT_ # actually perform any coalescing. Run the test case anyway, but this does # very little beyond exercising the test code itself a little. Recombine server flight 1: TLS 1.3, coalesce all -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 Recombine server flight 1: TLS 1.2, split first at 4 @@ -30,7 +30,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.3, split first at 4 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 Recombine server flight 1: TLS 1.2, split first at end-1 @@ -38,7 +38,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.3, split first at end-1 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 # The library doesn't support an initial handshake fragment that doesn't @@ -48,7 +48,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:3:"handshake message too short\: 3":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, split first at 3 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:3:"handshake message too short\: 3":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, split first at 2 (bad) @@ -56,7 +56,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:2:"handshake message too short\: 2":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, split first at 2 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:2:"handshake message too short\: 2":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, split first at 1 (bad) @@ -64,7 +64,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:1:"handshake message too short\: 1":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, split first at 1 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:1:"handshake message too short\: 1":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, truncate at 4 (bad) @@ -72,7 +72,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_TRUNCATE_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_WANT_READ Recombine server flight 1: TLS 1.3, truncate at 4 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_TRUNCATE_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_WANT_READ Recombine server flight 1: TLS 1.2, insert empty record after first (bad) @@ -80,7 +80,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_CERTIFICATE:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert empty record after first (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:0:"rejecting empty record":"":MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, insert empty record at start (bad) @@ -88,7 +88,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_EMPTY:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert empty record at start (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_EMPTY:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, insert empty record at 42 (bad) @@ -96,7 +96,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_EMPTY:42:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert empty record at 42 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_EMPTY:42:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, insert ChangeCipherSpec record at 5 (bad) @@ -104,7 +104,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.3, insert ChangeCipherSpec record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.2, insert alert record at 5 (bad) @@ -112,7 +112,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_ALERT:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.3, insert alert record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_ALERT:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.2, insert data record at 5 (bad) @@ -120,7 +120,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_APPLICATION_DATA:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.3, insert data record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_APPLICATION_DATA:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE Recombine server flight 1: TLS 1.2, insert CID record at 5 (bad) @@ -128,7 +128,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CID:"unknown record type":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert CID record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CID:"unknown record type":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.2, insert unknown record at 5 (bad) @@ -136,7 +136,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:255:"unknown record type 255":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD Recombine server flight 1: TLS 1.3, insert unknown record at 5 (bad) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:255:"unknown record type 255":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD # Since there is a single unencrypted handshake message in the first flight From 132f5b99c83c1e16ad4289eb0393f2effeb97cdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 28 Mar 2025 09:33:38 +0100 Subject: [PATCH 0460/1548] Use same dependencies for helper functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 78f48e5b57..0aa9f39ec0 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -117,7 +117,14 @@ typedef enum { RECOMBINE_COALESCE_SPLIT_BOTH_ENDS, /* param: offset, must be >0 */ } recombine_records_instruction_t; -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +/* Keep this in sync with the recombine_server_first_flight() + * See comment there. */ +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ + defined(PSA_WANT_ALG_SHA_256) && \ + defined(PSA_WANT_ECC_SECP_R1_256) && \ + defined(PSA_WANT_ECC_SECP_R1_384) && \ + defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \ + defined(PSA_WANT_ALG_ECDSA_ANY) /* Split the first record into two pieces of lengths offset and * record_length-offset. If offset is zero or negative, count from the end of @@ -406,7 +413,7 @@ exit: return 0; } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED etc */ /* END_HEADER */ @@ -3143,7 +3150,11 @@ exit: /* END_CASE */ /* This test case doesn't actually depend on certificates, - * but our helper code for mbedtls_test_ssl_endpoint does. */ + * but our helper code for mbedtls_test_ssl_endpoint does. + * Also, it needs specific hashes, algs and curves for the + * hardcoded test certificates. In principle both RSA and ECDSA + * can be used, but we hardcode ECDSA in order to avoid having + * to express dependencies like "RSA or ECDSA with those curves". */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY */ void recombine_server_first_flight(int version, int instruction, int param, From 6fedc4e18e9a8efb08654d3c6b98f6bf847d4d04 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 9 Apr 2025 13:50:43 +0100 Subject: [PATCH 0461/1548] Add executable permissions to new perl file Signed-off-by: Felix Conway --- tests/scripts/libtestdriver1_rewrite.pl | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 tests/scripts/libtestdriver1_rewrite.pl diff --git a/tests/scripts/libtestdriver1_rewrite.pl b/tests/scripts/libtestdriver1_rewrite.pl old mode 100644 new mode 100755 From 8d73bdc679d54112513160c5757bb4042c29071d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 10 Apr 2025 09:38:53 +0200 Subject: [PATCH 0462/1548] Improve comments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 4 +++- tests/suites/test_suite_ssl.records.data | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 0aa9f39ec0..8964adc75b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -201,7 +201,7 @@ exit: return -1; } -/* Insert an empty record at the given offset. If offset is negative, +/* Insert a (dummy) record at the given offset. If offset is negative, * count from the end of the first record. */ static int recombine_insert_record(mbedtls_test_ssl_buffer *buf, int offset, @@ -3251,6 +3251,8 @@ void recombine_server_first_flight(int version, } } #if defined(MBEDTLS_SSL_PROTO_TLS1_3) + /* A default TLS 1.3 handshake has only 1 flight from the server, + * while the default (non-resumption) 1.2 handshake has two. */ if (version >= MBEDTLS_SSL_VERSION_TLS1_3 && goal_state >= MBEDTLS_SSL_HANDSHAKE_OVER) { TEST_EQUAL(ret, 0); diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data index c54458cf4b..a4bae89756 100644 --- a/tests/suites/test_suite_ssl.records.data +++ b/tests/suites/test_suite_ssl.records.data @@ -150,7 +150,7 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLI # The last message of the first flight from the server is ServerHelloDone, # which is an empty handshake message, i.e. of length 4. The library doesn't -# support fragmentation of a handshake message, so the last place where we +# support fragmentation of a handshake header, so the last place where we # can split the flight is 4+1 = 5 bytes before it ends, with 1 byte in the # previous handshake message and 4 bytes of ServerHelloDone including header. Recombine server flight 1: TLS 1.2, coalesce and split at end-5 From 7af97b60e54c3f35b8ff4b63fccb8d86bdd2285e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 10 Apr 2025 10:18:44 +0200 Subject: [PATCH 0463/1548] Use HANDSHAKE_OVER in nominal test cases MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.records.data | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data index a4bae89756..8220cb0b92 100644 --- a/tests/suites/test_suite_ssl.records.data +++ b/tests/suites/test_suite_ssl.records.data @@ -4,7 +4,7 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_NOMINAL:0:"<= Recombine server flight 1: TLS 1.3, nominal depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.2, coalesce 2 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -23,7 +23,7 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:INT_ # very little beyond exercising the test code itself a little. Recombine server flight 1: TLS 1.3, coalesce all depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.2, split first at 4 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -31,7 +31,7 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:4 Recombine server flight 1: TLS 1.3, split first at 4 depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 Recombine server flight 1: TLS 1.2, split first at end-1 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -39,7 +39,7 @@ recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:- Recombine server flight 1: TLS 1.3, split first at end-1 depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305 -recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH:0 +recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0 # The library doesn't support an initial handshake fragment that doesn't # contain the full 4-byte handshake header. From a5db6c14fd45fd91de495cac914e187ffbca99ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 10 Apr 2025 12:35:58 +0200 Subject: [PATCH 0464/1548] Fix record insertion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We were not making enough room. We want to move everything from the place where we are going to insert the new record. This was not causing failures because the code does not look at the content after the inserted record, because it correctly returns an error when seeing the inserted record. But as a matter on principle, the test code should be doing what it says: just insert a new record but leave a valid fragment after it. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_ssl.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8964adc75b..11648a3341 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -243,14 +243,14 @@ static int recombine_insert_record(mbedtls_test_ssl_buffer *buf, TEST_LE_U(buf->content_length + 2 * header_length + inserted_content_length, buf->capacity); - /* Make room for an empty record and a record header */ + /* Make room for the inserted record and a record header for the fragment */ size_t inserted_record_start = header_length + offset; size_t inserted_content_start = inserted_record_start + header_length; size_t tail_record_start = inserted_content_start + inserted_content_length; size_t tail_content_start = tail_record_start + header_length; memmove(buf->buffer + tail_content_start, - buf->buffer + tail_record_start, - buf->content_length - tail_record_start); + buf->buffer + inserted_record_start, + buf->content_length - inserted_record_start); buf->content_length += 2 * header_length; /* Construct the inserted record based on the existing one */ From dba07e152e60112570773921db89e6fcc6d549f1 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 16 Apr 2025 14:35:24 +0200 Subject: [PATCH 0465/1548] Add missing ifdef for mbedtls_ssl_tls13_exporter Signed-off-by: Max Fillinger --- library/ssl_tls13_keys.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 0d6c391394..dbc703a6c1 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1823,6 +1823,7 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ +#if defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg, const unsigned char *secret, const size_t secret_len, const unsigned char *label, const size_t label_len, @@ -1853,5 +1854,6 @@ int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg, mbedtls_platform_zeroize(hkdf_secret, sizeof(hkdf_secret)); return ret; } +#endif /* defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ From 819bb4ae25b0dafc777ad3a8552f6fbd287482aa Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 16 Apr 2025 14:15:04 +0100 Subject: [PATCH 0466/1548] Reset crypto pointer to development Signed-off-by: Felix Conway --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index ced1c6df90..0ed1f9c13f 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit ced1c6df90b49ef39849d9cb8a0c540fb672a478 +Subproject commit 0ed1f9c13f3febee248c2a587b2e9b3055c8b3eb From dc6f6ec354784985e7828cd1aa13e9f081d48268 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 16 Apr 2025 14:16:24 +0100 Subject: [PATCH 0467/1548] Update framework pointer to merge commit Signed-off-by: Felix Conway --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index bf36088bd3..9e612a462b 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit bf36088bd373fe5dbe56fb5d05d25af35a56a175 +Subproject commit 9e612a462b77ddbc7c91e1331f4788cfc8863d69 From 61bd2729b2ef73b973dd8338822e6a3b01e4ba0a Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 17 Apr 2025 10:24:20 +0100 Subject: [PATCH 0468/1548] Check include/mbedtls exists before including from it Signed-off-by: Felix Conway --- programs/test/generate_cpp_dummy_build.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh index 05bdd34c94..7b4f520aca 100755 --- a/programs/test/generate_cpp_dummy_build.sh +++ b/programs/test/generate_cpp_dummy_build.sh @@ -52,9 +52,11 @@ EOF esac done - for header in tf-psa-crypto/include/mbedtls/*.h; do - echo "#include \"${header#tf-psa-crypto/include/}\"" - done + if [ -d "tf-psa-crypto/include/mbedtls" ]; then + for header in tf-psa-crypto/include/mbedtls/*.h; do + echo "#include \"${header#tf-psa-crypto/include/}\"" + done + fi for header in tf-psa-crypto/include/psa/*.h; do case ${header#tf-psa-crypto/include/} in From 0d4fca245600657358b7620359f987091c96979c Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 22 Apr 2025 09:25:58 +0100 Subject: [PATCH 0469/1548] Update submodule pointers Signed-off-by: Felix Conway --- framework | 2 +- tf-psa-crypto | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/framework b/framework index 9e612a462b..4a841219ff 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 9e612a462b77ddbc7c91e1331f4788cfc8863d69 +Subproject commit 4a841219ff9440f6a723e9e9612a33c44ad1e2f9 diff --git a/tf-psa-crypto b/tf-psa-crypto index 0ed1f9c13f..f936d86b25 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 0ed1f9c13f3febee248c2a587b2e9b3055c8b3eb +Subproject commit f936d86b2587eb4a961cac5b3b95b949ee056ee6 From b12205ca7ad5731a5b3c06adac435ff53c9ecc44 Mon Sep 17 00:00:00 2001 From: diopoex Date: Tue, 22 Apr 2025 11:09:43 +0200 Subject: [PATCH 0470/1548] Removed use of mbedtls_cipher_info from ssl_context_info.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Paul Höhn --- programs/ssl/ssl_context_info.c | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 63391cd01e..00238145d2 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -553,18 +553,7 @@ static void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, printf("\tciphersuite : %s\n", mbedtls_ssl_ciphersuite_get_name(ciphersuite_info)); printf("\tcipher flags : 0x%02X\n", ciphersuite_info->MBEDTLS_PRIVATE(flags)); - -#if defined(MBEDTLS_CIPHER_C) - const mbedtls_cipher_info_t *cipher_info; - cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->MBEDTLS_PRIVATE(cipher)); - if (cipher_info == NULL) { - printf_err("Cannot find cipher info\n"); - } else { - printf("\tcipher : %s\n", mbedtls_cipher_info_get_name(cipher_info)); - } -#else /* MBEDTLS_CIPHER_C */ printf("\tcipher type : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(cipher)); -#endif /* MBEDTLS_CIPHER_C */ #if defined(MBEDTLS_MD_C) md_info = mbedtls_md_info_from_type(ciphersuite_info->MBEDTLS_PRIVATE(mac)); From 5081d6544da76964a0811375384a2509e0a26a52 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 2 Apr 2025 14:29:59 +0100 Subject: [PATCH 0471/1548] Switch all.sh components from selftest to which_aes Signed-off-by: Felix Conway --- tests/scripts/components-platform.sh | 41 +++++++++++----------------- 1 file changed, 16 insertions(+), 25 deletions(-) mode change 100644 => 100755 tests/scripts/components-platform.sh diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh old mode 100644 new mode 100755 index abae2830ad..824e5ff2e5 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -120,15 +120,17 @@ component_test_aesni () { # ~ 60s msg "AES tests, test intrinsics" make clean make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' - # check that we built intrinsics - this should be used by default when supported by the compiler - ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" + # check that the intrinsics implementation is in use - this should be used by default when + # supported by the compiler + ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" # test the asm implementation msg "AES tests, test assembly" make clean make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes' - # check that we built assembly - this should be built if the compiler does not support intrinsics - ./programs/test/selftest aes | grep "AESNI code" | grep -q "assembly" + # check that the assembly implementation is in use - this should be used if the compiler + # does not support intrinsics + ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI ASSEMBLY" # test the plain C implementation scripts/config.py unset MBEDTLS_AESNI_C @@ -137,20 +139,17 @@ component_test_aesni () { # ~ 60s make clean make CC=gcc CFLAGS='-O2 -Werror' # check that there is no AESNI code present - ./programs/test/selftest aes | not grep -q "AESNI code" - not grep -q "AES note: using AESNI" ./programs/test/selftest - grep -q "AES note: built-in implementation." ./programs/test/selftest + not grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes + # check that the built-in software implementation is in use + ./tf-psa-crypto/programs/test/which_aes | grep -q "SOFTWARE" - # test the intrinsics implementation + # test the AESNI implementation scripts/config.py set MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY msg "AES tests, test AESNI only" make clean make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' - ./programs/test/selftest aes | grep -q "AES note: using AESNI" - ./programs/test/selftest aes | not grep -q "AES note: built-in implementation." - grep -q "AES note: using AESNI" ./programs/test/selftest - not grep -q "AES note: built-in implementation." ./programs/test/selftest + ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI" } support_test_aesni_m32 () { @@ -172,21 +171,15 @@ component_test_aesni_m32 () { # ~ 60s make clean make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' # check that we built intrinsics - this should be used by default when supported by the compiler - ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" - grep -q "AES note: using AESNI" ./programs/test/selftest - grep -q "AES note: built-in implementation." ./programs/test/selftest - grep -q mbedtls_aesni_has_support ./programs/test/selftest + ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" + grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes scripts/config.py set MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY msg "AES tests, test AESNI only" make clean make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32' - ./programs/test/selftest aes | grep -q "AES note: using AESNI" - ./programs/test/selftest aes | not grep -q "AES note: built-in implementation." - grep -q "AES note: using AESNI" ./programs/test/selftest - not grep -q "AES note: built-in implementation." ./programs/test/selftest - not grep -q mbedtls_aesni_has_support ./programs/test/selftest + ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI" } support_test_aesni_m32_clang () { @@ -205,10 +198,8 @@ component_test_aesni_m32_clang () { make clean make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' # check that we built intrinsics - this should be used by default when supported by the compiler - ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" - grep -q "AES note: using AESNI" ./programs/test/selftest - grep -q "AES note: built-in implementation." ./programs/test/selftest - grep -q mbedtls_aesni_has_support ./programs/test/selftest + ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" + grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes } support_build_aes_armce () { From 9949f0093020f1db77669f18847be26a1d427eed Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 3 Apr 2025 15:05:21 +0100 Subject: [PATCH 0472/1548] Add tf-psa-crypto/programs/test/which_aes to Makefile Signed-off-by: Felix Conway --- programs/Makefile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/programs/Makefile b/programs/Makefile index b26429061e..a043fe1912 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -47,6 +47,7 @@ APPS = \ ../tf-psa-crypto/programs/psa/key_ladder_demo \ ../tf-psa-crypto/programs/psa/psa_constant_names \ ../tf-psa-crypto/programs/psa/psa_hash \ + ../tf-psa-crypto/programs/test/which_aes \ ssl/dtls_client \ ssl/dtls_server \ ssl/mini_client \ @@ -179,6 +180,10 @@ pkey/rsa_verify_pss$(EXEXT): pkey/rsa_verify_pss.c $(DEP) echo " CC psa/psa_hash.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +../tf-psa-crypto/programs/test/which_aes$(EXEXT): ../tf-psa-crypto/programs/test/which_aes.c $(DEP) + echo " CC test/which_aes.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/test/which_aes.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + ssl/dtls_client$(EXEXT): ssl/dtls_client.c $(DEP) echo " CC ssl/dtls_client.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ From 8e13c8f018ecb78713e335b659605de1b1ed113d Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 3 Apr 2025 15:06:37 +0100 Subject: [PATCH 0473/1548] Add shebang to fix CI error Signed-off-by: Felix Conway --- tests/scripts/components-platform.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh index 824e5ff2e5..9831b8f88e 100755 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -1,3 +1,5 @@ +#!/bin/bash + # components-platform.sh # # Copyright The Mbed TLS Contributors From ad7049407b79cdd5839e06d754c860fe3476dace Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 9 Apr 2025 15:41:11 +0100 Subject: [PATCH 0474/1548] Remove executable permissions and shebang from component-platforms.sh Signed-off-by: Felix Conway --- tests/scripts/components-platform.sh | 2 -- 1 file changed, 2 deletions(-) mode change 100755 => 100644 tests/scripts/components-platform.sh diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh old mode 100755 new mode 100644 index 9831b8f88e..824e5ff2e5 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -1,5 +1,3 @@ -#!/bin/bash - # components-platform.sh # # Copyright The Mbed TLS Contributors From 690858013199630d533dc0fe0225a20d4a788a47 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 9 Apr 2025 17:05:00 +0100 Subject: [PATCH 0475/1548] Use aesni_crypt_ecb and internal_aes_encrypt to check conditional compilation Signed-off-by: Felix Conway --- tests/scripts/components-platform.sh | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh index 824e5ff2e5..25cfd4163d 100644 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -138,8 +138,9 @@ component_test_aesni () { # ~ 60s msg "AES tests, plain C" make clean make CC=gcc CFLAGS='-O2 -Werror' - # check that there is no AESNI code present - not grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes + # check that the plain C implementation is present and the AESNI one is not + grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o + not grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o # check that the built-in software implementation is in use ./tf-psa-crypto/programs/test/which_aes | grep -q "SOFTWARE" @@ -149,6 +150,9 @@ component_test_aesni () { # ~ 60s msg "AES tests, test AESNI only" make clean make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' + # check that the AESNI implementation is present and the plain C one is not + grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o + not grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI" } @@ -172,6 +176,9 @@ component_test_aesni_m32 () { # ~ 60s make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' # check that we built intrinsics - this should be used by default when supported by the compiler ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" + # check that both the AESNI and plain C implementations are present + grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o + grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes scripts/config.py set MBEDTLS_AESNI_C @@ -180,6 +187,10 @@ component_test_aesni_m32 () { # ~ 60s make clean make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32' ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI" + # check that the AESNI implementation is present and the plain C one is not + grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o + not grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o + not grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes } support_test_aesni_m32_clang () { @@ -199,6 +210,9 @@ component_test_aesni_m32_clang () { make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' # check that we built intrinsics - this should be used by default when supported by the compiler ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" + # check that both the AESNI and plain C implementations are present + grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o + grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o grep -q mbedtls_aesni_has_support ./tf-psa-crypto/programs/test/which_aes } From f065c311d4e8778e5dd4bae5d313dc750884bae6 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 22 Apr 2025 10:52:18 +0100 Subject: [PATCH 0476/1548] Update tf-psa-crypto pointer Signed-off-by: Felix Conway --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 4a9f29b05c..f936d86b25 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 4a9f29b05c661bd874c75d80339fcce00adea4e0 +Subproject commit f936d86b2587eb4a961cac5b3b95b949ee056ee6 From 0f6dd1caf1f69612e395c715bc3719826ba01a00 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 24 Apr 2025 15:20:22 +0200 Subject: [PATCH 0477/1548] Prepare framework for pylint check-str-concat-over-line-jumps Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 4a841219ff..1e7b5d54d3 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 4a841219ff9440f6a723e9e9612a33c44ad1e2f9 +Subproject commit 1e7b5d54d3823b65fd4755bcf60f9ca39cfcbca3 From 8893a8f33bcf95d945f72ce30a307d731e2572d3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 24 Apr 2025 13:59:06 +0200 Subject: [PATCH 0478/1548] Complain about a missing comma in multiline lists of strings Signed-off-by: Gilles Peskine --- .pylintrc | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.pylintrc b/.pylintrc index f9c97d55ea..4a1b6e555f 100644 --- a/.pylintrc +++ b/.pylintrc @@ -70,6 +70,17 @@ disable=locally-disabled,locally-enabled,logging-format-interpolation,no-else-re # Don't diplay statistics. Just the facts. reports=no +[STRING] +# Complain about +# ``` +# list_of_strings = [ +# 'foo' # <-- missing comma +# 'bar', +# 'corge', +# ] +# ``` +check-str-concat-over-line-jumps=yes + [VARIABLES] # Allow unused variables if their name starts with an underscore. # [unused-argument] From 46952048726871bce3c9038bb6cbaa0b042fa850 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 13 Feb 2025 15:09:54 +0000 Subject: [PATCH 0479/1548] remove mbedtls_nist_kw_self_test from selftests Signed-off-by: Ben Taylor --- programs/test/selftest.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 546716f12d..4794cefd24 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -309,9 +309,6 @@ const selftest_t selftests[] = #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C) { "ccm", mbedtls_ccm_self_test }, #endif -#if defined(MBEDTLS_NIST_KW_C) && defined(MBEDTLS_AES_C) - { "nist_kw", mbedtls_nist_kw_self_test }, -#endif #if defined(MBEDTLS_CMAC_C) { "cmac", mbedtls_cmac_self_test }, #endif From 1948c943857968f27128f97006a49e840eaae943 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 4 Mar 2025 09:11:11 +0000 Subject: [PATCH 0480/1548] added dependencies to test scripts Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 3 +++ tests/scripts/depends.py | 1 + 2 files changed, 4 insertions(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index cb66e371cb..bf537a9ccd 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -382,6 +382,9 @@ component_test_full_no_ccm_star_no_tag () { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING + # NOTE unsettting PSA_WANT_ALG_ECB_NO_PADDING without unsetting NIST_KW_C will + # mean PSA_WANT_ALG_ECB_NO_PADDING is re-enabled, so disabling it also. + scripts/config.py -f "$CRYPTO_CONFIG_H" unset MBEDTLS_NIST_KW_C scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 816d2debae..5e025ba79b 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -350,6 +350,7 @@ def test(self, options): 'PSA_WANT_ALG_SHA3_256', 'PSA_WANT_ALG_SHA3_384', 'PSA_WANT_ALG_SHA3_512'], + 'PSA_WANT_ALG_ECB_NO_PADDING' : ['MBEDTLS_NIST_KW_C'], } # If an option is tested in an exclusive test, alter the following defines. From c568688456819a6b63ca8ef7750b85b8f47148c8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 24 Mar 2025 15:55:27 +0100 Subject: [PATCH 0481/1548] config.py: do not enable MBEDTLS_PLATFORM_GET_ENTROPY_ALT in full config Signed-off-by: Valerio Setti --- scripts/config.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/config.py b/scripts/config.py index 3fc3614dc7..6b30c54c70 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -123,6 +123,7 @@ def is_seamless_alt(name): an implementation of the relevant functions and an xxx_alt.h header. """ if name in ( + 'MBEDTLS_PLATFORM_GET_ENTROPY_ALT', 'MBEDTLS_PLATFORM_GMTIME_R_ALT', 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT', 'MBEDTLS_PLATFORM_MS_TIME_ALT', From 405d4adff2fa5277084bd0cfbf26d8b1046d803a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 8 Apr 2025 14:04:57 +0200 Subject: [PATCH 0482/1548] psasim: add timeout while waiting for psa_server to start Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/test/start_server.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/psa-client-server/psasim/test/start_server.sh b/tests/psa-client-server/psasim/test/start_server.sh index ef11439777..1249930af1 100755 --- a/tests/psa-client-server/psasim/test/start_server.sh +++ b/tests/psa-client-server/psasim/test/start_server.sh @@ -8,7 +8,14 @@ set -e # The server creates some local files when it starts up so we can wait for this # event as signal that the server is ready so that we can start client(s). function wait_for_server_startup() { + SECONDS=0 + TIMEOUT=10 + while [ $(find . -name "psa_notify_*" | wc -l) -eq 0 ]; do + if [ "$SECONDS" -ge "$TIMEOUT" ]; then + echo "Timeout: psa_server not started within $TIMEOUT seconds." + return 1 + fi sleep 0.1 done } From 73bd210a946e3325272494cf2b977d0acaa83c90 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 15 Apr 2025 08:56:51 +0200 Subject: [PATCH 0483/1548] tests: remove usage of MBEDTLS_NO_PLATFORM_ENTROPY Use MBEDTLS_PLATFORM_GET_ENTROPY_ALT instead. Signed-off-by: Valerio Setti --- programs/test/selftest.c | 4 ++-- scripts/config.py | 3 +-- scripts/footprint.sh | 2 +- tests/scripts/analyze_outcomes.py | 1 - tests/scripts/components-configuration-platform.sh | 5 +---- 5 files changed, 5 insertions(+), 10 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 546716f12d..0941089779 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -211,7 +211,7 @@ static int run_test_snprintf(void) * back. */ #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C) -#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY) +#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PLATFORM_GET_ENTROPY_ALT) static void create_entropy_seed_file(void) { int result; @@ -244,7 +244,7 @@ static void create_entropy_seed_file(void) static int mbedtls_entropy_self_test_wrapper(int verbose) { -#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY) +#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PLATFORM_GET_ENTROPY_ALT) create_entropy_seed_file(); #endif return mbedtls_entropy_self_test(verbose); diff --git a/scripts/config.py b/scripts/config.py index 6b30c54c70..e5182a6a59 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -88,7 +88,6 @@ def realfull_adapter(_name, _value, _active): 'MBEDTLS_MEMORY_DEBUG', # depends on MEMORY_BUFFER_ALLOC_C 'MBEDTLS_NO_64BIT_MULTIPLICATION', # influences anything that uses bignum 'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature - 'MBEDTLS_NO_PLATFORM_ENTROPY', # removes a feature 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum 'MBEDTLS_PSA_P256M_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature @@ -182,7 +181,7 @@ def baremetal_adapter(name, value, active): """Config adapter for "baremetal".""" if not is_boolean_setting(name, value): return active - if name == 'MBEDTLS_NO_PLATFORM_ENTROPY': + if name == 'MBEDTLS_PLATFORM_GET_ENTROPY_ALT': # No OS-provided entropy source return True return include_in_full(name) and keep_in_baremetal(name) diff --git a/scripts/footprint.sh b/scripts/footprint.sh index 614a493098..e45a9265ac 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -64,7 +64,7 @@ doit() scripts/config.py unset MBEDTLS_NET_C || true scripts/config.py unset MBEDTLS_TIMING_C || true scripts/config.py unset MBEDTLS_FS_IO || true - scripts/config.py --force set MBEDTLS_NO_PLATFORM_ENTROPY || true + scripts/config.py --force set MBEDTLS_PLATFORM_GET_ENTROPY_ALT || true } >/dev/null 2>&1 make clean >/dev/null diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index c7c9ed5810..429a04f7f5 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -121,7 +121,6 @@ def _has_word_re(words: typing.Iterable[str], # Obsolete configuration options, to be replaced by # PSA entropy drivers. # https://github.com/Mbed-TLS/mbedtls/issues/8150 - 'Config: MBEDTLS_NO_PLATFORM_ENTROPY', 'Config: MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # Untested aspect of the platform interface. # https://github.com/Mbed-TLS/mbedtls/issues/9589 diff --git a/tests/scripts/components-configuration-platform.sh b/tests/scripts/components-configuration-platform.sh index bebd860511..cadd14061c 100644 --- a/tests/scripts/components-configuration-platform.sh +++ b/tests/scripts/components-configuration-platform.sh @@ -26,7 +26,7 @@ component_build_no_sockets () { msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. - scripts/config.py set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux + scripts/config.py set MBEDTLS_PLATFORM_GET_ENTROPY_ALT # prevent syscall() on GNU/Linux make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib } @@ -106,6 +106,3 @@ component_test_no_64bit_multiplication () { msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s make test } - - - From 3775c9b48f39e80cdd527245d54ec6a88d3f4fae Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 15 Apr 2025 12:49:17 +0200 Subject: [PATCH 0484/1548] programs: selftest: remove direct call to mbedtls_platform_entropy_poll() The function is now internal so it cannot be referenced from programs. A dummy alternative is used instead. Signed-off-by: Valerio Setti --- programs/test/selftest.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 0941089779..0a6faa778f 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -212,10 +212,17 @@ static int run_test_snprintf(void) */ #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C) #if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PLATFORM_GET_ENTROPY_ALT) +static void dummy_entropy(unsigned char *output, size_t output_size) +{ + srand(1); + for (size_t i = 0; i < output_size; i++) { + output[i] = rand(); + } +} + static void create_entropy_seed_file(void) { int result; - size_t output_len = 0; unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE]; /* Attempt to read the entropy seed file. If this fails - attempt to write @@ -226,18 +233,7 @@ static void create_entropy_seed_file(void) return; } - result = mbedtls_platform_entropy_poll(NULL, - seed_value, - MBEDTLS_ENTROPY_BLOCK_SIZE, - &output_len); - if (0 != result) { - return; - } - - if (MBEDTLS_ENTROPY_BLOCK_SIZE != output_len) { - return; - } - + dummy_entropy(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE); mbedtls_platform_std_nv_seed_write(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE); } #endif From 7ac11845d07552a00d0637bb027a99cab2c5f7f5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 18 Apr 2025 14:30:28 +0200 Subject: [PATCH 0485/1548] configs: add PLATFORM_C to configs using ENTROPY_C This is necessary to let entropy being able to gather entropy data from the native platform source. Signed-off-by: Valerio Setti --- configs/crypto-config-ccm-psk-tls1_2.h | 1 + configs/crypto-config-suite-b.h | 1 + configs/crypto-config-thread.h | 1 + tests/scripts/components-configuration-crypto.sh | 1 + 4 files changed, 4 insertions(+) diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h index e4de8b3fb6..7a33b0daa9 100644 --- a/configs/crypto-config-ccm-psk-tls1_2.h +++ b/configs/crypto-config-ccm-psk-tls1_2.h @@ -31,6 +31,7 @@ #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C +#define MBEDTLS_PLATFORM_C /* Save RAM at the expense of ROM */ #define MBEDTLS_AES_ROM_TABLES diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h index 3fec3d0f10..92549bade1 100644 --- a/configs/crypto-config-suite-b.h +++ b/configs/crypto-config-suite-b.h @@ -49,6 +49,7 @@ #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C +#define MBEDTLS_PLATFORM_C #define MBEDTLS_OID_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h index f71b1f079a..d1c449ea98 100644 --- a/configs/crypto-config-thread.h +++ b/configs/crypto-config-thread.h @@ -56,6 +56,7 @@ #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C +#define MBEDTLS_PLATFORM_C #define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_MD_C #define MBEDTLS_OID_C diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index cb66e371cb..f5b3436179 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2204,6 +2204,7 @@ END #define MBEDTLS_AES_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C + #define MBEDTLS_PLATFORM_C #define MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_SELF_TEST END From b13d29ebb2b35ca2478ec72d3fb89a4a4b397f83 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 18 Apr 2025 18:11:17 +0200 Subject: [PATCH 0486/1548] tests: scripts: fix test_cmake_out_of_source By default C++ code would be compiled with GNU while C with Clang and this can create problems at link time. In order to prevent this we use Clang for both. Signed-off-by: Valerio Setti --- tests/scripts/components-build-system.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh index 3108aa7b92..e533cdf0f9 100644 --- a/tests/scripts/components-build-system.sh +++ b/tests/scripts/components-build-system.sh @@ -65,7 +65,9 @@ component_test_cmake_out_of_source () { mkdir "$OUT_OF_SOURCE_DIR" cd "$OUT_OF_SOURCE_DIR" # Note: Explicitly generate files as these are turned off in releases - cmake -D CMAKE_BUILD_TYPE:String=Check -D GEN_FILES=ON -D TEST_CPP=1 "$MBEDTLS_ROOT_DIR" + # Note: Use Clang compiler also for C++ (C uses it by default) + CXX=clang++ cmake -D CMAKE_BUILD_TYPE:String=Check -D GEN_FILES=ON \ + -D TEST_CPP=1 "$MBEDTLS_ROOT_DIR" make msg "test: cmake 'out-of-source' build" From 1971eab465606696991c62370141f0b862ecaa70 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 22 Apr 2025 16:11:00 +0200 Subject: [PATCH 0487/1548] programs: test: add C++ specific commands to cpp_dummy_build Add C++ specific instructions to the generated *.cpp source file so that the build will fail in case a C compiler is used. Signed-off-by: Valerio Setti --- programs/test/generate_cpp_dummy_build.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh index 7b4f520aca..ecf0149a17 100755 --- a/programs/test/generate_cpp_dummy_build.sh +++ b/programs/test/generate_cpp_dummy_build.sh @@ -73,8 +73,12 @@ EOF cat <<'EOF' +#include + int main() { + std::cout << "CPP dummy build\n"; + mbedtls_platform_context *ctx = NULL; mbedtls_platform_setup(ctx); mbedtls_printf("CPP Build test passed\n"); From 7fb7fdabd730751c38e18fee816d028ec1befed2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 22 Apr 2025 16:28:55 +0200 Subject: [PATCH 0488/1548] tests: scripts: fix component_test_no_platform() Use alternative implementation of mbedtls_platform_get_entropy() since the default one lives in "platform.c" and that one is excluded in this test component. Signed-off-by: Valerio Setti --- tests/scripts/components-configuration.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index 2dfa6d2114..cc2cf0604f 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -280,6 +280,10 @@ component_test_no_platform () { scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED + # Use the test alternative implementation of mbedtls_platform_get_entropy() + # which is provided in "framework/tests/src/fake_external_rng_for_test.c" + # since the default one is excluded in this scenario. + scripts/config.py set MBEDTLS_PLATFORM_GET_ENTROPY_ALT # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, # to re-enable platform integration features otherwise disabled in C99 builds make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs From 0f0304d433cc18a0d9865f30056d84f20346fc57 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 22 Apr 2025 17:36:17 +0200 Subject: [PATCH 0489/1548] scripts: tests: fix component_test_full_cmake_clang Use the proper Clang C++ compiler to build C++ code otherwise the C compiler will fail because std::cout() is unknown in "cpp_dummy_build.cpp". Signed-off-by: Valerio Setti --- tests/scripts/components-configuration.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index cc2cf0604f..5fd9ede124 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -132,7 +132,8 @@ component_test_full_cmake_gcc_asan_new_bignum () { component_test_full_cmake_clang () { msg "build: cmake, full config, clang" # ~ 50s scripts/config.py full - CC=clang CXX=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On -D TEST_CPP=1 . + CC=clang CXX=clang++ cmake -D CMAKE_BUILD_TYPE:String=Release \ + -D ENABLE_TESTING=On -D TEST_CPP=1 . make msg "test: main suites (full config, clang)" # ~ 5s From da9527473076a466fd950d50391caa645e0ab52e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20H=C3=B6hn?= Date: Mon, 28 Apr 2025 19:40:52 +0200 Subject: [PATCH 0490/1548] ssl context fix for 4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Paul Höhn --- programs/ssl/ssl_context_info.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 00238145d2..4e844d4c0d 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -547,21 +547,13 @@ static void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, if (ciphersuite_info == NULL) { printf_err("Cannot find ciphersuite info\n"); } else { -#if defined(MBEDTLS_MD_C) - const mbedtls_md_info_t *md_info; -#endif printf("\tciphersuite : %s\n", mbedtls_ssl_ciphersuite_get_name(ciphersuite_info)); printf("\tcipher flags : 0x%02X\n", ciphersuite_info->MBEDTLS_PRIVATE(flags)); printf("\tcipher type : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(cipher)); #if defined(MBEDTLS_MD_C) - md_info = mbedtls_md_info_from_type(ciphersuite_info->MBEDTLS_PRIVATE(mac)); - if (md_info == NULL) { - printf_err("Cannot find Message-Digest info\n"); - } else { - printf("\tMessage-Digest : %s\n", mbedtls_md_get_name(md_info)); - } + printf("\tMessage-Digest : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(mac)); #endif /* MBEDTLS_MD_C */ } From 5a7a5305e8b16cbacf0036384c3fc49e68dedaa7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20H=C3=B6hn?= Date: Tue, 29 Apr 2025 16:34:14 +0200 Subject: [PATCH 0491/1548] removed trailing whitespace MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Paul Höhn --- programs/ssl/ssl_context_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 4e844d4c0d..11c358946d 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -553,7 +553,7 @@ static void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, printf("\tcipher type : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(cipher)); #if defined(MBEDTLS_MD_C) - printf("\tMessage-Digest : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(mac)); + printf("\tMessage-Digest : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(mac)); #endif /* MBEDTLS_MD_C */ } From e38041673f1e8267b8a674041af92ea085f9ec62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20H=C3=B6hn?= Date: Tue, 29 Apr 2025 18:52:13 +0200 Subject: [PATCH 0492/1548] fixed the tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Paul Höhn --- tests/context-info.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/context-info.sh b/tests/context-info.sh index 066bd3d589..997d69bba7 100755 --- a/tests/context-info.sh +++ b/tests/context-info.sh @@ -205,7 +205,7 @@ run_test "Default configuration, server" \ -u "MBEDTLS_SSL_ALPN$" \ -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ -u "cipher flags.* 0x00$" \ - -u "Message-Digest.* SHA256$" \ + -u "Message-Digest.* [0-9]\+$" \ -u "compression.* disabled$" \ -u "DTLS datagram packing.* enabled$" \ -n "Certificate" \ @@ -227,7 +227,7 @@ run_test "Default configuration, client" \ -u "MBEDTLS_SSL_ALPN$" \ -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ -u "cipher flags.* 0x00$" \ - -u "Message-Digest.* SHA256$" \ + -u "Message-Digest.* [0-9]\+$" \ -u "compression.* disabled$" \ -u "DTLS datagram packing.* enabled$" \ -u "cert. version .* 3$" \ @@ -348,7 +348,7 @@ run_test "Older version (v2.19.1)" \ -u "minor.* 19$" \ -u "path.* 1$" \ -u "ciphersuite.* TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8$" \ - -u "Message-Digest.* SHA256$" \ + -u "Message-Digest.* [0-9]\+$" \ -u "compression.* disabled$" \ -u "serial number.* 01:70:AF:40:B4:E6$" \ -u "issuer name.* CN=ca$" \ From 02c80e631f3ec44d1aa8a9cfc03cc1ddb9252a88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20H=C3=B6hn?= Date: Tue, 29 Apr 2025 22:02:24 +0200 Subject: [PATCH 0493/1548] Fix test and formatting in ssl_context_info MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Paul Höhn --- programs/ssl/ssl_context_info.c | 4 ---- tests/context-info.sh | 6 +++--- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 11c358946d..7bcd50fe65 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -547,14 +547,10 @@ static void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, if (ciphersuite_info == NULL) { printf_err("Cannot find ciphersuite info\n"); } else { - printf("\tciphersuite : %s\n", mbedtls_ssl_ciphersuite_get_name(ciphersuite_info)); printf("\tcipher flags : 0x%02X\n", ciphersuite_info->MBEDTLS_PRIVATE(flags)); printf("\tcipher type : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(cipher)); - -#if defined(MBEDTLS_MD_C) printf("\tMessage-Digest : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(mac)); -#endif /* MBEDTLS_MD_C */ } CHECK_SSL_END(1); diff --git a/tests/context-info.sh b/tests/context-info.sh index 997d69bba7..4ad5e0c4f7 100755 --- a/tests/context-info.sh +++ b/tests/context-info.sh @@ -205,7 +205,7 @@ run_test "Default configuration, server" \ -u "MBEDTLS_SSL_ALPN$" \ -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ -u "cipher flags.* 0x00$" \ - -u "Message-Digest.* [0-9]\+$" \ + -u "Message-Digest.* 9$" \ -u "compression.* disabled$" \ -u "DTLS datagram packing.* enabled$" \ -n "Certificate" \ @@ -227,7 +227,7 @@ run_test "Default configuration, client" \ -u "MBEDTLS_SSL_ALPN$" \ -u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \ -u "cipher flags.* 0x00$" \ - -u "Message-Digest.* [0-9]\+$" \ + -u "Message-Digest.* 9$" \ -u "compression.* disabled$" \ -u "DTLS datagram packing.* enabled$" \ -u "cert. version .* 3$" \ @@ -348,7 +348,7 @@ run_test "Older version (v2.19.1)" \ -u "minor.* 19$" \ -u "path.* 1$" \ -u "ciphersuite.* TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8$" \ - -u "Message-Digest.* [0-9]\+$" \ + -u "Message-Digest.* 9$" \ -u "compression.* disabled$" \ -u "serial number.* 01:70:AF:40:B4:E6$" \ -u "issuer name.* CN=ca$" \ From 05027f23ce65ceae8526318a3edebf398170c1da Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 2 May 2025 11:41:19 +0100 Subject: [PATCH 0494/1548] Fix bug in bump_version.sh This had not been updated after test_suite_version was moved back to mbedtls from TF-PSA-Crypto. Signed-off-by: David Horstmann --- scripts/bump_version.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index 415608acc8..86ed74eada 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -124,8 +124,8 @@ cat include/mbedtls/build_info.h | \ mv tmp include/mbedtls/build_info.h [ $VERBOSE ] && echo "Bumping version in tests/suites/test_suite_version.data" -sed -e "s/version:\".\{1,\}/version:\"$VERSION\"/g" < tf-psa-crypto/tests/suites/test_suite_version.data > tmp -mv tmp tf-psa-crypto/tests/suites/test_suite_version.data +sed -e "s/version:\".\{1,\}/version:\"$VERSION\"/g" < tests/suites/test_suite_version.data > tmp +mv tmp tests/suites/test_suite_version.data [ $VERBOSE ] && echo "Bumping PROJECT_NAME in doxygen/mbedtls.doxyfile and doxygen/input/doc_mainpage.h" for i in doxygen/mbedtls.doxyfile doxygen/input/doc_mainpage.h; From 1afedacfea918c47ff55f845a22e95d38d84f836 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 6 May 2025 06:27:02 +0200 Subject: [PATCH 0495/1548] tests: scripts: add new component to configuration-platform.sh Import component_test_platform_get_entropy_alt() from its counterpart in TF-PSA-Crypto repo. Signed-off-by: Valerio Setti --- tests/scripts/components-configuration-platform.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/scripts/components-configuration-platform.sh b/tests/scripts/components-configuration-platform.sh index cadd14061c..ade207a650 100644 --- a/tests/scripts/components-configuration-platform.sh +++ b/tests/scripts/components-configuration-platform.sh @@ -20,6 +20,20 @@ component_build_no_std_function () { make } +component_test_platform_get_entropy_alt() +{ + msg "build: default config + MBEDTLS_PLATFORM_GET_ENTROPY_ALT" + # Use hardware polling as the only source for entropy + scripts/config.py set MBEDTLS_PLATFORM_GET_ENTROPY_ALT + scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED + + make + + # Run all the tests + msg "test: default config + MBEDTLS_PLATFORM_GET_ENTROPY_ALT" + make test +} + component_build_no_sockets () { # Note, C99 compliance can also be tested with the sockets support disabled, # as that requires a POSIX platform (which isn't the same as C99). From 55fa8755744814f43c9ed1f88dca5a7a6dae7833 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 29 Apr 2025 11:02:27 +0200 Subject: [PATCH 0496/1548] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 1e7b5d54d3..1a83e0c84d 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 1e7b5d54d3823b65fd4755bcf60f9ca39cfcbca3 +Subproject commit 1a83e0c84d4b7aa11c7cfd3771322486fc87d281 From 7f8b7b768bbea599f6a50b9fc638192127000f31 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 29 Apr 2025 11:02:37 +0200 Subject: [PATCH 0497/1548] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index f936d86b25..5ab6c9c8d6 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit f936d86b2587eb4a961cac5b3b95b949ee056ee6 +Subproject commit 5ab6c9c8d6fae90fa46f51fbc7d5d1327a041388 From 68878ccdd0c24e9522652e334175a48f488fadfd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 10 Apr 2025 23:30:26 +0200 Subject: [PATCH 0498/1548] library: x509: simplify RSA-PSS management - Do not store RSA-PSS signature options in CRL/CRT/CSR structures; - During the parsing phase, just ensure that MGF1 hash alg is the same as the one used for the message. Signed-off-by: Valerio Setti --- include/mbedtls/x509_crl.h | 1 - include/mbedtls/x509_crt.h | 1 - include/mbedtls/x509_csr.h | 1 - library/x509.c | 26 +++++++++----------------- library/x509_crl.c | 7 +------ library/x509_crt.c | 7 +------ library/x509_csr.c | 7 +------ library/x509_internal.h | 3 +-- 8 files changed, 13 insertions(+), 40 deletions(-) diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index e08767e925..e59d16502d 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -83,7 +83,6 @@ typedef struct mbedtls_x509_crl { mbedtls_x509_buf MBEDTLS_PRIVATE(sig); mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ - void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ /** Next element in the linked list of CRL. * \p NULL indicates the end of the list. diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 9817d35a7d..8a220cd414 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -82,7 +82,6 @@ typedef struct mbedtls_x509_crt { mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part signed with the private key. */ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ - void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ /** Next certificate in the linked list that constitutes the CA chain. * \p NULL indicates the end of the list. diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index f9eb04d333..bed1c953e5 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -56,7 +56,6 @@ typedef struct mbedtls_x509_csr { mbedtls_x509_buf MBEDTLS_PRIVATE(sig); mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ - void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ } mbedtls_x509_csr; diff --git a/library/x509.c b/library/x509.c index 0571687daa..8ca7dde624 100644 --- a/library/x509.c +++ b/library/x509.c @@ -715,38 +715,30 @@ int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x5 * Get signature algorithm from alg OID and optional parameters */ int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, - void **sig_opts) + mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if (*sig_opts != NULL) { - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - if ((ret = mbedtls_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret); } #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (*pk_alg == MBEDTLS_PK_RSASSA_PSS) { - mbedtls_pk_rsassa_pss_options *pss_opts; - - pss_opts = mbedtls_calloc(1, sizeof(mbedtls_pk_rsassa_pss_options)); - if (pss_opts == NULL) { - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } + mbedtls_md_type_t mgf1_hash_id; + int expected_salt_len; ret = mbedtls_x509_get_rsassa_pss_params(sig_params, md_alg, - &pss_opts->mgf1_hash_id, - &pss_opts->expected_salt_len); + &mgf1_hash_id, + &expected_salt_len); if (ret != 0) { - mbedtls_free(pss_opts); return ret; } - - *sig_opts = (void *) pss_opts; + /* Ensure MGF1 hash alg is the same as the one used to hash the message. */ + if (mgf1_hash_id != *md_alg) { + return MBEDTLS_ERR_X509_INVALID_ALG; + } } else #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ { diff --git a/library/x509_crl.c b/library/x509_crl.c index bc4fdbb884..81af93b6a9 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -389,8 +389,7 @@ int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain, crl->version++; if ((ret = mbedtls_x509_get_sig_alg(&crl->sig_oid, &sig_params1, - &crl->sig_md, &crl->sig_pk, - &crl->sig_opts)) != 0) { + &crl->sig_md, &crl->sig_pk)) != 0) { mbedtls_x509_crl_free(crl); return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG; } @@ -676,10 +675,6 @@ void mbedtls_x509_crl_free(mbedtls_x509_crl *crl) mbedtls_x509_crl_entry *entry_prv; while (crl_cur != NULL) { -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_free(crl_cur->sig_opts); -#endif - mbedtls_asn1_free_named_data_list_shallow(crl_cur->issuer.next); entry_cur = crl_cur->entry.next; diff --git a/library/x509_crt.c b/library/x509_crt.c index 5d26ebbbc1..47907f2f89 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1163,8 +1163,7 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, crt->version++; if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1, - &crt->sig_md, &crt->sig_pk, - &crt->sig_opts)) != 0) { + &crt->sig_md, &crt->sig_pk)) != 0) { mbedtls_x509_crt_free(crt); return ret; } @@ -3203,10 +3202,6 @@ void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) while (cert_cur != NULL) { mbedtls_pk_free(&cert_cur->pk); -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_free(cert_cur->sig_opts); -#endif - mbedtls_asn1_free_named_data_list_shallow(cert_cur->issuer.next); mbedtls_asn1_free_named_data_list_shallow(cert_cur->subject.next); mbedtls_asn1_sequence_free(cert_cur->ext_key_usage.next); diff --git a/library/x509_csr.c b/library/x509_csr.c index 8e5fdb6813..c4a12845dc 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -407,8 +407,7 @@ static int mbedtls_x509_csr_parse_der_internal(mbedtls_x509_csr *csr, } if ((ret = mbedtls_x509_get_sig_alg(&csr->sig_oid, &sig_params, - &csr->sig_md, &csr->sig_pk, - &csr->sig_opts)) != 0) { + &csr->sig_md, &csr->sig_pk)) != 0) { mbedtls_x509_csr_free(csr); return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG; } @@ -621,10 +620,6 @@ void mbedtls_x509_csr_free(mbedtls_x509_csr *csr) mbedtls_pk_free(&csr->pk); -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_free(csr->sig_opts); -#endif - mbedtls_asn1_free_named_data_list_shallow(csr->subject.next); mbedtls_asn1_sequence_free(csr->subject_alt_names.next); diff --git a/library/x509_internal.h b/library/x509_internal.h index 36cbc6518c..dc56bf6942 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -35,8 +35,7 @@ int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, #endif int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig); int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, - void **sig_opts); + mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, mbedtls_x509_time *t); int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, From d24dfad7af48e167d1f202e7901db18429a71ca4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 23 Apr 2025 11:13:02 +0200 Subject: [PATCH 0499/1548] library: x509: remove sig_opts from mbedtls_x509_sig_alg_gets() Signed-off-by: Valerio Setti --- library/x509.c | 19 ++++++---------- library/x509_crl.c | 3 +-- library/x509_crt.c | 3 +-- library/x509_csr.c | 3 +-- library/x509_internal.h | 3 +-- tests/suites/test_suite_x509parse.data | 30 +++++++++++++------------- 6 files changed, 25 insertions(+), 36 deletions(-) diff --git a/library/x509.c b/library/x509.c index 8ca7dde624..9fc6389d27 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1037,8 +1037,7 @@ int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *ser * Helper for writing signature algorithms */ int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, - mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, - const void *sig_opts) + mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; char *p = buf; @@ -1055,23 +1054,17 @@ int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *si #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - const mbedtls_pk_rsassa_pss_options *pss_opts; - - pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts; - const char *name = md_type_to_string(md_alg); - const char *mgf_name = md_type_to_string(pss_opts->mgf1_hash_id); - - ret = mbedtls_snprintf(p, n, " (%s, MGF1-%s, 0x%02X)", - name ? name : "???", - mgf_name ? mgf_name : "???", - (unsigned int) pss_opts->expected_salt_len); + if (name != NULL) { + ret = mbedtls_snprintf(p, n, " (%s)", name); + } else { + ret = mbedtls_snprintf(p, n, " (?)"); + } MBEDTLS_X509_SAFE_SNPRINTF; } #else ((void) pk_alg); ((void) md_alg); - ((void) sig_opts); #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ return (int) (size - n); diff --git a/library/x509_crl.c b/library/x509_crl.c index 81af93b6a9..0b98ba4664 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -645,8 +645,7 @@ int mbedtls_x509_crl_info(char *buf, size_t size, const char *prefix, ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_sig_alg_gets(p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md, - crl->sig_opts); + ret = mbedtls_x509_sig_alg_gets(p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md); MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf(p, n, "\n"); diff --git a/library/x509_crt.c b/library/x509_crt.c index 47907f2f89..b4c7d8adc4 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1799,8 +1799,7 @@ int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk, - crt->sig_md, crt->sig_opts); + ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk, crt->sig_md); MBEDTLS_X509_SAFE_SNPRINTF; /* Key size */ diff --git a/library/x509_csr.c b/library/x509_csr.c index c4a12845dc..2e435645b1 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -546,8 +546,7 @@ int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_sig_alg_gets(p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md, - csr->sig_opts); + ret = mbedtls_x509_sig_alg_gets(p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md); MBEDTLS_X509_SAFE_SNPRINTF; if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, diff --git a/library/x509_internal.h b/library/x509_internal.h index dc56bf6942..9360471b96 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -44,8 +44,7 @@ int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag); #if !defined(MBEDTLS_X509_REMOVE_INFO) int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, - mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, - const void *sig_opts); + mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg); #endif int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name); int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index d962f34b60..538368ac74 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -48,23 +48,23 @@ x509_cert_info:"../framework/data_files/parse_input/cert_sha512.crt":"cert. vers X509 CRT information RSA-PSS, SHA1 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1 -x509_cert_info:"../framework/data_files/parse_input/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"../framework/data_files/parse_input/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 CRT information RSA-PSS, SHA224 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224 -x509_cert_info:"../framework/data_files/parse_input/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"../framework/data_files/parse_input/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 CRT information RSA-PSS, SHA256 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256 -x509_cert_info:"../framework/data_files/parse_input/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:45\nexpires on \: 2024-01-18 13\:57\:45\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"../framework/data_files/parse_input/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:45\nexpires on \: 2024-01-18 13\:57\:45\nsigned using \: RSASSA-PSS (SHA256)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 CRT information RSA-PSS, SHA384 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384 -x509_cert_info:"../framework/data_files/parse_input/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:58\nexpires on \: 2024-01-18 13\:57\:58\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"../framework/data_files/parse_input/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:58\nexpires on \: 2024-01-18 13\:57\:58\nsigned using \: RSASSA-PSS (SHA384)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 CRT information RSA-PSS, SHA512 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_512 -x509_cert_info:"../framework/data_files/parse_input/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"../framework/data_files/parse_input/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 CRT information EC, SHA1 Digest depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1 @@ -268,23 +268,23 @@ mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_sha512.pem":"CRL X509 CRL information RSA-PSS, SHA1 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n" +mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1)\n" X509 CRL information RSA-PSS, SHA224 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n" +mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224)\n" X509 CRL information RSA-PSS, SHA256 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n" +mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256)\n" X509 CRL information RSA-PSS, SHA384 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n" +mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384)\n" X509 CRL information RSA-PSS, SHA512 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_512 -mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n" +mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512)\n" X509 CRL Information EC, SHA1 Digest depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_ECDSA @@ -368,23 +368,23 @@ mbedtls_x509_csr_info:"../framework/data_files/parse_input/server5.req.sha512":" X509 CSR Information RSA-PSS with SHA1 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA224 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA256 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA384 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA512 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_512:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA with SHA256 - Microsoft header depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO From 7f6f4e690727f6f9c69422ff26dc4f2d283165b0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 23 Apr 2025 11:29:51 +0200 Subject: [PATCH 0500/1548] library: pass NULL options parameter to mbedtls_pk_verify_ext() Signed-off-by: Valerio Setti --- library/ssl_tls12_client.c | 10 +--------- library/ssl_tls13_generic.c | 15 +-------------- library/x509_crt.c | 4 ++-- tests/suites/test_suite_x509write.function | 2 +- 4 files changed, 5 insertions(+), 26 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index df7dfbfa61..114c32aea1 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2100,15 +2100,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - mbedtls_pk_rsassa_pss_options rsassa_pss_options; - rsassa_pss_options.mgf1_hash_id = md_alg; - rsassa_pss_options.expected_salt_len = - mbedtls_md_get_size_from_type(md_alg); - if (rsassa_pss_options.expected_salt_len == 0) { - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - ret = mbedtls_pk_verify_ext(pk_alg, &rsassa_pss_options, + ret = mbedtls_pk_verify_ext(pk_alg, NULL, peer_pk, md_alg, hash, hashlen, p, sig_len); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index deba2ae1e0..70175e0d60 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -227,11 +227,6 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, unsigned char verify_hash[PSA_HASH_MAX_SIZE]; size_t verify_hash_len; - void const *options = NULL; -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_pk_rsassa_pss_options rsassa_pss_options; -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - /* * struct { * SignatureScheme algorithm; @@ -304,16 +299,8 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, } MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if (sig_alg == MBEDTLS_PK_RSASSA_PSS) { - rsassa_pss_options.mgf1_hash_id = md_alg; - - rsassa_pss_options.expected_salt_len = PSA_HASH_LENGTH(hash_alg); - options = (const void *) &rsassa_pss_options; - } -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - if ((ret = mbedtls_pk_verify_ext(sig_alg, options, + if ((ret = mbedtls_pk_verify_ext(sig_alg, NULL, &ssl->session_negotiate->peer_cert->pk, md_alg, verify_hash, verify_hash_len, p, signature_len)) == 0) { diff --git a/library/x509_crt.c b/library/x509_crt.c index b4c7d8adc4..faea404dba 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2059,7 +2059,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCERT_BAD_KEY; } - if (mbedtls_pk_verify_ext(crl_list->sig_pk, crl_list->sig_opts, &ca->pk, + if (mbedtls_pk_verify_ext(crl_list->sig_pk, NULL, &ca->pk, crl_list->sig_md, hash, hash_length, crl_list->sig.p, crl_list->sig.len) != 0) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; @@ -2133,7 +2133,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, (void) rs_ctx; #endif - return mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent->pk, + return mbedtls_pk_verify_ext(child->sig_pk, NULL, &parent->pk, child->sig_md, hash, hash_len, child->sig.p, child->sig.len); } diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 107d9235a4..f3a161ca52 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -37,7 +37,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - if (mbedtls_pk_verify_ext(csr.sig_pk, csr.sig_opts, &csr.pk, + if (mbedtls_pk_verify_ext(csr.sig_pk, NULL, &csr.pk, csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; From b8d5649ab69d2f03e223a8277e0ceb28e56576f0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 28 Apr 2025 10:14:18 +0200 Subject: [PATCH 0501/1548] tests: test_suite_x509: adapt RSA-PSS tests Parsing of CRT files with message's hash alg different from the MGF1 was allowed in the past, but now it fails. So we need to move/adapt tests relying on this feature, from a "verify" scope to a "parse" one. Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.data | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 538368ac74..bbdd9f90db 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -903,10 +903,6 @@ X509 CRT verification #68 (RSASSA-PSS, wrong salt_len, USE_PSA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_USE_PSA_CRYPTO x509_verify:"../framework/data_files/server9-bad-saltlen.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #69 (RSASSA-PSS, wrong mgf_hash) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server9-bad-mgfhash.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" - X509 CRT verification #70 (v1 trusted CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 x509_verify:"../framework/data_files/server1-v1.crt":"../framework/data_files/test-ca-v1.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" @@ -3151,6 +3147,10 @@ X509 File parse (conforms to RFC 5480 / RFC 5758 - AlgorithmIdentifier's paramet depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 x509parse_crt_file:"../framework/data_files/parse_input/server5.crt":0 +X509 File parse (RSASSA-PSS, MGF1 hash alg != message hash alg) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_1 +x509parse_crt_file:"../framework/data_files/server9-bad-mgfhash.crt":MBEDTLS_ERR_X509_INVALID_ALG + X509 File parse & read the ca_istrue field (Not Set) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 mbedtls_x509_get_ca_istrue:"../framework/data_files/parse_input/server1.crt":0 From 47c8579ed0f4a5dc8532b47deb298aca9cfca826 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 14:35:04 +0200 Subject: [PATCH 0502/1548] Copy OID files that are getting moved to tf-psa-crypto The OID module is used by both crypto and X.509. It has moved to the `tf-psa-crypto` subdirectory, and the sibling commit 08d8cc57dbe7be54fe3f88ecbc2729300c48d450 removes this subdirectory from the `mbedtls` repository in order to make `tf-psa-crypto` a submodule. We want to access the relevant parts directly from X.509 rather than go through the crypto repository, because OID functions are only accessible as private interfaces, and crypto doesn't know when a particular OID function is needed in the build since it depends on X.509 configuration options. Make a copy of the OID module and its unit tests. In a follow-up, the X.509 module will switch to consuming this copy rather than the one that went into TF-PSA-Crypto. Rename the files from `*oid*` to `*x509_oid*` to follow the naming convention that submodules of X.509 are prefixed with `x509`. This also avoids file name clashes with TF-PSA-Crypto. Since OID is not a public interface of Mbed TLS 4.x, move the header file into `library`. This commit only makes the files available. Subsequent commits will take care of making these files used in the build. Signed-off-by: Gilles Peskine --- library/x509_oid.c | 921 ++++++++++++++++++++++ library/x509_oid.h | 695 ++++++++++++++++ tests/suites/test_suite_x509_oid.data | 146 ++++ tests/suites/test_suite_x509_oid.function | 120 +++ 4 files changed, 1882 insertions(+) create mode 100644 library/x509_oid.c create mode 100644 library/x509_oid.h create mode 100644 tests/suites/test_suite_x509_oid.data create mode 100644 tests/suites/test_suite_x509_oid.function diff --git a/library/x509_oid.c b/library/x509_oid.c new file mode 100644 index 0000000000..ad3d8e03bc --- /dev/null +++ b/library/x509_oid.c @@ -0,0 +1,921 @@ +/** + * \file oid.c + * + * \brief Object Identifier (OID) database + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "common.h" + +#if defined(MBEDTLS_OID_C) + +#include "mbedtls/oid.h" +#include "mbedtls/rsa.h" +#include "mbedtls/error_common.h" +#include "mbedtls/pk.h" + +#include +#include + +#include "mbedtls/platform.h" + +/* + * Macro to automatically add the size of #define'd OIDs + */ +#define ADD_LEN(s) s, MBEDTLS_OID_SIZE(s) + +/* + * Macro to generate mbedtls_oid_descriptor_t + */ +#if !defined(MBEDTLS_X509_REMOVE_INFO) +#define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s), name, description } +#define NULL_OID_DESCRIPTOR { NULL, 0, NULL, NULL } +#else +#define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s) } +#define NULL_OID_DESCRIPTOR { NULL, 0 } +#endif + +/* + * Macro to generate an internal function for oid_XXX_from_asn1() (used by + * the other functions) + */ +#define FN_OID_TYPED_FROM_ASN1(TYPE_T, NAME, LIST) \ + static const TYPE_T *oid_ ## NAME ## _from_asn1( \ + const mbedtls_asn1_buf *oid) \ + { \ + const TYPE_T *p = (LIST); \ + const mbedtls_oid_descriptor_t *cur = \ + (const mbedtls_oid_descriptor_t *) p; \ + if (p == NULL || oid == NULL) return NULL; \ + while (cur->asn1 != NULL) { \ + if (cur->asn1_len == oid->len && \ + memcmp(cur->asn1, oid->p, oid->len) == 0) { \ + return p; \ + } \ + p++; \ + cur = (const mbedtls_oid_descriptor_t *) p; \ + } \ + return NULL; \ + } + +#if !defined(MBEDTLS_X509_REMOVE_INFO) +/* + * Macro to generate a function for retrieving a single attribute from the + * descriptor of an mbedtls_oid_descriptor_t wrapper. + */ +#define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ + int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ + { \ + const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ + if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ + *ATTR1 = data->descriptor.ATTR1; \ + return 0; \ + } +#endif /* MBEDTLS_X509_REMOVE_INFO */ + +/* + * Macro to generate a function for retrieving a single attribute from an + * mbedtls_oid_descriptor_t wrapper. + */ +#define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ + int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ + { \ + const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ + if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ + *ATTR1 = data->ATTR1; \ + return 0; \ + } + +/* + * Macro to generate a function for retrieving two attributes from an + * mbedtls_oid_descriptor_t wrapper. + */ +#define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \ + ATTR2_TYPE, ATTR2) \ + int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, \ + ATTR2_TYPE * ATTR2) \ + { \ + const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ + if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ + *(ATTR1) = data->ATTR1; \ + *(ATTR2) = data->ATTR2; \ + return 0; \ + } + +/* + * Macro to generate a function for retrieving the OID based on a single + * attribute from a mbedtls_oid_descriptor_t wrapper. + */ +#define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \ + int FN_NAME(ATTR1_TYPE ATTR1, const char **oid, size_t *olen) \ + { \ + const TYPE_T *cur = (LIST); \ + while (cur->descriptor.asn1 != NULL) { \ + if (cur->ATTR1 == (ATTR1)) { \ + *oid = cur->descriptor.asn1; \ + *olen = cur->descriptor.asn1_len; \ + return 0; \ + } \ + cur++; \ + } \ + return MBEDTLS_ERR_OID_NOT_FOUND; \ + } + +/* + * Macro to generate a function for retrieving the OID based on two + * attributes from a mbedtls_oid_descriptor_t wrapper. + */ +#define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1, \ + ATTR2_TYPE, ATTR2) \ + int FN_NAME(ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid, \ + size_t *olen) \ + { \ + const TYPE_T *cur = (LIST); \ + while (cur->descriptor.asn1 != NULL) { \ + if (cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2)) { \ + *oid = cur->descriptor.asn1; \ + *olen = cur->descriptor.asn1_len; \ + return 0; \ + } \ + cur++; \ + } \ + return MBEDTLS_ERR_OID_NOT_FOUND; \ + } + +/* + * For X520 attribute types + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + const char *short_name; +} oid_x520_attr_t; + +static const oid_x520_attr_t oid_x520_attr_type[] = +{ + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_CN, "id-at-commonName", "Common Name"), + "CN", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_COUNTRY, "id-at-countryName", "Country"), + "C", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_LOCALITY, "id-at-locality", "Locality"), + "L", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_STATE, "id-at-state", "State"), + "ST", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_ORGANIZATION, "id-at-organizationName", + "Organization"), + "O", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_ORG_UNIT, "id-at-organizationalUnitName", "Org Unit"), + "OU", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS9_EMAIL, + "emailAddress", + "E-mail address"), + "emailAddress", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_SERIAL_NUMBER, + "id-at-serialNumber", + "Serial number"), + "serialNumber", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_POSTAL_ADDRESS, + "id-at-postalAddress", + "Postal address"), + "postalAddress", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_POSTAL_CODE, "id-at-postalCode", "Postal code"), + "postalCode", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_SUR_NAME, "id-at-surName", "Surname"), + "SN", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_GIVEN_NAME, "id-at-givenName", "Given name"), + "GN", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_INITIALS, "id-at-initials", "Initials"), + "initials", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_GENERATION_QUALIFIER, + "id-at-generationQualifier", + "Generation qualifier"), + "generationQualifier", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_TITLE, "id-at-title", "Title"), + "title", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_DN_QUALIFIER, + "id-at-dnQualifier", + "Distinguished Name qualifier"), + "dnQualifier", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_PSEUDONYM, "id-at-pseudonym", "Pseudonym"), + "pseudonym", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_UID, "id-uid", "User Id"), + "uid", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_DOMAIN_COMPONENT, + "id-domainComponent", + "Domain component"), + "DC", + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AT_UNIQUE_IDENTIFIER, + "id-at-uniqueIdentifier", + "Unique Identifier"), + "uniqueIdentifier", + }, + { + NULL_OID_DESCRIPTOR, + NULL, + } +}; + +FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type) +FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, + oid_x520_attr_t, + x520_attr, + const char *, + short_name) + +/* + * For X509 extensions + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + int ext_type; +} oid_x509_ext_t; + +static const oid_x509_ext_t oid_x509_ext[] = +{ + { + OID_DESCRIPTOR(MBEDTLS_OID_BASIC_CONSTRAINTS, + "id-ce-basicConstraints", + "Basic Constraints"), + MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_KEY_USAGE, "id-ce-keyUsage", "Key Usage"), + MBEDTLS_OID_X509_EXT_KEY_USAGE, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_EXTENDED_KEY_USAGE, + "id-ce-extKeyUsage", + "Extended Key Usage"), + MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_ALT_NAME, + "id-ce-subjectAltName", + "Subject Alt Name"), + MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_NS_CERT_TYPE, + "id-netscape-certtype", + "Netscape Certificate Type"), + MBEDTLS_OID_X509_EXT_NS_CERT_TYPE, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_CERTIFICATE_POLICIES, + "id-ce-certificatePolicies", + "Certificate Policies"), + MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, + "id-ce-subjectKeyIdentifier", + "Subject Key Identifier"), + MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, + "id-ce-authorityKeyIdentifier", + "Authority Key Identifier"), + MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER, + }, + { + NULL_OID_DESCRIPTOR, + 0, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext) +FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) + +#if !defined(MBEDTLS_X509_REMOVE_INFO) +static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = +{ + OID_DESCRIPTOR(MBEDTLS_OID_SERVER_AUTH, + "id-kp-serverAuth", + "TLS Web Server Authentication"), + OID_DESCRIPTOR(MBEDTLS_OID_CLIENT_AUTH, + "id-kp-clientAuth", + "TLS Web Client Authentication"), + OID_DESCRIPTOR(MBEDTLS_OID_CODE_SIGNING, "id-kp-codeSigning", "Code Signing"), + OID_DESCRIPTOR(MBEDTLS_OID_EMAIL_PROTECTION, "id-kp-emailProtection", "E-mail Protection"), + OID_DESCRIPTOR(MBEDTLS_OID_TIME_STAMPING, "id-kp-timeStamping", "Time Stamping"), + OID_DESCRIPTOR(MBEDTLS_OID_OCSP_SIGNING, "id-kp-OCSPSigning", "OCSP Signing"), + OID_DESCRIPTOR(MBEDTLS_OID_WISUN_FAN, + "id-kp-wisun-fan-device", + "Wi-SUN Alliance Field Area Network (FAN)"), + NULL_OID_DESCRIPTOR, +}; + +FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage) +FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, + mbedtls_oid_descriptor_t, + ext_key_usage, + const char *, + description) + +static const mbedtls_oid_descriptor_t oid_certificate_policies[] = +{ + OID_DESCRIPTOR(MBEDTLS_OID_ANY_POLICY, "anyPolicy", "Any Policy"), + NULL_OID_DESCRIPTOR, +}; + +FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies) +FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, + mbedtls_oid_descriptor_t, + certificate_policies, + const char *, + description) +#endif /* MBEDTLS_X509_REMOVE_INFO */ + +/* + * For SignatureAlgorithmIdentifier + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + mbedtls_md_type_t md_alg; + mbedtls_pk_type_t pk_alg; +} oid_sig_alg_t; + +static const oid_sig_alg_t oid_sig_alg[] = +{ +#if defined(MBEDTLS_RSA_C) +#if defined(PSA_WANT_ALG_MD5) + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5"), + MBEDTLS_MD_MD5, MBEDTLS_PK_RSA, + }, +#endif /* PSA_WANT_ALG_MD5 */ +#if defined(PSA_WANT_ALG_SHA_1) + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA1, "sha-1WithRSAEncryption", "RSA with SHA1"), + MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, + }, +#endif /* PSA_WANT_ALG_SHA_1 */ +#if defined(PSA_WANT_ALG_SHA_224) + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA224, "sha224WithRSAEncryption", + "RSA with SHA-224"), + MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA, + }, +#endif /* PSA_WANT_ALG_SHA_224 */ +#if defined(PSA_WANT_ALG_SHA_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA256, "sha256WithRSAEncryption", + "RSA with SHA-256"), + MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA, + }, +#endif /* PSA_WANT_ALG_SHA_256 */ +#if defined(PSA_WANT_ALG_SHA_384) + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA384, "sha384WithRSAEncryption", + "RSA with SHA-384"), + MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA, + }, +#endif /* PSA_WANT_ALG_SHA_384 */ +#if defined(PSA_WANT_ALG_SHA_512) + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA512, "sha512WithRSAEncryption", + "RSA with SHA-512"), + MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA, + }, +#endif /* PSA_WANT_ALG_SHA_512 */ +#if defined(PSA_WANT_ALG_SHA_1) + { + OID_DESCRIPTOR(MBEDTLS_OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1"), + MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, + }, +#endif /* PSA_WANT_ALG_SHA_1 */ +#endif /* MBEDTLS_RSA_C */ +#if defined(PSA_HAVE_ALG_SOME_ECDSA) +#if defined(PSA_WANT_ALG_SHA_1) + { + OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA1, "ecdsa-with-SHA1", "ECDSA with SHA1"), + MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA, + }, +#endif /* PSA_WANT_ALG_SHA_1 */ +#if defined(PSA_WANT_ALG_SHA_224) + { + OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224"), + MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA, + }, +#endif +#if defined(PSA_WANT_ALG_SHA_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA256, "ecdsa-with-SHA256", "ECDSA with SHA256"), + MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA, + }, +#endif /* PSA_WANT_ALG_SHA_256 */ +#if defined(PSA_WANT_ALG_SHA_384) + { + OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384"), + MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA, + }, +#endif /* PSA_WANT_ALG_SHA_384 */ +#if defined(PSA_WANT_ALG_SHA_512) + { + OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512"), + MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA, + }, +#endif /* PSA_WANT_ALG_SHA_512 */ +#endif /* PSA_HAVE_ALG_SOME_ECDSA */ +#if defined(MBEDTLS_RSA_C) + { + OID_DESCRIPTOR(MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS"), + MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS, + }, +#endif /* MBEDTLS_RSA_C */ + { + NULL_OID_DESCRIPTOR, + MBEDTLS_MD_NONE, MBEDTLS_PK_NONE, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg) + +#if !defined(MBEDTLS_X509_REMOVE_INFO) +FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, + oid_sig_alg_t, + sig_alg, + const char *, + description) +#endif + +FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, + oid_sig_alg_t, + sig_alg, + mbedtls_md_type_t, + md_alg, + mbedtls_pk_type_t, + pk_alg) +FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, + oid_sig_alg_t, + oid_sig_alg, + mbedtls_pk_type_t, + pk_alg, + mbedtls_md_type_t, + md_alg) + +/* + * For PublicKeyInfo (PKCS1, RFC 5480) + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + mbedtls_pk_type_t pk_alg; +} oid_pk_alg_t; + +static const oid_pk_alg_t oid_pk_alg[] = +{ + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_RSA, "rsaEncryption", "RSA"), + MBEDTLS_PK_RSA, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_UNRESTRICTED, "id-ecPublicKey", "Generic EC key"), + MBEDTLS_PK_ECKEY, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_ECDH, "id-ecDH", "EC key for ECDH"), + MBEDTLS_PK_ECKEY_DH, + }, + { + NULL_OID_DESCRIPTOR, + MBEDTLS_PK_NONE, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg) +FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg) +FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, + oid_pk_alg_t, + oid_pk_alg, + mbedtls_pk_type_t, + pk_alg) + +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +/* + * For elliptic curves that use namedCurve inside ECParams (RFC 5480) + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + mbedtls_ecp_group_id grp_id; +} oid_ecp_grp_t; + +static const oid_ecp_grp_t oid_ecp_grp[] = +{ +#if defined(PSA_WANT_ECC_SECP_R1_192) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192R1, "secp192r1", "secp192r1"), + MBEDTLS_ECP_DP_SECP192R1, + }, +#endif /* PSA_WANT_ECC_SECP_R1_192 */ +#if defined(PSA_WANT_ECC_SECP_R1_224) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224R1, "secp224r1", "secp224r1"), + MBEDTLS_ECP_DP_SECP224R1, + }, +#endif /* PSA_WANT_ECC_SECP_R1_224 */ +#if defined(PSA_WANT_ECC_SECP_R1_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256R1, "secp256r1", "secp256r1"), + MBEDTLS_ECP_DP_SECP256R1, + }, +#endif /* PSA_WANT_ECC_SECP_R1_256 */ +#if defined(PSA_WANT_ECC_SECP_R1_384) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP384R1, "secp384r1", "secp384r1"), + MBEDTLS_ECP_DP_SECP384R1, + }, +#endif /* PSA_WANT_ECC_SECP_R1_384 */ +#if defined(PSA_WANT_ECC_SECP_R1_521) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1", "secp521r1"), + MBEDTLS_ECP_DP_SECP521R1, + }, +#endif /* PSA_WANT_ECC_SECP_R1_521 */ +#if defined(PSA_WANT_ECC_SECP_K1_192) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1", "secp192k1"), + MBEDTLS_ECP_DP_SECP192K1, + }, +#endif /* PSA_WANT_ECC_SECP_K1_192 */ +#if defined(PSA_WANT_ECC_SECP_K1_224) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1", "secp224k1"), + MBEDTLS_ECP_DP_SECP224K1, + }, +#endif /* PSA_WANT_ECC_SECP_K1_224 */ +#if defined(PSA_WANT_ECC_SECP_K1_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1", "secp256k1"), + MBEDTLS_ECP_DP_SECP256K1, + }, +#endif /* PSA_WANT_ECC_SECP_K1_256 */ +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP256R1, "brainpoolP256r1", "brainpool256r1"), + MBEDTLS_ECP_DP_BP256R1, + }, +#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */ +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP384R1, "brainpoolP384r1", "brainpool384r1"), + MBEDTLS_ECP_DP_BP384R1, + }, +#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */ +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) + { + OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP512R1, "brainpoolP512r1", "brainpool512r1"), + MBEDTLS_ECP_DP_BP512R1, + }, +#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */ + { + NULL_OID_DESCRIPTOR, + MBEDTLS_ECP_DP_NONE, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp) +FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id) +FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, + oid_ecp_grp_t, + oid_ecp_grp, + mbedtls_ecp_group_id, + grp_id) + +/* + * For Elliptic Curve algorithms that are directly + * encoded in the AlgorithmIdentifier (RFC 8410) + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + mbedtls_ecp_group_id grp_id; +} oid_ecp_grp_algid_t; + +static const oid_ecp_grp_algid_t oid_ecp_grp_algid[] = +{ +#if defined(PSA_WANT_ECC_MONTGOMERY_255) + { + OID_DESCRIPTOR(MBEDTLS_OID_X25519, "X25519", "X25519"), + MBEDTLS_ECP_DP_CURVE25519, + }, +#endif /* PSA_WANT_ECC_MONTGOMERY_255 */ +#if defined(PSA_WANT_ECC_MONTGOMERY_448) + { + OID_DESCRIPTOR(MBEDTLS_OID_X448, "X448", "X448"), + MBEDTLS_ECP_DP_CURVE448, + }, +#endif /* PSA_WANT_ECC_MONTGOMERY_448 */ + { + NULL_OID_DESCRIPTOR, + MBEDTLS_ECP_DP_NONE, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_algid_t, grp_id_algid, oid_ecp_grp_algid) +FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp_algid, + oid_ecp_grp_algid_t, + grp_id_algid, + mbedtls_ecp_group_id, + grp_id) +FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp_algid, + oid_ecp_grp_algid_t, + oid_ecp_grp_algid, + mbedtls_ecp_group_id, + grp_id) +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ + +#if defined(MBEDTLS_CIPHER_C) +/* + * For PKCS#5 PBES2 encryption algorithm + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + mbedtls_cipher_type_t cipher_alg; +} oid_cipher_alg_t; + +static const oid_cipher_alg_t oid_cipher_alg[] = +{ + { + OID_DESCRIPTOR(MBEDTLS_OID_DES_CBC, "desCBC", "DES-CBC"), + MBEDTLS_CIPHER_DES_CBC, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_DES_EDE3_CBC, "des-ede3-cbc", "DES-EDE3-CBC"), + MBEDTLS_CIPHER_DES_EDE3_CBC, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AES_128_CBC, "aes128-cbc", "AES128-CBC"), + MBEDTLS_CIPHER_AES_128_CBC, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AES_192_CBC, "aes192-cbc", "AES192-CBC"), + MBEDTLS_CIPHER_AES_192_CBC, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AES_256_CBC, "aes256-cbc", "AES256-CBC"), + MBEDTLS_CIPHER_AES_256_CBC, + }, + { + NULL_OID_DESCRIPTOR, + MBEDTLS_CIPHER_NONE, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg) +FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, + oid_cipher_alg_t, + cipher_alg, + mbedtls_cipher_type_t, + cipher_alg) +#endif /* MBEDTLS_CIPHER_C */ + +/* + * For digestAlgorithm + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + mbedtls_md_type_t md_alg; +} oid_md_alg_t; + +static const oid_md_alg_t oid_md_alg[] = +{ +#if defined(PSA_WANT_ALG_MD5) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_MD5, "id-md5", "MD5"), + MBEDTLS_MD_MD5, + }, +#endif +#if defined(PSA_WANT_ALG_SHA_1) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA1, "id-sha1", "SHA-1"), + MBEDTLS_MD_SHA1, + }, +#endif +#if defined(PSA_WANT_ALG_SHA_224) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA224, "id-sha224", "SHA-224"), + MBEDTLS_MD_SHA224, + }, +#endif +#if defined(PSA_WANT_ALG_SHA_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA256, "id-sha256", "SHA-256"), + MBEDTLS_MD_SHA256, + }, +#endif +#if defined(PSA_WANT_ALG_SHA_384) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA384, "id-sha384", "SHA-384"), + MBEDTLS_MD_SHA384, + }, +#endif +#if defined(PSA_WANT_ALG_SHA_512) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA512, "id-sha512", "SHA-512"), + MBEDTLS_MD_SHA512, + }, +#endif +#if defined(PSA_WANT_ALG_RIPEMD160) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160"), + MBEDTLS_MD_RIPEMD160, + }, +#endif +#if defined(PSA_WANT_ALG_SHA3_224) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_224, "id-sha3-224", "SHA-3-224"), + MBEDTLS_MD_SHA3_224, + }, +#endif +#if defined(PSA_WANT_ALG_SHA3_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_256, "id-sha3-256", "SHA-3-256"), + MBEDTLS_MD_SHA3_256, + }, +#endif +#if defined(PSA_WANT_ALG_SHA3_384) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_384, "id-sha3-384", "SHA-3-384"), + MBEDTLS_MD_SHA3_384, + }, +#endif +#if defined(PSA_WANT_ALG_SHA3_512) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_512, "id-sha3-512", "SHA-3-512"), + MBEDTLS_MD_SHA3_512, + }, +#endif + { + NULL_OID_DESCRIPTOR, + MBEDTLS_MD_NONE, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) +FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) +FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, + oid_md_alg_t, + oid_md_alg, + mbedtls_md_type_t, + md_alg) + +/* + * For HMAC digestAlgorithm + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + mbedtls_md_type_t md_hmac; +} oid_md_hmac_t; + +static const oid_md_hmac_t oid_md_hmac[] = +{ +#if defined(PSA_WANT_ALG_SHA_1) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA1, "hmacSHA1", "HMAC-SHA-1"), + MBEDTLS_MD_SHA1, + }, +#endif /* PSA_WANT_ALG_SHA_1 */ +#if defined(PSA_WANT_ALG_SHA_224) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224"), + MBEDTLS_MD_SHA224, + }, +#endif /* PSA_WANT_ALG_SHA_224 */ +#if defined(PSA_WANT_ALG_SHA_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256"), + MBEDTLS_MD_SHA256, + }, +#endif /* PSA_WANT_ALG_SHA_256 */ +#if defined(PSA_WANT_ALG_SHA_384) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA384, "hmacSHA384", "HMAC-SHA-384"), + MBEDTLS_MD_SHA384, + }, +#endif /* PSA_WANT_ALG_SHA_384 */ +#if defined(PSA_WANT_ALG_SHA_512) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA512, "hmacSHA512", "HMAC-SHA-512"), + MBEDTLS_MD_SHA512, + }, +#endif /* PSA_WANT_ALG_SHA_512 */ +#if defined(PSA_WANT_ALG_SHA3_224) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_224, "hmacSHA3-224", "HMAC-SHA3-224"), + MBEDTLS_MD_SHA3_224, + }, +#endif /* PSA_WANT_ALG_SHA3_224 */ +#if defined(PSA_WANT_ALG_SHA3_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_256, "hmacSHA3-256", "HMAC-SHA3-256"), + MBEDTLS_MD_SHA3_256, + }, +#endif /* PSA_WANT_ALG_SHA3_256 */ +#if defined(PSA_WANT_ALG_SHA3_384) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_384, "hmacSHA3-384", "HMAC-SHA3-384"), + MBEDTLS_MD_SHA3_384, + }, +#endif /* PSA_WANT_ALG_SHA3_384 */ +#if defined(PSA_WANT_ALG_SHA3_512) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_512, "hmacSHA3-512", "HMAC-SHA3-512"), + MBEDTLS_MD_SHA3_512, + }, +#endif /* PSA_WANT_ALG_SHA3_512 */ +#if defined(PSA_WANT_ALG_RIPEMD160) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_RIPEMD160, "hmacRIPEMD160", "HMAC-RIPEMD160"), + MBEDTLS_MD_RIPEMD160, + }, +#endif /* PSA_WANT_ALG_RIPEMD160 */ + { + NULL_OID_DESCRIPTOR, + MBEDTLS_MD_NONE, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac) +FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac) + +#if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_C) +/* + * For PKCS#12 PBEs + */ +typedef struct { + mbedtls_oid_descriptor_t descriptor; + mbedtls_md_type_t md_alg; + mbedtls_cipher_type_t cipher_alg; +} oid_pkcs12_pbe_alg_t; + +static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] = +{ + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, + "pbeWithSHAAnd3-KeyTripleDES-CBC", + "PBE with SHA1 and 3-Key 3DES"), + MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, + "pbeWithSHAAnd2-KeyTripleDES-CBC", + "PBE with SHA1 and 2-Key 3DES"), + MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE_CBC, + }, + { + NULL_OID_DESCRIPTOR, + MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE, + }, +}; + +FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg) +FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, + oid_pkcs12_pbe_alg_t, + pkcs12_pbe_alg, + mbedtls_md_type_t, + md_alg, + mbedtls_cipher_type_t, + cipher_alg) +#endif /* MBEDTLS_PKCS12_C && MBEDTLS_CIPHER_C */ + +#endif /* MBEDTLS_OID_C */ diff --git a/library/x509_oid.h b/library/x509_oid.h new file mode 100644 index 0000000000..d4bbd09ff3 --- /dev/null +++ b/library/x509_oid.h @@ -0,0 +1,695 @@ +/** + * \file oid.h + * + * \brief Object Identifier (OID) database + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ +#ifndef MBEDTLS_OID_H +#define MBEDTLS_OID_H +#include "mbedtls/private_access.h" + +#include "tf-psa-crypto/build_info.h" + +#include "mbedtls/asn1.h" +#include "mbedtls/pk.h" + +#include + +#if defined(MBEDTLS_CIPHER_C) +#include "mbedtls/cipher.h" +#endif + +#include "mbedtls/md.h" + +/** OID is not found. */ +#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E +/** output buffer is too small */ +#define MBEDTLS_ERR_OID_BUF_TOO_SMALL -0x000B + +/* This is for the benefit of X.509, but defined here in order to avoid + * having a "backwards" include of x.509.h here */ +/* + * X.509 extension types (internal, arbitrary values for bitsets) + */ +#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0) +#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1) +#define MBEDTLS_OID_X509_EXT_KEY_USAGE (1 << 2) +#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES (1 << 3) +#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS (1 << 4) +#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME (1 << 5) +#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME (1 << 6) +#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7) +#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS (1 << 8) +#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS (1 << 9) +#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS (1 << 10) +#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE (1 << 11) +#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12) +#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13) +#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL (1 << 14) +#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16) + +/* + * Maximum number of OID components allowed + */ +#define MBEDTLS_OID_MAX_COMPONENTS 128 + +/* + * Top level OID tuples + */ +#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */ +#define MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x2b" /* {iso(1) identified-organization(3)} */ +#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */ +#define MBEDTLS_OID_ISO_ITU_COUNTRY "\x60" /* {joint-iso-itu-t(2) country(16)} */ + +/* + * ISO Member bodies OID parts + */ +#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */ +#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */ +#define MBEDTLS_OID_RSA_COMPANY MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ + MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */ +#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */ +#define MBEDTLS_OID_ANSI_X9_62 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ + MBEDTLS_OID_ORG_ANSI_X9_62 + +/* + * ISO Identified organization OID parts + */ +#define MBEDTLS_OID_ORG_DOD "\x06" /* {dod(6)} */ +#define MBEDTLS_OID_ORG_OIW "\x0e" +#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03" +#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02" +#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a" +#define MBEDTLS_OID_ORG_THAWTE "\x65" /* thawte(101) */ +#define MBEDTLS_OID_THAWTE MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_ORG_THAWTE +#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */ +#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_ORG_CERTICOM +#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */ +#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_ORG_TELETRUST + +/* + * ISO ITU OID parts + */ +#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */ +#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US \ + MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */ + +#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */ +#define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */ + +#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */ +#define MBEDTLS_OID_NETSCAPE MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */ + +/* ISO arc for standard certificate and CRL extensions */ +#define MBEDTLS_OID_ID_CE MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */ + +#define MBEDTLS_OID_NIST_ALG MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) */ + +/** + * Private Internet Extensions + * { iso(1) identified-organization(3) dod(6) internet(1) + * security(5) mechanisms(5) pkix(7) } + */ +#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD \ + "\x01" +#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07" + +/* + * Arc for standard naming attributes + */ +#define MBEDTLS_OID_AT MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */ +#define MBEDTLS_OID_AT_CN MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */ +#define MBEDTLS_OID_AT_SUR_NAME MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */ +#define MBEDTLS_OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */ +#define MBEDTLS_OID_AT_COUNTRY MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */ +#define MBEDTLS_OID_AT_LOCALITY MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */ +#define MBEDTLS_OID_AT_STATE MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */ +#define MBEDTLS_OID_AT_ORGANIZATION MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */ +#define MBEDTLS_OID_AT_ORG_UNIT MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */ +#define MBEDTLS_OID_AT_TITLE MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */ +#define MBEDTLS_OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */ +#define MBEDTLS_OID_AT_POSTAL_CODE MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */ +#define MBEDTLS_OID_AT_GIVEN_NAME MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */ +#define MBEDTLS_OID_AT_INITIALS MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */ +#define MBEDTLS_OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */ +#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributeType:= {id-at 45} */ +#define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */ +#define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */ + +#define MBEDTLS_OID_UID "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */ +#define MBEDTLS_OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */ + +/* + * OIDs for standard certificate extensions + */ +#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */ +#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */ +#define MBEDTLS_OID_KEY_USAGE MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */ +#define MBEDTLS_OID_CERTIFICATE_POLICIES MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */ +#define MBEDTLS_OID_POLICY_MAPPINGS MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */ +#define MBEDTLS_OID_SUBJECT_ALT_NAME MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */ +#define MBEDTLS_OID_ISSUER_ALT_NAME MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */ +#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */ +#define MBEDTLS_OID_BASIC_CONSTRAINTS MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */ +#define MBEDTLS_OID_NAME_CONSTRAINTS MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */ +#define MBEDTLS_OID_POLICY_CONSTRAINTS MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */ +#define MBEDTLS_OID_EXTENDED_KEY_USAGE MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */ +#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */ +#define MBEDTLS_OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */ +#define MBEDTLS_OID_FRESHEST_CRL MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */ + +/* + * Certificate policies + */ +#define MBEDTLS_OID_ANY_POLICY MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */ + +/* + * Netscape certificate extensions + */ +#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01" +#define MBEDTLS_OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT "\x01" +#define MBEDTLS_OID_NS_BASE_URL MBEDTLS_OID_NS_CERT "\x02" +#define MBEDTLS_OID_NS_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x03" +#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04" +#define MBEDTLS_OID_NS_RENEWAL_URL MBEDTLS_OID_NS_CERT "\x07" +#define MBEDTLS_OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CERT "\x08" +#define MBEDTLS_OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_CERT "\x0C" +#define MBEDTLS_OID_NS_COMMENT MBEDTLS_OID_NS_CERT "\x0D" +#define MBEDTLS_OID_NS_DATA_TYPE MBEDTLS_OID_NETSCAPE "\x02" +#define MBEDTLS_OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_DATA_TYPE "\x05" + +/* + * OIDs for CRL extensions + */ +#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10" +#define MBEDTLS_OID_CRL_NUMBER MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */ + +/* + * X.509 v3 Extended key usage OIDs + */ +#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */ + +#define MBEDTLS_OID_KP MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */ +#define MBEDTLS_OID_SERVER_AUTH MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */ +#define MBEDTLS_OID_CLIENT_AUTH MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */ +#define MBEDTLS_OID_CODE_SIGNING MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */ +#define MBEDTLS_OID_EMAIL_PROTECTION MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */ +#define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */ +#define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */ + +/** + * Wi-SUN Alliance Field Area Network + * { iso(1) identified-organization(3) dod(6) internet(1) + * private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) } + */ +#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01" + +#define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */ +#define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */ + +/* + * PKCS definition OIDs + */ + +#define MBEDTLS_OID_PKCS MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */ +#define MBEDTLS_OID_PKCS1 MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */ +#define MBEDTLS_OID_PKCS5 MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */ +#define MBEDTLS_OID_PKCS7 MBEDTLS_OID_PKCS "\x07" /**< pkcs-7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 } */ +#define MBEDTLS_OID_PKCS9 MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */ +#define MBEDTLS_OID_PKCS12 MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */ + +/* + * PKCS#1 OIDs + */ +#define MBEDTLS_OID_PKCS1_RSA MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */ +#define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */ +#define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */ +#define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */ +#define MBEDTLS_OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */ +#define MBEDTLS_OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */ +#define MBEDTLS_OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */ + +#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D" + +#define MBEDTLS_OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */ + +/* RFC 4055 */ +#define MBEDTLS_OID_RSASSA_PSS MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */ +#define MBEDTLS_OID_MGF1 MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */ + +/* + * Digest algorithms + */ +#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */ +#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */ +#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */ +#define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA384 MBEDTLS_OID_NIST_ALG "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA512 MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */ + +#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x07" /**< id-sha3-224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-224(7) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x08" /**< id-sha3-256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-256(8) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x09" /**< id-sha3-384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-384(9) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x0a" /**< id-sha3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-512(10) } */ + + +#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */ + +#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */ + +#define MBEDTLS_OID_HMAC_SHA256 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */ + +#define MBEDTLS_OID_HMAC_SHA384 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */ + +#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */ + +#define MBEDTLS_OID_HMAC_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x0d" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-224(13) } */ + +#define MBEDTLS_OID_HMAC_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x0e" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-256(14) } */ + +#define MBEDTLS_OID_HMAC_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x0f" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-384(15) } */ + +#define MBEDTLS_OID_HMAC_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x10" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-512(16) } */ + +#define MBEDTLS_OID_HMAC_RIPEMD160 MBEDTLS_OID_INTERNET "\x05\x05\x08\x01\x04" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) iso-identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1) hmacRIPEMD160(4)} */ + +/* + * Encryption algorithms, + * the following standardized object identifiers are specified at + * https://datatracker.ietf.org/doc/html/rfc8018#appendix-C. + */ +#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */ +#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */ +#define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */ +#define MBEDTLS_OID_AES_128_CBC MBEDTLS_OID_AES "\x02" /** aes128-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes128-CBC-PAD(2) } */ +#define MBEDTLS_OID_AES_192_CBC MBEDTLS_OID_AES "\x16" /** aes192-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes192-CBC-PAD(22) } */ +#define MBEDTLS_OID_AES_256_CBC MBEDTLS_OID_AES "\x2a" /** aes256-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes256-CBC-PAD(42) } */ + +/* + * Key Wrapping algorithms + */ +/* + * RFC 5649 + */ +#define MBEDTLS_OID_AES128_KW MBEDTLS_OID_AES "\x05" /** id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 } */ +#define MBEDTLS_OID_AES128_KWP MBEDTLS_OID_AES "\x08" /** id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 } */ +#define MBEDTLS_OID_AES192_KW MBEDTLS_OID_AES "\x19" /** id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 } */ +#define MBEDTLS_OID_AES192_KWP MBEDTLS_OID_AES "\x1c" /** id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 } */ +#define MBEDTLS_OID_AES256_KW MBEDTLS_OID_AES "\x2d" /** id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 } */ +#define MBEDTLS_OID_AES256_KWP MBEDTLS_OID_AES "\x30" /** id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 } */ +/* + * PKCS#5 OIDs + */ +#define MBEDTLS_OID_PKCS5_PBKDF2 MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */ +#define MBEDTLS_OID_PKCS5_PBES2 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */ +#define MBEDTLS_OID_PKCS5_PBMAC1 MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */ + +/* + * PKCS#5 PBES1 algorithms + */ +#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */ +#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */ +#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */ +#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */ + +/* + * PKCS#7 OIDs + */ +#define MBEDTLS_OID_PKCS7_DATA MBEDTLS_OID_PKCS7 "\x01" /**< Content type is Data OBJECT IDENTIFIER ::= {pkcs-7 1} */ +#define MBEDTLS_OID_PKCS7_SIGNED_DATA MBEDTLS_OID_PKCS7 "\x02" /**< Content type is Signed Data OBJECT IDENTIFIER ::= {pkcs-7 2} */ +#define MBEDTLS_OID_PKCS7_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x03" /**< Content type is Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 3} */ +#define MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x04" /**< Content type is Signed and Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 4} */ +#define MBEDTLS_OID_PKCS7_DIGESTED_DATA MBEDTLS_OID_PKCS7 "\x05" /**< Content type is Digested Data OBJECT IDENTIFIER ::= {pkcs-7 5} */ +#define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x06" /**< Content type is Encrypted Data OBJECT IDENTIFIER ::= {pkcs-7 6} */ + +/* + * PKCS#8 OIDs + */ +#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */ + +/* + * PKCS#12 PBE OIDs + */ +#define MBEDTLS_OID_PKCS12_PBE MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */ + +#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */ +#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */ +#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */ +#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */ + +/* + * EC key algorithms from RFC 5480 + */ + +/* id-ecPublicKey OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */ +#define MBEDTLS_OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_ANSI_X9_62 "\x02\01" + +/* id-ecDH OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) certicom(132) + * schemes(1) ecdh(12) } */ +#define MBEDTLS_OID_EC_ALG_ECDH MBEDTLS_OID_CERTICOM "\x01\x0c" + +/* + * ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2 + */ + +/* secp192r1 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */ +#define MBEDTLS_OID_EC_GRP_SECP192R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01" + +/* secp224r1 OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) certicom(132) curve(0) 33 } */ +#define MBEDTLS_OID_EC_GRP_SECP224R1 MBEDTLS_OID_CERTICOM "\x00\x21" + +/* secp256r1 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */ +#define MBEDTLS_OID_EC_GRP_SECP256R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07" + +/* secp384r1 OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) certicom(132) curve(0) 34 } */ +#define MBEDTLS_OID_EC_GRP_SECP384R1 MBEDTLS_OID_CERTICOM "\x00\x22" + +/* secp521r1 OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) certicom(132) curve(0) 35 } */ +#define MBEDTLS_OID_EC_GRP_SECP521R1 MBEDTLS_OID_CERTICOM "\x00\x23" + +/* secp192k1 OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) certicom(132) curve(0) 31 } */ +#define MBEDTLS_OID_EC_GRP_SECP192K1 MBEDTLS_OID_CERTICOM "\x00\x1f" + +/* secp224k1 OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) certicom(132) curve(0) 32 } */ +#define MBEDTLS_OID_EC_GRP_SECP224K1 MBEDTLS_OID_CERTICOM "\x00\x20" + +/* secp256k1 OBJECT IDENTIFIER ::= { + * iso(1) identified-organization(3) certicom(132) curve(0) 10 } */ +#define MBEDTLS_OID_EC_GRP_SECP256K1 MBEDTLS_OID_CERTICOM "\x00\x0a" + +/* RFC 5639 4.1 + * ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1) + * identified-organization(3) teletrust(36) algorithm(3) signature- + * algorithm(3) ecSign(2) 8} + * ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1} + * versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */ +#define MBEDTLS_OID_EC_BRAINPOOL_V1 MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01" + +/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */ +#define MBEDTLS_OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07" + +/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */ +#define MBEDTLS_OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B" + +/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */ +#define MBEDTLS_OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D" + +/* + * SEC1 C.1 + * + * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } + * id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)} + */ +#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62 "\x01" +#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01" + +/* + * ECDSA signature identifiers, from RFC 5480 + */ +#define MBEDTLS_OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */ +#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */ + +/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */ +#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01" + +/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + * ecdsa-with-SHA2(3) 1 } */ +#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01" + +/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + * ecdsa-with-SHA2(3) 2 } */ +#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02" + +/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + * ecdsa-with-SHA2(3) 3 } */ +#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03" + +/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + * ecdsa-with-SHA2(3) 4 } */ +#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04" + +/* + * EC key algorithms from RFC 8410 + */ + +#define MBEDTLS_OID_X25519 MBEDTLS_OID_THAWTE "\x6e" /**< id-X25519 OBJECT IDENTIFIER ::= { 1 3 101 110 } */ +#define MBEDTLS_OID_X448 MBEDTLS_OID_THAWTE "\x6f" /**< id-X448 OBJECT IDENTIFIER ::= { 1 3 101 111 } */ +#define MBEDTLS_OID_ED25519 MBEDTLS_OID_THAWTE "\x70" /**< id-Ed25519 OBJECT IDENTIFIER ::= { 1 3 101 112 } */ +#define MBEDTLS_OID_ED448 MBEDTLS_OID_THAWTE "\x71" /**< id-Ed448 OBJECT IDENTIFIER ::= { 1 3 101 113 } */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief Base OID descriptor structure + */ +typedef struct mbedtls_oid_descriptor_t { + const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */ + size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */ +#if !defined(MBEDTLS_X509_REMOVE_INFO) + const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */ + const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */ +#endif +} mbedtls_oid_descriptor_t; + +/** + * \brief Translate an X.509 extension OID into local values + * + * \param oid OID to use + * \param ext_type place to store the extension type + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type); + +/** + * \brief Translate an X.509 attribute type OID into the short name + * (e.g. the OID for an X520 Common Name into "CN") + * + * \param oid OID to use + * \param short_name place to store the string pointer + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name); + +/** + * \brief Translate PublicKeyAlgorithm OID into pk_type + * + * \param oid OID to use + * \param pk_alg place to store public key algorithm + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg); + +/** + * \brief Translate pk_type into PublicKeyAlgorithm OID + * + * \param pk_alg Public key type to look for + * \param oid place to store ASN.1 OID string pointer + * \param olen length of the OID + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg, + const char **oid, size_t *olen); + +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +/** + * \brief Translate NamedCurve OID into an EC group identifier + * + * \param oid OID to use + * \param grp_id place to store group id + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_ec_grp(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id); + +/** + * \brief Translate EC group identifier into NamedCurve OID + * + * \param grp_id EC group identifier + * \param oid place to store ASN.1 OID string pointer + * \param olen length of the OID + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id, + const char **oid, size_t *olen); + +/** + * \brief Translate AlgorithmIdentifier OID into an EC group identifier, + * for curves that are directly encoded at this level + * + * \param oid OID to use + * \param grp_id place to store group id + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id); + +/** + * \brief Translate EC group identifier into AlgorithmIdentifier OID, + * for curves that are directly encoded at this level + * + * \param grp_id EC group identifier + * \param oid place to store ASN.1 OID string pointer + * \param olen length of the OID + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id, + const char **oid, size_t *olen); +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ + +/** + * \brief Translate SignatureAlgorithm OID into md_type and pk_type + * + * \param oid OID to use + * \param md_alg place to store message digest algorithm + * \param pk_alg place to store public key algorithm + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_sig_alg(const mbedtls_asn1_buf *oid, + mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); + +/** + * \brief Translate SignatureAlgorithm OID into description + * + * \param oid OID to use + * \param desc place to store string pointer + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc); + +/** + * \brief Translate md_type and pk_type into SignatureAlgorithm OID + * + * \param md_alg message digest algorithm + * \param pk_alg public key algorithm + * \param oid place to store ASN.1 OID string pointer + * \param olen length of the OID + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, + const char **oid, size_t *olen); + +/** + * \brief Translate hmac algorithm OID into md_type + * + * \param oid OID to use + * \param md_hmac place to store message hmac algorithm + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_md_hmac(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac); + +/** + * \brief Translate hash algorithm OID into md_type + * + * \param oid OID to use + * \param md_alg place to store message digest algorithm + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg); + +#if !defined(MBEDTLS_X509_REMOVE_INFO) +/** + * \brief Translate Extended Key Usage OID into description + * + * \param oid OID to use + * \param desc place to store string pointer + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc); +#endif + +/** + * \brief Translate certificate policies OID into description + * + * \param oid OID to use + * \param desc place to store string pointer + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc); + +/** + * \brief Translate md_type into hash algorithm OID + * + * \param md_alg message digest algorithm + * \param oid place to store ASN.1 OID string pointer + * \param olen length of the OID + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t *olen); + +#if defined(MBEDTLS_CIPHER_C) +/** + * \brief Translate encryption algorithm OID into cipher_type + * + * \param oid OID to use + * \param cipher_alg place to store cipher algorithm + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg); + +#if defined(MBEDTLS_PKCS12_C) +/** + * \brief Translate PKCS#12 PBE algorithm OID into md_type and + * cipher_type + * + * \param oid OID to use + * \param md_alg place to store message digest algorithm + * \param cipher_alg place to store cipher algorithm + * + * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + */ +int mbedtls_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, + mbedtls_cipher_type_t *cipher_alg); +#endif /* MBEDTLS_PKCS12_C */ +#endif /* MBEDTLS_CIPHER_C */ + +#ifdef __cplusplus +} +#endif + +#endif /* oid.h */ diff --git a/tests/suites/test_suite_x509_oid.data b/tests/suites/test_suite_x509_oid.data new file mode 100644 index 0000000000..42b0505801 --- /dev/null +++ b/tests/suites/test_suite_x509_oid.data @@ -0,0 +1,146 @@ +OID get Any Policy certificate policy +oid_get_certificate_policies:"551D2000":"Any Policy" + +OID get certificate policy invalid oid +oid_get_certificate_policies:"5533445566":"" + +OID get certificate policy wrong oid - id-ce-authorityKeyIdentifier +oid_get_certificate_policies:"551D23":"" + +OID get Ext Key Usage - id-kp-serverAuth +oid_get_extended_key_usage:"2B06010505070301":"TLS Web Server Authentication" + +OID get Ext Key Usage - id-kp-clientAuth +oid_get_extended_key_usage:"2B06010505070302":"TLS Web Client Authentication" + +OID get Ext Key Usage - id-kp-codeSigning +oid_get_extended_key_usage:"2B06010505070303":"Code Signing" + +OID get Ext Key Usage - id-kp-emailProtection +oid_get_extended_key_usage:"2B06010505070304":"E-mail Protection" + +OID get Ext Key Usage - id-kp-timeStamping +oid_get_extended_key_usage:"2B06010505070308":"Time Stamping" + +OID get Ext Key Usage - id-kp-OCSPSigning +oid_get_extended_key_usage:"2B06010505070309":"OCSP Signing" + +OID get Ext Key Usage - id-kp-wisun-fan-device +oid_get_extended_key_usage:"2B0601040182E42501":"Wi-SUN Alliance Field Area Network (FAN)" + +OID get Ext Key Usage invalid oid +oid_get_extended_key_usage:"5533445566":"" + +OID get Ext Key Usage wrong oid - id-ce-authorityKeyIdentifier +oid_get_extended_key_usage:"551D23":"" + +OID get x509 extension - id-ce-basicConstraints +oid_get_x509_extension:"551D13":MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS + +OID get x509 extension - id-ce-keyUsage +oid_get_x509_extension:"551D0F":MBEDTLS_OID_X509_EXT_KEY_USAGE + +OID get x509 extension - id-ce-extKeyUsage +oid_get_x509_extension:"551D25":MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE + +OID get x509 extension - id-ce-subjectAltName +oid_get_x509_extension:"551D11":MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME + +OID get x509 extension - id-netscape-certtype +oid_get_x509_extension:"6086480186F8420101":MBEDTLS_OID_X509_EXT_NS_CERT_TYPE + +OID get x509 extension - id-ce-certificatePolicies +oid_get_x509_extension:"551D20":MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES + +OID get x509 extension - invalid oid +oid_get_x509_extension:"5533445566":0 + +OID get x509 extension - wrong oid - id-ce +oid_get_x509_extension:"551D":0 + +OID hash id - id-md5 +depends_on:PSA_WANT_ALG_MD5 +oid_get_md_alg_id:"2A864886f70d0205":MBEDTLS_MD_MD5 + +OID hash id - id-sha1 +depends_on:PSA_WANT_ALG_SHA_1 +oid_get_md_alg_id:"2b0e03021a":MBEDTLS_MD_SHA1 + +OID hash id - id-sha224 +depends_on:PSA_WANT_ALG_SHA_224 +oid_get_md_alg_id:"608648016503040204":MBEDTLS_MD_SHA224 + +OID hash id - id-sha256 +depends_on:PSA_WANT_ALG_SHA_256 +oid_get_md_alg_id:"608648016503040201":MBEDTLS_MD_SHA256 + +OID hash id - id-sha384 +depends_on:PSA_WANT_ALG_SHA_384 +oid_get_md_alg_id:"608648016503040202":MBEDTLS_MD_SHA384 + +OID hash id - id-sha512 +depends_on:PSA_WANT_ALG_SHA_512 +oid_get_md_alg_id:"608648016503040203":MBEDTLS_MD_SHA512 + +OID hash id - id-sha3-224 +depends_on:PSA_WANT_ALG_SHA3_224 +oid_get_md_alg_id:"608648016503040207":MBEDTLS_MD_SHA3_224 + +OID hash id - id-sha3-256 +depends_on:PSA_WANT_ALG_SHA3_256 +oid_get_md_alg_id:"608648016503040208":MBEDTLS_MD_SHA3_256 + +OID hash id - id-sha3-384 +depends_on:PSA_WANT_ALG_SHA3_384 +oid_get_md_alg_id:"608648016503040209":MBEDTLS_MD_SHA3_384 + +OID hash id - id-sha3-512 +depends_on:PSA_WANT_ALG_SHA3_512 +oid_get_md_alg_id:"60864801650304020a":MBEDTLS_MD_SHA3_512 + +OID hash id - id-ripemd160 +depends_on:PSA_WANT_ALG_RIPEMD160 +oid_get_md_alg_id:"2b24030201":MBEDTLS_MD_RIPEMD160 + +OID hash id - invalid oid +oid_get_md_alg_id:"2B864886f70d0204":-1 + +mbedtls_oid_get_md_hmac - RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 +mbedtls_oid_get_md_hmac:"2B06010505080104":MBEDTLS_MD_RIPEMD160 + +mbedtls_oid_get_md_hmac - SHA1 +depends_on:PSA_WANT_ALG_SHA_1 +mbedtls_oid_get_md_hmac:"2A864886F70D0207":MBEDTLS_MD_SHA1 + +mbedtls_oid_get_md_hmac - SHA224 +depends_on:PSA_WANT_ALG_SHA_224 +mbedtls_oid_get_md_hmac:"2A864886F70D0208":MBEDTLS_MD_SHA224 + +mbedtls_oid_get_md_hmac - SHA256 +depends_on:PSA_WANT_ALG_SHA_256 +mbedtls_oid_get_md_hmac:"2A864886F70D0209":MBEDTLS_MD_SHA256 + +mbedtls_oid_get_md_hmac - SHA384 +depends_on:PSA_WANT_ALG_SHA_384 +mbedtls_oid_get_md_hmac:"2A864886F70D020A":MBEDTLS_MD_SHA384 + +mbedtls_oid_get_md_hmac - SHA512 +depends_on:PSA_WANT_ALG_SHA_512 +mbedtls_oid_get_md_hmac:"2A864886F70D020B":MBEDTLS_MD_SHA512 + +mbedtls_oid_get_md_hmac - SHA3_224 +depends_on:PSA_WANT_ALG_SHA3_224 +mbedtls_oid_get_md_hmac:"60864801650304020D":MBEDTLS_MD_SHA3_224 + +mbedtls_oid_get_md_hmac - SHA3_256 +depends_on:PSA_WANT_ALG_SHA3_256 +mbedtls_oid_get_md_hmac:"60864801650304020E":MBEDTLS_MD_SHA3_256 + +mbedtls_oid_get_md_hmac - SHA3_384 +depends_on:PSA_WANT_ALG_SHA3_384 +mbedtls_oid_get_md_hmac:"60864801650304020F":MBEDTLS_MD_SHA3_384 + +mbedtls_oid_get_md_hmac - SHA3_512 +depends_on:PSA_WANT_ALG_SHA3_512 +mbedtls_oid_get_md_hmac:"608648016503040210":MBEDTLS_MD_SHA3_512 diff --git a/tests/suites/test_suite_x509_oid.function b/tests/suites/test_suite_x509_oid.function new file mode 100644 index 0000000000..e96425e1aa --- /dev/null +++ b/tests/suites/test_suite_x509_oid.function @@ -0,0 +1,120 @@ +/* BEGIN_HEADER */ +#include "mbedtls/oid.h" +#include "mbedtls/asn1.h" +#include "mbedtls/asn1write.h" +#include "string.h" +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_OID_C:!MBEDTLS_X509_REMOVE_INFO + * END_DEPENDENCIES + */ + +/* BEGIN_CASE */ +void oid_get_certificate_policies(data_t *oid, char *result_str) +{ + mbedtls_asn1_buf asn1_buf = { 0, 0, NULL }; + int ret; + const char *desc; + + asn1_buf.tag = MBEDTLS_ASN1_OID; + asn1_buf.p = oid->x; + asn1_buf.len = oid->len; + + ret = mbedtls_oid_get_certificate_policies(&asn1_buf, &desc); + if (strlen(result_str) == 0) { + TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + } else { + TEST_ASSERT(ret == 0); + TEST_ASSERT(strcmp((char *) desc, result_str) == 0); + } +} +/* END_CASE */ + +/* BEGIN_CASE */ +void oid_get_extended_key_usage(data_t *oid, char *result_str) +{ + mbedtls_asn1_buf asn1_buf = { 0, 0, NULL }; + int ret; + const char *desc; + + asn1_buf.tag = MBEDTLS_ASN1_OID; + asn1_buf.p = oid->x; + asn1_buf.len = oid->len; + + ret = mbedtls_oid_get_extended_key_usage(&asn1_buf, &desc); + if (strlen(result_str) == 0) { + TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + } else { + TEST_ASSERT(ret == 0); + TEST_ASSERT(strcmp((char *) desc, result_str) == 0); + } +} +/* END_CASE */ + +/* BEGIN_CASE */ +void oid_get_x509_extension(data_t *oid, int exp_type) +{ + mbedtls_asn1_buf ext_oid = { 0, 0, NULL }; + int ret; + int ext_type; + + ext_oid.tag = MBEDTLS_ASN1_OID; + ext_oid.p = oid->x; + ext_oid.len = oid->len; + + ret = mbedtls_oid_get_x509_ext_type(&ext_oid, &ext_type); + if (exp_type == 0) { + TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + } else { + TEST_ASSERT(ret == 0); + TEST_ASSERT(ext_type == exp_type); + } +} +/* END_CASE */ + +/* BEGIN_CASE */ +void oid_get_md_alg_id(data_t *oid, int exp_md_id) +{ + mbedtls_asn1_buf md_oid = { 0, 0, NULL }; + int ret; + mbedtls_md_type_t md_id = 0; + + md_oid.tag = MBEDTLS_ASN1_OID; + md_oid.p = oid->x; + md_oid.len = oid->len; + + ret = mbedtls_oid_get_md_alg(&md_oid, &md_id); + + if (exp_md_id < 0) { + TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + TEST_ASSERT(md_id == 0); + } else { + TEST_ASSERT(ret == 0); + TEST_ASSERT((mbedtls_md_type_t) exp_md_id == md_id); + } +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mbedtls_oid_get_md_hmac(data_t *oid, int exp_md_id) +{ + mbedtls_asn1_buf md_oid = { 0, 0, NULL }; + int ret; + mbedtls_md_type_t md_id = 0; + + md_oid.tag = MBEDTLS_ASN1_OID; + md_oid.p = oid->x; + md_oid.len = oid->len; + + ret = mbedtls_oid_get_md_hmac(&md_oid, &md_id); + + if (exp_md_id < 0) { + TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + TEST_ASSERT(md_id == 0); + } else { + TEST_ASSERT(ret == 0); + TEST_ASSERT((mbedtls_md_type_t) exp_md_id == md_id); + } +} +/* END_CASE */ From 06af417cea6ee8bdc4f8758813b259638e52af36 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 8 Jan 2025 17:26:01 +0100 Subject: [PATCH 0503/1548] Disable warning from gcc -pedantic on dlsym/dlopen Signed-off-by: Gilles Peskine --- programs/test/dlopen.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index ec4ee7ea77..bb7fba88af 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -50,8 +50,15 @@ int main(void) #if defined(MBEDTLS_SSL_TLS_C) void *tls_so = dlopen(TLS_SO_FILENAME, RTLD_NOW); CHECK_DLERROR("dlopen", TLS_SO_FILENAME); +#pragma GCC diagnostic push + /* dlsym() returns an object pointer which is meant to be used as a + * function pointer. This has undefined behavior in standard C, so + * "gcc -std=c99 -pedantic" complains about it, but it is perfectly + * fine on platforms that have dlsym(). */ +#pragma GCC diagnostic ignored "-Wpedantic" const int *(*ssl_list_ciphersuites)(void) = dlsym(tls_so, "mbedtls_ssl_list_ciphersuites"); +#pragma GCC diagnostic pop CHECK_DLERROR("dlsym", "mbedtls_ssl_list_ciphersuites"); const int *ciphersuites = ssl_list_ciphersuites(); for (n = 0; ciphersuites[n] != 0; n++) {/* nothing to do, we're just counting */ @@ -85,9 +92,15 @@ int main(void) CHECK_DLERROR("dlopen", TFPSACRYPTO_SO_FILENAME); crypto_so_filename = TFPSACRYPTO_SO_FILENAME; } - +#pragma GCC diagnostic push + /* dlsym() returns an object pointer which is meant to be used as a + * function pointer. This has undefined behavior in standard C, so + * "gcc -std=c99 -pedantic" complains about it, but it is perfectly + * fine on platforms that have dlsym(). */ +#pragma GCC diagnostic ignored "-Wpedantic" const int *(*md_list)(void) = dlsym(crypto_so, "mbedtls_md_list"); +#pragma GCC diagnostic pop CHECK_DLERROR("dlsym", "mbedtls_md_list"); const int *mds = md_list(); for (n = 0; mds[n] != 0; n++) {/* nothing to do, we're just counting */ From 579475d5d3bb80a1a69a9897c75408ca28e7ac12 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 7 Dec 2024 15:08:35 +0100 Subject: [PATCH 0504/1548] Test with GCC 15 Non-regression for https://github.com/Mbed-TLS/mbedtls/issues/9814 Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 74543b13e9..83fcf9b130 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -73,6 +73,23 @@ support_test_gcc_latest_opt () { type "$GCC_LATEST" >/dev/null 2>/dev/null } +# Prepare for a non-regression for https://github.com/Mbed-TLS/mbedtls/issues/9814 : +# test with GCC 15 (initially, a snapshot, since GCC 15 isn't released yet +# at the time of writing). +# Eventually, $GCC_LATEST will be GCC 15 or above, and we can remove this +# separate component. +# For the time being, we don't make $GCC_LATEST be GCC 15 on the CI +# platform, because that would break branches where #9814 isn'f fixed yet. +support_test_gcc15_opt () { + test -x /usr/local/gcc-15/bin/gcc-15 +} +component_test_gcc15_opt () { + scripts/config.py full + # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, + # disable the new problematic optimization. + test_build_opt 'full config' "/usr/local/gcc-15/bin/gcc-15 -fzero-init-padding-bits=unions" -O2 +} + component_test_gcc_earliest_opt () { scripts/config.py full test_build_opt 'full config' "$GCC_EARLIEST" -O2 From 6e245040d45f563b11282095289929231394665a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 7 Dec 2024 23:32:22 +0100 Subject: [PATCH 0505/1548] GCC 15: Silence -Wunterminated-string-initialization This is a new warning in GCC 15 that our code base triggers in many places. Silence it for the time being. Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 83fcf9b130..5b78c83a85 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -87,7 +87,9 @@ component_test_gcc15_opt () { scripts/config.py full # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, # disable the new problematic optimization. - test_build_opt 'full config' "/usr/local/gcc-15/bin/gcc-15 -fzero-init-padding-bits=unions" -O2 + # Also disable a warning that we don't yet comply to. + make CC="/usr/local/gcc-15/bin/gcc-15" CFLAGS="-O2 -Wall -Wextra -Werror -fzero-init-padding-bits=unions -Wno-error=unterminated-string-initialization" + make test } component_test_gcc_earliest_opt () { From 27f0713988e62187202615cb315c4b0d30dcc812 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Feb 2025 20:01:52 +0100 Subject: [PATCH 0506/1548] Enable drivers when testing with GCC 15 The goal of testing with GCC 15 is to validate fixes for https://github.com/Mbed-TLS/mbedtls/issues/9814 . The bug is present in multiple places, and some of them affect third-party drivers but not our built-in implementation. (The bug is that driver contexts might not be zero-initialized, but some of our built-in implementations happen not to care about this.) Thus, enable the test drivers in the test component that uses GCC 15, to gain the extra checks performed in the driver wrappers. Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 5b78c83a85..0110d704dd 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -80,15 +80,23 @@ support_test_gcc_latest_opt () { # separate component. # For the time being, we don't make $GCC_LATEST be GCC 15 on the CI # platform, because that would break branches where #9814 isn'f fixed yet. -support_test_gcc15_opt () { +support_test_gcc15_drivers_opt () { test -x /usr/local/gcc-15/bin/gcc-15 } -component_test_gcc15_opt () { +component_test_gcc15_drivers_opt () { + msg "build: GCC 15: full + test drivers dispatching to builtins" scripts/config.py full + loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" + loc_cflags="${loc_cflags} -I../framework/tests/include -O2" # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, # disable the new problematic optimization. + loc_cflags="${loc_cflags} -fzero-init-padding-bits=unions" # Also disable a warning that we don't yet comply to. - make CC="/usr/local/gcc-15/bin/gcc-15" CFLAGS="-O2 -Wall -Wextra -Werror -fzero-init-padding-bits=unions -Wno-error=unterminated-string-initialization" + loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization" + + make CC=/usr/local/gcc-15/bin/gcc-15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + + msg "test: GCC 15: full + test drivers dispatching to builtins" make test } From d69bfb9044189c7fe3608dc80b293f68ba867a42 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Feb 2025 20:26:21 +0100 Subject: [PATCH 0507/1548] Allow gcc-15 to be in $PATH Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 0110d704dd..e0dfe49e0d 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -81,7 +81,13 @@ support_test_gcc_latest_opt () { # For the time being, we don't make $GCC_LATEST be GCC 15 on the CI # platform, because that would break branches where #9814 isn'f fixed yet. support_test_gcc15_drivers_opt () { - test -x /usr/local/gcc-15/bin/gcc-15 + if type gcc-15 >/dev/null 2>/dev/null; then + GCC_15=gcc-15 + elif [ -x /usr/local/gcc-15/bin/gcc-15 ]; then + GCC_15=/usr/local/gcc-15/bin/gcc-15 + else + return 1 + fi } component_test_gcc15_drivers_opt () { msg "build: GCC 15: full + test drivers dispatching to builtins" @@ -94,7 +100,7 @@ component_test_gcc15_drivers_opt () { # Also disable a warning that we don't yet comply to. loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization" - make CC=/usr/local/gcc-15/bin/gcc-15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + make CC=$GCC_15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" msg "test: GCC 15: full + test drivers dispatching to builtins" make test From d0e799ad8bfd865f43c0d4178fd6b762c853594a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 30 Apr 2025 16:57:07 +0200 Subject: [PATCH 0508/1548] Improve comments Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index e0dfe49e0d..52ba8bf732 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -74,12 +74,11 @@ support_test_gcc_latest_opt () { } # Prepare for a non-regression for https://github.com/Mbed-TLS/mbedtls/issues/9814 : -# test with GCC 15 (initially, a snapshot, since GCC 15 isn't released yet -# at the time of writing). +# test with GCC 15. # Eventually, $GCC_LATEST will be GCC 15 or above, and we can remove this # separate component. # For the time being, we don't make $GCC_LATEST be GCC 15 on the CI -# platform, because that would break branches where #9814 isn'f fixed yet. +# platform, because that would break branches where #9814 isn't fixed yet. support_test_gcc15_drivers_opt () { if type gcc-15 >/dev/null 2>/dev/null; then GCC_15=gcc-15 @@ -97,7 +96,8 @@ component_test_gcc15_drivers_opt () { # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, # disable the new problematic optimization. loc_cflags="${loc_cflags} -fzero-init-padding-bits=unions" - # Also disable a warning that we don't yet comply to. + # Also allow a warning that we don't yet comply to. + # https://github.com/Mbed-TLS/mbedtls/issues/9944 loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization" make CC=$GCC_15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" From dcff079ea43dde755eff64e61168399b2c762fdc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 29 Apr 2025 22:17:26 +0200 Subject: [PATCH 0509/1548] Update submodules Signed-off-by: Gilles Peskine --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 5ab6c9c8d6..dc6c60204b 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 5ab6c9c8d6fae90fa46f51fbc7d5d1327a041388 +Subproject commit dc6c60204bbf841f0b118840813e561a399e4d73 From 46771ff0d62a28c005ecd22cf926f18cc2e4d5ae Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 19:17:35 +0200 Subject: [PATCH 0510/1548] Remove trace of secp224k1 The curve secp224k1 was supported in the legacy API in Mbed TLS <=3.6, but removed after 3.6, and was never implemented in PSA. Remove this old trace of it. This is a partial cherry-pick of 32c82f0c369117b22d8a40e51723c364156d1aff Signed-off-by: Gilles Peskine --- library/x509_oid.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/x509_oid.c b/library/x509_oid.c index ad3d8e03bc..d05a36d5bc 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -578,12 +578,6 @@ static const oid_ecp_grp_t oid_ecp_grp[] = MBEDTLS_ECP_DP_SECP192K1, }, #endif /* PSA_WANT_ECC_SECP_K1_192 */ -#if defined(PSA_WANT_ECC_SECP_K1_224) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1", "secp224k1"), - MBEDTLS_ECP_DP_SECP224K1, - }, -#endif /* PSA_WANT_ECC_SECP_K1_224 */ #if defined(PSA_WANT_ECC_SECP_K1_256) { OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1", "secp256k1"), From e23afdd7659890fd21b3004b746b5ca08ee3fd63 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 14 Apr 2025 13:15:55 +0100 Subject: [PATCH 0511/1548] remove compat-2.x.h Signed-off-by: Ben Taylor --- docs/psa-transition.md | 1 - include/mbedtls/compat-2.x.h | 46 ------------------------------------ 2 files changed, 47 deletions(-) delete mode 100644 include/mbedtls/compat-2.x.h diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 0758061f82..60878d94f6 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -115,7 +115,6 @@ Note that a key consumes a key store entry, which is distinct from heap memory, | `check_config.h` | N/A | No public APIs (internal support header) | | `cipher.h` | `mbedtls_cipher_` | [Symmetric encryption](#symmetric-encryption) | | `cmac.h` | `mbedtls_cipher_cmac_` | [Hashes and MAC](#hashes-and-mac), [MAC calculation](#mac-calculation) | -| `compat-2.x.h` | various | None (transitional APIs) | | `config_psa.h` | N/A | No public APIs (internal support header) | | `constant_time.h` | `mbedtls_ct_` | [Constant-time functions](#constant-time-functions) | | `ctr_drbg.h` | `mbedtls_ctr_drbg_` | [Random generation interface](#random-generation-interface), [Deterministic pseudorandom generation](#deterministic-pseudorandom-generation) | diff --git a/include/mbedtls/compat-2.x.h b/include/mbedtls/compat-2.x.h deleted file mode 100644 index 096341ba76..0000000000 --- a/include/mbedtls/compat-2.x.h +++ /dev/null @@ -1,46 +0,0 @@ -/** - * \file compat-2.x.h - * - * \brief Compatibility definitions - * - * \deprecated Use the new names directly instead - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#if defined(MBEDTLS_DEPRECATED_WARNING) -#warning "Including compat-2.x.h is deprecated" -#endif - -#ifndef MBEDTLS_COMPAT2X_H -#define MBEDTLS_COMPAT2X_H - -/* - * Macros for renamed functions - */ -#define mbedtls_ctr_drbg_update_ret mbedtls_ctr_drbg_update -#define mbedtls_hmac_drbg_update_ret mbedtls_hmac_drbg_update -#define mbedtls_md5_starts_ret mbedtls_md5_starts -#define mbedtls_md5_update_ret mbedtls_md5_update -#define mbedtls_md5_finish_ret mbedtls_md5_finish -#define mbedtls_md5_ret mbedtls_md5 -#define mbedtls_ripemd160_starts_ret mbedtls_ripemd160_starts -#define mbedtls_ripemd160_update_ret mbedtls_ripemd160_update -#define mbedtls_ripemd160_finish_ret mbedtls_ripemd160_finish -#define mbedtls_ripemd160_ret mbedtls_ripemd160 -#define mbedtls_sha1_starts_ret mbedtls_sha1_starts -#define mbedtls_sha1_update_ret mbedtls_sha1_update -#define mbedtls_sha1_finish_ret mbedtls_sha1_finish -#define mbedtls_sha1_ret mbedtls_sha1 -#define mbedtls_sha256_starts_ret mbedtls_sha256_starts -#define mbedtls_sha256_update_ret mbedtls_sha256_update -#define mbedtls_sha256_finish_ret mbedtls_sha256_finish -#define mbedtls_sha256_ret mbedtls_sha256 -#define mbedtls_sha512_starts_ret mbedtls_sha512_starts -#define mbedtls_sha512_update_ret mbedtls_sha512_update -#define mbedtls_sha512_finish_ret mbedtls_sha512_finish -#define mbedtls_sha512_ret mbedtls_sha512 - -#endif /* MBEDTLS_COMPAT2X_H */ From 4c9ad3cfe6239ffafa4a6816f9984fd5f8008311 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 30 Apr 2025 08:21:20 +0100 Subject: [PATCH 0512/1548] Add ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-compat-2.x.h | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/remove-compat-2.x.h diff --git a/ChangeLog.d/remove-compat-2.x.h b/ChangeLog.d/remove-compat-2.x.h new file mode 100644 index 0000000000..37f012c217 --- /dev/null +++ b/ChangeLog.d/remove-compat-2.x.h @@ -0,0 +1,2 @@ +Removals + * Remove compat-2-x.h header from mbedtls. From d056136a4d40dda9c36f8abe0b12da4c016bbdfe Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 30 Apr 2025 11:53:04 +0100 Subject: [PATCH 0513/1548] Correct ChangeLog file extension Signed-off-by: Ben Taylor --- ChangeLog.d/{remove-compat-2.x.h => remove-compat-2.x.txt} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ChangeLog.d/{remove-compat-2.x.h => remove-compat-2.x.txt} (100%) diff --git a/ChangeLog.d/remove-compat-2.x.h b/ChangeLog.d/remove-compat-2.x.txt similarity index 100% rename from ChangeLog.d/remove-compat-2.x.h rename to ChangeLog.d/remove-compat-2.x.txt From e718e835ee4a000f8cb8a0b374d51ce81b818cb4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 7 May 2025 13:04:38 +0100 Subject: [PATCH 0514/1548] reverted compat-2.x.h removal from psa-transition.md Signed-off-by: Ben Taylor --- docs/psa-transition.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 60878d94f6..0758061f82 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -115,6 +115,7 @@ Note that a key consumes a key store entry, which is distinct from heap memory, | `check_config.h` | N/A | No public APIs (internal support header) | | `cipher.h` | `mbedtls_cipher_` | [Symmetric encryption](#symmetric-encryption) | | `cmac.h` | `mbedtls_cipher_cmac_` | [Hashes and MAC](#hashes-and-mac), [MAC calculation](#mac-calculation) | +| `compat-2.x.h` | various | None (transitional APIs) | | `config_psa.h` | N/A | No public APIs (internal support header) | | `constant_time.h` | `mbedtls_ct_` | [Constant-time functions](#constant-time-functions) | | `ctr_drbg.h` | `mbedtls_ctr_drbg_` | [Random generation interface](#random-generation-interface), [Deterministic pseudorandom generation](#deterministic-pseudorandom-generation) | From f13fd1e2727f7861a7b637d52a6bcb950e9f603f Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 25 Sep 2024 15:49:09 +0200 Subject: [PATCH 0515/1548] Use PSA macros for the `pkalgs` domain Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 99 ++++++++++++++++++++-------------------- 1 file changed, 50 insertions(+), 49 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 5e025ba79b..cfd9f406d4 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -281,50 +281,52 @@ def test(self, options): 'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'], 'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_224': ['MBEDTLS_ECP_DP_SECP224R1_ENABLED'], - 'PSA_WANT_ECC_SECP_R1_256': ['MBEDTLS_ECJPAKE_C', + 'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE', 'MBEDTLS_ECP_DP_SECP256R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'], 'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'], 'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'], - 'MBEDTLS_ECDSA_C': ['MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', - 'PSA_WANT_ALG_ECDSA', - 'PSA_WANT_ALG_DETERMINISTIC_ECDSA'], - 'MBEDTLS_ECP_C': ['MBEDTLS_ECDSA_C', - 'MBEDTLS_ECDH_C', 'PSA_WANT_ALG_ECDH', - 'MBEDTLS_ECJPAKE_C', - 'MBEDTLS_ECP_RESTARTABLE', - 'MBEDTLS_PK_PARSE_EC_EXTENDED', - 'MBEDTLS_PK_PARSE_EC_COMPRESSED', - 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', - 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED', - 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED', - 'PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE', - 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE'], - 'MBEDTLS_ECJPAKE_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', - 'PSA_WANT_ALG_JPAKE'], - 'MBEDTLS_PKCS1_V21': ['MBEDTLS_X509_RSASSA_PSS_SUPPORT', - 'PSA_WANT_ALG_RSA_OAEP', - 'PSA_WANT_ALG_RSA_PSS'], - 'MBEDTLS_PKCS1_V15': ['MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', - 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT', - 'PSA_WANT_ALG_RSA_PKCS1V15_SIGN'], - 'MBEDTLS_RSA_C': ['MBEDTLS_PKCS1_V15', - 'MBEDTLS_PKCS1_V21', - 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', - 'PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE'], + 'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', + 'MBEDTLS_ECDSA_C'], + 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC': [ + 'PSA_WANT_ALG_ECDSA', + 'PSA_WANT_ALG_ECDH', 'MBEDTLS_ECDH_C', + 'PSA_WANT_ALG_JPAKE', + 'PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY', + 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT', + 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT', + 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE', + 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE', + 'MBEDTLS_ECP_RESTARTABLE', + 'MBEDTLS_PK_PARSE_EC_EXTENDED', + 'MBEDTLS_PK_PARSE_EC_COMPRESSED', + 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', + 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED', + 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED', + 'MBEDTLS_ECP_C'], + 'PSA_WANT_ALG_JPAKE': ['MBEDTLS_ECJPAKE_C', + 'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], + 'PSA_WANT_ALG_RSA_OAEP': ['PSA_WANT_ALG_RSA_PSS', + 'MBEDTLS_X509_RSASSA_PSS_SUPPORT', + 'MBEDTLS_PKCS1_V21'], + 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT': ['PSA_WANT_ALG_RSA_PKCS1V15_SIGN', + 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', + 'MBEDTLS_PKCS1_V15'], + 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC': [ + 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT', + 'PSA_WANT_ALG_RSA_OAEP', + 'PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY', + 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT', + 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT', + 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE', + 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', + 'MBEDTLS_RSA_C'], 'MBEDTLS_MD5_C' : ['PSA_WANT_ALG_MD5'], 'MBEDTLS_RIPEMD160_C' : ['PSA_WANT_ALG_RIPEMD160'], @@ -359,12 +361,10 @@ def test(self, options): EXCLUSIVE_GROUPS = { 'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C', '-MBEDTLS_SSL_TLS_C'], - 'PSA_WANT_ECC_MONTGOMERY_448': ['-MBEDTLS_ECDSA_C', - '-MBEDTLS_ECDSA_DETERMINISTIC', - '-MBEDTLS_ECJPAKE_C',], - 'PSA_WANT_ECC_MONTGOMERY_255': ['-MBEDTLS_ECDSA_C', - '-MBEDTLS_ECDSA_DETERMINISTIC', - '-MBEDTLS_ECJPAKE_C'], + 'PSA_WANT_ECC_MONTGOMERY_448': ['-PSA_WANT_ALG_ECDSA', + '-PSA_WANT_ALG_JPAKE',], + 'PSA_WANT_ECC_MONTGOMERY_255': ['-PSA_WANT_ALG_ECDSA', + '-PSA_WANT_ALG_JPAKE'], 'PSA_WANT_KEY_TYPE_ARIA': ['-PSA_WANT_ALG_CMAC', '-PSA_WANT_ALG_CCM', '-PSA_WANT_ALG_GCM', @@ -559,11 +559,12 @@ def __init__(self, options, conf): '|MBEDTLS_SHA3_'), # Key exchange types. 'kex': ExclusiveDomain(key_exchange_symbols, build_and_test), - 'pkalgs': ComplementaryDomain(['MBEDTLS_ECDSA_C', - 'MBEDTLS_ECP_C', - 'MBEDTLS_PKCS1_V21', - 'MBEDTLS_PKCS1_V15', - 'MBEDTLS_RSA_C', + + 'pkalgs': ComplementaryDomain(['PSA_WANT_ALG_ECDSA', + 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC', + 'PSA_WANT_ALG_RSA_OAEP', + 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT', + 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC', 'MBEDTLS_X509_RSASSA_PSS_SUPPORT'], build_and_test), } From 43a1e733d8453dc77518c514626e8234c2abb59b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 May 2025 16:41:52 +0200 Subject: [PATCH 0516/1548] Fix undocumented free() in x509_string_to_names() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now programs/x509/cert_write san="DN:CN=#0000;DN:CN=#0000" is no longer crashing with use-after-free, instead it's now failing cleanly: failed ! mbedtls_x509_string_to_names returned -0x2800 - X509 - Input invalid That's better of course but still not great, will be fixed by future commits. Signed-off-by: Manuel Pégourié-Gonnard --- .../fix-string-to-names-memory-management.txt | 18 ++++++++++++++++++ include/mbedtls/x509.h | 3 ++- library/x509_create.c | 8 ++++++-- 3 files changed, 26 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/fix-string-to-names-memory-management.txt diff --git a/ChangeLog.d/fix-string-to-names-memory-management.txt b/ChangeLog.d/fix-string-to-names-memory-management.txt new file mode 100644 index 0000000000..1b2198287d --- /dev/null +++ b/ChangeLog.d/fix-string-to-names-memory-management.txt @@ -0,0 +1,18 @@ +Security + * Fix possible use-after-free or double-free in code calling + mbedtls_x509_string_to_names(). This was caused by the function calling + mbedtls_asn1_free_named_data_list() on its head argument, while the + documentation did no suggest it did, making it likely for callers relying + on the documented behaviour to still hold pointers to memory blocks after + they were free()d, resulting in high risk of use-after-free or double-free, + with consequences ranging up to arbitrary code execution. + In particular, the two sample programs x509/cert_write and x509/cert_req + were affected (use-after-free if the san string contains more than one DN). + Code that does not call mbedtls_string_to_names() directly is not affected. + Found by Linh Le and Ngan Nguyen from Calif. + +Changes + * The function mbedtls_x509_string_to_names() now requires its head argument + to point to NULL on entry. This make it likely that existing risky uses of + this function (see the entry in the Security section) will be detected and + fixed. diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 18df19ce6c..081acff9ad 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -332,7 +332,8 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn); * call to mbedtls_asn1_free_named_data_list(). * * \param[out] head Address in which to store the pointer to the head of the - * allocated list of mbedtls_x509_name + * allocated list of mbedtls_x509_name. Must point to NULL on + * entry. * \param[in] name The string representation of a DN to convert * * \return 0 on success, or a negative error code. diff --git a/library/x509_create.c b/library/x509_create.c index 48ac080cbe..093cf88ed9 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -467,8 +467,12 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam unsigned char data[MBEDTLS_X509_MAX_DN_NAME_SIZE]; size_t data_len = 0; - /* Clear existing chain if present */ - mbedtls_asn1_free_named_data_list(head); + /* Ensure the output parameter is not already populated. + * (If it were, overwriting it would likely cause a memory leak.) + */ + if (*head != NULL) { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } while (c <= end) { if (in_attr_type && *c == '=') { From 2dc6b583acde7dfe99e920e7c41edec49de54da5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 May 2025 16:49:45 +0200 Subject: [PATCH 0517/1548] Restore behaviour of mbedtls_x509write_set_foo_name() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The documentation doesn't say you can't call these functions more than once on the same context, and if you do it shouldn't result in a memory leak. Historically, the call to mbedtls_asn1_free_named_data_list() in mbedtls_x509_string_to_names() (that was removed in the previous commit) was ensuring that. Let's restore it where it makes sense. (These are the only 3 places calling mbedtls_x509_string_to_names() in the library.) Signed-off-by: Manuel Pégourié-Gonnard --- library/x509write_crt.c | 2 ++ library/x509write_csr.c | 1 + 2 files changed, 3 insertions(+) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 7d207481c2..932d28d435 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -81,12 +81,14 @@ void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, const char *subject_name) { + mbedtls_asn1_free_named_data_list(&ctx->subject); return mbedtls_x509_string_to_names(&ctx->subject, subject_name); } int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, const char *issuer_name) { + mbedtls_asn1_free_named_data_list(&ctx->issuer); return mbedtls_x509_string_to_names(&ctx->issuer, issuer_name); } diff --git a/library/x509write_csr.c b/library/x509write_csr.c index e65ddb07f4..65403055c6 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -63,6 +63,7 @@ void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx, mbedtls_pk_contex int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx, const char *subject_name) { + mbedtls_asn1_free_named_data_list(&ctx->subject); return mbedtls_x509_string_to_names(&ctx->subject, subject_name); } From 6b1147993c3a28fc05807db338ece7ae8f881770 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 May 2025 17:09:14 +0200 Subject: [PATCH 0518/1548] Fix runtime error in cert_write & cert_req MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The runtime error was introduced two commits ago (while avoiding a use-after-free). Now the programs run cleanly but still leak memory. The memory leak is long pre-existing and larger than just DN components (which are made temporarily slightly worse by this commit) and will be fixed properly in the next commit. Signed-off-by: Manuel Pégourié-Gonnard --- programs/x509/cert_req.c | 13 +++++++++---- programs/x509/cert_write.c | 13 +++++++++---- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index f09e93863a..8677cbb04f 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -150,7 +150,6 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "csr example app"; mbedtls_x509_san_list *cur, *prev; - mbedtls_asn1_named_data *ext_san_dirname = NULL; #if defined(MBEDTLS_X509_CRT_PARSE_C) uint8_t ip[4] = { 0 }; #endif @@ -274,7 +273,12 @@ int main(int argc, char *argv[]) cur->node.san.unstructured_name.len = sizeof(ip); } else if (strcmp(q, "DN") == 0) { cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; - if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname, + /* Work around an API mismatch between string_to_names() and + * mbedtls_x509_subject_alternative_name, which holds an + * actual mbedtls_x509_name while a pointer to one would be + * more convenient here. */ + mbedtls_asn1_named_data *tmp_san_dirname = NULL; + if ((ret = mbedtls_x509_string_to_names(&tmp_san_dirname, subtype_value)) != 0) { mbedtls_strerror(ret, buf, sizeof(buf)); mbedtls_printf( @@ -283,7 +287,9 @@ int main(int argc, char *argv[]) (unsigned int) -ret, buf); goto exit; } - cur->node.san.directory_name = *ext_san_dirname; + cur->node.san.directory_name = *tmp_san_dirname; + mbedtls_free(tmp_san_dirname); + tmp_san_dirname = NULL; } else { mbedtls_free(cur); goto usage; @@ -490,7 +496,6 @@ int main(int argc, char *argv[]) } mbedtls_x509write_csr_free(&req); - mbedtls_asn1_free_named_data_list(&ext_san_dirname); mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 9776dc1c37..aa70a17549 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -310,7 +310,6 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "crt example app"; mbedtls_x509_san_list *cur, *prev; - mbedtls_asn1_named_data *ext_san_dirname = NULL; uint8_t ip[4] = { 0 }; /* * Set to sane values @@ -593,7 +592,12 @@ int main(int argc, char *argv[]) cur->node.san.unstructured_name.len = sizeof(ip); } else if (strcmp(q, "DN") == 0) { cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; - if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname, + /* Work around an API mismatch between string_to_names() and + * mbedtls_x509_subject_alternative_name, which holds an + * actual mbedtls_x509_name while a pointer to one would be + * more convenient here. */ + mbedtls_asn1_named_data *tmp_san_dirname = NULL; + if ((ret = mbedtls_x509_string_to_names(&tmp_san_dirname, subtype_value)) != 0) { mbedtls_strerror(ret, buf, sizeof(buf)); mbedtls_printf( @@ -602,7 +606,9 @@ int main(int argc, char *argv[]) (unsigned int) -ret, buf); goto exit; } - cur->node.san.directory_name = *ext_san_dirname; + cur->node.san.directory_name = *tmp_san_dirname; + mbedtls_free(tmp_san_dirname); + tmp_san_dirname = NULL; } else { mbedtls_free(cur); goto usage; @@ -994,7 +1000,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_X509_CSR_PARSE_C) mbedtls_x509_csr_free(&csr); #endif /* MBEDTLS_X509_CSR_PARSE_C */ - mbedtls_asn1_free_named_data_list(&ext_san_dirname); mbedtls_x509_crt_free(&issuer_crt); mbedtls_x509write_crt_free(&crt); mbedtls_pk_free(&loaded_subject_key); From b0958627224ed9c9f767f06bc5f803b755d5d035 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 May 2025 17:31:35 +0200 Subject: [PATCH 0519/1548] Fix memory leak in cert_write & cert_req MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit That memory leak had been present ever since the san command-line argument has been added. Tested that the following invocation is now fully valgrind clean: programs/x509/cert_write san=DN:C=NL,CN=#0000,CN=foo;DN:CN=#0000,O=foo,OU=bar,C=UK;IP:1.2.3.4;IP:4.3.2.1;URI:http\\://example.org/;URI:foo;DNS:foo.example.org;DNS:bar.example.org Signed-off-by: Manuel Pégourié-Gonnard --- programs/x509/cert_req.c | 17 +++++++++++++++++ programs/x509/cert_write.c | 17 +++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 8677cbb04f..605d78c578 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -495,6 +495,23 @@ int main(int argc, char *argv[]) #endif } + cur = opt.san_list; + while (cur != NULL) { + mbedtls_x509_san_list *next = cur->next; + /* Note: mbedtls_x509_free_subject_alt_name() is not what we want here. + * It's the right thing for entries that were parsed from a certificate, + * where pointers are to the raw certificate, but here all the + * pointers were allocated while parsing from a user-provided string. */ + if (cur->node.type == MBEDTLS_X509_SAN_DIRECTORY_NAME) { + mbedtls_x509_name dn = cur->node.san.directory_name; + mbedtls_free(dn.oid.p); + mbedtls_free(dn.val.p); + mbedtls_asn1_free_named_data_list(&dn.next); + } + mbedtls_free(cur); + cur = next; + } + mbedtls_x509write_csr_free(&req); mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index aa70a17549..268036147d 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -997,6 +997,23 @@ int main(int argc, char *argv[]) exit_code = MBEDTLS_EXIT_SUCCESS; exit: + cur = opt.san_list; + while (cur != NULL) { + mbedtls_x509_san_list *next = cur->next; + /* Note: mbedtls_x509_free_subject_alt_name() is not what we want here. + * It's the right thing for entries that were parsed from a certificate, + * where pointers are to the raw certificate, but here all the + * pointers were allocated while parsing from a user-provided string. */ + if (cur->node.type == MBEDTLS_X509_SAN_DIRECTORY_NAME) { + mbedtls_x509_name dn = cur->node.san.directory_name; + mbedtls_free(dn.oid.p); + mbedtls_free(dn.val.p); + mbedtls_asn1_free_named_data_list(&dn.next); + } + mbedtls_free(cur); + cur = next; + } + #if defined(MBEDTLS_X509_CSR_PARSE_C) mbedtls_x509_csr_free(&csr); #endif /* MBEDTLS_X509_CSR_PARSE_C */ From bda3ab927826ae7603a46d8073790cc051848976 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 May 2025 18:25:26 +0200 Subject: [PATCH 0520/1548] Add unit test for new behaviour of string_to_names() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_x509write.function | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index f3a161ca52..6893c8bc7d 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -669,6 +669,11 @@ void mbedtls_x509_string_to_names(char *name, char *parsed_name, TEST_LE_S(1, ret); TEST_ASSERT(strcmp((char *) out, parsed_name) == 0); + /* Check that calling a 2nd time with the same param (now non-NULL) + * returns an error as expected. */ + ret = mbedtls_x509_string_to_names(&names, name); + TEST_EQUAL(ret, MBEDTLS_ERR_X509_BAD_INPUT_DATA); + exit: mbedtls_asn1_free_named_data_list(&names); From e2d71ccc647f58462af755f7c869a5a1ad4d96de Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Mon, 18 Mar 2024 12:32:30 +0000 Subject: [PATCH 0521/1548] Mark ssl_tls12_preset_default_sig_algs const To place in flash and save RAM on targets where this applies. Signed-off-by: Deomid rojer Ryabkov --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f95f3c7c99..e7c4141abb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5385,7 +5385,7 @@ static const uint16_t ssl_preset_default_sig_algs[] = { /* NOTICE: see above */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -static uint16_t ssl_tls12_preset_default_sig_algs[] = { +static const uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(PSA_WANT_ALG_SHA_512) #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) From 7dddc1724fc7fe5adf7313454618aeed610be625 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Wed, 20 Mar 2024 00:43:34 +0000 Subject: [PATCH 0522/1548] Mark ssl_tls12_preset_suiteb_sig_algs const Signed-off-by: Deomid rojer Ryabkov --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e7c4141abb..0c992bf010 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5449,7 +5449,7 @@ static const uint16_t ssl_preset_suiteb_sig_algs[] = { /* NOTICE: see above */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { +static const uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { #if defined(PSA_WANT_ALG_SHA_256) #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) From 421318c074e9ad39ecf12820755c0486f5eaf088 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 May 2025 19:50:07 +0200 Subject: [PATCH 0523/1548] Update crypto with the union initialization fixes Signed-off-by: Gilles Peskine --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index dc6c60204b..35ae18cf89 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit dc6c60204bbf841f0b118840813e561a399e4d73 +Subproject commit 35ae18cf891d3675584da41f7e830f1de5f87f07 From b9da11f289783a763c352f14be29927921a8e0c6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 18:50:51 +0200 Subject: [PATCH 0524/1548] Test with GCC 15 with sloppy union initialization This is a non-regression test for https://github.com/Mbed-TLS/mbedtls/issues/9814 Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 52ba8bf732..6f311ac921 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -93,10 +93,7 @@ component_test_gcc15_drivers_opt () { scripts/config.py full loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" loc_cflags="${loc_cflags} -I../framework/tests/include -O2" - # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, - # disable the new problematic optimization. - loc_cflags="${loc_cflags} -fzero-init-padding-bits=unions" - # Also allow a warning that we don't yet comply to. + # Allow a warning that we don't yet comply to. # https://github.com/Mbed-TLS/mbedtls/issues/9944 loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization" From e0ce40bc8f2e7af6fb2e12852168620b7f961e57 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Mon, 19 May 2025 13:30:42 +0100 Subject: [PATCH 0525/1548] Change hardcoded error values in ssl-opt to take in the PSA error alias ssl-opt checks for specific error code values in the output, but as MBEDTLS_ERR_ECP_IN_PROGRESS is becoming an alias of PSA_OPERATION_INCOMPLETE then this hardcoded value will change. Therefore allow the result to be either the old mbedtls error, or the new PSA error, as not to break the CI. Signed-off-by: Felix Conway --- tests/ssl-opt.sh | 120 +++++++++++++++++++++++------------------------ 1 file changed, 60 insertions(+), 60 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index cd1cae0ed0..6eefd95724 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9412,10 +9412,10 @@ run_test "EC restart: TLS, default" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1" \ 0 \ - -C "x509_verify_cert.*4b00" \ - -C "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" + -C "x509_verify_cert.*\(4b00\|-248\)" \ + -C "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -C "mbedtls_pk_sign.*\(4b00\|-248\)" requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED @@ -9425,10 +9425,10 @@ run_test "EC restart: TLS, max_ops=0" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=0" \ 0 \ - -C "x509_verify_cert.*4b00" \ - -C "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" + -C "x509_verify_cert.*\(4b00\|-248\)" \ + -C "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -C "mbedtls_pk_sign.*\(4b00\|-248\)" requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED @@ -9438,10 +9438,10 @@ run_test "EC restart: TLS, max_ops=65535" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=65535" \ 0 \ - -C "x509_verify_cert.*4b00" \ - -C "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" + -C "x509_verify_cert.*\(4b00\|-248\)" \ + -C "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -C "mbedtls_pk_sign.*\(4b00\|-248\)" # The following test cases for restartable ECDH come in two variants: # * The "(USE_PSA)" variant expects the current behavior, which is the behavior @@ -9466,10 +9466,10 @@ run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000" \ 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -c "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" + -c "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -c "mbedtls_pk_sign.*\(4b00\|-248\)" # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). @@ -9481,10 +9481,10 @@ run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000" \ 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" + -c "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -c "mbedtls_pk_sign.*\(4b00\|-248\)" # This works the same with & without USE_PSA as we never get to ECDH: # we abort as soon as we determined the cert is bad. @@ -9498,10 +9498,10 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000" \ 1 \ - -c "x509_verify_cert.*4b00" \ - -C "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" \ + -c "x509_verify_cert.*\(4b00\|-248\)" \ + -C "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -C "mbedtls_pk_sign.*\(4b00\|-248\)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ -c "X509 - Certificate verification failed" @@ -9518,10 +9518,10 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_P key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000 auth_mode=optional" \ 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -c "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" \ + -c "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" @@ -9538,10 +9538,10 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA) key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000 auth_mode=optional" \ 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" \ + -c "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" @@ -9558,10 +9558,10 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000 auth_mode=none" \ 0 \ - -C "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -c "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" \ + -C "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" @@ -9578,10 +9578,10 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000 auth_mode=none" \ 0 \ - -C "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" \ + -C "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" @@ -9596,10 +9596,10 @@ run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ dtls=1 debug_level=1 ec_max_ops=1000" \ 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -c "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" + -c "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -c "mbedtls_pk_sign.*\(4b00\|-248\)" # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). @@ -9611,10 +9611,10 @@ run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ dtls=1 debug_level=1 ec_max_ops=1000" \ 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -c "mbedtls_pk_sign.*4b00" + -c "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -c "mbedtls_pk_sign.*\(4b00\|-248\)" # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE @@ -9625,10 +9625,10 @@ run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ debug_level=1 ec_max_ops=1000" \ 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -c "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" + -c "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -C "mbedtls_pk_sign.*\(4b00\|-248\)" # With USE_PSA enabled we expect only partial restartable behaviour: @@ -9640,10 +9640,10 @@ run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ debug_level=1 ec_max_ops=1000" \ 0 \ - -c "x509_verify_cert.*4b00" \ - -c "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" + -c "x509_verify_cert.*\(4b00\|-248\)" \ + -c "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -C "mbedtls_pk_sign.*\(4b00\|-248\)" # Restartable is only for ECDHE-ECDSA, with another ciphersuite we expect no # restartable behaviour at all (not even client auth). @@ -9657,10 +9657,10 @@ run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ debug_level=1 ec_max_ops=1000" \ 0 \ - -C "x509_verify_cert.*4b00" \ - -C "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" + -C "x509_verify_cert.*\(4b00\|-248\)" \ + -C "mbedtls_pk_verify.*\(4b00\|-248\)" \ + -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ + -C "mbedtls_pk_sign.*\(4b00\|-248\)" # Tests of asynchronous private key support in SSL From 92a9bd345ce4aec9a4670ff2584e659f56c4e070 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 May 2025 12:04:26 +0200 Subject: [PATCH 0526/1548] Remove call to pk_decrypt() in ssl_server2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We no longer use decrypt TLS 1.2 (never did in 1.3) so we no longer need this path. Further simplifications could probably be made (we currently have an enum type with only one possible value...) but for now I'm trying to keep changes minimal. Signed-off-by: Manuel Pégourié-Gonnard --- programs/ssl/ssl_server2.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3c9fb7e2e0..42fa8d6ed4 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1140,7 +1140,6 @@ static int ssl_async_set_key(ssl_async_key_context_t *ctx, typedef enum { ASYNC_OP_SIGN, - ASYNC_OP_DECRYPT, } ssl_async_operation_type_t; typedef struct { @@ -1160,7 +1159,6 @@ typedef struct { static const char *const ssl_async_operation_names[] = { "sign", - "decrypt", }; static int ssl_async_start(mbedtls_ssl_context *ssl, @@ -1261,11 +1259,6 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl, } switch (ctx->operation_type) { - case ASYNC_OP_DECRYPT: - ret = mbedtls_pk_decrypt(key_slot->pk, - ctx->input, ctx->input_len, - output, output_len, output_size); - break; case ASYNC_OP_SIGN: ret = mbedtls_pk_sign(key_slot->pk, ctx->md_alg, From 8de781d99d5059bc6abbe5e9fbd618a6075dee68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 19 May 2025 12:21:32 +0200 Subject: [PATCH 0527/1548] Remove redundant free loop MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This version is incomplete. I failed to noticed it when adding a more complete version, making the existing one redundant. Signed-off-by: Manuel Pégourié-Gonnard --- programs/x509/cert_req.c | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 605d78c578..89ab181be6 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -495,6 +495,14 @@ int main(int argc, char *argv[]) #endif } + mbedtls_x509write_csr_free(&req); + mbedtls_pk_free(&key); + mbedtls_ctr_drbg_free(&ctr_drbg); + mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + cur = opt.san_list; while (cur != NULL) { mbedtls_x509_san_list *next = cur->next; @@ -512,22 +520,6 @@ int main(int argc, char *argv[]) cur = next; } - mbedtls_x509write_csr_free(&req); - mbedtls_pk_free(&key); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - cur = opt.san_list; - while (cur != NULL) { - prev = cur; - cur = cur->next; - mbedtls_free(prev); - } - - mbedtls_exit(exit_code); } #endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && From bb8c0aba74c2e6d7b4ab76887b3cf8fb0c6db1bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 19 May 2025 12:28:42 +0200 Subject: [PATCH 0528/1548] Add comment on apparent type mismatch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- programs/x509/cert_req.c | 5 ++++- programs/x509/cert_write.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 89ab181be6..c16ec34987 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -276,7 +276,10 @@ int main(int argc, char *argv[]) /* Work around an API mismatch between string_to_names() and * mbedtls_x509_subject_alternative_name, which holds an * actual mbedtls_x509_name while a pointer to one would be - * more convenient here. */ + * more convenient here. (Note mbedtls_x509_name and + * mbedtls_asn1_named_data are synonymous, again + * string_to_names() uses one while + * cur->node.san.directory_name is nominally the other.) */ mbedtls_asn1_named_data *tmp_san_dirname = NULL; if ((ret = mbedtls_x509_string_to_names(&tmp_san_dirname, subtype_value)) != 0) { diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 268036147d..f29eef0eb0 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -595,7 +595,10 @@ int main(int argc, char *argv[]) /* Work around an API mismatch between string_to_names() and * mbedtls_x509_subject_alternative_name, which holds an * actual mbedtls_x509_name while a pointer to one would be - * more convenient here. */ + * more convenient here. (Note mbedtls_x509_name and + * mbedtls_asn1_named_data are synonymous, again + * string_to_names() uses one while + * cur->node.san.directory_name is nominally the other.) */ mbedtls_asn1_named_data *tmp_san_dirname = NULL; if ((ret = mbedtls_x509_string_to_names(&tmp_san_dirname, subtype_value)) != 0) { From 38317281e91477b6f2b9198fff83579640811473 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 19 May 2025 12:29:11 +0200 Subject: [PATCH 0529/1548] Fix type in ChangeLog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/fix-string-to-names-memory-management.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/fix-string-to-names-memory-management.txt b/ChangeLog.d/fix-string-to-names-memory-management.txt index 1b2198287d..87bc59694f 100644 --- a/ChangeLog.d/fix-string-to-names-memory-management.txt +++ b/ChangeLog.d/fix-string-to-names-memory-management.txt @@ -13,6 +13,6 @@ Security Changes * The function mbedtls_x509_string_to_names() now requires its head argument - to point to NULL on entry. This make it likely that existing risky uses of + to point to NULL on entry. This makes it likely that existing risky uses of this function (see the entry in the Security section) will be detected and fixed. From 6b8f517e4d3e4c5f1860cc8bd11d146d5bc1b6df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 May 2025 11:17:39 +0200 Subject: [PATCH 0530/1548] Avoid a useless copy in cert_{req,write} MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I'm just trying to have a shorter name to avoid repeating a long expression. This is a job for a pointer, not copying a struct. Signed-off-by: Manuel Pégourié-Gonnard --- programs/x509/cert_req.c | 8 ++++---- programs/x509/cert_write.c | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index c16ec34987..e59772ffda 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -514,10 +514,10 @@ int main(int argc, char *argv[]) * where pointers are to the raw certificate, but here all the * pointers were allocated while parsing from a user-provided string. */ if (cur->node.type == MBEDTLS_X509_SAN_DIRECTORY_NAME) { - mbedtls_x509_name dn = cur->node.san.directory_name; - mbedtls_free(dn.oid.p); - mbedtls_free(dn.val.p); - mbedtls_asn1_free_named_data_list(&dn.next); + mbedtls_x509_name *dn = &cur->node.san.directory_name; + mbedtls_free(dn->oid.p); + mbedtls_free(dn->val.p); + mbedtls_asn1_free_named_data_list(&dn->next); } mbedtls_free(cur); cur = next; diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index f29eef0eb0..3cabff4b5a 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -1008,10 +1008,10 @@ int main(int argc, char *argv[]) * where pointers are to the raw certificate, but here all the * pointers were allocated while parsing from a user-provided string. */ if (cur->node.type == MBEDTLS_X509_SAN_DIRECTORY_NAME) { - mbedtls_x509_name dn = cur->node.san.directory_name; - mbedtls_free(dn.oid.p); - mbedtls_free(dn.val.p); - mbedtls_asn1_free_named_data_list(&dn.next); + mbedtls_x509_name *dn = &cur->node.san.directory_name; + mbedtls_free(dn->oid.p); + mbedtls_free(dn->val.p); + mbedtls_asn1_free_named_data_list(&dn->next); } mbedtls_free(cur); cur = next; From 28ef01a3c16077880c2c969ab71529e9ec93ebe7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 23 May 2025 15:03:26 +0200 Subject: [PATCH 0531/1548] library: debug: make mbedtls_debug_print_psa_ec() static Signed-off-by: Valerio Setti --- library/debug.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/debug.c b/library/debug.c index a486353726..febf4444a3 100644 --- a/library/debug.c +++ b/library/debug.c @@ -230,9 +230,9 @@ static void mbedtls_debug_print_ec_coord(const mbedtls_ssl_context *ssl, int lev } } -void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_pk_context *pk) +static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_pk_context *pk) { char str[DEBUG_BUF_SIZE]; const uint8_t *coord_start; From 153a906a5109d4f074b57bdb70e783d681528706 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 23 May 2025 15:08:48 +0200 Subject: [PATCH 0532/1548] library: debug: remove mbedtls_debug_printf_ecdh() The function is not used anywhere and can be removed. Signed-off-by: Valerio Setti --- include/mbedtls/debug.h | 6 ----- library/debug.c | 50 ---------------------------------------- library/debug_internal.h | 33 -------------------------- 3 files changed, 89 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index e6f5dadb14..b6c4e0ecb5 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -51,11 +51,6 @@ #endif /* MBEDTLS_X509_REMOVE_INFO */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_ECDH_C) -#define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) \ - mbedtls_debug_printf_ecdh(ssl, level, __FILE__, __LINE__, ecdh, attr) -#endif - #else /* MBEDTLS_DEBUG_C */ #define MBEDTLS_SSL_DEBUG_MSG(level, args) do { } while (0) @@ -64,7 +59,6 @@ #define MBEDTLS_SSL_DEBUG_MPI(level, text, X) do { } while (0) #define MBEDTLS_SSL_DEBUG_ECP(level, text, X) do { } while (0) #define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0) -#define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) do { } while (0) #endif /* MBEDTLS_DEBUG_C */ diff --git a/library/debug.c b/library/debug.c index febf4444a3..71e0642590 100644 --- a/library/debug.c +++ b/library/debug.c @@ -412,54 +412,4 @@ void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, } #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_REMOVE_INFO */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \ - defined(MBEDTLS_ECDH_C) -static void mbedtls_debug_printf_ecdh_internal(const mbedtls_ssl_context *ssl, - int level, const char *file, - int line, - const mbedtls_ecdh_context *ecdh, - mbedtls_debug_ecdh_attr attr) -{ -#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - const mbedtls_ecdh_context *ctx = ecdh; -#else - const mbedtls_ecdh_context_mbed *ctx = &ecdh->ctx.mbed_ecdh; -#endif - - switch (attr) { - case MBEDTLS_DEBUG_ECDH_Q: - mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Q", - &ctx->Q); - break; - case MBEDTLS_DEBUG_ECDH_QP: - mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Qp", - &ctx->Qp); - break; - case MBEDTLS_DEBUG_ECDH_Z: - mbedtls_debug_print_mpi(ssl, level, file, line, "ECDH: z", - &ctx->z); - break; - default: - break; - } -} - -void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const mbedtls_ecdh_context *ecdh, - mbedtls_debug_ecdh_attr attr) -{ -#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh, attr); -#else - switch (ecdh->var) { - default: - mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh, - attr); - } -#endif -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED && - MBEDTLS_ECDH_C */ - #endif /* MBEDTLS_DEBUG_C */ diff --git a/library/debug_internal.h b/library/debug_internal.h index 4523b4633a..31dd08ded6 100644 --- a/library/debug_internal.h +++ b/library/debug_internal.h @@ -136,37 +136,4 @@ void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, const char *text, const mbedtls_x509_crt *crt); #endif -/* Note: the MBEDTLS_ECDH_C guard here is mandatory because this debug function - only works for the built-in implementation. */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \ - defined(MBEDTLS_ECDH_C) -typedef enum { - MBEDTLS_DEBUG_ECDH_Q, - MBEDTLS_DEBUG_ECDH_QP, - MBEDTLS_DEBUG_ECDH_Z, -} mbedtls_debug_ecdh_attr; - -/** - * \brief Print a field of the ECDH structure in the SSL context to the debug - * output. This function is always used through the - * MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file - * and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param ecdh the ECDH context - * \param attr the identifier of the attribute being output - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const mbedtls_ecdh_context *ecdh, - mbedtls_debug_ecdh_attr attr); -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED && - MBEDTLS_ECDH_C */ - #endif /* MBEDTLS_DEBUG_INTERNAL_H */ From 4a2e7b9ed80595fb29695b89e6552004f769f362 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 23 May 2025 15:15:22 +0200 Subject: [PATCH 0533/1548] tests: suite_x509parse: set PSA max operations in x509_verify_restart() Set also psa_interruptible_set_max_ops() when mbedtls_ecp_set_max_ops() is set so that the same amount of operations will be used both if legacy ECDSA_C or PSA is used under the hood to perform the operation. Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index fae36571b1..7bcac865ec 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -679,6 +679,7 @@ void x509_verify_restart(char *crt_file, char *ca_file, TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); + psa_interruptible_set_max_ops(max_ops); mbedtls_ecp_set_max_ops(max_ops); cnt_restart = 0; From 199a15645dd6508123d60489a2a47ddfaa08a6a7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 May 2025 09:56:27 +0200 Subject: [PATCH 0534/1548] library: debug: make mbedtls_debug_print_ecp() internal Remove the public definition of mbedtls_debug_print_ecp(). The function is only used internally in debug.c, so we can then make the function static. Signed-off-by: Valerio Setti --- include/mbedtls/debug.h | 5 ----- library/debug.c | 6 +++--- library/debug_internal.h | 22 ---------------------- 3 files changed, 3 insertions(+), 30 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index b6c4e0ecb5..b6d4e27052 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -37,11 +37,6 @@ mbedtls_debug_print_mpi(ssl, level, __FILE__, __LINE__, text, X) #endif -#if defined(MBEDTLS_ECP_C) -#define MBEDTLS_SSL_DEBUG_ECP(level, text, X) \ - mbedtls_debug_print_ecp(ssl, level, __FILE__, __LINE__, text, X) -#endif - #if defined(MBEDTLS_X509_CRT_PARSE_C) #if !defined(MBEDTLS_X509_REMOVE_INFO) #define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \ diff --git a/library/debug.c b/library/debug.c index 71e0642590..d36b041d56 100644 --- a/library/debug.c +++ b/library/debug.c @@ -168,9 +168,9 @@ void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, } #if defined(MBEDTLS_ECP_LIGHT) -void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_ecp_point *X) +static void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_ecp_point *X) { char str[DEBUG_BUF_SIZE]; diff --git a/library/debug_internal.h b/library/debug_internal.h index 31dd08ded6..3ffcee12bc 100644 --- a/library/debug_internal.h +++ b/library/debug_internal.h @@ -93,28 +93,6 @@ void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, const char *text, const mbedtls_mpi *X); #endif -#if defined(MBEDTLS_ECP_LIGHT) -/** - * \brief Print an ECP point to the debug output. This function is always - * used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the - * ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text a name or label for the ECP point being output. Normally the - * variable name - * \param X the ECP point - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_ecp_point *X); -#endif - #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) /** * \brief Print a X.509 certificate structure to the debug output. This From ffac311aaf8cc5fbe45447766bfd96c229b4a439 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 May 2025 09:58:02 +0200 Subject: [PATCH 0535/1548] library: debug: fix guards for EC helper functions Move mbedtls_debug_print_ecp(), mbedtls_debug_print_ec_coord() and mbedtls_debug_print_psa_ec() under the same guards as debug_print_pk(). Signed-off-by: Valerio Setti --- library/debug.c | 104 ++++++++++++++++++++++++------------------------ 1 file changed, 52 insertions(+), 52 deletions(-) diff --git a/library/debug.c b/library/debug.c index d36b041d56..8d55b41365 100644 --- a/library/debug.c +++ b/library/debug.c @@ -167,6 +167,58 @@ void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, } } +#if defined(MBEDTLS_BIGNUM_C) +void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_mpi *X) +{ + char str[DEBUG_BUF_SIZE]; + size_t bitlen; + size_t idx = 0; + + if (NULL == ssl || + NULL == ssl->conf || + NULL == ssl->conf->f_dbg || + NULL == X || + level > debug_threshold) { + return; + } + + bitlen = mbedtls_mpi_bitlen(X); + + mbedtls_snprintf(str, sizeof(str), "value of '%s' (%u bits) is:\n", + text, (unsigned) bitlen); + debug_send_line(ssl, level, file, line, str); + + if (bitlen == 0) { + str[0] = ' '; str[1] = '0'; str[2] = '0'; + idx = 3; + } else { + int n; + for (n = (int) ((bitlen - 1) / 8); n >= 0; n--) { + size_t limb_offset = n / sizeof(mbedtls_mpi_uint); + size_t offset_in_limb = n % sizeof(mbedtls_mpi_uint); + unsigned char octet = + (X->p[limb_offset] >> (offset_in_limb * 8)) & 0xff; + mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", octet); + idx += 3; + /* Wrap lines after 16 octets that each take 3 columns */ + if (idx >= 3 * 16) { + mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); + debug_send_line(ssl, level, file, line, str); + idx = 0; + } + } + } + + if (idx != 0) { + mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); + debug_send_line(ssl, level, file, line, str); + } +} +#endif /* MBEDTLS_BIGNUM_C */ + +#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) #if defined(MBEDTLS_ECP_LIGHT) static void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, const char *file, int line, @@ -261,58 +313,6 @@ static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ -#if defined(MBEDTLS_BIGNUM_C) -void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_mpi *X) -{ - char str[DEBUG_BUF_SIZE]; - size_t bitlen; - size_t idx = 0; - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - NULL == X || - level > debug_threshold) { - return; - } - - bitlen = mbedtls_mpi_bitlen(X); - - mbedtls_snprintf(str, sizeof(str), "value of '%s' (%u bits) is:\n", - text, (unsigned) bitlen); - debug_send_line(ssl, level, file, line, str); - - if (bitlen == 0) { - str[0] = ' '; str[1] = '0'; str[2] = '0'; - idx = 3; - } else { - int n; - for (n = (int) ((bitlen - 1) / 8); n >= 0; n--) { - size_t limb_offset = n / sizeof(mbedtls_mpi_uint); - size_t offset_in_limb = n % sizeof(mbedtls_mpi_uint); - unsigned char octet = - (X->p[limb_offset] >> (offset_in_limb * 8)) & 0xff; - mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", octet); - idx += 3; - /* Wrap lines after 16 octets that each take 3 columns */ - if (idx >= 3 * 16) { - mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); - debug_send_line(ssl, level, file, line, str); - idx = 0; - } - } - } - - if (idx != 0) { - mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); - debug_send_line(ssl, level, file, line, str); - } -} -#endif /* MBEDTLS_BIGNUM_C */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const mbedtls_pk_context *pk) From 7f363dfe622d36a5e2591b5577b8da815bb5902a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 May 2025 11:59:32 +0200 Subject: [PATCH 0536/1548] programs: ssl_client2: set max restartable op also in PSA Signed-off-by: Valerio Setti --- programs/ssl/ssl_client2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index bb67c40e19..4b5ea7c5d2 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2172,6 +2172,7 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_ECP_RESTARTABLE) if (opt.ec_max_ops != DFL_EC_MAX_OPS) { + psa_interruptible_set_max_ops(opt.ec_max_ops); mbedtls_ecp_set_max_ops(opt.ec_max_ops); } #endif From 5989da22a9d32cd314411f3f79df4ae580d7d285 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 May 2025 14:35:42 +0200 Subject: [PATCH 0537/1548] Add tests for bug in mbedtls_x509_string_to_names() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The commented out tests cause crashes (in different ways) until the bug is fixed; the first two test are passing already and are here mostly to provide a reference point. The bug report was using programs/x509/cert_write, but string_to_names() is what it was really targetting, which is better for automated tests. The strings used are a minor adapation of those from the report. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_x509write.data | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index e4e08dafc0..e5224218c5 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -254,6 +254,27 @@ mbedtls_x509_string_to_names:"C=NL, O=Of\\CCspark, OU=PolarSSL":"C=NL, O=Of\\CCs X509 String to Names #20 (Reject empty AttributeValue) mbedtls_x509_string_to_names:"C=NL, O=, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0 +# Note: the behaviour is incorrect, output from string->names->string should be +# the same as the input, rather than just the last component, see +# https://github.com/Mbed-TLS/mbedtls/issues/10189 +# Still including tests for the current incorrect behaviour because of the +# variants below where we want to ensure at least that no memory corruption +# happens (which would be a lot worse than just a functional bug). +X509 String to Names (repeated OID) +mbedtls_x509_string_to_names:"CN=ab,CN=cd,CN=ef":"CN=ef":0:0 + +# Note: when a value starts with a # sign, it's treated as the hex encoding of +# the DER encoding of the value. Here, 0400 is a zero-length OCTET STRING. +# The tag actually doesn't matter for our purposes, only the length. +X509 String to Names (repeated OID, 1st is zero-length) +mbedtls_x509_string_to_names:"CN=#0400,CN=cd,CN=ef":"CN=ef":0:0 + +#X509 String to Names (repeated OID, middle is zero-length) +#mbedtls_x509_string_to_names:"CN=ab,CN=#0400,CN=ef":"CN=ef":0:0 + +#X509 String to Names (repeated OID, last is zero-length) +#mbedtls_x509_string_to_names:"CN=ab,CN=cd,CN=#0400":"CN=ef":0:0 + X509 Round trip test (Escaped characters) mbedtls_x509_string_to_names:"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":0:0 From 03a86e783b6bb2a64229e07545b430f2e1239332 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 28 May 2025 12:01:14 +0200 Subject: [PATCH 0538/1548] test: suites: pkcs7/x509parse: add missing PSA_INIT and PSA_DONE Both PKCS7 and X509 rely on PK module under the hood and the latter can use PSA to store keys and perform operations. Therefore psa_crypto_init() must be called before any operation can be done with PKCS7 and X509. Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkcs7.function | 18 ++++++++++++++++-- tests/suites/test_suite_x509parse.function | 8 ++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index e5dc4bd192..0c4a00b9e3 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -33,9 +33,17 @@ static int pkcs7_parse_buffer(unsigned char *pkcs7_buf, int buflen) void pkcs7_asn1_fail(data_t *pkcs7_buf) { int res; + + /* PKCS7 uses X509 which itself relies on PK under the hood and the latter + * can use PSA to store keys and perform operations so psa_crypto_init() + * must be called before. */ + USE_PSA_INIT(); + res = pkcs7_parse_buffer(pkcs7_buf->x, pkcs7_buf->len); TEST_ASSERT(res != MBEDTLS_PKCS7_SIGNED_DATA); +exit: + USE_PSA_DONE(); } /* END_CASE */ @@ -46,6 +54,11 @@ void pkcs7_parse(char *pkcs7_file, int res_expect) size_t buflen; int res; + /* PKCS7 uses X509 which itself relies on PK under the hood and the latter + * can use PSA to store keys and perform operations so psa_crypto_init() + * must be called before. */ + USE_PSA_INIT(); + res = mbedtls_pk_load_file(pkcs7_file, &pkcs7_buf, &buflen); TEST_EQUAL(res, 0); @@ -54,6 +67,7 @@ void pkcs7_parse(char *pkcs7_file, int res_expect) exit: mbedtls_free(pkcs7_buf); + USE_PSA_DONE(); } /* END_CASE */ @@ -77,7 +91,7 @@ void pkcs7_verify(char *pkcs7_file, mbedtls_pkcs7 pkcs7; mbedtls_x509_crt **crts = NULL; - MD_OR_USE_PSA_INIT(); + USE_PSA_INIT(); mbedtls_pkcs7_init(&pkcs7); @@ -166,6 +180,6 @@ exit: mbedtls_free(crts); mbedtls_free(data); mbedtls_free(pkcs7_buf); - MD_OR_USE_PSA_DONE(); + USE_PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 7bcac865ec..8225adb277 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1668,6 +1668,9 @@ void x509_crt_parse_subjectkeyid(char *file, data_t *subjectKeyId, int ref_ret) mbedtls_x509_crt crt; mbedtls_x509_crt_init(&crt); + /* X509 relies on PK under the hood and the latter can use PSA to store keys + * and perform operations so psa_crypto_init() must be called before. */ + USE_PSA_INIT(); TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret); @@ -1682,6 +1685,7 @@ void x509_crt_parse_subjectkeyid(char *file, data_t *subjectKeyId, int ref_ret) exit: mbedtls_x509_crt_free(&crt); + USE_PSA_DONE(); } /* END_CASE */ @@ -1697,6 +1701,9 @@ void x509_crt_parse_authoritykeyid(char *file, char name_buf[128]; mbedtls_x509_crt_init(&crt); + /* X509 relies on PK under the hood and the latter can use PSA to store keys + * and perform operations so psa_crypto_init() must be called before. */ + USE_PSA_INIT(); TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret); @@ -1748,6 +1755,7 @@ void x509_crt_parse_authoritykeyid(char *file, exit: mbedtls_x509_crt_free(&crt); + USE_PSA_DONE(); } /* END_CASE */ From 353eb33d0cea58df345d6b368facf9a04ce9bc4d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 14 May 2025 17:42:53 +0200 Subject: [PATCH 0539/1548] Use TEST_EQUAL(a,b) instead of TEST_ASSERT(a==b) Regexp replacement then `code_style.py --fix`. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 310 +++--- tests/suites/test_suite_ssl.function | 1295 +++++++++++++------------- 2 files changed, 799 insertions(+), 806 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 1eed8abd75..3d4901c092 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -637,7 +637,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, cert->ca_cert, (const unsigned char *) mbedtls_test_cas_der[i], mbedtls_test_cas_der_len[i]); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } /* Load own certificate and private key */ @@ -648,25 +648,25 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, cert->cert, (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, mbedtls_test_srv_crt_rsa_sha256_der_len); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_srv_key_rsa_der, mbedtls_test_srv_key_rsa_der_len, NULL, 0); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } else { ret = mbedtls_x509_crt_parse( cert->cert, (const unsigned char *) mbedtls_test_srv_crt_ec_der, mbedtls_test_srv_crt_ec_der_len); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_srv_key_ec_der, mbedtls_test_srv_key_ec_der_len, NULL, 0); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } } else { if (pk_alg == MBEDTLS_PK_RSA) { @@ -674,25 +674,25 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, cert->cert, (const unsigned char *) mbedtls_test_cli_crt_rsa_der, mbedtls_test_cli_crt_rsa_der_len); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_cli_key_rsa_der, mbedtls_test_cli_key_rsa_der_len, NULL, 0); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } else { ret = mbedtls_x509_crt_parse( cert->cert, (const unsigned char *) mbedtls_test_cli_crt_ec_der, mbedtls_test_cli_crt_ec_len); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_pk_parse_key( cert->pkey, (const unsigned char *) mbedtls_test_cli_key_ec_der, mbedtls_test_cli_key_ec_der_len, NULL, 0); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } } @@ -723,16 +723,16 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, cert->pkey); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_ASSERT(ep->conf.key_cert != NULL); ret = mbedtls_ssl_conf_own_cert(&(ep->conf), NULL, NULL); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_ASSERT(ep->conf.key_cert == NULL); ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, cert->pkey); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ok = 1; @@ -787,9 +787,9 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n); if (dtls_context != NULL) { - TEST_ASSERT(mbedtls_test_message_socket_setup(input_queue, output_queue, - 100, &(ep->socket), - dtls_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(input_queue, output_queue, + 100, &(ep->socket), + dtls_context), 0); } else { mbedtls_test_mock_socket_init(&(ep->socket)); } @@ -812,7 +812,7 @@ int mbedtls_test_ssl_endpoint_init( MBEDTLS_SSL_TRANSPORT_DATAGRAM : MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { if (options->client_min_version != MBEDTLS_SSL_VERSION_UNKNOWN) { @@ -868,7 +868,7 @@ int mbedtls_test_ssl_endpoint_init( #endif ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost"); @@ -902,7 +902,7 @@ int mbedtls_test_ssl_endpoint_init( options->opaque_alg, options->opaque_alg2, options->opaque_usage); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n); mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep); @@ -985,7 +985,7 @@ static int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is * a valid no-op for TLS connections. */ if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0); + TEST_EQUAL(mbedtls_ssl_write(ssl, NULL, 0), 0); } ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written); @@ -1032,7 +1032,7 @@ static int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is * a valid no-op for TLS connections. */ if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0); + TEST_EQUAL(mbedtls_ssl_read(ssl, NULL, 0), 0); } ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read); @@ -1042,7 +1042,7 @@ static int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, } if (expected_fragments == 0) { - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } else if (expected_fragments == 1) { TEST_ASSERT(ret == buf_len || ret == MBEDTLS_ERR_SSL_WANT_READ || @@ -1929,10 +1929,10 @@ int mbedtls_test_ssl_exchange_data( if (expected_fragments_1 == 0) { /* This error is expected when the message is too large and * cannot be fragmented */ - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); msg_len_1 = 0; } else { - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } } @@ -1944,10 +1944,10 @@ int mbedtls_test_ssl_exchange_data( if (expected_fragments_2 == 0) { /* This error is expected when the message is too large and * cannot be fragmented */ - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); msg_len_2 = 0; } else { - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } } @@ -1957,7 +1957,7 @@ int mbedtls_test_ssl_exchange_data( msg_len_2, &read_1, &fragments_2, expected_fragments_2); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } /* ssl_2 reading */ @@ -1966,15 +1966,15 @@ int mbedtls_test_ssl_exchange_data( msg_len_1, &read_2, &fragments_1, expected_fragments_1); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); } } ret = -1; - TEST_ASSERT(0 == memcmp(msg_buf_1, in_buf_2, msg_len_1)); - TEST_ASSERT(0 == memcmp(msg_buf_2, in_buf_1, msg_len_2)); - TEST_ASSERT(fragments_1 == expected_fragments_1); - TEST_ASSERT(fragments_2 == expected_fragments_2); + TEST_EQUAL(0, memcmp(msg_buf_1, in_buf_2, msg_len_1)); + TEST_EQUAL(0, memcmp(msg_buf_2, in_buf_1, msg_len_2)); + TEST_EQUAL(fragments_1, expected_fragments_1); + TEST_EQUAL(fragments_2, expected_fragments_2); } ret = 0; @@ -2026,12 +2026,12 @@ static int check_ssl_version( switch (expected_negotiated_version) { case MBEDTLS_SSL_VERSION_TLS1_2: TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_2); - TEST_ASSERT(strcmp(version_string, "TLSv1.2") == 0); + TEST_EQUAL(strcmp(version_string, "TLSv1.2"), 0); break; case MBEDTLS_SSL_VERSION_TLS1_3: TEST_EQUAL(version_number, MBEDTLS_SSL_VERSION_TLS1_3); - TEST_ASSERT(strcmp(version_string, "TLSv1.3") == 0); + TEST_EQUAL(strcmp(version_string, "TLSv1.3"), 0); break; default: @@ -2142,21 +2142,21 @@ void mbedtls_test_ssl_perform_handshake( /* Client side */ if (options->dtls != 0) { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, - MBEDTLS_SSL_IS_CLIENT, - options, &client_context, - &client_queue, - &server_queue) == 0); + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, + MBEDTLS_SSL_IS_CLIENT, + options, &client_context, + &client_queue, + &server_queue), 0); #if defined(MBEDTLS_TIMING_C) mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, mbedtls_timing_set_delay, mbedtls_timing_get_delay); #endif } else { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, - MBEDTLS_SSL_IS_CLIENT, - options, NULL, NULL, - NULL) == 0); + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, + MBEDTLS_SSL_IS_CLIENT, + options, NULL, NULL, + NULL), 0); } if (strlen(options->cipher) > 0) { @@ -2165,49 +2165,49 @@ void mbedtls_test_ssl_perform_handshake( /* Server side */ if (options->dtls != 0) { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, - MBEDTLS_SSL_IS_SERVER, - options, &server_context, - &server_queue, - &client_queue) == 0); + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, + MBEDTLS_SSL_IS_SERVER, + options, &server_context, + &server_queue, + &client_queue), 0); #if defined(MBEDTLS_TIMING_C) mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, mbedtls_timing_set_delay, mbedtls_timing_get_delay); #endif } else { - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, - MBEDTLS_SSL_IS_SERVER, - options, NULL, NULL, - NULL) == 0); + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, + MBEDTLS_SSL_IS_SERVER, + options, NULL, NULL, + NULL), 0); } mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf), - (unsigned char) options->mfl) - == 0); - TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf), - (unsigned char) options->mfl) - == 0); + TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(server.conf), + (unsigned char) options->mfl), + 0); + TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(client.conf), + (unsigned char) options->mfl), + 0); #else - TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl); + TEST_EQUAL(MBEDTLS_SSL_MAX_FRAG_LEN_NONE, options->mfl); #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (options->psk_str != NULL && options->psk_str->len > 0) { - TEST_ASSERT(mbedtls_ssl_conf_psk( - &client.conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)) == 0); - - TEST_ASSERT(mbedtls_ssl_conf_psk( - &server.conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)) == 0); + TEST_EQUAL(mbedtls_ssl_conf_psk( + &client.conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)), 0); + + TEST_EQUAL(mbedtls_ssl_conf_psk( + &server.conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)), 0); #if defined(MBEDTLS_SSL_SRV_C) mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL); #endif @@ -2227,17 +2227,17 @@ void mbedtls_test_ssl_perform_handshake( } #endif /* MBEDTLS_SSL_RENEGOTIATION */ - TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), - &(server.socket), - BUFFSIZE) == 0); + TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), + &(server.socket), + BUFFSIZE), 0); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) if (options->resize_buffers != 0) { /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); - TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_EQUAL(client.ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(client.ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_EQUAL(server.ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(server.ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); } #endif @@ -2245,17 +2245,17 @@ void mbedtls_test_ssl_perform_handshake( expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; } - TEST_ASSERT(mbedtls_test_move_handshake_to_state(&(client.ssl), - &(server.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER) - == expected_handshake_result); + TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(client.ssl), + &(server.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER), + expected_handshake_result); if (expected_handshake_result != 0) { /* Connection will have failed by this point, skip to cleanup */ goto exit; } - TEST_ASSERT(mbedtls_ssl_is_handshake_over(&client.ssl) == 1); + TEST_EQUAL(mbedtls_ssl_is_handshake_over(&client.ssl), 1); /* Make sure server state is moved to HANDSHAKE_OVER also. */ TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server.ssl), @@ -2263,7 +2263,7 @@ void mbedtls_test_ssl_perform_handshake( MBEDTLS_SSL_HANDSHAKE_OVER), 0); - TEST_ASSERT(mbedtls_ssl_is_handshake_over(&server.ssl) == 1); + TEST_EQUAL(mbedtls_ssl_is_handshake_over(&server.ssl), 1); /* Check that both sides have negotiated the expected version. */ mbedtls_test_set_step(0); if (!check_ssl_version(options->expected_negotiated_version, @@ -2286,48 +2286,48 @@ void mbedtls_test_ssl_perform_handshake( if (options->resize_buffers != 0) { /* A server, when using DTLS, might delay a buffer resize to happen * after it receives a message, so we force it. */ - TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); + TEST_EQUAL(exchange_data(&(client.ssl), &(server.ssl)), 0); - TEST_ASSERT(client.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&client.ssl)); - TEST_ASSERT(client.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&client.ssl)); - TEST_ASSERT(server.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_ASSERT(server.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&server.ssl)); + TEST_EQUAL(client.ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&client.ssl)); + TEST_EQUAL(client.ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&client.ssl)); + TEST_EQUAL(server.ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&server.ssl)); + TEST_EQUAL(server.ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&server.ssl)); } #endif if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { /* Start data exchanging test */ - TEST_ASSERT(mbedtls_test_ssl_exchange_data( - &(client.ssl), options->cli_msg_len, - options->expected_cli_fragments, - &(server.ssl), options->srv_msg_len, - options->expected_srv_fragments) - == 0); + TEST_EQUAL(mbedtls_test_ssl_exchange_data( + &(client.ssl), options->cli_msg_len, + options->expected_cli_fragments, + &(server.ssl), options->srv_msg_len, + options->expected_srv_fragments), + 0); } #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) if (options->serialize == 1) { - TEST_ASSERT(options->dtls == 1); + TEST_EQUAL(options->dtls, 1); - TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), NULL, - 0, &context_buf_len) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + TEST_EQUAL(mbedtls_ssl_context_save(&(server.ssl), NULL, + 0, &context_buf_len), + MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); context_buf = mbedtls_calloc(1, context_buf_len); TEST_ASSERT(context_buf != NULL); - TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf, - context_buf_len, - &context_buf_len) - == 0); + TEST_EQUAL(mbedtls_ssl_context_save(&(server.ssl), context_buf, + context_buf_len, + &context_buf_len), + 0); mbedtls_ssl_free(&(server.ssl)); mbedtls_ssl_init(&(server.ssl)); - TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0); + TEST_EQUAL(mbedtls_ssl_setup(&(server.ssl), &(server.conf)), 0); mbedtls_ssl_set_bio(&(server.ssl), &server_context, mbedtls_test_mock_tcp_send_msg, @@ -2344,30 +2344,30 @@ void mbedtls_test_ssl_perform_handshake( #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) if (options->resize_buffers != 0) { /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_EQUAL(server.ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(server.ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); } #endif - TEST_ASSERT(mbedtls_ssl_context_load(&(server.ssl), context_buf, - context_buf_len) == 0); + TEST_EQUAL(mbedtls_ssl_context_load(&(server.ssl), context_buf, + context_buf_len), 0); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) /* Validate buffer sizes after context deserialization */ if (options->resize_buffers != 0) { - TEST_ASSERT(server.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_ASSERT(server.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&server.ssl)); + TEST_EQUAL(server.ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&server.ssl)); + TEST_EQUAL(server.ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&server.ssl)); } #endif /* Retest writing/reading */ if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { - TEST_ASSERT(mbedtls_test_ssl_exchange_data( - &(client.ssl), options->cli_msg_len, - options->expected_cli_fragments, - &(server.ssl), options->srv_msg_len, - options->expected_srv_fragments) - == 0); + TEST_EQUAL(mbedtls_test_ssl_exchange_data( + &(client.ssl), options->cli_msg_len, + options->expected_cli_fragments, + &(server.ssl), options->srv_msg_len, + options->expected_srv_fragments), + 0); } } #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ @@ -2375,24 +2375,24 @@ void mbedtls_test_ssl_perform_handshake( #if defined(MBEDTLS_SSL_RENEGOTIATION) if (options->renegotiate) { /* Start test with renegotiation */ - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_INITIAL_HANDSHAKE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_INITIAL_HANDSHAKE); + TEST_EQUAL(server.ssl.renego_status, + MBEDTLS_SSL_INITIAL_HANDSHAKE); + TEST_EQUAL(client.ssl.renego_status, + MBEDTLS_SSL_INITIAL_HANDSHAKE); /* After calling this function for the server, it only sends a handshake * request. All renegotiation should happen during data exchanging */ - TEST_ASSERT(mbedtls_ssl_renegotiate(&(server.ssl)) == 0); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_PENDING); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_INITIAL_HANDSHAKE); - - TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_EQUAL(mbedtls_ssl_renegotiate(&(server.ssl)), 0); + TEST_EQUAL(server.ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_PENDING); + TEST_EQUAL(client.ssl.renego_status, + MBEDTLS_SSL_INITIAL_HANDSHAKE); + + TEST_EQUAL(exchange_data(&(client.ssl), &(server.ssl)), 0); + TEST_EQUAL(server.ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_EQUAL(client.ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); /* After calling mbedtls_ssl_renegotiate for the client, * all renegotiation should happen inside this function. @@ -2404,34 +2404,34 @@ void mbedtls_test_ssl_perform_handshake( #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) if (options->resize_buffers != 0) { /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_EQUAL(client.ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(client.ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); } #endif TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); - - TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0); - TEST_ASSERT(server.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_ASSERT(client.ssl.renego_status == - MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_EQUAL(server.ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_EQUAL(client.ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); + + TEST_EQUAL(exchange_data(&(client.ssl), &(server.ssl)), 0); + TEST_EQUAL(server.ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_EQUAL(client.ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) /* Validate buffer sizes after renegotiation */ if (options->resize_buffers != 0) { - TEST_ASSERT(client.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&client.ssl)); - TEST_ASSERT(client.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&client.ssl)); - TEST_ASSERT(server.ssl.out_buf_len == - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_ASSERT(server.ssl.in_buf_len == - mbedtls_ssl_get_input_buflen(&server.ssl)); + TEST_EQUAL(client.ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&client.ssl)); + TEST_EQUAL(client.ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&client.ssl)); + TEST_EQUAL(server.ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&server.ssl)); + TEST_EQUAL(server.ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&server.ssl)); } #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ } diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 4567dbdadb..bebb2c8cf4 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -435,50 +435,41 @@ void test_callback_buffer_sanity() memset(input, 0, sizeof(input)); /* Make sure calling put and get on NULL buffer results in error. */ - TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, input, sizeof(input)) - == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output)) - == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input)) - == -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(NULL, input, sizeof(input)), -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output)), -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input)), -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, 0) == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, NULL, 0) == -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(NULL, NULL, 0), -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_get(NULL, NULL, 0), -1); /* Make sure calling put and get on a buffer that hasn't been set up results * in error. */ - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) - == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output)) - == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) - == -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)), -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output)), -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)), -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, 0), -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, NULL, 0), -1); /* Make sure calling put and get on NULL input only results in * error if the length is not zero, and that a NULL output is valid for data * dropping. */ - TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)) == 0); + TEST_EQUAL(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)), 0); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)) - == -1); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output)) - == 0); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == 0); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == 0); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input)), -1); + TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output)), 0); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, NULL, 0), 0); + TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, NULL, 0), 0); /* Make sure calling put several times in the row is safe */ - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)) - == sizeof(input)); - TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, 2) == 2); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 1); - TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 0); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input)), sizeof(input)); + TEST_EQUAL(mbedtls_test_ssl_buffer_get(&buf, output, 2), 2); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, 1), 1); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, 2), 1); + TEST_EQUAL(mbedtls_test_ssl_buffer_put(&buf, input, 2), 0); exit: @@ -519,7 +510,7 @@ void test_callback_buffer(int size, int put1, int put1_ret, mbedtls_test_ssl_buffer_init(&buf); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, size) == 0); + TEST_EQUAL(mbedtls_test_ssl_buffer_setup(&buf, size), 0); /* Check the sanity of input parameters and initialise local variables. That * is, ensure that the amount of data is not negative and that we are not @@ -578,17 +569,16 @@ void test_callback_buffer(int size, int put1, int put1_ret, written = read = 0; for (j = 0; j < ROUNDS; j++) { - TEST_ASSERT(put_ret[j] == mbedtls_test_ssl_buffer_put(&buf, - input + written, put[j])); + TEST_EQUAL(put_ret[j], mbedtls_test_ssl_buffer_put(&buf, + input + written, put[j])); written += put_ret[j]; - TEST_ASSERT(get_ret[j] == mbedtls_test_ssl_buffer_get(&buf, - output + read, get[j])); + TEST_EQUAL(get_ret[j], mbedtls_test_ssl_buffer_get(&buf, + output + read, get[j])); read += get_ret[j]; TEST_ASSERT(read <= written); if (get_ret[j] > 0) { - TEST_ASSERT(memcmp(output + read - get_ret[j], - input + read - get_ret[j], get_ret[j]) - == 0); + TEST_EQUAL(memcmp(output + read - get_ret[j], + input + read - get_ret[j], get_ret[j]), 0); } } @@ -673,8 +663,8 @@ void ssl_mock_tcp(int blocking) } /* Make sure that sending a message takes a few iterations. */ - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - BUFLEN)); + TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, + BUFLEN)); /* Send the message to the server */ send_ret = recv_ret = 1; @@ -690,9 +680,9 @@ void ssl_mock_tcp(int blocking) if (send_ret == BUFLEN) { int blocking_ret = send(&client, message, 1); if (blocking) { - TEST_ASSERT(blocking_ret == 0); + TEST_EQUAL(blocking_ret, 0); } else { - TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE); + TEST_EQUAL(blocking_ret, MBEDTLS_ERR_SSL_WANT_WRITE); } } @@ -704,9 +694,9 @@ void ssl_mock_tcp(int blocking) TEST_ASSERT(recv_ret <= BUFLEN); read += recv_ret; } else if (blocking) { - TEST_ASSERT(recv_ret == 0); + TEST_EQUAL(recv_ret, 0); } else { - TEST_ASSERT(recv_ret == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(recv_ret, MBEDTLS_ERR_SSL_WANT_READ); recv_ret = 0; } @@ -714,13 +704,13 @@ void ssl_mock_tcp(int blocking) if (recv_ret == BUFLEN) { int blocking_ret = recv(&server, received, 1); if (blocking) { - TEST_ASSERT(blocking_ret == 0); + TEST_EQUAL(blocking_ret, 0); } else { - TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(blocking_ret, MBEDTLS_ERR_SSL_WANT_READ); } } } - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); exit: mbedtls_test_mock_socket_close(&client); @@ -774,8 +764,8 @@ void ssl_mock_tcp_interleaving(int blocking) } /* Make sure that sending a message takes a few iterations. */ - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - BUFLEN)); + TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, + BUFLEN)); /* Send the message from both sides, interleaving. */ progress = 1; @@ -803,9 +793,9 @@ void ssl_mock_tcp_interleaving(int blocking) if (send_ret[i] == BUFLEN) { int blocking_ret = send(socket, message[i], 1); if (blocking) { - TEST_ASSERT(blocking_ret == 0); + TEST_EQUAL(blocking_ret, 0); } else { - TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_WRITE); + TEST_EQUAL(blocking_ret, MBEDTLS_ERR_SSL_WANT_WRITE); } } } @@ -823,9 +813,9 @@ void ssl_mock_tcp_interleaving(int blocking) TEST_ASSERT(recv_ret[i] <= BUFLEN); read[i] += recv_ret[i]; } else if (blocking) { - TEST_ASSERT(recv_ret[i] == 0); + TEST_EQUAL(recv_ret[i], 0); } else { - TEST_ASSERT(recv_ret[i] == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(recv_ret[i], MBEDTLS_ERR_SSL_WANT_READ); recv_ret[i] = 0; } @@ -834,9 +824,9 @@ void ssl_mock_tcp_interleaving(int blocking) if (recv_ret[i] == BUFLEN) { int blocking_ret = recv(socket, received[i], 1); if (blocking) { - TEST_ASSERT(blocking_ret == 0); + TEST_EQUAL(blocking_ret, 0); } else { - TEST_ASSERT(blocking_ret == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(blocking_ret, MBEDTLS_ERR_SSL_WANT_READ); } } } @@ -848,7 +838,7 @@ void ssl_mock_tcp_interleaving(int blocking) } for (i = 0; i < ROUNDS; i++) { - TEST_ASSERT(memcmp(message[i], received[i], MSGLEN) == 0); + TEST_EQUAL(memcmp(message[i], received[i], MSGLEN), 0); } exit: @@ -865,14 +855,14 @@ void ssl_message_queue_sanity() USE_PSA_INIT(); /* Trying to push/pull to an empty queue */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(NULL, 1) - == MBEDTLS_TEST_ERROR_ARG_NULL); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(NULL, 1) - == MBEDTLS_TEST_ERROR_ARG_NULL); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(NULL, 1), + MBEDTLS_TEST_ERROR_ARG_NULL); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(NULL, 1), + MBEDTLS_TEST_ERROR_ARG_NULL); - TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); - TEST_ASSERT(queue.capacity == 3); - TEST_ASSERT(queue.num == 0); + TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3), 0); + TEST_EQUAL(queue.capacity, 3); + TEST_EQUAL(queue.num, 0); exit: mbedtls_test_ssl_message_queue_free(&queue); @@ -886,22 +876,22 @@ void ssl_message_queue_basic() mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); + TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3), 0); /* Sanity test - 3 pushes and 3 pops with sufficient space */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(queue.capacity == 3); - TEST_ASSERT(queue.num == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(queue.capacity == 3); - TEST_ASSERT(queue.num == 2); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); - TEST_ASSERT(queue.capacity == 3); - TEST_ASSERT(queue.num == 3); - - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1); + TEST_EQUAL(queue.capacity, 3); + TEST_EQUAL(queue.num, 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1); + TEST_EQUAL(queue.capacity, 3); + TEST_EQUAL(queue.num, 2); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 2), 2); + TEST_EQUAL(queue.capacity, 3); + TEST_EQUAL(queue.num, 3); + + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 2), 2); exit: mbedtls_test_ssl_message_queue_free(&queue); @@ -915,21 +905,21 @@ void ssl_message_queue_overflow_underflow() mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); + TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3), 0); /* 4 pushes (last one with an error), 4 pops (last one with an error) */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) - == MBEDTLS_ERR_SSL_WANT_WRITE); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 2), 2); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 3), + MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 2), 2); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) - == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), + MBEDTLS_ERR_SSL_WANT_READ); exit: mbedtls_test_ssl_message_queue_free(&queue); @@ -943,29 +933,29 @@ void ssl_message_queue_interleaved() mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT; USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0); + TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 3), 0); /* Interleaved test - [2 pushes, 1 pop] twice, and then two pops * (to wrap around the buffer) */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 1), 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) == 3); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 2), 2); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 3), 3); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 1), 1); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 2), 2); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 5) == 5); - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 8) == 8); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 5), 5); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, 8), 8); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 3) == 3); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 3), 3); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 5) == 5); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 5), 5); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 8) == 8); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, 8), 8); exit: mbedtls_test_ssl_message_queue_free(&queue); @@ -981,13 +971,13 @@ void ssl_message_queue_insufficient_buffer() size_t buffer_len = 5; USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 1) == 0); + TEST_EQUAL(mbedtls_test_ssl_message_queue_setup(&queue, 1), 0); /* Popping without a sufficient buffer */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, message_len) - == (int) message_len); - TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, buffer_len) - == (int) buffer_len); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&queue, message_len), + (int) message_len); + TEST_EQUAL(mbedtls_test_ssl_message_queue_pop_info(&queue, buffer_len), + (int) buffer_len); exit: mbedtls_test_ssl_message_queue_free(&queue); USE_PSA_DONE(); @@ -1007,40 +997,40 @@ void ssl_message_mock_uninitialized() USE_PSA_INIT(); /* Send with a NULL context */ - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(NULL, message, MSGLEN) - == MBEDTLS_TEST_ERROR_CONTEXT_ERROR); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(NULL, message, MSGLEN), + MBEDTLS_TEST_ERROR_CONTEXT_ERROR); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN) - == MBEDTLS_TEST_ERROR_CONTEXT_ERROR); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN), + MBEDTLS_TEST_ERROR_CONTEXT_ERROR); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 1, - &server, - &server_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 1, + &server, + &server_context), 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 1, - &client, - &client_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 1, + &client, + &client_context), 0); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MBEDTLS_TEST_ERROR_SEND_FAILED); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), + MBEDTLS_TEST_ERROR_SEND_FAILED); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MBEDTLS_ERR_SSL_WANT_READ); /* Push directly to a queue to later simulate a disconnected behavior */ - TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&server_queue, - MSGLEN) - == MSGLEN); + TEST_EQUAL(mbedtls_test_ssl_message_queue_push_info(&server_queue, + MSGLEN), + MSGLEN); /* Test if there's an error when trying to read from a disconnected * socket */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MBEDTLS_TEST_ERROR_RECV_FAILED); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MBEDTLS_TEST_ERROR_RECV_FAILED); exit: mbedtls_test_message_socket_close(&server_context); mbedtls_test_message_socket_close(&client_context); @@ -1062,46 +1052,46 @@ void ssl_message_mock_basic() mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 1, - &server, - &server_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 1, + &server, + &server_context), 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 1, - &client, - &client_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 1, + &client, + &client_context), 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN)); + TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN)); /* Send the message to the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), MSGLEN); /* Read from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); memset(received, 0, MSGLEN); /* Send the message to the client */ - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, - MSGLEN) - == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&server_context, message, + MSGLEN), + MSGLEN); /* Read from the client */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, - MSGLEN) - == MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received, + MSGLEN), + MSGLEN); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); exit: mbedtls_test_message_socket_close(&server_context); @@ -1124,51 +1114,51 @@ void ssl_message_mock_queue_overflow_underflow() mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 2, - &server, - &server_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 2, + &server, + &server_context), 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 2, - &client, - &client_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 2, + &client, + &client_context), 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN*2)); + TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN*2)); /* Send three message to the server, last one with an error */ - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN - 1) - == MSGLEN - 1); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN - 1), + MSGLEN - 1); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), + MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MBEDTLS_ERR_SSL_WANT_WRITE); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), + MBEDTLS_ERR_SSL_WANT_WRITE); /* Read three messages from the server, last one with an error */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN - 1) - == MSGLEN - 1); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN - 1), + MSGLEN - 1); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MBEDTLS_ERR_SSL_WANT_READ); exit: mbedtls_test_message_socket_close(&server_context); @@ -1191,39 +1181,39 @@ void ssl_message_mock_socket_overflow() mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 2, - &server, - &server_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 2, + &server, + &server_context), 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 2, - &client, - &client_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 2, + &client, + &client_context), 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN)); + TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN)); /* Send two message to the server, second one with an error */ - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), + MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MBEDTLS_TEST_ERROR_SEND_FAILED); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), + MBEDTLS_TEST_ERROR_SEND_FAILED); /* Read the only message from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); exit: mbedtls_test_message_socket_close(&server_context); @@ -1246,15 +1236,15 @@ void ssl_message_mock_truncated() mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 2, - &server, - &server_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 2, + &server, + &server_context), 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 2, - &client, - &client_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 2, + &client, + &client_context), 0); memset(received, 0, MSGLEN); /* Fill up the buffer with structured data so that unwanted changes @@ -1262,35 +1252,35 @@ void ssl_message_mock_truncated() for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - 2 * MSGLEN)); + TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, + 2 * MSGLEN)); /* Send two messages to the server, the second one small enough to fit in the * receiver's buffer. */ - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN / 2) - == MSGLEN / 2); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), + MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN / 2), + MSGLEN / 2); /* Read a truncated message from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN/2) - == MSGLEN/2); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN/2), + MSGLEN/2); /* Test that the first half of the message is valid, and second one isn't */ - TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN/2), 0); TEST_ASSERT(memcmp(message + MSGLEN/2, received + MSGLEN/2, MSGLEN/2) != 0); memset(received, 0, MSGLEN); /* Read a full message from the server */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN/2) - == MSGLEN / 2); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN/2), + MSGLEN / 2); /* Test that the first half of the message is valid */ - TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN/2), 0); exit: mbedtls_test_message_socket_close(&server_context); @@ -1313,33 +1303,33 @@ void ssl_message_mock_socket_read_error() mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 1, - &server, - &server_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 1, + &server, + &server_context), 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 1, - &client, - &client_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 1, + &client, + &client_context), 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN)); + TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN)); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) - == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), + MSGLEN); /* Force a read error by disconnecting the socket by hand */ server.status = 0; - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MBEDTLS_TEST_ERROR_RECV_FAILED); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MBEDTLS_TEST_ERROR_RECV_FAILED); /* Return to a valid state */ server.status = MBEDTLS_MOCK_SOCKET_CONNECTED; @@ -1347,11 +1337,11 @@ void ssl_message_mock_socket_read_error() /* Test that even though the server tried to read once disconnected, the * continuity is preserved */ - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); exit: mbedtls_test_message_socket_close(&server_context); @@ -1374,48 +1364,48 @@ void ssl_message_mock_interleaved_one_way() mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 3, - &server, - &server_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 3, + &server, + &server_context), 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 3, - &client, - &client_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 3, + &client, + &client_context), 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN*3)); + TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN*3)); /* Interleaved test - [2 sends, 1 read] twice, and then two reads * (to wrap around the buffer) */ for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), MSGLEN); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); memset(received, 0, sizeof(received)); } for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); } - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MBEDTLS_ERR_SSL_WANT_READ); exit: mbedtls_test_message_socket_close(&server_context); mbedtls_test_message_socket_close(&client_context); @@ -1437,75 +1427,75 @@ void ssl_message_mock_interleaved_two_ways() mbedtls_test_message_socket_init(&client_context); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue, - &client_queue, 3, - &server, - &server_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&server_queue, + &client_queue, 3, + &server, + &server_context), 0); - TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue, - &server_queue, 3, - &client, - &client_context) == 0); + TEST_EQUAL(mbedtls_test_message_socket_setup(&client_queue, + &server_queue, 3, + &client, + &client_context), 0); /* Fill up the buffer with structured data so that unwanted changes * can be detected */ for (i = 0; i < MSGLEN; i++) { message[i] = i & 0xFF; } - TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, - MSGLEN*3)); + TEST_EQUAL(0, mbedtls_test_mock_socket_connect(&client, &server, + MSGLEN*3)); /* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads * (to wrap around the buffer) both ways. */ for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&client_context, message, + MSGLEN), MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&server_context, message, + MSGLEN), MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_send_msg(&server_context, message, + MSGLEN), MSGLEN); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); memset(received, 0, sizeof(received)); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received, + MSGLEN), MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); memset(received, 0, sizeof(received)); } for (i = 0; i < 2; i++) { - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); memset(received, 0, sizeof(received)); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, - MSGLEN) == MSGLEN); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received, + MSGLEN), MSGLEN); - TEST_ASSERT(memcmp(message, received, MSGLEN) == 0); + TEST_EQUAL(memcmp(message, received, MSGLEN), 0); memset(received, 0, sizeof(received)); } - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received, - MSGLEN) - == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&server_context, received, + MSGLEN), + MBEDTLS_ERR_SSL_WANT_READ); - TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received, - MSGLEN) - == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(mbedtls_test_mock_tcp_recv_msg(&client_context, received, + MSGLEN), + MBEDTLS_ERR_SSL_WANT_READ); exit: mbedtls_test_message_socket_close(&server_context); mbedtls_test_message_socket_close(&client_context); @@ -1524,12 +1514,12 @@ void ssl_dtls_replay(data_t *prevs, data_t *new, int ret) mbedtls_ssl_config_init(&conf); MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT) == 0); + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_DATAGRAM, + MBEDTLS_SSL_PRESET_DEFAULT), 0); - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); + TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); /* Read previous record numbers */ for (len = 0; len < prevs->len; len += 6) { @@ -1539,7 +1529,7 @@ void ssl_dtls_replay(data_t *prevs, data_t *new, int ret) /* Check new number */ memcpy(ssl.in_ctr + 2, new->x, 6); - TEST_ASSERT(mbedtls_ssl_dtls_replay_check(&ssl) == ret); + TEST_EQUAL(mbedtls_ssl_dtls_replay_check(&ssl), ret); exit: mbedtls_ssl_free(&ssl); @@ -1557,13 +1547,13 @@ void ssl_set_hostname_twice(char *input_hostname0, char *input_hostname1) mbedtls_ssl_init(&ssl); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, input_hostname0) == 0); + TEST_EQUAL(mbedtls_ssl_set_hostname(&ssl, input_hostname0), 0); output_hostname = mbedtls_ssl_get_hostname(&ssl); - TEST_ASSERT(strcmp(input_hostname0, output_hostname) == 0); + TEST_EQUAL(strcmp(input_hostname0, output_hostname), 0); - TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, input_hostname1) == 0); + TEST_EQUAL(mbedtls_ssl_set_hostname(&ssl, input_hostname1), 0); output_hostname = mbedtls_ssl_get_hostname(&ssl); - TEST_ASSERT(strcmp(input_hostname1, output_hostname) == 0); + TEST_EQUAL(strcmp(input_hostname1, output_hostname), 0); exit: mbedtls_ssl_free(&ssl); @@ -1601,7 +1591,7 @@ void ssl_crypt_record(int cipher_type, int hash_id, (size_t) cid0_len, (size_t) cid1_len); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_CALLOC(buf, buflen); @@ -1660,7 +1650,7 @@ void ssl_crypt_record(int cipher_type, int hash_id, /* DTLS 1.2 + CID hides the real content type and * uses a special CID content type in the protected * record. Double-check this. */ - TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID); + TEST_EQUAL(rec.type, MBEDTLS_SSL_MSG_CID); } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -1669,24 +1659,24 @@ void ssl_crypt_record(int cipher_type, int hash_id, /* TLS 1.3 hides the real content type and * always uses Application Data as the content type * for protected records. Double-check this. */ - TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA); + TEST_EQUAL(rec.type, MBEDTLS_SSL_MSG_APPLICATION_DATA); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ /* Decrypt record with t_dec */ ret = mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); /* Compare results */ - TEST_ASSERT(rec.type == rec_backup.type); - TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0); - TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]); - TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]); - TEST_ASSERT(rec.data_len == rec_backup.data_len); - TEST_ASSERT(rec.data_offset == rec_backup.data_offset); - TEST_ASSERT(memcmp(rec.buf + rec.data_offset, - rec_backup.buf + rec_backup.data_offset, - rec.data_len) == 0); + TEST_EQUAL(rec.type, rec_backup.type); + TEST_EQUAL(memcmp(rec.ctr, rec_backup.ctr, 8), 0); + TEST_EQUAL(rec.ver[0], rec_backup.ver[0]); + TEST_EQUAL(rec.ver[1], rec_backup.ver[1]); + TEST_EQUAL(rec.data_len, rec_backup.data_len); + TEST_EQUAL(rec.data_offset, rec_backup.data_offset); + TEST_EQUAL(memcmp(rec.buf + rec.data_offset, + rec_backup.buf + rec_backup.data_offset, + rec.data_len), 0); } exit: @@ -1754,7 +1744,7 @@ void ssl_crypt_record_small(int cipher_type, int hash_id, (size_t) cid0_len, (size_t) cid1_len); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_CALLOC(buf, buflen); @@ -1819,7 +1809,7 @@ void ssl_crypt_record_small(int cipher_type, int hash_id, /* DTLS 1.2 + CID hides the real content type and * uses a special CID content type in the protected * record. Double-check this. */ - TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_CID); + TEST_EQUAL(rec.type, MBEDTLS_SSL_MSG_CID); } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -1828,26 +1818,26 @@ void ssl_crypt_record_small(int cipher_type, int hash_id, /* TLS 1.3 hides the real content type and * always uses Application Data as the content type * for protected records. Double-check this. */ - TEST_ASSERT(rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA); + TEST_EQUAL(rec.type, MBEDTLS_SSL_MSG_APPLICATION_DATA); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ /* Decrypt record with t_dec */ - TEST_ASSERT(mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec) == 0); + TEST_EQUAL(mbedtls_ssl_decrypt_buf(&ssl, t_dec, &rec), 0); /* Compare results */ - TEST_ASSERT(rec.type == rec_backup.type); - TEST_ASSERT(memcmp(rec.ctr, rec_backup.ctr, 8) == 0); - TEST_ASSERT(rec.ver[0] == rec_backup.ver[0]); - TEST_ASSERT(rec.ver[1] == rec_backup.ver[1]); - TEST_ASSERT(rec.data_len == rec_backup.data_len); - TEST_ASSERT(rec.data_offset == rec_backup.data_offset); - TEST_ASSERT(memcmp(rec.buf + rec.data_offset, - rec_backup.buf + rec_backup.data_offset, - rec.data_len) == 0); + TEST_EQUAL(rec.type, rec_backup.type); + TEST_EQUAL(memcmp(rec.ctr, rec_backup.ctr, 8), 0); + TEST_EQUAL(rec.ver[0], rec_backup.ver[0]); + TEST_EQUAL(rec.ver[1], rec_backup.ver[1]); + TEST_EQUAL(rec.data_len, rec_backup.data_len); + TEST_EQUAL(rec.data_offset, rec_backup.data_offset); + TEST_EQUAL(memcmp(rec.buf + rec.data_offset, + rec_backup.buf + rec_backup.data_offset, + rec.data_len), 0); } - TEST_ASSERT(seen_success == 1); + TEST_EQUAL(seen_success, 1); } exit: @@ -1886,16 +1876,16 @@ void ssl_tls13_hkdf_expand_label(int hash_alg, /* Check sanity of test parameters. */ TEST_ASSERT((size_t) desired_length <= sizeof(dst)); - TEST_ASSERT((size_t) desired_length == expected->len); + TEST_EQUAL((size_t) desired_length, expected->len); PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_hkdf_expand_label( - (psa_algorithm_t) hash_alg, - secret->x, secret->len, - lbl, lbl_len, - ctx->x, ctx->len, - dst, desired_length) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_hkdf_expand_label( + (psa_algorithm_t) hash_alg, + secret->x, secret->len, + lbl, lbl_len, + ctx->x, ctx->len, + dst, desired_length), 0); TEST_MEMORY_COMPARE(dst, (size_t) desired_length, expected->x, (size_t) expected->len); @@ -1919,7 +1909,7 @@ void ssl_tls13_traffic_key_generation(int hash_alg, mbedtls_ssl_key_set keys; /* Check sanity of test parameters. */ - TEST_ASSERT(client_secret->len == server_secret->len); + TEST_EQUAL(client_secret->len, server_secret->len); TEST_ASSERT( expected_client_write_iv->len == expected_server_write_iv->len && expected_client_write_iv->len == (size_t) desired_iv_len); @@ -1984,17 +1974,17 @@ void ssl_tls13_derive_secret(int hash_alg, /* Check sanity of test parameters. */ TEST_ASSERT((size_t) desired_length <= sizeof(dst)); - TEST_ASSERT((size_t) desired_length == expected->len); + TEST_EQUAL((size_t) desired_length, expected->len); PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_derive_secret( - (psa_algorithm_t) hash_alg, - secret->x, secret->len, - lbl, lbl_len, - ctx->x, ctx->len, - already_hashed, - dst, desired_length) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_derive_secret( + (psa_algorithm_t) hash_alg, + secret->x, secret->len, + lbl, lbl_len, + ctx->x, ctx->len, + already_hashed, + dst, desired_length), 0); TEST_MEMORY_COMPARE(dst, desired_length, expected->x, desired_length); @@ -2016,16 +2006,16 @@ void ssl_tls13_exporter(int hash_alg, /* Check sanity of test parameters. */ TEST_ASSERT((size_t) desired_length <= sizeof(dst)); - TEST_ASSERT((size_t) desired_length == expected->len); + TEST_EQUAL((size_t) desired_length, expected->len); PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_exporter( - (psa_algorithm_t) hash_alg, - secret->x, secret->len, - (unsigned char *) label, strlen(label), - (unsigned char *) context_value, strlen(context_value), - dst, desired_length) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_exporter( + (psa_algorithm_t) hash_alg, + secret->x, secret->len, + (unsigned char *) label, strlen(label), + (unsigned char *) context_value, strlen(context_value), + dst, desired_length), 0); TEST_MEMORY_COMPARE(dst, desired_length, expected->x, desired_length); @@ -2055,9 +2045,9 @@ void ssl_tls13_derive_early_secrets(int hash_alg, PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_derive_early_secrets( - alg, secret->x, transcript->x, transcript->len, - &secrets) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_derive_early_secrets( + alg, secret->x, transcript->x, transcript->len, + &secrets), 0); TEST_MEMORY_COMPARE(secrets.client_early_traffic_secret, hash_len, traffic_expected->x, traffic_expected->len); @@ -2089,9 +2079,9 @@ void ssl_tls13_derive_handshake_secrets(int hash_alg, PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_derive_handshake_secrets( - alg, secret->x, transcript->x, transcript->len, - &secrets) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_derive_handshake_secrets( + alg, secret->x, transcript->x, transcript->len, + &secrets), 0); TEST_MEMORY_COMPARE(secrets.client_handshake_traffic_secret, hash_len, client_expected->x, client_expected->len); @@ -2125,9 +2115,9 @@ void ssl_tls13_derive_application_secrets(int hash_alg, PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_derive_application_secrets( - alg, secret->x, transcript->x, transcript->len, - &secrets) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_derive_application_secrets( + alg, secret->x, transcript->x, transcript->len, + &secrets), 0); TEST_MEMORY_COMPARE(secrets.client_application_traffic_secret_N, hash_len, client_expected->x, client_expected->len); @@ -2159,9 +2149,9 @@ void ssl_tls13_derive_resumption_secrets(int hash_alg, PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_derive_resumption_master_secret( - alg, secret->x, transcript->x, transcript->len, - &secrets) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_derive_resumption_master_secret( + alg, secret->x, transcript->x, transcript->len, + &secrets), 0); TEST_MEMORY_COMPARE(secrets.resumption_master_secret, hash_len, resumption_expected->x, resumption_expected->len); @@ -2189,13 +2179,13 @@ void ssl_tls13_create_psk_binder(int hash_alg, PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_create_psk_binder( - NULL, /* SSL context for debugging only */ - alg, - psk->x, psk->len, - psk_type, - transcript->x, - binder) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_create_psk_binder( + NULL, /* SSL context for debugging only */ + alg, + psk->x, psk->len, + psk_type, + transcript->x, + binder), 0); TEST_MEMORY_COMPARE(binder, hash_len, binder_expected->x, binder_expected->len); @@ -2237,8 +2227,8 @@ void ssl_tls13_record_protection(int ciphersuite, other_endpoint = MBEDTLS_SSL_IS_SERVER; } - TEST_ASSERT(server_write_key->len == client_write_key->len); - TEST_ASSERT(server_write_iv->len == client_write_iv->len); + TEST_EQUAL(server_write_key->len, client_write_key->len); + TEST_EQUAL(server_write_iv->len, client_write_iv->len); memcpy(keys.client_write_key, client_write_key->x, client_write_key->len); @@ -2254,12 +2244,12 @@ void ssl_tls13_record_protection(int ciphersuite, MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_populate_transform( - &transform_send, endpoint, - ciphersuite, &keys, NULL) == 0); - TEST_ASSERT(mbedtls_ssl_tls13_populate_transform( - &transform_recv, other_endpoint, - ciphersuite, &keys, NULL) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_populate_transform( + &transform_send, endpoint, + ciphersuite, &keys, NULL), 0); + TEST_EQUAL(mbedtls_ssl_tls13_populate_transform( + &transform_recv, other_endpoint, + ciphersuite, &keys, NULL), 0); /* Make sure we have enough space in the buffer even if * we use more padding than the KAT. */ @@ -2286,14 +2276,14 @@ void ssl_tls13_record_protection(int ciphersuite, memset(&rec.ctr[0], 0, 8); rec.ctr[7] = ctr; - TEST_ASSERT(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec) == 0); + TEST_EQUAL(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec), 0); if (padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) { TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len, ciphertext->x, ciphertext->len); } - TEST_ASSERT(mbedtls_ssl_decrypt_buf(NULL, &transform_recv, &rec) == 0); + TEST_EQUAL(mbedtls_ssl_decrypt_buf(NULL, &transform_recv, &rec), 0); TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len, plaintext->x, plaintext->len); @@ -2315,11 +2305,11 @@ void ssl_tls13_key_evolution(int hash_alg, PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls13_evolve_secret( - (psa_algorithm_t) hash_alg, - secret->len ? secret->x : NULL, - input->len ? input->x : NULL, input->len, - secret_new) == 0); + TEST_EQUAL(mbedtls_ssl_tls13_evolve_secret( + (psa_algorithm_t) hash_alg, + secret->len ? secret->x : NULL, + input->len ? input->x : NULL, input->len, + secret_new), 0); TEST_MEMORY_COMPARE(secret_new, (size_t) expected->len, expected->x, (size_t) expected->len); @@ -2342,13 +2332,13 @@ void ssl_tls_prf(int type, data_t *secret, data_t *random, MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_tls_prf(type, secret->x, secret->len, - label, random->x, random->len, - output, result_str->len) == exp_ret); + TEST_EQUAL(mbedtls_ssl_tls_prf(type, secret->x, secret->len, + label, random->x, random->len, + output, result_str->len), exp_ret); if (exp_ret == 0) { - TEST_ASSERT(mbedtls_test_hexcmp(output, result_str->x, - result_str->len, result_str->len) == 0); + TEST_EQUAL(mbedtls_test_hexcmp(output, result_str->x, + result_str->len, result_str->len), 0); } exit: @@ -2378,94 +2368,94 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, ((void) crt_file); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &original, 0, endpoint_type) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session( + &original, 0, endpoint_type), 0); } #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &original, ticket_len, endpoint_type, crt_file) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session( + &original, ticket_len, endpoint_type, crt_file), 0); } #endif /* Serialize it */ - TEST_ASSERT(mbedtls_ssl_session_save(&original, NULL, 0, &len) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + TEST_EQUAL(mbedtls_ssl_session_save(&original, NULL, 0, &len), + MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); TEST_CALLOC(buf, len); - TEST_ASSERT(mbedtls_ssl_session_save(&original, buf, len, &len) - == 0); + TEST_EQUAL(mbedtls_ssl_session_save(&original, buf, len, &len), + 0); /* Restore session from serialized data */ - TEST_ASSERT(mbedtls_ssl_session_load(&restored, buf, len) == 0); + TEST_EQUAL(mbedtls_ssl_session_load(&restored, buf, len), 0); /* * Make sure both session structures are identical */ #if defined(MBEDTLS_HAVE_TIME) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - TEST_ASSERT(original.start == restored.start); + TEST_EQUAL(original.start, restored.start); } #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) - TEST_ASSERT(original.ticket_creation_time == restored.ticket_creation_time); + TEST_EQUAL(original.ticket_creation_time, restored.ticket_creation_time); #endif #endif /* MBEDTLS_HAVE_TIME */ - TEST_ASSERT(original.tls_version == restored.tls_version); - TEST_ASSERT(original.endpoint == restored.endpoint); - TEST_ASSERT(original.ciphersuite == restored.ciphersuite); + TEST_EQUAL(original.tls_version, restored.tls_version); + TEST_EQUAL(original.endpoint, restored.endpoint); + TEST_EQUAL(original.ciphersuite, restored.ciphersuite); #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - TEST_ASSERT(original.id_len == restored.id_len); - TEST_ASSERT(memcmp(original.id, - restored.id, sizeof(original.id)) == 0); - TEST_ASSERT(memcmp(original.master, - restored.master, sizeof(original.master)) == 0); + TEST_EQUAL(original.id_len, restored.id_len); + TEST_EQUAL(memcmp(original.id, + restored.id, sizeof(original.id)), 0); + TEST_EQUAL(memcmp(original.master, + restored.master, sizeof(original.master)), 0); #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) TEST_ASSERT((original.peer_cert == NULL) == (restored.peer_cert == NULL)); if (original.peer_cert != NULL) { - TEST_ASSERT(original.peer_cert->raw.len == - restored.peer_cert->raw.len); - TEST_ASSERT(memcmp(original.peer_cert->raw.p, - restored.peer_cert->raw.p, - original.peer_cert->raw.len) == 0); + TEST_EQUAL(original.peer_cert->raw.len, + restored.peer_cert->raw.len); + TEST_EQUAL(memcmp(original.peer_cert->raw.p, + restored.peer_cert->raw.p, + original.peer_cert->raw.len), 0); } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - TEST_ASSERT(original.peer_cert_digest_type == - restored.peer_cert_digest_type); - TEST_ASSERT(original.peer_cert_digest_len == - restored.peer_cert_digest_len); + TEST_EQUAL(original.peer_cert_digest_type, + restored.peer_cert_digest_type); + TEST_EQUAL(original.peer_cert_digest_len, + restored.peer_cert_digest_len); TEST_ASSERT((original.peer_cert_digest == NULL) == (restored.peer_cert_digest == NULL)); if (original.peer_cert_digest != NULL) { - TEST_ASSERT(memcmp(original.peer_cert_digest, - restored.peer_cert_digest, - original.peer_cert_digest_len) == 0); + TEST_EQUAL(memcmp(original.peer_cert_digest, + restored.peer_cert_digest, + original.peer_cert_digest_len), 0); } #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - TEST_ASSERT(original.verify_result == restored.verify_result); + TEST_EQUAL(original.verify_result, restored.verify_result); #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - TEST_ASSERT(original.mfl_code == restored.mfl_code); + TEST_EQUAL(original.mfl_code, restored.mfl_code); #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - TEST_ASSERT(original.encrypt_then_mac == restored.encrypt_then_mac); + TEST_EQUAL(original.encrypt_then_mac, restored.encrypt_then_mac); #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - TEST_ASSERT(original.ticket_len == restored.ticket_len); + TEST_EQUAL(original.ticket_len, restored.ticket_len); if (original.ticket_len != 0) { TEST_ASSERT(original.ticket != NULL); TEST_ASSERT(restored.ticket != NULL); - TEST_ASSERT(memcmp(original.ticket, - restored.ticket, original.ticket_len) == 0); + TEST_EQUAL(memcmp(original.ticket, + restored.ticket, original.ticket_len), 0); } - TEST_ASSERT(original.ticket_lifetime == restored.ticket_lifetime); + TEST_EQUAL(original.ticket_lifetime, restored.ticket_lifetime); #endif } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -2473,15 +2463,15 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { #if defined(MBEDTLS_SSL_SESSION_TICKETS) - TEST_ASSERT(original.ticket_age_add == restored.ticket_age_add); - TEST_ASSERT(original.ticket_flags == restored.ticket_flags); - TEST_ASSERT(original.resumption_key_len == restored.resumption_key_len); + TEST_EQUAL(original.ticket_age_add, restored.ticket_age_add); + TEST_EQUAL(original.ticket_flags, restored.ticket_flags); + TEST_EQUAL(original.resumption_key_len, restored.resumption_key_len); if (original.resumption_key_len != 0) { TEST_ASSERT(original.resumption_key != NULL); TEST_ASSERT(restored.resumption_key != NULL); - TEST_ASSERT(memcmp(original.resumption_key, - restored.resumption_key, - original.resumption_key_len) == 0); + TEST_EQUAL(memcmp(original.resumption_key, + restored.resumption_key, + original.resumption_key_len), 0); } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ @@ -2502,16 +2492,16 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, if (endpoint_type == MBEDTLS_SSL_IS_CLIENT) { #if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_HAVE_TIME) - TEST_ASSERT(original.ticket_reception_time == restored.ticket_reception_time); + TEST_EQUAL(original.ticket_reception_time, restored.ticket_reception_time); #endif - TEST_ASSERT(original.ticket_lifetime == restored.ticket_lifetime); - TEST_ASSERT(original.ticket_len == restored.ticket_len); + TEST_EQUAL(original.ticket_lifetime, restored.ticket_lifetime); + TEST_EQUAL(original.ticket_len, restored.ticket_len); if (original.ticket_len != 0) { TEST_ASSERT(original.ticket != NULL); TEST_ASSERT(restored.ticket != NULL); - TEST_ASSERT(memcmp(original.ticket, - restored.ticket, - original.ticket_len) == 0); + TEST_EQUAL(memcmp(original.ticket, + restored.ticket, + original.ticket_len), 0); } #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) TEST_ASSERT(original.hostname != NULL); @@ -2526,12 +2516,12 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_EARLY_DATA) - TEST_ASSERT( - original.max_early_data_size == restored.max_early_data_size); + TEST_EQUAL( + original.max_early_data_size, restored.max_early_data_size); #endif #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - TEST_ASSERT(original.record_size_limit == restored.record_size_limit); + TEST_EQUAL(original.record_size_limit, restored.record_size_limit); #endif exit: @@ -2563,15 +2553,15 @@ void ssl_serialize_session_load_save(int ticket_len, char *crt_file, switch (tls_version) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session( + &session, 0, endpoint_type), 0); break; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, ticket_len, endpoint_type, crt_file) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session( + &session, ticket_len, endpoint_type, crt_file), 0); break; #endif default: @@ -2581,31 +2571,31 @@ void ssl_serialize_session_load_save(int ticket_len, char *crt_file, } /* Get desired buffer size for serializing */ - TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &len0) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + TEST_EQUAL(mbedtls_ssl_session_save(&session, NULL, 0, &len0), + MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); /* Allocate first buffer */ buf1 = mbedtls_calloc(1, len0); TEST_ASSERT(buf1 != NULL); /* Serialize to buffer and free live session */ - TEST_ASSERT(mbedtls_ssl_session_save(&session, buf1, len0, &len1) - == 0); - TEST_ASSERT(len0 == len1); + TEST_EQUAL(mbedtls_ssl_session_save(&session, buf1, len0, &len1), + 0); + TEST_EQUAL(len0, len1); mbedtls_ssl_session_free(&session); /* Restore session from serialized data */ - TEST_ASSERT(mbedtls_ssl_session_load(&session, buf1, len1) == 0); + TEST_EQUAL(mbedtls_ssl_session_load(&session, buf1, len1), 0); /* Allocate second buffer and serialize to it */ buf2 = mbedtls_calloc(1, len0); TEST_ASSERT(buf2 != NULL); - TEST_ASSERT(mbedtls_ssl_session_save(&session, buf2, len0, &len2) - == 0); + TEST_EQUAL(mbedtls_ssl_session_save(&session, buf2, len0, &len2), + 0); /* Make sure both serialized versions are identical */ - TEST_ASSERT(len1 == len2); - TEST_ASSERT(memcmp(buf1, buf2, len1) == 0); + TEST_EQUAL(len1, len2); + TEST_EQUAL(memcmp(buf1, buf2, len1), 0); exit: mbedtls_ssl_session_free(&session); @@ -2636,14 +2626,14 @@ void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file, switch (tls_version) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session( + &session, 0, endpoint_type), 0); break; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, ticket_len, endpoint_type, crt_file) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session( + &session, ticket_len, endpoint_type, crt_file), 0); break; #endif default: @@ -2652,8 +2642,8 @@ void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file, break; } - TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + TEST_EQUAL(mbedtls_ssl_session_save(&session, NULL, 0, &good_len), + MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); /* Try all possible bad lengths */ for (bad_len = 1; bad_len < good_len; bad_len++) { @@ -2661,10 +2651,10 @@ void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file, mbedtls_free(buf); buf = NULL; TEST_CALLOC(buf, bad_len); - TEST_ASSERT(mbedtls_ssl_session_save(&session, buf, bad_len, - &test_len) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - TEST_ASSERT(test_len == good_len); + TEST_EQUAL(mbedtls_ssl_session_save(&session, buf, bad_len, + &test_len), + MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + TEST_EQUAL(test_len, good_len); } exit: @@ -2695,15 +2685,15 @@ void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file, switch (tls_version) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session( + &session, 0, endpoint_type), 0); break; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, ticket_len, endpoint_type, crt_file) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session( + &session, ticket_len, endpoint_type, crt_file), 0); break; #endif @@ -2713,11 +2703,11 @@ void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file, break; } - TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) - == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + TEST_EQUAL(mbedtls_ssl_session_save(&session, NULL, 0, &good_len), + MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); TEST_CALLOC(good_buf, good_len); - TEST_ASSERT(mbedtls_ssl_session_save(&session, good_buf, good_len, - &good_len) == 0); + TEST_EQUAL(mbedtls_ssl_session_save(&session, good_buf, good_len, + &good_len), 0); mbedtls_ssl_session_free(&session); /* Try all possible bad lengths */ @@ -2728,8 +2718,8 @@ void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file, TEST_CALLOC_NONNULL(bad_buf, bad_len); memcpy(bad_buf, good_buf, bad_len); - TEST_ASSERT(mbedtls_ssl_session_load(&session, bad_buf, bad_len) - == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_EQUAL(mbedtls_ssl_session_load(&session, bad_buf, bad_len), + MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } exit: @@ -2764,14 +2754,14 @@ void ssl_session_serialize_version_check(int corrupt_major, switch (tls_version) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session( + &session, 0, endpoint_type), 0); break; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, 0, endpoint_type, NULL) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session( + &session, 0, endpoint_type, NULL), 0); break; #endif @@ -2782,18 +2772,18 @@ void ssl_session_serialize_version_check(int corrupt_major, } /* Infer length of serialized session. */ - TEST_ASSERT(mbedtls_ssl_session_save(&session, - serialized_session, - sizeof(serialized_session), - &serialized_session_len) == 0); + TEST_EQUAL(mbedtls_ssl_session_save(&session, + serialized_session, + sizeof(serialized_session), + &serialized_session_len), 0); mbedtls_ssl_session_free(&session); /* Without any modification, we should be able to successfully * de-serialize the session - double-check that. */ - TEST_ASSERT(mbedtls_ssl_session_load(&session, - serialized_session, - serialized_session_len) == 0); + TEST_EQUAL(mbedtls_ssl_session_load(&session, + serialized_session, + serialized_session_len), 0); mbedtls_ssl_session_free(&session); /* Go through the bytes in the serialized session header and @@ -2812,10 +2802,10 @@ void ssl_session_serialize_version_check(int corrupt_major, *byte ^= corrupted_bit; /* Attempt to deserialize */ - TEST_ASSERT(mbedtls_ssl_session_load(&session, - serialized_session, - serialized_session_len) == - MBEDTLS_ERR_SSL_VERSION_MISMATCH); + TEST_EQUAL(mbedtls_ssl_session_load(&session, + serialized_session, + serialized_session_len), + MBEDTLS_ERR_SSL_VERSION_MISMATCH); /* Undo the change */ *byte ^= corrupted_bit; @@ -2840,15 +2830,15 @@ void ssl_session_id_accessors_check(int tls_version) #if defined(MBEDTLS_SSL_PROTO_TLS1_3) case MBEDTLS_SSL_VERSION_TLS1_3: ciphersuite_id = MBEDTLS_TLS1_3_AES_128_GCM_SHA256; - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, MBEDTLS_SSL_IS_SERVER) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls13_populate_session( + &session, 0, MBEDTLS_SSL_IS_SERVER), 0); break; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: ciphersuite_id = MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256; - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, 0, MBEDTLS_SSL_IS_SERVER, NULL) == 0); + TEST_EQUAL(mbedtls_test_ssl_tls12_populate_session( + &session, 0, MBEDTLS_SSL_IS_SERVER, NULL), 0); break; #endif @@ -2857,15 +2847,18 @@ void ssl_session_id_accessors_check(int tls_version) TEST_ASSERT(0); break; } + + /* We expect pointers to the same strings, not just strings with + * the same content. */ TEST_ASSERT(*mbedtls_ssl_session_get_id(&session) == session.id); - TEST_ASSERT(mbedtls_ssl_session_get_id_len(&session) == session.id_len); + TEST_EQUAL(mbedtls_ssl_session_get_id_len(&session), session.id_len); /* mbedtls_test_ssl_tls1x_populate_session sets a mock suite-id of 0xabcd */ - TEST_ASSERT(mbedtls_ssl_session_get_ciphersuite_id(&session) == 0xabcd); + TEST_EQUAL(mbedtls_ssl_session_get_ciphersuite_id(&session), 0xabcd); /* Test setting a reference id for tls1.3 and tls1.2 */ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); if (ciphersuite_info != NULL) { - TEST_ASSERT(mbedtls_ssl_ciphersuite_get_id(ciphersuite_info) == ciphersuite_id); + TEST_EQUAL(mbedtls_ssl_ciphersuite_get_id(ciphersuite_info), ciphersuite_id); } exit: @@ -2888,15 +2881,15 @@ void mbedtls_endpoint_sanity(int endpoint_type) ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options, NULL, NULL, NULL); - TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); + TEST_EQUAL(MBEDTLS_ERR_SSL_BAD_INPUT_DATA, ret); ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, options.pk_alg, 0, 0, 0); - TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); + TEST_EQUAL(MBEDTLS_ERR_SSL_BAD_INPUT_DATA, ret); ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options, NULL, NULL, NULL); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); exit: mbedtls_test_ssl_endpoint_free(&ep, NULL); @@ -2940,7 +2933,7 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options, NULL, NULL, NULL); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init( &second_ep, @@ -2948,12 +2941,12 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, &options, NULL, NULL, NULL); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&(base_ep.socket), &(second_ep.socket), BUFFSIZE); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_test_move_handshake_to_state(&(base_ep.ssl), &(second_ep.ssl), @@ -2962,7 +2955,7 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_ASSERT(base_ep.ssl.state == state); + TEST_EQUAL(base_ep.ssl.state, state); } else { TEST_ASSERT(ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ && @@ -3415,13 +3408,13 @@ void test_multiple_psks() mbedtls_ssl_config_init(&conf); MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_conf_psk(&conf, - psk0, sizeof(psk0), - psk0_identity, sizeof(psk0_identity)) == 0); - TEST_ASSERT(mbedtls_ssl_conf_psk(&conf, - psk1, sizeof(psk1), - psk1_identity, sizeof(psk1_identity)) == - MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); + TEST_EQUAL(mbedtls_ssl_conf_psk(&conf, + psk0, sizeof(psk0), + psk0_identity, sizeof(psk0_identity)), 0); + TEST_EQUAL(mbedtls_ssl_conf_psk(&conf, + psk1, sizeof(psk1), + psk1_identity, sizeof(psk1_identity)), + MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); exit: mbedtls_ssl_config_free(&conf); @@ -3460,43 +3453,43 @@ void test_multiple_psks_opaque(int mode) switch (mode) { case 0: - TEST_ASSERT(mbedtls_ssl_conf_psk(&conf, - psk0_raw, sizeof(psk0_raw), - psk0_raw_identity, sizeof(psk0_raw_identity)) - == 0); - TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf, - psk1_opaque, - psk1_opaque_identity, - sizeof(psk1_opaque_identity)) - == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); + TEST_EQUAL(mbedtls_ssl_conf_psk(&conf, + psk0_raw, sizeof(psk0_raw), + psk0_raw_identity, sizeof(psk0_raw_identity)), + 0); + TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf, + psk1_opaque, + psk1_opaque_identity, + sizeof(psk1_opaque_identity)), + MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); break; case 1: - TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf, - psk0_opaque, - psk0_opaque_identity, - sizeof(psk0_opaque_identity)) - == 0); - TEST_ASSERT(mbedtls_ssl_conf_psk(&conf, - psk1_raw, sizeof(psk1_raw), - psk1_raw_identity, sizeof(psk1_raw_identity)) - == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); + TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf, + psk0_opaque, + psk0_opaque_identity, + sizeof(psk0_opaque_identity)), + 0); + TEST_EQUAL(mbedtls_ssl_conf_psk(&conf, + psk1_raw, sizeof(psk1_raw), + psk1_raw_identity, sizeof(psk1_raw_identity)), + MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); break; case 2: - TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf, - psk0_opaque, - psk0_opaque_identity, - sizeof(psk0_opaque_identity)) - == 0); - TEST_ASSERT(mbedtls_ssl_conf_psk_opaque(&conf, - psk1_opaque, - psk1_opaque_identity, - sizeof(psk1_opaque_identity)) - == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); + TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf, + psk0_opaque, + psk0_opaque_identity, + sizeof(psk0_opaque_identity)), + 0); + TEST_EQUAL(mbedtls_ssl_conf_psk_opaque(&conf, + psk1_opaque, + psk1_opaque_identity, + sizeof(psk1_opaque_identity)), + MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); break; @@ -3529,7 +3522,7 @@ void conf_version(int endpoint, int transport, mbedtls_ssl_conf_min_tls_version(&conf, min_tls_version); mbedtls_ssl_conf_max_tls_version(&conf, max_tls_version); - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == expected_ssl_setup_result); + TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), expected_ssl_setup_result); TEST_EQUAL(mbedtls_ssl_conf_get_endpoint( mbedtls_ssl_context_get_config(&ssl)), endpoint); @@ -3562,7 +3555,7 @@ void conf_group() mbedtls_ssl_init(&ssl); MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); + TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); TEST_ASSERT(ssl.conf != NULL && ssl.conf->group_list != NULL); @@ -3604,35 +3597,35 @@ void force_bad_session_id_len() mbedtls_test_message_socket_init(&client_context); MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &options, NULL, NULL, - NULL) == 0); + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, + &options, NULL, NULL, + NULL), 0); - TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL) == 0); + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + &options, NULL, NULL, NULL), 0); mbedtls_debug_set_threshold(1); mbedtls_ssl_conf_dbg(&server.conf, options.srv_log_fun, options.srv_log_obj); - TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), - &(server.socket), - BUFFSIZE) == 0); + TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), + &(server.socket), + BUFFSIZE), 0); - TEST_ASSERT(mbedtls_test_move_handshake_to_state( - &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_WRAPUP) - == 0); + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_WRAPUP), + 0); /* Force a bad session_id_len that will be read by the server in * mbedtls_ssl_cache_set. */ server.ssl.session_negotiate->id_len = 33; if (options.cli_msg_len != 0 || options.srv_msg_len != 0) { /* Start data exchanging test */ - TEST_ASSERT(mbedtls_test_ssl_exchange_data( - &(client.ssl), options.cli_msg_len, - options.expected_cli_fragments, - &(server.ssl), options.srv_msg_len, - options.expected_srv_fragments) - == 0); + TEST_EQUAL(mbedtls_test_ssl_exchange_data( + &(client.ssl), options.cli_msg_len, + options.expected_cli_fragments, + &(server.ssl), options.srv_msg_len, + options.expected_srv_fragments), + 0); } /* Make sure that the cache did not store the session */ @@ -3686,7 +3679,7 @@ void timing_final_delay_accessor() USE_PSA_INIT(); mbedtls_timing_set_delay(&delay_context, 50, 100); - TEST_ASSERT(mbedtls_timing_get_final_delay(&delay_context) == 100); + TEST_EQUAL(mbedtls_timing_get_final_delay(&delay_context), 100); exit: USE_PSA_DONE(); @@ -3710,63 +3703,63 @@ void cid_sanity() mbedtls_ssl_config_init(&conf); MD_OR_USE_PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT) - == 0); + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT), + 0); - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); + TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); /* Can't use CID functions with stream transport. */ - TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, - sizeof(own_cid)) - == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, + sizeof(own_cid)), + MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - TEST_ASSERT(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, - &own_cid_len) - == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_EQUAL(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, + &own_cid_len), + MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT) - == 0); + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_DATAGRAM, + MBEDTLS_SSL_PRESET_DEFAULT), + 0); /* Attempt to set config cid size too big. */ - TEST_ASSERT(mbedtls_ssl_conf_cid(&conf, MBEDTLS_SSL_CID_IN_LEN_MAX + 1, - MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) - == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_EQUAL(mbedtls_ssl_conf_cid(&conf, MBEDTLS_SSL_CID_IN_LEN_MAX + 1, + MBEDTLS_SSL_UNEXPECTED_CID_IGNORE), + MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - TEST_ASSERT(mbedtls_ssl_conf_cid(&conf, sizeof(own_cid), - MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) - == 0); + TEST_EQUAL(mbedtls_ssl_conf_cid(&conf, sizeof(own_cid), + MBEDTLS_SSL_UNEXPECTED_CID_IGNORE), + 0); /* Attempt to set CID length not matching config. */ - TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, - MBEDTLS_SSL_CID_IN_LEN_MAX - 1) - == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, + MBEDTLS_SSL_CID_IN_LEN_MAX - 1), + MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, - sizeof(own_cid)) - == 0); + TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_ENABLED, own_cid, + sizeof(own_cid)), + 0); /* Test we get back what we put in. */ - TEST_ASSERT(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, - &own_cid_len) - == 0); + TEST_EQUAL(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, + &own_cid_len), + 0); TEST_EQUAL(cid_enabled, MBEDTLS_SSL_CID_ENABLED); TEST_MEMORY_COMPARE(own_cid, own_cid_len, test_cid, own_cid_len); /* Test disabling works. */ - TEST_ASSERT(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_DISABLED, NULL, - 0) - == 0); + TEST_EQUAL(mbedtls_ssl_set_cid(&ssl, MBEDTLS_SSL_CID_DISABLED, NULL, + 0), + 0); - TEST_ASSERT(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, - &own_cid_len) - == 0); + TEST_EQUAL(mbedtls_ssl_get_own_cid(&ssl, &cid_enabled, test_cid, + &own_cid_len), + 0); TEST_EQUAL(cid_enabled, MBEDTLS_SSL_CID_DISABLED); @@ -3925,8 +3918,8 @@ void tls13_server_certificate_msg_invalid_vector_len() ret = mbedtls_ssl_tls13_parse_certificate(&(client_ep.ssl), buf, end); TEST_EQUAL(ret, expected_result); - TEST_ASSERT(mbedtls_ssl_cmp_chk_buf_ptr_fail_args( - &expected_chk_buf_ptr_args) == 0); + TEST_EQUAL(mbedtls_ssl_cmp_chk_buf_ptr_fail_args( + &expected_chk_buf_ptr_args), 0); mbedtls_ssl_reset_chk_buf_ptr_fail_args(); @@ -4667,7 +4660,7 @@ void tls13_cli_early_data_state(int scenario) break; case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: - TEST_ASSERT(scenario == TEST_EARLY_DATA_HRR); + TEST_EQUAL(scenario, TEST_EARLY_DATA_HRR); TEST_EQUAL(client_ep.ssl.early_data_state, MBEDTLS_SSL_EARLY_DATA_STATE_REJECTED); break; @@ -5068,12 +5061,12 @@ complete_handshake: * this first part of the handshake with HRR. */ if ((scenario == TEST_EARLY_DATA_HRR) && (beyond_first_hello)) { - TEST_ASSERT(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - MBEDTLS_SSL_SERVER_HELLO) == 0); - TEST_ASSERT(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - MBEDTLS_SSL_CLIENT_HELLO) == 0); + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(client_ep.ssl), &(server_ep.ssl), + MBEDTLS_SSL_SERVER_HELLO), 0); + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(client_ep.ssl), &(server_ep.ssl), + MBEDTLS_SSL_CLIENT_HELLO), 0); } TEST_EQUAL(mbedtls_test_move_handshake_to_state( @@ -5239,9 +5232,9 @@ void tls13_cli_max_early_data_size(int max_early_data_size_arg) ret = mbedtls_ssl_handshake(&(server_ep.ssl)); TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); - TEST_ASSERT(mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), MBEDTLS_SSL_HANDSHAKE_OVER) - == 0); + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(client_ep.ssl), &(server_ep.ssl), MBEDTLS_SSL_HANDSHAKE_OVER), + 0); exit: mbedtls_test_ssl_endpoint_free(&client_ep, NULL); @@ -5473,7 +5466,7 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in goto exit; } - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_WANT_READ); + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); TEST_EQUAL(server_pattern.counter, 1); server_pattern.counter = 0; @@ -5548,15 +5541,15 @@ void inject_client_content_on_the_wire(int pk_alg, ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, &options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); + TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, &options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); + TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket, BUFFSIZE); - TEST_EQUAL(ret, 0); + TEST_EQUAL(ret, 0); /* Make the server move to the required state */ ret = mbedtls_test_move_handshake_to_state(&client.ssl, &server.ssl, state); @@ -5573,7 +5566,7 @@ void inject_client_content_on_the_wire(int pk_alg, do { ret = mbedtls_ssl_handshake_step(&server.ssl); } while (ret == 0 && server.ssl.state == state); - TEST_EQUAL(ret, expected_ret); + TEST_EQUAL(ret, expected_ret); TEST_ASSERT(srv_pattern.counter >= 1); exit: @@ -5626,15 +5619,15 @@ void send_large_fragmented_hello(int hs_len_int, int first_frag_content_len_int, ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, &options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); + TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, &options, NULL, NULL, NULL); - TEST_EQUAL(ret, 0); + TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket, BUFFSIZE); - TEST_EQUAL(ret, 0); + TEST_EQUAL(ret, 0); /* Make the server move past the initial dummy state */ ret = mbedtls_test_move_handshake_to_state(&client.ssl, &server.ssl, @@ -5714,7 +5707,7 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int MD_OR_USE_PSA_INIT(); ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_ASSERT(exported_key_length > 0); TEST_CALLOC(key_buffer_server, exported_key_length); @@ -5729,13 +5722,13 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int key_buffer_server, (size_t) exported_key_length, label, sizeof(label), context, sizeof(context), use_context); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, key_buffer_client, (size_t) exported_key_length, label, sizeof(label), context, sizeof(context), use_context); - TEST_ASSERT(ret == 0); - TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, (size_t) exported_key_length) == 0); + TEST_EQUAL(ret, 0); + TEST_EQUAL(memcmp(key_buffer_server, key_buffer_client, (size_t) exported_key_length), 0); exit: mbedtls_test_ssl_endpoint_free(&server_ep, NULL); @@ -5759,7 +5752,7 @@ void ssl_tls_exporter_uses_label(int proto) MD_OR_USE_PSA_INIT(); ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); char label_server[] = "test-label-server"; char label_client[] = "test-label-client"; @@ -5770,12 +5763,12 @@ void ssl_tls_exporter_uses_label(int proto) key_buffer_server, sizeof(key_buffer_server), label_server, sizeof(label_server), context, sizeof(context), 1); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, key_buffer_client, sizeof(key_buffer_client), label_client, sizeof(label_client), context, sizeof(context), 1); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); exit: @@ -5798,7 +5791,7 @@ void ssl_tls_exporter_uses_context(int proto) MD_OR_USE_PSA_INIT(); ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); char label[] = "test-label"; uint8_t key_buffer_server[24] = { 0 }; @@ -5809,12 +5802,12 @@ void ssl_tls_exporter_uses_context(int proto) key_buffer_server, sizeof(key_buffer_server), label, sizeof(label), context_server, sizeof(context_server), 1); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, key_buffer_client, sizeof(key_buffer_client), label, sizeof(label), context_client, sizeof(context_client), 1); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); exit: @@ -5841,7 +5834,7 @@ void ssl_tls13_exporter_uses_length(void) &client_ep, &options, MBEDTLS_SSL_VERSION_TLS1_3); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); char label[] = "test-label"; uint8_t key_buffer_server[16] = { 0 }; @@ -5851,12 +5844,12 @@ void ssl_tls13_exporter_uses_length(void) key_buffer_server, sizeof(key_buffer_server), label, sizeof(label), context, sizeof(context), 1); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, key_buffer_client, sizeof(key_buffer_client), label, sizeof(label), context, sizeof(context), 1); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); exit: @@ -5888,13 +5881,13 @@ void ssl_tls_exporter_rejects_bad_parameters( MD_OR_USE_PSA_INIT(); ret = mbedtls_test_ssl_do_handshake_with_endpoints(&server_ep, &client_ep, &options, proto); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_ssl_export_keying_material(&client_ep.ssl, key_buffer, exported_key_length, label, label_length, context, context_length, 1); - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); exit: mbedtls_test_ssl_endpoint_free(&server_ep, NULL); @@ -5926,13 +5919,13 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, &options, NULL, NULL, NULL); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &options, NULL, NULL, NULL); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&client_ep.socket, &server_ep.socket, BUFFSIZE); - TEST_ASSERT(ret == 0); + TEST_EQUAL(ret, 0); if (check_server) { ret = mbedtls_test_move_handshake_to_state(&server_ep.ssl, &client_ep.ssl, state); @@ -5949,7 +5942,7 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) NULL, 0, 0); /* FIXME: A more appropriate error code should be created for this case. */ - TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); exit: mbedtls_test_ssl_endpoint_free(&server_ep, NULL); From b6bb3fb6efbb45d80ff486b54fb44d3dadc6bd7e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 26 May 2025 21:57:52 +0200 Subject: [PATCH 0540/1548] Flatten out mbedtls_test_ssl_endpoint_certificate structure No behavior change. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 18 ++---- tests/src/test_helpers/ssl_helpers.c | 89 +++++++++++++--------------- 2 files changed, 48 insertions(+), 59 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 95bfdb6633..f712660aae 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -186,15 +186,6 @@ typedef struct mbedtls_test_message_socket_context { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -/* - * Structure with endpoint's certificates for SSL communication tests. - */ -typedef struct mbedtls_test_ssl_endpoint_certificate { - mbedtls_x509_crt *ca_cert; - mbedtls_x509_crt *cert; - mbedtls_pk_context *pkey; -} mbedtls_test_ssl_endpoint_certificate; - /* * Endpoint structure for SSL communication tests. */ @@ -203,7 +194,11 @@ typedef struct mbedtls_test_ssl_endpoint { mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_test_mock_socket socket; - mbedtls_test_ssl_endpoint_certificate cert; + + /* Objects owned by the endpoint */ + mbedtls_x509_crt *ca_chain; + mbedtls_x509_crt *cert; + mbedtls_pk_context *pkey; } mbedtls_test_ssl_endpoint; #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ @@ -432,8 +427,7 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx, #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) /* - * Initializes \p ep_cert structure and assigns it to endpoint - * represented by \p ep. + * Load default CA certificates and endpoint keys into \p ep. * * \retval 0 on success, otherwise error code. */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 3d4901c092..dc34892084 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -579,28 +579,25 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx, */ static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) { - mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert); - if (cert != NULL) { - if (cert->ca_cert != NULL) { - mbedtls_x509_crt_free(cert->ca_cert); - mbedtls_free(cert->ca_cert); - cert->ca_cert = NULL; - } - if (cert->cert != NULL) { - mbedtls_x509_crt_free(cert->cert); - mbedtls_free(cert->cert); - cert->cert = NULL; - } - if (cert->pkey != NULL) { + if (ep->ca_chain != NULL) { + mbedtls_x509_crt_free(ep->ca_chain); + mbedtls_free(ep->ca_chain); + ep->ca_chain = NULL; + } + if (ep->cert != NULL) { + mbedtls_x509_crt_free(ep->cert); + mbedtls_free(ep->cert); + ep->cert = NULL; + } + if (ep->pkey != NULL) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) { - psa_destroy_key(cert->pkey->priv_id); - } -#endif - mbedtls_pk_free(cert->pkey); - mbedtls_free(cert->pkey); - cert->pkey = NULL; + if (mbedtls_pk_get_type(ep->pkey) == MBEDTLS_PK_OPAQUE) { + psa_destroy_key(ep->pkey->priv_id); } +#endif + mbedtls_pk_free(ep->pkey); + mbedtls_free(ep->pkey); + ep->pkey = NULL; } } @@ -612,7 +609,6 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int i = 0; int ret = -1; int ok = 0; - mbedtls_test_ssl_endpoint_certificate *cert = NULL; #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; #endif @@ -621,20 +617,19 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - cert = &(ep->cert); - TEST_CALLOC(cert->ca_cert, 1); - TEST_CALLOC(cert->cert, 1); - TEST_CALLOC(cert->pkey, 1); + TEST_CALLOC(ep->ca_chain, 1); + TEST_CALLOC(ep->cert, 1); + TEST_CALLOC(ep->pkey, 1); - mbedtls_x509_crt_init(cert->ca_cert); - mbedtls_x509_crt_init(cert->cert); - mbedtls_pk_init(cert->pkey); + mbedtls_x509_crt_init(ep->ca_chain); + mbedtls_x509_crt_init(ep->cert); + mbedtls_pk_init(ep->pkey); /* Load the trusted CA */ for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) { ret = mbedtls_x509_crt_parse_der( - cert->ca_cert, + ep->ca_chain, (const unsigned char *) mbedtls_test_cas_der[i], mbedtls_test_cas_der_len[i]); TEST_EQUAL(ret, 0); @@ -645,25 +640,25 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { if (pk_alg == MBEDTLS_PK_RSA) { ret = mbedtls_x509_crt_parse( - cert->cert, + ep->cert, (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, mbedtls_test_srv_crt_rsa_sha256_der_len); TEST_EQUAL(ret, 0); ret = mbedtls_pk_parse_key( - cert->pkey, + ep->pkey, (const unsigned char *) mbedtls_test_srv_key_rsa_der, mbedtls_test_srv_key_rsa_der_len, NULL, 0); TEST_EQUAL(ret, 0); } else { ret = mbedtls_x509_crt_parse( - cert->cert, + ep->cert, (const unsigned char *) mbedtls_test_srv_crt_ec_der, mbedtls_test_srv_crt_ec_der_len); TEST_EQUAL(ret, 0); ret = mbedtls_pk_parse_key( - cert->pkey, + ep->pkey, (const unsigned char *) mbedtls_test_srv_key_ec_der, mbedtls_test_srv_key_ec_der_len, NULL, 0); TEST_EQUAL(ret, 0); @@ -671,25 +666,25 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, } else { if (pk_alg == MBEDTLS_PK_RSA) { ret = mbedtls_x509_crt_parse( - cert->cert, + ep->cert, (const unsigned char *) mbedtls_test_cli_crt_rsa_der, mbedtls_test_cli_crt_rsa_der_len); TEST_EQUAL(ret, 0); ret = mbedtls_pk_parse_key( - cert->pkey, + ep->pkey, (const unsigned char *) mbedtls_test_cli_key_rsa_der, mbedtls_test_cli_key_rsa_der_len, NULL, 0); TEST_EQUAL(ret, 0); } else { ret = mbedtls_x509_crt_parse( - cert->cert, + ep->cert, (const unsigned char *) mbedtls_test_cli_crt_ec_der, mbedtls_test_cli_crt_ec_len); TEST_EQUAL(ret, 0); ret = mbedtls_pk_parse_key( - cert->pkey, + ep->pkey, (const unsigned char *) mbedtls_test_cli_key_ec_der, mbedtls_test_cli_key_ec_der_len, NULL, 0); TEST_EQUAL(ret, 0); @@ -700,7 +695,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, if (opaque_alg != 0) { psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; /* Use a fake key usage to get a successful initial guess for the PSA attributes. */ - TEST_EQUAL(mbedtls_pk_get_psa_attributes(cert->pkey, PSA_KEY_USAGE_SIGN_HASH, + TEST_EQUAL(mbedtls_pk_get_psa_attributes(ep->pkey, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0); /* Then manually usage, alg and alg2 as requested by the test. */ psa_set_key_usage_flags(&key_attr, opaque_usage); @@ -708,10 +703,10 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, if (opaque_alg2 != PSA_ALG_NONE) { psa_set_key_enrollment_algorithm(&key_attr, opaque_alg2); } - TEST_EQUAL(mbedtls_pk_import_into_psa(cert->pkey, &key_attr, &key_slot), 0); - mbedtls_pk_free(cert->pkey); - mbedtls_pk_init(cert->pkey); - TEST_EQUAL(mbedtls_pk_setup_opaque(cert->pkey, key_slot), 0); + TEST_EQUAL(mbedtls_pk_import_into_psa(ep->pkey, &key_attr, &key_slot), 0); + mbedtls_pk_free(ep->pkey); + mbedtls_pk_init(ep->pkey); + TEST_EQUAL(mbedtls_pk_setup_opaque(ep->pkey, key_slot), 0); } #else (void) opaque_alg; @@ -719,10 +714,10 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, (void) opaque_usage; #endif - mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL); + mbedtls_ssl_conf_ca_chain(&(ep->conf), ep->ca_chain, NULL); - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, - cert->pkey); + ret = mbedtls_ssl_conf_own_cert(&(ep->conf), ep->cert, + ep->pkey); TEST_EQUAL(ret, 0); TEST_ASSERT(ep->conf.key_cert != NULL); @@ -730,8 +725,8 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, TEST_EQUAL(ret, 0); TEST_ASSERT(ep->conf.key_cert == NULL); - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert, - cert->pkey); + ret = mbedtls_ssl_conf_own_cert(&(ep->conf), ep->cert, + ep->pkey); TEST_EQUAL(ret, 0); ok = 1; From 35a2d9b65a07b1bf4ae09e9814c7b3581cb92e2c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 26 May 2025 22:17:53 +0200 Subject: [PATCH 0541/1548] Remove testing of mbedtls_ssl_conf_own_cert(NULL) A future commit will test it on its own instead of as part of every positive test. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index dc34892084..f5a8412591 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -716,15 +716,6 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, mbedtls_ssl_conf_ca_chain(&(ep->conf), ep->ca_chain, NULL); - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), ep->cert, - ep->pkey); - TEST_EQUAL(ret, 0); - TEST_ASSERT(ep->conf.key_cert != NULL); - - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), NULL, NULL); - TEST_EQUAL(ret, 0); - TEST_ASSERT(ep->conf.key_cert == NULL); - ret = mbedtls_ssl_conf_own_cert(&(ep->conf), ep->cert, ep->pkey); TEST_EQUAL(ret, 0); From 0677e02b785f8b3e64d85c7d65690520f884b060 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 18:05:20 +0200 Subject: [PATCH 0542/1548] Move timer into the endpoint structure No behavior change. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 3 +++ tests/src/test_helpers/ssl_helpers.c | 20 ++++++-------------- 2 files changed, 9 insertions(+), 14 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index f712660aae..a7bc065bf3 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -194,6 +194,9 @@ typedef struct mbedtls_test_ssl_endpoint { mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_test_mock_socket socket; +#if defined(MBEDTLS_TIMING_C) + mbedtls_timing_delay_context timer; +#endif /* Objects owned by the endpoint */ mbedtls_x509_crt *ca_chain; diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index f5a8412591..90810c55e9 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -786,6 +786,11 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_test_mock_tcp_send_msg, mbedtls_test_mock_tcp_recv_msg, NULL); +#if defined(MBEDTLS_TIMING_C) + mbedtls_ssl_set_timer_cb(&ep->ssl, &ep->timer, + mbedtls_timing_set_delay, + mbedtls_timing_get_delay); +#endif } else { mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket), mbedtls_test_mock_tcp_send_nb, @@ -2100,9 +2105,6 @@ void mbedtls_test_ssl_perform_handshake( #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) const char *psk_identity = "foo"; #endif -#if defined(MBEDTLS_TIMING_C) - mbedtls_timing_delay_context timer_client, timer_server; -#endif #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) unsigned char *context_buf = NULL; size_t context_buf_len; @@ -2133,11 +2135,6 @@ void mbedtls_test_ssl_perform_handshake( options, &client_context, &client_queue, &server_queue), 0); -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif } else { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, @@ -2156,11 +2153,6 @@ void mbedtls_test_ssl_perform_handshake( options, &server_context, &server_queue, &client_queue), 0); -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif } else { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, @@ -2323,7 +2315,7 @@ void mbedtls_test_ssl_perform_handshake( mbedtls_ssl_set_user_data_p(&server.ssl, &server); #if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, + mbedtls_ssl_set_timer_cb(&server.ssl, &server.timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay); #endif From 2744a439778cb748b05a0dd981f992f25d938cf4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 13:27:22 +0200 Subject: [PATCH 0543/1548] Refactor set_ciphersuites to work on the endpoint structure Link the ciphersuite list that's passed to mbedtls_ssl_conf_ciphersuites(), and needs to survive in memory as long as the configuration object is live, in the endpoint structure. This way it doesn't have to be a local variable in mbedtls_test_ssl_do_handshake_with_endpoints(). Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 1 + tests/src/test_helpers/ssl_helpers.c | 49 +++++++++++++++------------- 2 files changed, 28 insertions(+), 22 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index a7bc065bf3..c198bc30c3 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -199,6 +199,7 @@ typedef struct mbedtls_test_ssl_endpoint { #endif /* Objects owned by the endpoint */ + int *ciphersuites; mbedtls_x509_crt *ca_chain; mbedtls_x509_crt *cert; mbedtls_pk_context *pkey; diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 90810c55e9..ac1f1cbdb2 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -914,11 +914,13 @@ void mbedtls_test_ssl_endpoint_free( mbedtls_test_ssl_endpoint *ep, mbedtls_test_message_socket_context *context) { - test_ssl_endpoint_certificate_free(ep); - mbedtls_ssl_free(&(ep->ssl)); mbedtls_ssl_config_free(&(ep->conf)); + mbedtls_free(ep->ciphersuites); + ep->ciphersuites = NULL; + test_ssl_endpoint_certificate_free(ep); + if (context != NULL) { mbedtls_test_message_socket_close(context); } else { @@ -1053,31 +1055,38 @@ static int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher, - int *forced_ciphersuite) +static int set_ciphersuite(mbedtls_test_ssl_endpoint *ep, + const char *cipher) { - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher); - forced_ciphersuite[1] = 0; + if (cipher == NULL || cipher[0] == 0) { + return 1; + } - ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id(forced_ciphersuite[0]); + int ok = 0; + + TEST_CALLOC(ep->ciphersuites, 2); + ep->ciphersuites[0] = mbedtls_ssl_get_ciphersuite_id(cipher); + ep->ciphersuites[1] = 0; + + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = + mbedtls_ssl_ciphersuite_from_id(ep->ciphersuites[0]); TEST_ASSERT(ciphersuite_info != NULL); - TEST_ASSERT(ciphersuite_info->min_tls_version <= conf->max_tls_version); - TEST_ASSERT(ciphersuite_info->max_tls_version >= conf->min_tls_version); + TEST_ASSERT(ciphersuite_info->min_tls_version <= ep->conf.max_tls_version); + TEST_ASSERT(ciphersuite_info->max_tls_version >= ep->conf.min_tls_version); - if (conf->max_tls_version > ciphersuite_info->max_tls_version) { - conf->max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version; + if (ep->conf.max_tls_version > ciphersuite_info->max_tls_version) { + ep->conf.max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version; } - if (conf->min_tls_version < ciphersuite_info->min_tls_version) { - conf->min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version; + if (ep->conf.min_tls_version < ciphersuite_info->min_tls_version) { + ep->conf.min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version; } - mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite); + mbedtls_ssl_conf_ciphersuites(&ep->conf, ep->ciphersuites); + ok = 1; exit: - return; + return ok; } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ @@ -2098,8 +2107,6 @@ int mbedtls_test_ssl_do_handshake_with_endpoints( void mbedtls_test_ssl_perform_handshake( mbedtls_test_handshake_test_options *options) { - /* forced_ciphersuite needs to last until the end of the handshake */ - int forced_ciphersuite[2]; enum { BUFFSIZE = 17000 }; mbedtls_test_ssl_endpoint client, server; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) @@ -2142,9 +2149,7 @@ void mbedtls_test_ssl_perform_handshake( NULL), 0); } - if (strlen(options->cipher) > 0) { - set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite); - } + TEST_ASSERT(set_ciphersuite(&client, options->cipher)); /* Server side */ if (options->dtls != 0) { From c4949d1426077bfaa870ea29401646549002d7ea Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 19:45:29 +0200 Subject: [PATCH 0544/1548] mbedtls_ssl_conf_alpn_protocols: declare list elements as const This reflects the fact that the library will not modify the list, and allows the list to be read from a const buffer. Signed-off-by: Gilles Peskine --- ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt | 4 ++++ include/mbedtls/ssl.h | 5 +++-- library/ssl_client.c | 2 +- library/ssl_tls.c | 9 +++++---- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_client.c | 2 +- 6 files changed, 15 insertions(+), 9 deletions(-) create mode 100644 ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt diff --git a/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt b/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt new file mode 100644 index 0000000000..0e396bbeff --- /dev/null +++ b/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt @@ -0,0 +1,4 @@ +API changes + * The list passed to mbedtls_ssl_conf_alpn_protocols() is now declared + as having const elements, reflecting the fact that the library will + not modify it diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c77cec88e3..60e58295a1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1569,7 +1569,7 @@ struct mbedtls_ssl_config { #endif /* MBEDTLS_SSL_EARLY_DATA */ #if defined(MBEDTLS_SSL_ALPN) - const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */ + const char *const *MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */ #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) @@ -4011,7 +4011,8 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque(mbedtls_ssl_context *ssl, * * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. */ -int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos); +int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, + const char *const *protos); /** * \brief Get the name of the negotiated Application Layer Protocol. diff --git a/library/ssl_client.c b/library/ssl_client.c index cb57a97669..307da0fabb 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -141,7 +141,7 @@ static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl, * ProtocolName protocol_name_list<2..2^16-1> * } ProtocolNameList; */ - for (const char **cur = ssl->conf->alpn_list; *cur != NULL; cur++) { + for (const char *const *cur = ssl->conf->alpn_list; *cur != NULL; cur++) { /* * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of * protocol names is less than 255. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f95f3c7c99..1c0aab0ac2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2534,10 +2534,11 @@ void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_SSL_ALPN) -int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos) +int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, + const char *const *protos) { size_t cur_len, tot_len; - const char **p; + const char *const *p; /* * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings @@ -5111,7 +5112,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_ALPN) { uint8_t alpn_len; - const char **cur; + const char *const *cur; if ((size_t) (end - p) < 1) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -8547,7 +8548,7 @@ int mbedtls_ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, } /* Use our order of preference */ - for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { + for (const char *const *alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { size_t const alpn_len = strlen(*alpn); p = protocol_name_list; while (p < protocol_name_list_end) { diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index df7dfbfa61..ec778f9ed8 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -869,7 +869,7 @@ static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { size_t list_len, name_len; - const char **p; + const char *const *p; /* If we didn't send it, the server shouldn't send it */ if (ssl->conf->alpn_list == NULL) { diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 9386801512..b7b075cc97 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -158,7 +158,7 @@ static int ssl_tls13_parse_alpn_ext(mbedtls_ssl_context *ssl, /* Check that the server chosen protocol was in our list and save it */ MBEDTLS_SSL_CHK_BUF_READ_PTR(p, protocol_name_list_end, protocol_name_len); - for (const char **alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { + for (const char *const *alpn = ssl->conf->alpn_list; *alpn != NULL; alpn++) { if (protocol_name_len == strlen(*alpn) && memcmp(p, *alpn, protocol_name_len) == 0) { ssl->alpn_chosen = *alpn; From 9b993681fddc083a05b78cc54cd59cdb44f96b55 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 18:44:12 +0200 Subject: [PATCH 0545/1548] mbedtls_test_ssl_perform_handshake: declare options as const Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 4 ++-- tests/src/test_helpers/ssl_helpers.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index c198bc30c3..7cff97c7ce 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -457,7 +457,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, */ int mbedtls_test_ssl_endpoint_init( mbedtls_test_ssl_endpoint *ep, int endpoint_type, - mbedtls_test_handshake_test_options *options, + const mbedtls_test_handshake_test_options *options, mbedtls_test_message_socket_context *dtls_context, mbedtls_test_ssl_message_queue *input_queue, mbedtls_test_ssl_message_queue *output_queue); @@ -609,7 +609,7 @@ int mbedtls_test_ssl_do_handshake_with_endpoints( #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) void mbedtls_test_ssl_perform_handshake( - mbedtls_test_handshake_test_options *options); + const mbedtls_test_handshake_test_options *options); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_TEST_HOOKS) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index ac1f1cbdb2..0141fb4e21 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -736,7 +736,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int mbedtls_test_ssl_endpoint_init( mbedtls_test_ssl_endpoint *ep, int endpoint_type, - mbedtls_test_handshake_test_options *options, + const mbedtls_test_handshake_test_options *options, mbedtls_test_message_socket_context *dtls_context, mbedtls_test_ssl_message_queue *input_queue, mbedtls_test_ssl_message_queue *output_queue) @@ -2105,7 +2105,7 @@ int mbedtls_test_ssl_do_handshake_with_endpoints( #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) void mbedtls_test_ssl_perform_handshake( - mbedtls_test_handshake_test_options *options) + const mbedtls_test_handshake_test_options *options) { enum { BUFFSIZE = 17000 }; mbedtls_test_ssl_endpoint client, server; From 29969593e4edae8fa6d8ea713f294bb5c3acc434 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 19:24:28 +0200 Subject: [PATCH 0546/1548] Move DTLS context into the endpoint structure This is a step towards making mbedtls_test_ssl_endpoint_init() and mbedtls_test_ssl_endpoint_free() more self-contained. No behavior change. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 5 ++++ tests/src/test_helpers/ssl_helpers.c | 38 ++++++++++++++-------------- 2 files changed, 24 insertions(+), 19 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 7cff97c7ce..ec08d09cc0 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -194,6 +194,11 @@ typedef struct mbedtls_test_ssl_endpoint { mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_test_mock_socket socket; + + /* Objects only used by DTLS. + * They should be guarded by MBEDTLS_SSL_PROTO_DTLS, but + * currently aren't because some code accesses them without guards. */ + mbedtls_test_message_socket_context dtls_context; #if defined(MBEDTLS_TIMING_C) mbedtls_timing_delay_context timer; #endif diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 0141fb4e21..580cc9b821 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -741,10 +741,12 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_test_ssl_message_queue *input_queue, mbedtls_test_ssl_message_queue *output_queue) { + (void) dtls_context; // no longer used + int ret = -1; uintptr_t user_data_n; - if (dtls_context != NULL && + if (options->dtls && (input_queue == NULL || output_queue == NULL)) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -760,6 +762,7 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_init(&(ep->ssl)); mbedtls_ssl_config_init(&(ep->conf)); + mbedtls_test_message_socket_init(&ep->dtls_context); TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL); TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0); @@ -772,17 +775,17 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_conf_set_user_data_n(&ep->conf, user_data_n); mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n); - if (dtls_context != NULL) { + if (options->dtls) { TEST_EQUAL(mbedtls_test_message_socket_setup(input_queue, output_queue, 100, &(ep->socket), - dtls_context), 0); + &ep->dtls_context), 0); } else { mbedtls_test_mock_socket_init(&(ep->socket)); } /* Non-blocking callbacks without timeout */ - if (dtls_context != NULL) { - mbedtls_ssl_set_bio(&(ep->ssl), dtls_context, + if (options->dtls) { + mbedtls_ssl_set_bio(&(ep->ssl), &ep->dtls_context, mbedtls_test_mock_tcp_send_msg, mbedtls_test_mock_tcp_recv_msg, NULL); @@ -799,7 +802,7 @@ int mbedtls_test_ssl_endpoint_init( } ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type, - (dtls_context != NULL) ? + options->dtls ? MBEDTLS_SSL_TRANSPORT_DATAGRAM : MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); @@ -867,7 +870,7 @@ int mbedtls_test_ssl_endpoint_init( } #if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) { + if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->dtls) { mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL); } #endif @@ -914,6 +917,8 @@ void mbedtls_test_ssl_endpoint_free( mbedtls_test_ssl_endpoint *ep, mbedtls_test_message_socket_context *context) { + (void) context; // no longer used + mbedtls_ssl_free(&(ep->ssl)); mbedtls_ssl_config_free(&(ep->conf)); @@ -921,8 +926,8 @@ void mbedtls_test_ssl_endpoint_free( ep->ciphersuites = NULL; test_ssl_endpoint_certificate_free(ep); - if (context != NULL) { - mbedtls_test_message_socket_close(context); + if (ep->dtls_context.socket != NULL) { + mbedtls_test_message_socket_close(&ep->dtls_context); } else { mbedtls_test_mock_socket_close(&(ep->socket)); } @@ -2125,9 +2130,6 @@ void mbedtls_test_ssl_perform_handshake( mbedtls_platform_zeroize(&client, sizeof(client)); mbedtls_platform_zeroize(&server, sizeof(server)); mbedtls_test_ssl_message_queue server_queue, client_queue; - mbedtls_test_message_socket_context server_context, client_context; - mbedtls_test_message_socket_init(&server_context); - mbedtls_test_message_socket_init(&client_context); #if defined(MBEDTLS_DEBUG_C) if (options->cli_log_fun || options->srv_log_fun) { @@ -2139,7 +2141,7 @@ void mbedtls_test_ssl_perform_handshake( if (options->dtls != 0) { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - options, &client_context, + options, NULL, &client_queue, &server_queue), 0); } else { @@ -2155,7 +2157,7 @@ void mbedtls_test_ssl_perform_handshake( if (options->dtls != 0) { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - options, &server_context, + options, NULL, &server_queue, &client_queue), 0); } else { @@ -2312,7 +2314,7 @@ void mbedtls_test_ssl_perform_handshake( TEST_EQUAL(mbedtls_ssl_setup(&(server.ssl), &(server.conf)), 0); - mbedtls_ssl_set_bio(&(server.ssl), &server_context, + mbedtls_ssl_set_bio(&(server.ssl), &server.dtls_context, mbedtls_test_mock_tcp_send_msg, mbedtls_test_mock_tcp_recv_msg, NULL); @@ -2426,10 +2428,8 @@ void mbedtls_test_ssl_perform_handshake( TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server); exit: - mbedtls_test_ssl_endpoint_free(&client, - options->dtls != 0 ? &client_context : NULL); - mbedtls_test_ssl_endpoint_free(&server, - options->dtls != 0 ? &server_context : NULL); + mbedtls_test_ssl_endpoint_free(&client, NULL); + mbedtls_test_ssl_endpoint_free(&server, NULL); #if defined(MBEDTLS_DEBUG_C) if (options->cli_log_fun || options->srv_log_fun) { mbedtls_debug_set_threshold(0); From b092e78ab3017df9addd531230141e1764b00036 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 20:15:03 +0200 Subject: [PATCH 0547/1548] New auxiliary function mbedtls_test_ssl_dtls_join_endpoints Create an auxiliary function to perform some endpoint setup that involves both the client and the server. This is only needed for DTLS. The code that will eventually be in this function is currently mostly in mbedtls_test_ssl_endpoint_init(). This commit adds the new function to the control flow; a subsequent commit will move the relevant code. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 18 ++++++++++++++++++ tests/src/test_helpers/ssl_helpers.c | 17 +++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index ec08d09cc0..ca43663632 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -450,6 +450,9 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, * `mbedtls_test_ssl_endpoint_free()` after calling this function * even if it fails. * + * \note For DTLS, after calling this function on both endpoints, + * call mbedtls_test_ssl_dtls_join_endpoints(). + * * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or * MBEDTLS_SSL_IS_CLIENT. * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and @@ -474,6 +477,21 @@ void mbedtls_test_ssl_endpoint_free( mbedtls_test_ssl_endpoint *ep, mbedtls_test_message_socket_context *context); +/* Join a DTLS client with a DTLS server. + * + * You must call this function after setting up the endpoint objects + * and before starting a DTLS handshake. + * + * \param client The client. It must have been set up with + * mbedtls_test_ssl_endpoint_init(). + * \param server The server. It must have been set up with + * mbedtls_test_ssl_endpoint_init(). + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_ssl_dtls_join_endpoints(mbedtls_test_ssl_endpoint *client, + mbedtls_test_ssl_endpoint *server); + /* * This function moves ssl handshake from \p ssl to prescribed \p state. * /p second_ssl is used as second endpoint and their sockets have to be diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 580cc9b821..f917acc574 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -933,6 +933,19 @@ void mbedtls_test_ssl_endpoint_free( } } +int mbedtls_test_ssl_dtls_join_endpoints(mbedtls_test_ssl_endpoint *client, + mbedtls_test_ssl_endpoint *server) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + /* Nothing to do yet. */ + (void) client; + (void) server; + ret = 0; + + return ret; +} + int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, mbedtls_ssl_context *second_ssl, int state) @@ -2169,6 +2182,10 @@ void mbedtls_test_ssl_perform_handshake( mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); + if (options->dtls) { + TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(&client, &server), 0); + } + #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(server.conf), (unsigned char) options->mfl), From 6c154e7d512712029ea3fa1413044f1a3926fd86 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 20:23:52 +0200 Subject: [PATCH 0548/1548] Move queue management into mbedtls_test_ssl_dtls_join_endpoints This allows mbedtls_test_ssl_endpoint_init() to no longer interact with the other endpoint. No behavior change. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 1 + tests/src/test_helpers/ssl_helpers.c | 43 ++++++++++++---------------- 2 files changed, 20 insertions(+), 24 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index ca43663632..d98f48ead8 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -205,6 +205,7 @@ typedef struct mbedtls_test_ssl_endpoint { /* Objects owned by the endpoint */ int *ciphersuites; + mbedtls_test_ssl_message_queue queue_input; mbedtls_x509_crt *ca_chain; mbedtls_x509_crt *cert; mbedtls_pk_context *pkey; diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index f917acc574..453e8e7808 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -742,16 +742,12 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_test_ssl_message_queue *output_queue) { (void) dtls_context; // no longer used + (void) input_queue; // no longer used + (void) output_queue; // no longer used int ret = -1; uintptr_t user_data_n; - if (options->dtls && - (input_queue == NULL || output_queue == NULL)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - - } - if (ep == NULL) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } @@ -775,13 +771,7 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_conf_set_user_data_n(&ep->conf, user_data_n); mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n); - if (options->dtls) { - TEST_EQUAL(mbedtls_test_message_socket_setup(input_queue, output_queue, - 100, &(ep->socket), - &ep->dtls_context), 0); - } else { - mbedtls_test_mock_socket_init(&(ep->socket)); - } + mbedtls_test_mock_socket_init(&(ep->socket)); /* Non-blocking callbacks without timeout */ if (options->dtls) { @@ -938,11 +928,19 @@ int mbedtls_test_ssl_dtls_join_endpoints(mbedtls_test_ssl_endpoint *client, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - /* Nothing to do yet. */ - (void) client; - (void) server; - ret = 0; + ret = mbedtls_test_message_socket_setup(&client->queue_input, + &server->queue_input, + 100, &(client->socket), + &client->dtls_context); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_message_socket_setup(&server->queue_input, + &client->queue_input, + 100, &(server->socket), + &server->dtls_context); + TEST_EQUAL(ret, 0); +exit: return ret; } @@ -2142,7 +2140,6 @@ void mbedtls_test_ssl_perform_handshake( MD_OR_USE_PSA_INIT(); mbedtls_platform_zeroize(&client, sizeof(client)); mbedtls_platform_zeroize(&server, sizeof(server)); - mbedtls_test_ssl_message_queue server_queue, client_queue; #if defined(MBEDTLS_DEBUG_C) if (options->cli_log_fun || options->srv_log_fun) { @@ -2154,9 +2151,8 @@ void mbedtls_test_ssl_perform_handshake( if (options->dtls != 0) { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - options, NULL, - &client_queue, - &server_queue), 0); + options, NULL, NULL, + NULL), 0); } else { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, @@ -2170,9 +2166,8 @@ void mbedtls_test_ssl_perform_handshake( if (options->dtls != 0) { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - options, NULL, - &server_queue, - &client_queue), 0); + options, NULL, NULL, + NULL), 0); } else { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, From ca8a9ac4afd6dca70c95111d343cbe4d655cf8a9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 20:52:24 +0200 Subject: [PATCH 0549/1548] Remove unused parameters to endpoint init/free The DTLS context and the queues now conveyed inside the endpoint object. Remove the unused parameters. No behavior change. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 12 +-- tests/src/test_helpers/ssl_helpers.c | 44 +++----- tests/suites/test_suite_ssl.function | 148 +++++++++++++-------------- 3 files changed, 85 insertions(+), 119 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index d98f48ead8..4a64b0fc4e 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -458,25 +458,17 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, * MBEDTLS_SSL_IS_CLIENT. * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and * MBEDTLS_PK_ECDSA are supported. - * \p dtls_context - in case of DTLS - this is the context handling metadata. - * \p input_queue - used only in case of DTLS. - * \p output_queue - used only in case of DTLS. * * \retval 0 on success, otherwise error code. */ int mbedtls_test_ssl_endpoint_init( mbedtls_test_ssl_endpoint *ep, int endpoint_type, - const mbedtls_test_handshake_test_options *options, - mbedtls_test_message_socket_context *dtls_context, - mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue); + const mbedtls_test_handshake_test_options *options); /* * Deinitializes endpoint represented by \p ep. */ -void mbedtls_test_ssl_endpoint_free( - mbedtls_test_ssl_endpoint *ep, - mbedtls_test_message_socket_context *context); +void mbedtls_test_ssl_endpoint_free(mbedtls_test_ssl_endpoint *ep); /* Join a DTLS client with a DTLS server. * diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 453e8e7808..3e02a24ef2 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -736,15 +736,8 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int mbedtls_test_ssl_endpoint_init( mbedtls_test_ssl_endpoint *ep, int endpoint_type, - const mbedtls_test_handshake_test_options *options, - mbedtls_test_message_socket_context *dtls_context, - mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue) + const mbedtls_test_handshake_test_options *options) { - (void) dtls_context; // no longer used - (void) input_queue; // no longer used - (void) output_queue; // no longer used - int ret = -1; uintptr_t user_data_n; @@ -904,11 +897,8 @@ int mbedtls_test_ssl_endpoint_init( } void mbedtls_test_ssl_endpoint_free( - mbedtls_test_ssl_endpoint *ep, - mbedtls_test_message_socket_context *context) + mbedtls_test_ssl_endpoint *ep) { - (void) context; // no longer used - mbedtls_ssl_free(&(ep->ssl)); mbedtls_ssl_config_free(&(ep->conf)); @@ -2082,13 +2072,11 @@ int mbedtls_test_ssl_do_handshake_with_endpoints( options->server_max_version = proto; options->client_max_version = proto; - ret = mbedtls_test_ssl_endpoint_init(client_ep, MBEDTLS_SSL_IS_CLIENT, options, - NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(client_ep, MBEDTLS_SSL_IS_CLIENT, options); if (ret != 0) { return ret; } - ret = mbedtls_test_ssl_endpoint_init(server_ep, MBEDTLS_SSL_IS_SERVER, options, - NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(server_ep, MBEDTLS_SSL_IS_SERVER, options); if (ret != 0) { return ret; } @@ -2151,13 +2139,11 @@ void mbedtls_test_ssl_perform_handshake( if (options->dtls != 0) { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - options, NULL, NULL, - NULL), 0); + options), 0); } else { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - options, NULL, NULL, - NULL), 0); + options), 0); } TEST_ASSERT(set_ciphersuite(&client, options->cipher)); @@ -2166,13 +2152,11 @@ void mbedtls_test_ssl_perform_handshake( if (options->dtls != 0) { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - options, NULL, NULL, - NULL), 0); + options), 0); } else { TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - options, NULL, NULL, - NULL), 0); + options), 0); } mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); @@ -2440,8 +2424,8 @@ void mbedtls_test_ssl_perform_handshake( TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server); exit: - mbedtls_test_ssl_endpoint_free(&client, NULL); - mbedtls_test_ssl_endpoint_free(&server, NULL); + mbedtls_test_ssl_endpoint_free(&client); + mbedtls_test_ssl_endpoint_free(&server); #if defined(MBEDTLS_DEBUG_C) if (options->cli_log_fun || options->srv_log_fun) { mbedtls_debug_set_threshold(0); @@ -2615,11 +2599,11 @@ int mbedtls_test_get_tls13_ticket( mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - client_options, NULL, NULL, NULL); + client_options); TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - server_options, NULL, NULL, NULL); + server_options); TEST_EQUAL(ret, 0); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, @@ -2647,8 +2631,8 @@ int mbedtls_test_get_tls13_ticket( ok = 1; exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep); + mbedtls_test_ssl_endpoint_free(&server_ep); if (ret == 0 && !ok) { /* Exiting due to a test assertion that isn't ret == 0 */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index bebb2c8cf4..052a9d8f4a 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2879,20 +2879,18 @@ void mbedtls_endpoint_sanity(int endpoint_type) MD_OR_USE_PSA_INIT(); - ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options, - NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options); TEST_EQUAL(MBEDTLS_ERR_SSL_BAD_INPUT_DATA, ret); ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, options.pk_alg, 0, 0, 0); TEST_EQUAL(MBEDTLS_ERR_SSL_BAD_INPUT_DATA, ret); - ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options, - NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options); TEST_EQUAL(ret, 0); exit: - mbedtls_test_ssl_endpoint_free(&ep, NULL); + mbedtls_test_ssl_endpoint_free(&ep); mbedtls_test_free_handshake_options(&options); MD_OR_USE_PSA_DONE(); } @@ -2931,15 +2929,14 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int mbedtls_platform_zeroize(&base_ep, sizeof(base_ep)); mbedtls_platform_zeroize(&second_ep, sizeof(second_ep)); - ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options, - NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options); TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init( &second_ep, (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL); + &options); TEST_EQUAL(ret, 0); @@ -2965,8 +2962,8 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int exit: mbedtls_test_free_handshake_options(&options); - mbedtls_test_ssl_endpoint_free(&base_ep, NULL); - mbedtls_test_ssl_endpoint_free(&second_ep, NULL); + mbedtls_test_ssl_endpoint_free(&base_ep); + mbedtls_test_ssl_endpoint_free(&second_ep); MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -3225,8 +3222,7 @@ void recombine_server_first_flight(int version, client_options.cli_log_fun = mbedtls_test_ssl_log_analyzer; #endif TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, - NULL), 0); + &client_options), 0); server_options.server_min_version = version; server_options.server_max_version = version; @@ -3235,8 +3231,7 @@ void recombine_server_first_flight(int version, server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; #endif TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, - NULL), 0); + &server_options), 0); TEST_EQUAL(mbedtls_test_mock_socket_connect(&client.socket, &server.socket, @@ -3321,8 +3316,8 @@ goal_reached: #endif exit: - mbedtls_test_ssl_endpoint_free(&client, NULL); - mbedtls_test_ssl_endpoint_free(&server, NULL); + mbedtls_test_ssl_endpoint_free(&client); + mbedtls_test_ssl_endpoint_free(&server); mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); MD_OR_USE_PSA_DONE(); @@ -3598,11 +3593,10 @@ void force_bad_session_id_len() MD_OR_USE_PSA_INIT(); TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &options, NULL, NULL, - NULL), 0); + &options), 0); TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL), 0); + &options), 0); mbedtls_debug_set_threshold(1); mbedtls_ssl_conf_dbg(&server.conf, options.srv_log_fun, @@ -3631,8 +3625,8 @@ void force_bad_session_id_len() /* Make sure that the cache did not store the session */ TEST_EQUAL(srv_pattern.counter, 1); exit: - mbedtls_test_ssl_endpoint_free(&client, NULL); - mbedtls_test_ssl_endpoint_free(&server, NULL); + mbedtls_test_ssl_endpoint_free(&client); + mbedtls_test_ssl_endpoint_free(&server); mbedtls_test_free_handshake_options(&options); mbedtls_debug_set_threshold(0); MD_OR_USE_PSA_DONE(); @@ -3793,16 +3787,14 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) client_options.pk_alg = MBEDTLS_PK_ECDSA; client_options.group_list = iana_tls_group_list; TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, - NULL), 0); + &client_options), 0); /* Server side */ server_options.pk_alg = MBEDTLS_PK_ECDSA; server_options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2; server_options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2; TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, - NULL), 0); + &server_options), 0); TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), &(server.socket), @@ -3836,8 +3828,8 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) } exit: - mbedtls_test_ssl_endpoint_free(&client, NULL); - mbedtls_test_ssl_endpoint_free(&server, NULL); + mbedtls_test_ssl_endpoint_free(&client); + mbedtls_test_ssl_endpoint_free(&server); mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); @@ -3868,13 +3860,13 @@ void tls13_server_certificate_msg_invalid_vector_len() client_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); + &client_options); TEST_EQUAL(ret, 0); mbedtls_test_init_handshake_options(&server_options); server_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); + &server_options); TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), @@ -3932,8 +3924,8 @@ void tls13_server_certificate_msg_invalid_vector_len() exit: mbedtls_ssl_reset_chk_buf_ptr_fail_args(); - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep); + mbedtls_test_ssl_endpoint_free(&server_ep); mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); MD_OR_USE_PSA_DONE(); @@ -4124,11 +4116,11 @@ void tls13_resume_session_with_ticket() * Prepare for handshake with the ticket. */ ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); + &client_options); TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); + &server_options); TEST_EQUAL(ret, 0); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, @@ -4161,8 +4153,8 @@ void tls13_resume_session_with_ticket() MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL); exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep); + mbedtls_test_ssl_endpoint_free(&server_ep); mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); mbedtls_ssl_session_free(&saved_session); @@ -4286,13 +4278,13 @@ void tls13_read_early_data(int scenario) } ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); + &client_options); TEST_EQUAL(ret, 0); server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; server_options.srv_log_obj = &server_pattern; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); + &server_options); TEST_EQUAL(ret, 0); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, @@ -4367,8 +4359,8 @@ void tls13_read_early_data(int scenario) MBEDTLS_SSL_HANDSHAKE_OVER), 0); exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep); + mbedtls_test_ssl_endpoint_free(&server_ep); mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); mbedtls_ssl_session_free(&saved_session); @@ -4440,11 +4432,11 @@ void tls13_cli_early_data_state(int scenario) } ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); + &client_options); TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); + &server_options); TEST_EQUAL(ret, 0); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, @@ -4741,8 +4733,8 @@ void tls13_cli_early_data_state(int scenario) #endif exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep); + mbedtls_test_ssl_endpoint_free(&server_ep); mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); mbedtls_ssl_session_free(&saved_session); @@ -4817,11 +4809,11 @@ void tls13_write_early_data(int scenario) } ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); + &client_options); TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); + &server_options); TEST_EQUAL(ret, 0); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, @@ -5090,8 +5082,8 @@ complete_handshake: } while (1); exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep); + mbedtls_test_ssl_endpoint_free(&server_ep); mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); mbedtls_ssl_session_free(&saved_session); @@ -5140,11 +5132,11 @@ void tls13_cli_max_early_data_size(int max_early_data_size_arg) * Prepare for handshake with the ticket. */ ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); + &client_options); TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); + &server_options); TEST_EQUAL(ret, 0); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, @@ -5237,8 +5229,8 @@ void tls13_cli_max_early_data_size(int max_early_data_size_arg) 0); exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep); + mbedtls_test_ssl_endpoint_free(&server_ep); mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); mbedtls_ssl_session_free(&saved_session); @@ -5344,11 +5336,11 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in } ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL); + &client_options); TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL); + &server_options); TEST_EQUAL(ret, 0); mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, @@ -5491,8 +5483,8 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in TEST_EQUAL(server_pattern.counter, 1); exit: - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_ssl_endpoint_free(&client_ep); + mbedtls_test_ssl_endpoint_free(&server_ep); mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); mbedtls_ssl_session_free(&saved_session); @@ -5540,11 +5532,11 @@ void inject_client_content_on_the_wire(int pk_alg, options.pk_alg = pk_alg; ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL); + &options); TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &options, NULL, NULL, NULL); + &options); TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket, @@ -5571,8 +5563,8 @@ void inject_client_content_on_the_wire(int pk_alg, exit: mbedtls_test_free_handshake_options(&options); - mbedtls_test_ssl_endpoint_free(&server, NULL); - mbedtls_test_ssl_endpoint_free(&client, NULL); + mbedtls_test_ssl_endpoint_free(&server); + mbedtls_test_ssl_endpoint_free(&client); mbedtls_debug_set_threshold(0); PSA_DONE(); } @@ -5618,11 +5610,11 @@ void send_large_fragmented_hello(int hs_len_int, int first_frag_content_len_int, options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL); + &options); TEST_EQUAL(ret, 0); ret = mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &options, NULL, NULL, NULL); + &options); TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket, @@ -5685,8 +5677,8 @@ void send_large_fragmented_hello(int hs_len_int, int first_frag_content_len_int, exit: mbedtls_test_free_handshake_options(&options); - mbedtls_test_ssl_endpoint_free(&server, NULL); - mbedtls_test_ssl_endpoint_free(&client, NULL); + mbedtls_test_ssl_endpoint_free(&server); + mbedtls_test_ssl_endpoint_free(&client); mbedtls_debug_set_threshold(0); mbedtls_free(first_frag); PSA_DONE(); @@ -5731,8 +5723,8 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int TEST_EQUAL(memcmp(key_buffer_server, key_buffer_client, (size_t) exported_key_length), 0); exit: - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep); + mbedtls_test_ssl_endpoint_free(&client_ep); mbedtls_test_free_handshake_options(&options); mbedtls_free(key_buffer_server); mbedtls_free(key_buffer_client); @@ -5772,8 +5764,8 @@ void ssl_tls_exporter_uses_label(int proto) TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); exit: - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep); + mbedtls_test_ssl_endpoint_free(&client_ep); mbedtls_test_free_handshake_options(&options); MD_OR_USE_PSA_DONE(); } @@ -5811,8 +5803,8 @@ void ssl_tls_exporter_uses_context(int proto) TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); exit: - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep); + mbedtls_test_ssl_endpoint_free(&client_ep); mbedtls_test_free_handshake_options(&options); MD_OR_USE_PSA_DONE(); } @@ -5853,8 +5845,8 @@ void ssl_tls13_exporter_uses_length(void) TEST_ASSERT(memcmp(key_buffer_server, key_buffer_client, sizeof(key_buffer_server)) != 0); exit: - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep); + mbedtls_test_ssl_endpoint_free(&client_ep); mbedtls_test_free_handshake_options(&options); MD_OR_USE_PSA_DONE(); } @@ -5890,8 +5882,8 @@ void ssl_tls_exporter_rejects_bad_parameters( TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); exit: - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep); + mbedtls_test_ssl_endpoint_free(&client_ep); mbedtls_test_free_handshake_options(&options); mbedtls_free(key_buffer); mbedtls_free(label); @@ -5917,11 +5909,9 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) MD_OR_USE_PSA_INIT(); - ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, &options, - NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, &options); TEST_EQUAL(ret, 0); - ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &options, - NULL, NULL, NULL); + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, &options); TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&client_ep.socket, &server_ep.socket, BUFFSIZE); @@ -5945,8 +5935,8 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); exit: - mbedtls_test_ssl_endpoint_free(&server_ep, NULL); - mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep); + mbedtls_test_ssl_endpoint_free(&client_ep); mbedtls_test_free_handshake_options(&options); MD_OR_USE_PSA_DONE(); } From 07432b9d0cc3a7ec82e1e92e6230550774f6fc6c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 21:07:44 +0200 Subject: [PATCH 0550/1548] Unify identical code This is made possible by the endpoint init simplification. No behavior change. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 26 ++++++-------------------- 1 file changed, 6 insertions(+), 20 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 3e02a24ef2..184c0cd05b 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2136,29 +2136,15 @@ void mbedtls_test_ssl_perform_handshake( #endif /* Client side */ - if (options->dtls != 0) { - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, - MBEDTLS_SSL_IS_CLIENT, - options), 0); - } else { - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, - MBEDTLS_SSL_IS_CLIENT, - options), 0); - } - + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, + MBEDTLS_SSL_IS_CLIENT, + options), 0); TEST_ASSERT(set_ciphersuite(&client, options->cipher)); /* Server side */ - if (options->dtls != 0) { - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, - MBEDTLS_SSL_IS_SERVER, - options), 0); - } else { - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, - MBEDTLS_SSL_IS_SERVER, - options), 0); - } - + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, + MBEDTLS_SSL_IS_SERVER, + options), 0); mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); if (options->dtls) { From e30b5c73f32915e99599c876e3d1c5a6fc50b1be Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 21:05:48 +0200 Subject: [PATCH 0551/1548] mbedtls_test_ssl_perform_handshake: make client, server pointers This will facilitate future refactoring that breaks out code into auxiliary functions. No behavior change. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 183 ++++++++++++++------------- 1 file changed, 93 insertions(+), 90 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 184c0cd05b..adbb13280d 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2112,7 +2112,12 @@ void mbedtls_test_ssl_perform_handshake( const mbedtls_test_handshake_test_options *options) { enum { BUFFSIZE = 17000 }; - mbedtls_test_ssl_endpoint client, server; + mbedtls_test_ssl_endpoint client_struct; + memset(&client_struct, 0, sizeof(client_struct)); + mbedtls_test_ssl_endpoint *const client = &client_struct; + mbedtls_test_ssl_endpoint server_struct; + memset(&server_struct, 0, sizeof(server_struct)); + mbedtls_test_ssl_endpoint *const server = &server_struct; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) const char *psk_identity = "foo"; #endif @@ -2126,8 +2131,6 @@ void mbedtls_test_ssl_perform_handshake( int expected_handshake_result = options->expected_handshake_result; MD_OR_USE_PSA_INIT(); - mbedtls_platform_zeroize(&client, sizeof(client)); - mbedtls_platform_zeroize(&server, sizeof(server)); #if defined(MBEDTLS_DEBUG_C) if (options->cli_log_fun || options->srv_log_fun) { @@ -2136,26 +2139,26 @@ void mbedtls_test_ssl_perform_handshake( #endif /* Client side */ - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(client, MBEDTLS_SSL_IS_CLIENT, options), 0); - TEST_ASSERT(set_ciphersuite(&client, options->cipher)); + TEST_ASSERT(set_ciphersuite(client, options->cipher)); /* Server side */ - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(server, MBEDTLS_SSL_IS_SERVER, options), 0); - mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode); + mbedtls_ssl_conf_authmode(&server->conf, options->srv_auth_mode); if (options->dtls) { - TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(&client, &server), 0); + TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(client, server), 0); } #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(server.conf), + TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(server->conf), (unsigned char) options->mfl), 0); - TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(client.conf), + TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(client->conf), (unsigned char) options->mfl), 0); #else @@ -2165,46 +2168,46 @@ void mbedtls_test_ssl_perform_handshake( #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (options->psk_str != NULL && options->psk_str->len > 0) { TEST_EQUAL(mbedtls_ssl_conf_psk( - &client.conf, options->psk_str->x, + &client->conf, options->psk_str->x, options->psk_str->len, (const unsigned char *) psk_identity, strlen(psk_identity)), 0); TEST_EQUAL(mbedtls_ssl_conf_psk( - &server.conf, options->psk_str->x, + &server->conf, options->psk_str->x, options->psk_str->len, (const unsigned char *) psk_identity, strlen(psk_identity)), 0); #if defined(MBEDTLS_SSL_SRV_C) - mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL); + mbedtls_ssl_conf_psk_cb(&server->conf, psk_dummy_callback, NULL); #endif } #endif #if defined(MBEDTLS_SSL_RENEGOTIATION) if (options->renegotiate) { - mbedtls_ssl_conf_renegotiation(&(server.conf), + mbedtls_ssl_conf_renegotiation(&(server->conf), MBEDTLS_SSL_RENEGOTIATION_ENABLED); - mbedtls_ssl_conf_renegotiation(&(client.conf), + mbedtls_ssl_conf_renegotiation(&(client->conf), MBEDTLS_SSL_RENEGOTIATION_ENABLED); - mbedtls_ssl_conf_legacy_renegotiation(&(server.conf), + mbedtls_ssl_conf_legacy_renegotiation(&(server->conf), options->legacy_renegotiation); - mbedtls_ssl_conf_legacy_renegotiation(&(client.conf), + mbedtls_ssl_conf_legacy_renegotiation(&(client->conf), options->legacy_renegotiation); } #endif /* MBEDTLS_SSL_RENEGOTIATION */ - TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), - &(server.socket), + TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client->socket), + &(server->socket), BUFFSIZE), 0); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) if (options->resize_buffers != 0) { /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_EQUAL(client.ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_EQUAL(client.ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); - TEST_EQUAL(server.ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_EQUAL(server.ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_EQUAL(client->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(client->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_EQUAL(server->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(server->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); } #endif @@ -2212,8 +2215,8 @@ void mbedtls_test_ssl_perform_handshake( expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; } - TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(client.ssl), - &(server.ssl), + TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(client->ssl), + &(server->ssl), MBEDTLS_SSL_HANDSHAKE_OVER), expected_handshake_result); @@ -2222,30 +2225,30 @@ void mbedtls_test_ssl_perform_handshake( goto exit; } - TEST_EQUAL(mbedtls_ssl_is_handshake_over(&client.ssl), 1); + TEST_EQUAL(mbedtls_ssl_is_handshake_over(&client->ssl), 1); /* Make sure server state is moved to HANDSHAKE_OVER also. */ - TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server.ssl), - &(client.ssl), + TEST_EQUAL(mbedtls_test_move_handshake_to_state(&(server->ssl), + &(client->ssl), MBEDTLS_SSL_HANDSHAKE_OVER), 0); - TEST_EQUAL(mbedtls_ssl_is_handshake_over(&server.ssl), 1); + TEST_EQUAL(mbedtls_ssl_is_handshake_over(&server->ssl), 1); /* Check that both sides have negotiated the expected version. */ mbedtls_test_set_step(0); if (!check_ssl_version(options->expected_negotiated_version, - &client.ssl)) { + &client->ssl)) { goto exit; } mbedtls_test_set_step(1); if (!check_ssl_version(options->expected_negotiated_version, - &server.ssl)) { + &server->ssl)) { goto exit; } if (options->expected_ciphersuite != 0) { - TEST_EQUAL(server.ssl.session->ciphersuite, + TEST_EQUAL(server->ssl.session->ciphersuite, options->expected_ciphersuite); } @@ -2253,25 +2256,25 @@ void mbedtls_test_ssl_perform_handshake( if (options->resize_buffers != 0) { /* A server, when using DTLS, might delay a buffer resize to happen * after it receives a message, so we force it. */ - TEST_EQUAL(exchange_data(&(client.ssl), &(server.ssl)), 0); + TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0); - TEST_EQUAL(client.ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&client.ssl)); - TEST_EQUAL(client.ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&client.ssl)); - TEST_EQUAL(server.ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_EQUAL(server.ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&server.ssl)); + TEST_EQUAL(client->ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&client->ssl)); + TEST_EQUAL(client->ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&client->ssl)); + TEST_EQUAL(server->ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&server->ssl)); + TEST_EQUAL(server->ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&server->ssl)); } #endif if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { /* Start data exchanging test */ TEST_EQUAL(mbedtls_test_ssl_exchange_data( - &(client.ssl), options->cli_msg_len, + &(client->ssl), options->cli_msg_len, options->expected_cli_fragments, - &(server.ssl), options->srv_msg_len, + &(server->ssl), options->srv_msg_len, options->expected_srv_fragments), 0); } @@ -2279,60 +2282,60 @@ void mbedtls_test_ssl_perform_handshake( if (options->serialize == 1) { TEST_EQUAL(options->dtls, 1); - TEST_EQUAL(mbedtls_ssl_context_save(&(server.ssl), NULL, + TEST_EQUAL(mbedtls_ssl_context_save(&(server->ssl), NULL, 0, &context_buf_len), MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); context_buf = mbedtls_calloc(1, context_buf_len); TEST_ASSERT(context_buf != NULL); - TEST_EQUAL(mbedtls_ssl_context_save(&(server.ssl), context_buf, + TEST_EQUAL(mbedtls_ssl_context_save(&(server->ssl), context_buf, context_buf_len, &context_buf_len), 0); - mbedtls_ssl_free(&(server.ssl)); - mbedtls_ssl_init(&(server.ssl)); + mbedtls_ssl_free(&(server->ssl)); + mbedtls_ssl_init(&(server->ssl)); - TEST_EQUAL(mbedtls_ssl_setup(&(server.ssl), &(server.conf)), 0); + TEST_EQUAL(mbedtls_ssl_setup(&(server->ssl), &(server->conf)), 0); - mbedtls_ssl_set_bio(&(server.ssl), &server.dtls_context, + mbedtls_ssl_set_bio(&(server->ssl), &server->dtls_context, mbedtls_test_mock_tcp_send_msg, mbedtls_test_mock_tcp_recv_msg, NULL); - mbedtls_ssl_set_user_data_p(&server.ssl, &server); + mbedtls_ssl_set_user_data_p(&server->ssl, server); #if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&server.ssl, &server.timer, + mbedtls_ssl_set_timer_cb(&server->ssl, &server->timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay); #endif #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) if (options->resize_buffers != 0) { /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_EQUAL(server.ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_EQUAL(server.ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_EQUAL(server->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(server->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); } #endif - TEST_EQUAL(mbedtls_ssl_context_load(&(server.ssl), context_buf, + TEST_EQUAL(mbedtls_ssl_context_load(&(server->ssl), context_buf, context_buf_len), 0); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) /* Validate buffer sizes after context deserialization */ if (options->resize_buffers != 0) { - TEST_EQUAL(server.ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_EQUAL(server.ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&server.ssl)); + TEST_EQUAL(server->ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&server->ssl)); + TEST_EQUAL(server->ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&server->ssl)); } #endif /* Retest writing/reading */ if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { TEST_EQUAL(mbedtls_test_ssl_exchange_data( - &(client.ssl), options->cli_msg_len, + &(client->ssl), options->cli_msg_len, options->expected_cli_fragments, - &(server.ssl), options->srv_msg_len, + &(server->ssl), options->srv_msg_len, options->expected_srv_fragments), 0); } @@ -2342,23 +2345,23 @@ void mbedtls_test_ssl_perform_handshake( #if defined(MBEDTLS_SSL_RENEGOTIATION) if (options->renegotiate) { /* Start test with renegotiation */ - TEST_EQUAL(server.ssl.renego_status, + TEST_EQUAL(server->ssl.renego_status, MBEDTLS_SSL_INITIAL_HANDSHAKE); - TEST_EQUAL(client.ssl.renego_status, + TEST_EQUAL(client->ssl.renego_status, MBEDTLS_SSL_INITIAL_HANDSHAKE); /* After calling this function for the server, it only sends a handshake * request. All renegotiation should happen during data exchanging */ - TEST_EQUAL(mbedtls_ssl_renegotiate(&(server.ssl)), 0); - TEST_EQUAL(server.ssl.renego_status, + TEST_EQUAL(mbedtls_ssl_renegotiate(&(server->ssl)), 0); + TEST_EQUAL(server->ssl.renego_status, MBEDTLS_SSL_RENEGOTIATION_PENDING); - TEST_EQUAL(client.ssl.renego_status, + TEST_EQUAL(client->ssl.renego_status, MBEDTLS_SSL_INITIAL_HANDSHAKE); - TEST_EQUAL(exchange_data(&(client.ssl), &(server.ssl)), 0); - TEST_EQUAL(server.ssl.renego_status, + TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0); + TEST_EQUAL(server->ssl.renego_status, MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_EQUAL(client.ssl.renego_status, + TEST_EQUAL(client->ssl.renego_status, MBEDTLS_SSL_RENEGOTIATION_DONE); /* After calling mbedtls_ssl_renegotiate for the client, @@ -2367,51 +2370,51 @@ void mbedtls_test_ssl_perform_handshake( * between client and server so this function will return waiting error * on the socket. All rest of renegotiation should happen * during data exchanging */ - ret = mbedtls_ssl_renegotiate(&(client.ssl)); + ret = mbedtls_ssl_renegotiate(&(client->ssl)); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) if (options->resize_buffers != 0) { /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_EQUAL(client.ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_EQUAL(client.ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); + TEST_EQUAL(client->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(client->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); } #endif TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_EQUAL(server.ssl.renego_status, + TEST_EQUAL(server->ssl.renego_status, MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_EQUAL(client.ssl.renego_status, + TEST_EQUAL(client->ssl.renego_status, MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); - TEST_EQUAL(exchange_data(&(client.ssl), &(server.ssl)), 0); - TEST_EQUAL(server.ssl.renego_status, + TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0); + TEST_EQUAL(server->ssl.renego_status, MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_EQUAL(client.ssl.renego_status, + TEST_EQUAL(client->ssl.renego_status, MBEDTLS_SSL_RENEGOTIATION_DONE); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) /* Validate buffer sizes after renegotiation */ if (options->resize_buffers != 0) { - TEST_EQUAL(client.ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&client.ssl)); - TEST_EQUAL(client.ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&client.ssl)); - TEST_EQUAL(server.ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&server.ssl)); - TEST_EQUAL(server.ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&server.ssl)); + TEST_EQUAL(client->ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&client->ssl)); + TEST_EQUAL(client->ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&client->ssl)); + TEST_EQUAL(server->ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&server->ssl)); + TEST_EQUAL(server->ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&server->ssl)); } #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ } #endif /* MBEDTLS_SSL_RENEGOTIATION */ - TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client.conf) == &client); - TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client.ssl) == &client); - TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server.conf) == &server); - TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server.ssl) == &server); + TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client->conf) == client); + TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client->ssl) == client); + TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server->conf) == server); + TEST_ASSERT(mbedtls_ssl_get_user_data_p(&server->ssl) == server); exit: - mbedtls_test_ssl_endpoint_free(&client); - mbedtls_test_ssl_endpoint_free(&server); + mbedtls_test_ssl_endpoint_free(client); + mbedtls_test_ssl_endpoint_free(server); #if defined(MBEDTLS_DEBUG_C) if (options->cli_log_fun || options->srv_log_fun) { mbedtls_debug_set_threshold(0); From 78df6aebbccbd9fda1c26f872fc59a7e130c2a2a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 21:14:25 +0200 Subject: [PATCH 0552/1548] Move renegotiation testing into its own function No behavior change. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 143 +++++++++++++++------------ 1 file changed, 80 insertions(+), 63 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index adbb13280d..e00f2d42be 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2108,6 +2108,85 @@ int mbedtls_test_ssl_do_handshake_with_endpoints( #endif /* defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) + +#if defined(MBEDTLS_SSL_RENEGOTIATION) +static int test_renegotiation(const mbedtls_test_handshake_test_options *options, + mbedtls_test_ssl_endpoint *client, + mbedtls_test_ssl_endpoint *server) +{ + int ok = 0; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + (void) options; // only used in some configurations + + /* Start test with renegotiation */ + TEST_EQUAL(server->ssl.renego_status, + MBEDTLS_SSL_INITIAL_HANDSHAKE); + TEST_EQUAL(client->ssl.renego_status, + MBEDTLS_SSL_INITIAL_HANDSHAKE); + + /* After calling this function for the server, it only sends a handshake + * request. All renegotiation should happen during data exchanging */ + TEST_EQUAL(mbedtls_ssl_renegotiate(&(server->ssl)), 0); + TEST_EQUAL(server->ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_PENDING); + TEST_EQUAL(client->ssl.renego_status, + MBEDTLS_SSL_INITIAL_HANDSHAKE); + + TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0); + TEST_EQUAL(server->ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_EQUAL(client->ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); + + /* After calling mbedtls_ssl_renegotiate for the client, + * all renegotiation should happen inside this function. + * However in this test, we cannot perform simultaneous communication + * between client and server so this function will return waiting error + * on the socket. All rest of renegotiation should happen + * during data exchanging */ + ret = mbedtls_ssl_renegotiate(&(client->ssl)); +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + if (options->resize_buffers != 0) { + /* Ensure that the buffer sizes are appropriate before resizes */ + TEST_EQUAL(client->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(client->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); + } +#endif + TEST_ASSERT(ret == 0 || + ret == MBEDTLS_ERR_SSL_WANT_READ || + ret == MBEDTLS_ERR_SSL_WANT_WRITE); + TEST_EQUAL(server->ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_EQUAL(client->ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); + + TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0); + TEST_EQUAL(server->ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); + TEST_EQUAL(client->ssl.renego_status, + MBEDTLS_SSL_RENEGOTIATION_DONE); +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + /* Validate buffer sizes after renegotiation */ + if (options->resize_buffers != 0) { + TEST_EQUAL(client->ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&client->ssl)); + TEST_EQUAL(client->ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&client->ssl)); + TEST_EQUAL(server->ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&server->ssl)); + TEST_EQUAL(server->ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&server->ssl)); + } +#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ + + ok = 1; + +exit: + return ok; +} +#endif /* MBEDTLS_SSL_RENEGOTIATION */ + void mbedtls_test_ssl_perform_handshake( const mbedtls_test_handshake_test_options *options) { @@ -2124,9 +2203,6 @@ void mbedtls_test_ssl_perform_handshake( #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) unsigned char *context_buf = NULL; size_t context_buf_len; -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - int ret = -1; #endif int expected_handshake_result = options->expected_handshake_result; @@ -2344,66 +2420,7 @@ void mbedtls_test_ssl_perform_handshake( #if defined(MBEDTLS_SSL_RENEGOTIATION) if (options->renegotiate) { - /* Start test with renegotiation */ - TEST_EQUAL(server->ssl.renego_status, - MBEDTLS_SSL_INITIAL_HANDSHAKE); - TEST_EQUAL(client->ssl.renego_status, - MBEDTLS_SSL_INITIAL_HANDSHAKE); - - /* After calling this function for the server, it only sends a handshake - * request. All renegotiation should happen during data exchanging */ - TEST_EQUAL(mbedtls_ssl_renegotiate(&(server->ssl)), 0); - TEST_EQUAL(server->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_PENDING); - TEST_EQUAL(client->ssl.renego_status, - MBEDTLS_SSL_INITIAL_HANDSHAKE); - - TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0); - TEST_EQUAL(server->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_EQUAL(client->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_DONE); - - /* After calling mbedtls_ssl_renegotiate for the client, - * all renegotiation should happen inside this function. - * However in this test, we cannot perform simultaneous communication - * between client and server so this function will return waiting error - * on the socket. All rest of renegotiation should happen - * during data exchanging */ - ret = mbedtls_ssl_renegotiate(&(client->ssl)); -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_EQUAL(client->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_EQUAL(client->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - TEST_ASSERT(ret == 0 || - ret == MBEDTLS_ERR_SSL_WANT_READ || - ret == MBEDTLS_ERR_SSL_WANT_WRITE); - TEST_EQUAL(server->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_EQUAL(client->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS); - - TEST_EQUAL(exchange_data(&(client->ssl), &(server->ssl)), 0); - TEST_EQUAL(server->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_DONE); - TEST_EQUAL(client->ssl.renego_status, - MBEDTLS_SSL_RENEGOTIATION_DONE); -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - /* Validate buffer sizes after renegotiation */ - if (options->resize_buffers != 0) { - TEST_EQUAL(client->ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&client->ssl)); - TEST_EQUAL(client->ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&client->ssl)); - TEST_EQUAL(server->ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&server->ssl)); - TEST_EQUAL(server->ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&server->ssl)); - } -#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ + TEST_ASSERT(test_renegotiation(options, client, server)); } #endif /* MBEDTLS_SSL_RENEGOTIATION */ From e23a6d12fcae9f68da3dbb04974b11ac4b071ac3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 21:17:09 +0200 Subject: [PATCH 0553/1548] Move serialization testing into its own function No behavior change. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 146 ++++++++++++++------------- 1 file changed, 78 insertions(+), 68 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index e00f2d42be..a638fb821e 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2187,6 +2187,83 @@ static int test_renegotiation(const mbedtls_test_handshake_test_options *options } #endif /* MBEDTLS_SSL_RENEGOTIATION */ +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) +static int test_serialization(const mbedtls_test_handshake_test_options *options, + mbedtls_test_ssl_endpoint *client, + mbedtls_test_ssl_endpoint *server) +{ + int ok = 0; + unsigned char *context_buf = NULL; + size_t context_buf_len; + + TEST_EQUAL(options->dtls, 1); + + TEST_EQUAL(mbedtls_ssl_context_save(&(server->ssl), NULL, + 0, &context_buf_len), + MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + + context_buf = mbedtls_calloc(1, context_buf_len); + TEST_ASSERT(context_buf != NULL); + + TEST_EQUAL(mbedtls_ssl_context_save(&(server->ssl), context_buf, + context_buf_len, + &context_buf_len), + 0); + + mbedtls_ssl_free(&(server->ssl)); + mbedtls_ssl_init(&(server->ssl)); + + TEST_EQUAL(mbedtls_ssl_setup(&(server->ssl), &(server->conf)), 0); + + mbedtls_ssl_set_bio(&(server->ssl), &server->dtls_context, + mbedtls_test_mock_tcp_send_msg, + mbedtls_test_mock_tcp_recv_msg, + NULL); + + mbedtls_ssl_set_user_data_p(&server->ssl, server); + +#if defined(MBEDTLS_TIMING_C) + mbedtls_ssl_set_timer_cb(&server->ssl, &server->timer, + mbedtls_timing_set_delay, + mbedtls_timing_get_delay); +#endif +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + if (options->resize_buffers != 0) { + /* Ensure that the buffer sizes are appropriate before resizes */ + TEST_EQUAL(server->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); + TEST_EQUAL(server->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); + } +#endif + TEST_EQUAL(mbedtls_ssl_context_load(&(server->ssl), context_buf, + context_buf_len), 0); + +#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) + /* Validate buffer sizes after context deserialization */ + if (options->resize_buffers != 0) { + TEST_EQUAL(server->ssl.out_buf_len, + mbedtls_ssl_get_output_buflen(&server->ssl)); + TEST_EQUAL(server->ssl.in_buf_len, + mbedtls_ssl_get_input_buflen(&server->ssl)); + } +#endif + /* Retest writing/reading */ + if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { + TEST_EQUAL(mbedtls_test_ssl_exchange_data( + &(client->ssl), options->cli_msg_len, + options->expected_cli_fragments, + &(server->ssl), options->srv_msg_len, + options->expected_srv_fragments), + 0); + } + + ok = 1; + +exit: + mbedtls_free(context_buf); + return ok; +} +#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ + void mbedtls_test_ssl_perform_handshake( const mbedtls_test_handshake_test_options *options) { @@ -2199,10 +2276,6 @@ void mbedtls_test_ssl_perform_handshake( mbedtls_test_ssl_endpoint *const server = &server_struct; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) const char *psk_identity = "foo"; -#endif -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - unsigned char *context_buf = NULL; - size_t context_buf_len; #endif int expected_handshake_result = options->expected_handshake_result; @@ -2356,65 +2429,7 @@ void mbedtls_test_ssl_perform_handshake( } #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) if (options->serialize == 1) { - TEST_EQUAL(options->dtls, 1); - - TEST_EQUAL(mbedtls_ssl_context_save(&(server->ssl), NULL, - 0, &context_buf_len), - MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - - context_buf = mbedtls_calloc(1, context_buf_len); - TEST_ASSERT(context_buf != NULL); - - TEST_EQUAL(mbedtls_ssl_context_save(&(server->ssl), context_buf, - context_buf_len, - &context_buf_len), - 0); - - mbedtls_ssl_free(&(server->ssl)); - mbedtls_ssl_init(&(server->ssl)); - - TEST_EQUAL(mbedtls_ssl_setup(&(server->ssl), &(server->conf)), 0); - - mbedtls_ssl_set_bio(&(server->ssl), &server->dtls_context, - mbedtls_test_mock_tcp_send_msg, - mbedtls_test_mock_tcp_recv_msg, - NULL); - - mbedtls_ssl_set_user_data_p(&server->ssl, server); - -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&server->ssl, &server->timer, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if (options->resize_buffers != 0) { - /* Ensure that the buffer sizes are appropriate before resizes */ - TEST_EQUAL(server->ssl.out_buf_len, MBEDTLS_SSL_OUT_BUFFER_LEN); - TEST_EQUAL(server->ssl.in_buf_len, MBEDTLS_SSL_IN_BUFFER_LEN); - } -#endif - TEST_EQUAL(mbedtls_ssl_context_load(&(server->ssl), context_buf, - context_buf_len), 0); - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - /* Validate buffer sizes after context deserialization */ - if (options->resize_buffers != 0) { - TEST_EQUAL(server->ssl.out_buf_len, - mbedtls_ssl_get_output_buflen(&server->ssl)); - TEST_EQUAL(server->ssl.in_buf_len, - mbedtls_ssl_get_input_buflen(&server->ssl)); - } -#endif - /* Retest writing/reading */ - if (options->cli_msg_len != 0 || options->srv_msg_len != 0) { - TEST_EQUAL(mbedtls_test_ssl_exchange_data( - &(client->ssl), options->cli_msg_len, - options->expected_cli_fragments, - &(server->ssl), options->srv_msg_len, - options->expected_srv_fragments), - 0); - } + TEST_ASSERT(test_serialization(options, client, server)); } #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ @@ -2436,11 +2451,6 @@ void mbedtls_test_ssl_perform_handshake( if (options->cli_log_fun || options->srv_log_fun) { mbedtls_debug_set_threshold(0); } -#endif -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if (context_buf != NULL) { - mbedtls_free(context_buf); - } #endif MD_OR_USE_PSA_DONE(); } From bd953400709fa70f780750f0e12e268367cfaec3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 28 May 2025 15:20:28 +0200 Subject: [PATCH 0554/1548] Unify SSL version checks between client and server Stop calling mbedtls_test_set_step() in mbedtls_test_ssl_perform_handshake(). This leaves the caller free to use the test step as they wish. No behavior change. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 33 ++++++++++++++-------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index a638fb821e..b11ca88624 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2016,15 +2016,23 @@ static int exchange_data(mbedtls_ssl_context *ssl_1, #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) static int check_ssl_version( mbedtls_ssl_protocol_version expected_negotiated_version, - const mbedtls_ssl_context *ssl) + const mbedtls_ssl_context *client, + const mbedtls_ssl_context *server) { - const char *version_string = mbedtls_ssl_get_version(ssl); + /* First check that both sides have chosen the same version. + * If so, we can make more sanity checks just on one side. + * If not, something is deeply wrong. */ + TEST_EQUAL(client->tls_version, server->tls_version); + + /* Make further checks on the client to validate that the + * reported data about the version is correct. */ + const char *version_string = mbedtls_ssl_get_version(client); mbedtls_ssl_protocol_version version_number = - mbedtls_ssl_get_version_number(ssl); + mbedtls_ssl_get_version_number(client); - TEST_EQUAL(ssl->tls_version, expected_negotiated_version); + TEST_EQUAL(client->tls_version, expected_negotiated_version); - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + if (client->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { TEST_EQUAL(version_string[0], 'D'); ++version_string; } @@ -2383,18 +2391,11 @@ void mbedtls_test_ssl_perform_handshake( 0); TEST_EQUAL(mbedtls_ssl_is_handshake_over(&server->ssl), 1); - /* Check that both sides have negotiated the expected version. */ - mbedtls_test_set_step(0); - if (!check_ssl_version(options->expected_negotiated_version, - &client->ssl)) { - goto exit; - } - mbedtls_test_set_step(1); - if (!check_ssl_version(options->expected_negotiated_version, - &server->ssl)) { - goto exit; - } + /* Check that both sides have negotiated the expected version. */ + TEST_ASSERT(check_ssl_version(options->expected_negotiated_version, + &client->ssl, + &server->ssl)); if (options->expected_ciphersuite != 0) { TEST_EQUAL(server->ssl.session->ciphersuite, From 7a8fd4639238c7ca20160092903becefd6f92ea6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 28 May 2025 15:41:54 +0200 Subject: [PATCH 0555/1548] Separate test function to perform an SSL connection Split mbedtls_test_ssl_perform_connection() out of mbedtls_test_ssl_perform_handshake(). No behavior change. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 43 +++++++ tests/src/test_helpers/ssl_helpers.c | 172 +++++++++++++++------------ 2 files changed, 137 insertions(+), 78 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 4a64b0fc4e..dc2ab78691 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -624,6 +624,49 @@ int mbedtls_test_ssl_do_handshake_with_endpoints( #endif /* defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +/** Perform an SSL handshake and exchange data over the connection. + * + * This function also handles cases where the handshake is expected to fail. + * + * If the handshake succeeds as expected, this function validates that + * connection parameters are as expected, exchanges data over the + * connection, and exercises some optional protocol features if they + * are enabled. See the code to see what features are validated and exercised. + * + * The handshake is expected to fail in the following cases: + * - If `options->expected_handshake_result != 0`. + * - If `options->expected_negotiated_version == MBEDTLS_SSL_VERSION_UNKNOWN`. + * + * \param[in] options Options for the connection. + * \param client The client endpoint. It must have been set up with + * mbedtls_test_ssl_endpoint_init() with \p options + * and #MBEDTLS_SSL_IS_CLIENT. + * \param server The server endpoint. It must have been set up with + * mbedtls_test_ssl_endpoint_init() with \p options + * and #MBEDTLS_SSL_IS_CLIENT. + * + * \return 1 on success, 0 on failure. On failure, this function + * calls mbedtls_test_fail(), indicating the failure + * reason and location. The causes of failure are: + * - Inconsistent options or bad endpoint state. + * - Operational problem during the handshake. + * - The handshake was expected to pass, but failed. + * - The handshake was expected to fail, but passed or + * failed with a different result. + * - The handshake passed as expected, but some connection + * parameter (e.g. protocol version, cipher suite, ...) + * is not as expected. + * - The handshake passed as expected, but something + * went wrong when attempting to exchange data. + * - The handshake passed as expected, but something + * went wrong when exercising other features + * (e.g. renegotiation, serialization, ...). + */ +int mbedtls_test_ssl_perform_connection( + const mbedtls_test_handshake_test_options *options, + mbedtls_test_ssl_endpoint *client, + mbedtls_test_ssl_endpoint *server); + void mbedtls_test_ssl_perform_handshake( const mbedtls_test_handshake_test_options *options); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index b11ca88624..dbea090163 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -2272,87 +2272,14 @@ static int test_serialization(const mbedtls_test_handshake_test_options *options } #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ -void mbedtls_test_ssl_perform_handshake( - const mbedtls_test_handshake_test_options *options) +int mbedtls_test_ssl_perform_connection( + const mbedtls_test_handshake_test_options *options, + mbedtls_test_ssl_endpoint *client, + mbedtls_test_ssl_endpoint *server) { enum { BUFFSIZE = 17000 }; - mbedtls_test_ssl_endpoint client_struct; - memset(&client_struct, 0, sizeof(client_struct)); - mbedtls_test_ssl_endpoint *const client = &client_struct; - mbedtls_test_ssl_endpoint server_struct; - memset(&server_struct, 0, sizeof(server_struct)); - mbedtls_test_ssl_endpoint *const server = &server_struct; -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - const char *psk_identity = "foo"; -#endif int expected_handshake_result = options->expected_handshake_result; - - MD_OR_USE_PSA_INIT(); - -#if defined(MBEDTLS_DEBUG_C) - if (options->cli_log_fun || options->srv_log_fun) { - mbedtls_debug_set_threshold(4); - } -#endif - - /* Client side */ - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(client, - MBEDTLS_SSL_IS_CLIENT, - options), 0); - TEST_ASSERT(set_ciphersuite(client, options->cipher)); - - /* Server side */ - TEST_EQUAL(mbedtls_test_ssl_endpoint_init(server, - MBEDTLS_SSL_IS_SERVER, - options), 0); - mbedtls_ssl_conf_authmode(&server->conf, options->srv_auth_mode); - - if (options->dtls) { - TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(client, server), 0); - } - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(server->conf), - (unsigned char) options->mfl), - 0); - TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(client->conf), - (unsigned char) options->mfl), - 0); -#else - TEST_EQUAL(MBEDTLS_SSL_MAX_FRAG_LEN_NONE, options->mfl); -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - if (options->psk_str != NULL && options->psk_str->len > 0) { - TEST_EQUAL(mbedtls_ssl_conf_psk( - &client->conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)), 0); - - TEST_EQUAL(mbedtls_ssl_conf_psk( - &server->conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)), 0); -#if defined(MBEDTLS_SSL_SRV_C) - mbedtls_ssl_conf_psk_cb(&server->conf, psk_dummy_callback, NULL); -#endif - } -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (options->renegotiate) { - mbedtls_ssl_conf_renegotiation(&(server->conf), - MBEDTLS_SSL_RENEGOTIATION_ENABLED); - mbedtls_ssl_conf_renegotiation(&(client->conf), - MBEDTLS_SSL_RENEGOTIATION_ENABLED); - - mbedtls_ssl_conf_legacy_renegotiation(&(server->conf), - options->legacy_renegotiation); - mbedtls_ssl_conf_legacy_renegotiation(&(client->conf), - options->legacy_renegotiation); - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ + int ok = 0; TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client->socket), &(server->socket), @@ -2379,6 +2306,7 @@ void mbedtls_test_ssl_perform_handshake( if (expected_handshake_result != 0) { /* Connection will have failed by this point, skip to cleanup */ + ok = 1; goto exit; } @@ -2440,6 +2368,94 @@ void mbedtls_test_ssl_perform_handshake( } #endif /* MBEDTLS_SSL_RENEGOTIATION */ + ok = 1; + +exit: + return ok; +} + +void mbedtls_test_ssl_perform_handshake( + const mbedtls_test_handshake_test_options *options) +{ + mbedtls_test_ssl_endpoint client_struct; + memset(&client_struct, 0, sizeof(client_struct)); + mbedtls_test_ssl_endpoint *const client = &client_struct; + mbedtls_test_ssl_endpoint server_struct; + memset(&server_struct, 0, sizeof(server_struct)); + mbedtls_test_ssl_endpoint *const server = &server_struct; +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) + const char *psk_identity = "foo"; +#endif + + MD_OR_USE_PSA_INIT(); + +#if defined(MBEDTLS_DEBUG_C) + if (options->cli_log_fun || options->srv_log_fun) { + mbedtls_debug_set_threshold(4); + } +#endif + + /* Client side */ + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(client, + MBEDTLS_SSL_IS_CLIENT, + options), 0); + TEST_ASSERT(set_ciphersuite(client, options->cipher)); + + /* Server side */ + TEST_EQUAL(mbedtls_test_ssl_endpoint_init(server, + MBEDTLS_SSL_IS_SERVER, + options), 0); + mbedtls_ssl_conf_authmode(&server->conf, options->srv_auth_mode); + + if (options->dtls) { + TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(client, server), 0); + } + +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(server->conf), + (unsigned char) options->mfl), + 0); + TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(client->conf), + (unsigned char) options->mfl), + 0); +#else + TEST_EQUAL(MBEDTLS_SSL_MAX_FRAG_LEN_NONE, options->mfl); +#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) + if (options->psk_str != NULL && options->psk_str->len > 0) { + TEST_EQUAL(mbedtls_ssl_conf_psk( + &client->conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)), 0); + + TEST_EQUAL(mbedtls_ssl_conf_psk( + &server->conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)), 0); +#if defined(MBEDTLS_SSL_SRV_C) + mbedtls_ssl_conf_psk_cb(&server->conf, psk_dummy_callback, NULL); +#endif + } +#endif +#if defined(MBEDTLS_SSL_RENEGOTIATION) + if (options->renegotiate) { + mbedtls_ssl_conf_renegotiation(&(server->conf), + MBEDTLS_SSL_RENEGOTIATION_ENABLED); + mbedtls_ssl_conf_renegotiation(&(client->conf), + MBEDTLS_SSL_RENEGOTIATION_ENABLED); + + mbedtls_ssl_conf_legacy_renegotiation(&(server->conf), + options->legacy_renegotiation); + mbedtls_ssl_conf_legacy_renegotiation(&(client->conf), + options->legacy_renegotiation); + } +#endif /* MBEDTLS_SSL_RENEGOTIATION */ + + TEST_ASSERT(mbedtls_test_ssl_perform_connection(options, client, server)); + TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client->conf) == client); TEST_ASSERT(mbedtls_ssl_get_user_data_p(&client->ssl) == client); TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&server->conf) == server); From 27586d83f016f539dcc27faaae125943533c16af Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 28 May 2025 17:01:42 +0200 Subject: [PATCH 0556/1548] Move more endpoint configuration into the setup function Applying SSL configuration settings recorded in the `mbedtls_test_handshake_test_options` structure to an `mbedtls_test_ssl_endpoint` object was split between `mbedtls_test_ssl_endpoint_init()` and `mbedtls_test_ssl_perform_handshake()`. This was surprising, and made it harder to use `mbedtls_test_ssl_endpoint_init()` for custom behavior. It also meant some code duplication in `mbedtls_test_ssl_perform_handshake()`. Move most configuration setup from `mbedtls_test_ssl_perform_handshake()` to `mbedtls_test_ssl_endpoint_init()`. This changes the behavior in two ways: * `mbedtls_test_ssl_endpoint_init()` now takes some options into account that it previously ignored. This is ok because we don't set these options in any of the existing tests. * When calling `mbedtls_test_ssl_perform_handshake()`, some SSL configuration settings are now set (calls to `mbedtls_ssl_conf_xxx()`) before the call to `mbedtls_ssl_setup()` instead of after. This should be ok since it is forbidden to change the configuration after `mbedtls_ssl_setup()`, although the previous test code was getting away with it. This commit does not move all configuration before `mbedtls_ssl_setup()`, that would be out of scope of the current series of patches. Thus there are some internal behavior changes, but they should not affect any relevant aspect of the tests' behavior. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 192 +++++++++++++-------------- 1 file changed, 92 insertions(+), 100 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index dbea090163..a7b154a7e1 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -572,8 +572,60 @@ int mbedtls_test_mock_tcp_recv_msg(void *ctx, return (msg_len > INT_MAX) ? INT_MAX : (int) msg_len; } + +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ + defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ + defined(MBEDTLS_SSL_SRV_C) +static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, + const unsigned char *name, size_t name_len) +{ + (void) p_info; + (void) ssl; + (void) name; + (void) name_len; + + return 0; +} +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && + MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && + MBEDTLS_SSL_SRV_C */ + #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +static int set_ciphersuite(mbedtls_test_ssl_endpoint *ep, + const char *cipher) +{ + if (cipher == NULL || cipher[0] == 0) { + return 1; + } + + int ok = 0; + + TEST_CALLOC(ep->ciphersuites, 2); + ep->ciphersuites[0] = mbedtls_ssl_get_ciphersuite_id(cipher); + ep->ciphersuites[1] = 0; + + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = + mbedtls_ssl_ciphersuite_from_id(ep->ciphersuites[0]); + + TEST_ASSERT(ciphersuite_info != NULL); + TEST_ASSERT(ciphersuite_info->min_tls_version <= ep->conf.max_tls_version); + TEST_ASSERT(ciphersuite_info->max_tls_version >= ep->conf.min_tls_version); + + if (ep->conf.max_tls_version > ciphersuite_info->max_tls_version) { + ep->conf.max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version; + } + if (ep->conf.min_tls_version < ciphersuite_info->min_tls_version) { + ep->conf.min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version; + } + + mbedtls_ssl_conf_ciphersuites(&ep->conf, ep->ciphersuites); + ok = 1; + +exit: + return ok; +} + /* * Deinitializes certificates from endpoint represented by \p ep. */ @@ -740,6 +792,9 @@ int mbedtls_test_ssl_endpoint_init( { int ret = -1; uintptr_t user_data_n; +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) + const char *psk_identity = "foo"; +#endif if (ep == NULL) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -813,6 +868,10 @@ int mbedtls_test_ssl_endpoint_init( } } + if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { + TEST_ASSERT(set_ciphersuite(ep, options->cipher)); + } + if (options->group_list != NULL) { mbedtls_ssl_conf_groups(&(ep->conf), options->group_list); } @@ -828,6 +887,7 @@ int mbedtls_test_ssl_endpoint_init( options->max_early_data_size); } #endif + #if defined(MBEDTLS_SSL_ALPN) /* check that alpn_list contains at least one valid entry */ if (options->alpn_list[0] != NULL) { @@ -836,6 +896,15 @@ int mbedtls_test_ssl_endpoint_init( #endif #endif +#if defined(MBEDTLS_SSL_RENEGOTIATION) + if (options->renegotiate) { + mbedtls_ssl_conf_renegotiation(&ep->conf, + MBEDTLS_SSL_RENEGOTIATION_ENABLED); + mbedtls_ssl_conf_legacy_renegotiation(&ep->conf, + options->legacy_renegotiation); + } +#endif /* MBEDTLS_SSL_RENEGOTIATION */ + #if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C) if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) { mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache, @@ -844,6 +913,14 @@ int mbedtls_test_ssl_endpoint_init( } #endif +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&ep->conf, + (unsigned char) options->mfl), + 0); +#else + TEST_EQUAL(MBEDTLS_SSL_MAX_FRAG_LEN_NONE, options->mfl); +#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ + ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); TEST_EQUAL(ret, 0); @@ -881,6 +958,21 @@ int mbedtls_test_ssl_endpoint_init( options->opaque_usage); TEST_EQUAL(ret, 0); +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) + if (options->psk_str != NULL && options->psk_str->len > 0) { + TEST_EQUAL(mbedtls_ssl_conf_psk( + &ep->conf, options->psk_str->x, + options->psk_str->len, + (const unsigned char *) psk_identity, + strlen(psk_identity)), 0); +#if defined(MBEDTLS_SSL_SRV_C) + if (MBEDTLS_SSL_IS_SERVER == endpoint_type) { + mbedtls_ssl_conf_psk_cb(&ep->conf, psk_dummy_callback, NULL); + } +#endif + } +#endif + TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n); mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep); TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n); @@ -1060,59 +1152,6 @@ static int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, return -1; } -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static int set_ciphersuite(mbedtls_test_ssl_endpoint *ep, - const char *cipher) -{ - if (cipher == NULL || cipher[0] == 0) { - return 1; - } - - int ok = 0; - - TEST_CALLOC(ep->ciphersuites, 2); - ep->ciphersuites[0] = mbedtls_ssl_get_ciphersuite_id(cipher); - ep->ciphersuites[1] = 0; - - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id(ep->ciphersuites[0]); - - TEST_ASSERT(ciphersuite_info != NULL); - TEST_ASSERT(ciphersuite_info->min_tls_version <= ep->conf.max_tls_version); - TEST_ASSERT(ciphersuite_info->max_tls_version >= ep->conf.min_tls_version); - - if (ep->conf.max_tls_version > ciphersuite_info->max_tls_version) { - ep->conf.max_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->max_tls_version; - } - if (ep->conf.min_tls_version < ciphersuite_info->min_tls_version) { - ep->conf.min_tls_version = (mbedtls_ssl_protocol_version) ciphersuite_info->min_tls_version; - } - - mbedtls_ssl_conf_ciphersuites(&ep->conf, ep->ciphersuites); - ok = 1; - -exit: - return ok; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \ - defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ - defined(MBEDTLS_SSL_SRV_C) -static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, - const unsigned char *name, size_t name_len) -{ - (void) p_info; - (void) ssl; - (void) name; - (void) name_len; - - return 0; -} -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && - MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && - MBEDTLS_SSL_SRV_C */ - #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(PSA_WANT_ALG_CBC_NO_PADDING) && defined(PSA_WANT_KEY_TYPE_AES) int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, @@ -2383,9 +2422,6 @@ void mbedtls_test_ssl_perform_handshake( mbedtls_test_ssl_endpoint server_struct; memset(&server_struct, 0, sizeof(server_struct)); mbedtls_test_ssl_endpoint *const server = &server_struct; -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - const char *psk_identity = "foo"; -#endif MD_OR_USE_PSA_INIT(); @@ -2399,7 +2435,6 @@ void mbedtls_test_ssl_perform_handshake( TEST_EQUAL(mbedtls_test_ssl_endpoint_init(client, MBEDTLS_SSL_IS_CLIENT, options), 0); - TEST_ASSERT(set_ciphersuite(client, options->cipher)); /* Server side */ TEST_EQUAL(mbedtls_test_ssl_endpoint_init(server, @@ -2411,49 +2446,6 @@ void mbedtls_test_ssl_perform_handshake( TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(client, server), 0); } -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(server->conf), - (unsigned char) options->mfl), - 0); - TEST_EQUAL(mbedtls_ssl_conf_max_frag_len(&(client->conf), - (unsigned char) options->mfl), - 0); -#else - TEST_EQUAL(MBEDTLS_SSL_MAX_FRAG_LEN_NONE, options->mfl); -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) - if (options->psk_str != NULL && options->psk_str->len > 0) { - TEST_EQUAL(mbedtls_ssl_conf_psk( - &client->conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)), 0); - - TEST_EQUAL(mbedtls_ssl_conf_psk( - &server->conf, options->psk_str->x, - options->psk_str->len, - (const unsigned char *) psk_identity, - strlen(psk_identity)), 0); -#if defined(MBEDTLS_SSL_SRV_C) - mbedtls_ssl_conf_psk_cb(&server->conf, psk_dummy_callback, NULL); -#endif - } -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (options->renegotiate) { - mbedtls_ssl_conf_renegotiation(&(server->conf), - MBEDTLS_SSL_RENEGOTIATION_ENABLED); - mbedtls_ssl_conf_renegotiation(&(client->conf), - MBEDTLS_SSL_RENEGOTIATION_ENABLED); - - mbedtls_ssl_conf_legacy_renegotiation(&(server->conf), - options->legacy_renegotiation); - mbedtls_ssl_conf_legacy_renegotiation(&(client->conf), - options->legacy_renegotiation); - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - TEST_ASSERT(mbedtls_test_ssl_perform_connection(options, client, server)); TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&client->conf) == client); From fb2ce055a3303efd37895df48a2b11e0cb5adbab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 28 May 2025 17:36:12 +0200 Subject: [PATCH 0557/1548] SSL tests: make client authentication more uniform, defaulting on There was a discrepancy between how `mbedtls_test_ssl_endpoint_init()` and `mbedtls_test_ssl_perform_handshake()` handled client authentication: `mbedtls_test_ssl_endpoint_init()` defaulted to `MBEDTLS_SSL_VERIFY_REQUIRED` on both sides, whereas `mbedtls_test_ssl_perform_handshake()` obeyed `options->srv_auth_mode` which defaulted to no verification of the client certificate. Make this more uniform. Now `mbedtls_test_ssl_endpoint_init()` obeys `options->srv_auth_mode` on servers (still forcing verification on clients, which is the library default anyway). Also, `options->srv_auth_mode` is now enabled by default. Thus: * Tests that call `mbedtls_test_ssl_perform_handshake()` now perform client certificate verification, unless they disable it explicitly. * Tests that call `mbedtls_test_ssl_endpoint_init()` on a server are unchanged. (They would change if they were setting `options->srv_auth_mode` explicitly, which previously was ignored, but no test function did this.) This means that a few test functions now perform client certificate verification whereas they previously don't. This is harmless except in `handshake_ciphersuite_select`, where one test case `Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque` fails with client authentication because the test code doesn't deal with the weirdness of static ECDH correctly with respect to client authentication. So keep the previous behavior in `handshake_ciphersuite_select`, by explicitly turning off client authentication. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 9 ++++++--- tests/suites/test_suite_ssl.function | 1 + 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index a7b154a7e1..c38d24aa8e 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -71,7 +71,7 @@ void mbedtls_test_init_handshake_options( opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3; opts->pk_alg = MBEDTLS_PK_RSA; - opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; + opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE; opts->cli_msg_len = 100; opts->srv_msg_len = 100; @@ -876,7 +876,11 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_conf_groups(&(ep->conf), options->group_list); } - mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); + if (MBEDTLS_SSL_IS_SERVER == endpoint_type) { + mbedtls_ssl_conf_authmode(&(ep->conf), options->srv_auth_mode); + } else { + mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); + } #if defined(MBEDTLS_SSL_EARLY_DATA) mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data); @@ -2440,7 +2444,6 @@ void mbedtls_test_ssl_perform_handshake( TEST_EQUAL(mbedtls_test_ssl_endpoint_init(server, MBEDTLS_SSL_IS_SERVER, options), 0); - mbedtls_ssl_conf_authmode(&server->conf, options->srv_auth_mode); if (options->dtls) { TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(client, server), 0); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 052a9d8f4a..652576b127 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3043,6 +3043,7 @@ void handshake_ciphersuite_select(char *cipher, int pk_alg, data_t *psk_str, options.opaque_alg = psa_alg; options.opaque_alg2 = psa_alg2; options.opaque_usage = psa_usage; + options.srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; options.expected_handshake_result = expected_handshake_result; options.expected_ciphersuite = expected_ciphersuite; From 6e4d245b0060de4b46c1683f7400e22fc4b471fc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 May 2025 17:13:52 +0200 Subject: [PATCH 0558/1548] Move certificate and key parsing to auxiliary functions No behavior change. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 116 +++++++++++++++------------ 1 file changed, 65 insertions(+), 51 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index c38d24aa8e..68ac122f8d 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -653,6 +653,68 @@ static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) } } +static int load_endpoint_rsa(mbedtls_test_ssl_endpoint *ep) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { + ret = mbedtls_x509_crt_parse( + ep->cert, + (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, + mbedtls_test_srv_crt_rsa_sha256_der_len); + TEST_EQUAL(ret, 0); + ret = mbedtls_pk_parse_key( + ep->pkey, + (const unsigned char *) mbedtls_test_srv_key_rsa_der, + mbedtls_test_srv_key_rsa_der_len, NULL, 0); + TEST_EQUAL(ret, 0); + } else { + ret = mbedtls_x509_crt_parse( + ep->cert, + (const unsigned char *) mbedtls_test_cli_crt_rsa_der, + mbedtls_test_cli_crt_rsa_der_len); + TEST_EQUAL(ret, 0); + ret = mbedtls_pk_parse_key( + ep->pkey, + (const unsigned char *) mbedtls_test_cli_key_rsa_der, + mbedtls_test_cli_key_rsa_der_len, NULL, 0); + TEST_EQUAL(ret, 0); + } + +exit: + return ret; +} + +static int load_endpoint_ecc(mbedtls_test_ssl_endpoint *ep) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { + ret = mbedtls_x509_crt_parse( + ep->cert, + (const unsigned char *) mbedtls_test_srv_crt_ec_der, + mbedtls_test_srv_crt_ec_der_len); + TEST_EQUAL(ret, 0); + ret = mbedtls_pk_parse_key( + ep->pkey, + (const unsigned char *) mbedtls_test_srv_key_ec_der, + mbedtls_test_srv_key_ec_der_len, NULL, 0); + TEST_EQUAL(ret, 0); + } else { + ret = mbedtls_x509_crt_parse( + ep->cert, + (const unsigned char *) mbedtls_test_cli_crt_ec_der, + mbedtls_test_cli_crt_ec_len); + TEST_EQUAL(ret, 0); + ret = mbedtls_pk_parse_key( + ep->pkey, + (const unsigned char *) mbedtls_test_cli_key_ec_der, + mbedtls_test_cli_key_ec_der_len, NULL, 0); + TEST_EQUAL(ret, 0); + } + +exit: + return ret; +} + int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int pk_alg, int opaque_alg, int opaque_alg2, @@ -689,58 +751,10 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, /* Load own certificate and private key */ - if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) { - if (pk_alg == MBEDTLS_PK_RSA) { - ret = mbedtls_x509_crt_parse( - ep->cert, - (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der, - mbedtls_test_srv_crt_rsa_sha256_der_len); - TEST_EQUAL(ret, 0); - - ret = mbedtls_pk_parse_key( - ep->pkey, - (const unsigned char *) mbedtls_test_srv_key_rsa_der, - mbedtls_test_srv_key_rsa_der_len, NULL, 0); - TEST_EQUAL(ret, 0); - } else { - ret = mbedtls_x509_crt_parse( - ep->cert, - (const unsigned char *) mbedtls_test_srv_crt_ec_der, - mbedtls_test_srv_crt_ec_der_len); - TEST_EQUAL(ret, 0); - - ret = mbedtls_pk_parse_key( - ep->pkey, - (const unsigned char *) mbedtls_test_srv_key_ec_der, - mbedtls_test_srv_key_ec_der_len, NULL, 0); - TEST_EQUAL(ret, 0); - } + if (pk_alg == MBEDTLS_PK_RSA) { + TEST_EQUAL(load_endpoint_rsa(ep), 0); } else { - if (pk_alg == MBEDTLS_PK_RSA) { - ret = mbedtls_x509_crt_parse( - ep->cert, - (const unsigned char *) mbedtls_test_cli_crt_rsa_der, - mbedtls_test_cli_crt_rsa_der_len); - TEST_EQUAL(ret, 0); - - ret = mbedtls_pk_parse_key( - ep->pkey, - (const unsigned char *) mbedtls_test_cli_key_rsa_der, - mbedtls_test_cli_key_rsa_der_len, NULL, 0); - TEST_EQUAL(ret, 0); - } else { - ret = mbedtls_x509_crt_parse( - ep->cert, - (const unsigned char *) mbedtls_test_cli_crt_ec_der, - mbedtls_test_cli_crt_ec_len); - TEST_EQUAL(ret, 0); - - ret = mbedtls_pk_parse_key( - ep->pkey, - (const unsigned char *) mbedtls_test_cli_key_ec_der, - mbedtls_test_cli_key_ec_der_len, NULL, 0); - TEST_EQUAL(ret, 0); - } + TEST_EQUAL(load_endpoint_ecc(ep), 0); } #if defined(MBEDTLS_USE_PSA_CRYPTO) From a6e71f95fbe92da7c68c0eb99908a06d0e1aeeeb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 1 Jun 2025 21:32:05 +0200 Subject: [PATCH 0559/1548] Don't change the configuration after mbedtls_ssl_setup In `mbedtls_test_ssl_endpoint_init()`, don't change the SSL configuration object (`mbedtls_ssl_config`) after setting up an SSL context by calling `mbedtls_ssl_setup()`. This works in practice, but is officially forbidden. No intended behavior change. The test code calls the library slightly differently, but this shouldn't make any difference in practice. If it does make a difference, it fixes a bug in the test code. Signed-off-by: Gilles Peskine --- tests/src/test_helpers/ssl_helpers.c | 55 +++++++++++++++------------- 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 68ac122f8d..a122f356cb 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -835,24 +835,6 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_test_mock_socket_init(&(ep->socket)); - /* Non-blocking callbacks without timeout */ - if (options->dtls) { - mbedtls_ssl_set_bio(&(ep->ssl), &ep->dtls_context, - mbedtls_test_mock_tcp_send_msg, - mbedtls_test_mock_tcp_recv_msg, - NULL); -#if defined(MBEDTLS_TIMING_C) - mbedtls_ssl_set_timer_cb(&ep->ssl, &ep->timer, - mbedtls_timing_set_delay, - mbedtls_timing_get_delay); -#endif - } else { - mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket), - mbedtls_test_mock_tcp_send_nb, - mbedtls_test_mock_tcp_recv_nb, - NULL); - } - ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type, options->dtls ? MBEDTLS_SSL_TRANSPORT_DATAGRAM : @@ -939,14 +921,6 @@ int mbedtls_test_ssl_endpoint_init( TEST_EQUAL(MBEDTLS_SSL_MAX_FRAG_LEN_NONE, options->mfl); #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); - TEST_EQUAL(ret, 0); - - if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { - ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost"); - TEST_EQUAL(ret, 0); - } - #if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->dtls) { mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL); @@ -993,6 +967,35 @@ int mbedtls_test_ssl_endpoint_init( TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n); mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep); + + /* We've finished the configuration. Now set up a context. */ + + ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); + TEST_EQUAL(ret, 0); + + if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) { + ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost"); + TEST_EQUAL(ret, 0); + } + + /* Non-blocking callbacks without timeout */ + if (options->dtls) { + mbedtls_ssl_set_bio(&(ep->ssl), &ep->dtls_context, + mbedtls_test_mock_tcp_send_msg, + mbedtls_test_mock_tcp_recv_msg, + NULL); +#if defined(MBEDTLS_TIMING_C) + mbedtls_ssl_set_timer_cb(&ep->ssl, &ep->timer, + mbedtls_timing_set_delay, + mbedtls_timing_get_delay); +#endif + } else { + mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket), + mbedtls_test_mock_tcp_send_nb, + mbedtls_test_mock_tcp_recv_nb, + NULL); + } + TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n); mbedtls_ssl_set_user_data_p(&ep->ssl, ep); From 00eb072846f268758a76d3d8c361c923b14d57b4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 1 Jun 2025 21:50:05 +0200 Subject: [PATCH 0560/1548] mbedtls_test_ssl_endpoint_init: store user_data_n in the endpoint object This will allow splitting the configuration and setup stages of `mbedtls_test_ssl_endpoint_init()`, while still checking that the value is carried over from the configuration to the session context. No behavior change. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 1 + tests/src/test_helpers/ssl_helpers.c | 14 +++++++------- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index dc2ab78691..276b165c66 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -194,6 +194,7 @@ typedef struct mbedtls_test_ssl_endpoint { mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_test_mock_socket socket; + uintptr_t user_data_cookie; /* A unique value associated with this endpoint */ /* Objects only used by DTLS. * They should be guarded by MBEDTLS_SSL_PROTO_DTLS, but diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index a122f356cb..f92b93b240 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -805,7 +805,6 @@ int mbedtls_test_ssl_endpoint_init( const mbedtls_test_handshake_test_options *options) { int ret = -1; - uintptr_t user_data_n; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) const char *psk_identity = "foo"; #endif @@ -828,10 +827,10 @@ int mbedtls_test_ssl_endpoint_init( TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), 0); (void) mbedtls_test_rnd_std_rand(NULL, - (void *) &user_data_n, - sizeof(user_data_n)); - mbedtls_ssl_conf_set_user_data_n(&ep->conf, user_data_n); - mbedtls_ssl_set_user_data_n(&ep->ssl, user_data_n); + (void *) &ep->user_data_cookie, + sizeof(ep->user_data_cookie)); + mbedtls_ssl_conf_set_user_data_n(&ep->conf, ep->user_data_cookie); + mbedtls_ssl_set_user_data_n(&ep->ssl, ep->user_data_cookie); mbedtls_test_mock_socket_init(&(ep->socket)); @@ -965,7 +964,8 @@ int mbedtls_test_ssl_endpoint_init( } #endif - TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), user_data_n); + TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), + ep->user_data_cookie); mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep); /* We've finished the configuration. Now set up a context. */ @@ -996,7 +996,7 @@ int mbedtls_test_ssl_endpoint_init( NULL); } - TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), user_data_n); + TEST_EQUAL(mbedtls_ssl_get_user_data_n(&ep->ssl), ep->user_data_cookie); mbedtls_ssl_set_user_data_p(&ep->ssl, ep); return 0; From 6edb76cba4655bc007e51c7f58e69631d0e4eba3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 1 Jun 2025 21:53:52 +0200 Subject: [PATCH 0561/1548] mbedtls_test_ssl_endpoint_init: split configuration and setup Split `mbedtls_test_ssl_endpoint_init()` into two separate stages: constructing the SSL configuration, and setting up an SSL session context with that configuration. No behavior change. Signed-off-by: Gilles Peskine --- tests/include/test/ssl_helpers.h | 61 +++++++++++++++++++++++----- tests/src/test_helpers/ssl_helpers.c | 31 +++++++++++++- 2 files changed, 80 insertions(+), 12 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 276b165c66..5bfdedaaf0 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -447,18 +447,59 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int opaque_alg, int opaque_alg2, int opaque_usage); -/* - * Initializes \p ep structure. It is important to call - * `mbedtls_test_ssl_endpoint_free()` after calling this function - * even if it fails. +/** Initialize the configuration in an SSL endpoint structure. + * + * \note You must call `mbedtls_test_ssl_endpoint_free()` after + * calling this function, even if it fails. This is necessary to + * free data that may have been stored in the endpoint structure. + * + * \param[out] ep The endpoint structure to configure. + * \param endpoint_type #MBEDTLS_SSL_IS_SERVER or #MBEDTLS_SSL_IS_CLIENT. + * \param[in] options The options to use for configuring the endpoint + * structure. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_ssl_endpoint_init_conf( + mbedtls_test_ssl_endpoint *ep, int endpoint_type, + const mbedtls_test_handshake_test_options *options); + +/** Initialize the session context in an endpoint structure. + * + * \note The endpoint structure must have been set up with + * mbedtls_test_ssl_endpoint_init_conf() with the same \p options. + * Between calling mbedtls_test_ssl_endpoint_init_conf() and + * mbedtls_test_ssl_endpoint_init_ssl(), you may configure `ep->ssl` + * further if you know what you're doing. + * + * \note You must call `mbedtls_test_ssl_endpoint_free()` after + * calling this function, even if it fails. This is necessary to + * free data that may have been stored in the endpoint structure. + * + * \param[out] ep The endpoint structure to set up. + * \param[in] options The options used for configuring the endpoint + * structure. + * + * \retval 0 on success, otherwise error code. + */ +int mbedtls_test_ssl_endpoint_init_ssl( + mbedtls_test_ssl_endpoint *ep, + const mbedtls_test_handshake_test_options *options); + +/** Initialize the configuration and a context in an SSL endpoint structure. + * + * This function is equivalent to calling + * mbedtls_test_ssl_endpoint_init_conf() followed by + * mbedtls_test_ssl_endpoint_init_ssl(). * - * \note For DTLS, after calling this function on both endpoints, - * call mbedtls_test_ssl_dtls_join_endpoints(). + * \note You must call `mbedtls_test_ssl_endpoint_free()` after + * calling this function, even if it fails. This is necessary to + * free data that may have been stored in the endpoint structure. * - * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or - * MBEDTLS_SSL_IS_CLIENT. - * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and - * MBEDTLS_PK_ECDSA are supported. + * \param[out] ep The endpoint structure to configure. + * \param endpoint_type #MBEDTLS_SSL_IS_SERVER or #MBEDTLS_SSL_IS_CLIENT. + * \param[in] options The options to use for configuring the endpoint + * structure. * * \retval 0 on success, otherwise error code. */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index f92b93b240..e6c082eacb 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -800,7 +800,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, return ret; } -int mbedtls_test_ssl_endpoint_init( +int mbedtls_test_ssl_endpoint_init_conf( mbedtls_test_ssl_endpoint *ep, int endpoint_type, const mbedtls_test_handshake_test_options *options) { @@ -968,7 +968,22 @@ int mbedtls_test_ssl_endpoint_init( ep->user_data_cookie); mbedtls_ssl_conf_set_user_data_p(&ep->conf, ep); - /* We've finished the configuration. Now set up a context. */ + return 0; + +exit: + if (ret == 0) { + /* Exiting due to a test assertion that isn't ret == 0 */ + ret = -1; + } + return ret; +} + +int mbedtls_test_ssl_endpoint_init_ssl( + mbedtls_test_ssl_endpoint *ep, + const mbedtls_test_handshake_test_options *options) +{ + int endpoint_type = mbedtls_ssl_conf_get_endpoint(&ep->conf); + int ret = -1; ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); TEST_EQUAL(ret, 0); @@ -1009,6 +1024,18 @@ int mbedtls_test_ssl_endpoint_init( return ret; } +int mbedtls_test_ssl_endpoint_init( + mbedtls_test_ssl_endpoint *ep, int endpoint_type, + const mbedtls_test_handshake_test_options *options) +{ + int ret = mbedtls_test_ssl_endpoint_init_conf(ep, endpoint_type, options); + if (ret != 0) { + return ret; + } + ret = mbedtls_test_ssl_endpoint_init_ssl(ep, options); + return ret; +} + void mbedtls_test_ssl_endpoint_free( mbedtls_test_ssl_endpoint *ep) { From 8e5ee478e115f6e72209028909537ec42f48a170 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 2 Jun 2025 12:31:15 +0200 Subject: [PATCH 0562/1548] Add temporary component for SHA3 testing With the removal of MBEDTLS_SHA3_C the test cases with disabled SHA3 dependency are never executed. Adding a temporary `all.sh` component which disabling the `PSA_WANT_ALG_SHA3_*` macros to cover these test cases. Signed-off-by: Gabor Mezei --- tests/scripts/components-configuration.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index 5fd9ede124..b1e633271e 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -351,3 +351,15 @@ component_test_memory_buffer_allocator () { # MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out. tests/ssl-opt.sh -e '^DTLS proxy' } + +# Temporary component for SHA3 config option removal +# Must be removed when SHA3 removal is merged +component_test_full_no_sha3 () { + msg "build: full config without SHA3" + scripts/config.py full + scripts/config.py unset-all PSA_WANT_ALG_SHA3_* + make + + msg "test: full - PSA_WANT_ALG_SHA3_*" + make test +} From b9d728467af673327841693baa0e69e7cface3a9 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 2 Jun 2025 17:22:53 +0200 Subject: [PATCH 0563/1548] Fix calling `config.py` and update comment Signed-off-by: Gabor Mezei --- tests/scripts/components-configuration.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index b1e633271e..4f212be60d 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -353,11 +353,12 @@ component_test_memory_buffer_allocator () { } # Temporary component for SHA3 config option removal -# Must be removed when SHA3 removal is merged +# Will be removed according to this issue: +# https://github.com/Mbed-TLS/mbedtls/issues/10203 component_test_full_no_sha3 () { msg "build: full config without SHA3" scripts/config.py full - scripts/config.py unset-all PSA_WANT_ALG_SHA3_* + scripts/config.py unset-all 'PSA_WANT_ALG_SHA3_*' make msg "test: full - PSA_WANT_ALG_SHA3_*" From 86b9d3f299114c7159e618fad0c3419c81010ec7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 10 Apr 2025 14:00:40 +0200 Subject: [PATCH 0564/1548] documentation of mbedtls_ssl_async_sign_t with RSA: update to PSA Stop referring to low-level APIs that are becoming private. Also drop the requirement on supporting what is now PSA_ALG_RSA_PKCS1V15_SIGN_RAW. That was needed for TLS 1.0/1.1 which signs MD5||SHA1, but is no longer needed since Mbed TLS 3.0 dropped support for these protocol versions. Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c77cec88e3..59bd2f73b2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -987,20 +987,10 @@ typedef int mbedtls_ssl_cache_set_t(void *data, * to store an operation context for later retrieval * by the resume or cancel callback. * - * \note For RSA signatures, this function must produce output - * that is consistent with PKCS#1 v1.5 in the same way as - * mbedtls_rsa_pkcs1_sign(). Before the private key operation, - * apply the padding steps described in RFC 8017, section 9.2 - * "EMSA-PKCS1-v1_5" as follows. - * - If \p md_alg is #MBEDTLS_MD_NONE, apply the PKCS#1 v1.5 - * encoding, treating \p hash as the DigestInfo to be - * padded. In other words, apply EMSA-PKCS1-v1_5 starting - * from step 3, with `T = hash` and `tLen = hash_len`. - * - If `md_alg != MBEDTLS_MD_NONE`, apply the PKCS#1 v1.5 - * encoding, treating \p hash as the hash to be encoded and - * padded. In other words, apply EMSA-PKCS1-v1_5 starting - * from step 2, with `digestAlgorithm` obtained by calling - * mbedtls_oid_get_oid_by_md() on \p md_alg. + * \note For an RSA key, this function must produce a PKCS#1v1.5 + * signature in the standard format (like + * #PSA_ALG_RSA_PKCS1V15_SIGN). \c md_alg is guaranteed to be + * a hash that is supported by the library. * * \note For ECDSA signatures, the output format is the DER encoding * `Ecdsa-Sig-Value` defined in From b825dcfe2db9dcfd4da37c422c583b3cae506ea3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 19:41:09 +0200 Subject: [PATCH 0565/1548] Update file names in comments Signed-off-by: Gilles Peskine --- library/x509_oid.c | 2 +- library/x509_oid.h | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/x509_oid.c b/library/x509_oid.c index d05a36d5bc..1637c1cff7 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -1,5 +1,5 @@ /** - * \file oid.c + * \file x509_oid.c * * \brief Object Identifier (OID) database * diff --git a/library/x509_oid.h b/library/x509_oid.h index d4bbd09ff3..5f51367053 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -1,5 +1,5 @@ /** - * \file oid.h + * \file x509_oid.h * * \brief Object Identifier (OID) database */ @@ -7,8 +7,8 @@ * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#ifndef MBEDTLS_OID_H -#define MBEDTLS_OID_H +#ifndef MBEDTLS_X509_OID_H +#define MBEDTLS_X509_OID_H #include "mbedtls/private_access.h" #include "tf-psa-crypto/build_info.h" @@ -692,4 +692,4 @@ int mbedtls_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_ } #endif -#endif /* oid.h */ +#endif /* x509_oid.h */ From 86a47f85fa9d33bc7e7fbf12828f66603992800c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 20:20:12 +0200 Subject: [PATCH 0566/1548] Switch to "x509_oid.h" in code that uses OID functions Keep "mbedtls/oid.h" in code that only uses OID macros. ``` git grep -l mbedtls_oid_ '**/*.[hc]' tests/suites/*.function | xargs perl -i -pe 's!["<]mbedtls/oid\.h[">]!"x509_oid.h"!g' ``` Signed-off-by: Gilles Peskine --- library/pkcs7.c | 2 +- library/x509.c | 2 +- library/x509_create.c | 2 +- library/x509_crt.c | 2 +- library/x509_csr.c | 2 +- library/x509_oid.c | 2 +- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- tests/suites/test_suite_x509_oid.function | 2 +- tests/suites/test_suite_x509parse.function | 2 +- tests/suites/test_suite_x509write.function | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index ff0567c6f6..3c5040bfd6 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -9,7 +9,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" -#include "mbedtls/oid.h" +#include "x509_oid.h" #include "mbedtls/error.h" #if defined(MBEDTLS_FS_IO) diff --git a/library/x509.c b/library/x509.c index 9fc6389d27..e0d54b6dc4 100644 --- a/library/x509.c +++ b/library/x509.c @@ -21,7 +21,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "x509_oid.h" #include #include diff --git a/library/x509_create.c b/library/x509_create.c index 48ac080cbe..7ca5517528 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -11,7 +11,7 @@ #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "x509_oid.h" #include diff --git a/library/x509_crt.c b/library/x509_crt.c index faea404dba..959ae21931 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -23,7 +23,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "x509_oid.h" #include "mbedtls/platform_util.h" #include diff --git a/library/x509_csr.c b/library/x509_csr.c index 2e435645b1..bba9eaae23 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -21,7 +21,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "x509_oid.h" #include "mbedtls/platform_util.h" #include diff --git a/library/x509_oid.c b/library/x509_oid.c index 1637c1cff7..6ba04cf80d 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -11,7 +11,7 @@ #if defined(MBEDTLS_OID_C) -#include "mbedtls/oid.h" +#include "x509_oid.h" #include "mbedtls/rsa.h" #include "mbedtls/error_common.h" #include "mbedtls/pk.h" diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 7d207481c2..4bacdad531 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -18,7 +18,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "x509_oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" #include "mbedtls/md.h" diff --git a/library/x509write_csr.c b/library/x509write_csr.c index e65ddb07f4..74991f383d 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -17,7 +17,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "x509_oid.h" #include "mbedtls/platform_util.h" #include "psa/crypto.h" diff --git a/tests/suites/test_suite_x509_oid.function b/tests/suites/test_suite_x509_oid.function index e96425e1aa..efcfee28f6 100644 --- a/tests/suites/test_suite_x509_oid.function +++ b/tests/suites/test_suite_x509_oid.function @@ -1,5 +1,5 @@ /* BEGIN_HEADER */ -#include "mbedtls/oid.h" +#include "x509_oid.h" #include "mbedtls/asn1.h" #include "mbedtls/asn1write.h" #include "string.h" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 7bcac865ec..b6fb2020ab 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -6,7 +6,7 @@ #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" -#include "mbedtls/oid.h" +#include "x509_oid.h" #include "mbedtls/base64.h" #include "mbedtls/error.h" #include "mbedtls/pk.h" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index f3a161ca52..e30eed949d 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -4,7 +4,7 @@ #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" -#include "mbedtls/oid.h" +#include "x509_oid.h" #include "mbedtls/rsa.h" #include "mbedtls/asn1.h" #include "mbedtls/asn1write.h" From 86e45ba0ba58fb9c88c4481253da53b6f918e2c7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 20:33:39 +0200 Subject: [PATCH 0567/1548] Rename OID functions and types to mbedtls_x509_oid_xxx in x509_oid Avoid clashes with the functions and the type that are still defined in TF-PSA-Crypto. They are now internal names, so it doesn't really matter, but having the same name as the ones declared in TF-PSA-Crypto's `oid.h` would cause problems during the transition. Remove the unused name for `struct mbedtls_oid_descriptor_t`, and rename the rest: ``` perl -i -pe 's/mbedtls_oid_/mbedtls_x509_oid_/g' library/x509_oid.[hc] ./framework/scripts/code_style.py --fix library/x509_oid.[hc] ``` Signed-off-by: Gilles Peskine --- library/x509_oid.c | 87 +++++++++++++++++++++++----------------------- library/x509_oid.h | 52 +++++++++++++-------------- 2 files changed, 70 insertions(+), 69 deletions(-) diff --git a/library/x509_oid.c b/library/x509_oid.c index 6ba04cf80d..7bbe4d58d8 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -27,7 +27,7 @@ #define ADD_LEN(s) s, MBEDTLS_OID_SIZE(s) /* - * Macro to generate mbedtls_oid_descriptor_t + * Macro to generate mbedtls_x509_oid_descriptor_t */ #if !defined(MBEDTLS_X509_REMOVE_INFO) #define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s), name, description } @@ -46,8 +46,8 @@ const mbedtls_asn1_buf *oid) \ { \ const TYPE_T *p = (LIST); \ - const mbedtls_oid_descriptor_t *cur = \ - (const mbedtls_oid_descriptor_t *) p; \ + const mbedtls_x509_oid_descriptor_t *cur = \ + (const mbedtls_x509_oid_descriptor_t *) p; \ if (p == NULL || oid == NULL) return NULL; \ while (cur->asn1 != NULL) { \ if (cur->asn1_len == oid->len && \ @@ -55,7 +55,7 @@ return p; \ } \ p++; \ - cur = (const mbedtls_oid_descriptor_t *) p; \ + cur = (const mbedtls_x509_oid_descriptor_t *) p; \ } \ return NULL; \ } @@ -63,7 +63,7 @@ #if !defined(MBEDTLS_X509_REMOVE_INFO) /* * Macro to generate a function for retrieving a single attribute from the - * descriptor of an mbedtls_oid_descriptor_t wrapper. + * descriptor of an mbedtls_x509_oid_descriptor_t wrapper. */ #define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ @@ -77,7 +77,7 @@ /* * Macro to generate a function for retrieving a single attribute from an - * mbedtls_oid_descriptor_t wrapper. + * mbedtls_x509_oid_descriptor_t wrapper. */ #define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ @@ -90,7 +90,7 @@ /* * Macro to generate a function for retrieving two attributes from an - * mbedtls_oid_descriptor_t wrapper. + * mbedtls_x509_oid_descriptor_t wrapper. */ #define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \ ATTR2_TYPE, ATTR2) \ @@ -106,7 +106,7 @@ /* * Macro to generate a function for retrieving the OID based on a single - * attribute from a mbedtls_oid_descriptor_t wrapper. + * attribute from a mbedtls_x509_oid_descriptor_t wrapper. */ #define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \ int FN_NAME(ATTR1_TYPE ATTR1, const char **oid, size_t *olen) \ @@ -125,7 +125,7 @@ /* * Macro to generate a function for retrieving the OID based on two - * attributes from a mbedtls_oid_descriptor_t wrapper. + * attributes from a mbedtls_x509_oid_descriptor_t wrapper. */ #define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1, \ ATTR2_TYPE, ATTR2) \ @@ -148,7 +148,7 @@ * For X520 attribute types */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; const char *short_name; } oid_x520_attr_t; @@ -256,7 +256,7 @@ static const oid_x520_attr_t oid_x520_attr_type[] = }; FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type) -FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_attr_short_name, oid_x520_attr_t, x520_attr, const char *, @@ -266,7 +266,7 @@ FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, * For X509 extensions */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; int ext_type; } oid_x509_ext_t; @@ -325,10 +325,10 @@ static const oid_x509_ext_t oid_x509_ext[] = }; FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext) -FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) #if !defined(MBEDTLS_X509_REMOVE_INFO) -static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = +static const mbedtls_x509_oid_descriptor_t oid_ext_key_usage[] = { OID_DESCRIPTOR(MBEDTLS_OID_SERVER_AUTH, "id-kp-serverAuth", @@ -346,22 +346,23 @@ static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = NULL_OID_DESCRIPTOR, }; -FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage) -FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, - mbedtls_oid_descriptor_t, +FN_OID_TYPED_FROM_ASN1(mbedtls_x509_oid_descriptor_t, ext_key_usage, oid_ext_key_usage) +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_extended_key_usage, + mbedtls_x509_oid_descriptor_t, ext_key_usage, const char *, description) -static const mbedtls_oid_descriptor_t oid_certificate_policies[] = +static const mbedtls_x509_oid_descriptor_t oid_certificate_policies[] = { OID_DESCRIPTOR(MBEDTLS_OID_ANY_POLICY, "anyPolicy", "Any Policy"), NULL_OID_DESCRIPTOR, }; -FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies) -FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, - mbedtls_oid_descriptor_t, +FN_OID_TYPED_FROM_ASN1(mbedtls_x509_oid_descriptor_t, certificate_policies, + oid_certificate_policies) +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_certificate_policies, + mbedtls_x509_oid_descriptor_t, certificate_policies, const char *, description) @@ -371,7 +372,7 @@ FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, * For SignatureAlgorithmIdentifier */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; mbedtls_md_type_t md_alg; mbedtls_pk_type_t pk_alg; } oid_sig_alg_t; @@ -473,21 +474,21 @@ static const oid_sig_alg_t oid_sig_alg[] = FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg) #if !defined(MBEDTLS_X509_REMOVE_INFO) -FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, +FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_x509_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description) #endif -FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, +FN_OID_GET_ATTR2(mbedtls_x509_oid_get_sig_alg, oid_sig_alg_t, sig_alg, mbedtls_md_type_t, md_alg, mbedtls_pk_type_t, pk_alg) -FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, +FN_OID_GET_OID_BY_ATTR2(mbedtls_x509_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, mbedtls_pk_type_t, @@ -499,7 +500,7 @@ FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, * For PublicKeyInfo (PKCS1, RFC 5480) */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; mbedtls_pk_type_t pk_alg; } oid_pk_alg_t; @@ -524,8 +525,8 @@ static const oid_pk_alg_t oid_pk_alg[] = }; FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg) -FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg) -FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg) +FN_OID_GET_OID_BY_ATTR1(mbedtls_x509_oid_get_oid_by_pk_alg, oid_pk_alg_t, oid_pk_alg, mbedtls_pk_type_t, @@ -536,7 +537,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, * For elliptic curves that use namedCurve inside ECParams (RFC 5480) */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; mbedtls_ecp_group_id grp_id; } oid_ecp_grp_t; @@ -609,8 +610,8 @@ static const oid_ecp_grp_t oid_ecp_grp[] = }; FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp) -FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id) -FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id) +FN_OID_GET_OID_BY_ATTR1(mbedtls_x509_oid_get_oid_by_ec_grp, oid_ecp_grp_t, oid_ecp_grp, mbedtls_ecp_group_id, @@ -621,7 +622,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, * encoded in the AlgorithmIdentifier (RFC 8410) */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; mbedtls_ecp_group_id grp_id; } oid_ecp_grp_algid_t; @@ -646,12 +647,12 @@ static const oid_ecp_grp_algid_t oid_ecp_grp_algid[] = }; FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_algid_t, grp_id_algid, oid_ecp_grp_algid) -FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp_algid, +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_ec_grp_algid, oid_ecp_grp_algid_t, grp_id_algid, mbedtls_ecp_group_id, grp_id) -FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp_algid, +FN_OID_GET_OID_BY_ATTR1(mbedtls_x509_oid_get_oid_by_ec_grp_algid, oid_ecp_grp_algid_t, oid_ecp_grp_algid, mbedtls_ecp_group_id, @@ -663,7 +664,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp_algid, * For PKCS#5 PBES2 encryption algorithm */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; mbedtls_cipher_type_t cipher_alg; } oid_cipher_alg_t; @@ -696,7 +697,7 @@ static const oid_cipher_alg_t oid_cipher_alg[] = }; FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg) -FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_cipher_alg, oid_cipher_alg_t, cipher_alg, mbedtls_cipher_type_t, @@ -707,7 +708,7 @@ FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, * For digestAlgorithm */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; mbedtls_md_type_t md_alg; } oid_md_alg_t; @@ -786,8 +787,8 @@ static const oid_md_alg_t oid_md_alg[] = }; FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) -FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) -FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) +FN_OID_GET_OID_BY_ATTR1(mbedtls_x509_oid_get_oid_by_md, oid_md_alg_t, oid_md_alg, mbedtls_md_type_t, @@ -797,7 +798,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, * For HMAC digestAlgorithm */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; mbedtls_md_type_t md_hmac; } oid_md_hmac_t; @@ -870,14 +871,14 @@ static const oid_md_hmac_t oid_md_hmac[] = }; FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac) -FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac) +FN_OID_GET_ATTR1(mbedtls_x509_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac) #if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_C) /* * For PKCS#12 PBEs */ typedef struct { - mbedtls_oid_descriptor_t descriptor; + mbedtls_x509_oid_descriptor_t descriptor; mbedtls_md_type_t md_alg; mbedtls_cipher_type_t cipher_alg; } oid_pkcs12_pbe_alg_t; @@ -903,7 +904,7 @@ static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] = }; FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg) -FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, +FN_OID_GET_ATTR2(mbedtls_x509_oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, mbedtls_md_type_t, diff --git a/library/x509_oid.h b/library/x509_oid.h index 5f51367053..8798d0faaf 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -473,14 +473,14 @@ extern "C" { /** * \brief Base OID descriptor structure */ -typedef struct mbedtls_oid_descriptor_t { +typedef struct { const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */ size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */ #if !defined(MBEDTLS_X509_REMOVE_INFO) const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */ const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */ #endif -} mbedtls_oid_descriptor_t; +} mbedtls_x509_oid_descriptor_t; /** * \brief Translate an X.509 extension OID into local values @@ -490,7 +490,7 @@ typedef struct mbedtls_oid_descriptor_t { * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type); +int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type); /** * \brief Translate an X.509 attribute type OID into the short name @@ -501,7 +501,7 @@ int mbedtls_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type); * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name); +int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name); /** * \brief Translate PublicKeyAlgorithm OID into pk_type @@ -511,7 +511,7 @@ int mbedtls_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **sh * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg); +int mbedtls_x509_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg); /** * \brief Translate pk_type into PublicKeyAlgorithm OID @@ -522,8 +522,8 @@ int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_al * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg, - const char **oid, size_t *olen); +int mbedtls_x509_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg, + const char **oid, size_t *olen); #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) /** @@ -534,7 +534,7 @@ int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg, * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_ec_grp(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id); +int mbedtls_x509_oid_get_ec_grp(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id); /** * \brief Translate EC group identifier into NamedCurve OID @@ -545,8 +545,8 @@ int mbedtls_oid_get_ec_grp(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *gr * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id, - const char **oid, size_t *olen); +int mbedtls_x509_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id, + const char **oid, size_t *olen); /** * \brief Translate AlgorithmIdentifier OID into an EC group identifier, @@ -557,7 +557,7 @@ int mbedtls_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id, * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id); +int mbedtls_x509_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id); /** * \brief Translate EC group identifier into AlgorithmIdentifier OID, @@ -569,8 +569,8 @@ int mbedtls_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_ * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id, - const char **oid, size_t *olen); +int mbedtls_x509_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id, + const char **oid, size_t *olen); #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /** @@ -582,8 +582,8 @@ int mbedtls_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id, * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_sig_alg(const mbedtls_asn1_buf *oid, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); +int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid, + mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); /** * \brief Translate SignatureAlgorithm OID into description @@ -593,7 +593,7 @@ int mbedtls_oid_get_sig_alg(const mbedtls_asn1_buf *oid, * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc); +int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc); /** * \brief Translate md_type and pk_type into SignatureAlgorithm OID @@ -605,8 +605,8 @@ int mbedtls_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc) * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, - const char **oid, size_t *olen); +int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, + const char **oid, size_t *olen); /** * \brief Translate hmac algorithm OID into md_type @@ -616,7 +616,7 @@ int mbedtls_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t m * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_md_hmac(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac); +int mbedtls_x509_oid_get_md_hmac(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac); /** * \brief Translate hash algorithm OID into md_type @@ -626,7 +626,7 @@ int mbedtls_oid_get_md_hmac(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_h * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg); +int mbedtls_x509_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg); #if !defined(MBEDTLS_X509_REMOVE_INFO) /** @@ -637,7 +637,7 @@ int mbedtls_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_al * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc); +int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc); #endif /** @@ -648,7 +648,7 @@ int mbedtls_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char * * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc); +int mbedtls_x509_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc); /** * \brief Translate md_type into hash algorithm OID @@ -659,7 +659,7 @@ int mbedtls_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t *olen); +int mbedtls_x509_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t *olen); #if defined(MBEDTLS_CIPHER_C) /** @@ -670,7 +670,7 @@ int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg); +int mbedtls_x509_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg); #if defined(MBEDTLS_PKCS12_C) /** @@ -683,8 +683,8 @@ int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_ * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, - mbedtls_cipher_type_t *cipher_alg); +int mbedtls_x509_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, + mbedtls_cipher_type_t *cipher_alg); #endif /* MBEDTLS_PKCS12_C */ #endif /* MBEDTLS_CIPHER_C */ From d2fe51cfc49120b7b6a5370365c972ab6c5c6bf8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 20:36:20 +0200 Subject: [PATCH 0568/1548] Add the x509_oid module to the build Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 1 + library/Makefile | 1 + library/x509_oid.c | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index a32b4bc264..f896850f23 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -6,6 +6,7 @@ set(src_x509 x509_crl.c x509_crt.c x509_csr.c + x509_oid.c x509write.c x509write_crt.c x509write_csr.c diff --git a/library/Makefile b/library/Makefile index 1c0e4d942a..fb61911896 100644 --- a/library/Makefile +++ b/library/Makefile @@ -198,6 +198,7 @@ OBJS_X509= \ x509_crl.o \ x509_crt.o \ x509_csr.o \ + x509_oid.o \ x509write.o \ x509write_crt.o \ x509write_csr.o \ diff --git a/library/x509_oid.c b/library/x509_oid.c index 7bbe4d58d8..6fe6e707f5 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -7,7 +7,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "x509_internal.h" #if defined(MBEDTLS_OID_C) From 532e3ee104e657e4db8d49f524125d8ac9228452 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 20:37:15 +0200 Subject: [PATCH 0569/1548] Switch library and tests to the x509_oid module ``` git grep -l -P 'mbedtls_oid_get_(?!numeric_string\b)' | xargs perl -i -pe 's/\bmbedtls_oid_get_(?!numeric_string\b)/mbedtls_x509_oid_get_/' ./framework/scripts/code_style.py --since HEAD~1 --fix ``` Signed-off-by: Gilles Peskine --- library/pkcs7.c | 4 +-- library/x509.c | 10 +++--- library/x509_crt.c | 6 ++-- library/x509_csr.c | 2 +- library/x509write_crt.c | 4 +-- library/x509write_csr.c | 4 +-- tests/suites/test_suite_x509_oid.data | 40 +++++++++++----------- tests/suites/test_suite_x509_oid.function | 12 +++---- tests/suites/test_suite_x509parse.function | 6 ++-- 9 files changed, 44 insertions(+), 44 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 3c5040bfd6..cfe570a788 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -480,7 +480,7 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen, return ret; } - ret = mbedtls_oid_get_md_alg(&signed_data->digest_alg_identifiers, &md_alg); + ret = mbedtls_x509_oid_get_md_alg(&signed_data->digest_alg_identifiers, &md_alg); if (ret != 0) { return MBEDTLS_ERR_PKCS7_INVALID_ALG; } @@ -659,7 +659,7 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, return MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID; } - ret = mbedtls_oid_get_md_alg(&pkcs7->signed_data.digest_alg_identifiers, &md_alg); + ret = mbedtls_x509_oid_get_md_alg(&pkcs7->signed_data.digest_alg_identifiers, &md_alg); if (ret != 0) { return ret; } diff --git a/library/x509.c b/library/x509.c index e0d54b6dc4..a3d7a18b1c 100644 --- a/library/x509.c +++ b/library/x509.c @@ -208,7 +208,7 @@ static int x509_get_hash_alg(const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_ p += md_oid.len; /* Get md_alg from md_oid */ - if ((ret = mbedtls_oid_get_md_alg(&md_oid, md_alg)) != 0) { + if ((ret = mbedtls_x509_oid_get_md_alg(&md_oid, md_alg)) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); } @@ -282,7 +282,7 @@ int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, return ret; } - if ((ret = mbedtls_oid_get_md_alg(&alg_id, md_alg)) != 0) { + if ((ret = mbedtls_x509_oid_get_md_alg(&alg_id, md_alg)) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); } @@ -719,7 +719,7 @@ int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509 { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if ((ret = mbedtls_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) { + if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret); } @@ -904,7 +904,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) (name->val.tag != MBEDTLS_ASN1_PRINTABLE_STRING) && (name->val.tag != MBEDTLS_ASN1_IA5_STRING); - if ((ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name)) == 0) { + if ((ret = mbedtls_x509_oid_get_attr_short_name(&name->oid, &short_name)) == 0) { ret = mbedtls_snprintf(p, n, "%s=", short_name); } else { if ((ret = mbedtls_oid_get_numeric_string(p, n, &name->oid)) > 0) { @@ -1044,7 +1044,7 @@ int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *si size_t n = size; const char *desc = NULL; - ret = mbedtls_oid_get_sig_alg_desc(sig_oid, &desc); + ret = mbedtls_x509_oid_get_sig_alg_desc(sig_oid, &desc); if (ret != 0) { ret = mbedtls_snprintf(p, n, "???"); } else { diff --git a/library/x509_crt.c b/library/x509_crt.c index 959ae21931..5528763ff8 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -926,7 +926,7 @@ static int x509_get_crt_ext(unsigned char **p, /* * Detect supported extensions */ - ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type); + ret = mbedtls_x509_oid_get_x509_ext_type(&extn_oid, &ext_type); if (ret != 0) { /* Give the callback (if any) a chance to handle the extension */ @@ -1692,7 +1692,7 @@ static int x509_info_ext_key_usage(char **buf, size_t *size, const char *sep = ""; while (cur != NULL) { - if (mbedtls_oid_get_extended_key_usage(&cur->buf, &desc) != 0) { + if (mbedtls_x509_oid_get_extended_key_usage(&cur->buf, &desc) != 0) { desc = "???"; } @@ -1721,7 +1721,7 @@ static int x509_info_cert_policies(char **buf, size_t *size, const char *sep = ""; while (cur != NULL) { - if (mbedtls_oid_get_certificate_policies(&cur->buf, &desc) != 0) { + if (mbedtls_x509_oid_get_certificate_policies(&cur->buf, &desc) != 0) { desc = "???"; } diff --git a/library/x509_csr.c b/library/x509_csr.c index bba9eaae23..0a77bef39b 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -114,7 +114,7 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr, /* * Detect supported extensions and skip unsupported extensions */ - ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type); + ret = mbedtls_x509_oid_get_x509_ext_type(&extn_oid, &ext_type); if (ret != 0) { /* Give the callback (if any) a chance to handle the extension */ diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 4bacdad531..6cc281a195 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -413,8 +413,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, return MBEDTLS_ERR_X509_INVALID_ALG; } - if ((ret = mbedtls_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, - &sig_oid, &sig_oid_len)) != 0) { + if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, + &sig_oid, &sig_oid_len)) != 0) { return ret; } diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 74991f383d..f3dc9d9dac 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -228,8 +228,8 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, return MBEDTLS_ERR_X509_INVALID_ALG; } - if ((ret = mbedtls_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, - &sig_oid, &sig_oid_len)) != 0) { + if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, + &sig_oid, &sig_oid_len)) != 0) { return ret; } diff --git a/tests/suites/test_suite_x509_oid.data b/tests/suites/test_suite_x509_oid.data index 42b0505801..592c964962 100644 --- a/tests/suites/test_suite_x509_oid.data +++ b/tests/suites/test_suite_x509_oid.data @@ -105,42 +105,42 @@ oid_get_md_alg_id:"2b24030201":MBEDTLS_MD_RIPEMD160 OID hash id - invalid oid oid_get_md_alg_id:"2B864886f70d0204":-1 -mbedtls_oid_get_md_hmac - RIPEMD160 +mbedtls_x509_oid_get_md_hmac - RIPEMD160 depends_on:PSA_WANT_ALG_RIPEMD160 -mbedtls_oid_get_md_hmac:"2B06010505080104":MBEDTLS_MD_RIPEMD160 +mbedtls_x509_oid_get_md_hmac:"2B06010505080104":MBEDTLS_MD_RIPEMD160 -mbedtls_oid_get_md_hmac - SHA1 +mbedtls_x509_oid_get_md_hmac - SHA1 depends_on:PSA_WANT_ALG_SHA_1 -mbedtls_oid_get_md_hmac:"2A864886F70D0207":MBEDTLS_MD_SHA1 +mbedtls_x509_oid_get_md_hmac:"2A864886F70D0207":MBEDTLS_MD_SHA1 -mbedtls_oid_get_md_hmac - SHA224 +mbedtls_x509_oid_get_md_hmac - SHA224 depends_on:PSA_WANT_ALG_SHA_224 -mbedtls_oid_get_md_hmac:"2A864886F70D0208":MBEDTLS_MD_SHA224 +mbedtls_x509_oid_get_md_hmac:"2A864886F70D0208":MBEDTLS_MD_SHA224 -mbedtls_oid_get_md_hmac - SHA256 +mbedtls_x509_oid_get_md_hmac - SHA256 depends_on:PSA_WANT_ALG_SHA_256 -mbedtls_oid_get_md_hmac:"2A864886F70D0209":MBEDTLS_MD_SHA256 +mbedtls_x509_oid_get_md_hmac:"2A864886F70D0209":MBEDTLS_MD_SHA256 -mbedtls_oid_get_md_hmac - SHA384 +mbedtls_x509_oid_get_md_hmac - SHA384 depends_on:PSA_WANT_ALG_SHA_384 -mbedtls_oid_get_md_hmac:"2A864886F70D020A":MBEDTLS_MD_SHA384 +mbedtls_x509_oid_get_md_hmac:"2A864886F70D020A":MBEDTLS_MD_SHA384 -mbedtls_oid_get_md_hmac - SHA512 +mbedtls_x509_oid_get_md_hmac - SHA512 depends_on:PSA_WANT_ALG_SHA_512 -mbedtls_oid_get_md_hmac:"2A864886F70D020B":MBEDTLS_MD_SHA512 +mbedtls_x509_oid_get_md_hmac:"2A864886F70D020B":MBEDTLS_MD_SHA512 -mbedtls_oid_get_md_hmac - SHA3_224 +mbedtls_x509_oid_get_md_hmac - SHA3_224 depends_on:PSA_WANT_ALG_SHA3_224 -mbedtls_oid_get_md_hmac:"60864801650304020D":MBEDTLS_MD_SHA3_224 +mbedtls_x509_oid_get_md_hmac:"60864801650304020D":MBEDTLS_MD_SHA3_224 -mbedtls_oid_get_md_hmac - SHA3_256 +mbedtls_x509_oid_get_md_hmac - SHA3_256 depends_on:PSA_WANT_ALG_SHA3_256 -mbedtls_oid_get_md_hmac:"60864801650304020E":MBEDTLS_MD_SHA3_256 +mbedtls_x509_oid_get_md_hmac:"60864801650304020E":MBEDTLS_MD_SHA3_256 -mbedtls_oid_get_md_hmac - SHA3_384 +mbedtls_x509_oid_get_md_hmac - SHA3_384 depends_on:PSA_WANT_ALG_SHA3_384 -mbedtls_oid_get_md_hmac:"60864801650304020F":MBEDTLS_MD_SHA3_384 +mbedtls_x509_oid_get_md_hmac:"60864801650304020F":MBEDTLS_MD_SHA3_384 -mbedtls_oid_get_md_hmac - SHA3_512 +mbedtls_x509_oid_get_md_hmac - SHA3_512 depends_on:PSA_WANT_ALG_SHA3_512 -mbedtls_oid_get_md_hmac:"608648016503040210":MBEDTLS_MD_SHA3_512 +mbedtls_x509_oid_get_md_hmac:"608648016503040210":MBEDTLS_MD_SHA3_512 diff --git a/tests/suites/test_suite_x509_oid.function b/tests/suites/test_suite_x509_oid.function index efcfee28f6..46d7d99d68 100644 --- a/tests/suites/test_suite_x509_oid.function +++ b/tests/suites/test_suite_x509_oid.function @@ -21,7 +21,7 @@ void oid_get_certificate_policies(data_t *oid, char *result_str) asn1_buf.p = oid->x; asn1_buf.len = oid->len; - ret = mbedtls_oid_get_certificate_policies(&asn1_buf, &desc); + ret = mbedtls_x509_oid_get_certificate_policies(&asn1_buf, &desc); if (strlen(result_str) == 0) { TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); } else { @@ -42,7 +42,7 @@ void oid_get_extended_key_usage(data_t *oid, char *result_str) asn1_buf.p = oid->x; asn1_buf.len = oid->len; - ret = mbedtls_oid_get_extended_key_usage(&asn1_buf, &desc); + ret = mbedtls_x509_oid_get_extended_key_usage(&asn1_buf, &desc); if (strlen(result_str) == 0) { TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); } else { @@ -63,7 +63,7 @@ void oid_get_x509_extension(data_t *oid, int exp_type) ext_oid.p = oid->x; ext_oid.len = oid->len; - ret = mbedtls_oid_get_x509_ext_type(&ext_oid, &ext_type); + ret = mbedtls_x509_oid_get_x509_ext_type(&ext_oid, &ext_type); if (exp_type == 0) { TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); } else { @@ -84,7 +84,7 @@ void oid_get_md_alg_id(data_t *oid, int exp_md_id) md_oid.p = oid->x; md_oid.len = oid->len; - ret = mbedtls_oid_get_md_alg(&md_oid, &md_id); + ret = mbedtls_x509_oid_get_md_alg(&md_oid, &md_id); if (exp_md_id < 0) { TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); @@ -97,7 +97,7 @@ void oid_get_md_alg_id(data_t *oid, int exp_md_id) /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_oid_get_md_hmac(data_t *oid, int exp_md_id) +void mbedtls_x509_oid_get_md_hmac(data_t *oid, int exp_md_id) { mbedtls_asn1_buf md_oid = { 0, 0, NULL }; int ret; @@ -107,7 +107,7 @@ void mbedtls_oid_get_md_hmac(data_t *oid, int exp_md_id) md_oid.p = oid->x; md_oid.len = oid->len; - ret = mbedtls_oid_get_md_hmac(&md_oid, &md_id); + ret = mbedtls_x509_oid_get_md_hmac(&md_oid, &md_id); if (exp_md_id < 0) { TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index b6fb2020ab..19b37b3102 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1010,8 +1010,8 @@ void mbedtls_x509_dn_get_next(char *name_str, parsed_cur = &parsed; len = 0; for (i = 0; parsed_cur != NULL; i++) { - TEST_EQUAL(mbedtls_oid_get_attr_short_name(&parsed_cur->oid, - &short_name), 0); + TEST_EQUAL(mbedtls_x509_oid_get_attr_short_name(&parsed_cur->oid, + &short_name), 0); len += mbedtls_snprintf((char *) out + len, out_size - len, "%s ", short_name); parsed_cur = mbedtls_x509_dn_get_next(parsed_cur); } @@ -1516,7 +1516,7 @@ void x509_oid_desc(data_t *buf, char *ref_desc) oid.p = buf->x; oid.len = buf->len; - ret = mbedtls_oid_get_extended_key_usage(&oid, &desc); + ret = mbedtls_x509_oid_get_extended_key_usage(&oid, &desc); if (strcmp(ref_desc, "notfound") == 0) { TEST_ASSERT(ret != 0); From b7ef4df0014d35b778b6fd42e979914ac040b3f2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 20:45:03 +0200 Subject: [PATCH 0570/1548] Remove OID tables that are not used in X.509 Signed-off-by: Gilles Peskine --- library/x509_oid.c | 330 ---------------------- library/x509_oid.h | 124 -------- tests/suites/test_suite_x509_oid.data | 40 --- tests/suites/test_suite_x509_oid.function | 23 -- 4 files changed, 517 deletions(-) diff --git a/library/x509_oid.c b/library/x509_oid.c index 6fe6e707f5..f5eb8fe0de 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -12,9 +12,6 @@ #if defined(MBEDTLS_OID_C) #include "x509_oid.h" -#include "mbedtls/rsa.h" -#include "mbedtls/error_common.h" -#include "mbedtls/pk.h" #include #include @@ -496,214 +493,6 @@ FN_OID_GET_OID_BY_ATTR2(mbedtls_x509_oid_get_oid_by_sig_alg, mbedtls_md_type_t, md_alg) -/* - * For PublicKeyInfo (PKCS1, RFC 5480) - */ -typedef struct { - mbedtls_x509_oid_descriptor_t descriptor; - mbedtls_pk_type_t pk_alg; -} oid_pk_alg_t; - -static const oid_pk_alg_t oid_pk_alg[] = -{ - { - OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_RSA, "rsaEncryption", "RSA"), - MBEDTLS_PK_RSA, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_UNRESTRICTED, "id-ecPublicKey", "Generic EC key"), - MBEDTLS_PK_ECKEY, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_ECDH, "id-ecDH", "EC key for ECDH"), - MBEDTLS_PK_ECKEY_DH, - }, - { - NULL_OID_DESCRIPTOR, - MBEDTLS_PK_NONE, - }, -}; - -FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg) -FN_OID_GET_ATTR1(mbedtls_x509_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg) -FN_OID_GET_OID_BY_ATTR1(mbedtls_x509_oid_get_oid_by_pk_alg, - oid_pk_alg_t, - oid_pk_alg, - mbedtls_pk_type_t, - pk_alg) - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -/* - * For elliptic curves that use namedCurve inside ECParams (RFC 5480) - */ -typedef struct { - mbedtls_x509_oid_descriptor_t descriptor; - mbedtls_ecp_group_id grp_id; -} oid_ecp_grp_t; - -static const oid_ecp_grp_t oid_ecp_grp[] = -{ -#if defined(PSA_WANT_ECC_SECP_R1_192) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192R1, "secp192r1", "secp192r1"), - MBEDTLS_ECP_DP_SECP192R1, - }, -#endif /* PSA_WANT_ECC_SECP_R1_192 */ -#if defined(PSA_WANT_ECC_SECP_R1_224) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224R1, "secp224r1", "secp224r1"), - MBEDTLS_ECP_DP_SECP224R1, - }, -#endif /* PSA_WANT_ECC_SECP_R1_224 */ -#if defined(PSA_WANT_ECC_SECP_R1_256) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256R1, "secp256r1", "secp256r1"), - MBEDTLS_ECP_DP_SECP256R1, - }, -#endif /* PSA_WANT_ECC_SECP_R1_256 */ -#if defined(PSA_WANT_ECC_SECP_R1_384) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP384R1, "secp384r1", "secp384r1"), - MBEDTLS_ECP_DP_SECP384R1, - }, -#endif /* PSA_WANT_ECC_SECP_R1_384 */ -#if defined(PSA_WANT_ECC_SECP_R1_521) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1", "secp521r1"), - MBEDTLS_ECP_DP_SECP521R1, - }, -#endif /* PSA_WANT_ECC_SECP_R1_521 */ -#if defined(PSA_WANT_ECC_SECP_K1_192) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1", "secp192k1"), - MBEDTLS_ECP_DP_SECP192K1, - }, -#endif /* PSA_WANT_ECC_SECP_K1_192 */ -#if defined(PSA_WANT_ECC_SECP_K1_256) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1", "secp256k1"), - MBEDTLS_ECP_DP_SECP256K1, - }, -#endif /* PSA_WANT_ECC_SECP_K1_256 */ -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP256R1, "brainpoolP256r1", "brainpool256r1"), - MBEDTLS_ECP_DP_BP256R1, - }, -#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */ -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP384R1, "brainpoolP384r1", "brainpool384r1"), - MBEDTLS_ECP_DP_BP384R1, - }, -#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */ -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) - { - OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP512R1, "brainpoolP512r1", "brainpool512r1"), - MBEDTLS_ECP_DP_BP512R1, - }, -#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */ - { - NULL_OID_DESCRIPTOR, - MBEDTLS_ECP_DP_NONE, - }, -}; - -FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp) -FN_OID_GET_ATTR1(mbedtls_x509_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id) -FN_OID_GET_OID_BY_ATTR1(mbedtls_x509_oid_get_oid_by_ec_grp, - oid_ecp_grp_t, - oid_ecp_grp, - mbedtls_ecp_group_id, - grp_id) - -/* - * For Elliptic Curve algorithms that are directly - * encoded in the AlgorithmIdentifier (RFC 8410) - */ -typedef struct { - mbedtls_x509_oid_descriptor_t descriptor; - mbedtls_ecp_group_id grp_id; -} oid_ecp_grp_algid_t; - -static const oid_ecp_grp_algid_t oid_ecp_grp_algid[] = -{ -#if defined(PSA_WANT_ECC_MONTGOMERY_255) - { - OID_DESCRIPTOR(MBEDTLS_OID_X25519, "X25519", "X25519"), - MBEDTLS_ECP_DP_CURVE25519, - }, -#endif /* PSA_WANT_ECC_MONTGOMERY_255 */ -#if defined(PSA_WANT_ECC_MONTGOMERY_448) - { - OID_DESCRIPTOR(MBEDTLS_OID_X448, "X448", "X448"), - MBEDTLS_ECP_DP_CURVE448, - }, -#endif /* PSA_WANT_ECC_MONTGOMERY_448 */ - { - NULL_OID_DESCRIPTOR, - MBEDTLS_ECP_DP_NONE, - }, -}; - -FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_algid_t, grp_id_algid, oid_ecp_grp_algid) -FN_OID_GET_ATTR1(mbedtls_x509_oid_get_ec_grp_algid, - oid_ecp_grp_algid_t, - grp_id_algid, - mbedtls_ecp_group_id, - grp_id) -FN_OID_GET_OID_BY_ATTR1(mbedtls_x509_oid_get_oid_by_ec_grp_algid, - oid_ecp_grp_algid_t, - oid_ecp_grp_algid, - mbedtls_ecp_group_id, - grp_id) -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - -#if defined(MBEDTLS_CIPHER_C) -/* - * For PKCS#5 PBES2 encryption algorithm - */ -typedef struct { - mbedtls_x509_oid_descriptor_t descriptor; - mbedtls_cipher_type_t cipher_alg; -} oid_cipher_alg_t; - -static const oid_cipher_alg_t oid_cipher_alg[] = -{ - { - OID_DESCRIPTOR(MBEDTLS_OID_DES_CBC, "desCBC", "DES-CBC"), - MBEDTLS_CIPHER_DES_CBC, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_DES_EDE3_CBC, "des-ede3-cbc", "DES-EDE3-CBC"), - MBEDTLS_CIPHER_DES_EDE3_CBC, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AES_128_CBC, "aes128-cbc", "AES128-CBC"), - MBEDTLS_CIPHER_AES_128_CBC, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AES_192_CBC, "aes192-cbc", "AES192-CBC"), - MBEDTLS_CIPHER_AES_192_CBC, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_AES_256_CBC, "aes256-cbc", "AES256-CBC"), - MBEDTLS_CIPHER_AES_256_CBC, - }, - { - NULL_OID_DESCRIPTOR, - MBEDTLS_CIPHER_NONE, - }, -}; - -FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg) -FN_OID_GET_ATTR1(mbedtls_x509_oid_get_cipher_alg, - oid_cipher_alg_t, - cipher_alg, - mbedtls_cipher_type_t, - cipher_alg) -#endif /* MBEDTLS_CIPHER_C */ - /* * For digestAlgorithm */ @@ -794,123 +583,4 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_x509_oid_get_oid_by_md, mbedtls_md_type_t, md_alg) -/* - * For HMAC digestAlgorithm - */ -typedef struct { - mbedtls_x509_oid_descriptor_t descriptor; - mbedtls_md_type_t md_hmac; -} oid_md_hmac_t; - -static const oid_md_hmac_t oid_md_hmac[] = -{ -#if defined(PSA_WANT_ALG_SHA_1) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA1, "hmacSHA1", "HMAC-SHA-1"), - MBEDTLS_MD_SHA1, - }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_SHA_224) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224"), - MBEDTLS_MD_SHA224, - }, -#endif /* PSA_WANT_ALG_SHA_224 */ -#if defined(PSA_WANT_ALG_SHA_256) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256"), - MBEDTLS_MD_SHA256, - }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA384, "hmacSHA384", "HMAC-SHA-384"), - MBEDTLS_MD_SHA384, - }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#if defined(PSA_WANT_ALG_SHA_512) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA512, "hmacSHA512", "HMAC-SHA-512"), - MBEDTLS_MD_SHA512, - }, -#endif /* PSA_WANT_ALG_SHA_512 */ -#if defined(PSA_WANT_ALG_SHA3_224) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_224, "hmacSHA3-224", "HMAC-SHA3-224"), - MBEDTLS_MD_SHA3_224, - }, -#endif /* PSA_WANT_ALG_SHA3_224 */ -#if defined(PSA_WANT_ALG_SHA3_256) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_256, "hmacSHA3-256", "HMAC-SHA3-256"), - MBEDTLS_MD_SHA3_256, - }, -#endif /* PSA_WANT_ALG_SHA3_256 */ -#if defined(PSA_WANT_ALG_SHA3_384) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_384, "hmacSHA3-384", "HMAC-SHA3-384"), - MBEDTLS_MD_SHA3_384, - }, -#endif /* PSA_WANT_ALG_SHA3_384 */ -#if defined(PSA_WANT_ALG_SHA3_512) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_512, "hmacSHA3-512", "HMAC-SHA3-512"), - MBEDTLS_MD_SHA3_512, - }, -#endif /* PSA_WANT_ALG_SHA3_512 */ -#if defined(PSA_WANT_ALG_RIPEMD160) - { - OID_DESCRIPTOR(MBEDTLS_OID_HMAC_RIPEMD160, "hmacRIPEMD160", "HMAC-RIPEMD160"), - MBEDTLS_MD_RIPEMD160, - }, -#endif /* PSA_WANT_ALG_RIPEMD160 */ - { - NULL_OID_DESCRIPTOR, - MBEDTLS_MD_NONE, - }, -}; - -FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac) -FN_OID_GET_ATTR1(mbedtls_x509_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac) - -#if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_C) -/* - * For PKCS#12 PBEs - */ -typedef struct { - mbedtls_x509_oid_descriptor_t descriptor; - mbedtls_md_type_t md_alg; - mbedtls_cipher_type_t cipher_alg; -} oid_pkcs12_pbe_alg_t; - -static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] = -{ - { - OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, - "pbeWithSHAAnd3-KeyTripleDES-CBC", - "PBE with SHA1 and 3-Key 3DES"), - MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC, - }, - { - OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, - "pbeWithSHAAnd2-KeyTripleDES-CBC", - "PBE with SHA1 and 2-Key 3DES"), - MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE_CBC, - }, - { - NULL_OID_DESCRIPTOR, - MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE, - }, -}; - -FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg) -FN_OID_GET_ATTR2(mbedtls_x509_oid_get_pkcs12_pbe_alg, - oid_pkcs12_pbe_alg_t, - pkcs12_pbe_alg, - mbedtls_md_type_t, - md_alg, - mbedtls_cipher_type_t, - cipher_alg) -#endif /* MBEDTLS_PKCS12_C && MBEDTLS_CIPHER_C */ - #endif /* MBEDTLS_OID_C */ diff --git a/library/x509_oid.h b/library/x509_oid.h index 8798d0faaf..2416d0b101 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -11,17 +11,11 @@ #define MBEDTLS_X509_OID_H #include "mbedtls/private_access.h" -#include "tf-psa-crypto/build_info.h" - #include "mbedtls/asn1.h" #include "mbedtls/pk.h" #include -#if defined(MBEDTLS_CIPHER_C) -#include "mbedtls/cipher.h" -#endif - #include "mbedtls/md.h" /** OID is not found. */ @@ -503,76 +497,6 @@ int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_typ */ int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name); -/** - * \brief Translate PublicKeyAlgorithm OID into pk_type - * - * \param oid OID to use - * \param pk_alg place to store public key algorithm - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg); - -/** - * \brief Translate pk_type into PublicKeyAlgorithm OID - * - * \param pk_alg Public key type to look for - * \param oid place to store ASN.1 OID string pointer - * \param olen length of the OID - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg, - const char **oid, size_t *olen); - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -/** - * \brief Translate NamedCurve OID into an EC group identifier - * - * \param oid OID to use - * \param grp_id place to store group id - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_ec_grp(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id); - -/** - * \brief Translate EC group identifier into NamedCurve OID - * - * \param grp_id EC group identifier - * \param oid place to store ASN.1 OID string pointer - * \param olen length of the OID - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id, - const char **oid, size_t *olen); - -/** - * \brief Translate AlgorithmIdentifier OID into an EC group identifier, - * for curves that are directly encoded at this level - * - * \param oid OID to use - * \param grp_id place to store group id - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id); - -/** - * \brief Translate EC group identifier into AlgorithmIdentifier OID, - * for curves that are directly encoded at this level - * - * \param grp_id EC group identifier - * \param oid place to store ASN.1 OID string pointer - * \param olen length of the OID - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id, - const char **oid, size_t *olen); -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - /** * \brief Translate SignatureAlgorithm OID into md_type and pk_type * @@ -608,16 +532,6 @@ int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char ** int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const char **oid, size_t *olen); -/** - * \brief Translate hmac algorithm OID into md_type - * - * \param oid OID to use - * \param md_hmac place to store message hmac algorithm - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_md_hmac(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac); - /** * \brief Translate hash algorithm OID into md_type * @@ -650,44 +564,6 @@ int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const c */ int mbedtls_x509_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc); -/** - * \brief Translate md_type into hash algorithm OID - * - * \param md_alg message digest algorithm - * \param oid place to store ASN.1 OID string pointer - * \param olen length of the OID - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t *olen); - -#if defined(MBEDTLS_CIPHER_C) -/** - * \brief Translate encryption algorithm OID into cipher_type - * - * \param oid OID to use - * \param cipher_alg place to store cipher algorithm - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg); - -#if defined(MBEDTLS_PKCS12_C) -/** - * \brief Translate PKCS#12 PBE algorithm OID into md_type and - * cipher_type - * - * \param oid OID to use - * \param md_alg place to store message digest algorithm - * \param cipher_alg place to store cipher algorithm - * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND - */ -int mbedtls_x509_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, - mbedtls_cipher_type_t *cipher_alg); -#endif /* MBEDTLS_PKCS12_C */ -#endif /* MBEDTLS_CIPHER_C */ - #ifdef __cplusplus } #endif diff --git a/tests/suites/test_suite_x509_oid.data b/tests/suites/test_suite_x509_oid.data index 592c964962..3f58b18435 100644 --- a/tests/suites/test_suite_x509_oid.data +++ b/tests/suites/test_suite_x509_oid.data @@ -104,43 +104,3 @@ oid_get_md_alg_id:"2b24030201":MBEDTLS_MD_RIPEMD160 OID hash id - invalid oid oid_get_md_alg_id:"2B864886f70d0204":-1 - -mbedtls_x509_oid_get_md_hmac - RIPEMD160 -depends_on:PSA_WANT_ALG_RIPEMD160 -mbedtls_x509_oid_get_md_hmac:"2B06010505080104":MBEDTLS_MD_RIPEMD160 - -mbedtls_x509_oid_get_md_hmac - SHA1 -depends_on:PSA_WANT_ALG_SHA_1 -mbedtls_x509_oid_get_md_hmac:"2A864886F70D0207":MBEDTLS_MD_SHA1 - -mbedtls_x509_oid_get_md_hmac - SHA224 -depends_on:PSA_WANT_ALG_SHA_224 -mbedtls_x509_oid_get_md_hmac:"2A864886F70D0208":MBEDTLS_MD_SHA224 - -mbedtls_x509_oid_get_md_hmac - SHA256 -depends_on:PSA_WANT_ALG_SHA_256 -mbedtls_x509_oid_get_md_hmac:"2A864886F70D0209":MBEDTLS_MD_SHA256 - -mbedtls_x509_oid_get_md_hmac - SHA384 -depends_on:PSA_WANT_ALG_SHA_384 -mbedtls_x509_oid_get_md_hmac:"2A864886F70D020A":MBEDTLS_MD_SHA384 - -mbedtls_x509_oid_get_md_hmac - SHA512 -depends_on:PSA_WANT_ALG_SHA_512 -mbedtls_x509_oid_get_md_hmac:"2A864886F70D020B":MBEDTLS_MD_SHA512 - -mbedtls_x509_oid_get_md_hmac - SHA3_224 -depends_on:PSA_WANT_ALG_SHA3_224 -mbedtls_x509_oid_get_md_hmac:"60864801650304020D":MBEDTLS_MD_SHA3_224 - -mbedtls_x509_oid_get_md_hmac - SHA3_256 -depends_on:PSA_WANT_ALG_SHA3_256 -mbedtls_x509_oid_get_md_hmac:"60864801650304020E":MBEDTLS_MD_SHA3_256 - -mbedtls_x509_oid_get_md_hmac - SHA3_384 -depends_on:PSA_WANT_ALG_SHA3_384 -mbedtls_x509_oid_get_md_hmac:"60864801650304020F":MBEDTLS_MD_SHA3_384 - -mbedtls_x509_oid_get_md_hmac - SHA3_512 -depends_on:PSA_WANT_ALG_SHA3_512 -mbedtls_x509_oid_get_md_hmac:"608648016503040210":MBEDTLS_MD_SHA3_512 diff --git a/tests/suites/test_suite_x509_oid.function b/tests/suites/test_suite_x509_oid.function index 46d7d99d68..8273a71519 100644 --- a/tests/suites/test_suite_x509_oid.function +++ b/tests/suites/test_suite_x509_oid.function @@ -95,26 +95,3 @@ void oid_get_md_alg_id(data_t *oid, int exp_md_id) } } /* END_CASE */ - -/* BEGIN_CASE */ -void mbedtls_x509_oid_get_md_hmac(data_t *oid, int exp_md_id) -{ - mbedtls_asn1_buf md_oid = { 0, 0, NULL }; - int ret; - mbedtls_md_type_t md_id = 0; - - md_oid.tag = MBEDTLS_ASN1_OID; - md_oid.p = oid->x; - md_oid.len = oid->len; - - ret = mbedtls_x509_oid_get_md_hmac(&md_oid, &md_id); - - if (exp_md_id < 0) { - TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); - TEST_ASSERT(md_id == 0); - } else { - TEST_ASSERT(ret == 0); - TEST_ASSERT((mbedtls_md_type_t) exp_md_id == md_id); - } -} -/* END_CASE */ From 32a1112e885f7d41fb80bb48304a032e116feb09 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Apr 2025 21:51:46 +0200 Subject: [PATCH 0571/1548] Remove MBEDTLS_OID_X509_EXT_xxx constants They're just aliases for the corresponding MBEDTLS_X509_EXT_xxx. We don't need separate names. Signed-off-by: Gilles Peskine --- include/mbedtls/x509.h | 37 ++++++++++++--------------- library/x509_crt.c | 4 +-- library/x509_oid.c | 16 ++++++------ library/x509_oid.h | 23 +---------------- tests/suites/test_suite_x509_oid.data | 12 ++++----- 5 files changed, 34 insertions(+), 58 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 18df19ce6c..9d988a1a97 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -167,26 +167,23 @@ * * Comments refer to the status for using certificates. Status can be * different for writing certificates or reading CRLs or CSRs. - * - * Those are defined in oid.h as oid.c needs them in a data structure. Since - * these were previously defined here, let's have aliases for compatibility. - */ -#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER -#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER -#define MBEDTLS_X509_EXT_KEY_USAGE MBEDTLS_OID_X509_EXT_KEY_USAGE -#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES -#define MBEDTLS_X509_EXT_POLICY_MAPPINGS MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS -#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */ -#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME -#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS -#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */ -#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS -#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS -#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE -#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS -#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY -#define MBEDTLS_X509_EXT_FRESHEST_CRL MBEDTLS_OID_X509_EXT_FRESHEST_CRL -#define MBEDTLS_X509_EXT_NS_CERT_TYPE MBEDTLS_OID_X509_EXT_NS_CERT_TYPE + */ +#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0) +#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1) +#define MBEDTLS_X509_EXT_KEY_USAGE (1 << 2) +#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES (1 << 3) +#define MBEDTLS_X509_EXT_POLICY_MAPPINGS (1 << 4) +#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME (1 << 5) /* Supported (DNS) */ +#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME (1 << 6) +#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7) +#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS (1 << 8) /* Supported */ +#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS (1 << 9) +#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS (1 << 10) +#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE (1 << 11) +#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12) +#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13) +#define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14) +#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) /* * Storage format identifiers diff --git a/library/x509_crt.c b/library/x509_crt.c index 5528763ff8..0b0e8d1e91 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1015,7 +1015,7 @@ static int x509_get_crt_ext(unsigned char **p, } break; - case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES: + case MBEDTLS_X509_EXT_CERTIFICATE_POLICIES: /* Parse certificate policies type */ if ((ret = x509_get_certificate_policies(p, end_ext_octet, &crt->certificate_policies)) != 0) { @@ -1866,7 +1866,7 @@ int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, } } - if (crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES) { + if (crt->ext_types & MBEDTLS_X509_EXT_CERTIFICATE_POLICIES) { ret = mbedtls_snprintf(p, n, "\n%scertificate policies : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; diff --git a/library/x509_oid.c b/library/x509_oid.c index f5eb8fe0de..0a5da54cf5 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -273,47 +273,47 @@ static const oid_x509_ext_t oid_x509_ext[] = OID_DESCRIPTOR(MBEDTLS_OID_BASIC_CONSTRAINTS, "id-ce-basicConstraints", "Basic Constraints"), - MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS, + MBEDTLS_X509_EXT_BASIC_CONSTRAINTS, }, { OID_DESCRIPTOR(MBEDTLS_OID_KEY_USAGE, "id-ce-keyUsage", "Key Usage"), - MBEDTLS_OID_X509_EXT_KEY_USAGE, + MBEDTLS_X509_EXT_KEY_USAGE, }, { OID_DESCRIPTOR(MBEDTLS_OID_EXTENDED_KEY_USAGE, "id-ce-extKeyUsage", "Extended Key Usage"), - MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE, + MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE, }, { OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_ALT_NAME, "id-ce-subjectAltName", "Subject Alt Name"), - MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME, + MBEDTLS_X509_EXT_SUBJECT_ALT_NAME, }, { OID_DESCRIPTOR(MBEDTLS_OID_NS_CERT_TYPE, "id-netscape-certtype", "Netscape Certificate Type"), - MBEDTLS_OID_X509_EXT_NS_CERT_TYPE, + MBEDTLS_X509_EXT_NS_CERT_TYPE, }, { OID_DESCRIPTOR(MBEDTLS_OID_CERTIFICATE_POLICIES, "id-ce-certificatePolicies", "Certificate Policies"), - MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES, + MBEDTLS_X509_EXT_CERTIFICATE_POLICIES, }, { OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, "id-ce-subjectKeyIdentifier", "Subject Key Identifier"), - MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER, + MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER, }, { OID_DESCRIPTOR(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, "id-ce-authorityKeyIdentifier", "Authority Key Identifier"), - MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER, + MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER, }, { NULL_OID_DESCRIPTOR, diff --git a/library/x509_oid.h b/library/x509_oid.h index 2416d0b101..5b12677a61 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -13,6 +13,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/pk.h" +#include "mbedtls/x509.h" #include @@ -23,28 +24,6 @@ /** output buffer is too small */ #define MBEDTLS_ERR_OID_BUF_TOO_SMALL -0x000B -/* This is for the benefit of X.509, but defined here in order to avoid - * having a "backwards" include of x.509.h here */ -/* - * X.509 extension types (internal, arbitrary values for bitsets) - */ -#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0) -#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1) -#define MBEDTLS_OID_X509_EXT_KEY_USAGE (1 << 2) -#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES (1 << 3) -#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS (1 << 4) -#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME (1 << 5) -#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME (1 << 6) -#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7) -#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS (1 << 8) -#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS (1 << 9) -#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS (1 << 10) -#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE (1 << 11) -#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12) -#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13) -#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL (1 << 14) -#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16) - /* * Maximum number of OID components allowed */ diff --git a/tests/suites/test_suite_x509_oid.data b/tests/suites/test_suite_x509_oid.data index 3f58b18435..09bd6523a0 100644 --- a/tests/suites/test_suite_x509_oid.data +++ b/tests/suites/test_suite_x509_oid.data @@ -35,22 +35,22 @@ OID get Ext Key Usage wrong oid - id-ce-authorityKeyIdentifier oid_get_extended_key_usage:"551D23":"" OID get x509 extension - id-ce-basicConstraints -oid_get_x509_extension:"551D13":MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS +oid_get_x509_extension:"551D13":MBEDTLS_X509_EXT_BASIC_CONSTRAINTS OID get x509 extension - id-ce-keyUsage -oid_get_x509_extension:"551D0F":MBEDTLS_OID_X509_EXT_KEY_USAGE +oid_get_x509_extension:"551D0F":MBEDTLS_X509_EXT_KEY_USAGE OID get x509 extension - id-ce-extKeyUsage -oid_get_x509_extension:"551D25":MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE +oid_get_x509_extension:"551D25":MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE OID get x509 extension - id-ce-subjectAltName -oid_get_x509_extension:"551D11":MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME +oid_get_x509_extension:"551D11":MBEDTLS_X509_EXT_SUBJECT_ALT_NAME OID get x509 extension - id-netscape-certtype -oid_get_x509_extension:"6086480186F8420101":MBEDTLS_OID_X509_EXT_NS_CERT_TYPE +oid_get_x509_extension:"6086480186F8420101":MBEDTLS_X509_EXT_NS_CERT_TYPE OID get x509 extension - id-ce-certificatePolicies -oid_get_x509_extension:"551D20":MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES +oid_get_x509_extension:"551D20":MBEDTLS_X509_EXT_CERTIFICATE_POLICIES OID get x509 extension - invalid oid oid_get_x509_extension:"5533445566":0 From 47f1d7be950d44bc2fb404f9e3530aee7d2ae757 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 21:04:51 +0200 Subject: [PATCH 0572/1548] Replace MBEDTLS_ERR_OID_BUF_TOO_SMALL with PSA_ERROR_BUFFER_TOO_SMALL Remove the definition of `MBEDTLS_ERR_OID_BUF_TOO_SMALL` in `x509_oid.h`, and use the corresponding PSA error instead. ``` git grep -l MBEDTLS_ERR_OID_BUF_TOO_SMALL | xargs perl -i -pe 's/\bMBEDTLS_ERR_OID_BUF_TOO_SMALL\b/PSA_ERROR_BUFFER_TOO_SMALL/p' edit library/x509_oid.h ``` Signed-off-by: Gilles Peskine --- include/mbedtls/x509.h | 2 +- library/x509.c | 4 ++-- library/x509_create.c | 2 +- library/x509_oid.h | 2 -- tests/suites/test_suite_x509parse.data | 2 +- 5 files changed, 5 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 9d988a1a97..5a3bd8a2a1 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -498,7 +498,7 @@ size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst); * \param oid OID to translate * * \return Length of the string written (excluding final NULL) or - * MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error + * PSA_ERROR_BUFFER_TOO_SMALL in case of error */ int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid); diff --git a/library/x509.c b/library/x509.c index a3d7a18b1c..fe4e3e3afe 100644 --- a/library/x509.c +++ b/library/x509.c @@ -849,7 +849,7 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, ret = mbedtls_snprintf(p, n, ".%u", value); } if (ret < 2 || (size_t) ret >= n) { - return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + return PSA_ERROR_BUFFER_TOO_SMALL; } n -= (size_t) ret; p += ret; @@ -912,7 +912,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) p += ret; ret = mbedtls_snprintf(p, n, "="); print_hexstring = 1; - } else if (ret == MBEDTLS_ERR_OID_BUF_TOO_SMALL) { + } else if (ret == PSA_ERROR_BUFFER_TOO_SMALL) { return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; } else { ret = mbedtls_snprintf(p, n, "\?\?="); diff --git a/library/x509_create.c b/library/x509_create.c index 7ca5517528..7621698d5a 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -314,7 +314,7 @@ static int oid_subidentifier_encode_into(unsigned char **p, size_t num_bytes = oid_subidentifier_num_bytes(value); if ((size_t) (bound - *p) < num_bytes) { - return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + return PSA_ERROR_BUFFER_TOO_SMALL; } (*p)[num_bytes - 1] = (unsigned char) (value & 0x7f); value >>= 7; diff --git a/library/x509_oid.h b/library/x509_oid.h index 5b12677a61..46cfd54adc 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -21,8 +21,6 @@ /** OID is not found. */ #define MBEDTLS_ERR_OID_NOT_FOUND -0x002E -/** output buffer is too small */ -#define MBEDTLS_ERR_OID_BUF_TOO_SMALL -0x000B /* * Maximum number of OID components allowed diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index bbdd9f90db..6a04ff0f5e 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -2737,7 +2737,7 @@ X509 OID numstring #2 (buffer just fits) x509_oid_numstr:"2b06010505070301":"1.3.6.1.5.5.7.3.1":18:17 X509 OID numstring #3 (buffer too small) -x509_oid_numstr:"2b06010505070301":"1.3.6.1.5.5.7.3.1":17:MBEDTLS_ERR_OID_BUF_TOO_SMALL +x509_oid_numstr:"2b06010505070301":"1.3.6.1.5.5.7.3.1":17:PSA_ERROR_BUFFER_TOO_SMALL X509 OID numstring #4 (larger number) x509_oid_numstr:"2a864886f70d":"1.2.840.113549":15:14 From 4c832213202b52bd2b6efa7d5625c85c81a19002 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 23:05:12 +0200 Subject: [PATCH 0573/1548] Replace MBEDTLS_ERR_OID_NOT_FOUND with MBEDTLS_ERR_X509_UNKNOWN_OID Replace the non-X.509-named error code `MBEDTLS_ERR_OID_NOT_FOUND` with `MBEDTLS_ERR_X509_UNKNOWN_OID`, which already exists and is currently not used for anything. Public functions in X.509 propagate this error code, so it needs to have a public name. Remove the definition of `MBEDTLS_ERR_OID_NOT_FOUND` in `x509_oid.h`, then ``` git grep -l MBEDTLS_ERR_OID_NOT_FOUND | xargs perl -i -pe 's/\bMBEDTLS_ERR_OID_NOT_FOUND\b/MBEDTLS_ERR_X509_UNKNOWN_OID/g' ``` Signed-off-by: Gilles Peskine --- library/ssl_tls.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/x509.c | 2 +- library/x509_oid.c | 10 +++++----- library/x509_oid.h | 19 ++++++++----------- tests/suites/test_suite_x509_oid.function | 8 ++++---- tests/suites/test_suite_x509parse.data | 10 +++++----- 7 files changed, 25 insertions(+), 28 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0c992bf010..519b5b4a2b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7016,7 +7016,7 @@ static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ switch (ret) { case 0: /*ok*/ - case MBEDTLS_ERR_OID_NOT_FOUND: + case MBEDTLS_ERR_X509_UNKNOWN_OID: /* Ignore certificate with an unknown algorithm: maybe a prior certificate was already trusted. */ break; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 70175e0d60..44525dd153 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -505,7 +505,7 @@ int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl, switch (ret) { case 0: /*ok*/ break; - case MBEDTLS_ERR_OID_NOT_FOUND: + case MBEDTLS_ERR_X509_UNKNOWN_OID: /* Ignore certificate with an unknown algorithm: maybe a prior certificate was already trusted. */ break; diff --git a/library/x509.c b/library/x509.c index fe4e3e3afe..54275ebce0 100644 --- a/library/x509.c +++ b/library/x509.c @@ -314,7 +314,7 @@ int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, /* Only MFG1 is recognised for now */ if (MBEDTLS_OID_CMP(MBEDTLS_OID_MGF1, &alg_id) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, - MBEDTLS_ERR_OID_NOT_FOUND); + MBEDTLS_ERR_X509_UNKNOWN_OID); } /* Parse HashAlgorithm */ diff --git a/library/x509_oid.c b/library/x509_oid.c index 0a5da54cf5..3517ee3841 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -66,7 +66,7 @@ int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ { \ const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ - if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ + if (data == NULL) return MBEDTLS_ERR_X509_UNKNOWN_OID; \ *ATTR1 = data->descriptor.ATTR1; \ return 0; \ } @@ -80,7 +80,7 @@ int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ { \ const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ - if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ + if (data == NULL) return MBEDTLS_ERR_X509_UNKNOWN_OID; \ *ATTR1 = data->ATTR1; \ return 0; \ } @@ -95,7 +95,7 @@ ATTR2_TYPE * ATTR2) \ { \ const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ - if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ + if (data == NULL) return MBEDTLS_ERR_X509_UNKNOWN_OID; \ *(ATTR1) = data->ATTR1; \ *(ATTR2) = data->ATTR2; \ return 0; \ @@ -117,7 +117,7 @@ } \ cur++; \ } \ - return MBEDTLS_ERR_OID_NOT_FOUND; \ + return MBEDTLS_ERR_X509_UNKNOWN_OID; \ } /* @@ -138,7 +138,7 @@ } \ cur++; \ } \ - return MBEDTLS_ERR_OID_NOT_FOUND; \ + return MBEDTLS_ERR_X509_UNKNOWN_OID; \ } /* diff --git a/library/x509_oid.h b/library/x509_oid.h index 46cfd54adc..6b2da9895a 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -19,9 +19,6 @@ #include "mbedtls/md.h" -/** OID is not found. */ -#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E - /* * Maximum number of OID components allowed */ @@ -459,7 +456,7 @@ typedef struct { * \param oid OID to use * \param ext_type place to store the extension type * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type); @@ -470,7 +467,7 @@ int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_typ * \param oid OID to use * \param short_name place to store the string pointer * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name); @@ -481,7 +478,7 @@ int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char * \param md_alg place to store message digest algorithm * \param pk_alg place to store public key algorithm * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); @@ -492,7 +489,7 @@ int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid, * \param oid OID to use * \param desc place to store string pointer * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc); @@ -504,7 +501,7 @@ int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char ** * \param oid place to store ASN.1 OID string pointer * \param olen length of the OID * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const char **oid, size_t *olen); @@ -515,7 +512,7 @@ int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_typ * \param oid OID to use * \param md_alg place to store message digest algorithm * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg); @@ -526,7 +523,7 @@ int mbedtls_x509_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t * * \param oid OID to use * \param desc place to store string pointer * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc); #endif @@ -537,7 +534,7 @@ int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const c * \param oid OID to use * \param desc place to store string pointer * - * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND + * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc); diff --git a/tests/suites/test_suite_x509_oid.function b/tests/suites/test_suite_x509_oid.function index 8273a71519..f10c68dc54 100644 --- a/tests/suites/test_suite_x509_oid.function +++ b/tests/suites/test_suite_x509_oid.function @@ -23,7 +23,7 @@ void oid_get_certificate_policies(data_t *oid, char *result_str) ret = mbedtls_x509_oid_get_certificate_policies(&asn1_buf, &desc); if (strlen(result_str) == 0) { - TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID); } else { TEST_ASSERT(ret == 0); TEST_ASSERT(strcmp((char *) desc, result_str) == 0); @@ -44,7 +44,7 @@ void oid_get_extended_key_usage(data_t *oid, char *result_str) ret = mbedtls_x509_oid_get_extended_key_usage(&asn1_buf, &desc); if (strlen(result_str) == 0) { - TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID); } else { TEST_ASSERT(ret == 0); TEST_ASSERT(strcmp((char *) desc, result_str) == 0); @@ -65,7 +65,7 @@ void oid_get_x509_extension(data_t *oid, int exp_type) ret = mbedtls_x509_oid_get_x509_ext_type(&ext_oid, &ext_type); if (exp_type == 0) { - TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID); } else { TEST_ASSERT(ret == 0); TEST_ASSERT(ext_type == exp_type); @@ -87,7 +87,7 @@ void oid_get_md_alg_id(data_t *oid, int exp_md_id) ret = mbedtls_x509_oid_get_md_alg(&md_oid, &md_id); if (exp_md_id < 0) { - TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID); TEST_ASSERT(md_id == 0); } else { TEST_ASSERT(ret == 0); diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 6a04ff0f5e..c7c465b7e6 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1386,11 +1386,11 @@ x509parse_crt:"307f3075a0030201008204deadbeef30020601300c310a3008060013045465737 X509 CRT ASN1 (TBS, inv AlgID, OID empty) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020600030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_OID_NOT_FOUND) +x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020600030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) X509 CRT ASN1 (TBS, inv AlgID, OID unknown) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30060604deadbeef030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_OID_NOT_FOUND) +x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30060604deadbeef030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) X509 CRT ASN1 (TBS, inv AlgID, param inv length encoding) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C @@ -2845,7 +2845,7 @@ X509 RSASSA-PSS parameters ASN1 (HashAlg with parameters) x509_parse_rsassa_pss_params:"a00f300d06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_DATA) X509 RSASSA-PSS parameters ASN1 (HashAlg unknown OID) -x509_parse_rsassa_pss_params:"a00d300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_OID_NOT_FOUND) +x509_parse_rsassa_pss_params:"a00d300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) X509 RSASSA-PSS parameters ASN1 (good, MGAlg = MGF1-SHA256) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 @@ -2866,7 +2866,7 @@ X509 RSASSA-PSS parameters ASN1 (MGAlg AlgId wrong len #1) x509_parse_rsassa_pss_params:"a11a301906092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 RSASSA-PSS parameters ASN1 (MGAlg OID != MGF1) -x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010109300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, MBEDTLS_ERR_OID_NOT_FOUND) +x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010109300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, MBEDTLS_ERR_X509_UNKNOWN_OID) X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong tag) x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108310b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) @@ -2881,7 +2881,7 @@ X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg not an OID) x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b0709608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg unknown OID) -x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_OID_NOT_FOUND) +x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params NULL) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 From 71ccc723cdf98f314c2ba0c97d5442fc79a1041a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 22:47:50 +0200 Subject: [PATCH 0574/1548] Remove macros for crypto OID Signed-off-by: Gilles Peskine --- library/x509_oid.h | 157 --------------------------------------------- 1 file changed, 157 deletions(-) diff --git a/library/x509_oid.h b/library/x509_oid.h index 6b2da9895a..51cf96c862 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -195,7 +195,6 @@ /* * PKCS#1 OIDs */ -#define MBEDTLS_OID_PKCS1_RSA MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */ #define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */ #define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */ #define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */ @@ -234,67 +233,6 @@ #define MBEDTLS_OID_DIGEST_ALG_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x0a" /**< id-sha3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-512(10) } */ - -#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */ - -#define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */ - -#define MBEDTLS_OID_HMAC_SHA256 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */ - -#define MBEDTLS_OID_HMAC_SHA384 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */ - -#define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */ - -#define MBEDTLS_OID_HMAC_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x0d" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-224(13) } */ - -#define MBEDTLS_OID_HMAC_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x0e" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-256(14) } */ - -#define MBEDTLS_OID_HMAC_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x0f" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-384(15) } */ - -#define MBEDTLS_OID_HMAC_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x10" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-512(16) } */ - -#define MBEDTLS_OID_HMAC_RIPEMD160 MBEDTLS_OID_INTERNET "\x05\x05\x08\x01\x04" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) iso-identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1) hmacRIPEMD160(4)} */ - -/* - * Encryption algorithms, - * the following standardized object identifiers are specified at - * https://datatracker.ietf.org/doc/html/rfc8018#appendix-C. - */ -#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG \ - MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */ -#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */ -#define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */ -#define MBEDTLS_OID_AES_128_CBC MBEDTLS_OID_AES "\x02" /** aes128-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes128-CBC-PAD(2) } */ -#define MBEDTLS_OID_AES_192_CBC MBEDTLS_OID_AES "\x16" /** aes192-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes192-CBC-PAD(22) } */ -#define MBEDTLS_OID_AES_256_CBC MBEDTLS_OID_AES "\x2a" /** aes256-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes256-CBC-PAD(42) } */ - -/* - * Key Wrapping algorithms - */ -/* - * RFC 5649 - */ -#define MBEDTLS_OID_AES128_KW MBEDTLS_OID_AES "\x05" /** id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 } */ -#define MBEDTLS_OID_AES128_KWP MBEDTLS_OID_AES "\x08" /** id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 } */ -#define MBEDTLS_OID_AES192_KW MBEDTLS_OID_AES "\x19" /** id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 } */ -#define MBEDTLS_OID_AES192_KWP MBEDTLS_OID_AES "\x1c" /** id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 } */ -#define MBEDTLS_OID_AES256_KW MBEDTLS_OID_AES "\x2d" /** id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 } */ -#define MBEDTLS_OID_AES256_KWP MBEDTLS_OID_AES "\x30" /** id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 } */ -/* - * PKCS#5 OIDs - */ -#define MBEDTLS_OID_PKCS5_PBKDF2 MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */ -#define MBEDTLS_OID_PKCS5_PBES2 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */ -#define MBEDTLS_OID_PKCS5_PBMAC1 MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */ - -/* - * PKCS#5 PBES1 algorithms - */ -#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */ -#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */ -#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */ -#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */ - /* * PKCS#7 OIDs */ @@ -305,95 +243,8 @@ #define MBEDTLS_OID_PKCS7_DIGESTED_DATA MBEDTLS_OID_PKCS7 "\x05" /**< Content type is Digested Data OBJECT IDENTIFIER ::= {pkcs-7 5} */ #define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x06" /**< Content type is Encrypted Data OBJECT IDENTIFIER ::= {pkcs-7 6} */ -/* - * PKCS#8 OIDs - */ #define MBEDTLS_OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */ -/* - * PKCS#12 PBE OIDs - */ -#define MBEDTLS_OID_PKCS12_PBE MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */ - -#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */ -#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */ -#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */ -#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */ - -/* - * EC key algorithms from RFC 5480 - */ - -/* id-ecPublicKey OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */ -#define MBEDTLS_OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_ANSI_X9_62 "\x02\01" - -/* id-ecDH OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) - * schemes(1) ecdh(12) } */ -#define MBEDTLS_OID_EC_ALG_ECDH MBEDTLS_OID_CERTICOM "\x01\x0c" - -/* - * ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2 - */ - -/* secp192r1 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */ -#define MBEDTLS_OID_EC_GRP_SECP192R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01" - -/* secp224r1 OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) 33 } */ -#define MBEDTLS_OID_EC_GRP_SECP224R1 MBEDTLS_OID_CERTICOM "\x00\x21" - -/* secp256r1 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */ -#define MBEDTLS_OID_EC_GRP_SECP256R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07" - -/* secp384r1 OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) 34 } */ -#define MBEDTLS_OID_EC_GRP_SECP384R1 MBEDTLS_OID_CERTICOM "\x00\x22" - -/* secp521r1 OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) 35 } */ -#define MBEDTLS_OID_EC_GRP_SECP521R1 MBEDTLS_OID_CERTICOM "\x00\x23" - -/* secp192k1 OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) 31 } */ -#define MBEDTLS_OID_EC_GRP_SECP192K1 MBEDTLS_OID_CERTICOM "\x00\x1f" - -/* secp224k1 OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) 32 } */ -#define MBEDTLS_OID_EC_GRP_SECP224K1 MBEDTLS_OID_CERTICOM "\x00\x20" - -/* secp256k1 OBJECT IDENTIFIER ::= { - * iso(1) identified-organization(3) certicom(132) curve(0) 10 } */ -#define MBEDTLS_OID_EC_GRP_SECP256K1 MBEDTLS_OID_CERTICOM "\x00\x0a" - -/* RFC 5639 4.1 - * ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1) - * identified-organization(3) teletrust(36) algorithm(3) signature- - * algorithm(3) ecSign(2) 8} - * ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1} - * versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */ -#define MBEDTLS_OID_EC_BRAINPOOL_V1 MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01" - -/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */ -#define MBEDTLS_OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07" - -/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */ -#define MBEDTLS_OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B" - -/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */ -#define MBEDTLS_OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D" - -/* - * SEC1 C.1 - * - * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } - * id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)} - */ -#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62 "\x01" -#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01" /* * ECDSA signature identifiers, from RFC 5480 @@ -425,14 +276,6 @@ * ecdsa-with-SHA2(3) 4 } */ #define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04" -/* - * EC key algorithms from RFC 8410 - */ - -#define MBEDTLS_OID_X25519 MBEDTLS_OID_THAWTE "\x6e" /**< id-X25519 OBJECT IDENTIFIER ::= { 1 3 101 110 } */ -#define MBEDTLS_OID_X448 MBEDTLS_OID_THAWTE "\x6f" /**< id-X448 OBJECT IDENTIFIER ::= { 1 3 101 111 } */ -#define MBEDTLS_OID_ED25519 MBEDTLS_OID_THAWTE "\x70" /**< id-Ed25519 OBJECT IDENTIFIER ::= { 1 3 101 112 } */ -#define MBEDTLS_OID_ED448 MBEDTLS_OID_THAWTE "\x71" /**< id-Ed448 OBJECT IDENTIFIER ::= { 1 3 101 113 } */ #ifdef __cplusplus extern "C" { From f9ca8ed9ddacdff3ef9b9a9ff0902a02c072a79d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 20:10:35 +0200 Subject: [PATCH 0575/1548] Create a public header file for OID values This will be a subset of the former ``, with only macro definitions, no function declarations. Signed-off-by: Gilles Peskine --- include/mbedtls/oid.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 include/mbedtls/oid.h diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h new file mode 100644 index 0000000000..27ea58024e --- /dev/null +++ b/include/mbedtls/oid.h @@ -0,0 +1,16 @@ +/** + * \file oid.h + * + * \brief Object Identifier (OID) values + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ +#ifndef MBEDTLS_OID_H +#define MBEDTLS_OID_H + +#include "mbedtls/build_info.h" + + +#endif /* oid.h */ From cd4c0d7b005e632a77f6618117eeae578a98c780 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 23:45:12 +0200 Subject: [PATCH 0576/1548] Move OID string definitions back to mbedtls/oid.h Some code that parses or writes X.509 needs to know OID values. We provide a convenient list. Don't remove this list from the public interface of the library. For user convenience, expose these values in the same header as before and with the same name as before: `MBEDTLS_OID_xxx` in ``. Signed-off-by: Gilles Peskine --- include/mbedtls/oid.h | 251 ++++++++++++++++++++ library/pkcs7.c | 1 + library/x509.c | 1 + library/x509_create.c | 1 + library/x509_crt.c | 1 + library/x509_csr.c | 1 + library/x509_oid.c | 1 + library/x509_oid.h | 253 --------------------- library/x509write_crt.c | 1 + library/x509write_csr.c | 1 + tests/suites/test_suite_x509parse.function | 1 + tests/suites/test_suite_x509write.function | 1 + 12 files changed, 261 insertions(+), 253 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 27ea58024e..5ef87d3d6a 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -12,5 +12,256 @@ #include "mbedtls/build_info.h" +/* + * Top level OID tuples + */ +#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */ +#define MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x2b" /* {iso(1) identified-organization(3)} */ +#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */ +#define MBEDTLS_OID_ISO_ITU_COUNTRY "\x60" /* {joint-iso-itu-t(2) country(16)} */ + +/* + * ISO Member bodies OID parts + */ +#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */ +#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */ +#define MBEDTLS_OID_RSA_COMPANY MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ + MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */ +#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */ +#define MBEDTLS_OID_ANSI_X9_62 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ + MBEDTLS_OID_ORG_ANSI_X9_62 + +/* + * ISO Identified organization OID parts + */ +#define MBEDTLS_OID_ORG_DOD "\x06" /* {dod(6)} */ +#define MBEDTLS_OID_ORG_OIW "\x0e" +#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03" +#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02" +#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a" +#define MBEDTLS_OID_ORG_THAWTE "\x65" /* thawte(101) */ +#define MBEDTLS_OID_THAWTE MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_ORG_THAWTE +#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */ +#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_ORG_CERTICOM +#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */ +#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_ORG_TELETRUST + +/* + * ISO ITU OID parts + */ +#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */ +#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US \ + MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */ + +#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */ +#define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */ + +#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */ +#define MBEDTLS_OID_NETSCAPE MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */ + +/* ISO arc for standard certificate and CRL extensions */ +#define MBEDTLS_OID_ID_CE MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */ + +#define MBEDTLS_OID_NIST_ALG MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) */ + +/** + * Private Internet Extensions + * { iso(1) identified-organization(3) dod(6) internet(1) + * security(5) mechanisms(5) pkix(7) } + */ +#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD \ + "\x01" +#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07" + +/* + * Arc for standard naming attributes + */ +#define MBEDTLS_OID_AT MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */ +#define MBEDTLS_OID_AT_CN MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */ +#define MBEDTLS_OID_AT_SUR_NAME MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */ +#define MBEDTLS_OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */ +#define MBEDTLS_OID_AT_COUNTRY MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */ +#define MBEDTLS_OID_AT_LOCALITY MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */ +#define MBEDTLS_OID_AT_STATE MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */ +#define MBEDTLS_OID_AT_ORGANIZATION MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */ +#define MBEDTLS_OID_AT_ORG_UNIT MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */ +#define MBEDTLS_OID_AT_TITLE MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */ +#define MBEDTLS_OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */ +#define MBEDTLS_OID_AT_POSTAL_CODE MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */ +#define MBEDTLS_OID_AT_GIVEN_NAME MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */ +#define MBEDTLS_OID_AT_INITIALS MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */ +#define MBEDTLS_OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */ +#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributeType:= {id-at 45} */ +#define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */ +#define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */ + +#define MBEDTLS_OID_UID "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */ +#define MBEDTLS_OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */ + +/* + * OIDs for standard certificate extensions + */ +#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */ +#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */ +#define MBEDTLS_OID_KEY_USAGE MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */ +#define MBEDTLS_OID_CERTIFICATE_POLICIES MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */ +#define MBEDTLS_OID_POLICY_MAPPINGS MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */ +#define MBEDTLS_OID_SUBJECT_ALT_NAME MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */ +#define MBEDTLS_OID_ISSUER_ALT_NAME MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */ +#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */ +#define MBEDTLS_OID_BASIC_CONSTRAINTS MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */ +#define MBEDTLS_OID_NAME_CONSTRAINTS MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */ +#define MBEDTLS_OID_POLICY_CONSTRAINTS MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */ +#define MBEDTLS_OID_EXTENDED_KEY_USAGE MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */ +#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */ +#define MBEDTLS_OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */ +#define MBEDTLS_OID_FRESHEST_CRL MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */ + +/* + * Certificate policies + */ +#define MBEDTLS_OID_ANY_POLICY MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */ + +/* + * Netscape certificate extensions + */ +#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01" +#define MBEDTLS_OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT "\x01" +#define MBEDTLS_OID_NS_BASE_URL MBEDTLS_OID_NS_CERT "\x02" +#define MBEDTLS_OID_NS_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x03" +#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04" +#define MBEDTLS_OID_NS_RENEWAL_URL MBEDTLS_OID_NS_CERT "\x07" +#define MBEDTLS_OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CERT "\x08" +#define MBEDTLS_OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_CERT "\x0C" +#define MBEDTLS_OID_NS_COMMENT MBEDTLS_OID_NS_CERT "\x0D" +#define MBEDTLS_OID_NS_DATA_TYPE MBEDTLS_OID_NETSCAPE "\x02" +#define MBEDTLS_OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_DATA_TYPE "\x05" + +/* + * OIDs for CRL extensions + */ +#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10" +#define MBEDTLS_OID_CRL_NUMBER MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */ + +/* + * X.509 v3 Extended key usage OIDs + */ +#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */ + +#define MBEDTLS_OID_KP MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */ +#define MBEDTLS_OID_SERVER_AUTH MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */ +#define MBEDTLS_OID_CLIENT_AUTH MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */ +#define MBEDTLS_OID_CODE_SIGNING MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */ +#define MBEDTLS_OID_EMAIL_PROTECTION MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */ +#define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */ +#define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */ + +/** + * Wi-SUN Alliance Field Area Network + * { iso(1) identified-organization(3) dod(6) internet(1) + * private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) } + */ +#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01" + +#define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */ +#define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */ + +/* + * PKCS definition OIDs + */ + +#define MBEDTLS_OID_PKCS MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */ +#define MBEDTLS_OID_PKCS1 MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */ +#define MBEDTLS_OID_PKCS5 MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */ +#define MBEDTLS_OID_PKCS7 MBEDTLS_OID_PKCS "\x07" /**< pkcs-7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 } */ +#define MBEDTLS_OID_PKCS9 MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */ +#define MBEDTLS_OID_PKCS12 MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */ + +/* + * PKCS#1 OIDs + */ +#define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */ +#define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */ +#define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */ +#define MBEDTLS_OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */ +#define MBEDTLS_OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */ +#define MBEDTLS_OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */ + +#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D" + +#define MBEDTLS_OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */ + +/* RFC 4055 */ +#define MBEDTLS_OID_RSASSA_PSS MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */ +#define MBEDTLS_OID_MGF1 MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */ + +/* + * Digest algorithms + */ +#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */ +#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG \ + MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */ +#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */ +#define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA384 MBEDTLS_OID_NIST_ALG "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA512 MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */ + +#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x07" /**< id-sha3-224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-224(7) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x08" /**< id-sha3-256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-256(8) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x09" /**< id-sha3-384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-384(9) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x0a" /**< id-sha3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-512(10) } */ + +/* + * PKCS#7 OIDs + */ +#define MBEDTLS_OID_PKCS7_DATA MBEDTLS_OID_PKCS7 "\x01" /**< Content type is Data OBJECT IDENTIFIER ::= {pkcs-7 1} */ +#define MBEDTLS_OID_PKCS7_SIGNED_DATA MBEDTLS_OID_PKCS7 "\x02" /**< Content type is Signed Data OBJECT IDENTIFIER ::= {pkcs-7 2} */ +#define MBEDTLS_OID_PKCS7_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x03" /**< Content type is Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 3} */ +#define MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x04" /**< Content type is Signed and Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 4} */ +#define MBEDTLS_OID_PKCS7_DIGESTED_DATA MBEDTLS_OID_PKCS7 "\x05" /**< Content type is Digested Data OBJECT IDENTIFIER ::= {pkcs-7 5} */ +#define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x06" /**< Content type is Encrypted Data OBJECT IDENTIFIER ::= {pkcs-7 6} */ + +#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */ + + +/* + * ECDSA signature identifiers, from RFC 5480 + */ +#define MBEDTLS_OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */ +#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */ + +/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */ +#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01" + +/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + * ecdsa-with-SHA2(3) 1 } */ +#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01" + +/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + * ecdsa-with-SHA2(3) 2 } */ +#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02" + +/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + * ecdsa-with-SHA2(3) 3 } */ +#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03" + +/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + * ecdsa-with-SHA2(3) 4 } */ +#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04" #endif /* oid.h */ diff --git a/library/pkcs7.c b/library/pkcs7.c index cfe570a788..3481cbdb1b 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -9,6 +9,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/error.h" diff --git a/library/x509.c b/library/x509.c index 54275ebce0..f315821fdf 100644 --- a/library/x509.c +++ b/library/x509.c @@ -21,6 +21,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/error.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include diff --git a/library/x509_create.c b/library/x509_create.c index 7621698d5a..e5ade5d997 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -11,6 +11,7 @@ #include "mbedtls/asn1write.h" #include "mbedtls/error.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include diff --git a/library/x509_crt.c b/library/x509_crt.c index 0b0e8d1e91..0a43d8789f 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -23,6 +23,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/error.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_csr.c b/library/x509_csr.c index 0a77bef39b..32a3bb2e78 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -21,6 +21,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/error.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_oid.c b/library/x509_oid.c index 3517ee3841..e8bd0d19d8 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -11,6 +11,7 @@ #if defined(MBEDTLS_OID_C) +#include "mbedtls/oid.h" #include "x509_oid.h" #include diff --git a/library/x509_oid.h b/library/x509_oid.h index 51cf96c862..f3646f8a1a 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -24,259 +24,6 @@ */ #define MBEDTLS_OID_MAX_COMPONENTS 128 -/* - * Top level OID tuples - */ -#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */ -#define MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x2b" /* {iso(1) identified-organization(3)} */ -#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */ -#define MBEDTLS_OID_ISO_ITU_COUNTRY "\x60" /* {joint-iso-itu-t(2) country(16)} */ - -/* - * ISO Member bodies OID parts - */ -#define MBEDTLS_OID_COUNTRY_US "\x86\x48" /* {us(840)} */ -#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */ -#define MBEDTLS_OID_RSA_COMPANY MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ - MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */ -#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */ -#define MBEDTLS_OID_ANSI_X9_62 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \ - MBEDTLS_OID_ORG_ANSI_X9_62 - -/* - * ISO Identified organization OID parts - */ -#define MBEDTLS_OID_ORG_DOD "\x06" /* {dod(6)} */ -#define MBEDTLS_OID_ORG_OIW "\x0e" -#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03" -#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02" -#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a" -#define MBEDTLS_OID_ORG_THAWTE "\x65" /* thawte(101) */ -#define MBEDTLS_OID_THAWTE MBEDTLS_OID_ISO_IDENTIFIED_ORG \ - MBEDTLS_OID_ORG_THAWTE -#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */ -#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG \ - MBEDTLS_OID_ORG_CERTICOM -#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */ -#define MBEDTLS_OID_TELETRUST MBEDTLS_OID_ISO_IDENTIFIED_ORG \ - MBEDTLS_OID_ORG_TELETRUST - -/* - * ISO ITU OID parts - */ -#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */ -#define MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US \ - MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */ - -#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */ -#define MBEDTLS_OID_GOV MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */ - -#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */ -#define MBEDTLS_OID_NETSCAPE MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */ - -/* ISO arc for standard certificate and CRL extensions */ -#define MBEDTLS_OID_ID_CE MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} */ - -#define MBEDTLS_OID_NIST_ALG MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) */ - -/** - * Private Internet Extensions - * { iso(1) identified-organization(3) dod(6) internet(1) - * security(5) mechanisms(5) pkix(7) } - */ -#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD \ - "\x01" -#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07" - -/* - * Arc for standard naming attributes - */ -#define MBEDTLS_OID_AT MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */ -#define MBEDTLS_OID_AT_CN MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */ -#define MBEDTLS_OID_AT_SUR_NAME MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */ -#define MBEDTLS_OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */ -#define MBEDTLS_OID_AT_COUNTRY MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */ -#define MBEDTLS_OID_AT_LOCALITY MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */ -#define MBEDTLS_OID_AT_STATE MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */ -#define MBEDTLS_OID_AT_ORGANIZATION MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */ -#define MBEDTLS_OID_AT_ORG_UNIT MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */ -#define MBEDTLS_OID_AT_TITLE MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */ -#define MBEDTLS_OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */ -#define MBEDTLS_OID_AT_POSTAL_CODE MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */ -#define MBEDTLS_OID_AT_GIVEN_NAME MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */ -#define MBEDTLS_OID_AT_INITIALS MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */ -#define MBEDTLS_OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */ -#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributeType:= {id-at 45} */ -#define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */ -#define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */ - -#define MBEDTLS_OID_UID "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */ -#define MBEDTLS_OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */ - -/* - * OIDs for standard certificate extensions - */ -#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */ -#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */ -#define MBEDTLS_OID_KEY_USAGE MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } */ -#define MBEDTLS_OID_CERTIFICATE_POLICIES MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */ -#define MBEDTLS_OID_POLICY_MAPPINGS MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } */ -#define MBEDTLS_OID_SUBJECT_ALT_NAME MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } */ -#define MBEDTLS_OID_ISSUER_ALT_NAME MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } */ -#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */ -#define MBEDTLS_OID_BASIC_CONSTRAINTS MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } */ -#define MBEDTLS_OID_NAME_CONSTRAINTS MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } */ -#define MBEDTLS_OID_POLICY_CONSTRAINTS MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } */ -#define MBEDTLS_OID_EXTENDED_KEY_USAGE MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */ -#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */ -#define MBEDTLS_OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */ -#define MBEDTLS_OID_FRESHEST_CRL MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */ - -/* - * Certificate policies - */ -#define MBEDTLS_OID_ANY_POLICY MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */ - -/* - * Netscape certificate extensions - */ -#define MBEDTLS_OID_NS_CERT MBEDTLS_OID_NETSCAPE "\x01" -#define MBEDTLS_OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT "\x01" -#define MBEDTLS_OID_NS_BASE_URL MBEDTLS_OID_NS_CERT "\x02" -#define MBEDTLS_OID_NS_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x03" -#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04" -#define MBEDTLS_OID_NS_RENEWAL_URL MBEDTLS_OID_NS_CERT "\x07" -#define MBEDTLS_OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CERT "\x08" -#define MBEDTLS_OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_CERT "\x0C" -#define MBEDTLS_OID_NS_COMMENT MBEDTLS_OID_NS_CERT "\x0D" -#define MBEDTLS_OID_NS_DATA_TYPE MBEDTLS_OID_NETSCAPE "\x02" -#define MBEDTLS_OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_DATA_TYPE "\x05" - -/* - * OIDs for CRL extensions - */ -#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10" -#define MBEDTLS_OID_CRL_NUMBER MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */ - -/* - * X.509 v3 Extended key usage OIDs - */ -#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */ - -#define MBEDTLS_OID_KP MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */ -#define MBEDTLS_OID_SERVER_AUTH MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */ -#define MBEDTLS_OID_CLIENT_AUTH MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */ -#define MBEDTLS_OID_CODE_SIGNING MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */ -#define MBEDTLS_OID_EMAIL_PROTECTION MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */ -#define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */ -#define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */ - -/** - * Wi-SUN Alliance Field Area Network - * { iso(1) identified-organization(3) dod(6) internet(1) - * private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) } - */ -#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01" - -#define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */ -#define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */ - -/* - * PKCS definition OIDs - */ - -#define MBEDTLS_OID_PKCS MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */ -#define MBEDTLS_OID_PKCS1 MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */ -#define MBEDTLS_OID_PKCS5 MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */ -#define MBEDTLS_OID_PKCS7 MBEDTLS_OID_PKCS "\x07" /**< pkcs-7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 } */ -#define MBEDTLS_OID_PKCS9 MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */ -#define MBEDTLS_OID_PKCS12 MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */ - -/* - * PKCS#1 OIDs - */ -#define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */ -#define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */ -#define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */ -#define MBEDTLS_OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */ -#define MBEDTLS_OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */ -#define MBEDTLS_OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */ - -#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D" - -#define MBEDTLS_OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */ - -/* RFC 4055 */ -#define MBEDTLS_OID_RSASSA_PSS MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */ -#define MBEDTLS_OID_MGF1 MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */ - -/* - * Digest algorithms - */ -#define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */ -#define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG \ - MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */ -#define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */ -#define MBEDTLS_OID_DIGEST_ALG_SHA256 MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA384 MBEDTLS_OID_NIST_ALG "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA512 MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */ - -#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x07" /**< id-sha3-224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-224(7) } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x08" /**< id-sha3-256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-256(8) } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x09" /**< id-sha3-384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-384(9) } */ - -#define MBEDTLS_OID_DIGEST_ALG_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x0a" /**< id-sha3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-512(10) } */ - -/* - * PKCS#7 OIDs - */ -#define MBEDTLS_OID_PKCS7_DATA MBEDTLS_OID_PKCS7 "\x01" /**< Content type is Data OBJECT IDENTIFIER ::= {pkcs-7 1} */ -#define MBEDTLS_OID_PKCS7_SIGNED_DATA MBEDTLS_OID_PKCS7 "\x02" /**< Content type is Signed Data OBJECT IDENTIFIER ::= {pkcs-7 2} */ -#define MBEDTLS_OID_PKCS7_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x03" /**< Content type is Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 3} */ -#define MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x04" /**< Content type is Signed and Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 4} */ -#define MBEDTLS_OID_PKCS7_DIGESTED_DATA MBEDTLS_OID_PKCS7 "\x05" /**< Content type is Digested Data OBJECT IDENTIFIER ::= {pkcs-7 5} */ -#define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x06" /**< Content type is Encrypted Data OBJECT IDENTIFIER ::= {pkcs-7 6} */ - -#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */ - - -/* - * ECDSA signature identifiers, from RFC 5480 - */ -#define MBEDTLS_OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */ -#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */ - -/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */ -#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01" - -/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) - * ecdsa-with-SHA2(3) 1 } */ -#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01" - -/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) - * ecdsa-with-SHA2(3) 2 } */ -#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02" - -/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) - * ecdsa-with-SHA2(3) 3 } */ -#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03" - -/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { - * iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) - * ecdsa-with-SHA2(3) 4 } */ -#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04" - - #ifdef __cplusplus extern "C" { #endif diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 6cc281a195..e530ae8dbe 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -18,6 +18,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" diff --git a/library/x509write_csr.c b/library/x509write_csr.c index f3dc9d9dac..b353d37de5 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -17,6 +17,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 19b37b3102..d03884ffe9 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -6,6 +6,7 @@ #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/base64.h" #include "mbedtls/error.h" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index e30eed949d..f43e01ea9e 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -4,6 +4,7 @@ #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/rsa.h" #include "mbedtls/asn1.h" From 63544116703e43c21fd3867d32028d14bb511e1e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 May 2025 20:23:25 +0200 Subject: [PATCH 0577/1548] Remove unused function mbedtls_oid_get_md_alg() is used in X.509, but mbedtls_oid_get_oid_by_md() is only used in crypto. Signed-off-by: Gilles Peskine --- library/x509_oid.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/library/x509_oid.c b/library/x509_oid.c index e8bd0d19d8..06a9e92fc8 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -578,10 +578,5 @@ static const oid_md_alg_t oid_md_alg[] = FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) FN_OID_GET_ATTR1(mbedtls_x509_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) -FN_OID_GET_OID_BY_ATTR1(mbedtls_x509_oid_get_oid_by_md, - oid_md_alg_t, - oid_md_alg, - mbedtls_md_type_t, - md_alg) #endif /* MBEDTLS_OID_C */ From 02ec5855184a1281e3901c280fca7a8253d19c10 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 May 2025 20:52:07 +0200 Subject: [PATCH 0578/1548] Replace MBEDTLS_OID_C by function-specific dependencies For each function in `x509_oid.c`, determine where it is used and only include it in the build if it is needed by the X.509 code. Define the corresponding internal tables only when they are consumed by a function. This makes Mbed TLS completely independent of the compilation option `MBEDTLS_OID_C`. This option remains present only in sample configs for crypto, where it must stay until TF-PSA-Crypto no longer relies on this option. Signed-off-by: Gilles Peskine --- include/mbedtls/check_config.h | 8 ++---- include/mbedtls/mbedtls_config.h | 6 ++-- library/x509_oid.c | 33 ++++++++++++++++++---- library/x509_oid.h | 19 +++++++++++-- tests/suites/test_suite_x509_oid.function | 13 +++------ tests/suites/test_suite_x509parse.function | 2 +- 6 files changed, 55 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 4328f7198c..22ddaa80fd 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -287,14 +287,12 @@ #endif #if defined(MBEDTLS_X509_USE_C) && \ - (!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \ - !defined(MBEDTLS_PK_PARSE_C)) + (!defined(MBEDTLS_ASN1_PARSE_C) || !defined(MBEDTLS_PK_PARSE_C)) #error "MBEDTLS_X509_USE_C defined, but not all prerequisites" #endif #if defined(MBEDTLS_X509_CREATE_C) && \ - (!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \ - !defined(MBEDTLS_PK_PARSE_C)) + (!defined(MBEDTLS_ASN1_WRITE_C) || !defined(MBEDTLS_PK_PARSE_C)) #error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites" #endif @@ -389,7 +387,7 @@ #endif #if defined(MBEDTLS_PKCS7_C) && ( ( !defined(MBEDTLS_ASN1_PARSE_C) ) || \ - ( !defined(MBEDTLS_OID_C) ) || ( !defined(MBEDTLS_PK_PARSE_C) ) || \ + ( !defined(MBEDTLS_PK_PARSE_C) ) || \ ( !defined(MBEDTLS_X509_CRT_PARSE_C) ) || \ ( !defined(MBEDTLS_X509_CRL_PARSE_C) ) || \ ( !defined(MBEDTLS_MD_C) ) ) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index d5a488341d..ddab7d0c32 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1100,7 +1100,7 @@ * * Module: library/pkcs7.c * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_PK_PARSE_C, * MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C, * MBEDTLS_BIGNUM_C, MBEDTLS_MD_C * @@ -1115,7 +1115,7 @@ * * Module: library/x509_create.c * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, + * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_PK_PARSE_C, * * \warning You must call psa_crypto_init() before doing any X.509 operation. * @@ -1247,7 +1247,7 @@ * library/x509_crt.c * library/x509_csr.c * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_PK_PARSE_C * * \warning You must call psa_crypto_init() before doing any X.509 operation. * diff --git a/library/x509_oid.c b/library/x509_oid.c index 06a9e92fc8..80c8873452 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -9,7 +9,10 @@ #include "x509_internal.h" -#if defined(MBEDTLS_OID_C) +/* Each group of tables and functions has its own dependencies, but + * don't even bother to define helper macros if X.509 is completely + * disabled. */ +#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) #include "mbedtls/oid.h" #include "x509_oid.h" @@ -145,6 +148,7 @@ /* * For X520 attribute types */ +#if defined(MBEDTLS_X509_USE_C) typedef struct { mbedtls_x509_oid_descriptor_t descriptor; const char *short_name; @@ -259,10 +263,12 @@ FN_OID_GET_ATTR1(mbedtls_x509_oid_get_attr_short_name, x520_attr, const char *, short_name) +#endif /* MBEDTLS_X509_USE_C */ /* * For X509 extensions */ +#if defined(MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE) typedef struct { mbedtls_x509_oid_descriptor_t descriptor; int ext_type; @@ -324,8 +330,9 @@ static const oid_x509_ext_t oid_x509_ext[] = FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext) FN_OID_GET_ATTR1(mbedtls_x509_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) +#endif /* MBEDTLS_X509_CRT_PARSE_C || MBEDTLS_X509_CSR_PARSE_C */ -#if !defined(MBEDTLS_X509_REMOVE_INFO) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) static const mbedtls_x509_oid_descriptor_t oid_ext_key_usage[] = { OID_DESCRIPTOR(MBEDTLS_OID_SERVER_AUTH, @@ -364,11 +371,13 @@ FN_OID_GET_ATTR1(mbedtls_x509_oid_get_certificate_policies, certificate_policies, const char *, description) -#endif /* MBEDTLS_X509_REMOVE_INFO */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_INFO */ /* * For SignatureAlgorithmIdentifier */ +#if defined(MBEDTLS_X509_USE_C) || \ + defined(MBEDTLS_X509_CRT_WRITE_C) || defined(MBEDTLS_X509_CSR_WRITE_C) typedef struct { mbedtls_x509_oid_descriptor_t descriptor; mbedtls_md_type_t md_alg; @@ -471,14 +480,15 @@ static const oid_sig_alg_t oid_sig_alg[] = FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg) -#if !defined(MBEDTLS_X509_REMOVE_INFO) +#if defined(MBEDTLS_X509_USE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_x509_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description) -#endif +#endif /* MBEDTLS_X509_USE_C && !MBEDTLS_X509_REMOVE_INFO */ +#if defined(MBEDTLS_X509_USE_C) FN_OID_GET_ATTR2(mbedtls_x509_oid_get_sig_alg, oid_sig_alg_t, sig_alg, @@ -486,6 +496,8 @@ FN_OID_GET_ATTR2(mbedtls_x509_oid_get_sig_alg, md_alg, mbedtls_pk_type_t, pk_alg) +#endif /* MBEDTLS_X509_USE_C */ +#if defined(MBEDTLS_X509_CRT_WRITE_C) || defined(MBEDTLS_X509_CSR_WRITE_C) FN_OID_GET_OID_BY_ATTR2(mbedtls_x509_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, @@ -493,10 +505,17 @@ FN_OID_GET_OID_BY_ATTR2(mbedtls_x509_oid_get_oid_by_sig_alg, pk_alg, mbedtls_md_type_t, md_alg) +#endif /* MBEDTLS_X509_CRT_WRITE_C || MBEDTLS_X509_CSR_WRITE_C */ + +#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CRT_WRITE_C || MBEDTLS_X509_CSR_WRITE_C */ +#if defined(MBEDTLS_X509_OID_HAVE_GET_MD_ALG) /* * For digestAlgorithm */ +/* The table of digest OIDs is duplicated in TF-PSA-Crypto (which uses it to + * look up the OID for a hash algorithm in RSA PKCS#1v1.5 signature and + * verification). */ typedef struct { mbedtls_x509_oid_descriptor_t descriptor; mbedtls_md_type_t md_alg; @@ -579,4 +598,6 @@ static const oid_md_alg_t oid_md_alg[] = FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) FN_OID_GET_ATTR1(mbedtls_x509_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) -#endif /* MBEDTLS_OID_C */ +#endif /* (MBEDTLS_X509_USE_C && MBEDTLS_X509_RSASSA_PSS_SUPPORT) || MBEDTLS_PKCS7_C */ + +#endif /* some X.509 is enabled */ diff --git a/library/x509_oid.h b/library/x509_oid.h index f3646f8a1a..c2fe8dc403 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -40,6 +40,8 @@ typedef struct { #endif } mbedtls_x509_oid_descriptor_t; +#if defined(MBEDTLS_X509_CRT_PARSE_C) || defined(MBEDTLS_X509_CSR_PARSE_C) +#define MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE /** * \brief Translate an X.509 extension OID into local values * @@ -49,7 +51,9 @@ typedef struct { * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type); +#endif /* MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE */ +#if defined(MBEDTLS_X509_USE_C) /** * \brief Translate an X.509 attribute type OID into the short name * (e.g. the OID for an X520 Common Name into "CN") @@ -60,7 +64,9 @@ int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_typ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name); +#endif /* MBEDTLS_X509_USE_C */ +#if defined(MBEDTLS_X509_USE_C) /** * \brief Translate SignatureAlgorithm OID into md_type and pk_type * @@ -73,6 +79,7 @@ int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); +#if !defined(MBEDTLS_X509_REMOVE_INFO) /** * \brief Translate SignatureAlgorithm OID into description * @@ -82,7 +89,10 @@ int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid, * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc); +#endif /* !MBEDTLS_X509_REMOVE_INFO */ +#endif /* MBEDTLS_X509_USE_C */ +#if defined(MBEDTLS_X509_CRT_WRITE_C) || defined(MBEDTLS_X509_CSR_WRITE_C) /** * \brief Translate md_type and pk_type into SignatureAlgorithm OID * @@ -95,7 +105,11 @@ int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char ** */ int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const char **oid, size_t *olen); +#endif /* MBEDTLS_X509_CRT_WRITE_C || MBEDTLS_X509_CSR_WRITE_C */ +#if (defined(MBEDTLS_X509_USE_C) && defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)) || \ + defined(MBEDTLS_PKCS7_C) +#define MBEDTLS_X509_OID_HAVE_GET_MD_ALG /** * \brief Translate hash algorithm OID into md_type * @@ -105,8 +119,9 @@ int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_typ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg); +#endif /* MBEDTLS_X509_OID_HAVE_GET_MD_ALG */ -#if !defined(MBEDTLS_X509_REMOVE_INFO) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) /** * \brief Translate Extended Key Usage OID into description * @@ -116,7 +131,6 @@ int mbedtls_x509_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t * * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc); -#endif /** * \brief Translate certificate policies OID into description @@ -127,6 +141,7 @@ int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const c * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc); +#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_INFO */ #ifdef __cplusplus } diff --git a/tests/suites/test_suite_x509_oid.function b/tests/suites/test_suite_x509_oid.function index f10c68dc54..b988aa0f67 100644 --- a/tests/suites/test_suite_x509_oid.function +++ b/tests/suites/test_suite_x509_oid.function @@ -5,12 +5,7 @@ #include "string.h" /* END_HEADER */ -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_OID_C:!MBEDTLS_X509_REMOVE_INFO - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void oid_get_certificate_policies(data_t *oid, char *result_str) { mbedtls_asn1_buf asn1_buf = { 0, 0, NULL }; @@ -31,7 +26,7 @@ void oid_get_certificate_policies(data_t *oid, char *result_str) } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void oid_get_extended_key_usage(data_t *oid, char *result_str) { mbedtls_asn1_buf asn1_buf = { 0, 0, NULL }; @@ -52,7 +47,7 @@ void oid_get_extended_key_usage(data_t *oid, char *result_str) } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE */ void oid_get_x509_extension(data_t *oid, int exp_type) { mbedtls_asn1_buf ext_oid = { 0, 0, NULL }; @@ -73,7 +68,7 @@ void oid_get_x509_extension(data_t *oid, int exp_type) } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_OID_HAVE_GET_MD_ALG */ void oid_get_md_alg_id(data_t *oid, int exp_md_id) { mbedtls_asn1_buf md_oid = { 0, 0, NULL }; diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index d03884ffe9..9ee693e665 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1504,7 +1504,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C:!MBEDTLS_X509_REMOVE_INFO */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void x509_oid_desc(data_t *buf, char *ref_desc) { mbedtls_x509_buf oid; From b828820f7a90b2e3ea1856d897d4b4a07453fd37 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 May 2025 21:07:47 +0200 Subject: [PATCH 0579/1548] Declare oid_xxx_numeric_string only when they are defined Signed-off-by: Gilles Peskine --- include/mbedtls/x509.h | 4 ++++ tests/suites/test_suite_x509write.function | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 5a3bd8a2a1..17b3c5d3b4 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -489,6 +489,7 @@ size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst); p += (size_t) ret; \ } while (0) +#if defined(MBEDTLS_X509_USE_C) /** * \brief Translate an ASN.1 OID into its numeric representation * (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549") @@ -501,7 +502,9 @@ size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst); * PSA_ERROR_BUFFER_TOO_SMALL in case of error */ int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid); +#endif /* MBEDTLS_X509_USE_C */ +#if defined(MBEDTLS_X509_CREATE_C) /** * \brief Translate a string containing a dotted-decimal * representation of an ASN.1 OID into its encoded form @@ -520,6 +523,7 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_bu * allocate oid->buf */ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *oid_str, size_t size); +#endif /* MBEDTLS_X509_CREATE_C */ #ifdef __cplusplus } diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index f43e01ea9e..51a5d37584 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -704,7 +704,7 @@ void x509_set_extension_length_check() } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C */ void oid_from_numeric_string(char *oid_str, int error_ret, data_t *exp_oid_buf) { From dcd43fcc457b8aa8fdaeebc0ef0d4ec1ee76255c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 May 2025 21:09:10 +0200 Subject: [PATCH 0580/1548] Move oid_xxx_numeric_string back to oid.h The header `mbedtls/oid.h` now belongs to the X.509 library. Move the declarations of `mbedtls_oid_get_numeric_string()` and `mbedtls_oid_from_numeric_string()` back to this header, which is where they were in all previous releases of Mbed TLS. This avoids gratuitously breaking backward compatibility. Signed-off-by: Gilles Peskine --- include/mbedtls/oid.h | 36 ++++++++++++++++++++++++++++++++++++ include/mbedtls/x509.h | 36 ------------------------------------ 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 5ef87d3d6a..375ea60cb6 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -264,4 +264,40 @@ * ecdsa-with-SHA2(3) 4 } */ #define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04" +#if defined(MBEDTLS_X509_USE_C) +/** + * \brief Translate an ASN.1 OID into its numeric representation + * (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549") + * + * \param buf buffer to put representation in + * \param size size of the buffer + * \param oid OID to translate + * + * \return Length of the string written (excluding final NULL) or + * PSA_ERROR_BUFFER_TOO_SMALL in case of error + */ +int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid); +#endif /* MBEDTLS_X509_USE_C */ + +#if defined(MBEDTLS_X509_CREATE_C) +/** + * \brief Translate a string containing a dotted-decimal + * representation of an ASN.1 OID into its encoded form + * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D"). + * On success, this function allocates oid->buf from the + * heap. It must be freed by the caller using mbedtls_free(). + * + * \param oid #mbedtls_asn1_buf to populate with the DER-encoded OID + * \param oid_str string representation of the OID to parse + * \param size length of the OID string, not including any null terminator + * + * \return 0 if successful + * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if \p oid_str does not + * represent a valid OID + * \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if the function fails to + * allocate oid->buf + */ +int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *oid_str, size_t size); +#endif /* MBEDTLS_X509_CREATE_C */ + #endif /* oid.h */ diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 17b3c5d3b4..2afcfb2f9f 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -489,42 +489,6 @@ size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst); p += (size_t) ret; \ } while (0) -#if defined(MBEDTLS_X509_USE_C) -/** - * \brief Translate an ASN.1 OID into its numeric representation - * (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549") - * - * \param buf buffer to put representation in - * \param size size of the buffer - * \param oid OID to translate - * - * \return Length of the string written (excluding final NULL) or - * PSA_ERROR_BUFFER_TOO_SMALL in case of error - */ -int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid); -#endif /* MBEDTLS_X509_USE_C */ - -#if defined(MBEDTLS_X509_CREATE_C) -/** - * \brief Translate a string containing a dotted-decimal - * representation of an ASN.1 OID into its encoded form - * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D"). - * On success, this function allocates oid->buf from the - * heap. It must be freed by the caller using mbedtls_free(). - * - * \param oid #mbedtls_asn1_buf to populate with the DER-encoded OID - * \param oid_str string representation of the OID to parse - * \param size length of the OID string, not including any null terminator - * - * \return 0 if successful - * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if \p oid_str does not - * represent a valid OID - * \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if the function fails to - * allocate oid->buf - */ -int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *oid_str, size_t size); -#endif /* MBEDTLS_X509_CREATE_C */ - #ifdef __cplusplus } #endif From 53e11cb5d5b33d02f21ff4a9e593ccdc833b47ca Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 May 2025 21:12:15 +0200 Subject: [PATCH 0581/1548] Changelog entry for the OID module in Mbed TLS 4.0 Signed-off-by: Gilles Peskine --- ChangeLog.d/oid.txt | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ChangeLog.d/oid.txt diff --git a/ChangeLog.d/oid.txt b/ChangeLog.d/oid.txt new file mode 100644 index 0000000000..53828d85b1 --- /dev/null +++ b/ChangeLog.d/oid.txt @@ -0,0 +1,8 @@ +Removals + * The library no longer offers interfaces to look up values by OID + or OID by enum values. + The header now only defines functions to convert + between binary and dotted string OID representations, and macros + for OID strings that are relevant to X.509. + The compilation option MBEDTLS_OID_C no longer + exists. OID tables are included in the build automatically as needed. From 9e147f264c80738982623f0d0aeb9376f69c0f86 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 13 May 2025 20:08:51 +0200 Subject: [PATCH 0582/1548] Exclude crypto's oid.h now that it is in mbedtls Otherwise Doxygen complains about two `\file` with the same name. This is a temporary exclusion which can be removed once crypto no longer has an oid.h. Signed-off-by: Gilles Peskine --- doxygen/mbedtls.doxyfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 6b09ae39a3..cd52300b02 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -7,7 +7,9 @@ EXTRACT_PRIVATE = YES EXTRACT_STATIC = YES CASE_SENSE_NAMES = NO INPUT = ../include ../tf-psa-crypto/include input ../tf-psa-crypto/drivers/builtin/include ../tests/include/alt-dummy -EXCLUDE = ../tf-psa-crypto/drivers/builtin/include/mbedtls/build_info.h +EXCLUDE = \ + ../tf-psa-crypto/drivers/builtin/include/mbedtls/build_info.h \ + ../tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h FILE_PATTERNS = *.h RECURSIVE = YES EXCLUDE_SYMLINKS = YES From 7e7dc6fdda85adff09a7b978a27067d590986da3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 14 May 2025 12:45:29 +0200 Subject: [PATCH 0583/1548] Align endif comments with auxiliary macros Signed-off-by: Gilles Peskine --- library/x509_oid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/x509_oid.c b/library/x509_oid.c index 80c8873452..d69fd513ba 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -330,7 +330,7 @@ static const oid_x509_ext_t oid_x509_ext[] = FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext) FN_OID_GET_ATTR1(mbedtls_x509_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) -#endif /* MBEDTLS_X509_CRT_PARSE_C || MBEDTLS_X509_CSR_PARSE_C */ +#endif /* MBEDTLS_X509_OID_HAVE_GET_X509_EXT_TYPE */ #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) static const mbedtls_x509_oid_descriptor_t oid_ext_key_usage[] = @@ -598,6 +598,6 @@ static const oid_md_alg_t oid_md_alg[] = FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) FN_OID_GET_ATTR1(mbedtls_x509_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) -#endif /* (MBEDTLS_X509_USE_C && MBEDTLS_X509_RSASSA_PSS_SUPPORT) || MBEDTLS_PKCS7_C */ +#endif /* MBEDTLS_X509_OID_HAVE_GET_MD_ALG */ #endif /* some X.509 is enabled */ From 4aa974f7c73a1012b85d7e47678177d3c793805c Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 23 Apr 2025 17:04:18 +0200 Subject: [PATCH 0584/1548] Remove `MBEDTLS_SHA3_C` config option Signed-off-by: Gabor Mezei --- programs/test/selftest.c | 5 ++++- tests/scripts/components-configuration-crypto.sh | 5 +++-- tests/scripts/depends.py | 4 ---- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 515757311d..8516f3a251 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -290,7 +290,10 @@ const selftest_t selftests[] = #if defined(MBEDTLS_SHA512_C) { "sha512", mbedtls_sha512_self_test }, #endif -#if defined(MBEDTLS_SHA3_C) +#if defined(PSA_WANT_ALG_SHA3_224) || \ + defined(PSA_WANT_ALG_SHA3_256) || \ + defined(PSA_WANT_ALG_SHA3_384) || \ + defined(PSA_WANT_ALG_SHA3_512) { "sha3", mbedtls_sha3_self_test }, #endif #if defined(MBEDTLS_DES_C) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index a06ef1d132..16a399ab4e 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1557,7 +1557,7 @@ component_test_psa_crypto_config_accel_hash () { scripts/config.py unset MBEDTLS_SHA256_C scripts/config.py unset MBEDTLS_SHA384_C scripts/config.py unset MBEDTLS_SHA512_C - scripts/config.py unset MBEDTLS_SHA3_C + scripts/config.py unset-all 'PSA_WANT_ALG_SHA3_*' # Build # ----- @@ -1597,7 +1597,7 @@ config_psa_crypto_hash_use_psa () { scripts/config.py unset MBEDTLS_SHA384_C scripts/config.py unset MBEDTLS_SHA512_C scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - scripts/config.py unset MBEDTLS_SHA3_C + scripts/config.py unset-all 'PSA_WANT_ALG_SHA3_*' fi } @@ -1680,6 +1680,7 @@ config_psa_crypto_hmac_use_psa () { # Disable also the builtin hashes since they are supported by the driver # and MD module is able to perform PSA dispathing. scripts/config.py unset-all MBEDTLS_SHA + scripts/config.py unset-all 'PSA_WANT_ALG_SHA3_*' scripts/config.py unset MBEDTLS_MD5_C scripts/config.py unset MBEDTLS_RIPEMD160_C fi diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index cfd9f406d4..138631352f 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -348,10 +348,6 @@ def test(self, options): 'MBEDTLS_SHA512_C': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', 'PSA_WANT_ALG_SHA_512'], - 'MBEDTLS_SHA3_C' : ['PSA_WANT_ALG_SHA3_224', - 'PSA_WANT_ALG_SHA3_256', - 'PSA_WANT_ALG_SHA3_384', - 'PSA_WANT_ALG_SHA3_512'], 'PSA_WANT_ALG_ECB_NO_PADDING' : ['MBEDTLS_NIST_KW_C'], } From 588769cc65d88f7d3f8f4d82bb805ce919497744 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 24 Apr 2025 12:11:26 +0200 Subject: [PATCH 0585/1548] Update error generation Adapt the `generate_errors.pl` to handle `PSA_WANT` macros and update to handle SHA3 macros. Signed-off-by: Gabor Mezei --- scripts/generate_errors.pl | 60 +++++++++++++++++++++++--------------- 1 file changed, 37 insertions(+), 23 deletions(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index aae1fc8870..499307b9d8 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -96,8 +96,8 @@ } } -my $ll_old_define = ""; -my $hl_old_define = ""; +my @ll_old_define = ("", "", ""); +my @hl_old_define = ("", "", ""); my $ll_code_check = ""; my $hl_code_check = ""; @@ -129,6 +129,14 @@ $define_name = "SSL_TLS" if ($define_name eq "SSL"); $define_name = "PEM_PARSE,PEM_WRITE" if ($define_name eq "PEM"); $define_name = "PKCS7" if ($define_name eq "PKCS7"); + $define_name = "ALG_SHA3_224,ALG_SHA3_256,ALG_SHA3_384,ALG_SHA3_512" + if ($define_name eq "SHA3"); + + my $define_prefix = "MBEDTLS_"; + $define_prefix = "PSA_WANT_" if ($module_name eq "SHA3"); + + my $define_suffix = "_C"; + $define_suffix = "" if ($module_name eq "SHA3"); my $include_name = $module_name; $include_name =~ tr/A-Z/a-z/; @@ -154,26 +162,30 @@ if ($found_ll) { $code_check = \$ll_code_check; - $old_define = \$ll_old_define; + $old_define = \@ll_old_define; $white_space = ' '; } else { $code_check = \$hl_code_check; - $old_define = \$hl_old_define; + $old_define = \@hl_old_define; $white_space = ' '; } - if ($define_name ne ${$old_define}) + my $old_define_name = \${$old_define}[0]; + my $old_define_prefix = \${$old_define}[1]; + my $old_define_suffix = \${$old_define}[2]; + + if ($define_name ne ${$old_define_name}) { - if (${$old_define} ne "") + if (${$old_define_name} ne "") { ${$code_check} .= "#endif /* "; $first = 0; - foreach my $dep (split(/,/, ${$old_define})) + foreach my $dep (split(/,/, ${$old_define_name})) { - ${$code_check} .= " || " if ($first++); - ${$code_check} .= "MBEDTLS_${dep}_C"; + ${$code_check} .= " || \n " if ($first++); + ${$code_check} .= "${$old_define_prefix}${dep}${$old_define_suffix}"; } ${$code_check} .= " */\n\n"; } @@ -183,42 +195,44 @@ $first = 0; foreach my $dep (split(/,/, ${define_name})) { - ${$code_check} .= " || " if ($first); - $headers .= " || " if ($first++); + ${$code_check} .= " || \\\n " if ($first); + $headers .= " || \\\n " if ($first++); - ${$code_check} .= "defined(MBEDTLS_${dep}_C)"; - $headers .= "defined(MBEDTLS_${dep}_C)" if - ($include_name ne ""); + ${$code_check} .= "defined(${define_prefix}${dep}${define_suffix})"; + $headers .= "defined(${define_prefix}${dep}${define_suffix})" + if ($include_name ne ""); } ${$code_check} .= "\n"; $headers .= "\n#include \"mbedtls/${include_name}.h\"\n". "#endif\n\n" if ($include_name ne ""); - ${$old_define} = $define_name; + ${$old_define_name} = $define_name; + ${$old_define_prefix} = $define_prefix; + ${$old_define_suffix} = $define_suffix; } ${$code_check} .= "${white_space}case -($error_name):\n". "${white_space} return( \"$module_name - $description\" );\n" }; -if ($ll_old_define ne "") +if ($ll_old_define[0] ne "") { $ll_code_check .= "#endif /* "; my $first = 0; - foreach my $dep (split(/,/, $ll_old_define)) + foreach my $dep (split(/,/, $ll_old_define[0])) { - $ll_code_check .= " || " if ($first++); - $ll_code_check .= "MBEDTLS_${dep}_C"; + $ll_code_check .= " || \n " if ($first++); + $ll_code_check .= "${ll_old_define[1]}${dep}${ll_old_define[2]}"; } $ll_code_check .= " */\n"; } -if ($hl_old_define ne "") +if ($hl_old_define[0] ne "") { $hl_code_check .= "#endif /* "; my $first = 0; - foreach my $dep (split(/,/, $hl_old_define)) + foreach my $dep (split(/,/, $hl_old_define[0])) { - $hl_code_check .= " || " if ($first++); - $hl_code_check .= "MBEDTLS_${dep}_C"; + $hl_code_check .= " || \n " if ($first++); + $hl_code_check .= "${hl_old_define[1]}${dep}${hl_old_define[2]}"; } $hl_code_check .= " */\n"; } From 72cc7bb706159e79be5726d6d7096db9931f9449 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 24 Apr 2025 16:26:37 +0200 Subject: [PATCH 0586/1548] Start the generation at the beginning of the line The markers for the generated code need to indented due to the code style check. During the replacement remove the spaces along with the markers. Signed-off-by: Gabor Mezei --- scripts/generate_errors.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 499307b9d8..f4154e37cc 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -238,8 +238,8 @@ } $error_format =~ s/HEADER_INCLUDED\n/$headers/g; -$error_format =~ s/LOW_LEVEL_CODE_CHECKS\n/$ll_code_check/g; -$error_format =~ s/HIGH_LEVEL_CODE_CHECKS\n/$hl_code_check/g; +$error_format =~ s/ *LOW_LEVEL_CODE_CHECKS\n/$ll_code_check/g; +$error_format =~ s/ *HIGH_LEVEL_CODE_CHECKS\n/$hl_code_check/g; open(ERROR_FILE, ">$error_file") or die "Opening destination file '$error_file': $!"; print ERROR_FILE $error_format; From 2d6374a0f918d7f2026ad05c20d7e6ec7e04e0a0 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 25 Mar 2025 08:29:17 +0000 Subject: [PATCH 0587/1548] adjust everest header paths in generate_visualc_files.pl Signed-off-by: Ben Taylor --- scripts/generate_visualc_files.pl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 81521896b4..7ef46968b5 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -50,7 +50,7 @@ my $test_drivers_source_dir = 'framework/tests/src/drivers'; my @thirdparty_header_dirs = qw( - tf-psa-crypto/drivers/everest/include/everest + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest ); my @thirdparty_source_dirs = qw( tf-psa-crypto/drivers/everest/library @@ -65,10 +65,10 @@ include tf-psa-crypto/include tf-psa-crypto/drivers/builtin/include - tf-psa-crypto/drivers/everest/include/ - tf-psa-crypto/drivers/everest/include/everest - tf-psa-crypto/drivers/everest/include/everest/vs2013 - tf-psa-crypto/drivers/everest/include/everest/kremlib + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/ + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/vs2013 + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/kremlib tests/include tf-psa-crypto/tests/include framework/tests/include From 243b54f3869953a674ff6730685a623a98a1d9cd Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 27 Mar 2025 13:41:29 +0000 Subject: [PATCH 0588/1548] update further everest paths Signed-off-by: Ben Taylor --- CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a099356389..bda3977d07 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -441,7 +441,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE include PRIVATE tf-psa-crypto/include PRIVATE tf-psa-crypto/drivers/builtin/include - PRIVATE tf-psa-crypto/drivers/everest/include + PRIVATE tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/ PRIVATE library PRIVATE tf-psa-crypto/core PRIVATE tf-psa-crypto/drivers/builtin/src) @@ -480,7 +480,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE library PRIVATE tf-psa-crypto/core PRIVATE tf-psa-crypto/drivers/builtin/src - PRIVATE tf-psa-crypto/drivers/everest/include) + PRIVATE tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/) set_config_files_compile_definitions(mbedtls_test_helpers) endif() From 142347383fb312f45ef87cee95c8de0aeaf0df6c Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 3 Apr 2025 10:42:19 +0100 Subject: [PATCH 0589/1548] Add ChangeLog for removal of everest headers Signed-off-by: Ben Taylor --- ChangeLog.d/remove-everest-headers.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/remove-everest-headers.txt diff --git a/ChangeLog.d/remove-everest-headers.txt b/ChangeLog.d/remove-everest-headers.txt new file mode 100644 index 0000000000..7dfdddcd52 --- /dev/null +++ b/ChangeLog.d/remove-everest-headers.txt @@ -0,0 +1,3 @@ +Removals + * Removed everest headers from mbedtls as they will be moved to + tf-psa-crypto. From 40bc3489630ab02fd7ae5c6b4518d92062e0481e Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 3 Apr 2025 14:49:29 +0100 Subject: [PATCH 0590/1548] corrected ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/move-everest-headers.txt | 2 ++ ChangeLog.d/remove-everest-headers.txt | 3 --- 2 files changed, 2 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/move-everest-headers.txt delete mode 100644 ChangeLog.d/remove-everest-headers.txt diff --git a/ChangeLog.d/move-everest-headers.txt b/ChangeLog.d/move-everest-headers.txt new file mode 100644 index 0000000000..f80a6d16e4 --- /dev/null +++ b/ChangeLog.d/move-everest-headers.txt @@ -0,0 +1,2 @@ +Changes + * Update path's for new everest header path. diff --git a/ChangeLog.d/remove-everest-headers.txt b/ChangeLog.d/remove-everest-headers.txt deleted file mode 100644 index 7dfdddcd52..0000000000 --- a/ChangeLog.d/remove-everest-headers.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Removed everest headers from mbedtls as they will be moved to - tf-psa-crypto. From de864e7a1c63645f7f66c0fe69aca84b84d1c73d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 22 Apr 2025 10:46:17 +0100 Subject: [PATCH 0591/1548] Remove ChangeLog as it is not required Signed-off-by: Ben Taylor --- ChangeLog.d/move-everest-headers.txt | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 ChangeLog.d/move-everest-headers.txt diff --git a/ChangeLog.d/move-everest-headers.txt b/ChangeLog.d/move-everest-headers.txt deleted file mode 100644 index f80a6d16e4..0000000000 --- a/ChangeLog.d/move-everest-headers.txt +++ /dev/null @@ -1,2 +0,0 @@ -Changes - * Update path's for new everest header path. From 83e5a7bf75ba8a24392ecdc93fe68f48fd56557a Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 29 May 2025 08:11:48 +0100 Subject: [PATCH 0592/1548] update framework submodule to pull in everest changes Signed-off-by: Ben Taylor --- .gitmodules | 2 +- framework | 2 +- tf-psa-crypto | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitmodules b/.gitmodules index 4612b3d0c9..7e34e96984 100644 --- a/.gitmodules +++ b/.gitmodules @@ -3,4 +3,4 @@ url = https://github.com/Mbed-TLS/mbedtls-framework [submodule "tf-psa-crypto"] path = tf-psa-crypto - url = https://github.com/Mbed-TLS/TF-PSA-Crypto.git + url = git@github.com:bjwtaylor/TF-PSA-Crypto.git diff --git a/framework b/framework index 1a83e0c84d..fdb0615d9a 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 1a83e0c84d4b7aa11c7cfd3771322486fc87d281 +Subproject commit fdb0615d9a72c95cdf7f67e77bfcf0418dce756f diff --git a/tf-psa-crypto b/tf-psa-crypto index 35ae18cf89..8706d77f96 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 35ae18cf891d3675584da41f7e830f1de5f87f07 +Subproject commit 8706d77f9632eb2d3d0e58b713281f4232c1ee20 From c45f3d6a1d5cbe8e381d603a325627d9d14c83a4 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 4 Jun 2025 15:47:54 +0200 Subject: [PATCH 0593/1548] Update PSA repo Signed-off-by: Gabor Mezei --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 35ae18cf89..d056817e03 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 35ae18cf891d3675584da41f7e830f1de5f87f07 +Subproject commit d056817e037e350320519613848309559909f581 From 2649800f7c3f48eee871c905219f4e3c895498a5 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 5 Jun 2025 10:38:25 +0200 Subject: [PATCH 0594/1548] Do not disable `PSA_WANT_SHA3` macros when driver accel is used The SW implementation is guarded with the `MBEDTLS_PSA_BUILTIN_ALG_SHA3` macros and not enabled when driver accelaration is set. So disabling the `PSA_WANT` macros is not needed. Signed-off-by: Gabor Mezei --- tests/scripts/components-configuration-crypto.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 16a399ab4e..e72b837898 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1557,7 +1557,6 @@ component_test_psa_crypto_config_accel_hash () { scripts/config.py unset MBEDTLS_SHA256_C scripts/config.py unset MBEDTLS_SHA384_C scripts/config.py unset MBEDTLS_SHA512_C - scripts/config.py unset-all 'PSA_WANT_ALG_SHA3_*' # Build # ----- @@ -1597,7 +1596,6 @@ config_psa_crypto_hash_use_psa () { scripts/config.py unset MBEDTLS_SHA384_C scripts/config.py unset MBEDTLS_SHA512_C scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - scripts/config.py unset-all 'PSA_WANT_ALG_SHA3_*' fi } @@ -1680,7 +1678,6 @@ config_psa_crypto_hmac_use_psa () { # Disable also the builtin hashes since they are supported by the driver # and MD module is able to perform PSA dispathing. scripts/config.py unset-all MBEDTLS_SHA - scripts/config.py unset-all 'PSA_WANT_ALG_SHA3_*' scripts/config.py unset MBEDTLS_MD5_C scripts/config.py unset MBEDTLS_RIPEMD160_C fi From 43c891ae98e044e2ec33f2711a755773a168e197 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 3 Jun 2025 14:46:12 +0100 Subject: [PATCH 0595/1548] Remove requirement on MBEDTLS_PLATFORM_C from configs Signed-off-by: Felix Conway --- configs/crypto-config-ccm-psk-tls1_2.h | 1 - configs/crypto-config-suite-b.h | 1 - configs/crypto-config-thread.h | 1 - tests/scripts/components-configuration-crypto.sh | 1 - 4 files changed, 4 deletions(-) diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h index 7a33b0daa9..e4de8b3fb6 100644 --- a/configs/crypto-config-ccm-psk-tls1_2.h +++ b/configs/crypto-config-ccm-psk-tls1_2.h @@ -31,7 +31,6 @@ #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C -#define MBEDTLS_PLATFORM_C /* Save RAM at the expense of ROM */ #define MBEDTLS_AES_ROM_TABLES diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h index 92549bade1..3fec3d0f10 100644 --- a/configs/crypto-config-suite-b.h +++ b/configs/crypto-config-suite-b.h @@ -49,7 +49,6 @@ #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C -#define MBEDTLS_PLATFORM_C #define MBEDTLS_OID_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h index d1c449ea98..f71b1f079a 100644 --- a/configs/crypto-config-thread.h +++ b/configs/crypto-config-thread.h @@ -56,7 +56,6 @@ #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C -#define MBEDTLS_PLATFORM_C #define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_MD_C #define MBEDTLS_OID_C diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index e72b837898..9de7597c1c 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2205,7 +2205,6 @@ END #define MBEDTLS_AES_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C - #define MBEDTLS_PLATFORM_C #define MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_SELF_TEST END From c54da23c765aa437785e1e02f4bb8fe9bd9697ed Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 3 Jun 2025 14:46:36 +0100 Subject: [PATCH 0596/1548] Update tf-psa-crypto pointer Signed-off-by: Felix Conway --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index d056817e03..694fa1b81c 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit d056817e037e350320519613848309559909f581 +Subproject commit 694fa1b81cce46e8e160c8bda1a700f8c2a68586 From ef013a69709de0af579d679bd3d1c699529d49bb Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 24 Sep 2024 14:12:43 +0200 Subject: [PATCH 0597/1548] Use PSA macros for the `hashes` domain Signed-off-by: Gabor Mezei --- tests/scripts/depends.py | 63 ++++++++++++++++++++-------------------- 1 file changed, 31 insertions(+), 32 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 138631352f..0cb55377a7 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -328,26 +328,26 @@ def test(self, options): 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', 'MBEDTLS_RSA_C'], - 'MBEDTLS_MD5_C' : ['PSA_WANT_ALG_MD5'], - 'MBEDTLS_RIPEMD160_C' : ['PSA_WANT_ALG_RIPEMD160'], - 'MBEDTLS_SHA1_C' : ['PSA_WANT_ALG_SHA_1'], - 'MBEDTLS_SHA224_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', - 'MBEDTLS_ENTROPY_FORCE_SHA256', - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', - 'PSA_WANT_ALG_SHA_224'], - 'MBEDTLS_SHA256_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', - 'MBEDTLS_ENTROPY_FORCE_SHA256', - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', - 'MBEDTLS_LMS_C', - 'MBEDTLS_LMS_PRIVATE', - 'PSA_WANT_ALG_SHA_256', - 'PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS'], - 'MBEDTLS_SHA384_C' : ['PSA_WANT_ALG_SHA_384'], - 'MBEDTLS_SHA512_C': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', - 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', - 'PSA_WANT_ALG_SHA_512'], + 'PSA_WANT_ALG_MD5': ['MBEDTLS_MD5_C'], + 'PSA_WANT_ALG_RIPEMD160': ['MBEDTLS_RIPEMD160_C'], + 'PSA_WANT_ALG_SHA_1': ['MBEDTLS_SHA1_C'], + 'PSA_WANT_ALG_SHA_224': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', + 'MBEDTLS_ENTROPY_FORCE_SHA256', + 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', + 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', + 'MBEDTLS_SHA224_C'], + 'PSA_WANT_ALG_SHA_256': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', + 'MBEDTLS_ENTROPY_FORCE_SHA256', + 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', + 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', + 'MBEDTLS_LMS_C', + 'MBEDTLS_LMS_PRIVATE', + 'MBEDTLS_SHA256_C', + 'PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS'], + 'PSA_WANT_ALG_SHA_384': ['MBEDTLS_SHA384_C'], + 'PSA_WANT_ALG_SHA_512': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', + 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', + 'MBEDTLS_SHA512_C'], 'PSA_WANT_ALG_ECB_NO_PADDING' : ['MBEDTLS_NIST_KW_C'], } @@ -355,8 +355,8 @@ def test(self, options): # These are not necessarily dependencies, but just minimal required changes # if a given define is the only one enabled from an exclusive group. EXCLUSIVE_GROUPS = { - 'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C', - '-MBEDTLS_SSL_TLS_C'], + 'PSA_WANT_ALG_SHA_512': ['-MBEDTLS_SSL_COOKIE_C', + '-MBEDTLS_SSL_TLS_C'], 'PSA_WANT_ECC_MONTGOMERY_448': ['-PSA_WANT_ALG_ECDSA', '-PSA_WANT_ALG_JPAKE',], 'PSA_WANT_ECC_MONTGOMERY_255': ['-PSA_WANT_ALG_ECDSA', @@ -503,10 +503,12 @@ def __init__(self, options, conf): for expr in psa_info.generate_expressions([key_type])) if symbol in self.all_config_symbols} - # Find hash modules by name. - hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z') + # Find hash modules by category. + hash_symbols = {symbol + for alg, symbol in algs.items() + if alg.can_do(crypto_knowledge.AlgorithmCategory.HASH)} - # Find elliptic curve enabling macros + # Find elliptic curve enabling macros by name. # MBEDTLS_ECP_DP_SECP224K1_ENABLED added to disable it for all curves curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z|' r'MBEDTLS_ECP_DP_SECP224K1_ENABLED') @@ -540,19 +542,16 @@ def __init__(self, options, conf): build_and_test), # Elliptic curves. Run the test suites. - 'curves': ExclusiveDomain(curve_symbols, build_and_test, - exclude=r'MBEDTLS_ECP_DP_SECP224K1_ENABLED'), + 'curves': ExclusiveDomain(curve_symbols, build_and_test), - # Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1, + # Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1, SHA3*, # SHA224 and SHA384 because MBEDTLS_ENTROPY_C is extensively used # across various modules, but it depends on either SHA256 or SHA512. # As a consequence an "exclusive" test of anything other than SHA256 # or SHA512 with MBEDTLS_ENTROPY_C enabled is not possible. 'hashes': DualDomain(hash_symbols, build_and_test, - exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)' \ - '|MBEDTLS_SHA224_' \ - '|MBEDTLS_SHA384_' \ - '|MBEDTLS_SHA3_'), + exclude=r'PSA_WANT_ALG_(?!SHA_(256|512))'), + # Key exchange types. 'kex': ExclusiveDomain(key_exchange_symbols, build_and_test), From 3795f8ab7409259a67500e773c9d53b067e4b910 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 6 Jun 2025 12:31:52 +0200 Subject: [PATCH 0598/1548] Remove temporary component created for SHA3 testing Signed-off-by: Gabor Mezei --- tests/scripts/components-configuration.sh | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index 4f212be60d..5fd9ede124 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -351,16 +351,3 @@ component_test_memory_buffer_allocator () { # MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out. tests/ssl-opt.sh -e '^DTLS proxy' } - -# Temporary component for SHA3 config option removal -# Will be removed according to this issue: -# https://github.com/Mbed-TLS/mbedtls/issues/10203 -component_test_full_no_sha3 () { - msg "build: full config without SHA3" - scripts/config.py full - scripts/config.py unset-all 'PSA_WANT_ALG_SHA3_*' - make - - msg "test: full - PSA_WANT_ALG_SHA3_*" - make test -} From 67aa959ea1ede35671535d14df1711175f2a7dfb Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Tue, 10 Jun 2025 16:59:44 +0100 Subject: [PATCH 0599/1548] Fixed some minor typos in comments. Signed-off-by: Ari Weiler-Ofek --- library/ssl_msg.c | 4 ++-- library/ssl_tls12_client.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index dba8d74ba1..5774bfc865 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -4189,7 +4189,7 @@ static int ssl_load_buffered_message(mbedtls_ssl_context *ssl) ret = 0; goto exit; } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message %u not or only partially bufffered", + MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message %u not or only partially buffered", hs->in_msg_seq)); } @@ -5957,7 +5957,7 @@ int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl, } else { /* * If we are past the point where we can send early data or we have - * already reached the maximum early data size, return immediatly. + * already reached the maximum early data size, return immediately. * Otherwise, progress the handshake as much as possible to not delay * it too much. If we reach a point where we can still send early data, * then we will send some. diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 114c32aea1..7be56eb121 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1773,7 +1773,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); if (tls_id == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("ECC group %u not suported", + MBEDTLS_SSL_DEBUG_MSG(1, ("ECC group %u not supported", grp_id)); return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } From c6654fc1b0b91413ca4c46f6a430096f6c4288c4 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 4 Jun 2025 14:54:58 +0100 Subject: [PATCH 0600/1548] Replace MBEDTLS_ERR_ECP_IN_PROGRESS with alias PSA_OPERATION_INCOMPLETE in documentation Signed-off-by: Felix Conway --- include/mbedtls/x509_crt.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 8a220cd414..de91499365 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -733,7 +733,7 @@ int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, * to disable restartable ECC. * * \return See \c mbedtls_crt_verify_with_profile(), or - * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * \return #PSA_OPERATION_INCOMPLETE if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). */ int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, From 4f94ae8baa64479d11d6f839c73ff2fb54b86b3b Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 4 Jun 2025 14:55:45 +0100 Subject: [PATCH 0601/1548] Doxygen: only render public files Signed-off-by: Felix Conway --- doxygen/mbedtls.doxyfile | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index cd52300b02..78c22052ab 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -6,10 +6,7 @@ EXTRACT_ALL = YES EXTRACT_PRIVATE = YES EXTRACT_STATIC = YES CASE_SENSE_NAMES = NO -INPUT = ../include ../tf-psa-crypto/include input ../tf-psa-crypto/drivers/builtin/include ../tests/include/alt-dummy -EXCLUDE = \ - ../tf-psa-crypto/drivers/builtin/include/mbedtls/build_info.h \ - ../tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h +INPUT = ../include ../tf-psa-crypto/include ../tests/include/alt-dummy FILE_PATTERNS = *.h RECURSIVE = YES EXCLUDE_SYMLINKS = YES From 1704578f2fab6195983b52f1c1e079c1e78550a0 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 4 Jun 2025 14:57:21 +0100 Subject: [PATCH 0602/1548] Update tf-psa-crypto pointer to bring in doxygen pre-work Signed-off-by: Felix Conway --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index d056817e03..694fa1b81c 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit d056817e037e350320519613848309559909f581 +Subproject commit 694fa1b81cce46e8e160c8bda1a700f8c2a68586 From 67f63821a5f6027213f99e7e7f29c09a67a773c2 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 29 May 2025 17:25:21 +0100 Subject: [PATCH 0603/1548] Updated tf-psa-crypto pointer Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 35ae18cf89..9af7c0e7ba 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 35ae18cf891d3675584da41f7e830f1de5f87f07 +Subproject commit 9af7c0e7ba4d6bf2a9c3e56a3e3f04b4b053ce47 From 035247d46f3a847b279659e4b8739fad6aaeb62a Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 11 Jun 2025 11:07:10 +0100 Subject: [PATCH 0604/1548] Re-add doxygen/input to INPUT variable Signed-off-by: Felix Conway --- doxygen/mbedtls.doxyfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 78c22052ab..cc2c51eba7 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -6,7 +6,7 @@ EXTRACT_ALL = YES EXTRACT_PRIVATE = YES EXTRACT_STATIC = YES CASE_SENSE_NAMES = NO -INPUT = ../include ../tf-psa-crypto/include ../tests/include/alt-dummy +INPUT = ../include input ../tf-psa-crypto/include ../tests/include/alt-dummy FILE_PATTERNS = *.h RECURSIVE = YES EXCLUDE_SYMLINKS = YES From 6ee4d9220e1f8aff36e41a3895121bf2c9287daa Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Wed, 11 Jun 2025 17:40:42 +0100 Subject: [PATCH 0605/1548] Fixed the same typo in ssl-opt.sh Signed-off-by: Ari Weiler-Ofek --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6eefd95724..5b2425bf55 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11693,7 +11693,7 @@ run_test "DTLS reordering: Buffer out-of-order handshake message fragment on 0 \ -c "Buffering HS message" \ -c "found fragmented DTLS handshake message"\ - -c "Next handshake message 1 not or only partially bufffered" \ + -c "Next handshake message 1 not or only partially buffered" \ -c "Next handshake message has been buffered - load"\ -S "Buffering HS message" \ -S "Next handshake message has been buffered - load"\ From ae89dcc4beefeb06a31f030f80726a7e524cc57c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 May 2025 15:34:28 +0200 Subject: [PATCH 0606/1548] library: tls12: remove usage of MBEDTLS_PK_USE_PSA_EC_DATA PK module will now always use PSA storing pattern when working with EC keys therefore MBEDTLS_PK_USE_PSA_EC_DATA is assumed to be always enabled. Signed-off-by: Valerio Setti --- library/ssl_tls12_client.c | 18 ------------ library/ssl_tls12_server.c | 57 -------------------------------------- 2 files changed, 75 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 114c32aea1..80b60aeafc 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1758,10 +1758,6 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - const mbedtls_ecp_keypair *peer_key = mbedtls_pk_ec_ro(*peer_pk); -#endif /* !defined(MBEDTLS_PK_USE_PSA_EC_DATA) */ - uint16_t tls_id = 0; psa_key_type_t key_type = PSA_KEY_TYPE_NONE; mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(peer_pk); @@ -1786,23 +1782,9 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) ssl->handshake->xxdh_psa_type = key_type; /* Store peer's public key in psa format. */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) memcpy(ssl->handshake->xxdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len); ssl->handshake->xxdh_psa_peerkey_len = peer_pk->pub_raw_len; ret = 0; -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - size_t olen = 0; - ret = mbedtls_ecp_point_write_binary(&peer_key->grp, &peer_key->Q, - MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, - ssl->handshake->xxdh_psa_peerkey, - sizeof(ssl->handshake->xxdh_psa_peerkey)); - - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecp_point_write_binary"), ret); - return ret; - } - ssl->handshake->xxdh_psa_peerkey_len = olen; -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* We don't need the peer's public key anymore. Free it, * so that more RAM is available for upcoming expensive diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 2b2b49f2b0..b2b5e33c0b 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2525,12 +2525,6 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; size_t key_len; -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - uint16_t tls_id = 0; - psa_key_type_t key_type = PSA_KEY_TYPE_NONE; - mbedtls_ecp_group_id grp_id; - mbedtls_ecp_keypair *key; -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ pk = mbedtls_ssl_own_key(ssl); @@ -2542,11 +2536,9 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) switch (pk_type) { case MBEDTLS_PK_OPAQUE: -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) { return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } @@ -2561,7 +2553,6 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes); ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes); -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) if (pk_type != MBEDTLS_PK_OPAQUE) { /* PK_ECKEY[_DH] and PK_ECDSA instead as parsed from the PK * module and only have ECDSA capabilities. Since we need @@ -2594,7 +2585,6 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) ret = 0; break; } -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* Opaque key is created by the user (externally from Mbed TLS) * so we assume it already has the right algorithm and flags @@ -2604,53 +2594,6 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) ret = 0; break; -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - case MBEDTLS_PK_ECKEY: - case MBEDTLS_PK_ECKEY_DH: - case MBEDTLS_PK_ECDSA: - key = mbedtls_pk_ec_rw(*pk); - grp_id = mbedtls_pk_get_ec_group_id(pk); - if (grp_id == MBEDTLS_ECP_DP_NONE) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); - if (tls_id == 0) { - /* This elliptic curve is not supported */ - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - /* If the above conversion to TLS ID was fine, then also this one will - be, so there is no need to check the return value here */ - mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, - &ssl->handshake->xxdh_psa_bits); - - ssl->handshake->xxdh_psa_type = key_type; - - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); - psa_set_key_type(&key_attributes, - PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type)); - psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits); - - ret = mbedtls_ecp_write_key_ext(key, &key_len, buf, sizeof(buf)); - if (ret != 0) { - mbedtls_platform_zeroize(buf, sizeof(buf)); - break; - } - - status = psa_import_key(&key_attributes, buf, key_len, - &ssl->handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - mbedtls_platform_zeroize(buf, sizeof(buf)); - break; - } - - mbedtls_platform_zeroize(buf, sizeof(buf)); - ret = 0; - break; -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ default: ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } From c394fd0ebc0e09654466cf306ccfc16907f09a89 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 May 2025 15:42:56 +0200 Subject: [PATCH 0607/1548] library: debug: replace MBEDTLS_PK_USE_PSA_EC_DATA with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY MBEDTLS_PK_USE_PSA_EC_DATA is a legacy symbol that is used in 3.6 LTS branch, but now it is assumed to be always true. It's only kept for legacy reasons so it's better to replace it with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY instead. Signed-off-by: Valerio Setti --- library/debug.c | 34 ++++------------------------------ 1 file changed, 4 insertions(+), 30 deletions(-) diff --git a/library/debug.c b/library/debug.c index 8d55b41365..5210f0c684 100644 --- a/library/debug.c +++ b/library/debug.c @@ -219,29 +219,8 @@ void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, #endif /* MBEDTLS_BIGNUM_C */ #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) -#if defined(MBEDTLS_ECP_LIGHT) -static void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_ecp_point *X) -{ - char str[DEBUG_BUF_SIZE]; - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - level > debug_threshold) { - return; - } - - mbedtls_snprintf(str, sizeof(str), "%s(X)", text); - mbedtls_debug_print_mpi(ssl, level, file, line, str, &X->X); - - mbedtls_snprintf(str, sizeof(str), "%s(Y)", text); - mbedtls_debug_print_mpi(ssl, level, file, line, str, &X->Y); -} -#endif /* MBEDTLS_ECP_LIGHT */ - -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) static void mbedtls_debug_print_ec_coord(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const unsigned char *buf, size_t len) @@ -311,7 +290,7 @@ static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level mbedtls_snprintf(str, sizeof(str), "%s(Y)", text); mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len); } -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, const char *file, int line, @@ -342,16 +321,11 @@ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value); } else #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) - if (items[i].type == MBEDTLS_PK_DEBUG_ECP) { - mbedtls_debug_print_ecp(ssl, level, file, line, name, items[i].value); - } else -#endif /* MBEDTLS_ECP_LIGHT */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) if (items[i].type == MBEDTLS_PK_DEBUG_PSA_EC) { mbedtls_debug_print_psa_ec(ssl, level, file, line, name, items[i].value); } else -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ { debug_send_line(ssl, level, file, line, "should not happen\n"); } } From eaf578978edd3d91185e5a412d3c8cbf472a7ca0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 6 May 2025 17:07:09 +0200 Subject: [PATCH 0608/1548] library: remove ECDSA_C dependency from ECP_RESTARTABLE Signed-off-by: Valerio Setti --- include/mbedtls/x509_crt.h | 10 +++++----- library/x509_crt.c | 26 +++++++++++++------------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index de91499365..a3f07892f6 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -272,7 +272,7 @@ typedef struct { #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ } mbedtls_x509_crt_verify_chain; -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Context for resuming X.509 verify operations @@ -299,12 +299,12 @@ typedef struct { } mbedtls_x509_crt_restart_ctx; -#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ +#else /* MBEDTLS_ECP_RESTARTABLE */ /* Now we can declare functions that take a pointer to that */ typedef void mbedtls_x509_crt_restart_ctx; -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ +#endif /* MBEDTLS_ECP_RESTARTABLE */ #if defined(MBEDTLS_X509_CRT_PARSE_C) /** @@ -880,7 +880,7 @@ void mbedtls_x509_crt_init(mbedtls_x509_crt *crt); */ void mbedtls_x509_crt_free(mbedtls_x509_crt *crt); -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Initialize a restart context */ @@ -890,7 +890,7 @@ void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx); * \brief Free the components of a restart context */ void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx); -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ +#endif /* MBEDTLS_ECP_RESTARTABLE */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ /** diff --git a/library/x509_crt.c b/library/x509_crt.c index 0a43d8789f..4ac5d9b7e6 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2124,7 +2124,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, return -1; } -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) { return mbedtls_pk_verify_restartable(&parent->pk, child->sig_md, hash, hash_len, @@ -2234,7 +2234,7 @@ static int x509_crt_find_parent_in( mbedtls_x509_crt *parent, *fallback_parent; int signature_is_good = 0, fallback_signature_is_good; -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) /* did we have something in progress? */ if (rs_ctx != NULL && rs_ctx->parent != NULL) { /* restore saved state */ @@ -2268,12 +2268,12 @@ static int x509_crt_find_parent_in( } /* Signature */ -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) check_signature: #endif ret = x509_crt_check_signature(child, parent, rs_ctx); -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { /* save state */ rs_ctx->parent = parent; @@ -2358,7 +2358,7 @@ static int x509_crt_find_parent( *parent_is_trusted = 1; -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) /* restore then clear saved state if we have some stored */ if (rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) { *parent_is_trusted = rs_ctx->parent_is_trusted; @@ -2374,7 +2374,7 @@ static int x509_crt_find_parent( *parent_is_trusted, path_cnt, self_cnt, rs_ctx, now); -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { /* save state */ rs_ctx->parent_is_trusted = *parent_is_trusted; @@ -2501,7 +2501,7 @@ static int x509_crt_verify_chain( } #endif -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) /* resume if we had an operation in progress */ if (rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent) { /* restore saved state */ @@ -2515,7 +2515,7 @@ static int x509_crt_verify_chain( goto find_parent; } -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ +#endif /* MBEDTLS_ECP_RESTARTABLE */ child = crt; self_cnt = 0; @@ -2561,7 +2561,7 @@ static int x509_crt_verify_chain( return 0; } -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) find_parent: #endif @@ -2593,7 +2593,7 @@ static int x509_crt_verify_chain( ver_chain->len - 1, self_cnt, rs_ctx, &now); -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { /* save state */ rs_ctx->in_progress = x509_crt_rs_find_parent; @@ -3087,7 +3087,7 @@ static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt, ver_chain.trust_ca_cb_result = NULL; #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) if (rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS) { mbedtls_x509_crt_restart_free(rs_ctx); } @@ -3223,7 +3223,7 @@ void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) } } -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) /* * Initialize a restart context */ @@ -3254,7 +3254,7 @@ void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx) mbedtls_pk_restart_free(&ctx->pk); mbedtls_x509_crt_restart_init(ctx); } -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ +#endif /* MBEDTLS_ECP_RESTARTABLE */ int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt) { From a81d6dfb05631ac5d8cd0003913665f048287f15 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 21 May 2025 12:37:15 +0200 Subject: [PATCH 0609/1548] tests|programs: remove usage of mbedtls_ecp_set_max_ops() PK restartable operations are now implemented using PSA interruptible ones, so mbedtls_ecp_set_max_ops() can be removed in favor of psa_interruptible_set_max_ops(). Signed-off-by: Valerio Setti --- programs/ssl/ssl_client2.c | 1 - tests/suites/test_suite_x509parse.function | 1 - 2 files changed, 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 4b5ea7c5d2..d5e7fdf304 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2173,7 +2173,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_ECP_RESTARTABLE) if (opt.ec_max_ops != DFL_EC_MAX_OPS) { psa_interruptible_set_max_ops(opt.ec_max_ops); - mbedtls_ecp_set_max_ops(opt.ec_max_ops); } #endif diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 1276941147..09b248e8fe 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -681,7 +681,6 @@ void x509_verify_restart(char *crt_file, char *ca_file, TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0); psa_interruptible_set_max_ops(max_ops); - mbedtls_ecp_set_max_ops(max_ops); cnt_restart = 0; do { From d7d0acbeb6b4186a62aa6e7429d5bda56c0cea52 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 12 Jun 2025 06:26:06 +0200 Subject: [PATCH 0610/1548] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 694fa1b81c..1a7ceaf8e2 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 694fa1b81cce46e8e160c8bda1a700f8c2a68586 +Subproject commit 1a7ceaf8e28e6b2a48f3743ce706a339dabeb509 From d1090d70ffd084b8750b64334a32b8b6d473ee19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 May 2025 13:06:27 +0200 Subject: [PATCH 0611/1548] Update crypto submodule MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 35ae18cf89..9af7c0e7ba 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 35ae18cf891d3675584da41f7e830f1de5f87f07 +Subproject commit 9af7c0e7ba4d6bf2a9c3e56a3e3f04b4b053ce47 From d2262f23049356528e7a7849dcd18928f484255e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 May 2025 13:07:42 +0200 Subject: [PATCH 0612/1548] Uncomment tests now that crypto is fixed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_x509write.data | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index e5224218c5..96311f3b56 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -269,11 +269,11 @@ mbedtls_x509_string_to_names:"CN=ab,CN=cd,CN=ef":"CN=ef":0:0 X509 String to Names (repeated OID, 1st is zero-length) mbedtls_x509_string_to_names:"CN=#0400,CN=cd,CN=ef":"CN=ef":0:0 -#X509 String to Names (repeated OID, middle is zero-length) -#mbedtls_x509_string_to_names:"CN=ab,CN=#0400,CN=ef":"CN=ef":0:0 +X509 String to Names (repeated OID, middle is zero-length) +mbedtls_x509_string_to_names:"CN=ab,CN=#0400,CN=ef":"CN=ef":0:0 -#X509 String to Names (repeated OID, last is zero-length) -#mbedtls_x509_string_to_names:"CN=ab,CN=cd,CN=#0400":"CN=ef":0:0 +X509 String to Names (repeated OID, last is zero-length) +mbedtls_x509_string_to_names:"CN=ab,CN=cd,CN=#0400":"CN=ef":0:0 X509 Round trip test (Escaped characters) mbedtls_x509_string_to_names:"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":0:0 From 5f6310b65f6ad3cf2faa62b9c8a2109ecf0bedb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 26 May 2025 12:38:52 +0200 Subject: [PATCH 0613/1548] Add ChangeLog entry MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/fix-string-to-names-store-named-data.txt | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 ChangeLog.d/fix-string-to-names-store-named-data.txt diff --git a/ChangeLog.d/fix-string-to-names-store-named-data.txt b/ChangeLog.d/fix-string-to-names-store-named-data.txt new file mode 100644 index 0000000000..422ce07f85 --- /dev/null +++ b/ChangeLog.d/fix-string-to-names-store-named-data.txt @@ -0,0 +1,12 @@ +Security + * Fix a bug in mbedtls_asn1_store_named_data() where it would sometimes leave + an item in the output list in an inconsistent state with val.p == NULL but + val.len > 0. This impacts applications that call this function directly, + or indirectly via mbedtls_x509_string_to_names() or one of the + mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions. The + inconsistent state of the output could then cause a NULL dereference either + inside the same call to mbedtls_x509_string_to_names(), or in subsequent + users of the output structure, such as mbedtls_x509_write_names(). This + only affects applications that create (as opposed to consume) X.509 + certificates, CSRs or CRLS, or that call mbedtls_asn1_store_named_data() + directly. Found by Linh Le and Ngan Nguyen from Calif. From dc82fa67c5cfab62010d4d642015c267b0739307 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 May 2025 13:10:44 +0200 Subject: [PATCH 0614/1548] Keep only the X.509 part from the Changelog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../fix-string-to-names-store-named-data.txt | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/ChangeLog.d/fix-string-to-names-store-named-data.txt b/ChangeLog.d/fix-string-to-names-store-named-data.txt index 422ce07f85..e517cbb72a 100644 --- a/ChangeLog.d/fix-string-to-names-store-named-data.txt +++ b/ChangeLog.d/fix-string-to-names-store-named-data.txt @@ -1,12 +1,8 @@ Security - * Fix a bug in mbedtls_asn1_store_named_data() where it would sometimes leave - an item in the output list in an inconsistent state with val.p == NULL but - val.len > 0. This impacts applications that call this function directly, - or indirectly via mbedtls_x509_string_to_names() or one of the - mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions. The - inconsistent state of the output could then cause a NULL dereference either - inside the same call to mbedtls_x509_string_to_names(), or in subsequent + * Fix a bug in mbedtls_x509_string_to_names() and the + mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions, + where some inputs would cause an inconsistent state to be reached, causing + a NULL dereference either in the function itself, or in subsequent users of the output structure, such as mbedtls_x509_write_names(). This only affects applications that create (as opposed to consume) X.509 - certificates, CSRs or CRLS, or that call mbedtls_asn1_store_named_data() - directly. Found by Linh Le and Ngan Nguyen from Calif. + certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif. From f5a63d1456f109c369500d89f605ea308ea14f1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 10 Jun 2025 09:56:40 +0200 Subject: [PATCH 0615/1548] Fix invalid test data by aligning with 3.6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_x509write.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 96311f3b56..4dcd967226 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -273,7 +273,7 @@ X509 String to Names (repeated OID, middle is zero-length) mbedtls_x509_string_to_names:"CN=ab,CN=#0400,CN=ef":"CN=ef":0:0 X509 String to Names (repeated OID, last is zero-length) -mbedtls_x509_string_to_names:"CN=ab,CN=cd,CN=#0400":"CN=ef":0:0 +mbedtls_x509_string_to_names:"CN=ab,CN=cd,CN=#0400":"CN=#0000":0:MAY_FAIL_GET_NAME X509 Round trip test (Escaped characters) mbedtls_x509_string_to_names:"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":0:0 From 3de417fce26e95ae2cc047989106ac320a2bf9be Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Jun 2025 15:03:42 +0200 Subject: [PATCH 0616/1548] scripts: generate_visualc_files.pl: prepare for Everest headers relocation This change allows the Perl script to manage Everest headers in tf-psa-crypto repo both before and after psa#235. Once psa#235 will be merged this commit can be simplified, i.e. it will be returned to its original state with paths of Everest headers updated. Signed-off-by: Valerio Setti --- scripts/generate_visualc_files.pl | 60 ++++++++++++++++++++++--------- 1 file changed, 44 insertions(+), 16 deletions(-) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 7ef46968b5..714abd739a 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -49,9 +49,20 @@ my $test_drivers_header_dir = 'framework/tests/include/test/drivers'; my $test_drivers_source_dir = 'framework/tests/src/drivers'; -my @thirdparty_header_dirs = qw( - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest -); +# This is a dirty patch to allow mbedtls#10091 to be merged without updating +# tf-psa-crypto to psa#235. Once psa#235 will be merged, this dirty fix can +# be removed. +# The same holds also for @include_directories below. +my @thirdparty_header_dirs; +if (-d "tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest") { + @thirdparty_header_dirs = qw( + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest + ); +} else { + @thirdparty_header_dirs = qw( + tf-psa-crypto/drivers/everest/include/everest + ); +} my @thirdparty_source_dirs = qw( tf-psa-crypto/drivers/everest/library tf-psa-crypto/drivers/everest/library/kremlib @@ -61,19 +72,36 @@ # Directories to add to the include path. # Order matters in case there are files with the same name in more than # one directory: the compiler will use the first match. -my @include_directories = qw( - include - tf-psa-crypto/include - tf-psa-crypto/drivers/builtin/include - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/ - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/vs2013 - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/kremlib - tests/include - tf-psa-crypto/tests/include - framework/tests/include - framework/tests/programs -); +my @include_directories; +if (-d "tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest") { + @include_directories = qw( + include + tf-psa-crypto/include + tf-psa-crypto/drivers/builtin/include + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/ + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/vs2013 + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/kremlib + tests/include + tf-psa-crypto/tests/include + framework/tests/include + framework/tests/programs + ); +} else { + @include_directories = qw( + include + tf-psa-crypto/include + tf-psa-crypto/drivers/builtin/include + tf-psa-crypto/drivers/everest/include/ + tf-psa-crypto/drivers/everest/include/everest + tf-psa-crypto/drivers/everest/include/everest/vs2013 + tf-psa-crypto/drivers/everest/include/everest/kremlib + tests/include + tf-psa-crypto/tests/include + framework/tests/include + framework/tests/programs + ); +} my $include_directories = join(';', map {"../../$_"} @include_directories); # Directories to add to the include path when building the libraries, but not From 0815c67ce153db7641d388ffea3a9856fcc8b461 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 12 Apr 2025 11:52:18 +0200 Subject: [PATCH 0617/1548] programs: pkey: Use tf-psa-crypto/build_info.h pkey programs are crypto programs (only linked to the TF-PSA-Crypto library) thus use the TF-PSA-Crypto build-time configuration info file tf-psa-crypto/build_info.h instead of the Mbed TLS one. Signed-off-by: Ronald Cron --- programs/pkey/gen_key.c | 2 +- programs/pkey/pk_sign.c | 2 +- programs/pkey/pk_verify.c | 2 +- programs/pkey/rsa_sign_pss.c | 2 +- programs/pkey/rsa_verify_pss.c | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index f1ed511241..4d329f2db0 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -7,7 +7,7 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS -#include "mbedtls/build_info.h" +#include "tf-psa-crypto/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 92d96608e3..1598986f6e 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -7,7 +7,7 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS -#include "mbedtls/build_info.h" +#include "tf-psa-crypto/build_info.h" #include "mbedtls/platform.h" /* md.h is included this early since MD_CAN_XXX macros are defined there. */ diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 8ae612bdf6..d9e3bf1ee3 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -7,7 +7,7 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS -#include "mbedtls/build_info.h" +#include "tf-psa-crypto/build_info.h" #include "mbedtls/platform.h" /* md.h is included this early since MD_CAN_XXX macros are defined there. */ diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index a5e06fb197..94333ae54c 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -7,7 +7,7 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS -#include "mbedtls/build_info.h" +#include "tf-psa-crypto/build_info.h" #include "mbedtls/platform.h" /* md.h is included this early since MD_CAN_XXX macros are defined there. */ diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 2bb140fe4e..19f92affb3 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -7,7 +7,7 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS -#include "mbedtls/build_info.h" +#include "tf-psa-crypto/build_info.h" #include "mbedtls/platform.h" /* md.h is included this early since MD_CAN_XXX macros are defined there. */ From a3b562aa1742fa46f7f3c3e268aae1f33bc77a3e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 16 Jun 2025 15:21:13 +0200 Subject: [PATCH 0618/1548] programs: test: Let zeroize be an Mbed TLS test program In TF-PSA-Crypto there is the crypto specific one. Signed-off-by: Ronald Cron --- programs/test/CMakeLists.txt | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 089f8a67e8..949708420c 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -2,20 +2,16 @@ set(libs ${mbedtls_target} ) -set(executables_libs +set(executables metatest query_compile_time_config query_included_headers selftest udp_proxy -) -add_dependencies(${programs_target} ${executables_libs}) -add_dependencies(${ssl_opt_target} udp_proxy) - -set(executables_mbedcrypto zeroize ) -add_dependencies(${programs_target} ${executables_mbedcrypto}) +add_dependencies(${programs_target} ${executables}) +add_dependencies(${ssl_opt_target} udp_proxy) add_dependencies(${ssl_opt_target} query_compile_time_config) if(TEST_CPP) @@ -74,7 +70,7 @@ else() link_to_source(query_config.c) endif() -foreach(exe IN LISTS executables_libs executables_mbedcrypto) +foreach(exe IN LISTS executables) set(source ${exe}.c) set(extra_sources "") if(NOT EXISTS ${source} AND @@ -102,16 +98,9 @@ foreach(exe IN LISTS executables_libs executables_mbedcrypto) # Request C11, required for memory poisoning set_target_properties(${exe} PROPERTIES C_STANDARD 11) - - # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 - list(FIND executables_libs ${exe} exe_index) - if (${exe_index} GREATER -1) - target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) - else() - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - endif() + target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) endforeach() -install(TARGETS ${executables_libs} ${executables_mbedcrypto} +install(TARGETS ${executables} DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) From 653a86dc2a36d6fa6b37ada91d9ca01a7ee63ff8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Jun 2025 15:16:16 +0200 Subject: [PATCH 0619/1548] CMakeLists: prepare for Everest headers relocation Signed-off-by: Valerio Setti --- CMakeLists.txt | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index bda3977d07..84bed5aba3 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -434,6 +434,14 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h) add_dependencies(mbedtls_test mbedtls_test_keys_header) endif() + # This is a dirty fix to allow mbedtls#10091 to be merged without psa#325. + # Once the latter will be merged, this can be simplified to just use + # the new path. + if(EXISTS "tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private") + set(EVEREST_HEADERS_PATH "tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private") + else() + set(EVEREST_HEADERS_PATH "tf-psa-crypto/drivers/everest/include") + endif() target_include_directories(mbedtls_test PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/tests/include PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include @@ -441,7 +449,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE include PRIVATE tf-psa-crypto/include PRIVATE tf-psa-crypto/drivers/builtin/include - PRIVATE tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/ + PRIVATE ${EVEREST_HEADERS_PATH} PRIVATE library PRIVATE tf-psa-crypto/core PRIVATE tf-psa-crypto/drivers/builtin/src) @@ -480,7 +488,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE library PRIVATE tf-psa-crypto/core PRIVATE tf-psa-crypto/drivers/builtin/src - PRIVATE tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/) + PRIVATE ${EVEREST_HEADERS_PATH}) set_config_files_compile_definitions(mbedtls_test_helpers) endif() From 3150913be7e369de73b663af57cab429fe372997 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Jun 2025 15:34:33 +0200 Subject: [PATCH 0620/1548] Revert "update framework submodule to pull in everest changes" This reverts commit 83e5a7bf75ba8a24392ecdc93fe68f48fd56557a. Signed-off-by: Valerio Setti --- .gitmodules | 2 +- framework | 2 +- tf-psa-crypto | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitmodules b/.gitmodules index 7e34e96984..4612b3d0c9 100644 --- a/.gitmodules +++ b/.gitmodules @@ -3,4 +3,4 @@ url = https://github.com/Mbed-TLS/mbedtls-framework [submodule "tf-psa-crypto"] path = tf-psa-crypto - url = git@github.com:bjwtaylor/TF-PSA-Crypto.git + url = https://github.com/Mbed-TLS/TF-PSA-Crypto.git diff --git a/framework b/framework index fdb0615d9a..1a83e0c84d 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit fdb0615d9a72c95cdf7f67e77bfcf0418dce756f +Subproject commit 1a83e0c84d4b7aa11c7cfd3771322486fc87d281 diff --git a/tf-psa-crypto b/tf-psa-crypto index 8706d77f96..35ae18cf89 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 8706d77f9632eb2d3d0e58b713281f4232c1ee20 +Subproject commit 35ae18cf891d3675584da41f7e830f1de5f87f07 From e4960bc15986b86d3d928344245ff3deadedd8ec Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Jun 2025 15:35:07 +0200 Subject: [PATCH 0621/1548] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 1a83e0c84d..977db0c8bc 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 1a83e0c84d4b7aa11c7cfd3771322486fc87d281 +Subproject commit 977db0c8bcb083b436652d9339bd142f46bf64bb From d1e4ccf0a0c0bf1203b022ed6f50ab5224d96b42 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 16 Jun 2025 16:55:15 +0200 Subject: [PATCH 0622/1548] cmake: Fix library order A library that depends on another one should come first in the list of libraries to link against. Signed-off-by: Ronald Cron --- programs/test/cmake_package/CMakeLists.txt | 2 +- programs/test/cmake_package_install/CMakeLists.txt | 2 +- programs/test/cmake_subproject/CMakeLists.txt | 4 ++-- programs/util/CMakeLists.txt | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/programs/test/cmake_package/CMakeLists.txt b/programs/test/cmake_package/CMakeLists.txt index 85270bc8c7..287a0c38c2 100644 --- a/programs/test/cmake_package/CMakeLists.txt +++ b/programs/test/cmake_package/CMakeLists.txt @@ -35,4 +35,4 @@ find_package(MbedTLS REQUIRED) add_executable(cmake_package cmake_package.c) target_link_libraries(cmake_package - MbedTLS::tfpsacrypto MbedTLS::mbedtls MbedTLS::mbedx509) + MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto) diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt index f10109e94c..0d7dbe4dad 100644 --- a/programs/test/cmake_package_install/CMakeLists.txt +++ b/programs/test/cmake_package_install/CMakeLists.txt @@ -38,4 +38,4 @@ find_package(MbedTLS REQUIRED) add_executable(cmake_package_install cmake_package_install.c) target_link_libraries(cmake_package_install - MbedTLS::tfpsacrypto MbedTLS::mbedtls MbedTLS::mbedx509) + MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto) diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt index 7acdcc3393..5bd0c8742b 100644 --- a/programs/test/cmake_subproject/CMakeLists.txt +++ b/programs/test/cmake_subproject/CMakeLists.txt @@ -14,9 +14,9 @@ add_subdirectory(${MBEDTLS_DIR} build) # Link against all the Mbed TLS libraries. Verifies that the targets have been # created using the specified prefix set(libs - subproject_test_tfpsacrypto - subproject_test_mbedx509 subproject_test_mbedtls + subproject_test_mbedx509 + subproject_test_tfpsacrypto ) add_executable(cmake_subproject cmake_subproject.c) diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt index c1b6b75866..fb3ba188a6 100644 --- a/programs/util/CMakeLists.txt +++ b/programs/util/CMakeLists.txt @@ -1,6 +1,6 @@ set(libs - ${tfpsacrypto_target} ${mbedx509_target} + ${tfpsacrypto_target} ) set(executables From 26893d99f67933bfe44db750045bf0f556fcb967 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 17 Jun 2025 23:04:46 +0200 Subject: [PATCH 0623/1548] Revert "CMakeLists: prepare for Everest headers relocation" This reverts commit 653a86dc2a36d6fa6b37ada91d9ca01a7ee63ff8. Signed-off-by: Valerio Setti --- CMakeLists.txt | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 84bed5aba3..bda3977d07 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -434,14 +434,6 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h) add_dependencies(mbedtls_test mbedtls_test_keys_header) endif() - # This is a dirty fix to allow mbedtls#10091 to be merged without psa#325. - # Once the latter will be merged, this can be simplified to just use - # the new path. - if(EXISTS "tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private") - set(EVEREST_HEADERS_PATH "tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private") - else() - set(EVEREST_HEADERS_PATH "tf-psa-crypto/drivers/everest/include") - endif() target_include_directories(mbedtls_test PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/tests/include PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include @@ -449,7 +441,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE include PRIVATE tf-psa-crypto/include PRIVATE tf-psa-crypto/drivers/builtin/include - PRIVATE ${EVEREST_HEADERS_PATH} + PRIVATE tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/ PRIVATE library PRIVATE tf-psa-crypto/core PRIVATE tf-psa-crypto/drivers/builtin/src) @@ -488,7 +480,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE library PRIVATE tf-psa-crypto/core PRIVATE tf-psa-crypto/drivers/builtin/src - PRIVATE ${EVEREST_HEADERS_PATH}) + PRIVATE tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/) set_config_files_compile_definitions(mbedtls_test_helpers) endif() From f5e27fa3616f33b9662d830fa2b58b553401084a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 17 Jun 2025 23:06:24 +0200 Subject: [PATCH 0624/1548] Revert "update further everest paths" This reverts commit 243b54f3869953a674ff6730685a623a98a1d9cd. Signed-off-by: Valerio Setti --- CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index bda3977d07..a099356389 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -441,7 +441,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE include PRIVATE tf-psa-crypto/include PRIVATE tf-psa-crypto/drivers/builtin/include - PRIVATE tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/ + PRIVATE tf-psa-crypto/drivers/everest/include PRIVATE library PRIVATE tf-psa-crypto/core PRIVATE tf-psa-crypto/drivers/builtin/src) @@ -480,7 +480,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE library PRIVATE tf-psa-crypto/core PRIVATE tf-psa-crypto/drivers/builtin/src - PRIVATE tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/) + PRIVATE tf-psa-crypto/drivers/everest/include) set_config_files_compile_definitions(mbedtls_test_helpers) endif() From 2d7ded653fa6cab47b29870ce4623fd4e1814aad Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 18 Jun 2025 00:08:46 +0200 Subject: [PATCH 0625/1548] scripts: generate_visualc_files: fix include_directories Signed-off-by: Valerio Setti --- scripts/generate_visualc_files.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 714abd739a..5a18afc0c1 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -78,7 +78,7 @@ include tf-psa-crypto/include tf-psa-crypto/drivers/builtin/include - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/ + tf-psa-crypto/drivers/everest/include/ tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/vs2013 tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/kremlib From d9fa0755d906322ac041bf7754b89352002462f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 19 Jun 2025 12:11:55 +0200 Subject: [PATCH 0626/1548] Update tf-psa-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We need #311 Signed-off-by: Manuel Pégourié-Gonnard --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 1a7ceaf8e2..eb77caabba 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 1a7ceaf8e28e6b2a48f3743ce706a339dabeb509 +Subproject commit eb77caabba98c415fe68d2440779b9f9aec6b2a4 From 6a3b877d601cded7ffddb736671503c5ce8d8b79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 19 Jun 2025 12:14:02 +0200 Subject: [PATCH 0627/1548] Remove OID from generate_error.pl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There is no longer any associated error code, so this commit does not change the generated file in any way. Signed-off-by: Manuel Pégourié-Gonnard --- scripts/generate_errors.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index f4154e37cc..977047af54 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -38,7 +38,7 @@ my @low_level_modules = qw( AES ARIA ASN1 BASE64 BIGNUM CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES ENTROPY ERROR GCM HKDF HMAC_DRBG LMS MD5 - NET OID PBKDF2 PLATFORM POLY1305 RIPEMD160 + NET PBKDF2 PLATFORM POLY1305 RIPEMD160 SHA1 SHA256 SHA512 SHA3 THREADING ); my @high_level_modules = qw( CIPHER ECP MD PEM PK PKCS12 PKCS5 From 838a114f051d80207b878b3b8aebdc56b60b1bbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 19 Jun 2025 12:16:38 +0200 Subject: [PATCH 0628/1548] Remove MBEDTLS_OID_C from sample configs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This option no longer exists (and there's a Changelog entry saying so). After this commit, git grep -l -w MBEDTLS_OID_C shows the only remaining occurences are in text files (.txt, .md). Signed-off-by: Manuel Pégourié-Gonnard --- configs/crypto-config-suite-b.h | 1 - configs/crypto-config-thread.h | 1 - 2 files changed, 2 deletions(-) diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h index 3fec3d0f10..dd304c1c5d 100644 --- a/configs/crypto-config-suite-b.h +++ b/configs/crypto-config-suite-b.h @@ -49,7 +49,6 @@ #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C -#define MBEDTLS_OID_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h index f71b1f079a..18206e1a9f 100644 --- a/configs/crypto-config-thread.h +++ b/configs/crypto-config-thread.h @@ -58,7 +58,6 @@ #define MBEDTLS_ENTROPY_C #define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_MD_C -#define MBEDTLS_OID_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C From 79b513894a28718604f7cb531380bfea0354844f Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 11 Jun 2025 16:04:06 +0100 Subject: [PATCH 0629/1548] Add __attribute__ ((nonstring)) to remove unterminated-string-initialization warning Signed-off-by: Felix Conway --- library/ssl_tls13_keys.c | 3 ++- library/ssl_tls13_keys.h | 3 ++- .../psasim/src/aut_psa_aead_encrypt_decrypt.c | 3 ++- .../psasim/src/aut_psa_cipher_encrypt_decrypt.c | 3 ++- tests/suites/test_suite_ssl_decrypt.function | 3 ++- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index dbc703a6c1..51afb044cc 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -80,7 +80,8 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = * the HkdfLabel structure on success. */ -static const char tls13_label_prefix[6] = "tls13 "; +/* We need to tell the compiler that we meant to leave out the null character. */ +static const char tls13_label_prefix[6] __attribute__ ((nonstring)) = "tls13 "; #define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \ (2 /* expansion length */ \ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 14f6e4876c..f6d02b522a 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -40,8 +40,9 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) +/* We need to tell the compiler that we meant to leave out the null character. */ #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - const unsigned char name [sizeof(string) - 1]; + const unsigned char name [sizeof(string) - 1] __attribute__ ((nonstring)); union mbedtls_ssl_tls13_labels_union { MBEDTLS_SSL_TLS1_3_LABEL_LIST diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c index ca090ccc66..83cd3c00dd 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c @@ -25,7 +25,8 @@ int psa_aead_encrypt_decrypt_main(void) uint8_t encrypt[BUFFER_SIZE] = { 0 }; uint8_t decrypt[BUFFER_SIZE] = { 0 }; const uint8_t plaintext[] = "Hello World!"; - const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; + /* We need to tell the compiler that we meant to leave out the null character. */ + const uint8_t key_bytes[32] __attribute__ ((nonstring)) = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; uint8_t nonce[PSA_AEAD_NONCE_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CCM)]; size_t nonce_length = sizeof(nonce); size_t ciphertext_length; diff --git a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c index a923feb618..22d0bfb0f0 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c @@ -25,7 +25,8 @@ int psa_cipher_encrypt_decrypt_main(void) uint8_t original[BUFFER_SIZE] = { 0 }; uint8_t encrypt[BUFFER_SIZE] = { 0 }; uint8_t decrypt[BUFFER_SIZE] = { 0 }; - const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; + /* We need to tell the compiler that we meant to leave out the null character. */ + const uint8_t key_bytes[32] __attribute__ ((nonstring)) = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; size_t encrypted_length; size_t decrypted_length; diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function index 909e6cfa44..72824163a5 100644 --- a/tests/suites/test_suite_ssl_decrypt.function +++ b/tests/suites/test_suite_ssl_decrypt.function @@ -37,7 +37,8 @@ void ssl_decrypt_null(int hash_id) mbedtls_ssl_write_version(rec_good.ver, MBEDTLS_SSL_TRANSPORT_STREAM, version); - const char sample_plaintext[3] = "ABC"; + /* We need to tell the compiler that we meant to leave out the null character. */ + const char sample_plaintext[3] __attribute__ ((nonstring)) = "ABC"; mbedtls_ssl_context ssl; mbedtls_ssl_init(&ssl); uint8_t *buf = NULL; From 5b84ae14e9f09aae0597d1ab5bd3ed356159f9ba Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 12 Jun 2025 11:28:56 +0100 Subject: [PATCH 0630/1548] Replace __attribute__((nonstring)) with macro MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING This macro applies __attribute__((nonstring)) when using a compiler that supports it Signed-off-by: Felix Conway --- library/ssl_tls13_keys.c | 2 +- library/ssl_tls13_keys.h | 2 +- .../psasim/src/aut_psa_aead_encrypt_decrypt.c | 3 ++- .../psasim/src/aut_psa_cipher_encrypt_decrypt.c | 3 ++- tests/suites/test_suite_ssl_decrypt.function | 2 +- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 51afb044cc..865e02c2dc 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -81,7 +81,7 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels = */ /* We need to tell the compiler that we meant to leave out the null character. */ -static const char tls13_label_prefix[6] __attribute__ ((nonstring)) = "tls13 "; +static const char tls13_label_prefix[6] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "tls13 "; #define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \ (2 /* expansion length */ \ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index f6d02b522a..1509e9a4d4 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -42,7 +42,7 @@ /* We need to tell the compiler that we meant to leave out the null character. */ #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - const unsigned char name [sizeof(string) - 1] __attribute__ ((nonstring)); + const unsigned char name [sizeof(string) - 1] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING; union mbedtls_ssl_tls13_labels_union { MBEDTLS_SSL_TLS1_3_LABEL_LIST diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c index 83cd3c00dd..313397bbcd 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c @@ -26,7 +26,8 @@ int psa_aead_encrypt_decrypt_main(void) uint8_t decrypt[BUFFER_SIZE] = { 0 }; const uint8_t plaintext[] = "Hello World!"; /* We need to tell the compiler that we meant to leave out the null character. */ - const uint8_t key_bytes[32] __attribute__ ((nonstring)) = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; + const uint8_t key_bytes[32] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; uint8_t nonce[PSA_AEAD_NONCE_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CCM)]; size_t nonce_length = sizeof(nonce); size_t ciphertext_length; diff --git a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c index 22d0bfb0f0..30b6982e04 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c @@ -26,7 +26,8 @@ int psa_cipher_encrypt_decrypt_main(void) uint8_t encrypt[BUFFER_SIZE] = { 0 }; uint8_t decrypt[BUFFER_SIZE] = { 0 }; /* We need to tell the compiler that we meant to leave out the null character. */ - const uint8_t key_bytes[32] __attribute__ ((nonstring)) = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; + const uint8_t key_bytes[32] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; size_t encrypted_length; size_t decrypted_length; diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function index 72824163a5..37265def88 100644 --- a/tests/suites/test_suite_ssl_decrypt.function +++ b/tests/suites/test_suite_ssl_decrypt.function @@ -38,7 +38,7 @@ void ssl_decrypt_null(int hash_id) MBEDTLS_SSL_TRANSPORT_STREAM, version); /* We need to tell the compiler that we meant to leave out the null character. */ - const char sample_plaintext[3] __attribute__ ((nonstring)) = "ABC"; + const char sample_plaintext[3] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "ABC"; mbedtls_ssl_context ssl; mbedtls_ssl_init(&ssl); uint8_t *buf = NULL; From b9891f1fd2eb3238fc852cb52c9054c7937e51e1 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Fri, 13 Jun 2025 09:36:28 +0100 Subject: [PATCH 0631/1548] Add changelog Signed-off-by: Felix Conway --- ChangeLog.d/unterminated-string-initialization.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/unterminated-string-initialization.txt diff --git a/ChangeLog.d/unterminated-string-initialization.txt b/ChangeLog.d/unterminated-string-initialization.txt new file mode 100644 index 0000000000..75a72cae6b --- /dev/null +++ b/ChangeLog.d/unterminated-string-initialization.txt @@ -0,0 +1,3 @@ +Bugfix + * Silence spurious -Wunterminated-string-initialization warnings introduced + by GCC 15. Fixes #9944. From cfbee27b45d81f784b12fce96888a0b6ae52b4f4 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Sat, 14 Jun 2025 22:13:35 +0100 Subject: [PATCH 0632/1548] Add include so psasim files can find new macro Signed-off-by: Felix Conway --- .../psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c | 1 + .../psasim/src/aut_psa_cipher_encrypt_decrypt.c | 1 + 2 files changed, 2 insertions(+) diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c index 313397bbcd..a8b57c2efb 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c @@ -4,6 +4,7 @@ */ #include "psa/crypto.h" +#include "../tf-psa-crypto/core/common.h" #include #include #include diff --git a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c index 30b6982e04..25c0b8a61e 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c @@ -4,6 +4,7 @@ */ #include "psa/crypto.h" +#include "../tf-psa-crypto/core/common.h" #include #include #include From 69f570643174ecab710b81f713cfd792d3a21d4a Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Thu, 19 Jun 2025 08:55:15 +0100 Subject: [PATCH 0633/1548] Add explanatory comment above #include "../tf-psa-crypto/core/common.h" Signed-off-by: Ari Weiler-Ofek --- .../psasim/src/aut_psa_aead_encrypt_decrypt.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c index a8b57c2efb..17219938b8 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c @@ -4,6 +4,22 @@ */ #include "psa/crypto.h" +/* + * Temporary hack: psasim’s Makefile only does: + * -Itests/psa-client-server/psasim/include + * -I$(MBEDTLS_ROOT_PATH)/include + * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include + * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include + * + * None of those cover tf-psa-crypto/core, so we rely on the + * “-I$(MBEDTLS_ROOT_PATH)/include” entry plus a parent-relative + * include "../tf-psa-crypto/core/common.h" in order to pull in common.h here, + * which in turn gets MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING (to silence the + * new GCC-15 unterminated-string-initialization warning). + * + * See GitHub issue #10223 for the proper long-term fix. + * https://github.com/Mbed-TLS/mbedtls/issues/10223 + */ #include "../tf-psa-crypto/core/common.h" #include #include From 78b0521449ed6efda145028574a29096786ea412 Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Thu, 19 Jun 2025 18:23:32 +0100 Subject: [PATCH 0634/1548] Remove trailing whitespace Signed-off-by: Ari Weiler-Ofek --- .../psasim/src/aut_psa_aead_encrypt_decrypt.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c index 17219938b8..71173d2b52 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c @@ -6,17 +6,15 @@ #include "psa/crypto.h" /* * Temporary hack: psasim’s Makefile only does: - * -Itests/psa-client-server/psasim/include - * -I$(MBEDTLS_ROOT_PATH)/include - * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include - * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include - * + * -Itests/psa-client-server/psasim/include + * -I$(MBEDTLS_ROOT_PATH)/include + * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include + * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include * None of those cover tf-psa-crypto/core, so we rely on the * “-I$(MBEDTLS_ROOT_PATH)/include” entry plus a parent-relative * include "../tf-psa-crypto/core/common.h" in order to pull in common.h here, * which in turn gets MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING (to silence the * new GCC-15 unterminated-string-initialization warning). - * * See GitHub issue #10223 for the proper long-term fix. * https://github.com/Mbed-TLS/mbedtls/issues/10223 */ From 06d64ad6a0503cc6dc1a9584fad8f9ed4c12676e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 20 Jun 2025 12:00:16 +0200 Subject: [PATCH 0635/1548] library: Makefile: use wildcard to select sources for crypto library This gives the possibility to add new source files in tf-psa-crypto library without any need to update this Makefile. Signed-off-by: Valerio Setti --- library/Makefile | 80 +++--------------------------------------------- 1 file changed, 4 insertions(+), 76 deletions(-) diff --git a/library/Makefile b/library/Makefile index fb61911896..2f695c696b 100644 --- a/library/Makefile +++ b/library/Makefile @@ -109,82 +109,10 @@ DLEXT = dylib endif endif -OBJS_CRYPTO= \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_client.o \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_slot_management.o \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_storage.o \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_its_file.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aes.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aesni.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aesce.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/aria.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/asn1parse.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/asn1write.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/base64.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum_core.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum_mod.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/bignum_mod_raw.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/block_cipher.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/camellia.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ccm.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/chacha20.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/chachapoly.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/cipher.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/cipher_wrap.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/cmac.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/constant_time.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ctr_drbg.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/des.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecdh.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecdsa.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecjpake.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecp.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecp_curves.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ecp_curves_new.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/entropy.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/entropy_poll.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/gcm.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/hkdf.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/hmac_drbg.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/lmots.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/lms.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/md.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/md5.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/memory_buffer_alloc.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/nist_kw.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/oid.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pem.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pk.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pk_ecc.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pk_wrap.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkcs12.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkcs5.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkparse.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/pkwrite.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/platform.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/platform_util.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/poly1305.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_aead.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_cipher.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_ecp.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_ffdh.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_hash.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_mac.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_pake.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_crypto_rsa.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/psa_util.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/ripemd160.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/rsa.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/rsa_alt_helpers.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha1.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha256.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha512.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/sha3.o \ - $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/threading.o \ - # This line is intentionally left blank +OBJS_CRYPTO = $(patsubst %.c, %.o,$(wildcard $(TF_PSA_CRYPTO_CORE_PATH)/*.c $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/*.c)) +GENERATED_OBJS_CRYPTO = $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o +OBJS_CRYPTO := $(filter-out $(GENERATED_OBJS_CRYPTO),$(OBJS_CRYPTO)) +OBJS_CRYPTO += $(GENERATED_OBJS_CRYPTO) THIRDPARTY_DIR := $(MBEDTLS_PATH)/tf-psa-crypto/drivers include $(MBEDTLS_PATH)/tf-psa-crypto/drivers/everest/Makefile.inc From 07b95f07ed6e59eb8da873d839fd76c01658ce13 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sun, 22 Jun 2025 21:15:52 +0100 Subject: [PATCH 0636/1548] Updated framework pointer (release-sync) Signed-off-by: Minos Galanakis --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 977db0c8bc..2a3e2c5ea0 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 977db0c8bcb083b436652d9339bd142f46bf64bb +Subproject commit 2a3e2c5ea053c14b745dbdf41f609b1edc6a72fa From ed7c0d146ba3e6ad3f84f000b74ee7d8d1a4b7da Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sun, 22 Jun 2025 21:16:15 +0100 Subject: [PATCH 0637/1548] Updated tf-psa-crypto pointer (release-sync) Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index eb77caabba..a07506eab0 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit eb77caabba98c415fe68d2440779b9f9aec6b2a4 +Subproject commit a07506eab0b693152d5a522273b812d222ddd87c From 95c48b3b44cfbbf57b72fef635f396b6abdcc6b5 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Mon, 23 Jun 2025 14:11:00 +0100 Subject: [PATCH 0638/1548] Turn Wunterminated-string-initialization back into an error Signed-off-by: Felix Conway --- tests/scripts/components-compiler.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 6f311ac921..9e74572c13 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -93,9 +93,6 @@ component_test_gcc15_drivers_opt () { scripts/config.py full loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" loc_cflags="${loc_cflags} -I../framework/tests/include -O2" - # Allow a warning that we don't yet comply to. - # https://github.com/Mbed-TLS/mbedtls/issues/9944 - loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization" make CC=$GCC_15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" From 8e8dc114068d835f549d0d06e320cf3fa17b4c88 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Jun 2025 11:29:11 +0200 Subject: [PATCH 0639/1548] scripts: generate_visualc_files: remove temporary Everest path fixes Remove temporary path fixes for Everest's headers that were introduced in #10225. Only the new and correct path of the header files is kept. Signed-off-by: Valerio Setti --- scripts/generate_visualc_files.pl | 60 +++++++++---------------------- 1 file changed, 16 insertions(+), 44 deletions(-) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 5a18afc0c1..ef684b79d8 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -49,20 +49,9 @@ my $test_drivers_header_dir = 'framework/tests/include/test/drivers'; my $test_drivers_source_dir = 'framework/tests/src/drivers'; -# This is a dirty patch to allow mbedtls#10091 to be merged without updating -# tf-psa-crypto to psa#235. Once psa#235 will be merged, this dirty fix can -# be removed. -# The same holds also for @include_directories below. -my @thirdparty_header_dirs; -if (-d "tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest") { - @thirdparty_header_dirs = qw( - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest - ); -} else { - @thirdparty_header_dirs = qw( - tf-psa-crypto/drivers/everest/include/everest - ); -} +my @thirdparty_header_dirs = qw( + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest +); my @thirdparty_source_dirs = qw( tf-psa-crypto/drivers/everest/library tf-psa-crypto/drivers/everest/library/kremlib @@ -72,36 +61,19 @@ # Directories to add to the include path. # Order matters in case there are files with the same name in more than # one directory: the compiler will use the first match. -my @include_directories; -if (-d "tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest") { - @include_directories = qw( - include - tf-psa-crypto/include - tf-psa-crypto/drivers/builtin/include - tf-psa-crypto/drivers/everest/include/ - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/vs2013 - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/kremlib - tests/include - tf-psa-crypto/tests/include - framework/tests/include - framework/tests/programs - ); -} else { - @include_directories = qw( - include - tf-psa-crypto/include - tf-psa-crypto/drivers/builtin/include - tf-psa-crypto/drivers/everest/include/ - tf-psa-crypto/drivers/everest/include/everest - tf-psa-crypto/drivers/everest/include/everest/vs2013 - tf-psa-crypto/drivers/everest/include/everest/kremlib - tests/include - tf-psa-crypto/tests/include - framework/tests/include - framework/tests/programs - ); -} +my @include_directories = qw( + include + tf-psa-crypto/include + tf-psa-crypto/drivers/builtin/include + tf-psa-crypto/drivers/everest/include/ + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/vs2013 + tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/kremlib + tests/include + tf-psa-crypto/tests/include + framework/tests/include + framework/tests/programs +); my $include_directories = join(';', map {"../../$_"} @include_directories); # Directories to add to the include path when building the libraries, but not From b836d468705ac4a2e2d65bdd1ee8c8df44b97a52 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Jun 2025 17:18:47 +0200 Subject: [PATCH 0640/1548] Fix accidentally skipped test assertion Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 4567dbdadb..a6f368520b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5939,7 +5939,9 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) } else { ret = mbedtls_test_move_handshake_to_state(&client_ep.ssl, &server_ep.ssl, state); } - TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_WANT_READ || MBEDTLS_ERR_SSL_WANT_WRITE); + if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + TEST_EQUAL(ret, 0); + } char label[] = "test-label"; uint8_t key_buffer[24] = { 0 }; From 760608d47b9bb3a73239701e1fba9f47eeedd654 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Jun 2025 17:26:35 +0200 Subject: [PATCH 0641/1548] Properly initialize SSL endpoint objects In some cases, we were calling `mbedtls_test_ssl_endpoint_free()` on an uninitialized `mbedtls_test_ssl_endpoint` object if the test case failed early, e.g. due to `psa_crypto_init()` failing. This was largely harmless, but could have caused weird test results in case of failure, and was flagged by Coverity. Use a more systematic style for initializing the stack object as soon as it's declared. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 54 +++++++++++++++++----------- 1 file changed, 33 insertions(+), 21 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index a6f368520b..58212bad9c 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2879,6 +2879,7 @@ void mbedtls_endpoint_sanity(int endpoint_type) { enum { BUFFSIZE = 1024 }; mbedtls_test_ssl_endpoint ep; + memset(&ep, 0, sizeof(ep)); int ret = -1; mbedtls_test_handshake_test_options options; mbedtls_test_init_handshake_options(&options); @@ -2910,6 +2911,8 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int { enum { BUFFSIZE = 1024 }; mbedtls_test_ssl_endpoint base_ep, second_ep; + memset(&base_ep, 0, sizeof(base_ep)); + memset(&second_ep, 0, sizeof(second_ep)); int ret = -1; (void) tls_version; @@ -2935,8 +2938,6 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int #endif MD_OR_USE_PSA_INIT(); - mbedtls_platform_zeroize(&base_ep, sizeof(base_ep)); - mbedtls_platform_zeroize(&second_ep, sizeof(second_ep)); ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options, NULL, NULL, NULL); @@ -3587,6 +3588,8 @@ void force_bad_session_id_len() enum { BUFFSIZE = 1024 }; mbedtls_test_handshake_test_options options; mbedtls_test_ssl_endpoint client, server; + memset(&client, 0, sizeof(client)); + memset(&server, 0, sizeof(server)); mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern; mbedtls_test_message_socket_context server_context, client_context; @@ -3597,9 +3600,6 @@ void force_bad_session_id_len() options.srv_log_obj = &srv_pattern; options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - mbedtls_platform_zeroize(&client, sizeof(client)); - mbedtls_platform_zeroize(&server, sizeof(server)); - mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); MD_OR_USE_PSA_INIT(); @@ -3782,6 +3782,8 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) { enum { BUFFSIZE = 17000 }; mbedtls_test_ssl_endpoint client, server; + memset(&client, 0, sizeof(client)); + memset(&server, 0, sizeof(server)); mbedtls_psa_stats_t stats; size_t free_slots_before = -1; mbedtls_test_handshake_test_options client_options, server_options; @@ -3791,8 +3793,6 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; MD_OR_USE_PSA_INIT(); - mbedtls_platform_zeroize(&client, sizeof(client)); - mbedtls_platform_zeroize(&server, sizeof(server)); /* Client side, force SECP256R1 to make one key bitflip fail * the raw key agreement. Flipping the first byte makes the @@ -3856,6 +3856,8 @@ void tls13_server_certificate_msg_invalid_vector_len() { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); unsigned char *buf, *end; size_t buf_len; int step = 0; @@ -3867,8 +3869,6 @@ void tls13_server_certificate_msg_invalid_vector_len() /* * Test set-up */ - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); MD_OR_USE_PSA_INIT(); @@ -4105,12 +4105,12 @@ void tls13_resume_session_with_ticket() { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -4190,6 +4190,8 @@ void tls13_read_early_data(int scenario) const char *early_data = "This is early data."; size_t early_data_len = strlen(early_data); mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -4200,8 +4202,6 @@ void tls13_read_early_data(int scenario) MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -4389,6 +4389,8 @@ void tls13_cli_early_data_state(int scenario) { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -4399,8 +4401,6 @@ void tls13_cli_early_data_state(int scenario) }; uint8_t client_random[MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -4762,6 +4762,8 @@ void tls13_write_early_data(int scenario) { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -4772,8 +4774,6 @@ void tls13_write_early_data(int scenario) }; int beyond_first_hello = 0; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -5111,6 +5111,8 @@ void tls13_cli_max_early_data_size(int max_early_data_size_arg) { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -5120,8 +5122,6 @@ void tls13_cli_max_early_data_size(int max_early_data_size_arg) uint32_t written_early_data_size = 0; uint32_t read_early_data_size = 0; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -5264,6 +5264,8 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -5282,8 +5284,6 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in uint32_t written_early_data_size = 0; uint32_t max_early_data_size; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -5709,6 +5709,8 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int uint8_t *key_buffer_server = NULL; uint8_t *key_buffer_client = NULL; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); @@ -5754,6 +5756,8 @@ void ssl_tls_exporter_uses_label(int proto) int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); @@ -5793,6 +5797,8 @@ void ssl_tls_exporter_uses_context(int proto) int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); @@ -5833,6 +5839,8 @@ void ssl_tls13_exporter_uses_length(void) int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); @@ -5876,6 +5884,8 @@ void ssl_tls_exporter_rejects_bad_parameters( char *label = NULL; uint8_t *context = NULL; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; TEST_ASSERT(exported_key_length > 0); @@ -5914,6 +5924,8 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) int ret = -1; mbedtls_test_ssl_endpoint server_ep, client_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; mbedtls_test_init_handshake_options(&options); From 3388c4acee780726dd3c5c5aabebc9c96bcf8cc1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 6 Jun 2025 15:56:59 +0200 Subject: [PATCH 0642/1548] library: debug: add support for RSA keys in PSA friendly format Signed-off-by: Valerio Setti --- library/debug.c | 109 +++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 98 insertions(+), 11 deletions(-) diff --git a/library/debug.c b/library/debug.c index 5210f0c684..fc2f089cbe 100644 --- a/library/debug.c +++ b/library/debug.c @@ -220,20 +220,20 @@ void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names static void mbedtls_debug_print_ec_coord(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const unsigned char *buf, size_t len) { char str[DEBUG_BUF_SIZE]; - size_t i, idx = 0; + size_t i, len_bytes = PSA_BITS_TO_BYTES(len), idx = 0; mbedtls_snprintf(str + idx, sizeof(str) - idx, "value of '%s' (%u bits) is:\n", - text, (unsigned int) len * 8); + text, (unsigned int) len); debug_send_line(ssl, level, file, line, str); - for (i = 0; i < len; i++) { + for (i = 0; i < len_bytes; i++) { if (i >= 4096) { break; } @@ -251,16 +251,14 @@ static void mbedtls_debug_print_ec_coord(const mbedtls_ssl_context *ssl, int lev (unsigned int) buf[i]); } - if (len > 0) { - for (/* i = i */; i % 16 != 0; i++) { - idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " "); - } - + if (len_bytes > 0) { mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); debug_send_line(ssl, level, file, line, str); } } +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY || MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const mbedtls_pk_context *pk) @@ -283,15 +281,99 @@ static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level /* X coordinate */ coord_start = pk->pub_raw + 1; mbedtls_snprintf(str, sizeof(str), "%s(X)", text); - mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len); + mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len * 8); /* Y coordinate */ coord_start = coord_start + coord_len; mbedtls_snprintf(str, sizeof(str), "%s(Y)", text); - mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len); + mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len * 8); } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +#if defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names +static size_t debug_count_valid_bits(unsigned char **buf, size_t len) +{ + size_t i, bits; + + /* Ignore initial null bytes (if any). */ + while ((len > 0) && (**buf == 0x00)) { + (*buf)++; + len--; + } + + if (len == 0) { + return 0; + } + + bits = len * 8; + + /* Ignore initial null bits (if any). */ + for (i = 7; i > 0; i--) { + if ((**buf & (0x1 << i)) != 0) { + break; + } + bits--; + } + + return bits; +} + +static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_pk_context *pk) +{ + char str[DEBUG_BUF_SIZE]; + unsigned char key_der[MBEDTLS_PK_MAX_RSA_PUBKEY_RAW_LEN]; //no-check-names + unsigned char *start_cur; + unsigned char *end_cur; + size_t len, bits; + int ret; + + if (pk->pub_raw_len > sizeof(key_der)) { + return; + } + + memcpy(key_der, pk->pub_raw, pk->pub_raw_len); + start_cur = key_der; + end_cur = key_der + pk->pub_raw_len; + + ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len, + MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED); + if (ret != 0) { + return; + } + + ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len, MBEDTLS_ASN1_INTEGER); + if (ret != 0) { + return; + } + + bits = debug_count_valid_bits(&start_cur, len); + if (bits == 0) { + return; + } + len = PSA_BITS_TO_BYTES(bits); + + mbedtls_snprintf(str, sizeof(str), "%s.N", text); + mbedtls_debug_print_ec_coord(ssl, level, file, line, str, start_cur, bits); + + start_cur += len; + + ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len, MBEDTLS_ASN1_INTEGER); + if (ret != 0) { + return; + } + + bits = debug_count_valid_bits(&start_cur, len); + if (bits == 0) { + return; + } + + mbedtls_snprintf(str, sizeof(str), "%s.E", text); + mbedtls_debug_print_ec_coord(ssl, level, file, line, str, start_cur, bits); +} +#endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names + static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const mbedtls_pk_context *pk) @@ -321,6 +403,11 @@ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value); } else #endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names + if (items[i].type == MBEDTLS_PK_DEBUG_PSA_RSA) { //no-check-names + mbedtls_debug_print_psa_rsa(ssl, level, file, line, name, items[i].value); + } else +#endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) if (items[i].type == MBEDTLS_PK_DEBUG_PSA_EC) { mbedtls_debug_print_psa_ec(ssl, level, file, line, name, items[i].value); From 11345e9de3b17ff3001770f2994dc16f276f13b3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 10 Jun 2025 13:39:44 +0200 Subject: [PATCH 0643/1548] tests: x509parse: fix return values for invalid RSA keys Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.data | 4 +-- tests/suites/test_suite_x509parse.function | 33 +++++++++++++++------- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index c7c465b7e6..c0850b6db7 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1770,11 +1770,11 @@ x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv RSA modulus) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY X509 CRT ASN1 (TBS, inv SubPubKeyInfo, total length mismatch) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 09b248e8fe..8f0da5a9cb 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1118,17 +1118,29 @@ exit: void x509parse_crt(data_t *buf, char *result_str, int result) { mbedtls_x509_crt crt; -#if !defined(MBEDTLS_X509_REMOVE_INFO) + #if !defined(MBEDTLS_X509_REMOVE_INFO) unsigned char output[2000] = { 0 }; - int res; -#else + #else ((void) result_str); -#endif + #endif + /* Pick an error which is not used in the test_suite_x509parse.data file. */ + int result_ext = MBEDTLS_ERR_ERROR_GENERIC_ERROR; + int res; + +#if !defined(MBEDTLS_PK_USE_PSA_RSA_DATA) + /* Support for mbedtls#10213 before psa#308. Once psa#308 will be + * merged this dirty fix can be removed. */ + if (result == MBEDTLS_ERR_PK_INVALID_PUBKEY) { + result_ext = MBEDTLS_ERR_ASN1_UNEXPECTED_TAG; + } +#endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ mbedtls_x509_crt_init(&crt); USE_PSA_INIT(); - TEST_EQUAL(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len), result); + res = mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len); + fprintf(stderr, "\n res=%d, result=%d, result_ext=%d \n", res, result, result_ext); + TEST_ASSERT((res == result) || (res == result_ext)); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); @@ -1143,7 +1155,8 @@ void x509parse_crt(data_t *buf, char *result_str, int result) mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_init(&crt); - TEST_EQUAL(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len), result); + res = mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len); + TEST_ASSERT((res == result) || (res == result_ext)); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { memset(output, 0, 2000); @@ -1161,8 +1174,8 @@ void x509parse_crt(data_t *buf, char *result_str, int result) mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_init(&crt); - TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, NULL), - result); + res = mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, NULL); + TEST_ASSERT((res == result) || (res == result_ext)); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); @@ -1178,8 +1191,8 @@ void x509parse_crt(data_t *buf, char *result_str, int result) mbedtls_x509_crt_free(&crt); mbedtls_x509_crt_init(&crt); - TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, NULL), - result); + res = mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, NULL); + TEST_ASSERT((res == result) || (res == result_ext)); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); From 2747ac1e70525099d2a549a00f449fa40875c75b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 10 Jun 2025 13:42:58 +0200 Subject: [PATCH 0644/1548] tests: x509parse: fix RSA key in DER certificates The previous key was not correct so it could not be imported into PSA for validation inside the PK module. Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.data | 434 ++++++++++++------------- 1 file changed, 217 insertions(+), 217 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index c0850b6db7..c2a7f30fd9 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1330,15 +1330,15 @@ x509parse_crt:"30293014a012021100000000000000000000000000000000300d06092a864886f X509 CRT ASN1 (TBS, valid version tag + length, unknown version number 3) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201038204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION +x509parse_crt:"308196308180a0030201038204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION X509 CRT ASN1 (TBS, valid version tag + length, unknown version number 4) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201048204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION +x509parse_crt:"308196308180a0030201048204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION X509 CRT ASN1 (TBS, valid version tag + length, version number overflow) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308199308183a00602047FFFFFFF8204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION +x509parse_crt:"308199308183a00602047FFFFFFF8204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION X509 CRT ASN1 (TBS, serial missing) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C @@ -1370,47 +1370,47 @@ x509parse_crt:"3022300da0030201028204deadbeef0500300d06092a864886f70d01010b05000 X509 CRT ASN1 (TBS, inv AlgID, OID missing) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307b3073a0030201008204deadbeef3000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff3000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"307b3073a0030201008204deadbeef3000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff0201033000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv AlgID, OID tag wrong) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307f3075a0030201008204deadbeef30020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"307f3075a0030201008204deadbeef30020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv AlgID, OID inv length encoding) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307f3075a0030201008204deadbeef30020685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"307f3075a0030201008204deadbeef30020685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv AlgID, OID length out of bounds) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307f3075a0030201008204deadbeef30020601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"307f3075a0030201008204deadbeef30020601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv AlgID, OID empty) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020600030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) +x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020600030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) X509 CRT ASN1 (TBS, inv AlgID, OID unknown) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30060604deadbeef030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) +x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330060604deadbeef030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) X509 CRT ASN1 (TBS, inv AlgID, param inv length encoding) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv AlgID, param length out of bounds) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv AlgID, param length mismatch) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"30819a308182a0030201008204deadbeef300f06092a864886f70d01010b06010000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300f06092a864886f70d01010b06010000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"30819a308182a0030201008204deadbeef300f06092a864886f70d01010b06010000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300f06092a864886f70d01010b06010000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv AlgID, params present but empty) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0600030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0600030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG X509 CRT ASN1 (TBS, inv AlgID, bad RSASSA-PSS params) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_X509_RSASSA_PSS_SUPPORT -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010a3100300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010a3100030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010a3100300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010a3100030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, Issuer missing) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C @@ -1434,83 +1434,83 @@ x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b050030013 X509 CRT ASN1 (TBS, inv Issuer, RDNSequence empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201028204deadbeef300d06092a864886f70d01010b05003000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081893074a0030201028204deadbeef300d06092a864886f70d01010b05003000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, RDN inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Issuer, RDN inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023185301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023185301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Issuer, RDN length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023101301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023101301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, RDN empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023100301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023100301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023085301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023085301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023001301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023001301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv no length data) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b050030053103300106301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b050030053103300106301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020685301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020685301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020601301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020601301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020600301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020600301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); +x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b050030073105300306000c301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b050030073105300306000c301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000C85301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000C85301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000c01301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000c01301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length mismatch) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300a3108300606000c010000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300a3108300606000c010000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv Issuer, 2nd AttributeTypeValue empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300e310c300806000c04546573743000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300e310c300806000c04546573743000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, Validity missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 @@ -1534,63 +1534,63 @@ x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c3 X509 CRT ASN1 (TBS, inv Validity, notBefore missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30793064a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743000300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30793064a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743000300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notBefore inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430020500300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430020500300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Validity, notBefore no length) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307a3065a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c0454657374300117300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"307a3065a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c0454657374300117300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notBefore inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743002178f300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743002178f300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Validity, notBefore length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430021701300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430021701300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notBefore empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a3008060013045465737430101700170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE +x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a3008060013045465737430101700170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE X509 CRT ASN1 (TBS, inv Validity, notBefore invalid) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE X509 CRT ASN1 (TBS, inv Validity, notAfter missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300e170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300e170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notAfter inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935390500300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935390500300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Validity, notAfter length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300f170c30393132333132333539353917300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300f170c30393132333132333539353917300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notAfter inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391785300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391785300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Validity, notAfter length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391701300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391701300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notAfter empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE +x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE X509 CRT ASN1 (TBS, inv Validity, notAfter invalid) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303931323331323335393539170c303930313031303000000000300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303931323331323335393539170c303930313031303000000000300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE X509 CRT ASN1 (TBS, inv Validity, data remaining after 'notAfter') depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303930313031303030303030170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303930313031303030303030170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, Subject missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 @@ -1614,79 +1614,79 @@ x509parse_crt:"305d3048a0030201008204deadbeef300d06092a864886f70d01010b0500300c3 X509 CRT ASN1 (TBS, inv Subject, RDN inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930020500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Subject, RDN inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023185302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023185302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Subject, RDN length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023101302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023101302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, RDN empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023100302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023100302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431020500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023085302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023085302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023001302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023001302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023000302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv no length data) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930053103300106302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930053103300106302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020685302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020685302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type length out of bounds ) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020601302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020601302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020600302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020600302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000500302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); +x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930073105300306000c302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930073105300306000c302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000C85302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000C85302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000c01302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000c01302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length mismatch) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300a3108300606000c010000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300a3108300606000c010000302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv Subject, 2nd AttributeTypeValue empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300e310c300806000c04546573743000302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300e310c300806000c04546573743000302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, SubPubKeyInfo missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 @@ -1730,11 +1730,11 @@ x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c3 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d300003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d30000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm unknown) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010100050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_UNKNOWN_PK_ALG +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010005000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_UNKNOWN_PK_ALG X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 @@ -1795,263 +1795,263 @@ x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b05003 # and hence we obtain an INVALID_TAG error during extension parsing. X509 CRT ASN1 (TBS, inv IssuerID, inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff0201030500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv IssuerID, length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a1300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv IssuerID, inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv IssuerID, length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a1000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"308199308183a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, IssuerID unsupported in v1 CRT) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, SubjectID unsupported in v1 CRT) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv v3Ext, inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a2000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a2000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv v3Ext, outer length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819b308185a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30819b308185a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, outer length inv encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a385300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a385300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, outer length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a301300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a301300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, outer length 0) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a300300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a300300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, inner tag invalid) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv v3Ext, inner length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819d308187a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30819d308187a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, inner length inv encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, inner length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, inner/outer length mismatch) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a303300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a303300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv v3Ext, first ext inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv v3Ext, first ext length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a303300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a303300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, inv first ext length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, first ext length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, first ext empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a130818ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a130818ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, no extnValue) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a306300430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, inv critical tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv v3Ext, critical length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a330818da0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30730053003060001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a330818da0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30730053003060001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, critical inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, critical length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, critical length 0) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3083006300406000100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, critical length 2) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30a30083006060001020000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30a30083006060001020000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, extnValue inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b3009300706000101000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv v3Ext, extnValue length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30a30083006060001010004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30a30083006060001010004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, extnValue length inv encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b3009300706000101000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, extnValue length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b3009300706000101000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b3009300706000101000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, data remaining after extnValue) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b3009060001010004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b3009060001010004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, data missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b300930070603551d200400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b300930070603551d200400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, invalid outer tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30c300a30080603551d20040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30c300a30080603551d20040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length inv encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, no policies) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d2004023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d200403300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30e300c300a0603551d200403300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length inv encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, empty policy) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d20040430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid OID tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d200406300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy no OID length) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a310300e300c0603551d2004053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a310300e300c0603551d2004053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy OID length inv encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d200406300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy OID length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d200406300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, unknown critical policy) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE +x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier invalid tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d200409300730050601000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier no length) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081af308199a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3133011300f0603551d2004083006300406010030300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081af308199a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3133011300f0603551d2004083006300406010030300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601003085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d200409300730050601003085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d200409300730050601003001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d200409300730050601003001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv extBasicConstraint, no pathlen length) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a314301230100603551d130101010406300402010102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d130101010406300402010102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv extBasicConstraint, pathlen is INT_MAX) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 @@ -2063,199 +2063,199 @@ mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server1_pathlen X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d13010101040730050201010285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d13010101040730050201010201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d13010101040730050201010200300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d13010101040730050201010200300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen length mismatch) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b430819ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a318301630140603551d13010101040a30080201010201010500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081b430819ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a318301630140603551d13010101040a30080201010201010500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv v3Ext, ExtKeyUsage bad second tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d250416301406082b0601050507030107082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d250416301406082b0601050507030107082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30b300930070603551d110400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b300930070603551d110400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, inv tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d1104020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d1104020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30c300a30080603551d11040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30c300a30080603551d11040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d1104023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d1104023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30d300b30090603551d1104023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d1104023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, data remaining after name SEQUENCE) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d110403300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30e300c300a0603551d110403300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv SubjectAltName, name component length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30e300c300a0603551d110403300180300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30e300c300a0603551d110403300180300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, name component inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d11040430028085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d11040430028085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, name component length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d11040430028001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d11040430028001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, name component unexpected tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d11040430024000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d11040430024000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, otherName component empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a30f300d300b0603551d1104043002a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d1104043002a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, otherName invalid OID tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d1104063004a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d1104063004a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a310300e300c0603551d1104053003a00106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a310300e300c0603551d1104053003a00106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d1104063004a0020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d1104063004a0020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d1104063004a0020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d1104063004a0020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName EXPLICIT tag missing depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b530819fa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a319301730150603551d11040e300ca00a06082b06010505070804300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b530819fa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a319301730150603551d11040e300ca00a06082b06010505070804300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName unexpected EXPLICIT tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b060105050708040500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b060105050708040500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b63081a0a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31a301830160603551d11040f300da00b06082b06010505070804a0300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b63081a0a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31a301830160603551d11040f300da00b06082b06010505070804a0300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inv outer length) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b06010505070804a085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b06010505070804a085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b06010505070804a001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b06010505070804a001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length 0) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31b301930170603551d110410300ea00c06082b06010505070804a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b06010505070804a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner tag invalid) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b83081a2a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31c301a30180603551d110411300fa00d06082b06010505070804a00130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b83081a2a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31c301a30180603551d110411300fa00d06082b06010505070804a00130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length inv encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName empty) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName unexpected OID tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID no length) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ba3081a4a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31e301c301a0603551d1104133011a00f06082b06010505070804a003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ba3081a4a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31e301c301a0603551d1104133011a00f06082b06010505070804a003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data invalid tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bc3081a6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a320301e301c0603551d1104153013a01106082b06010505070804a0053003060004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081bc3081a6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a320301e301c0603551d1104153013a01106082b06010505070804a0053003060004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #1) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083006060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083006060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #2) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #3) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a3233021301f0603551d1104183016a01406082b06010505070804a0063004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3233021301f0603551d1104183016a01406082b06010505070804a0063004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv v3Ext, SubjectAltName repeated) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a340303e301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS +x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a340303e301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS X509 CRT ASN1 (TBS, inv v3Ext, ExtKeyUsage repeated) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS +x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS X509 CRT ASN1 (TBS, inv v3Ext, SubjectAltName repeated outside Extensions) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT (TBS, valid v3Ext in v3 CRT) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 +x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 X509 CRT ASN1 (TBS, valid v3Ext in v1 CRT) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, valid v3Ext in v2 CRT) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, valid SubjectID, valid IssuerID, inv v3Ext, SubjectAltName repeated outside Extensions, inv SubjectAltNames tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 @@ -2263,117 +2263,117 @@ x509parse_crt:"308203723082025aa003020102020111300d06092a864886f70d0101050500303 X509 CRT ASN1 (SignatureAlgorithm missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081aa3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081aa3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv SignatureAlgorithm, bad tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573740500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573740500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (inv SignatureAlgorithm, length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ab3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e7465737430":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ab3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e7465737430":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv SignatureAlgorithm, inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743085":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743085":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (inv SignatureAlgorithm, length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv SignatureAlgorithm, not the same as SignatureAlgorithm in TBS) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010a0500030200ff":"":MBEDTLS_ERR_X509_SIG_MISMATCH +x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010a0500030200ff":"":MBEDTLS_ERR_X509_SIG_MISMATCH X509 CRT ASN1 (Signature missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081b93081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081b93081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv Signature, bad tag) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (inv Signature, length missing) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081ba3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b050003":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081ba3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b050003":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv Signature, inv length encoding) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000385":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) +x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000385":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (inv Signature, length out of bounds) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000301":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) +x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000301":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv Signature, inv data #1) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 # signature = bit string with invalid encoding (missing number of unused bits) -x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000300":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) +x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000300":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) X509 CRT ASN1 (inv Signature, inv data #2) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 # signature = bit string with invalid encoding (number of unused bits too large) -x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030108":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) +x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030108":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) X509 CRT ASN1 (empty Signature) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 # signature = empty bit string in DER encoding -x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030100":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 +x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030100":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 X509 CRT ASN1 (dummy 24-bit Signature) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 # signature = bit string "011001100110111101101111" -x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030400666f6f":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 +x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030400666f6f":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 # The ASN.1 module rejects non-octet-aligned bit strings. X509 CRT ASN1 (inv Signature: not octet-aligned) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 # signature = bit string "01100110011011110110111" -x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030401666f6e":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) +x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030401666f6e":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) X509 CRT ASN1 (inv Signature, length mismatch) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"3081be3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff00":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) +x509parse_crt:"3081be3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff00":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (well-formed) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (GeneralizedTime in notBefore, UTCTime in notAfter) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2010-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2010-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (UTCTime in notBefore, GeneralizedTime in notAfter) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303931323331323335393539180e3230313030313031303030303030300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-12-31 23\:59\:59\nexpires on \: 2010-01-01 00\:00\:00\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303931323331323335393539180e3230313030313031303030303030300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-12-31 23\:59\:59\nexpires on \: 2010-01-01 00\:00\:00\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with X520 CN) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: CN=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: CN=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with X520 C) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: C=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: C=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with X520 L) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: L=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: L=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with X520 ST) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ST=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ST=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with X520 O) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: O=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: O=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with X520 OU) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: OU=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: OU=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with unknown X520 part) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with composite RDN) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 @@ -2381,11 +2381,11 @@ x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d0101050 X509 CRT ASN1 (Name with PKCS9 email) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with unknown PKCS9 part) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 +x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (ECDSA signature, RSA key) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_ECDSA @@ -2421,19 +2421,19 @@ x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516 X509 CRT ASN1 (Unsupported critical policy recognized by callback) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 +x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010101040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 X509 CRT ASN1 (Unsupported critical policy not recognized by callback) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE +x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE X509 CRT ASN1 (Unsupported non critical policy recognized by callback) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 +x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010100040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 X509 CRT ASN1 (Unsupported non critical policy not recognized by callback) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 -x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060100300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 +x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010100040730053003060100300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT From 6676f72a5f69b3a6abe6092b0d148c1c7df5862a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Jun 2025 23:05:34 +0200 Subject: [PATCH 0645/1548] library: debug: rename mbedtls_debug_print_ec_coord() Signed-off-by: Valerio Setti --- library/debug.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/debug.c b/library/debug.c index fc2f089cbe..3b58b593bf 100644 --- a/library/debug.c +++ b/library/debug.c @@ -221,9 +221,9 @@ void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names -static void mbedtls_debug_print_ec_coord(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text, - const unsigned char *buf, size_t len) +static void mbedtls_debug_print_integer(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, const char *text, + const unsigned char *buf, size_t len) { char str[DEBUG_BUF_SIZE]; size_t i, len_bytes = PSA_BITS_TO_BYTES(len), idx = 0; @@ -281,12 +281,12 @@ static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level /* X coordinate */ coord_start = pk->pub_raw + 1; mbedtls_snprintf(str, sizeof(str), "%s(X)", text); - mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len * 8); + mbedtls_debug_print_integer(ssl, level, file, line, str, coord_start, coord_len * 8); /* Y coordinate */ coord_start = coord_start + coord_len; mbedtls_snprintf(str, sizeof(str), "%s(Y)", text); - mbedtls_debug_print_ec_coord(ssl, level, file, line, str, coord_start, coord_len * 8); + mbedtls_debug_print_integer(ssl, level, file, line, str, coord_start, coord_len * 8); } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ @@ -355,7 +355,7 @@ static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int leve len = PSA_BITS_TO_BYTES(bits); mbedtls_snprintf(str, sizeof(str), "%s.N", text); - mbedtls_debug_print_ec_coord(ssl, level, file, line, str, start_cur, bits); + mbedtls_debug_print_integer(ssl, level, file, line, str, start_cur, bits); start_cur += len; @@ -370,7 +370,7 @@ static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int leve } mbedtls_snprintf(str, sizeof(str), "%s.E", text); - mbedtls_debug_print_ec_coord(ssl, level, file, line, str, start_cur, bits); + mbedtls_debug_print_integer(ssl, level, file, line, str, start_cur, bits); } #endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names From 1e4423bcfaa0e7b3b983f460c9644260c73872ae Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Jun 2025 23:16:09 +0200 Subject: [PATCH 0646/1548] library: debug: add comment for follow-up in mbedtls_debug_print_psa_rsa() Signed-off-by: Valerio Setti --- library/debug.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/debug.c b/library/debug.c index 3b58b593bf..71872fd3b9 100644 --- a/library/debug.c +++ b/library/debug.c @@ -337,6 +337,8 @@ static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int leve start_cur = key_der; end_cur = key_der + pk->pub_raw_len; + /* This integer parsing solution should be replaced with mbedtls_asn1_get_integer(). + * See #10238. */ ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len, MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED); if (ret != 0) { From 210b61111bcaa92406a9e59504472a81bdcc2dde Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Jun 2025 23:19:05 +0200 Subject: [PATCH 0647/1548] tests: suite_x509parse: fix indentation in x509parse_crt() Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 8f0da5a9cb..3220a6eb9e 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1118,11 +1118,11 @@ exit: void x509parse_crt(data_t *buf, char *result_str, int result) { mbedtls_x509_crt crt; - #if !defined(MBEDTLS_X509_REMOVE_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) unsigned char output[2000] = { 0 }; - #else +#else ((void) result_str); - #endif +#endif /* Pick an error which is not used in the test_suite_x509parse.data file. */ int result_ext = MBEDTLS_ERR_ERROR_GENERIC_ERROR; int res; From 27eb0141b9493f89b8dbd71d6a2fecd331a77b7e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Jun 2025 23:40:18 +0200 Subject: [PATCH 0648/1548] tests: suite_x509parse: rename variable in x509parse_crt() - rename result_ext to result_back_comp - add a comment to describe its purpose Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.function | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 3220a6eb9e..4f0605cd1c 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1123,15 +1123,18 @@ void x509parse_crt(data_t *buf, char *result_str, int result) #else ((void) result_str); #endif - /* Pick an error which is not used in the test_suite_x509parse.data file. */ - int result_ext = MBEDTLS_ERR_ERROR_GENERIC_ERROR; + /* Tests whose result is MBEDTLS_ERR_PK_INVALID_PUBKEY might return + * MBEDTLS_ERR_ASN1_UNEXPECTED_TAG until psa#308 is merged. This variable + * is therefore used for backward compatiblity and will be removed in + * mbedtls#10229. */ + int result_back_comp = result; int res; #if !defined(MBEDTLS_PK_USE_PSA_RSA_DATA) /* Support for mbedtls#10213 before psa#308. Once psa#308 will be * merged this dirty fix can be removed. */ if (result == MBEDTLS_ERR_PK_INVALID_PUBKEY) { - result_ext = MBEDTLS_ERR_ASN1_UNEXPECTED_TAG; + result_back_comp = MBEDTLS_ERR_ASN1_UNEXPECTED_TAG; } #endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ @@ -1139,8 +1142,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result) USE_PSA_INIT(); res = mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len); - fprintf(stderr, "\n res=%d, result=%d, result_ext=%d \n", res, result, result_ext); - TEST_ASSERT((res == result) || (res == result_ext)); + TEST_ASSERT((res == result) || (res == result_back_comp)); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); @@ -1156,7 +1158,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result) mbedtls_x509_crt_init(&crt); res = mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len); - TEST_ASSERT((res == result) || (res == result_ext)); + TEST_ASSERT((res == result) || (res == result_back_comp)); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { memset(output, 0, 2000); @@ -1175,7 +1177,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result) mbedtls_x509_crt_init(&crt); res = mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, NULL); - TEST_ASSERT((res == result) || (res == result_ext)); + TEST_ASSERT((res == result) || (res == result_back_comp)); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); @@ -1192,7 +1194,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result) mbedtls_x509_crt_init(&crt); res = mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, NULL); - TEST_ASSERT((res == result) || (res == result_ext)); + TEST_ASSERT((res == result) || (res == result_back_comp)); #if !defined(MBEDTLS_X509_REMOVE_INFO) if ((result) == 0) { res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt); From a18627a6257b7d6cd1be71b9e3863133245ae882 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Jun 2025 23:50:05 +0200 Subject: [PATCH 0649/1548] library: debug: add comment to explain no-code-check comments Signed-off-by: Valerio Setti --- library/debug.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/debug.c b/library/debug.c index 71872fd3b9..e17f7e01eb 100644 --- a/library/debug.c +++ b/library/debug.c @@ -220,6 +220,7 @@ void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) +/* no-check-names will be removed in mbedtls#10229. */ #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names static void mbedtls_debug_print_integer(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, @@ -256,6 +257,7 @@ static void mbedtls_debug_print_integer(const mbedtls_ssl_context *ssl, int leve debug_send_line(ssl, level, file, line, str); } } +/* no-check-names will be removed in mbedtls#10229. */ #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY || MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) @@ -290,6 +292,7 @@ static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +/* no-check-names will be removed in mbedtls#10229. */ #if defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names static size_t debug_count_valid_bits(unsigned char **buf, size_t len) { @@ -323,6 +326,7 @@ static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int leve const char *text, const mbedtls_pk_context *pk) { char str[DEBUG_BUF_SIZE]; + /* no-check-names will be removed in mbedtls#10229. */ unsigned char key_der[MBEDTLS_PK_MAX_RSA_PUBKEY_RAW_LEN]; //no-check-names unsigned char *start_cur; unsigned char *end_cur; @@ -374,6 +378,7 @@ static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int leve mbedtls_snprintf(str, sizeof(str), "%s.E", text); mbedtls_debug_print_integer(ssl, level, file, line, str, start_cur, bits); } +/* no-check-names will be removed in mbedtls#10229. */ #endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, @@ -405,6 +410,7 @@ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value); } else #endif /* MBEDTLS_RSA_C */ +/* no-check-names will be removed in mbedtls#10229. */ #if defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names if (items[i].type == MBEDTLS_PK_DEBUG_PSA_RSA) { //no-check-names mbedtls_debug_print_psa_rsa(ssl, level, file, line, name, items[i].value); From 0c92466bb04432585e564da5ff7a26c0879a2558 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Jun 2025 23:53:55 +0200 Subject: [PATCH 0650/1548] library: debug: rename len as bitlen in mbedtls_debug_print_integer() Signed-off-by: Valerio Setti --- library/debug.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/debug.c b/library/debug.c index e17f7e01eb..9ded720749 100644 --- a/library/debug.c +++ b/library/debug.c @@ -224,13 +224,13 @@ void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names static void mbedtls_debug_print_integer(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, - const unsigned char *buf, size_t len) + const unsigned char *buf, size_t bitlen) { char str[DEBUG_BUF_SIZE]; - size_t i, len_bytes = PSA_BITS_TO_BYTES(len), idx = 0; + size_t i, len_bytes = PSA_BITS_TO_BYTES(bitlen), idx = 0; mbedtls_snprintf(str + idx, sizeof(str) - idx, "value of '%s' (%u bits) is:\n", - text, (unsigned int) len); + text, (unsigned int) bitlen); debug_send_line(ssl, level, file, line, str); From 069617fdcecf472ea60526c263100248cf2e3036 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 19 Jun 2025 23:56:09 +0200 Subject: [PATCH 0651/1548] library: debug: improve input param check in mbedtls_debug_print_psa_rsa() Signed-off-by: Valerio Setti --- library/debug.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/debug.c b/library/debug.c index 9ded720749..20ef3fd879 100644 --- a/library/debug.c +++ b/library/debug.c @@ -333,6 +333,13 @@ static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int leve size_t len, bits; int ret; + if (NULL == ssl || + NULL == ssl->conf || + NULL == ssl->conf->f_dbg || + level > debug_threshold) { + return; + } + if (pk->pub_raw_len > sizeof(key_der)) { return; } From e0fb40e6fb75547dfe62f818ed64206299d0d234 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 20 Jun 2025 00:08:42 +0200 Subject: [PATCH 0652/1548] library: debug: add error log message in mbedtls_debug_print_psa_rsa() Signed-off-by: Valerio Setti --- library/debug.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/debug.c b/library/debug.c index 20ef3fd879..94b1c2778f 100644 --- a/library/debug.c +++ b/library/debug.c @@ -341,6 +341,10 @@ static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int leve } if (pk->pub_raw_len > sizeof(key_der)) { + snprintf(str, sizeof(str), + "RSA public key too large: %" MBEDTLS_PRINTF_SIZET " > %" MBEDTLS_PRINTF_SIZET, + pk->pub_raw_len, sizeof(key_der)); + debug_send_line(ssl, level, file, line, str); return; } From abfa8acb39bc9d76c7b71239d52c8d8020845937 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Jun 2025 09:26:16 +0200 Subject: [PATCH 0653/1548] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 2a3e2c5ea0..893ad9e845 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 2a3e2c5ea053c14b745dbdf41f609b1edc6a72fa +Subproject commit 893ad9e8450a8e7459679d952abd5d6df26c41c4 From 2c77014bc0a3e4d9381eb9a4b2371e331dc79470 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 15:39:10 +0200 Subject: [PATCH 0654/1548] Copy of text about private identifiers from crypto Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/private-decls.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 docs/4.0-migration-guide/private-decls.md diff --git a/docs/4.0-migration-guide/private-decls.md b/docs/4.0-migration-guide/private-decls.md new file mode 100644 index 0000000000..6ca097af3a --- /dev/null +++ b/docs/4.0-migration-guide/private-decls.md @@ -0,0 +1,14 @@ +## Private declarations + +Sample programs have not been fully updated yet and some of them might still +use APIs that are no longer public. You can recognize them by the fact that they +define the macro `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS` (or +`MBEDTLS_ALLOW_PRIVATE_ACCESS`) at the very top (before including headers). When +you see one of these two macros in a sample program, be aware it has not been +updated and parts of it do not demonstrate current practice. + +We strongly recommend against defining `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS` or +`MBEDTLS_ALLOW_PRIVATE_ACCESS` in your own application. If you do so, your code +may not compile or work with future minor releases. If there's something you +want to do that you feel can only be achieved by using one of these two macros, +please reach out on github or the mailing list. From c10c233676b18a9bdc9452cfff7920bf48fdf0d1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 15:39:35 +0200 Subject: [PATCH 0655/1548] Migration guide: more info about private elements in public headers Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/private-decls.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docs/4.0-migration-guide/private-decls.md b/docs/4.0-migration-guide/private-decls.md index 6ca097af3a..ff974746c5 100644 --- a/docs/4.0-migration-guide/private-decls.md +++ b/docs/4.0-migration-guide/private-decls.md @@ -1,5 +1,24 @@ ## Private declarations +Since Mbed TLS 3.0, some things that are declared in a public header are not part of the stable application programming interface (API), but instead are considered private. Private elements may be removed or may have their semantics changed in a future minor release without notice. + +### Understanding private declarations in public headers + +In Mbed TLS 4.x, private elements in header files include: + +* Anything appearing in a header file whose path contains `/private` (unless re-exported and documented in another non-private header). +* Structure and union fields declared with `MBEDTLS_PRIVATE(field_name)` in the source code, and appearing as `private_field_name` in the rendered documentation. (This was already the case since Mbed TLS 3.0.) +* Any preprocessor macro that is not documented with a Doxygen comment. + In the source code, Doxygen comments start with `/**` or `/*!`. If a macro only has a comment above that starts with `/*`, the macro is considered private. + In the rendered documentation, private macros appear with only an automatically rendered parameter list, value and location, but no custom text. +* Any declaration that is guarded by the preprocessor macro `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS`. + +### Usage of private declarations + +Some private declarations are present in public headers for technical reasons, because they need to be visible to the compiler. Others are present for historical reasons and may be cleaned up in later versions of the library. We strongly recommend against relying on these declarations, since they may be removed or may have their semantics changed without notice. + +Note that Mbed TLS 4.0 still relies on some private interfaces of TF-PSA-Crypto 1.0. We expect to remove this reliance gradually in future minor releases. + Sample programs have not been fully updated yet and some of them might still use APIs that are no longer public. You can recognize them by the fact that they define the macro `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS` (or From 042ee3b3185e1ab0715a785d0206a56efebde74b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Jun 2025 17:18:47 +0200 Subject: [PATCH 0656/1548] Fix accidentally skipped test assertion Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 4567dbdadb..a6f368520b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5939,7 +5939,9 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) } else { ret = mbedtls_test_move_handshake_to_state(&client_ep.ssl, &server_ep.ssl, state); } - TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_WANT_READ || MBEDTLS_ERR_SSL_WANT_WRITE); + if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + TEST_EQUAL(ret, 0); + } char label[] = "test-label"; uint8_t key_buffer[24] = { 0 }; From 0038408f55286ba5436f42523bd235bccfbf0d31 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Jun 2025 17:26:35 +0200 Subject: [PATCH 0657/1548] Properly initialize SSL endpoint objects In some cases, we were calling `mbedtls_test_ssl_endpoint_free()` on an uninitialized `mbedtls_test_ssl_endpoint` object if the test case failed early, e.g. due to `psa_crypto_init()` failing. This was largely harmless, but could have caused weird test results in case of failure, and was flagged by Coverity. Use a more systematic style for initializing the stack object as soon as it's declared. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 54 +++++++++++++++++----------- 1 file changed, 33 insertions(+), 21 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index a6f368520b..58212bad9c 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2879,6 +2879,7 @@ void mbedtls_endpoint_sanity(int endpoint_type) { enum { BUFFSIZE = 1024 }; mbedtls_test_ssl_endpoint ep; + memset(&ep, 0, sizeof(ep)); int ret = -1; mbedtls_test_handshake_test_options options; mbedtls_test_init_handshake_options(&options); @@ -2910,6 +2911,8 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int { enum { BUFFSIZE = 1024 }; mbedtls_test_ssl_endpoint base_ep, second_ep; + memset(&base_ep, 0, sizeof(base_ep)); + memset(&second_ep, 0, sizeof(second_ep)); int ret = -1; (void) tls_version; @@ -2935,8 +2938,6 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int #endif MD_OR_USE_PSA_INIT(); - mbedtls_platform_zeroize(&base_ep, sizeof(base_ep)); - mbedtls_platform_zeroize(&second_ep, sizeof(second_ep)); ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options, NULL, NULL, NULL); @@ -3587,6 +3588,8 @@ void force_bad_session_id_len() enum { BUFFSIZE = 1024 }; mbedtls_test_handshake_test_options options; mbedtls_test_ssl_endpoint client, server; + memset(&client, 0, sizeof(client)); + memset(&server, 0, sizeof(server)); mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern; mbedtls_test_message_socket_context server_context, client_context; @@ -3597,9 +3600,6 @@ void force_bad_session_id_len() options.srv_log_obj = &srv_pattern; options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - mbedtls_platform_zeroize(&client, sizeof(client)); - mbedtls_platform_zeroize(&server, sizeof(server)); - mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); MD_OR_USE_PSA_INIT(); @@ -3782,6 +3782,8 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) { enum { BUFFSIZE = 17000 }; mbedtls_test_ssl_endpoint client, server; + memset(&client, 0, sizeof(client)); + memset(&server, 0, sizeof(server)); mbedtls_psa_stats_t stats; size_t free_slots_before = -1; mbedtls_test_handshake_test_options client_options, server_options; @@ -3791,8 +3793,6 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; MD_OR_USE_PSA_INIT(); - mbedtls_platform_zeroize(&client, sizeof(client)); - mbedtls_platform_zeroize(&server, sizeof(server)); /* Client side, force SECP256R1 to make one key bitflip fail * the raw key agreement. Flipping the first byte makes the @@ -3856,6 +3856,8 @@ void tls13_server_certificate_msg_invalid_vector_len() { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); unsigned char *buf, *end; size_t buf_len; int step = 0; @@ -3867,8 +3869,6 @@ void tls13_server_certificate_msg_invalid_vector_len() /* * Test set-up */ - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); MD_OR_USE_PSA_INIT(); @@ -4105,12 +4105,12 @@ void tls13_resume_session_with_ticket() { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -4190,6 +4190,8 @@ void tls13_read_early_data(int scenario) const char *early_data = "This is early data."; size_t early_data_len = strlen(early_data); mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -4200,8 +4202,6 @@ void tls13_read_early_data(int scenario) MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -4389,6 +4389,8 @@ void tls13_cli_early_data_state(int scenario) { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -4399,8 +4401,6 @@ void tls13_cli_early_data_state(int scenario) }; uint8_t client_random[MBEDTLS_CLIENT_HELLO_RANDOM_LEN]; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -4762,6 +4762,8 @@ void tls13_write_early_data(int scenario) { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -4772,8 +4774,6 @@ void tls13_write_early_data(int scenario) }; int beyond_first_hello = 0; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -5111,6 +5111,8 @@ void tls13_cli_max_early_data_size(int max_early_data_size_arg) { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -5120,8 +5122,6 @@ void tls13_cli_max_early_data_size(int max_early_data_size_arg) uint32_t written_early_data_size = 0; uint32_t read_early_data_size = 0; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -5264,6 +5264,8 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in { int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; @@ -5282,8 +5284,6 @@ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, in uint32_t written_early_data_size = 0; uint32_t max_early_data_size; - mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); - mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); mbedtls_test_init_handshake_options(&client_options); mbedtls_test_init_handshake_options(&server_options); mbedtls_ssl_session_init(&saved_session); @@ -5709,6 +5709,8 @@ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int uint8_t *key_buffer_server = NULL; uint8_t *key_buffer_client = NULL; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); @@ -5754,6 +5756,8 @@ void ssl_tls_exporter_uses_label(int proto) int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); @@ -5793,6 +5797,8 @@ void ssl_tls_exporter_uses_context(int proto) int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); @@ -5833,6 +5839,8 @@ void ssl_tls13_exporter_uses_length(void) int ret = -1; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; MD_OR_USE_PSA_INIT(); @@ -5876,6 +5884,8 @@ void ssl_tls_exporter_rejects_bad_parameters( char *label = NULL; uint8_t *context = NULL; mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; TEST_ASSERT(exported_key_length > 0); @@ -5914,6 +5924,8 @@ void ssl_tls_exporter_too_early(int proto, int check_server, int state) int ret = -1; mbedtls_test_ssl_endpoint server_ep, client_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options options; mbedtls_test_init_handshake_options(&options); From 42bfc164a254a5b658e76daddf04573ef80a487e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 27 Jun 2025 11:00:26 +0100 Subject: [PATCH 0658/1548] Updated tf-psa-crypto pointer (tf-psa-crypto-1.0.0-beta) Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 5ff707caa3..0cc63061c6 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 5ff707caa307bf738128030bfe7d014b65b7eb3e +Subproject commit 0cc63061c6bfc141d64ec8ba562b4c7bca842a6c From 09dc57d323168b2f64ea01a8affc89d2a23fdb08 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 27 Jun 2025 09:29:32 +0100 Subject: [PATCH 0659/1548] Version Bump Signed-off-by: Minos Galanakis --- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- library/CMakeLists.txt | 2 +- library/Makefile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index fb4439adc4..2f79b571ba 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -10,7 +10,7 @@ */ /** - * @mainpage Mbed TLS v4.0.0 API Documentation + * @mainpage Mbed TLS v4.0.0-beta API Documentation * * This documentation describes the internal structure of Mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index cc2c51eba7..04a4f170d0 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -1,4 +1,4 @@ -PROJECT_NAME = "Mbed TLS v4.0.0" +PROJECT_NAME = "Mbed TLS v4.0.0-beta" OUTPUT_DIRECTORY = ../apidoc/ FULL_PATH_NAMES = NO OPTIMIZE_OUTPUT_FOR_C = YES diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index f896850f23..451dbfdb7c 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -171,7 +171,7 @@ if(USE_SHARED_MBEDTLS_LIBRARY) add_library(${mbedx509_target} SHARED ${src_x509}) set_base_compile_options(${mbedx509_target}) target_compile_options(${mbedx509_target} PRIVATE ${LIBS_C_FLAGS}) - set_target_properties(${mbedx509_target} PROPERTIES VERSION 4.0.0 SOVERSION 7) + set_target_properties(${mbedx509_target} PROPERTIES VERSION 4.0.0 SOVERSION 8) target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${tfpsacrypto_target}) add_library(${mbedtls_target} SHARED ${src_tls}) diff --git a/library/Makefile b/library/Makefile index 2f695c696b..a880f26171 100644 --- a/library/Makefile +++ b/library/Makefile @@ -82,7 +82,7 @@ endif endif SOEXT_TLS?=so.21 -SOEXT_X509?=so.7 +SOEXT_X509?=so.8 SOEXT_CRYPTO?=so.16 # Set AR_DASH= (empty string) to use an ar implementation that does not accept From 8bccf16218fafc0491e1ee113f948fbfe8a2f082 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 26 Jun 2025 15:23:39 +0100 Subject: [PATCH 0660/1548] Assemble ChangeLog Signed-off-by: Minos Galanakis --- ChangeLog | 325 ++++++++++++++++++ ChangeLog.d/9126.txt | 5 - ChangeLog.d/9302.txt | 6 - ChangeLog.d/9684.txt | 2 - ChangeLog.d/9685.txt | 2 - ChangeLog.d/9690.txt | 8 - ChangeLog.d/9874.txt | 5 - ChangeLog.d/9892.txt | 4 - ChangeLog.d/9956.txt | 6 - ChangeLog.d/9964.txt | 25 -- ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt | 4 - ChangeLog.d/add-psa-iop-generate-key.txt | 3 - ChangeLog.d/add-psa-iop-key-agreement.txt | 4 - ChangeLog.d/add-psa-key-agreement.txt | 3 - ChangeLog.d/add-tls-exporter.txt | 6 - ChangeLog.d/asn1-missing-guard-in-rsa.txt | 3 - ChangeLog.d/check-config.txt | 9 - ChangeLog.d/configuration-split.txt | 16 - ChangeLog.d/dynamic-keystore.txt | 10 - ChangeLog.d/ecdsa-conversion-overflow.txt | 6 - ChangeLog.d/error-unification.txt | 11 - ChangeLog.d/fix-aesni-asm-clobbers.txt | 5 - .../fix-clang-psa-build-without-dhm.txt | 3 - ...ion-when-memcpy-is-function-like-macro.txt | 2 - ChangeLog.d/fix-compilation-with-djgpp.txt | 2 - ...concurrently-loading-non-existent-keys.txt | 4 - ChangeLog.d/fix-driver-schema-check.txt | 3 - ChangeLog.d/fix-legacy-compression-issue.txt | 6 - .../fix-msvc-version-guard-format-zu.txt | 5 - ChangeLog.d/fix-psa-cmac.txt | 4 - ...nation_warning_messages_for_GNU_SOURCE.txt | 5 - .../fix-rsa-performance-regression.txt | 3 - .../fix-secure-element-key-creation.txt | 5 - ChangeLog.d/fix-server-mode-only-build.txt | 3 - .../fix-string-to-names-memory-management.txt | 18 - .../fix-string-to-names-store-named-data.txt | 8 - ChangeLog.d/fix-test-suite-pk-warnings.txt | 3 - .../fix_reporting_of_key_usage_issues.txt | 11 - ChangeLog.d/fix_ubsan_mp_aead_gcm.txt | 3 - ...tls_psa_ecp_generate_key-no_public_key.txt | 3 - ChangeLog.d/mbedtls_psa_register_se_key.txt | 3 - ...sa_rsa_load_representation-memory_leak.txt | 3 - ChangeLog.d/mbedtls_ssl_set_hostname.txt | 16 - ChangeLog.d/oid.txt | 8 - ChangeLog.d/pk-norsa-warning.txt | 2 - ChangeLog.d/psa-always-on.txt | 10 - ChangeLog.d/psa-crypto-config-always-on.txt | 7 - ...decrypt-ccm_star-iv_length_enforcement.txt | 3 - ChangeLog.d/psa_generate_key_custom.txt | 9 - ChangeLog.d/psa_util-bits-0.txt | 3 - .../psa_util_in_builds_without_psa.txt | 5 - ChangeLog.d/removal-of-rng.txt | 5 - ChangeLog.d/remove-compat-2.x.txt | 2 - ChangeLog.d/remove-crypto-alt-interface.txt | 5 - ChangeLog.d/remove-via-padlock-support.txt | 3 - ChangeLog.d/remove_RSA_key_exchange.txt | 2 - .../replace-close-with-mbedtls_net_close.txt | 4 - ChangeLog.d/repo-split.txt | 5 - ChangeLog.d/rm-ssl-conf-curves.txt | 4 - ...ring-conversions-out-of-the-oid-module.txt | 4 - ChangeLog.d/tls-hs-defrag-in.txt | 7 - ChangeLog.d/tls-key-exchange-rsa.txt | 2 - ChangeLog.d/tls12-check-finished-calc.txt | 6 - ChangeLog.d/tls13-cert-regressions.txt | 18 - .../tls13-middlebox-compat-disabled.txt | 4 - ChangeLog.d/tls13-without-tickets.txt | 3 - .../unterminated-string-initialization.txt | 3 - 67 files changed, 325 insertions(+), 380 deletions(-) delete mode 100644 ChangeLog.d/9126.txt delete mode 100644 ChangeLog.d/9302.txt delete mode 100644 ChangeLog.d/9684.txt delete mode 100644 ChangeLog.d/9685.txt delete mode 100644 ChangeLog.d/9690.txt delete mode 100644 ChangeLog.d/9874.txt delete mode 100644 ChangeLog.d/9892.txt delete mode 100644 ChangeLog.d/9956.txt delete mode 100644 ChangeLog.d/9964.txt delete mode 100644 ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt delete mode 100644 ChangeLog.d/add-psa-iop-generate-key.txt delete mode 100644 ChangeLog.d/add-psa-iop-key-agreement.txt delete mode 100644 ChangeLog.d/add-psa-key-agreement.txt delete mode 100644 ChangeLog.d/add-tls-exporter.txt delete mode 100644 ChangeLog.d/asn1-missing-guard-in-rsa.txt delete mode 100644 ChangeLog.d/check-config.txt delete mode 100644 ChangeLog.d/configuration-split.txt delete mode 100644 ChangeLog.d/dynamic-keystore.txt delete mode 100644 ChangeLog.d/ecdsa-conversion-overflow.txt delete mode 100644 ChangeLog.d/error-unification.txt delete mode 100644 ChangeLog.d/fix-aesni-asm-clobbers.txt delete mode 100644 ChangeLog.d/fix-clang-psa-build-without-dhm.txt delete mode 100644 ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt delete mode 100644 ChangeLog.d/fix-compilation-with-djgpp.txt delete mode 100644 ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt delete mode 100644 ChangeLog.d/fix-driver-schema-check.txt delete mode 100644 ChangeLog.d/fix-legacy-compression-issue.txt delete mode 100644 ChangeLog.d/fix-msvc-version-guard-format-zu.txt delete mode 100644 ChangeLog.d/fix-psa-cmac.txt delete mode 100644 ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt delete mode 100644 ChangeLog.d/fix-rsa-performance-regression.txt delete mode 100644 ChangeLog.d/fix-secure-element-key-creation.txt delete mode 100644 ChangeLog.d/fix-server-mode-only-build.txt delete mode 100644 ChangeLog.d/fix-string-to-names-memory-management.txt delete mode 100644 ChangeLog.d/fix-string-to-names-store-named-data.txt delete mode 100644 ChangeLog.d/fix-test-suite-pk-warnings.txt delete mode 100644 ChangeLog.d/fix_reporting_of_key_usage_issues.txt delete mode 100644 ChangeLog.d/fix_ubsan_mp_aead_gcm.txt delete mode 100644 ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt delete mode 100644 ChangeLog.d/mbedtls_psa_register_se_key.txt delete mode 100644 ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt delete mode 100644 ChangeLog.d/mbedtls_ssl_set_hostname.txt delete mode 100644 ChangeLog.d/oid.txt delete mode 100644 ChangeLog.d/pk-norsa-warning.txt delete mode 100644 ChangeLog.d/psa-always-on.txt delete mode 100644 ChangeLog.d/psa-crypto-config-always-on.txt delete mode 100644 ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt delete mode 100644 ChangeLog.d/psa_generate_key_custom.txt delete mode 100644 ChangeLog.d/psa_util-bits-0.txt delete mode 100644 ChangeLog.d/psa_util_in_builds_without_psa.txt delete mode 100644 ChangeLog.d/removal-of-rng.txt delete mode 100644 ChangeLog.d/remove-compat-2.x.txt delete mode 100644 ChangeLog.d/remove-crypto-alt-interface.txt delete mode 100644 ChangeLog.d/remove-via-padlock-support.txt delete mode 100644 ChangeLog.d/remove_RSA_key_exchange.txt delete mode 100644 ChangeLog.d/replace-close-with-mbedtls_net_close.txt delete mode 100644 ChangeLog.d/repo-split.txt delete mode 100644 ChangeLog.d/rm-ssl-conf-curves.txt delete mode 100644 ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt delete mode 100644 ChangeLog.d/tls-hs-defrag-in.txt delete mode 100644 ChangeLog.d/tls-key-exchange-rsa.txt delete mode 100644 ChangeLog.d/tls12-check-finished-calc.txt delete mode 100644 ChangeLog.d/tls13-cert-regressions.txt delete mode 100644 ChangeLog.d/tls13-middlebox-compat-disabled.txt delete mode 100644 ChangeLog.d/tls13-without-tickets.txt delete mode 100644 ChangeLog.d/unterminated-string-initialization.txt diff --git a/ChangeLog b/ChangeLog index 1c48958e39..7de639e45a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,330 @@ Mbed TLS ChangeLog (Sorted per branch, date) += Mbed TLS 4.0.0-beta branch released 2025-07-04 + +API changes + * The experimental functions psa_generate_key_ext() and + psa_key_derivation_output_key_ext() have been replaced by + psa_generate_key_custom() and psa_key_derivation_output_key_custom(). + They have almost exactly the same interface, but the variable-length + data is passed in a separate parameter instead of a flexible array + member. This resolves a build failure under C++ compilers that do not + support flexible array members (a C99 feature not adopted by C++). + Fixes #9020. + * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. + Instead of taking a mbedtls_cipher_type_t as an argument, this function + now takes 3 new arguments: a PSA algorithm, key type and key size, to + specify the AEAD for ticket protection. + * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx() + functions can now return PSA_ERROR_xxx values. + There is no longer a distinction between "low-level" and "high-level" + Mbed TLS error codes. + This will not affect most applications since the error values are + between -32767 and -1 as before. + * All API functions now use the PSA random generator psa_get_random() + internally. As a consequence, functions no longer take RNG parameters. + Please refer to the migration guide at : + tf-psa-crypto/docs/4.0-migration-guide.md. + +Default behavior changes + * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT && + !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the + corresponding PSA mechanism is enabled, since the server provides the + crypto. Fixes #9126. + * The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem + to perform cryptographic operations, with a few exceptions documented + in docs/architecture/psa-migration/psa-limitations.md. This + corresponds to the behavior of Mbed TLS 3.x when + MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO + is now always enabled. + * psa_crypto_init() must be called before performing any cryptographic + operation, including indirect requests such as parsing a key or + certificate or starting a TLS handshake. + * The `PSA_WANT_XXX` symbols as defined in + tf-psa-crypto/include/psa/crypto_config.h are now always used in the + configuration of the cryptographic mechanisms exposed by the PSA API. + This corresponds to the configuration behavior of Mbed TLS 3.x when + MBEDTLS_PSA_CRYPTO_CONFIG is enabled. In effect, MBEDTLS_PSA_CRYPTO_CONFIG + is now always enabled and the configuration option has been removed. + * In TLS clients, if mbedtls_ssl_set_hostname() has not been called, + mbedtls_ssl_handshake() now fails with + MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + if certificate-based authentication of the server is attempted. + This is because authenticating a server without knowing what name + to expect is usually insecure. + +Removals + * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C. + Fixes #5903. + * Drop support for crypto alt interface. Removes MBEDTLS_XXX_ALT options + at the module and function level for crypto mechanisms only. The remaining + alt interfaces for platform, threading and timing are unchanged. + Fixes #8149. + * Remove support for the RSA-PSK key exchange in TLS 1.2. + * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was + already deprecated and superseeded by + mbedtls_x509write_crt_set_serial_raw(). + * Remove the function mbedtls_ssl_conf_curves() which had been deprecated + in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1. + * Remove support for the DHE-PSK key exchange in TLS 1.2. + * Remove support for the DHE-RSA key exchange in TLS 1.2. + * Following the removal of DHM module (#9972 and TF-PSA-Crypto#175) the + following SSL functions are removed: + - mbedtls_ssl_conf_dh_param_bin + - mbedtls_ssl_conf_dh_param_ctx + - mbedtls_ssl_conf_dhm_min_bitlen + * Remove support for the RSA key exchange in TLS 1.2. + * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(), + since these concepts no longer exists. There is just mbedtls_strerror(). + * Removal of the following sample programs: + pkey/rsa_genkey.c + pkey/pk_decrypt.c + pkey/dh_genprime.c + pkey/rsa_verify.c + pkey/mpi_demo.c + pkey/rsa_decrypt.c + pkey/key_app.c + pkey/dh_server.c + pkey/ecdh_curve25519.c + pkey/pk_encrypt.c + pkey/rsa_sign.c + pkey/key_app_writer.c + pkey/dh_client.c + pkey/ecdsa.c + pkey/rsa_encrypt.c + wince_main.c + aes/crypt_and_hash.c + random/gen_random_ctr_drbg.c + random/gen_entropy.c + hash/md_hmac_demo.c + hash/hello.c + hash/generic_sum.c + cipher/cipher_aead_demo.c + * Remove compat-2-x.h header from mbedtls. + * The library no longer offers interfaces to look up values by OID + or OID by enum values. + The header now only defines functions to convert + between binary and dotted string OID representations, and macros + for OID strings that are relevant to X.509. + The compilation option MBEDTLS_OID_C no longer + exists. OID tables are included in the build automatically as needed. + +Features + * When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled, + the number of volatile PSA keys is virtually unlimited, at the expense + of increased code size. This option is off by default, but enabled in + the default mbedtls_config.h. Fixes #9216. + * Add a new psa_key_agreement() PSA API to perform key agreement and return + an identifier for the newly created key. + * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which + uses static storage for keys, enabling malloc-less use of key slots. + The size of each buffer is given by the option + MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the + largest PSA key enabled in the build. + * Add an interruptible version of key agreement to the PSA interface. + See psa_key_agreement_iop_setup() and related functions. + * Add an interruptible version of generate key to the PSA interface. + See psa_generate_key_iop_setup() and related functions. + * Add the function mbedtls_ssl_export_keying_material() which allows the + client and server to extract additional shared symmetric keys from an SSL + session, according to the TLS-Exporter specification in RFC 8446 and 5705. + This requires MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to be defined in + mbedtls_config.h. + +Security + * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does + not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when + MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. + CVE-2024-45157 + * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and + mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the + largest supported curve. In some configurations with PSA disabled, + all values of bits are affected. This never happens in internal library + calls, but can affect applications that call these functions directly. + CVE-2024-45158 + * With TLS 1.3, when a server enables optional authentication of the + client, if the client-provided certificate does not have appropriate values + in keyUsage or extKeyUsage extensions, then the return value of + mbedtls_ssl_get_verify_result() would incorrectly have the + MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits + clear. As a result, an attacker that had a certificate valid for uses other + than TLS client authentication could be able to use it for TLS client + authentication anyway. Only TLS 1.3 servers were affected, and only with + optional authentication (required would abort the handshake with a fatal + alert). + CVE-2024-45159 + * Fix a buffer underrun in mbedtls_pk_write_key_der() when + called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled, + and the output buffer is smaller than the actual output. + Fix a related buffer underrun in mbedtls_pk_write_key_pem() + when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled + and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key. + CVE-2024-49195 + * Note that TLS clients should generally call mbedtls_ssl_set_hostname() + if they use certificate authentication (i.e. not pre-shared keys). + Otherwise, in many scenarios, the server could be impersonated. + The library will now prevent the handshake and return + MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + if mbedtls_ssl_set_hostname() has not been called. + Reported by Daniel Stenberg. + CVE-2025-27809 + * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed + or there was a cryptographic hardware failure when calculating the + Finished message, it could be calculated incorrectly. This would break + the security guarantees of the TLS handshake. + CVE-2025-27810 + * Fix possible use-after-free or double-free in code calling + mbedtls_x509_string_to_names(). This was caused by the function calling + mbedtls_asn1_free_named_data_list() on its head argument, while the + documentation did no suggest it did, making it likely for callers relying + on the documented behaviour to still hold pointers to memory blocks after + they were free()d, resulting in high risk of use-after-free or double-free, + with consequences ranging up to arbitrary code execution. + In particular, the two sample programs x509/cert_write and x509/cert_req + were affected (use-after-free if the san string contains more than one DN). + Code that does not call mbedtls_string_to_names() directly is not affected. + Found by Linh Le and Ngan Nguyen from Calif. + CVE-2025-47917 + * Fix a bug in mbedtls_x509_string_to_names() and the + mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions, + where some inputs would cause an inconsistent state to be reached, causing + a NULL dereference either in the function itself, or in subsequent + users of the output structure, such as mbedtls_x509_write_names(). This + only affects applications that create (as opposed to consume) X.509 + certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif. + CVE-2025-48965 + +Bugfix + * Fix TLS 1.3 client build and runtime when support for session tickets is + disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395. + * Fix compilation error when memcpy() is a function-like macros. Fixes #8994. + * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled + as soon as MBEDTLS_RSA_C is enabled. Fixes #9041. + * Fix undefined behaviour (incrementing a NULL pointer by zero length) when + passing in zero length additional data to multipart AEAD. + * Fix rare concurrent access bug where attempting to operate on a + non-existent key while concurrently creating a new key could potentially + corrupt the key store. + * Fix error handling when creating a key in a dynamic secure element + (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition, + the creation could return PSA_SUCCESS but using or destroying the key + would not work. Fixes #8537. + * Fix issue of redefinition warning messages for _GNU_SOURCE in + entropy_poll.c and sha_256.c. There was a build warning during + building for linux platform. + Resolves #9026 + * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled. + * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in + CMAC is enabled, but no built-in unauthenticated cipher is enabled. + Fixes #9209. + * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled. + Fixes #9029. + * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes + long. Credit to Cryptofuzz. Fixes #9314. + * Fix interference between PSA volatile keys and built-in keys + when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and + MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096. + * Document and enforce the limitation of mbedtls_psa_register_se_key() + to persistent keys. Resolves #9253. + * Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled + but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188. + * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but + MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186. + * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled, + some code was defining 0-size arrays, resulting in compilation errors. + Fixed by disabling the offending code in configurations without PSA + Crypto, where it never worked. Fixes #9311. + * Fixes an issue where some TLS 1.2 clients could not connect to an + Mbed TLS 3.6.0 server, due to incorrect handling of + legacy_compression_methods in the ClientHello. + fixes #8995, #9243. + * Fix a memory leak that could occur when failing to process an RSA + key through some PSA functions due to low memory conditions. + * Fixed a regression introduced in 3.6.0 where the CA callback set with + mbedtls_ssl_conf_ca_cb() would stop working when connections were + upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS + 1.3. + * Fixed a regression introduced in 3.6.0 where clients that relied on + optional/none authentication mode, by calling mbedtls_ssl_conf_authmode() + with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop + working when connections were upgraded to TLS 1.3. Fixed by adding + support for optional/none with TLS 1.3 as well. Note that the TLS 1.3 + standard makes server authentication mandatory; users are advised not to + use authmode none, and to carefully check the results when using optional + mode. + * Fixed a regression introduced in 3.6.0 where context-specific certificate + verify callbacks, set with mbedtls_ssl_set_verify() as opposed to + mbedtls_ssl_conf_verify(), would stop working when connections were + upgraded to TLS 1.3. Fixed by adding support for context-specific verify + callback in TLS 1.3. + * Fix unintended performance regression when using short RSA public keys. + Fixes #9232. + * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with + peers that have middlebox compatibility enabled, as long as no + problematic middlebox is in the way. Fixes #9551. + * Fix invalid JSON schemas for driver descriptions used by + generate_driver_wrappers.py. + * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind' + and 'mbedtls_net_connect' to prevent possible double close fd + problems. Fixes #9711. + * Fix undefined behavior in some cases when mbedtls_psa_raw_to_der() or + mbedtls_psa_der_to_raw() is called with bits=0. + * Fix compilation on MS-DOS DJGPP. Fixes #9813. + * Fix missing constraints on the AES-NI inline assembly which is used on + GCC-like compilers when building AES for generic x86_64 targets. This + may have resulted in incorrect code with some compilers, depending on + optimizations. Fixes #9819. + * Support re-assembly of fragmented handshake messages in TLS (both + 1.2 and 1.3). The lack of support was causing handshake failures with + some servers, especially with TLS 1.3 in practice. There are a few + limitations, notably a fragmented ClientHello is only supported when + TLS 1.3 support is enabled. See the documentation of + mbedtls_ssl_handshake() for details. + * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that + occurred whenever SSL debugging was enabled on a copy of Mbed TLS built + with Visual Studio 2013 or MinGW. + Fixes #10017. + * Silence spurious -Wunterminated-string-initialization warnings introduced + by GCC 15. Fixes #9944. + +Changes + * Warn if mbedtls/check_config.h is included manually, as this can + lead to spurious errors. Error if a *adjust*.h header is included + manually, as this can lead to silently inconsistent configurations, + potentially resulting in buffer overflows. + When migrating from Mbed TLS 2.x, if you had a custom config.h that + included check_config.h, remove this inclusion from the Mbed TLS 3.x + configuration file (renamed to mbedtls_config.h). This change was made + in Mbed TLS 3.0, but was not announced in a changelog entry at the time. + * Functions regarding numeric string conversions for OIDs have been moved + from the OID module and now reside in X.509 module. This helps to reduce + the code size as these functions are not commonly used outside of X.509. + * Improve performance of PSA key generation with ECC keys: it no longer + computes the public key (which was immediately discarded). Fixes #9732. + * Cryptography and platform configuration options have been migrated + from the Mbed TLS library configuration file mbedtls_config.h to + crypto_config.h that will become the TF-PSA-Crypto configuration file, + see config-split.md for more information. The reference and test custom + configuration files respectively in configs/ and tests/configs/ have + been updated accordingly. + To migrate custom Mbed TLS configurations where + MBEDTLS_PSA_CRYPTO_CONFIG is disabled, you should first adapt them + to the PSA configuration scheme based on PSA_WANT_XXX symbols + (see psa-conditional-inclusion-c.md for more information). + To migrate custom Mbed TLS configurations where + MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you should migrate the + cryptographic and platform configuration options from mbedtls_config.h + to crypto_config.h (see config-split.md for more information and configs/ + for examples). + * Move the crypto part of the library (content of tf-psa-crypto directory) + from the Mbed TLS to the TF-PSA-Crypto repository. The crypto code and + tests development will now occur in TF-PSA-Crypto, which Mbed TLS + references as a Git submodule. + * The function mbedtls_x509_string_to_names() now requires its head argument + to point to NULL on entry. This makes it likely that existing risky uses of + this function (see the entry in the Security section) will be detected and + fixed. + = Mbed TLS 3.6.0 branch released 2024-03-28 API changes diff --git a/ChangeLog.d/9126.txt b/ChangeLog.d/9126.txt deleted file mode 100644 index 22939df86f..0000000000 --- a/ChangeLog.d/9126.txt +++ /dev/null @@ -1,5 +0,0 @@ -Default behavior changes - * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT && - !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the - corresponding PSA mechanism is enabled, since the server provides the - crypto. Fixes #9126. diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/9302.txt deleted file mode 100644 index d61ba19632..0000000000 --- a/ChangeLog.d/9302.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which - uses static storage for keys, enabling malloc-less use of key slots. - The size of each buffer is given by the option - MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the - largest PSA key enabled in the build. diff --git a/ChangeLog.d/9684.txt b/ChangeLog.d/9684.txt deleted file mode 100644 index 115ded87a0..0000000000 --- a/ChangeLog.d/9684.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove support for the DHE-PSK key exchange in TLS 1.2. diff --git a/ChangeLog.d/9685.txt b/ChangeLog.d/9685.txt deleted file mode 100644 index 9820aff759..0000000000 --- a/ChangeLog.d/9685.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove support for the DHE-RSA key exchange in TLS 1.2. diff --git a/ChangeLog.d/9690.txt b/ChangeLog.d/9690.txt deleted file mode 100644 index d00eb16bc9..0000000000 --- a/ChangeLog.d/9690.txt +++ /dev/null @@ -1,8 +0,0 @@ -Security - * Fix a buffer underrun in mbedtls_pk_write_key_der() when - called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled, - and the output buffer is smaller than the actual output. - Fix a related buffer underrun in mbedtls_pk_write_key_pem() - when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled - and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key. - CVE-2024-49195 diff --git a/ChangeLog.d/9874.txt b/ChangeLog.d/9874.txt deleted file mode 100644 index a4d2e032ee..0000000000 --- a/ChangeLog.d/9874.txt +++ /dev/null @@ -1,5 +0,0 @@ -API changes - * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. - Instead of taking a mbedtls_cipher_type_t as an argument, this function - now takes 3 new arguments: a PSA algorithm, key type and key size, to - specify the AEAD for ticket protection. diff --git a/ChangeLog.d/9892.txt b/ChangeLog.d/9892.txt deleted file mode 100644 index 01d21b6e5f..0000000000 --- a/ChangeLog.d/9892.txt +++ /dev/null @@ -1,4 +0,0 @@ -Removals - * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was - already deprecated and superseeded by - mbedtls_x509write_crt_set_serial_raw(). diff --git a/ChangeLog.d/9956.txt b/ChangeLog.d/9956.txt deleted file mode 100644 index cea4af1ec6..0000000000 --- a/ChangeLog.d/9956.txt +++ /dev/null @@ -1,6 +0,0 @@ -Removals - * Following the removal of DHM module (#9972 and TF-PSA-Crypto#175) the - following SSL functions are removed: - - mbedtls_ssl_conf_dh_param_bin - - mbedtls_ssl_conf_dh_param_ctx - - mbedtls_ssl_conf_dhm_min_bitlen diff --git a/ChangeLog.d/9964.txt b/ChangeLog.d/9964.txt deleted file mode 100644 index ca0cc4b48d..0000000000 --- a/ChangeLog.d/9964.txt +++ /dev/null @@ -1,25 +0,0 @@ -Removals - * Removal of the following sample programs: - pkey/rsa_genkey.c - pkey/pk_decrypt.c - pkey/dh_genprime.c - pkey/rsa_verify.c - pkey/mpi_demo.c - pkey/rsa_decrypt.c - pkey/key_app.c - pkey/dh_server.c - pkey/ecdh_curve25519.c - pkey/pk_encrypt.c - pkey/rsa_sign.c - pkey/key_app_writer.c - pkey/dh_client.c - pkey/ecdsa.c - pkey/rsa_encrypt.c - wince_main.c - aes/crypt_and_hash.c - random/gen_random_ctr_drbg.c - random/gen_entropy.c - hash/md_hmac_demo.c - hash/hello.c - hash/generic_sum.c - cipher/cipher_aead_demo.c diff --git a/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt b/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt deleted file mode 100644 index 079cd741dc..0000000000 --- a/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt +++ /dev/null @@ -1,4 +0,0 @@ -Security - * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does - not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when - MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. diff --git a/ChangeLog.d/add-psa-iop-generate-key.txt b/ChangeLog.d/add-psa-iop-generate-key.txt deleted file mode 100644 index 0f586ee197..0000000000 --- a/ChangeLog.d/add-psa-iop-generate-key.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add an interruptible version of generate key to the PSA interface. - See psa_generate_key_iop_setup() and related functions. diff --git a/ChangeLog.d/add-psa-iop-key-agreement.txt b/ChangeLog.d/add-psa-iop-key-agreement.txt deleted file mode 100644 index 92dfde1843..0000000000 --- a/ChangeLog.d/add-psa-iop-key-agreement.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * Add an interruptible version of key agreement to the PSA interface. - See psa_key_agreement_iop_setup() and related functions. - diff --git a/ChangeLog.d/add-psa-key-agreement.txt b/ChangeLog.d/add-psa-key-agreement.txt deleted file mode 100644 index 771e6e2602..0000000000 --- a/ChangeLog.d/add-psa-key-agreement.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add a new psa_key_agreement() PSA API to perform key agreement and return - an identifier for the newly created key. diff --git a/ChangeLog.d/add-tls-exporter.txt b/ChangeLog.d/add-tls-exporter.txt deleted file mode 100644 index 1aea653e09..0000000000 --- a/ChangeLog.d/add-tls-exporter.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * Add the function mbedtls_ssl_export_keying_material() which allows the - client and server to extract additional shared symmetric keys from an SSL - session, according to the TLS-Exporter specification in RFC 8446 and 5705. - This requires MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to be defined in - mbedtls_config.h. diff --git a/ChangeLog.d/asn1-missing-guard-in-rsa.txt b/ChangeLog.d/asn1-missing-guard-in-rsa.txt deleted file mode 100644 index bb5b470881..0000000000 --- a/ChangeLog.d/asn1-missing-guard-in-rsa.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled - as soon as MBEDTLS_RSA_C is enabled. Fixes #9041. diff --git a/ChangeLog.d/check-config.txt b/ChangeLog.d/check-config.txt deleted file mode 100644 index 8570a11757..0000000000 --- a/ChangeLog.d/check-config.txt +++ /dev/null @@ -1,9 +0,0 @@ -Changes - * Warn if mbedtls/check_config.h is included manually, as this can - lead to spurious errors. Error if a *adjust*.h header is included - manually, as this can lead to silently inconsistent configurations, - potentially resulting in buffer overflows. - When migrating from Mbed TLS 2.x, if you had a custom config.h that - included check_config.h, remove this inclusion from the Mbed TLS 3.x - configuration file (renamed to mbedtls_config.h). This change was made - in Mbed TLS 3.0, but was not announced in a changelog entry at the time. diff --git a/ChangeLog.d/configuration-split.txt b/ChangeLog.d/configuration-split.txt deleted file mode 100644 index f4d9bc63ac..0000000000 --- a/ChangeLog.d/configuration-split.txt +++ /dev/null @@ -1,16 +0,0 @@ -Changes - * Cryptography and platform configuration options have been migrated - from the Mbed TLS library configuration file mbedtls_config.h to - crypto_config.h that will become the TF-PSA-Crypto configuration file, - see config-split.md for more information. The reference and test custom - configuration files respectively in configs/ and tests/configs/ have - been updated accordingly. - To migrate custom Mbed TLS configurations where - MBEDTLS_PSA_CRYPTO_CONFIG is disabled, you should first adapt them - to the PSA configuration scheme based on PSA_WANT_XXX symbols - (see psa-conditional-inclusion-c.md for more information). - To migrate custom Mbed TLS configurations where - MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you should migrate the - cryptographic and platform configuration options from mbedtls_config.h - to crypto_config.h (see config-split.md for more information and configs/ - for examples). diff --git a/ChangeLog.d/dynamic-keystore.txt b/ChangeLog.d/dynamic-keystore.txt deleted file mode 100644 index c6aac3c991..0000000000 --- a/ChangeLog.d/dynamic-keystore.txt +++ /dev/null @@ -1,10 +0,0 @@ -Features - * When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled, - the number of volatile PSA keys is virtually unlimited, at the expense - of increased code size. This option is off by default, but enabled in - the default mbedtls_config.h. Fixes #9216. - -Bugfix - * Fix interference between PSA volatile keys and built-in keys - when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and - MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096. diff --git a/ChangeLog.d/ecdsa-conversion-overflow.txt b/ChangeLog.d/ecdsa-conversion-overflow.txt deleted file mode 100644 index 83b7f2f88b..0000000000 --- a/ChangeLog.d/ecdsa-conversion-overflow.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and - mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the - largest supported curve. In some configurations with PSA disabled, - all values of bits are affected. This never happens in internal library - calls, but can affect applications that call these functions directly. diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt deleted file mode 100644 index bcf5ba1f3d..0000000000 --- a/ChangeLog.d/error-unification.txt +++ /dev/null @@ -1,11 +0,0 @@ -API changes - * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx() - functions can now return PSA_ERROR_xxx values. - There is no longer a distinction between "low-level" and "high-level" - Mbed TLS error codes. - This will not affect most applications since the error values are - between -32767 and -1 as before. - -Removals - * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(), - since these concepts no longer exists. There is just mbedtls_strerror(). diff --git a/ChangeLog.d/fix-aesni-asm-clobbers.txt b/ChangeLog.d/fix-aesni-asm-clobbers.txt deleted file mode 100644 index 538f0c5115..0000000000 --- a/ChangeLog.d/fix-aesni-asm-clobbers.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix missing constraints on the AES-NI inline assembly which is used on - GCC-like compilers when building AES for generic x86_64 targets. This - may have resulted in incorrect code with some compilers, depending on - optimizations. Fixes #9819. diff --git a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt deleted file mode 100644 index 7ae1c68a40..0000000000 --- a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled - but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188. diff --git a/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt b/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt deleted file mode 100644 index 11e7d25392..0000000000 --- a/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix compilation error when memcpy() is a function-like macros. Fixes #8994. diff --git a/ChangeLog.d/fix-compilation-with-djgpp.txt b/ChangeLog.d/fix-compilation-with-djgpp.txt deleted file mode 100644 index 5b79fb69de..0000000000 --- a/ChangeLog.d/fix-compilation-with-djgpp.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix compilation on MS-DOS DJGPP. Fixes #9813. diff --git a/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt b/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt deleted file mode 100644 index 8a406a12e8..0000000000 --- a/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix rare concurrent access bug where attempting to operate on a - non-existent key while concurrently creating a new key could potentially - corrupt the key store. diff --git a/ChangeLog.d/fix-driver-schema-check.txt b/ChangeLog.d/fix-driver-schema-check.txt deleted file mode 100644 index 9b6d8acd6e..0000000000 --- a/ChangeLog.d/fix-driver-schema-check.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix invalid JSON schemas for driver descriptions used by - generate_driver_wrappers.py. diff --git a/ChangeLog.d/fix-legacy-compression-issue.txt b/ChangeLog.d/fix-legacy-compression-issue.txt deleted file mode 100644 index 2549af8733..0000000000 --- a/ChangeLog.d/fix-legacy-compression-issue.txt +++ /dev/null @@ -1,6 +0,0 @@ -Bugfix - * Fixes an issue where some TLS 1.2 clients could not connect to an - Mbed TLS 3.6.0 server, due to incorrect handling of - legacy_compression_methods in the ClientHello. - fixes #8995, #9243. - diff --git a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt deleted file mode 100644 index eefda618ca..0000000000 --- a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that - occurred whenever SSL debugging was enabled on a copy of Mbed TLS built - with Visual Studio 2013 or MinGW. - Fixes #10017. diff --git a/ChangeLog.d/fix-psa-cmac.txt b/ChangeLog.d/fix-psa-cmac.txt deleted file mode 100644 index e3c8aecc2d..0000000000 --- a/ChangeLog.d/fix-psa-cmac.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in - CMAC is enabled, but no built-in unauthenticated cipher is enabled. - Fixes #9209. diff --git a/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt b/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt deleted file mode 100644 index b5c26505c2..0000000000 --- a/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix issue of redefinition warning messages for _GNU_SOURCE in - entropy_poll.c and sha_256.c. There was a build warning during - building for linux platform. - Resolves #9026 diff --git a/ChangeLog.d/fix-rsa-performance-regression.txt b/ChangeLog.d/fix-rsa-performance-regression.txt deleted file mode 100644 index 603612a314..0000000000 --- a/ChangeLog.d/fix-rsa-performance-regression.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix unintended performance regression when using short RSA public keys. - Fixes #9232. diff --git a/ChangeLog.d/fix-secure-element-key-creation.txt b/ChangeLog.d/fix-secure-element-key-creation.txt deleted file mode 100644 index 23a46c068d..0000000000 --- a/ChangeLog.d/fix-secure-element-key-creation.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix error handling when creating a key in a dynamic secure element - (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition, - the creation could return PSA_SUCCESS but using or destroying the key - would not work. Fixes #8537. diff --git a/ChangeLog.d/fix-server-mode-only-build.txt b/ChangeLog.d/fix-server-mode-only-build.txt deleted file mode 100644 index d1d8341f79..0000000000 --- a/ChangeLog.d/fix-server-mode-only-build.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but - MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186. diff --git a/ChangeLog.d/fix-string-to-names-memory-management.txt b/ChangeLog.d/fix-string-to-names-memory-management.txt deleted file mode 100644 index 87bc59694f..0000000000 --- a/ChangeLog.d/fix-string-to-names-memory-management.txt +++ /dev/null @@ -1,18 +0,0 @@ -Security - * Fix possible use-after-free or double-free in code calling - mbedtls_x509_string_to_names(). This was caused by the function calling - mbedtls_asn1_free_named_data_list() on its head argument, while the - documentation did no suggest it did, making it likely for callers relying - on the documented behaviour to still hold pointers to memory blocks after - they were free()d, resulting in high risk of use-after-free or double-free, - with consequences ranging up to arbitrary code execution. - In particular, the two sample programs x509/cert_write and x509/cert_req - were affected (use-after-free if the san string contains more than one DN). - Code that does not call mbedtls_string_to_names() directly is not affected. - Found by Linh Le and Ngan Nguyen from Calif. - -Changes - * The function mbedtls_x509_string_to_names() now requires its head argument - to point to NULL on entry. This makes it likely that existing risky uses of - this function (see the entry in the Security section) will be detected and - fixed. diff --git a/ChangeLog.d/fix-string-to-names-store-named-data.txt b/ChangeLog.d/fix-string-to-names-store-named-data.txt deleted file mode 100644 index e517cbb72a..0000000000 --- a/ChangeLog.d/fix-string-to-names-store-named-data.txt +++ /dev/null @@ -1,8 +0,0 @@ -Security - * Fix a bug in mbedtls_x509_string_to_names() and the - mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions, - where some inputs would cause an inconsistent state to be reached, causing - a NULL dereference either in the function itself, or in subsequent - users of the output structure, such as mbedtls_x509_write_names(). This - only affects applications that create (as opposed to consume) X.509 - certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif. diff --git a/ChangeLog.d/fix-test-suite-pk-warnings.txt b/ChangeLog.d/fix-test-suite-pk-warnings.txt deleted file mode 100644 index 26042193cc..0000000000 --- a/ChangeLog.d/fix-test-suite-pk-warnings.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled. - Fixes #9029. diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt deleted file mode 100644 index b81fb426a7..0000000000 --- a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt +++ /dev/null @@ -1,11 +0,0 @@ -Security - * With TLS 1.3, when a server enables optional authentication of the - client, if the client-provided certificate does not have appropriate values - in keyUsage or extKeyUsage extensions, then the return value of - mbedtls_ssl_get_verify_result() would incorrectly have the - MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits - clear. As a result, an attacker that had a certificate valid for uses other - than TLS client authentication could be able to use it for TLS client - authentication anyway. Only TLS 1.3 servers were affected, and only with - optional authentication (required would abort the handshake with a fatal - alert). diff --git a/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt b/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt deleted file mode 100644 index e4726a45d7..0000000000 --- a/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix undefined behaviour (incrementing a NULL pointer by zero length) when - passing in zero length additional data to multipart AEAD. diff --git a/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt b/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt deleted file mode 100644 index 69c00e1a77..0000000000 --- a/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Improve performance of PSA key generation with ECC keys: it no longer - computes the public key (which was immediately discarded). Fixes #9732. diff --git a/ChangeLog.d/mbedtls_psa_register_se_key.txt b/ChangeLog.d/mbedtls_psa_register_se_key.txt deleted file mode 100644 index 2fc2751ac0..0000000000 --- a/ChangeLog.d/mbedtls_psa_register_se_key.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Document and enforce the limitation of mbedtls_psa_register_se_key() - to persistent keys. Resolves #9253. diff --git a/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt b/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt deleted file mode 100644 index dba25af611..0000000000 --- a/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a memory leak that could occur when failing to process an RSA - key through some PSA functions due to low memory conditions. diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt deleted file mode 100644 index 250a5baafa..0000000000 --- a/ChangeLog.d/mbedtls_ssl_set_hostname.txt +++ /dev/null @@ -1,16 +0,0 @@ -Default behavior changes - * In TLS clients, if mbedtls_ssl_set_hostname() has not been called, - mbedtls_ssl_handshake() now fails with - MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME - if certificate-based authentication of the server is attempted. - This is because authenticating a server without knowing what name - to expect is usually insecure. - -Security - * Note that TLS clients should generally call mbedtls_ssl_set_hostname() - if they use certificate authentication (i.e. not pre-shared keys). - Otherwise, in many scenarios, the server could be impersonated. - The library will now prevent the handshake and return - MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME - if mbedtls_ssl_set_hostname() has not been called. - Reported by Daniel Stenberg. diff --git a/ChangeLog.d/oid.txt b/ChangeLog.d/oid.txt deleted file mode 100644 index 53828d85b1..0000000000 --- a/ChangeLog.d/oid.txt +++ /dev/null @@ -1,8 +0,0 @@ -Removals - * The library no longer offers interfaces to look up values by OID - or OID by enum values. - The header now only defines functions to convert - between binary and dotted string OID representations, and macros - for OID strings that are relevant to X.509. - The compilation option MBEDTLS_OID_C no longer - exists. OID tables are included in the build automatically as needed. diff --git a/ChangeLog.d/pk-norsa-warning.txt b/ChangeLog.d/pk-norsa-warning.txt deleted file mode 100644 index d00aa8a870..0000000000 --- a/ChangeLog.d/pk-norsa-warning.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled. diff --git a/ChangeLog.d/psa-always-on.txt b/ChangeLog.d/psa-always-on.txt deleted file mode 100644 index 45f4d9b101..0000000000 --- a/ChangeLog.d/psa-always-on.txt +++ /dev/null @@ -1,10 +0,0 @@ -Default behavior changes - * The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem - to perform cryptographic operations, with a few exceptions documented - in docs/architecture/psa-migration/psa-limitations.md. This - corresponds to the behavior of Mbed TLS 3.x when - MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO - is now always enabled. - * psa_crypto_init() must be called before performing any cryptographic - operation, including indirect requests such as parsing a key or - certificate or starting a TLS handshake. diff --git a/ChangeLog.d/psa-crypto-config-always-on.txt b/ChangeLog.d/psa-crypto-config-always-on.txt deleted file mode 100644 index d255f8c3c1..0000000000 --- a/ChangeLog.d/psa-crypto-config-always-on.txt +++ /dev/null @@ -1,7 +0,0 @@ -Default behavior changes - * The `PSA_WANT_XXX` symbols as defined in - tf-psa-crypto/include/psa/crypto_config.h are now always used in the - configuration of the cryptographic mechanisms exposed by the PSA API. - This corresponds to the configuration behavior of Mbed TLS 3.x when - MBEDTLS_PSA_CRYPTO_CONFIG is enabled. In effect, MBEDTLS_PSA_CRYPTO_CONFIG - is now always enabled and the configuration option has been removed. diff --git a/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt b/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt deleted file mode 100644 index 39e03b93ba..0000000000 --- a/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes - long. Credit to Cryptofuzz. Fixes #9314. diff --git a/ChangeLog.d/psa_generate_key_custom.txt b/ChangeLog.d/psa_generate_key_custom.txt deleted file mode 100644 index 3fc1bd7d1f..0000000000 --- a/ChangeLog.d/psa_generate_key_custom.txt +++ /dev/null @@ -1,9 +0,0 @@ -API changes - * The experimental functions psa_generate_key_ext() and - psa_key_derivation_output_key_ext() have been replaced by - psa_generate_key_custom() and psa_key_derivation_output_key_custom(). - They have almost exactly the same interface, but the variable-length - data is passed in a separate parameter instead of a flexible array - member. This resolves a build failure under C++ compilers that do not - support flexible array members (a C99 feature not adopted by C++). - Fixes #9020. diff --git a/ChangeLog.d/psa_util-bits-0.txt b/ChangeLog.d/psa_util-bits-0.txt deleted file mode 100644 index 9aa70ad978..0000000000 --- a/ChangeLog.d/psa_util-bits-0.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix undefined behavior in some cases when mbedtls_psa_raw_to_der() or - mbedtls_psa_der_to_raw() is called with bits=0. diff --git a/ChangeLog.d/psa_util_in_builds_without_psa.txt b/ChangeLog.d/psa_util_in_builds_without_psa.txt deleted file mode 100644 index 7c0866dd30..0000000000 --- a/ChangeLog.d/psa_util_in_builds_without_psa.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled, - some code was defining 0-size arrays, resulting in compilation errors. - Fixed by disabling the offending code in configurations without PSA - Crypto, where it never worked. Fixes #9311. diff --git a/ChangeLog.d/removal-of-rng.txt b/ChangeLog.d/removal-of-rng.txt deleted file mode 100644 index a8a19f4ee3..0000000000 --- a/ChangeLog.d/removal-of-rng.txt +++ /dev/null @@ -1,5 +0,0 @@ -API changes - * All API functions now use the PSA random generator psa_get_random() - internally. As a consequence, functions no longer take RNG parameters. - Please refer to the migration guide at : - tf-psa-crypto/docs/4.0-migration-guide.md. diff --git a/ChangeLog.d/remove-compat-2.x.txt b/ChangeLog.d/remove-compat-2.x.txt deleted file mode 100644 index 37f012c217..0000000000 --- a/ChangeLog.d/remove-compat-2.x.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove compat-2-x.h header from mbedtls. diff --git a/ChangeLog.d/remove-crypto-alt-interface.txt b/ChangeLog.d/remove-crypto-alt-interface.txt deleted file mode 100644 index f9ab4c221c..0000000000 --- a/ChangeLog.d/remove-crypto-alt-interface.txt +++ /dev/null @@ -1,5 +0,0 @@ -Removals - * Drop support for crypto alt interface. Removes MBEDTLS_XXX_ALT options - at the module and function level for crypto mechanisms only. The remaining - alt interfaces for platform, threading and timing are unchanged. - Fixes #8149. diff --git a/ChangeLog.d/remove-via-padlock-support.txt b/ChangeLog.d/remove-via-padlock-support.txt deleted file mode 100644 index a3f4b96573..0000000000 --- a/ChangeLog.d/remove-via-padlock-support.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C. - Fixes #5903. diff --git a/ChangeLog.d/remove_RSA_key_exchange.txt b/ChangeLog.d/remove_RSA_key_exchange.txt deleted file mode 100644 index f9baaf1701..0000000000 --- a/ChangeLog.d/remove_RSA_key_exchange.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove support for the RSA key exchange in TLS 1.2. diff --git a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt b/ChangeLog.d/replace-close-with-mbedtls_net_close.txt deleted file mode 100644 index 213cf55b40..0000000000 --- a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind' - and 'mbedtls_net_connect' to prevent possible double close fd - problems. Fixes #9711. diff --git a/ChangeLog.d/repo-split.txt b/ChangeLog.d/repo-split.txt deleted file mode 100644 index f03b5ed7fe..0000000000 --- a/ChangeLog.d/repo-split.txt +++ /dev/null @@ -1,5 +0,0 @@ -Changes - * Move the crypto part of the library (content of tf-psa-crypto directory) - from the Mbed TLS to the TF-PSA-Crypto repository. The crypto code and - tests development will now occur in TF-PSA-Crypto, which Mbed TLS - references as a Git submodule. diff --git a/ChangeLog.d/rm-ssl-conf-curves.txt b/ChangeLog.d/rm-ssl-conf-curves.txt deleted file mode 100644 index 4b29adc4c9..0000000000 --- a/ChangeLog.d/rm-ssl-conf-curves.txt +++ /dev/null @@ -1,4 +0,0 @@ -Removals - * Remove the function mbedtls_ssl_conf_curves() which had been deprecated - in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1. - diff --git a/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt b/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt deleted file mode 100644 index 938e9eccb6..0000000000 --- a/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Functions regarding numeric string conversions for OIDs have been moved - from the OID module and now reside in X.509 module. This helps to reduce - the code size as these functions are not commonly used outside of X.509. diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt deleted file mode 100644 index 6bab02a029..0000000000 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ /dev/null @@ -1,7 +0,0 @@ -Bugfix - * Support re-assembly of fragmented handshake messages in TLS (both - 1.2 and 1.3). The lack of support was causing handshake failures with - some servers, especially with TLS 1.3 in practice. There are a few - limitations, notably a fragmented ClientHello is only supported when - TLS 1.3 support is enabled. See the documentation of - mbedtls_ssl_handshake() for details. diff --git a/ChangeLog.d/tls-key-exchange-rsa.txt b/ChangeLog.d/tls-key-exchange-rsa.txt deleted file mode 100644 index 4df6b3e303..0000000000 --- a/ChangeLog.d/tls-key-exchange-rsa.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove support for the RSA-PSK key exchange in TLS 1.2. diff --git a/ChangeLog.d/tls12-check-finished-calc.txt b/ChangeLog.d/tls12-check-finished-calc.txt deleted file mode 100644 index cd52d32ffd..0000000000 --- a/ChangeLog.d/tls12-check-finished-calc.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed - or there was a cryptographic hardware failure when calculating the - Finished message, it could be calculated incorrectly. This would break - the security guarantees of the TLS handshake. - CVE-2025-27810 diff --git a/ChangeLog.d/tls13-cert-regressions.txt b/ChangeLog.d/tls13-cert-regressions.txt deleted file mode 100644 index 8dd8a327d6..0000000000 --- a/ChangeLog.d/tls13-cert-regressions.txt +++ /dev/null @@ -1,18 +0,0 @@ -Bugfix - * Fixed a regression introduced in 3.6.0 where the CA callback set with - mbedtls_ssl_conf_ca_cb() would stop working when connections were - upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS - 1.3. - * Fixed a regression introduced in 3.6.0 where clients that relied on - optional/none authentication mode, by calling mbedtls_ssl_conf_authmode() - with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop - working when connections were upgraded to TLS 1.3. Fixed by adding - support for optional/none with TLS 1.3 as well. Note that the TLS 1.3 - standard makes server authentication mandatory; users are advised not to - use authmode none, and to carefully check the results when using optional - mode. - * Fixed a regression introduced in 3.6.0 where context-specific certificate - verify callbacks, set with mbedtls_ssl_set_verify() as opposed to - mbedtls_ssl_conf_verify(), would stop working when connections were - upgraded to TLS 1.3. Fixed by adding support for context-specific verify - callback in TLS 1.3. diff --git a/ChangeLog.d/tls13-middlebox-compat-disabled.txt b/ChangeLog.d/tls13-middlebox-compat-disabled.txt deleted file mode 100644 index f5331bc063..0000000000 --- a/ChangeLog.d/tls13-middlebox-compat-disabled.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with - peers that have middlebox compatibility enabled, as long as no - problematic middlebox is in the way. Fixes #9551. diff --git a/ChangeLog.d/tls13-without-tickets.txt b/ChangeLog.d/tls13-without-tickets.txt deleted file mode 100644 index 8ceef21ee5..0000000000 --- a/ChangeLog.d/tls13-without-tickets.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix TLS 1.3 client build and runtime when support for session tickets is - disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395. diff --git a/ChangeLog.d/unterminated-string-initialization.txt b/ChangeLog.d/unterminated-string-initialization.txt deleted file mode 100644 index 75a72cae6b..0000000000 --- a/ChangeLog.d/unterminated-string-initialization.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Silence spurious -Wunterminated-string-initialization warnings introduced - by GCC 15. Fixes #9944. From 71157fd57482ae691c1f006b5fc424d24703c54d Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 26 Jun 2025 15:24:47 +0100 Subject: [PATCH 0661/1548] Update BRANCHES.md Signed-off-by: Minos Galanakis --- BRANCHES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/BRANCHES.md b/BRANCHES.md index 49f7e289bb..78f8f69b49 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -106,6 +106,6 @@ The following branches are currently maintained: - [`development`](https://github.com/Mbed-TLS/mbedtls/) - [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6) maintained until March 2027, see - . + . Users are urged to always use the latest version of a maintained branch. From dd27691c61ec3f19c24063511ef66b8d74bb3770 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 2 Apr 2025 15:55:04 +0100 Subject: [PATCH 0662/1548] remove fuzz_privkey.c and fuzz_pubkey.c Signed-off-by: Ben Taylor --- programs/fuzz/.gitignore | 2 - programs/fuzz/CMakeLists.txt | 2 - programs/fuzz/fuzz_privkey.c | 105 ----------------------------------- programs/fuzz/fuzz_pubkey.c | 93 ------------------------------- 4 files changed, 202 deletions(-) delete mode 100644 programs/fuzz/fuzz_privkey.c delete mode 100644 programs/fuzz/fuzz_pubkey.c diff --git a/programs/fuzz/.gitignore b/programs/fuzz/.gitignore index 34e3ed0882..9b8da61954 100644 --- a/programs/fuzz/.gitignore +++ b/programs/fuzz/.gitignore @@ -2,8 +2,6 @@ fuzz_client fuzz_dtlsclient fuzz_dtlsserver fuzz_pkcs7 -fuzz_privkey -fuzz_pubkey fuzz_server fuzz_x509crl fuzz_x509crt diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 8f463178b8..54b07b4ddc 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -9,7 +9,6 @@ if(FUZZINGENGINE_LIB) endif() set(executables_no_common_c - fuzz_pubkey fuzz_x509crl fuzz_x509crt fuzz_x509csr @@ -18,7 +17,6 @@ set(executables_no_common_c add_dependencies(${programs_target} ${executables_no_common_c}) set(executables_with_common_c - fuzz_privkey fuzz_client fuzz_dtlsclient fuzz_dtlsserver diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c deleted file mode 100644 index 8055603c64..0000000000 --- a/programs/fuzz/fuzz_privkey.c +++ /dev/null @@ -1,105 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include -#include -#include -#include "mbedtls/pk.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "common.h" - -//4 Kb should be enough for every bug ;-) -#define MAX_LEN 0x1000 - -#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) -const char *pers = "fuzz_privkey"; -#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) - int ret; - mbedtls_pk_context pk; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - - if (Size > MAX_LEN) { - //only work on small inputs - Size = MAX_LEN; - } - - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - mbedtls_pk_init(&pk); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - goto exit; - } - - ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0); - if (ret == 0) { -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - mbedtls_rsa_context *rsa; - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - rsa = mbedtls_pk_rsa(pk); - if (mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E) != 0) { - abort(); - } - if (mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP) != 0) { - abort(); - } - - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY || - mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); - mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp); - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id(grp_id); - - /* If the curve is not supported, the key should not have been - * accepted. */ - if (curve_info == NULL) { - abort(); - } - } else -#endif - { - /* The key is valid but is not of a supported type. - * This should not happen. */ - abort(); - } - } -exit: - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_pk_free(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#else - (void) Data; - (void) Size; -#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C - - return 0; -} diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c deleted file mode 100644 index 69e85e0380..0000000000 --- a/programs/fuzz/fuzz_pubkey.c +++ /dev/null @@ -1,93 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include -#include -#include "mbedtls/pk.h" -#include "common.h" - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#ifdef MBEDTLS_PK_PARSE_C - int ret; - mbedtls_pk_context pk; - - mbedtls_pk_init(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - ret = mbedtls_pk_parse_public_key(&pk, Data, Size); - if (ret == 0) { -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - mbedtls_rsa_context *rsa; - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - rsa = mbedtls_pk_rsa(pk); - if (mbedtls_rsa_export(rsa, &N, NULL, NULL, NULL, &E) != 0) { - abort(); - } - if (mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) { - abort(); - } - if (mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) { - abort(); - } - - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY || - mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); - mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp); - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id(grp_id); - - /* If the curve is not supported, the key should not have been - * accepted. */ - if (curve_info == NULL) { - abort(); - } - - /* It's a public key, so the private value should not have - * been changed from its initialization to 0. */ - mbedtls_mpi d; - mbedtls_mpi_init(&d); - if (mbedtls_ecp_export(ecp, NULL, &d, NULL) != 0) { - abort(); - } - if (mbedtls_mpi_cmp_int(&d, 0) != 0) { - abort(); - } - mbedtls_mpi_free(&d); - } else -#endif - { - /* The key is valid but is not of a supported type. - * This should not happen. */ - abort(); - } - } -#if defined(MBEDTLS_USE_PSA_CRYPTO) -exit: - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_pk_free(&pk); -#else - (void) Data; - (void) Size; -#endif //MBEDTLS_PK_PARSE_C - - return 0; -} From 107b21ce533bbd8fc4c5018ecf2d383894e8b74d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 3 Apr 2025 10:06:53 +0100 Subject: [PATCH 0663/1548] removed common.* from programs/fuzz Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 3 +- programs/fuzz/common.c | 107 ----------------------------------- programs/fuzz/common.h | 28 --------- 3 files changed, 2 insertions(+), 136 deletions(-) delete mode 100644 programs/fuzz/common.c delete mode 100644 programs/fuzz/common.h diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 54b07b4ddc..5dbc928907 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -37,12 +37,13 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_with_common_c ${exe} exe_index) if(${exe_index} GREATER -1) - list(APPEND exe_sources common.c) + list(APPEND exe_sources ../../tf-psa-crypto/programs/fuzz/common.c) endif() add_executable(${exe} ${exe_sources}) set_base_compile_options(${exe}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include + ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/programs/fuzz/ ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) if (NOT FUZZINGENGINE_LIB) diff --git a/programs/fuzz/common.c b/programs/fuzz/common.c deleted file mode 100644 index 41fa858a41..0000000000 --- a/programs/fuzz/common.c +++ /dev/null @@ -1,107 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "common.h" -#include -#include -#include -#include -#include "mbedtls/ctr_drbg.h" - -#if defined(MBEDTLS_PLATFORM_TIME_ALT) -mbedtls_time_t dummy_constant_time(mbedtls_time_t *time) -{ - (void) time; - return 0x5af2a056; -} -#endif - -void dummy_init(void) -{ -#if defined(MBEDTLS_PLATFORM_TIME_ALT) - mbedtls_platform_set_time(dummy_constant_time); -#else - fprintf(stderr, "Warning: fuzzing without constant time\n"); -#endif -} - -int dummy_send(void *ctx, const unsigned char *buf, size_t len) -{ - //silence warning about unused parameter - (void) ctx; - (void) buf; - - //pretends we wrote everything ok - if (len > INT_MAX) { - return -1; - } - return (int) len; -} - -int fuzz_recv(void *ctx, unsigned char *buf, size_t len) -{ - //reads from the buffer from fuzzer - fuzzBufferOffset_t *biomemfuzz = (fuzzBufferOffset_t *) ctx; - - if (biomemfuzz->Offset == biomemfuzz->Size) { - //EOF - return 0; - } - if (len > INT_MAX) { - return -1; - } - if (len + biomemfuzz->Offset > biomemfuzz->Size) { - //do not overflow - len = biomemfuzz->Size - biomemfuzz->Offset; - } - memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len); - biomemfuzz->Offset += len; - return (int) len; -} - -int dummy_random(void *p_rng, unsigned char *output, size_t output_len) -{ - int ret; - size_t i; - -#if defined(MBEDTLS_CTR_DRBG_C) - //mbedtls_ctr_drbg_random requires a valid mbedtls_ctr_drbg_context in p_rng - if (p_rng != NULL) { - //use mbedtls_ctr_drbg_random to find bugs in it - ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); - } else { - //fall through to pseudo-random - ret = 0; - } -#else - (void) p_rng; - ret = 0; -#endif - for (i = 0; i < output_len; i++) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return ret; -} - -int dummy_entropy(void *data, unsigned char *output, size_t len) -{ - size_t i; - (void) data; - - //use mbedtls_entropy_func to find bugs in it - //test performance impact of entropy - //ret = mbedtls_entropy_func(data, output, len); - for (i = 0; i < len; i++) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return 0; -} - -int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, - uint32_t timeout) -{ - (void) timeout; - - return fuzz_recv(ctx, buf, len); -} diff --git a/programs/fuzz/common.h b/programs/fuzz/common.h deleted file mode 100644 index 88dceacf72..0000000000 --- a/programs/fuzz/common.h +++ /dev/null @@ -1,28 +0,0 @@ -#include "mbedtls/build_info.h" - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif -#include -#include - -typedef struct fuzzBufferOffset { - const uint8_t *Data; - size_t Size; - size_t Offset; -} fuzzBufferOffset_t; - -#if defined(MBEDTLS_HAVE_TIME) -mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); -#endif -void dummy_init(void); - -int dummy_send(void *ctx, const unsigned char *buf, size_t len); -int fuzz_recv(void *ctx, unsigned char *buf, size_t len); -int dummy_random(void *p_rng, unsigned char *output, size_t output_len); -int dummy_entropy(void *data, unsigned char *output, size_t len); -int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, - uint32_t timeout); - -/* Implemented in the fuzz_*.c sources and required by onefile.c */ -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); From 2584eaddf919af004f34e42f94589edb83f68ed4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 3 Apr 2025 13:46:13 +0100 Subject: [PATCH 0664/1548] add fix for fuzz Makefile for new common path Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 71cba0bcdc..5548148cfb 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -9,6 +9,8 @@ ifdef FUZZINGENGINE LOCAL_LDFLAGS += -lFuzzingEngine endif +LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ + # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) @@ -28,13 +30,13 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o common.o $(DEP) - echo " $(CC) common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o $(DEP) + echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CXX) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else -$(BINARIES): %$(EXEXT): %.o common.o onefile.o $(DEP) - echo " $(CC) common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CC) common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o onefile.o $(DEP) + echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ endif clean: From eea3ddaf2c6b416dc349400a5dede9deedd99b0b Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 7 Apr 2025 13:24:51 +0100 Subject: [PATCH 0665/1548] corrected cmake path Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 5dbc928907..61c5b63c00 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -37,7 +37,7 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_with_common_c ${exe} exe_index) if(${exe_index} GREATER -1) - list(APPEND exe_sources ../../tf-psa-crypto/programs/fuzz/common.c) + list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/fuzz_common.c) endif() add_executable(${exe} ${exe_sources}) From dc027791e903047001f39c498f5a4dd1d0b97d61 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 7 Apr 2025 15:33:41 +0100 Subject: [PATCH 0666/1548] update common. to fuzz_common.h Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 2 +- programs/fuzz/fuzz_client.c | 2 +- programs/fuzz/fuzz_dtlsclient.c | 2 +- programs/fuzz/fuzz_dtlsserver.c | 2 +- programs/fuzz/fuzz_pkcs7.c | 2 +- programs/fuzz/fuzz_server.c | 2 +- programs/fuzz/fuzz_x509crl.c | 2 +- programs/fuzz/fuzz_x509crt.c | 2 +- programs/fuzz/fuzz_x509csr.c | 2 +- programs/fuzz/onefile.c | 70 --------------------------------- 10 files changed, 9 insertions(+), 79 deletions(-) delete mode 100644 programs/fuzz/onefile.c diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 61c5b63c00..bd9bf91d94 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -31,7 +31,7 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) $ $) if(NOT FUZZINGENGINE_LIB) - list(APPEND exe_sources onefile.c) + list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/onefile.c) endif() # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 6d3b73fa93..440c0245ff 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -4,7 +4,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "test/certs.h" -#include "common.h" +#include "fuzz_common.h" #include #include #include diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index efe1362275..7a1da13c38 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -3,7 +3,7 @@ #include #include #include -#include "common.h" +#include "fuzz_common.h" #include "mbedtls/ssl.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) #include "mbedtls/entropy.h" diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 31eb514275..98a70216e1 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -3,7 +3,7 @@ #include #include #include -#include "common.h" +#include "fuzz_common.h" #include "mbedtls/ssl.h" #include "test/certs.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) diff --git a/programs/fuzz/fuzz_pkcs7.c b/programs/fuzz/fuzz_pkcs7.c index 9ec9351794..f236190c2c 100644 --- a/programs/fuzz/fuzz_pkcs7.c +++ b/programs/fuzz/fuzz_pkcs7.c @@ -2,7 +2,7 @@ #include #include "mbedtls/pkcs7.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index bb9dd0a58c..05b7480cbc 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -5,7 +5,7 @@ #include "mbedtls/ctr_drbg.h" #include "mbedtls/ssl_ticket.h" #include "test/certs.h" -#include "common.h" +#include "fuzz_common.h" #include #include #include diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 2840fbbb0c..92e0f5d12e 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_crl.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index 29331b94d4..c99ae2e7b1 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_crt.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index e0aaabc019..4ab071f1ca 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_csr.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c deleted file mode 100644 index 6c02a641da..0000000000 --- a/programs/fuzz/onefile.c +++ /dev/null @@ -1,70 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include -#include -#include -#include "common.h" - -/* This file doesn't use any Mbed TLS function, but grab mbedtls_config.h anyway - * in case it contains platform-specific #defines related to malloc or - * stdio functions. */ -#include "mbedtls/build_info.h" - -int main(int argc, char **argv) -{ - FILE *fp; - uint8_t *Data; - size_t Size; - const char *argv0 = argv[0] == NULL ? "PROGRAM_NAME" : argv[0]; - - if (argc != 2) { - fprintf(stderr, "Usage: %s REPRODUCER_FILE\n", argv0); - return 1; - } - //opens the file, get its size, and reads it into a buffer - fp = fopen(argv[1], "rb"); - if (fp == NULL) { - fprintf(stderr, "%s: Error in fopen\n", argv0); - perror(argv[1]); - return 2; - } - if (fseek(fp, 0L, SEEK_END) != 0) { - fprintf(stderr, "%s: Error in fseek(SEEK_END)\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - Size = ftell(fp); - if (Size == (size_t) -1) { - fprintf(stderr, "%s: Error in ftell\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - if (fseek(fp, 0L, SEEK_SET) != 0) { - fprintf(stderr, "%s: Error in fseek(0)\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - Data = malloc(Size); - if (Data == NULL) { - fprintf(stderr, "%s: Could not allocate memory\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - if (fread(Data, Size, 1, fp) != 1) { - fprintf(stderr, "%s: Error in fread\n", argv0); - perror(argv[1]); - free(Data); - fclose(fp); - return 2; - } - - //launch fuzzer - LLVMFuzzerTestOneInput(Data, Size); - free(Data); - fclose(fp); - return 0; -} From a59cef43f2327be71ba69769e5d1f0b9328a3ba8 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 8 Apr 2025 08:45:21 +0100 Subject: [PATCH 0667/1548] add fixes for the fuzz Make system Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 5548148cfb..71f1a580fd 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -13,6 +13,7 @@ LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) +APPS += $(basename $(wildcard (MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_*.c)) # Construct executable name by adding OS specific suffix $(EXEXT). BINARIES := $(addsuffix $(EXEXT),$(APPS)) @@ -30,13 +31,13 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o $(DEP) - echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(DEP) + echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.c $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CXX) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.c $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else -$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o onefile.o $(DEP) - echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $(DEP) + echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ endif clean: From aa5aa47aa5658d6b5c0421af39cf51deed134578 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 8 Apr 2025 09:15:43 +0100 Subject: [PATCH 0668/1548] corrected Makefile path for fuzz progs Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 71f1a580fd..833055246b 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -13,7 +13,8 @@ LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) -APPS += $(basename $(wildcard (MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_*.c)) +APPS += $(basename $(wildcard $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_privkey.c)) +APPS += $(basename $(wildcard $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_pubkey.c)) # Construct executable name by adding OS specific suffix $(EXEXT). BINARIES := $(addsuffix $(EXEXT),$(APPS)) From c42f5d4c901d3a4f4c2e59b9d10dcbb76d57bb20 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 11 Apr 2025 09:53:57 +0100 Subject: [PATCH 0669/1548] added fix for Makefile in fuzz programs Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 833055246b..3edd9e0c63 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -33,8 +33,8 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE $(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(DEP) - echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.c $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.c $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CXX) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else $(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $(DEP) echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" From 728704058742fc2e3db0bb005533e21e8196b740 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 14 Apr 2025 08:43:59 +0100 Subject: [PATCH 0670/1548] fixed issue with binary cleanup in fuzz programs Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 3edd9e0c63..93dd4c92b1 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -44,7 +44,9 @@ endif clean: ifndef WINDOWS rm -rf $(BINARIES) *.o + rm -rf $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o else if exist *.o del /Q /F *.o if exist *.exe del /Q /F *.exe + rm -rf $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o endif From 38b063a91ec343f12f0b36d7af46cbec26259361 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 14 Apr 2025 13:50:27 +0100 Subject: [PATCH 0671/1548] add fix to fuzz makefile for windows Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 93dd4c92b1..50857ca487 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -48,5 +48,5 @@ ifndef WINDOWS else if exist *.o del /Q /F *.o if exist *.exe del /Q /F *.exe - rm -rf $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o + if exist $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o del /Q /F $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o endif From 51ab2d4ffb1c19971b3b998210e89e6788772b2e Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 29 Apr 2025 10:33:59 +0100 Subject: [PATCH 0672/1548] Add ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-fuzz-progs.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/remove-fuzz-progs.txt diff --git a/ChangeLog.d/remove-fuzz-progs.txt b/ChangeLog.d/remove-fuzz-progs.txt new file mode 100644 index 0000000000..84aeec9a8d --- /dev/null +++ b/ChangeLog.d/remove-fuzz-progs.txt @@ -0,0 +1,2 @@ +Removals + * Remove fuzz_privkey and fuzz_pubkey. From ebaf90ff3f7b78d183b26d44299164404332f820 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 30 Apr 2025 07:58:30 +0100 Subject: [PATCH 0673/1548] Remove ChangeLog as it is not required Signed-off-by: Ben Taylor --- ChangeLog.d/remove-fuzz-progs.txt | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 ChangeLog.d/remove-fuzz-progs.txt diff --git a/ChangeLog.d/remove-fuzz-progs.txt b/ChangeLog.d/remove-fuzz-progs.txt deleted file mode 100644 index 84aeec9a8d..0000000000 --- a/ChangeLog.d/remove-fuzz-progs.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove fuzz_privkey and fuzz_pubkey. From 9784b40ba7f814f4db65199141c0259de9d8f154 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 21 May 2025 08:01:28 +0100 Subject: [PATCH 0674/1548] Remove wildcard as it is no longer required Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 50857ca487..09e8600d74 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -13,8 +13,8 @@ LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) -APPS += $(basename $(wildcard $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_privkey.c)) -APPS += $(basename $(wildcard $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_pubkey.c)) +APPS += $(basename $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_privkey.c) +APPS += $(basename $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_pubkey.c) # Construct executable name by adding OS specific suffix $(EXEXT). BINARIES := $(addsuffix $(EXEXT),$(APPS)) From 946b0d982abf51bab79383858927caefe58df3ab Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 21 May 2025 08:06:15 +0100 Subject: [PATCH 0675/1548] Corrected windows paths Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 09e8600d74..bac5cd38ed 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -48,5 +48,5 @@ ifndef WINDOWS else if exist *.o del /Q /F *.o if exist *.exe del /Q /F *.exe - if exist $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o del /Q /F $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o + if exist $(MBEDTLS_PATH)\tf-psa-crypto\programs\fuzz\*.o del /Q /F $(MBEDTLS_PATH)\tf-psa-crypto\programs\fuzz\*.o endif From 80490a2f1a5090424480548e93983b015eec1019 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 4 Jun 2025 08:24:01 +0100 Subject: [PATCH 0676/1548] Revert some changes to allow merge Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 5 +- programs/fuzz/fuzz_common.c | 107 +++++++++++++++++++++++++++++++++++ programs/fuzz/fuzz_common.h | 28 +++++++++ programs/fuzz/onefile.c | 70 +++++++++++++++++++++++ 4 files changed, 207 insertions(+), 3 deletions(-) create mode 100644 programs/fuzz/fuzz_common.c create mode 100644 programs/fuzz/fuzz_common.h create mode 100644 programs/fuzz/onefile.c diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index bd9bf91d94..53d771cc14 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -31,19 +31,18 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) $ $) if(NOT FUZZINGENGINE_LIB) - list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/onefile.c) + list(APPEND exe_sources onefile.c) endif() # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_with_common_c ${exe} exe_index) if(${exe_index} GREATER -1) - list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/fuzz_common.c) + list(APPEND exe_sources fuzz_common.c) endif() add_executable(${exe} ${exe_sources}) set_base_compile_options(${exe}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include - ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/programs/fuzz/ ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) if (NOT FUZZINGENGINE_LIB) diff --git a/programs/fuzz/fuzz_common.c b/programs/fuzz/fuzz_common.c new file mode 100644 index 0000000000..de16913728 --- /dev/null +++ b/programs/fuzz/fuzz_common.c @@ -0,0 +1,107 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + +#include "fuzz_common.h" +#include +#include +#include +#include +#include "mbedtls/ctr_drbg.h" + +#if defined(MBEDTLS_PLATFORM_TIME_ALT) +mbedtls_time_t dummy_constant_time(mbedtls_time_t *time) +{ + (void) time; + return 0x5af2a056; +} +#endif + +void dummy_init(void) +{ +#if defined(MBEDTLS_PLATFORM_TIME_ALT) + mbedtls_platform_set_time(dummy_constant_time); +#else + fprintf(stderr, "Warning: fuzzing without constant time\n"); +#endif +} + +int dummy_send(void *ctx, const unsigned char *buf, size_t len) +{ + //silence warning about unused parameter + (void) ctx; + (void) buf; + + //pretends we wrote everything ok + if (len > INT_MAX) { + return -1; + } + return (int) len; +} + +int fuzz_recv(void *ctx, unsigned char *buf, size_t len) +{ + //reads from the buffer from fuzzer + fuzzBufferOffset_t *biomemfuzz = (fuzzBufferOffset_t *) ctx; + + if (biomemfuzz->Offset == biomemfuzz->Size) { + //EOF + return 0; + } + if (len > INT_MAX) { + return -1; + } + if (len + biomemfuzz->Offset > biomemfuzz->Size) { + //do not overflow + len = biomemfuzz->Size - biomemfuzz->Offset; + } + memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len); + biomemfuzz->Offset += len; + return (int) len; +} + +int dummy_random(void *p_rng, unsigned char *output, size_t output_len) +{ + int ret; + size_t i; + +#if defined(MBEDTLS_CTR_DRBG_C) + //mbedtls_ctr_drbg_random requires a valid mbedtls_ctr_drbg_context in p_rng + if (p_rng != NULL) { + //use mbedtls_ctr_drbg_random to find bugs in it + ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); + } else { + //fall through to pseudo-random + ret = 0; + } +#else + (void) p_rng; + ret = 0; +#endif + for (i = 0; i < output_len; i++) { + //replace result with pseudo random + output[i] = (unsigned char) rand(); + } + return ret; +} + +int dummy_entropy(void *data, unsigned char *output, size_t len) +{ + size_t i; + (void) data; + + //use mbedtls_entropy_func to find bugs in it + //test performance impact of entropy + //ret = mbedtls_entropy_func(data, output, len); + for (i = 0; i < len; i++) { + //replace result with pseudo random + output[i] = (unsigned char) rand(); + } + return 0; +} + +int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, + uint32_t timeout) +{ + (void) timeout; + + return fuzz_recv(ctx, buf, len); +} diff --git a/programs/fuzz/fuzz_common.h b/programs/fuzz/fuzz_common.h new file mode 100644 index 0000000000..88dceacf72 --- /dev/null +++ b/programs/fuzz/fuzz_common.h @@ -0,0 +1,28 @@ +#include "mbedtls/build_info.h" + +#if defined(MBEDTLS_HAVE_TIME) +#include "mbedtls/platform_time.h" +#endif +#include +#include + +typedef struct fuzzBufferOffset { + const uint8_t *Data; + size_t Size; + size_t Offset; +} fuzzBufferOffset_t; + +#if defined(MBEDTLS_HAVE_TIME) +mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); +#endif +void dummy_init(void); + +int dummy_send(void *ctx, const unsigned char *buf, size_t len); +int fuzz_recv(void *ctx, unsigned char *buf, size_t len); +int dummy_random(void *p_rng, unsigned char *output, size_t output_len); +int dummy_entropy(void *data, unsigned char *output, size_t len); +int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, + uint32_t timeout); + +/* Implemented in the fuzz_*.c sources and required by onefile.c */ +int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c new file mode 100644 index 0000000000..483512855c --- /dev/null +++ b/programs/fuzz/onefile.c @@ -0,0 +1,70 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + +#include +#include +#include +#include "fuzz_common.h" + +/* This file doesn't use any Mbed TLS function, but grab mbedtls_config.h anyway + * in case it contains platform-specific #defines related to malloc or + * stdio functions. */ +#include "mbedtls/build_info.h" + +int main(int argc, char **argv) +{ + FILE *fp; + uint8_t *Data; + size_t Size; + const char *argv0 = argv[0] == NULL ? "PROGRAM_NAME" : argv[0]; + + if (argc != 2) { + fprintf(stderr, "Usage: %s REPRODUCER_FILE\n", argv0); + return 1; + } + //opens the file, get its size, and reads it into a buffer + fp = fopen(argv[1], "rb"); + if (fp == NULL) { + fprintf(stderr, "%s: Error in fopen\n", argv0); + perror(argv[1]); + return 2; + } + if (fseek(fp, 0L, SEEK_END) != 0) { + fprintf(stderr, "%s: Error in fseek(SEEK_END)\n", argv0); + perror(argv[1]); + fclose(fp); + return 2; + } + Size = ftell(fp); + if (Size == (size_t) -1) { + fprintf(stderr, "%s: Error in ftell\n", argv0); + perror(argv[1]); + fclose(fp); + return 2; + } + if (fseek(fp, 0L, SEEK_SET) != 0) { + fprintf(stderr, "%s: Error in fseek(0)\n", argv0); + perror(argv[1]); + fclose(fp); + return 2; + } + Data = malloc(Size); + if (Data == NULL) { + fprintf(stderr, "%s: Could not allocate memory\n", argv0); + perror(argv[1]); + fclose(fp); + return 2; + } + if (fread(Data, Size, 1, fp) != 1) { + fprintf(stderr, "%s: Error in fread\n", argv0); + perror(argv[1]); + free(Data); + fclose(fp); + return 2; + } + + //launch fuzzer + LLVMFuzzerTestOneInput(Data, Size); + free(Data); + fclose(fp); + return 0; +} From d6cc47e45064cbddc74e945ca2de60a5d5580ca3 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 4 Jun 2025 09:24:43 +0100 Subject: [PATCH 0677/1548] Add some name changes in to allow merge Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 2 +- programs/fuzz/{fuzz_common.c => common.c} | 2 +- programs/fuzz/{fuzz_common.h => common.h} | 0 programs/fuzz/fuzz_client.c | 2 +- programs/fuzz/fuzz_dtlsclient.c | 2 +- programs/fuzz/fuzz_dtlsserver.c | 2 +- programs/fuzz/fuzz_pkcs7.c | 2 +- programs/fuzz/fuzz_server.c | 2 +- programs/fuzz/fuzz_x509crl.c | 2 +- programs/fuzz/fuzz_x509crt.c | 2 +- programs/fuzz/fuzz_x509csr.c | 2 +- programs/fuzz/onefile.c | 2 +- 12 files changed, 11 insertions(+), 11 deletions(-) rename programs/fuzz/{fuzz_common.c => common.c} (99%) rename programs/fuzz/{fuzz_common.h => common.h} (100%) diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 53d771cc14..54b07b4ddc 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -37,7 +37,7 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_with_common_c ${exe} exe_index) if(${exe_index} GREATER -1) - list(APPEND exe_sources fuzz_common.c) + list(APPEND exe_sources common.c) endif() add_executable(${exe} ${exe_sources}) diff --git a/programs/fuzz/fuzz_common.c b/programs/fuzz/common.c similarity index 99% rename from programs/fuzz/fuzz_common.c rename to programs/fuzz/common.c index de16913728..41fa858a41 100644 --- a/programs/fuzz/fuzz_common.c +++ b/programs/fuzz/common.c @@ -1,6 +1,6 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS -#include "fuzz_common.h" +#include "common.h" #include #include #include diff --git a/programs/fuzz/fuzz_common.h b/programs/fuzz/common.h similarity index 100% rename from programs/fuzz/fuzz_common.h rename to programs/fuzz/common.h diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 440c0245ff..6d3b73fa93 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -4,7 +4,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "test/certs.h" -#include "fuzz_common.h" +#include "common.h" #include #include #include diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index 7a1da13c38..efe1362275 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -3,7 +3,7 @@ #include #include #include -#include "fuzz_common.h" +#include "common.h" #include "mbedtls/ssl.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) #include "mbedtls/entropy.h" diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 98a70216e1..31eb514275 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -3,7 +3,7 @@ #include #include #include -#include "fuzz_common.h" +#include "common.h" #include "mbedtls/ssl.h" #include "test/certs.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) diff --git a/programs/fuzz/fuzz_pkcs7.c b/programs/fuzz/fuzz_pkcs7.c index f236190c2c..9ec9351794 100644 --- a/programs/fuzz/fuzz_pkcs7.c +++ b/programs/fuzz/fuzz_pkcs7.c @@ -2,7 +2,7 @@ #include #include "mbedtls/pkcs7.h" -#include "fuzz_common.h" +#include "common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 05b7480cbc..bb9dd0a58c 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -5,7 +5,7 @@ #include "mbedtls/ctr_drbg.h" #include "mbedtls/ssl_ticket.h" #include "test/certs.h" -#include "fuzz_common.h" +#include "common.h" #include #include #include diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 92e0f5d12e..2840fbbb0c 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_crl.h" -#include "fuzz_common.h" +#include "common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index c99ae2e7b1..29331b94d4 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_crt.h" -#include "fuzz_common.h" +#include "common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 4ab071f1ca..e0aaabc019 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_csr.h" -#include "fuzz_common.h" +#include "common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c index 483512855c..6c02a641da 100644 --- a/programs/fuzz/onefile.c +++ b/programs/fuzz/onefile.c @@ -3,7 +3,7 @@ #include #include #include -#include "fuzz_common.h" +#include "common.h" /* This file doesn't use any Mbed TLS function, but grab mbedtls_config.h anyway * in case it contains platform-specific #defines related to malloc or From c9b7175a6876bcfef375c08dd53475c10d665996 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 10 Jun 2025 13:16:32 +0100 Subject: [PATCH 0678/1548] Add in fuzz path variable Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index bac5cd38ed..b7664414b9 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -3,6 +3,8 @@ MBEDTLS_TEST_PATH:=../../tests MBEDTLS_PATH := ../.. include ../../scripts/common.make +PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ + DEP=${MBEDLIBS} ifdef FUZZINGENGINE @@ -32,13 +34,13 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(DEP) - echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(DEP) + echo " $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CXX) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else -$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $(DEP) - echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $(DEP) + echo " $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ endif clean: From 56d54c6349d8b23508d98f9f3920c275873e5dcd Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 13 Jun 2025 10:29:21 +0100 Subject: [PATCH 0679/1548] Remove fuzz progs from Makefile Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index b7664414b9..fd565069a3 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -3,7 +3,7 @@ MBEDTLS_TEST_PATH:=../../tests MBEDTLS_PATH := ../.. include ../../scripts/common.make -PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ +PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/programs/fuzz/ DEP=${MBEDLIBS} @@ -11,12 +11,10 @@ ifdef FUZZINGENGINE LOCAL_LDFLAGS += -lFuzzingEngine endif -LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ +LOCAL_CFLAGS += -I$(PROGRAM_FUZZ_PATH)/fuzz/ # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) -APPS += $(basename $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_privkey.c) -APPS += $(basename $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_pubkey.c) # Construct executable name by adding OS specific suffix $(EXEXT). BINARIES := $(addsuffix $(EXEXT),$(APPS)) @@ -34,13 +32,13 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(DEP) - echo " $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/ommon.o $(DEP) + echo " $(PROGRAM_FUZZ_PATH)/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CXX) $(PROGRAM_FUZZ_PATH)/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else -$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $(DEP) - echo " $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/common.o $(PROGRAM_FUZZ_PATH)/onefile.o $(DEP) + echo " $(CC) $(PROGRAM_FUZZ_PATH)/common.o $(PROGRAM_FUZZ_PATH)/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CC) $(PROGRAM_FUZZ_PATH)/common.o $(PROGRAM_FUZZ_PATH)/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ endif clean: From d9fc98a569491a88e1e02bd2434958e94f5b21db Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 30 Jun 2025 11:21:01 +0100 Subject: [PATCH 0680/1548] Correct CFLAGS path int Makefile Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index fd565069a3..bcd67f336f 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -11,7 +11,7 @@ ifdef FUZZINGENGINE LOCAL_LDFLAGS += -lFuzzingEngine endif -LOCAL_CFLAGS += -I$(PROGRAM_FUZZ_PATH)/fuzz/ +LOCAL_CFLAGS += -I$(PROGRAM_FUZZ_PATH) # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) From 5578c06ab317eac0d7ecf3bad1d7d783b9bc5e33 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 30 Jun 2025 11:22:14 +0100 Subject: [PATCH 0681/1548] Remove duplicated slash Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index bcd67f336f..1945a08f29 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -3,7 +3,7 @@ MBEDTLS_TEST_PATH:=../../tests MBEDTLS_PATH := ../.. include ../../scripts/common.make -PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/programs/fuzz/ +PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/programs/fuzz DEP=${MBEDLIBS} From b8ebc21ea2be839aac4d06f99b09913eb59f875f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 30 Jun 2025 11:23:18 +0100 Subject: [PATCH 0682/1548] Correct typo Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 1945a08f29..29483eafda 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -32,7 +32,7 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/ommon.o $(DEP) +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/common.o $(DEP) echo " $(PROGRAM_FUZZ_PATH)/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" $(CXX) $(PROGRAM_FUZZ_PATH)/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else From 0204470f388f432d83884f379b830cb121604d3b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 15:40:01 +0200 Subject: [PATCH 0683/1548] Slight improvement to the Doxygen entry point Signed-off-by: Gilles Peskine --- doxygen/input/doc_mainpage.h | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index fb4439adc4..6b4343b5e0 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -12,8 +12,25 @@ /** * @mainpage Mbed TLS v4.0.0 API Documentation * - * This documentation describes the internal structure of Mbed TLS. It was - * automatically generated from specially formatted comment blocks in - * Mbed TLS's source code using Doxygen. (See - * https://www.doxygen.nl for more information on Doxygen) + * This documentation describes the application programming interface (API) + * of Mbed TLS. + * It was automatically generated from specially formatted comment blocks in + * Mbed TLS's source code using [Doxygen](https://www.doxygen.nl). + * + * ## Main entry points + * + * You can explore the full API from the “Files” or “Files list” section. + * Locate the header file for the module that you are interested in and + * explore its contents. + * + * Some parts of the API are best explored from the “Topics” or + * “Group list” section. + * This is notable the case for the PSA Cryptography API. + * Note that many parts of the API are not classified under a topic and + * can only be seen through the file structure. + * + * For information on configuring the library at compile time, see the + * configuration header files mbedtls/mbedtls_config.h and + * psa/crypto_config.h. + * */ From 8ba67aef0d8ad051728ce4f321423d843d768c48 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 15:40:11 +0200 Subject: [PATCH 0684/1548] Rendered documentation: info about private elements in public headers Signed-off-by: Gilles Peskine --- doxygen/input/doc_mainpage.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 6b4343b5e0..597eee9928 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -33,4 +33,20 @@ * configuration header files mbedtls/mbedtls_config.h and * psa/crypto_config.h. * + * ## Private interfaces + * + * For technical reasons, the rendered documentation includes elements + * that are not considered part of the stable API. Private elements may + * be removed or may have their semantics changed in a future minor release + * without notice. + * + * The following elements are considered private: + * + * - Any header file whose path contains `/private`, and its contents + * (unless re-exported and documented in another non-private header). + * - Any structure or union field whose name starts with `private_`. + * - Any preprocessor macro that is just listed with its automatically + * rendered parameter list, value and location. Macros are part of + * the API only if their documentation includes have custom text. + * */ From 1c2d9a3d7437339199b5ce844d8ff6b55b714cdc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 16:00:43 +0200 Subject: [PATCH 0685/1548] Migration guide for OID Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/oid.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 docs/4.0-migration-guide/oid.md diff --git a/docs/4.0-migration-guide/oid.md b/docs/4.0-migration-guide/oid.md new file mode 100644 index 0000000000..875f062155 --- /dev/null +++ b/docs/4.0-migration-guide/oid.md @@ -0,0 +1,7 @@ +## OID module + +The compilation option `MBEDTLS_OID_C` no longer exists. OID tables are included in the build automatically as needed for parsing and writing X.509 data. + +Mbed TLS no longer offers interfaces to look up values by OID or OID by enum values (`mbedtls_oid_get_()` and `mbedtls_oid_get_oid_by_()`). + +The header `` now only provides functions to convert between binary and dotted string OID representations. These functions are now part of `libmbedx509` rather than the crypto library. The function `mbedtls_oid_get_numeric_string()` is guarded by `MBEDTLS_X509_USE_C`, and `mbedtls_oid_from_numeric_string()` by `MBEDTLS_X509_CREATE_C`. The header also still defines macros for OID strings that are relevant to X.509. From 2607918066a3dc640947ec52d7d095b3fcf5fe24 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 16:15:03 +0200 Subject: [PATCH 0686/1548] Move PSA transition document to TF-PSA-Crypto It went with Mbed TLS in the repository split, but belongs in TF-PSA-Crypto. Signed-off-by: Gilles Peskine --- docs/psa-transition.md | 1318 ---------------------------------------- 1 file changed, 1318 deletions(-) delete mode 100644 docs/psa-transition.md diff --git a/docs/psa-transition.md b/docs/psa-transition.md deleted file mode 100644 index 0758061f82..0000000000 --- a/docs/psa-transition.md +++ /dev/null @@ -1,1318 +0,0 @@ -# Transitioning to the PSA API - -> I have code written for `mbedtls_` cryptography APIs. How do I migrate to `psa_` APIs? - -## Introduction - -Mbed TLS is gradually moving from legacy `mbedtls_xxx` APIs to newer `psa_xxx` APIs for cryptography. Note that this only concerns cryptography APIs, not X.509 or SSL/TLS APIs. - -This guide is intended to help migrate existing applications that use Mbed TLS for cryptography. It aims to cover common use cases, but cannot cover all possible scenarios. - -### Suggested reading - -This document is long, but you probably don't need to read all of it. You should start with the following sections: - -1. [Where can I find documentation?](#where-can-i-find-documentation) -2. [General considerations](#general-considerations) - -Then use the [summary of API modules](#summary-of-api-modules), the table of contents or a text search to locate the sections that interest you, based on what legacy interfaces your code is currently using. - -### Where can I find documentation? - -**Tutorial**: See the [getting started guide](https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/). - -**Reference**: The [PSA Crypto API specification](https://arm-software.github.io/psa-api/crypto/) is available online. Mbed TLS implements a large subset of the specification which is documented in the [`psa/crypto*.h` headers](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto_8h/). - -### Additional resources - -* [Mbed TLS open issues](https://github.com/Mbed-TLS/mbedtls/issues) -* [PSA API open issues](https://github.com/ARM-software/psa-api/issues) (not just cryptography APIs) -* [Mbed TLS mailing list](https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org/) - -### Why change the API? - -* Mbed TLS APIs are traditionally very transparent: the caller can access internal fields of operations. This is less true in the 3.x major version than before, but still the case to some extent. This offers applications some flexibility, but it removes flexibility from the implementation. For example, it is hard to support hardware acceleration, because the API constrains how the data must be represented. PSA APIs were designed to be more opaque, giving more freedom to the implementation. -* Mbed TLS legacy APIs require key material to be present in the application memory. The PSA Crypto API natively supports operations on keys stored in an external [location](https://arm-software.github.io/psa-api/crypto/1.1/api/keys/lifetimes.html#c.psa_key_location_t) (secure enclave, secure element, HSM, etc.). -* PSA APIs have [consistent conventions](https://arm-software.github.io/psa-api/crypto/1.1/overview/conventions.html#parameter-conventions) which many legacy APIs in Mbed TLS do not follow. For example, many legacy cryptography functions require the caller to know how large an output buffer needs to be based on the selected algorithm, whereas in the PSA API, all buffer arguments have a well-defined size and those sizes are checked. -* Mbed TLS legacy APIs require passing around a random generator argument where needed. This has historically been problematic with functions that were created without an RNG argument but later needed one as part of a security countermeasure. The PSA crypto subsystem maintains a global random generator, resolving this problem. - -### Migration timeline - -* Mbed TLS 2.15.0 (Nov 2018): first release with a draft implementation of the PSA API. -* Mbed TLS 2.18.0 (Jun 2019): The PSA API is available in the default build. -* Mbed TLS 3.1.0 (Dec 2021): TLS 1.3 support is the first major feature that requires the PSA API. -* Mbed TLS 4.0.0 (2024?): X.509 and TLS require the PSA API. Removal of some legacy crypto APIs. -* Mbed TLS 5.0.0 (??): Removal of the remaining non-PSA crypto APIs. - -## General considerations - -### Configuration of the PSA subsystem - -To make the PSA API available, make sure that the configuration option [`MBEDTLS_PSA_CRYPTO_C`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#c.MBEDTLS_PSA_CRYPTO_C) is enabled. (It is enabled in the default configuration.) - -By default, the PSA crypto API offers a similar set of cryptographic mechanisms as those offered by the legacy API (configured by `MBEDTLS_XXX` macros). The PSA crypto API also has its own configuration mechanism; see “[Cryptographic mechanism availability](#cryptographic-mechanism-availability)”. - -### Header files - -Applications only need to include a single header file: -``` -#include -``` - -### General application layout - -Before any cryptographic operation, call [`psa_crypto_init`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__initialization/#group__initialization_1ga2de150803fc2f7dc6101d5af7e921dd9) and check that it succeeds. (A failure indicates an abnormal system state from which most applications cannot recover.) - -If you wish to free all resources associated with PSA cryptography, call [`mbedtls_psa_crypto_free`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__extra_8h/#_CPPv423mbedtls_psa_crypto_freev). - -The PSA subsystem has an internal random generator. As a consequence, you do not need to instantiate one manually (no need to create an `mbedtls_entropy_context` and an `mbedtls_xxx_drbg_context`). - -### Error codes - -Mbed TLS functions return a status of type `int`: 0 for success (or occasionally a positive value which is the output length), or a negative value `MBEDTLS_ERR_xxx` indicating an error. - -PSA functions return a status of type [`psa_status_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__error/#group__error_1ga05676e70ba5c6a7565aff3c36677c1f9): `PSA_SUCCESS == 0` for success, or a negative value [`PSA_ERROR_xxx`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__error/) indicating an error. - -### Memory management - -Apart from keys, as described in “[Key management](#key-management)” below, APIs that need to preserve state between function calls store this state in a structure allocated by the calling code. For example, multipart operations store state in a multipart operation object. - -All PSA operation objects must be zero-initialized (or equivalently, initialized with the provided `PSA_XXX_INIT` macro or `psa_xxx_init()` function) before calling any API function. - -Functions that output data require an output buffer of sufficient size. For all PSA crypto API functions that have an output buffer, there is a corresponding macro, generally called `PSA_XXX_OUTPUT_SIZE`, that calculates a sufficient size for the output buffer, given the relevant parameters. In some cases, there may be macros with less precision which can be resolved at compile time. For example, for the size of a buffer containing a hash, you can use `PSA_HASH_LENGTH(hash_alg)` where `hash_alg` is a specific hash algorithm, or `PSA_HASH_MAX_SIZE` for a buffer that is long enough for any supported hash. See the relevant sections of this document and of the reference documentation for more details. - -#### Key management - -One of the major differences between the legacy API and the PSA API is that in the PSA API, access to keys is indirect. Operations that require a key take a parameter of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t), which is an identifier for the key. This allows the API to be used with keys that are not directly accessible to the application, for example because they are stored in a secure environment that does not allow the key material to be exported. - -To use a key: - -1. First create a key object with a key creation function. The two most common ones are [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) if you have the key material available and [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5) to create a random key. The key creation function has the key identifier as an output parameter. -2. Use the key as desired, passing the key identifier obtained during the key creation. -3. Finally destroy the key object with [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2). - -See “[Cipher key management](#cipher-key-management)”, “[MAC key management](#mac-key-management)”, “[Key lifecycle for asymmetric cryptography](#key-lifecycle-for-asymmetric-cryptography)”, “[Creating keys for asymmetric cryptography](#creating-keys-for-asymmetric-cryptography)” and “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)” for more details about key management in specific workflows, including information about choosing the key's attributes. - -If you need access to the key material, call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf). If you need the public key corresponding to a key pair object, call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062). - -Note that a key consumes a key store entry, which is distinct from heap memory, until it is destroyed or the application exits. (This is not true for persistent keys, which instead consume disk space. Since persistent keys have no analog in the legacy API, we will not discuss them further in this document.) - -## Summary of API modules - -| Header | Function prefix | PSA equivalent | -| ------ | --------------- | -------------- | -| `aes.h` | `mbedtls_aes_` | [Symmetric encryption](#symmetric-encryption) | -| `aria.h` | `mbedtls_aria_` | [Symmetric encryption](#symmetric-encryption) | -| `asn1.h` | `mbedtls_asn1_` | No change ([PK support interface](#pk-format-support-interfaces)) | -| `asn1write.h` | `mbedtls_asn1_write_` | No change ([PK support interface](#pk-format-support-interfaces)) | -| `base64.h` | `mbedtls_base64_` | No change ([PK support interface](#pk-format-support-interfaces)) | -| `bignum.h` | `mbedtls_mpi_` | None (no low-level arithmetic) | -| `build_info.h` | `MBEDTLS_` | No change (not a crypto API) | -| `camellia.h` | `mbedtls_camellia_` | [Symmetric encryption](#symmetric-encryption) | -| `ccm.h` | `mbedtls_ccm_` | [Symmetric encryption](#symmetric-encryption), [Authenticated cipher operations](#authenticated-cipher-operations) | -| `chacha20.h` | `mbedtls_chacha20_` | [Symmetric encryption](#symmetric-encryption) | -| `chachapoly.h` | `mbedtls_chachapoly_` | [Symmetric encryption](#symmetric-encryption), [Authenticated cipher operations](#authenticated-cipher-operations) | -| `check_config.h` | N/A | No public APIs (internal support header) | -| `cipher.h` | `mbedtls_cipher_` | [Symmetric encryption](#symmetric-encryption) | -| `cmac.h` | `mbedtls_cipher_cmac_` | [Hashes and MAC](#hashes-and-mac), [MAC calculation](#mac-calculation) | -| `compat-2.x.h` | various | None (transitional APIs) | -| `config_psa.h` | N/A | No public APIs (internal support header) | -| `constant_time.h` | `mbedtls_ct_` | [Constant-time functions](#constant-time-functions) | -| `ctr_drbg.h` | `mbedtls_ctr_drbg_` | [Random generation interface](#random-generation-interface), [Deterministic pseudorandom generation](#deterministic-pseudorandom-generation) | -| `debug.h` | `mbedtls_debug_` | No change (not a crypto API) | -| `des.h` | `mbedtls_des_` | [Symmetric encryption](#symmetric-encryption) | -| `dhm.h` | `mbedtls_dhm_` | [Asymmetric cryptography](#asymmetric-cryptography) | -| `ecdh.h` | `mbedtls_ecdh_` | [Asymmetric cryptography](#asymmetric-cryptography) | -| `ecdsa.h` | `mbedtls_ecdsa_` | [Asymmetric cryptography](#asymmetric-cryptography) | -| `ecjpake.h` | `mbedtls_ecjpake_` | [EC-JPAKE](#ec-jpake) | -| `ecp.h` | `mbedtls_ecp_` | [Asymmetric cryptography](#asymmetric-cryptography) | -| `entropy.h` | `mbedtls_entropy_` | [Random generation interface](#random-generation-interface), [Entropy sources](#entropy-sources) | -| `error.h` | `mbedtls_*err*` | [Error messages](#error-messages) | -| `gcm.h` | `mbedtls_gcm_` | [Symmetric encryption](#symmetric-encryption), [Authenticated cipher operations](#authenticated-cipher-operations) | -| `hkdf.h` | `mbedtls_hkdf_` | [HKDF](#hkdf) | -| `hmac_drbg.h` | `mbedtls_hmac_drbg_` | [Random generation interface](#random-generation-interface), [Deterministic pseudorandom generation](#deterministic-pseudorandom-generation) | -| `lms.h` | `mbedtls_lms_` | No change ([LMS signatures](#lms-signatures)) | -| `mbedtls_config.h` | `MBEDTLS_` | [Compile-time configuration](#compile-time-configuration) | -| `md.h` | `mbedtls_md_` | [Hashes and MAC](#hashes-and-mac) | -| `md5.h` | `mbedtls_md5_` | [Hashes and MAC](#hashes-and-mac) | -| `memory_buffer_alloc.h` | `mbedtls_memory_buffer_alloc_` | No change (not a crypto API) | -| `net_sockets.h` | `mbedtls_net_` | No change (not a crypto API) | -| `nist_kw.h` | `mbedtls_nist_kw_` | Migration path not yet defined | -| `oid.h` | `mbedtls_oid_` | No change ([PK support interface](#pk-format-support-interfaces)) | -| `pem.h` | `mbedtls_pem_` | No change ([PK support interface](#pk-format-support-interfaces)) | -| `pk.h` | `mbedtls_pk_` | [Asymmetric cryptography](#asymmetric-cryptography) | -| `pkcs5.h` | `mbedtls_pkcs5_` | [PKCS#5 module](#pkcs5-module) | -| `pkcs7.h` | `mbedtls_pkcs7_` | No change (not a crypto API) | -| `pkcs12.h` | `mbedtls_pkcs12_` | [PKCS#12 module](#pkcs12-module) | -| `platform.h` | `mbedtls_platform_` | No change (not a crypto API) | -| `platform_time.h` | `mbedtls_*time*` | No change (not a crypto API) | -| `platform_util.h` | `mbedtls_platform_` | No change (not a crypto API) | -| `poly1305.h` | `mbedtls_poly1305_` | None (but there is Chacha20-Poly1305 [AEAD](#symmetric-encryption)) | -| `private_access.h` | N/A | No public APIs (internal support header) | -| `psa_util.h` | N/A | No public APIs (internal support header) | -| `ripemd160.h` | `mbedtls_ripemd160_` | [Hashes and MAC](#hashes-and-mac) | -| `rsa.h` | `mbedtls_rsa_` | [Asymmetric cryptography](#asymmetric-cryptography) | -| `sha1.h` | `mbedtls_sha1_` | [Hashes and MAC](#hashes-and-mac) | -| `sha3.h` | `mbedtls_sha3_` | [Hashes and MAC](#hashes-and-mac) | -| `sha256.h` | `mbedtls_sha256_` | [Hashes and MAC](#hashes-and-mac) | -| `sha512.h` | `mbedtls_sha512_` | [Hashes and MAC](#hashes-and-mac) | -| `ssl.h` | `mbedtls_ssl_` | No change (not a crypto API) | -| `ssl_cache.h` | `mbedtls_ssl_cache_` | No change (not a crypto API) | -| `ssl_ciphersuites.h` | `mbedtls_ssl_ciphersuite_` | No change (not a crypto API) | -| `ssl_cookie.h` | `mbedtls_ssl_cookie_` | No change (not a crypto API) | -| `ssl_ticket.h` | `mbedtls_ssl_ticket_` | No change (not a crypto API) | -| `threading.h` | `mbedtls_threading_` | No change (not a crypto API) | -| `timing.h` | `mbedtls_timing_` | No change (not a crypto API) | -| `version.h` | `mbedtls_version_` | No change (not a crypto API) | -| `x509.h` | `mbedtls_x509` | No change (not a crypto API) | -| `x509_crl.h` | `mbedtls_x509` | No change (not a crypto API) | -| `x509_crt.h` | `mbedtls_x509` | No change (not a crypto API) | -| `x509_csr.h` | `mbedtls_x509` | No change (not a crypto API) | - -## Compile-time configuration - -### Cryptographic mechanism availability - -The cryptographic mechanisms available through the PSA API are determined by the contents of the header file `"psa/crypto_config.h"`. You can override the file location with the macro [`MBEDTLS_PSA_CRYPTO_CONFIG_FILE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1a25f7e358caa101570cb9519705c2b873), and you can set [`MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/mbedtls__config_8h/#mbedtls__config_8h_1abd1870cc0d2681183a3018a7247cb137) to the path of an additional file (similar to `MBEDTLS_CONFIG_FILE` and `MBEDTLS_USER_CONFIG_FILE` for legacy configuration symbols). - -The availability of cryptographic mechanisms in the PSA API is based on a systematic pattern: - -* To make `PSA_ALG_aaa` available, enable `PSA_WANT_ALG_aaa`. - For parametrized algorithms, there is a `PSA_WANT_` symbol both for the main macro and for each argument. For example, to make `PSA_ALG_HMAC(PSA_ALG_SHA_256)` available, enable both `PSA_WANT_ALG_HMAC` and `PSA_WANT_ALG_SHA_256`. - -* To make `PSA_KEY_TYPE_ttt` available, enable `PSA_WANT_KEY_TYPE_ttt`. - - As an exception, starting in Mbed TLS 3.5.0, for key pair types, the feature selection is more fine-grained, with an additional suffix: - * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_BASIC` enables basic support for the key type, and in particular support for operations with a key of that type for enabled algorithms. This is automatically enabled if any of the other `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy` options are enabled. - * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_IMPORT` enables support for `psa_import_key` to import a key of that type. - * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_GENERATE` enables support for `psa_generate_key` to randomly generate a key of that type. - * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_DERIVE` enables support for `psa_key_derivation_output_key` to deterministically derive a key of that type. - * `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_EXPORT` enables support for `psa_export_key` to export a key of that type. - - Enabling any support for a key pair type automatically enables support for the corresponding public key type, as well as support for `psa_export_public_key` on the private key. - -* To make `PSA_ECC_FAMILY_fff` available for size sss, enable `PSA_WANT_ECC_fff_sss`. - -Note that all `PSA_WANT_xxx` symbols must be set to a non-zero value. In particular, setting `PSA_WANT_xxx` to an empty value may not be handled consistently. - -For example, the following configuration enables hashing with SHA-256, AEAD with AES-GCM, signature with deterministic ECDSA using SHA-256 on the curve secp256r1 using a randomly generated key as well as the corresponding verification, and ECDH key exchange on secp256r1 and Curve25519. - -``` -#define PSA_WANT_ALG_SHA_256 1 - -#define PSA_WANT_KEY_TYPE_AES 1 -#define PSA_WANT_ALG_GCM 1 - -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 -// ^^ In Mbed TLS <= 3.4, enable PSA_WANT_KEY_TYPE_ECC_KEY_PAIR instead -// ^^ implicitly enables PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -#define PSA_WANT_ECC_SECP_R1_256 1 // secp256r1 (suitable for ECDSA and ECDH) -#define PSA_WANT_ECC_MONTGOMERY_255 1 // Curve25519 (suitable for ECDH) -#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 -#define PSA_WANT_ALG_ECDH -``` - -If a mechanism is not enabled by `PSA_WANT_xxx`, Mbed TLS will normally not include it. This allows builds that use few features to have a small code size. However, this is not guaranteed: a mechanism that is not explicitly requested can be enabled because it is a dependency of another configuration option, because it is used internally, or because the granularity is not fine enough to distinguish between it and another mechanism that is requested. - -Under the hood, `PSA_WANT_xxx` enables the necessary legacy modules. Note that if a mechanism has a PSA accelerator driver, the corresponding legacy module is typically not needed. Thus applications that use a cryptographic mechanism both through the legacy API and through the PSA API need to explicitly enable both the `PSA_WANT_xxx` symbols and the `MBEDTLS_xxx` symbols. - -### Optimization options - -When PSA Crypto mechanisms are implemented by the built-in code from Mbed TLS, the legacy optimization options (e.g. `MBEDTLS_SHA256_SMALLER`, `MBEDTLS_ECP_WINDOW_SIZE`, etc.) apply to the PSA implementation as well (they invoke the same code under the hood). - -The PSA Crypto API may use accelerator drivers. In this case any options controlling the driver behavior are driver-specific. - -### Alternative implementations (`MBEDTLS_xxx_ALT` options) - -In the Mbed TLS legacy interface, you can replace some cryptographic primitives and modes by an alternative implementation, by enabling configuration options of the form `MBEDTLS_xxx_ALT` and linking with your own implementation of the affected function or module. Alternative implementations remain supported in Mbed TLS 3.x even if the application code uses the PSA API. However, they will be removed from the next version of the library. - -The corresponding PSA feature is accelerator drivers. To implement an accelerator driver, see the [PSA cryptoprocessor driver example and guide](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-driver-example-and-guide.md). In an application that uses both the legacy interface and the PSA interface for the same mechanism, only some algorithms support calling a PSA driver from the legacy interface. See the [Guide to driver-only builds](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/driver-only-builds.md) for more information. - -### Self-tests - -There is currently [no PSA equivalent to the self-tests](https://github.com/Mbed-TLS/mbedtls/issues/7781) enabled by `MBEDTLS_SELF_TEST`. - -## Miscellaneous support modules - -### Error messages - -At the time of writing, there is no equivalent to the error messages provided by `mbedtls_strerror`. However, you can use the companion program `programs/psa/psa_constant_names` to convert various numbers (`psa_status_t`, `psa_algorithm_t`, `psa_key_type_t`, `psa_ecc_family_t`, `psa_dh_family_t`, `psa_key_usage_t`) to a programmer-friendly representation. The conversion doesn't depend on the library configuration or the target platform, so you can use a native build of this program even if you cross-compile your application. - -``` -$ programs/psa/psa_constant_names error -138 -PSA_ERROR_BUFFER_TOO_SMALL -$ programs/psa/psa_constant_names type 0x7112 -PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) -$ programs/psa/psa_constant_names alg 0x06000609 -PSA_ALG_ECDSA(PSA_ALG_SHA_256) -``` - -The other functions in `error.h` are specific to the construction of Mbed TLS error code and are not relevant to the PSA API. PSA error codes are never the combination of multiple codes. - -### Constant-time functions - -The PSA API does not have an equivalent to the timing-side-channel-resistance utility functions in `constant_time.h`. Continue using `constant_time.h` as needed. - -Note that the PSA API does include features that reduce the need for `mbedtls_ct_memcmp`: - -* To compare a MAC with a reference value, use `psa_mac_verify` rather than `psa_mac_compute` followed by `mbedtls_ct_memcmp`, or use `psa_mac_verify_setup` and `psa_mac_verify_finish` in the multi-part case. See “[MAC calculation](#mac-calculation)”. -* The AEAD decryption functions take care of verifying the tag. See “[Authenticated cipher operations](#authenticated-cipher-operations)”. - -## Symmetric encryption - -All PSA APIs have algorithm agility, where the functions depend only on the nature of the operation and the choice of a specific algorithm comes from an argument. There is no special API for a particular block cipher (`aes.h`, `aria.h`, `camellia.h`, `des.h`), a particular block cipher mode (`ccm.h`, `gcm.h`) or a particular stream cipher (`chacha20.h`, `chachapoly.h`). To migrate code using those low-level modules, please follow the recommendations in the following sections, using the same principles as the corresponding `cipher.h` API. - -### Cipher mechanism selection - -Instead of `mbedtls_cipher_id_t` (`MBEDTLS_CIPHER_ID_xxx` constants), `mbedtls_cipher_type_t` (`MBEDTLS_CIPHER_base_size_mode` constants), `mbedtls_cipher_mode_t` (`MBEDTLS_CIPHER_MODE_xxx` constants) and `mbedtls_cipher_padding_t` (`MBEDTLS_CIPHER_PADDING_xxx` constants), use the [`PSA_KEY_TYPE_xxx` and `PSA_ALG_xxx` constants](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/). - -For modes that are based on a block cipher, the key type encodes the choice of block cipher: -[`PSA_KEY_TYPE_AES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga6ee54579dcf278c677eda4bb1a29575e), -[`PSA_KEY_TYPE_ARIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#c.PSA_KEY_TYPE_ARIA), -[`PSA_KEY_TYPE_CAMELLIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad8e5da742343fd5519f9d8a630c2ed81), -[`PSA_KEY_TYPE_DES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga577562bfbbc691c820d55ec308333138). -The algorithm encodes the mode and if relevant the padding type: - -* Unauthenticated cipher modes: - [`PSA_ALG_CTR`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad318309706a769cffdc64e4c7e06b2e9), - [`PSA_ALG_CFB`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0088c933e01d671f263a9a1f177cb5bc), - [`PSA_ALG_OFB`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gae96bb421fa634c6fa8f571f0112f1ddb), - [`PSA_ALG_XTS`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa722c0e426a797fd6d99623f59748125), - [`PSA_ALG_ECB_NO_PADDING`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab8f0609cd0f12cccc9c950fd5a81a0e3), - [`PSA_ALG_CBC_NO_PADDING`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gacb332d72716958880ee7f97d8365ae66), - [`PSA_ALG_CBC_PKCS7`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaef50d2e9716eb6d476046608e4e0c78c), - [`PSA_ALG_CCM_STAR_NO_TAG`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga89627bb27ec3ce642853ab8554a88572). -* Other padding modes, which are obsolete, are not available in the PSA API. If you need them, handle the padding in your application code and use the `NO_PADDING` algorithm. -* AEAD modes: - [`PSA_ALG_CCM`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2c0e7d21f1b2df5e76bcb4a8f84273c), - [`PSA_ALG_GCM`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0d7d02b15aaae490d38277d99f1c637c). -* KW/KWP modes are not available in the PSA API at the time of writing. - -For the ChaCha20 unauthenticated cipher, use [`PSA_KEY_TYPE_CHACHA20`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga901548883b3bce56cc21c3a22cf8d93c) with [`PSA_ALG_STREAM_CIPHER`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad98c105198f7428f7d1dffcb2cd398cd). -For the Chacha20+Poly1305 AEAD, use [`PSA_KEY_TYPE_CHACHA20`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga901548883b3bce56cc21c3a22cf8d93c) with [`PSA_ALG_CHACHA20_POLY1305`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1fec55093541640a71bdd022d4adfb9c) - -### Cipher mechanism availability - -For each key type value `PSA_KEY_TYPE_xxx`, the symbol `PSA_WANT_KEY_TYPE_xxx` is defined with a non-zero value if the library is built with support for that key type. For each algorithm value `PSA_ALG_yyy`, the symbol `PSA_WANT_ALG_yyy` is defined with a non-zero value if the library is built with support for that algorithm. Note that for a mechanism to be supported, both the key type and the algorithm must be supported. - -For example, to test if AES-CBC-PKCS7 is supported, in the legacy API, you could write: -``` -#if defined(MBEDTLS_AES_C) && \ - defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) -``` -The equivalent in the PSA API is -``` -#if PSA_WANT_KEY_TYPE_AES && PSA_WANT_ALG_CBC_PKCS7 -``` - -### Cipher metadata - -Both APIs express key sizes in bits. Note however that in the PSA API, the size of a _buffer_ is always expressed in bytes, even if that buffer contains a key. - -The following table lists corresponding PSA macros for maximum-size macros that take all supported algorithms into account. - -| Legacy macro | PSA macro | -| ------------ | --------- | -| `MBEDTLS_MAX_IV_LENGTH` | [`PSA_CIPHER_IV_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_MAX_SIZE), [`PSA_AEAD_NONCE_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1ac2a332765ba4ccfc24935d6f7f48fcc7) | -| `MBEDTLS_MAX_BLOCK_LENGTH` | [`PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE) | -| `MBEDTLS_MAX_KEY_LENGTH` | no equivalent| - -There is no equivalent to the type `mbedtls_cipher_info_t` and the functions `mbedtls_cipher_info_from_type` and `mbedtls_cipher_info_from_values` in the PSA API because it is unnecessary. All macros and functions operate directly on key type values (`psa_key_type_t`, `PSA_KEY_TYPE_xxx` constants) and algorithm values (`psa_algorithm_t`, `PSA_ALG_xxx` constants). - -| Legacy function | PSA macro | -| --------------- | --------- | -| `mbedtls_cipher_info_get_iv_size` | [`PSA_CIPHER_IV_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_LENGTH), [`PSA_AEAD_NONCE_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_NONCE_LENGTH) | -| `mbedtls_cipher_info_get_block_size` | not available (use specific macros for the IV, nonce or tag length) | - -The following features have no PSA equivalent: - -* `mbedtls_cipher_list`: the PSA API does not currently have a discovery mechanism for cryptographic mechanisms, but one may be added in the future. -* `mbedtls_cipher_info_has_variable_key_bitlen`, `mbedtls_cipher_info_has_variable_iv_size`: the PSA API does not currently have such mechanism for high-level metadata information. -* `mbedtls_cipher_info_from_string`: there is no equivalent of Mbed TLS's lookup based on a (nonstandard) name. - -### Cipher key management - -The legacy API and the PSA API have a different organization of operations in several respects: - -* In the legacy API, each operation object contains the necessary key material. In the PSA API, an operation object contains a reference to a key object. To perform a cryptographic operation, you must create a key object first. However, for a one-shot operation, you do not need an operation object, just a single function call. -* The legacy API uses the same interface for authenticated and non-authenticated ciphers, while the PSA API has separate functions. -* The legacy API uses the same functions for encryption and decryption, while the PSA API has separate functions where applicable. - -Here is an overview of the lifecycle of a key object. - -1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters: - * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”). - * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the key's size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material. - * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to set the algorithm to the desired `PSA_ALG_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”). By design, the same key cannot be used with multiple algorithms. - * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable at least [`PSA_KEY_USAGE_ENCRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_ENCRYPT) or [`PSA_KEY_USAGE_DECRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_DECRYPT), depending on which direction you want to use the key in. To allow both directions, use the flag mask `PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT`. The same policy flags cover authenticated and non-authenticated encryption/decryption. -2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object. - * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material. - * If the key is randomly generated, use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). - * If the key is derived from other material (for example from a key exchange), use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1). -3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations. -4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished. - -### Unauthenticated cipher operations - -Recall the workflow of an unauthenticated cipher operation in the legacy Mbed TLS cipher API: - -1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_cipher_init`. -2. Establish the operation parameters (algorithm, key, mode) with `mbedtls_cipher_setup`, `mbedtls_cipher_setkey` (or `mbedtls_cipher_setup_psa`), `mbedtls_cipher_set_padding_mode` if applicable. -3. Set the IV with `mbedtls_cipher_set_iv` (except for ECB which does not use an IV). -4. For a one-shot operation, call `mbedtls_cipher_crypt`. To pass the input in multiple parts, call `mbedtls_cipher_update` as many times as necessary followed by `mbedtls_cipher_finish`. -5. Finally free the resources associated with the operation object by calling `mbedtls_cipher_free`. - -For a one-shot operation (where the whole plaintext or ciphertext is passed as a single input), the equivalent workflow with the PSA API is to call a single function: - -* [`psa_cipher_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga61f02fbfa681c2659546eca52277dbf1) to perform encryption with a random IV of the default size (indicated by [`PSA_CIPHER_IV_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_IV_LENGTH)). (To encrypt with a specified IV, use the multi-part API described below.) You can use the macro [`PSA_CIPHER_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. -* [`psa_cipher_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gab3593f5f14d8c0431dd306d80929215e) to perform decryption with a specified IV. You can use the macro [`PSA_CIPHER_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE) or [`PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. - -For a multi-part operation, the equivalent workflow with the PSA API is as follows: - -1. Create an operation object of type [`psa_cipher_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga1399de29db657e3737bb09927aae51fa) and zero-initialize it (or use the corresponding `INIT` macro). -2. Select the key and algorithm with [`psa_cipher_encrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga587374c0eb8137a572f8e2fc409bb2b4) or [`psa_cipher_decrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gaa4ba3a167066eaef2ea49abc5dcd1d4b) depending on the desired direction. -3. When encrypting with a random IV, use [`psa_cipher_generate_iv`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga29fd7d32a5729226a2f73e7b6487bd8a). When encrypting with a chosen IV, or when decrypting, set the IV with [`psa_cipher_set_iv`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga9caddac1a429a5032d6d4a907fb70ba1). Skip this step with ECB since it does not use an IV. -4. Call [`psa_cipher_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gac3ca27ac6682917c48247d01fd96cd0f) as many times as needed. You can use [`PSA_CIPHER_UPDATE_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_UPDATE_OUTPUT_SIZE) or [`PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1ab1f6598efd6a7dc56e7ad7e34719eb32) to determine a sufficient size for the output buffer. -5. Call [`psa_cipher_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1ga1dcb58b8befe23f8a4d7a1d49c99249b) to obtain the last part of the output. You can use [`PSA_CIPHER_FINISH_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_FINISH_OUTPUT_SIZE) or [`PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. - -If you need to interrupt the operation after calling the setup function without calling the finish function, call [`psa_cipher_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gaad482cdca2098bca0620596aaa02eaa4). - -### Authenticated cipher operations - -Recall the workflow of an authenticated cipher operation in the legacy Mbed TLS cipher API (or similar workflows in the `chachapoly`, `ccm` and `gcm` modules): - -1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_cipher_init`. -2. Establish the operation parameters (algorithm, key, mode) with `mbedtls_cipher_setup`, `mbedtls_cipher_setkey` (or `mbedtls_cipher_setup_psa`), `mbedtls_cipher_set_padding_mode` if applicable. -3. Set the nonce with `mbedtls_cipher_set_iv` (or the `starts` function for low-level modules). For CCM, which requires direct use of the `ccm` module, also call `mbedtls_ccm_set_lengths` to set the length of the additional data and of the plaintext. -4. Call `mbedtls_cipher_update_ad` to pass the unencrypted additional data. -5. Call `mbedtls_cipher_update` as many times as necessary to pass the input plaintext or ciphertext. -6. Call `mbedtls_cipher_finish` to obtain the last part of the output. Then call `mbedtls_cipher_write_tag` (when encrypting) or `mbedtls_cipher_check_tag` (when decrypting) to process the authentication tag. -7. Finally free the resources associated with the operation object by calling `mbedtls_cipher_free`. - -Steps 3–6 can be replaced by a single call to `mbedtls_cipher_auth_encrypt_ext` or `mbedtls_cipher_auth_decrypt_ext` for a one-shot operation (where the whole plaintext or ciphertext is passed as a single input). - -For a one-shot operation, the PSA API allows you to call a single function: - -* [`psa_aead_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae72e1eb3c2da3ebd843bb9c8db8df509) to perform authenticated encryption with a random nonce of the default size (indicated by [`PSA_AEAD_NONCE_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_NONCE_LENGTH)), with the authentication tag written at the end of the output. (To encrypt with a specified nonce, or to separate the tag from the rest of the ciphertext, use the multi-part API described below.) You can use the macro [`PSA_AEAD_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_ENCRYPT_OUTPUT_SIZE) or [`PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. -* [`psa_aead_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae799f6196a22d50c216c947e0320d3ba) to perform authenticated decryption of a ciphertext with the authentication tag at the end. (If the tag is separate, use the multi-part API described below.) You can use the macro [`PSA_AEAD_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_SIZE) or [`PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. - -For a multi-part operation, the equivalent workflow with the PSA API is as follows: - -1. Create an operation object of type [`psa_aead_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga14f6a01afbaa8c5b3d8c5d345cbaa3ed) and zero-initialize it (or use the corresponding `INIT` macro). -2. Select the key and algorithm with [`psa_aead_encrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga2732c40ce8f3619d41359a329e9b46c4) or [`psa_aead_decrypt_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gaaa5c5018e67a7a6514b7e76b9a14de26) depending on the desired direction. -3. When encrypting with a random nonce, use [`psa_aead_generate_nonce`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga5799df1c555efd35970b65be51cb07d1). When encrypting with a chosen nonce, or when decrypting, set the nonce with [`psa_aead_set_nonce`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga59132751a6f843d038924cb217b5e13b). If the algorithm is CCM, you must also call [`psa_aead_set_lengths`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gad3431e28d05002c2a7b0760610176050) before or after setting the nonce (for other algorithms, this is permitted but not needed). -4. Call [`psa_aead_update_ad`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga6d0eed03f832e5c9c91cb8adf2882569) as many times as needed. -5. Call [`psa_aead_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gaf6d49864951ca42136b4a9b71ea26e5c) as many times as needed. You can use [`PSA_AEAD_UPDATE_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_UPDATE_OUTPUT_SIZE) or [`PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. -6. Finally: - * When encrypting, call [`psa_aead_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1ga759791bbe1763b377c3b5447641f1fc8) to obtain the last part of the ciphertext and the authentication tag. You can use [`PSA_AEAD_FINISH_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_FINISH_OUTPUT_SIZE) or [`PSA_AEAD_FINISH_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_FINISH_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. - * When decrypting, call [`psa_aead_verify`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae0280e2e61a185b893c36d858453f0d0) to obtain the last part of the plaintext and check the authentication tag. You can use [`PSA_AEAD_VERIFY_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_VERIFY_OUTPUT_SIZE) or [`PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. - -If you need to interrupt the operation after calling the setup function without calling the finish or verify function, call [`psa_aead_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae8a5f93d92318c8f592ee9fbb9d36ba0). - -### Miscellaneous cipher operation management - -The equivalent of `mbedtls_cipher_reset` is to call [`psa_cipher_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__cipher/#group__cipher_1gaad482cdca2098bca0620596aaa02eaa4) or [`psa_aead_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__aead/#group__aead_1gae8a5f93d92318c8f592ee9fbb9d36ba0). Note that you must set the key again with a setup function: the PSA API does not have a special way to reuse an operation object with the same key. - -There is no equivalent for the `mbedtls_cipher_get_xxx` functions to extract information from an ongoing PSA cipher or AEAD operation. Applications that need this information will need to save it from the key and operation parameters. - -## Hashes and MAC - -The PSA API groups functions by purpose rather than by underlying primitive: there is a MAC API (equivalent to `md.h` for HMAC, and `cmac.h` for CMAC) and a hash API (equivalent to `md.h` for hashing). There is no special API for a particular hash algorithm (`md5.h`, `sha1.h`, `sha256.h`, `sha512.h`, `sha3.h`). To migrate code using those low-level modules, please follow the recommendations in the following section, using the same principles as the corresponding `md.h` API. - -The PSA API does not have a direct interface for the AES-CMAC-PRF-128 algorithm from RFC 4615 calculated by `mbedtls_aes_cmac_prf_128` at the time of writing. You can implement it using the MAC interface with an AES key and the CMAC algorithm. - -### Hash mechanism selection - -The equivalent to `mbedtls_md_type_t` and `MBEDTLS_MD_XXX` constants is the type `psa_algorithm_t` and `PSA_ALG_xxx` constants (the type encompasses all categories of cryptographic algorithms, not just hashes). PSA offers a similar selection of algorithms, but note that SHA-1 and SHA-2 are spelled slightly differently. - -| Mbed TLS constant | PSA constant | -| ---------------------- | ------------------- | -| `MBEDTLS_MD_MD5` | `PSA_ALG_MD5` | -| `MBEDTLS_MD_SHA1` | `PSA_ALG_SHA_1` | -| `MBEDTLS_MD_SHA224` | `PSA_ALG_SHA_224` | -| `MBEDTLS_MD_SHA256` | `PSA_ALG_SHA_256` | -| `MBEDTLS_MD_SHA384` | `PSA_ALG_SHA_384` | -| `MBEDTLS_MD_SHA512` | `PSA_ALG_SHA_512` | -| `MBEDTLS_MD_RIPEMD160` | `PSA_ALG_RIPEMD160` | -| `MBEDTLS_MD_SHA3_224` | `PSA_ALG_SHA3_224` | -| `MBEDTLS_MD_SHA3_256` | `PSA_ALG_SHA3_256` | -| `MBEDTLS_MD_SHA3_384` | `PSA_ALG_SHA3_384` | -| `MBEDTLS_MD_SHA3_512` | `PSA_ALG_SHA3_512` | - -The following helper functions can be used to convert between the 2 types: -- `mbedtls_md_psa_alg_from_type()` converts from legacy `mbedtls_md_type_t` to PSA's `psa_algorithm_t`. -- `mbedtls_md_type_from_psa_alg()` converts from PSA's `psa_algorithm_t` to legacy `mbedtls_md_type_t`. - -### MAC mechanism selection - -PSA Crypto has a generic API with the same functions for all MAC mechanisms. The mechanism is determined by a combination of an algorithm value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69) and a key type value of type [`psa_key_type_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga63fce6880ca5933b5d6baa257febf1f6). - -* For HMAC, the algorithm is [`PSA_ALG_HMAC`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga70f397425684b3efcde1e0e34c28261f)`(hash)` where `hash` is the underlying hash algorithm (see “[Hash mechanism selection](#hash-mechanism-selection)”), - for example `PSA_ALG_HMAC(PSA_ALG_SHA_256)` for HMAC-SHA-256. - The key type is [`PSA_KEY_TYPE_HMAC`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_KEY_TYPE_HMAC) regardless of the hash algorithm. -* For CMAC, the algorithm is [`PSA_ALG_CMAC`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_CMAC) regardless of the underlying block cipher. The key type determines the block cipher: - [`PSA_KEY_TYPE_AES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga6ee54579dcf278c677eda4bb1a29575e), - [`PSA_KEY_TYPE_ARIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#c.PSA_KEY_TYPE_ARIA), - [`PSA_KEY_TYPE_CAMELLIA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad8e5da742343fd5519f9d8a630c2ed81) or - [`PSA_KEY_TYPE_DES`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga577562bfbbc691c820d55ec308333138). - -### Hash and MAC mechanism availability - -For each key type value `PSA_KEY_TYPE_xxx`, the symbol `PSA_WANT_KEY_TYPE_xxx` is defined with a non-zero value if the library is built with support for that key type. For each algorithm value `PSA_ALG_yyy`, the symbol `PSA_WANT_ALG_yyy` is defined with a non-zero value if the library is built with support for that algorithm. For a compound mechanism, all parts must be supported. In particular, for HMAC, all three of `PSA_WANT_KEY_TYPE_HMAC`, `PSA_WANT_ALG_HMAC` and the underlying hash must be enabled. (A configuration with only one of `PSA_WANT_KEY_TYPE_HMAC` and `PSA_WANT_ALG_HMAC` is technically possible but not useful.) - -For example, to test if HMAC-SHA-256 is supported, in the legacy API, you could write: -``` -#if defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) -``` -The equivalent in the PSA API is -``` -#if PSA_WANT_KEY_TYPE_HMAC && PSA_WANT_ALG_HMAC && PSA_WANT_ALG_SHA_256 -``` - -To test if AES-CMAC is supported, in the legacy API, you could write: -``` -if defined(MBEDTLS_AES_C) && defined(MBEDTLS_CMAC_C) -``` -The equivalent in the PSA API is -``` -#if PSA_WANT_KEY_TYPE_AES && PSA_WANT_ALG_CMAC -``` - -### Hash algorithm metadata - -There is no equivalent to the type `mbedtls_md_info_t` and the functions `mbedtls_md_info_from_type` and `mbedtls_md_get_type` in the PSA API because it is unnecessary. All macros and functions operate directly on algorithm (`psa_algorithm_t`, `PSA_ALG_xxx` constants). - -| Legacy macro | PSA macro | -| ------------ | --------- | -| `MBEDTLS_MD_MAX_SIZE` | [`PSA_HASH_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HASH_MAX_SIZE) | -| `MBEDTLS_MD_MAX_BLOCK_SIZE` | [`PSA_HMAC_MAX_HASH_BLOCK_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HMAC_MAX_HASH_BLOCK_SIZE) | -| `mbedtls_md_get_size` | [`PSA_HASH_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HASH_LENGTH) | -| `mbedtls_md_get_size_from_type` | [`PSA_HASH_LENGTH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_HASH_LENGTH) | - -The following features have no PSA equivalent: - -* `mbedtls_md_list`: the PSA API does not currently have a discovery mechanism for cryptographic mechanisms, but one may be added in the future. -* `mbedtls_md_info_from_ctx` -* `mbedtls_cipher_info_from_string`, `mbedtls_md_get_name`: there is no equivalent of Mbed TLS's lookup based on a (nonstandard) name. - -### Hash calculation - -The equivalent of `mbedtls_md` for a one-shot hash calculation is [`psa_hash_compute`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1gac69f7f19d96a56c28cf3799d11b12156). In addition, to compare the hash of a message with an expected value, you can call [`psa_hash_compare`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga0c08f4797bec96b886c8c8d7acc2a553) instead of `mbedtls_md` followed by `memcmp` or a constant-time equivalent. - -For a multi-part hash calculation, the legacy process is as follows: - -1. Create a digest context of type `mbedtls_md_context_t` and initialize it with `mbedtls_md_init`. -2. Call `mbedtls_md_setup` to select the hash algorithm, with `hmac=0`. Then call `mbedtls_md_starts` to start the hash operation. -3. Call `mbedtls_md_update` as many times as necessary. -4. Call `mbedtls_md_finish`. If verifying the hash against an expected value, compare the result with the expected value. -5. Finally free the resources associated with the operation object by calling `mbedtls_md_free`. - -The equivalent process in the PSA API is as follows: - -1. Create an operation object of type [`psa_hash_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga3c4205d2ce66c4095fc5c78c25273fab) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_hash_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga8d72896cf70fc4d514c5c6b978912515) to specify the algorithm. -3. Call [`psa_hash_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga65b16ef97d7f650899b7db4b7d1112ff) as many times as necessary. -4. To obtain the hash, call [`psa_hash_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga4795fd06a0067b0adcd92e9627b8c97e). Alternatively, to verify the hash against an expected value, call [`psa_hash_verify`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga7be923c5700c9c70ef77ee9b76d1a5c0). - -If you need to interrupt the operation after calling the setup function without calling the finish or verify function, call [`psa_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1gab0b4d5f9912a615559497a467b532928). - -There is no equivalent to `mbedtls_md_file` in the PSA API. Load the file data and calculate its hash. - -### MAC key management - -The legacy API and the PSA API have a different organization of operations in several respects: - -* In the legacy API, each operation object contains the necessary key material. In the PSA API, an operation object contains a reference to a key object. To perform a cryptographic operation, you must create a key object first. However, for a one-shot operation, you do not need an operation object, just a single function call. -* The legacy API uses the same interface for authenticated and non-authenticated ciphers, while the PSA API has separate functions. -* The legacy API uses the same functions for encryption and decryption, while the PSA API has separate functions where applicable. - -Here is an overview of the lifecycle of a key object. - -1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters: - * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”). - * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the key's size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material. - * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to set the algorithm to the desired `PSA_ALG_xxx` value (see “[Cipher mechanism selection](#cipher-mechanism-selection)”). By design, the same key cannot be used with multiple algorithms. - * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable at least [`PSA_KEY_USAGE_SIGN_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_SIGN_MESSAGE) to calculate a MAC or [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_VERIFY_MESSAGE) to verify the MAC of a message. To allow both directions, use the flag mask `PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE`. -2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object. - * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material. - * If the key is randomly generated, use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). - * If the key is derived from other material (for example from a key exchange), use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1). -3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations. -4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished. - -### MAC calculation - -The process for a HMAC operation in the legacy API is as follows: - -1. Create a digest context of type `mbedtls_md_context_t` and initialize it with `mbedtls_md_init`. -2. Call `mbedtls_md_setup` to select the hash algorithm, with `hmac=1`. Then call `mbedtls_md_hmac_starts` to set the key. -3. Call `mbedtls_md_hmac_update` as many times as necessary. -4. Call `mbedtls_md_hmac_finish`. If verifying the MAC against an expected value, compare the result with the expected value. Note that this comparison should be in constant time to avoid a side channel vulnerability, for example using `mbedtls_ct_memcmp`. -5. Finally free the resources associated with the operation object by calling `mbedtls_md_free`. - -The process for a CMAC operation in the legacy API is as follows: - -1. Create a cipher context of type `mbedtls_cipher_context_t` and initialize it with `mbedtls_cipher_init`. -2. Call `mbedtls_cipher_setup` to select the block cipher. Then call `mbedtls_md_cmac_starts` to set the key. -3. Call `mbedtls_cipher_cmac_update` as many times as necessary. -4. Call `mbedtls_cipher_cmac_finish`. If verifying the MAC against an expected value, compare the result with the expected value. Note that this comparison should be in constant time to avoid a side channel vulnerability, for example using `mbedtls_ct_memcmp`. -5. Finally free the resources associated with the operation object by calling `mbedtls_cipher_free`. - -The process in the PSA API to calculate a MAC is as follows: - -1. Create an operation object of type [`psa_mac_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga78f0838b0c4e3db28b26355624d4bd37) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_mac_sign_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga03bc3e3c0b7e55b20d2a238e418d46cd) to specify the algorithm and the key. See “[MAC key management](#mac-key-management)” for how to obtain a key identifier. -3. Call [`psa_mac_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga5560af371497babefe03c9da4e8a1c05) as many times as necessary. -4. To obtain the MAC, call [`psa_mac_sign_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gac22bc0125580c96724a09226cfbc97f2). - -To verify a MAC against an expected value, use the following process instead: - -1. Create an operation object of type [`psa_mac_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga78f0838b0c4e3db28b26355624d4bd37) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_mac_verify_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga08ae327fcbc5f8e201172fe11e536984) to specify the algorithm and the key. See “[MAC key management](#mac-key-management)” for how to obtain a key identifier. -3. Call [`psa_mac_update`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1ga5560af371497babefe03c9da4e8a1c05) as many times as necessary. -4. To verify the MAC against an expected value, call [`psa_mac_verify_finish`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gac92b2930d6728e1be4d011c05d485822). - -If you need to interrupt the operation after calling the setup function without calling the finish function, call [`psa_mac_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gacd8dd54855ba1bc0a03f104f252884fd). - -The PSA API also offers functions for a one-shot MAC calculation, similar to `mbedtls_cipher_cmac` and `mbedtls_md_hmac`: - -* [`psa_mac_compute`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gabf02ebd3595ea15436967092b5d52878) to calculate the MAC of a buffer in memory. -* [`psa_mac_verify`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gaf6988545df5d5e2466c34d753443b15a) to verify the MAC of a buffer in memory against an expected value. - -In both cases, see “[MAC key management](#mac-key-management)” for how to obtain a key identifier. - -### Miscellaneous hash or MAC operation management - -The equivalent of `mbedtls_md_reset`, `mbedtls_md_hmac_reset` or `mbedtls_cmac_reset` is to call [`psa_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1gab0b4d5f9912a615559497a467b532928) or [`psa_mac_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group___m_a_c/#group___m_a_c_1gacd8dd54855ba1bc0a03f104f252884fd). Note that you must call a setup function to specify the algorithm and the key (for MAC) again, and they can be different ones. - -The equivalent of `mbedtls_md_clone` to clone a hash operation is [`psa_hash_clone`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__hash/#group__hash_1ga39673348f3302b4646bd780034a5aeda). A PSA MAC operation cannot be cloned. - -## Key derivation - -### HKDF - -PSA Crypto provides access to HKDF, HKDF-Extract and HKDF-Expand via its [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/). This is a generic interface using an operation object with one function call for each input and one function call for each output. - -1. Create an operation object of type [`psa_key_derivation_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga5f099b63799a0959c3d46718c86c2609) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_key_derivation_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gac0b6a76e45cceb1862752bf041701859) to select the algorithm, which is a value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69). For HKDF and variants, use one of the macros [`PSA_ALG_HKDF`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_HKDF), [`PSA_ALG_HKDF_EXTRACT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_HKDF_EXTRACT) or [`PSA_ALG_HKDF_EXPAND`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_HKDF_EXPAND) with the [hash algorithm](#hash-mechanism-selection) passed as an argument. For example `PSA_ALG_HKDF(PSA_ALG_SHA_256)` selects HKDF-SHA-256. -3. Call [`psa_key_derivation_input_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga8fd934dfb0ca45cbf89542ef2a5494c2) on each of the inputs in the order listed below. (Use [`psa_key_derivation_input_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gab2d7ce8705dd8e4a093f4b8a21a0c15a) instead for an input that is a PSA key object.) The input step value for each step is as follows: - 1. [`PSA_KEY_DERIVATION_INPUT_SALT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1gab62757fb125243562c3947a752470d4a) for the salt used during the extraction step. Omit this step for HKDF-Expand. For HKDF, you may omit this step if the salt is empty. - 2. [`PSA_KEY_DERIVATION_INPUT_SECRET`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1ga0ddfbe764baba995c402b1b0ef59392e) for the secret input. - 3. [`PSA_KEY_DERIVATION_INPUT_INFO`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1gacef8df989e09c769233f4b779acb5b7d) for the info string used during the expansion step. Omit this step for HKDF-Extract. -4. Call [`psa_key_derivation_output_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga06b7eb34a2fa88965f68e3d023fa12b9) to obtain the output of the derivation. You may call this function more than once to retrieve the output in successive chunks. Use [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1) instead if you want to use a chunk as a PSA key. -5. Call [`psa_key_derivation_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to free the resources associated with the key derivation object. - -### PKCS#5 module - -Applications currently using `mbedtls_pkcs5_pbkdf2_hmac` or `mbedtls_pkcs5_pbkdf2_hmac_ext` can switch to the PSA key derivation API for PBKDF2. This is a generic interface using an operation object with one function call for each input and one function call for each output. - -1. Create an operation object of type [`psa_key_derivation_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga5f099b63799a0959c3d46718c86c2609) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_key_derivation_setup`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gac0b6a76e45cceb1862752bf041701859) to select the algorithm, which is a value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69). For PBKDF2-HMAC, select `PSA_ALG_PBKDF2_HMAC(hash)` where `hash` is the underlying hash algorithm (see “[Hash mechanism selection](#hash-mechanism-selection)”). -3. Call `psa_key_derivation_input_cost` with the step `PSA_KEY_DERIVATION_INPUT_COST` to select the iteration count. -4. Call [`psa_key_derivation_input_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga8fd934dfb0ca45cbf89542ef2a5494c2) on each of the inputs in the order listed below. (Use [`psa_key_derivation_input_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gab2d7ce8705dd8e4a093f4b8a21a0c15a) instead for an input that is a PSA key object.) The input step value for each step is as follows: - 1. [`PSA_KEY_DERIVATION_INPUT_SALT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1gab62757fb125243562c3947a752470d4a) for the salt used during the extraction step. You may repeat this step to pass the salt in pieces (for example a salt and a pepper). - 2. [`PSA_KEY_DERIVATION_INPUT_SECRET`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__derivation/#group__derivation_1ga0ddfbe764baba995c402b1b0ef59392e) for the password. -5. Call [`psa_key_derivation_output_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga06b7eb34a2fa88965f68e3d023fa12b9) to obtain the output of the derivation. You may call this function more than once to retrieve the output in successive chunks. - Use [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1) instead if you want to use a chunk as a PSA key. - If you want to verify the output against an expected value (for authentication, rather than to derive key material), call [`psa_key_derivation_verify_bytes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gaf01520beb7ba932143ffe733b0795b08) or [`psa_key_derivation_verify_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gac041714e34a94742e8ee006ac7dfea5a) instead of `psa_key_derivation_output_bytes`. (Note that the `verify` functions are not yet present in the 3.5 release of Mbed TLS. They are expected to be released in version 3.6.0.) -6. Call [`psa_key_derivation_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to free the resources associated with the key derivation object. - -The function `mbedtls_pkcs5_pbes2` is only intended as a support function to parse encrypted private keys in the PK module. It has no PSA equivalent. - -### PKCS#12 module - -The functions `mbedtls_pkcs12_derivation` and `mbedtls_pkcs12_pbe` are only intended as support functions to parse encrypted private keys in the PK module. They have no PSA equivalent. - -## Random generation - -### Random generation interface - -The PSA subsystem has an internal random generator. As a consequence, you do not need to instantiate one manually, so most applications using PSA crypto do not need the interfaces from `entropy.h`, `ctr_drbg.h` and `hmac_drbg.h`. See the next sections for remaining use cases for [entropy](#entropy-sources) and [DRBG](#deterministic-pseudorandom-generation). - -The PSA API uses its internal random generator to generate keys (`psa_generate_key`), nonces for encryption (`psa_cipher_generate_iv`, `psa_cipher_encrypt`, `psa_aead_generate_nonce`, `psa_aead_encrypt`, `psa_asymmetric_encrypt`), and other random material as needed. If you need random data for some other purposes, call [`psa_generate_random`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). - -If your application mixes uses of the PSA crypto API and the mbedtls API and you need to pass an RNG argument to a legacy or X.509/TLS function, include the header file `` and use: - -* [`mbedtls_psa_get_random`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/psa__util_8h/#_CPPv422mbedtls_psa_get_randomPvPh6size_t) as the `f_rng` argument; -* [`MBEDTLS_PSA_RANDOM_STATE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/psa__util_8h/#c.MBEDTLS_PSA_RANDOM_STATE) as the `p_rng` argument. - -You can remove the Mbed TLS RNG boilerplate (`mbedtls_entropy_init`, `mbedtls_ctr_drbg_init`, `mbedtls_ctr_drbg_seed`, `mbedtls_ctr_drbg_random`, `mbedtls_ctr_drbg_free`, `mbedtls_entropy_free` — or `hmac_drbg` equivalents of the `ctr_drbg` functions) once you have finished replacing the references to `mbedtls_ctr_drbg_random` (or `mbedtls_hmac_drbg_random`) by `mbedtls_psa_get_random`. - -### Entropy sources - -Unless explicitly configured otherwise, the PSA random generator uses the default entropy sources configured through the legacy interface (`MBEDTLS_ENTROPY_xxx` symbols). Its set of sources is equivalent to an entropy object configured with `mbedtls_entropy_init`. - -A future version of Mbed TLS will include a PSA interface for configuring entropy sources. This is likely to replace the legacy interface in Mbed TLS 4.0. - -### Deterministic pseudorandom generation - -The PSA API does not have a dedicated interface for pseudorandom generation. The [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) can serve a similar purpose in some applications, but it does not offer CTR\_DRBG or HMAC\_DRBG. If you need these algorithms, keep using `ctr_drbg.h` and `hmac_drbg.h`, but note that they may be removed from the public API in Mbed TLS 4.0. - -## Asymmetric cryptography - -The PSA API supports RSA (see “[RSA mechanism selection](#rsa-mechanism-selection)”), elliptic curve cryptography (see “[ECC mechanism selection](#elliptic-curve-mechanism-selection)” and “[EC-JPAKE](#ec-jpake)”) and finite-field Diffie-Hellman (see “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)”). - -### Key lifecycle for asymmetric cryptography - -In the PSA API, keys are referenced by an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t). -(Some documentation references [`mbedtls_svc_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv420mbedtls_svc_key_id_t); the two types are identical except when the library is configured for use in a multi-client cryptography service.) -The PSA key identifier tends to play the same role as an `mbedtls_pk_context`, `mbedtls_rsa_context` or `mbedtls_ecp_keypair` structure in the legacy API. However, there are major differences in the way the two APIs can be used to create keys or to obtain information about a key. - -Here is an overview of the lifecycle of a PSA key object. - -1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters: - * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value (see “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)”). - * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the key's conceptual size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material. - * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to set the permitted algorithm to the desired `PSA_ALG_xxx` value (see “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)” as well as “[Public-key cryptography policies](#public-key-cryptography-policies)”). - * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable the desired usage types (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object. - * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material. - * If the key is randomly generated, use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). - * If the key is derived from other material (for example from a key exchange), use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1). -3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations. -4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished. - -### Public-key cryptography policies - -A key's policy indicates what algorithm(s) it can be used with (usage algorithm policy) and what operations are permitted (usage flags). - -The following table lists the relevant usage flags for asymmetric cryptography. You can pass those flags (combined with bitwise-or) to [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de). - -| Usage | Flag | -| ----- | ---- | -| export public key | 0 (always permitted) | -| export private key | [`PSA_KEY_USAGE_EXPORT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga7dddccdd1303176e87a4d20c87b589ed) | -| Sign a message directly | [`PSA_KEY_USAGE_SIGN_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga552117ac92b79500cae87d4e65a85c54) | -| Sign an already-calculated hash | at least one of [`PSA_KEY_USAGE_SIGN_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga552117ac92b79500cae87d4e65a85c54) or [`PSA_KEY_USAGE_SIGN_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga552117ac92b79500cae87d4e65a85c54) | -| Verify a message directly | [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gabea7ec4173f4f943110329ac2953b2b1) | -| Verify an already-calculated hash | at least one of [`PSA_KEY_USAGE_VERIFY_MESSAGE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gabea7ec4173f4f943110329ac2953b2b1) or [`PSA_KEY_USAGE_VERIFY_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gafadf131ef2182045e3483d03aadaa1bd) | -| Encryption | [`PSA_KEY_USAGE_ENCRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga75153b296d045d529d97203a6a995dad) | -| Decryption | [`PSA_KEY_USAGE_DECRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gac3f2d2e5983db1edde9f142ca9bf8e6a) | -| Key agreement | [`PSA_KEY_USAGE_DERIVE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1gaf19022acc5ef23cf12477f632b48a0b2) | - -The sections “[RSA mechanism selection](#rsa-mechanism-selection)”, “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” and “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)” cover the available algorithm values for each key type. Normally, a key can only be used with a single algorithm, following standard good practice. However, there are two ways to relax this requirement. - -* Many signature algorithms encode a hash algorithm. Sometimes the same key may need to be used to sign messages with multiple different hashes. In an algorithm policy, you can use [`PSA_ALG_ANY_HASH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__values_8h/#c.PSA_ALG_ANY_HASH) instead of a hash algorithm value to allow the key to be used with any hash. For example, `psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH))` allows the key to be used with RSASSA-PSS, with different hash algorithms in each operation. -* In addition to the algorithm (or wildcard) selected with [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98), you can use [`psa_set_key_enrollment_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaffa134b74aa52aa3ed9397fcab4005aa) to permit a second algorithm (or wildcard). This is intended for scenarios where a key is normally used with a single algorithm, but needs to be used with a different algorithm for enrollment (such as an ECDH key for which an ECDSA proof-of-possession is also required). - -### Asymmetric cryptographic mechanisms - -#### RSA mechanism selection - -The PK types `MBEDTLS_PK_RSA`, `MBEDTLS_PK_RSASSA_PSS` and `MBEDTLS_PK_RSA_ALT` correspond to RSA key types in the PSA API. In the PSA API, key pairs and public keys are separate object types. -See “[RSA-ALT interface](#rsa-alt-interface)” for more information about `MBEDTLS_PK_RSA_ALT`. - -The PSA API uses policies and algorithm parameters rather than key types to distinguish between RSA-based mechanisms. The PSA algorithm selection corresponds to the `mbedtls_pk_type_t` value passed to `mbedtls_pk_{sign,verify}_ext`. It also replaces the use of `mbedtls_rsa_set_padding` on an `mbedtls_rsa_context` object. See the list of algorithms below and the signature and encryption sections for more information. - -An RSA public key has the type [`PSA_KEY_TYPE_RSA_PUBLIC_KEY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga9ba0878f56c8bcd1995ac017a74f513b). - -An RSA key pair has the type [`PSA_KEY_TYPE_RSA_KEY_PAIR`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga11745b110166e927e2abeabc7d532051). A key with this type can be used both for private-key and public-key operations (there is no separate key type for a private key without the corresponding public key). -You can always use a private key for operations on the corresponding public key (as long as the policy permits it). - -The following cryptographic algorithms work with RSA keys: - -* PKCS#1v1.5 RSA signature: [`PSA_ALG_RSA_PKCS1V15_SIGN`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga702ff75385a6ae7d4247033f479439af), [`PSA_ALG_RSA_PKCS1V15_SIGN_RAW`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4215e2a78dcf834e9a625927faa2a817). -* PKCS#1v1.5 RSA encryption: [`PSA_ALG_RSA_PKCS1V15_CRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4c540d3abe43fb9abcb94f2bc51acef9). -* PKCS#1 RSASSA-PSS signature: [`PSA_ALG_RSA_PSS`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga62152bf4cb4bf6aace5e1be8f143564d), [`PSA_ALG_RSA_PSS_ANY_SALT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga9b7355a2cd6bde88177634d539127f2b). -* PKCS#1 RSAES-OAEP encryption: [`PSA_ALG_RSA_OAEP`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa1235dc3fdd9839c6c1b1a9857344c76). - -#### Elliptic curve mechanism selection - -The PK types `MBEDTLS_PK_ECKEY`, `MBEDTLS_PK_ECKEY_DH` and `MBEDTLS_PK_ECDSA` correspond to elliptic-curve key types in the PSA API. In the PSA API, key pairs and public keys are separate object types. The PSA API uses policies and algorithm parameters rather than key types to distinguish between the PK EC types. - -An ECC public key has the type [`PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gad54c03d3b47020e571a72cd01d978cf2) where `curve` is a curve family identifier. - -An ECC key pair has the type [`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0b6f5d4d5037c54ffa850d8059c32df0) where `curve` is a curve family identifier. A key with this type can be used both for private-key and public-key operations (there is no separate key type for a private key without the corresponding public key). -You can always use a private key for operations on the corresponding public key (as long as the policy permits it). - -A curve is fully determined by a curve family identifier and the private key size in bits. You can use the following functions to convert between the PSA and legacy elliptic curve designations: -- [`mbedtls_ecc_group_to_psa()`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__psa__tls__helpers/#group__psa__tls__helpers_1ga9c83c095adfec7da99401cf81e164f99) converts from the legacy curve type identifier to PSA curve family and bit-size. -- [`mbedtls_ecc_group_from_psa()`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__psa__tls__helpers/#group__psa__tls__helpers_1ga6243eb619d5b2f5fe4667811adeb8a12) converts from PSA curve family and bit-size to the legacy identifier. - -The following table gives the correspondence between legacy and PSA elliptic curve designations. - -| Mbed TLS legacy curve identifier | PSA curve family | Curve bit-size | -| -------------------------------- | ---------------- | -------------- | -| `MBEDTLS_ECP_DP_SECP192R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 192 | -| `MBEDTLS_ECP_DP_SECP224R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 224 | -| `MBEDTLS_ECP_DP_SECP256R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 256 | -| `MBEDTLS_ECP_DP_SECP384R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 384 | -| `MBEDTLS_ECP_DP_SECP521R1` | [`PSA_ECC_FAMILY_SECP_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 521 | -| `MBEDTLS_ECP_DP_BP256R1` | [`PSA_ECC_FAMILY_BRAINPOOL_P_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac1643f1baf38b30d07c20a6eac697f15) | 256 | -| `MBEDTLS_ECP_DP_BP384R1` | [`PSA_ECC_FAMILY_BRAINPOOL_P_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac1643f1baf38b30d07c20a6eac697f15) | 384 | -| `MBEDTLS_ECP_DP_BP512R1` | [`PSA_ECC_FAMILY_BRAINPOOL_P_R1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac1643f1baf38b30d07c20a6eac697f15) | 512 | -| `MBEDTLS_ECP_DP_CURVE25519` | [`PSA_ECC_FAMILY_MONTGOMERY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1f624c5cdaf25b21287af33024e1aff8) | 255 | -| `MBEDTLS_ECP_DP_SECP192K1` | [`PSA_ECC_FAMILY_SECP_K1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 192 | -| `MBEDTLS_ECP_DP_SECP224K1` | not supported | N/A | -| `MBEDTLS_ECP_DP_SECP256K1` | [`PSA_ECC_FAMILY_SECP_K1`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga48bb340b5544ba617b0f5b89542665a7) | 256 | -| `MBEDTLS_ECP_DP_CURVE448` | [`PSA_ECC_FAMILY_MONTGOMERY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga1f624c5cdaf25b21287af33024e1aff8) | 448 | - -The following cryptographic algorithms work with ECC keys: - -* ECDH key agreement (including X25519 and X448): [`PSA_ALG_ECDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab2dbcf71b63785e7dd7b54a100edee43). -* ECDSA: [`PSA_ALG_ECDSA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7e3ce9f514a227d5ba5d8318870452e3), [`PSA_ALG_ECDSA_ANY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga51d6b6044a62e33cae0cf64bfc3b22a4), [`PSA_ALG_DETERMINISTIC_ECDSA`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga11da566bcd341661c8de921e2ca5ed03). -* EC-JPAKE (see “[EC-JPAKE](#ec-jpake)”. - -#### Diffie-Hellman mechanism selection - -A finite-field Diffie-Hellman key pair has the type [`PSA_KEY_TYPE_DH_KEY_PAIR(group)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab4f857c4cd56f5fe65ded421e61bcc8c) where `group` is a group family as explained below. - -A finite-field Diffie-Hellman public key has the type [`PSA_KEY_TYPE_DH_PUBLIC_KEY(group)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa22f0f2ea89b929f2fadc19890cc5d5c) where `group` is a group family as explained below. Due to the design of the API, there is rarely a need to use Diffie-Hellman public key objects. - -The PSA API only supports Diffie-Hellman with predefined groups. A group is fully determined by a group family identifier and the public key size in bits. - -| Mbed TLS DH group P value | PSA DH group family | Bit-size | -| ------------------------- | ------------------- | -------- | -| `MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 2048 | -| `MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 3072 | -| `MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 4096 | -| `MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 6144 | -| `MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN` | [`PSA_DH_FAMILY_RFC7919`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7be917e67fe4a567fb36864035822ff7) | 8192 | - -A finite-field Diffie-Hellman key can be used for key agreement with the algorithm [`PSA_ALG_FFDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0ebbb6f93a05b6511e6f108ffd2d1eb4). - -### Creating keys for asymmetric cryptography - -The easiest way to create a key pair object is by randomly generating it with [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5). Compared with the low-level functions from the legacy API (`mbedtls_rsa_gen_key`, `mbedtls_ecp_gen_privkey`, `mbedtls_ecp_gen_keypair`, `mbedtls_ecp_gen_keypair_base`, `mbedtls_ecdsa_genkey`), this directly creates an object that can be used with high-level APIs, but removes some of the flexibility. Note that if you want to export the generated private key, you must pass the flag [`PSA_KEY_USAGE_EXPORT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#group__policy_1ga7dddccdd1303176e87a4d20c87b589ed) to [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de); exporting the public key with [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) is always permitted. - -For RSA keys, `psa_generate_key` uses 65537 as the public exponent. You can use [`psa_generate_key_custom`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#ga0415617443afe42a712027bbb8ad89f0) to select a different public exponent. As of Mbed TLS 3.6.1, selecting a different public exponent is only supported with the built-in RSA implementation, not with PSA drivers. - -To create a key object from existing material, use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b). This function has the same basic goal as the PK parse functions (`mbedtls_pk_parse_key`, `mbedtls_pk_parse_public_key`, `mbedtls_pk_parse_subpubkey`), but only supports a single format that just contains the number(s) that make up the key, with very little metadata. The table below summarizes the PSA import/export format for key pairs and public keys; see the documentation of [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) and [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) for more details. - -| Key type | PSA import/export format | -| -------- | ------------------------ | -| RSA key pair | PKCS#1 RSAPrivateKey DER encoding (including both private exponent and CRT parameters) | -| RSA public key | PKCS#1 RSAPublicKey DER encoding | -| ECC key pair | Fixed-length private value (not containing the public key) | -| ECC public key (Weierstrass curve) | Fixed-length uncompressed point | -| ECC public key (Montgomery curve) | Fixed-length public value | -| FFDH key pair | Fixed-length private value (not containing the public key) | -| FFDH public key | Fixed-length public value | - -There is no equivalent of `mbedtls_pk_parse_keyfile` and `mbedtls_pk_parse_public_keyfile`. Either call the legacy function or load the file data manually. - -A future extension of the PSA API will support other import formats. Until those are implemented, see the following subsection for how to use the PK module for key parsing and construct a PSA key object from the PK object. - -### Creating a PSA key via PK - -You can use the PK module as an intermediate step to create an RSA or ECC key for use with PSA. This is useful for use cases that the PSA API does not currently cover, such as: - -* Parsing a key in a format with metadata without knowing its type ahead of time. -* Parsing a key in a format that the PK module supports, but `psa_import_key` doesn't. -* Importing a key which you have in the form of a list of numbers, rather than the binary encoding required by `psa_import_key`. -* Importing a key with less information than what the PSA API needs, for example an ECC public key in a compressed format, an RSA private key without the private exponent, or an RSA private key without the CRT parameters. - -For such use cases: - -1. First create a PK object with the desired key material. -2. Call [`mbedtls_pk_get_psa_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a7aa7b33cffb6981d95d1632631de9244) to fill PSA attributes corresponding to the PK key. Pass one of the following values as the `usage` parameter: - * `PSA_KEY_USAGE_SIGN_HASH` or `PSA_KEY_USAGE_SIGN_MESSAGE` for a key pair used for signing. - * `PSA_KEY_USAGE_DECRYPT` for a key pair used for decryption. - * `PSA_KEY_USAGE_DERIVE` for a key pair used for key agreement. - * `PSA_KEY_USAGE_VERIFY_HASH` or `PSA_KEY_USAGE_VERIFY_MESSAGE` for a public key pair used for signature verification. - * `PSA_KEY_USAGE_ENCRYPT` for a key pair used for encryption. -3. Optionally, tweak the attributes (this is rarely necessary). For example: - * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de), [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) and/or [`psa_set_key_enrollment_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__extra_8h/#group__attributes_1gaffa134b74aa52aa3ed9397fcab4005aa) to change the key's policy (by default, it allows what can be done through the PK module). - · Call [`psa_set_key_id`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae48fcfdc72a23e7499957d7f54ff5a64) and perhaps [`psa_set_key_lifetime`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac03ccf09ca6d36cc3d5b43f8303db6f7) to create a PSA persistent key. -4. Call [`mbedtls_pk_import_into_psa`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1ad59835d14832daf0f4b4bd0a4555abb9) to import the key into the PSA key store. -5. You can now free the PK object with `mbedtls_pk_free`. - -Here is some sample code illustrating the above process, with error checking omitted. - -``` -mbedtls_pk_context pk; -mbedtls_pk_init(&pk); -mbedtls_pk_parse_key(&pk, key_buffer, key_buffer_length, NULL, 0, - mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); -psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; -mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_SIGN_HASH, &attributes); -psa_key_id_t key_id; -mbedtls_pk_import_into_psa(&pk, &attributes, &key_id); -mbedtls_pk_free(&pk); -psa_sign_hash(key_id, ...); -``` - -#### Importing an elliptic curve key from ECP - -This section explains how to use the `ecp.h` API to create an elliptic curve key in a format suitable for `psa_import_key`. - -You can use this, for example, to import an ECC key in the form of a compressed point by calling `mbedtls_ecp_point_read_binary` then following the process below. - -The following code snippet illustrates how to import a private key which is initially in an `mbedtls_ecp_keypair` object. (This includes `mbedtls_ecdsa_keypair` objects since that is just a type alias.) Error checks are omitted for simplicity. A future version of Mbed TLS [will provide a function to calculate the curve family](https://github.com/Mbed-TLS/mbedtls/issues/7764). - -``` -mbedtls_ecp_keypair ec; -mbedtls_ecp_keypair_init(&ec); -// Omitted: fill ec with key material -// (the public key will not be used and does not need to be set) -unsigned char buf[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; -size_t length; -mbedtls_ecp_write_key_ext(&ec, &length, buf, sizeof(buf)); -psa_ecc_curve_t curve = ...; // need to determine the curve family manually -psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; -psa_set_key_attributes(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); -psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...); -psa_set_key_algorithm(&attributes, PSA_ALGORITHM_...); -psa_key_id_t key_id = 0; -psa_import_key(&attributes, buf, length, &key_id); -mbedtls_ecp_keypair_free(&ec); -``` -The following code snippet illustrates how to import a private key which is initially in an `mbedtls_ecp_keypair` object. Error checks are omitted for simplicity. - -``` -mbedtls_ecp_group grp; -mbedtls_ecp_group_init(&grp); -mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_...); -mbedtls_ecp_point pt; -mbedtls_ecp_point_init(&pt); -// Omitted: fill pt with key material -unsigned char buf[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_PUBLIC_KEY_MAX_SIZE)]; -size_t length; -mbedtls_ecp_point_write_binary(&grp, &pt, &length, buf, sizeof(buf)); -psa_ecc_curve_t curve = ...; // need to determine the curve family manually -psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; -psa_set_key_attributes(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)); -psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...); -psa_set_key_algorithm(&attributes, PSA_ALGORITHM_...); -psa_key_id_t key_id = 0; -psa_import_key(&attributes, buf, length, &key_id); -mbedtls_ecp_point_free(&pt); -mbedtls_ecp_group_free(&grp); -``` - -### Key pair and public key metadata - -There is no equivalent to the type `mbedtls_pk_info_t` and the functions `mbedtls_pk_info_from_type` in the PSA API because it is unnecessary. All macros and functions operate directly on key type values (`psa_key_type_t`, `PSA_KEY_TYPE_xxx` constants) and algorithm values (`psa_algorithm_t`, `PSA_ALG_xxx` constants). - -You can call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) to populate a structure with the attributes of a key, then functions such as [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918) and [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06) to obtain a key's type (`PSA_KEY_TYPE_xxx` value) and size (nominal size in bits). - -The bit-size from `psa_get_key_bits` is the same as the one from `mbedtls_pk_get_bitlen`. To convert to bytes as `mbedtls_pk_get_len` or `mbedtls_rsa_get_len` do, you can use the macro `PSA_BITS_TO_BYTES`. However, note that the PSA API has generic macros for each related buffer size (export, signature size, etc.), so you should generally use those instead. The present document lists those macros where it explains the usage of the corresponding function. - -Most code that calls `mbedtls_pk_get_type` or `mbedtls_pk_can_do` only requires the key's type as reported by [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918). For code that uses both `mbedtls_pk_context` objects and PSA metadata encoding, [`mbedtls_pk_can_do_ext`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a256d3e8d4323a45aafa7d2b6c59a36f6) checks the compatibility between a key object and a mechanism. If needed, you can also access a key's policy from its attributes with [`psa_get_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaa1af20f142ca722222c6d98678a0c448), [`psa_get_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac255da850a00bbed925390044f016b34) and [`psa_get_key_enrollment_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga39803b62a97198cf630854db9b53c588). The algorithm policy also conveys the padding and hash information provided by `mbedtls_rsa_get_padding_mode` and `mbedtls_rsa_get_md_alg`. - -### Exporting a public key or a key pair - -To export a PSA key pair or public key, call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf). If the key is a key pair, its policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). - -To export a PSA public key or to export the public key of a PSA key pair object, call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062). This is always permitted regardless of the key's policy. - -The export format is the same format used for `psa_import_key`, described in “[Creating keys for asymmetric cryptography](#creating-keys-for-asymmetric-cryptography)” above. - -A future extension of the PSA API will support other export formats. Until those are implemented, see “[Exposing a PSA key via PK](#exposing-a-psa-key-via-pk)” for ways to use the PK module to format a PSA key. - -#### Exposing a PSA key via PK - -This section discusses how to use a PSA key in a context that requires a PK object, such as PK formatting functions (`mbedtls_pk_write_key_der`, `mbedtls_pk_write_pubkey_der`, `mbedtls_pk_write_pubkey_pem`, `mbedtls_pk_write_key_pem` or `mbedtls_pk_write_pubkey`), Mbed TLS X.509 functions, Mbed TLS SSL functions, or another API that involves `mbedtls_pk_context` objects. The PSA key must be an RSA or ECC key since the PK module does not support DH keys. Three functions from `pk.h` help with that: - -* [`mbedtls_pk_copy_from_psa`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1ab8e88836fd9ee344ffe630c40447bd08) copies a PSA key into a PK object. The PSA key must be exportable. The PK object remains valid even if the PSA key is destroyed. -* [`mbedtls_pk_copy_public_from_psa`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a2a50247a528889c12ea0ddddb8b15a4e) copies the public part of a PSA key into a PK object. The PK object remains valid even if the PSA key is destroyed. -* [`mbedtls_pk_setup_opaque`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/pk_8h/#pk_8h_1a4c04ac22ab9c1ae09cc29438c308bf05) sets up a PK object that wraps the PSA key. The PK object has the type `MBEDTLS_PK_OPAQUE` regardless of whether the key is an RSA or ECC key. The PK object can only be used as permitted by the PSA key's policy. The PK object contains a reference to the PSA key identifier, therefore PSA key must not be destroyed as long as the PK object remains alive. - -Here is some sample code illustrating how to use the PK module to format a PSA public key or the public key of a PSA key pair. -``` -int write_psa_pubkey(psa_key_id_t key_id, - unsigned char *buf, size_t size, size_t *len) { - mbedtls_pk_context pk; - mbedtls_pk_init(&pk); - int ret = mbedtls_pk_copy_public_from_psa(key_id, &pk); - if (ret != 0) goto exit; - ret = mbedtls_pk_write_pubkey_der(&pk, buf, size); - if (ret < 0) goto exit; - *len = ret; - memmove(buf, buf + size - ret, ret); - ret = 0; -exit: - mbedtls_pk_free(&pk); -} -``` - -### Signature operations - -The equivalent of `mbedtls_pk_sign` or `mbedtls_pk_sign_ext` to sign an already calculated hash is [`psa_sign_hash`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga785e746a31a7b2a35ae5175c5ace3c5c). -The key must be a key pair allowing the usage `PSA_KEY_USAGE_SIGN_HASH` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -Use [`PSA_SIGN_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_SIGN_OUTPUT_SIZE) or [`PSA_SIGNATURE_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_SIGNATURE_MAX_SIZE) (similar to `MBEDTLS_PK_SIGNATURE_MAX_SIZE`) to determine a sufficient size for the output buffer. -This is also the equivalent of the type-specific functions `mbedtls_rsa_pkcs1_sign`, `mbedtls_rsa_rsassa_pkcs1_v15_sign`, `mbedtls_rsa_rsassa_pss_sign`, `mbedtls_rsa_rsassa_pss_sign_ext`, `mbedtls_ecdsa_sign`, `mbedtls_ecdsa_sign_det_ext` and `mbedtls_ecdsa_write_signature`. Note that the PSA API uses the raw format for ECDSA signatures, not the ASN.1 format; see “[ECDSA signature](#ecdsa-signature)” for more details. - -The equivalent of `mbedtls_pk_verify` or `mbedtls_pk_verify_ext` to verify an already calculated hash is [`psa_verify_hash`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1gae2ffbf01e5266391aff22b101a49f5f5). -The key must be a public key (or a key pair) allowing the usage `PSA_KEY_USAGE_VERIFY_HASH` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -This is also the equivalent of the type-specific functions `mbedtls_rsa_pkcs1_verify`, `mbedtls_rsa_rsassa_pkcs1_v15_verify`, `mbedtls_rsa_rsassa_pss_verify`, `mbedtls_rsa_rsassa_pss_verify_ext`, `mbedtls_ecdsa_verify` and `mbedtls_ecdsa_read_signature`. Note that the PSA API uses the raw format for ECDSA signatures, not the ASN.1 format; see “[ECDSA signature](#ecdsa-signature)” for more details. - -Generally, `psa_sign_hash` and `psa_verify_hash` require the input to have the correct length for the hash (this has historically not always been enforced in the corresponding legacy APIs). - -See also “[Restartable ECDSA signature](#restartable-ecdsa-signature)” for a restartable variant of this API. - -The PSA API also has functions [`psa_sign_message`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga963ecadae9c38c85826f9a13cf1529b9) and [`psa_verify_message`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga01c11f480b185a4268bebd013df7c14c). These functions combine the hash calculation with the signature calculation or verification. -For `psa_sign_message`, either the usage flag `PSA_KEY_USAGE_SIGN_MESSAGE` or `PSA_KEY_USAGE_SIGN_HASH` is sufficient. -For `psa_verify_message`, either the usage flag `PSA_KEY_USAGE_VERIFY_MESSAGE` or `PSA_KEY_USAGE_VERIFY_HASH` is sufficient. - -Most signature algorithms involve a hash algorithm. See “[Hash mechanism selection](#hash-mechanism-selection)”. - -The following subsections describe the PSA signature mechanisms that correspond to legacy Mbed TLS mechanisms. - -#### ECDSA signature - -**Note: in the PSA API, the format of an ECDSA signature is the raw fixed-size format. This is different from the legacy API** which uses the ASN.1 DER format for ECDSA signatures. To convert between the two formats, use [`mbedtls_ecdsa_raw_to_der`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/psa__util_8h/#group__psa__tls__helpers_1ga9295799b5437bdff8ce8abd524c5ef2e) or [`mbedtls_ecdsa_der_to_raw`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/psa__util_8h/#group__psa__tls__helpers_1ga33b3cf65d5992ccc724b7ee00186ae61). - - - -ECDSA is the mechanism provided by `mbedtls_pk_sign` and `mbedtls_pk_verify` for ECDSA keys, as well as by `mbedtls_ecdsa_sign`, `mbedtls_ecdsa_sign_det_ext`, `mbedtls_ecdsa_write_signature`, `mbedtls_ecdsa_verify` and `mbedtls_ecdsa_read_signature`. - -The PSA API offers three algorithm constructors for ECDSA. They differ only for signature, and have exactly the same behavior for verification. - -* [`PSA_ALG_ECDSA(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga7e3ce9f514a227d5ba5d8318870452e3) is a randomized ECDSA signature of a hash calculated with the algorithm `hash`. -* [`PSA_ALG_ECDSA_ANY`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga51d6b6044a62e33cae0cf64bfc3b22a4) is equivalent to `PSA_ALG_ECDSA`, but does not require specifying a hash as part of the algorithm. It can only be used with `psa_sign_hash` and `psa_verify_hash`, with no constraint on the length of the hash. -* [`PSA_ALG_DETERMINISTIC_ECDSA(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga11da566bcd341661c8de921e2ca5ed03) is a deterministic ECDSA signature of a hash calculated with the algorithm `hash`. This is the same as the functionality offered by `MBEDTLS_ECDSA_DETERMINISTIC` in the legacy API. - * For `psa_sign_message` with `PSA_ALG_DETERMINISTIC_ECDSA`, the same hash algorithm is used to hash the message and to parametrize the deterministic signature generation. - -Unlike the legacy API, where `mbedtls_pk_sign` and `mbedtls_ecdsa_write_signature` automatically select deterministic ECDSA if both are available, the PSA API requires the application to select the preferred variant. ECDSA verification cannot distinguish between randomized and deterministic ECDSA (except in so far as if the same message is signed twice and the signatures are different, then at least one of the signatures is not the determinstic variant), so in most cases switching between the two is a compatible change. - -#### Restartable ECDSA signature - -The legacy API includes an API for “restartable” ECC operations: the operation returns after doing partial computation, and can be resumed. This is intended for highly constrained devices where long cryptographic calculations need to be broken up to poll some inputs, where interrupt-based scheduling is not desired. The legacy API consists of the functions `mbedtls_pk_sign_restartable`, `mbedtls_pk_verify_restartable`, `mbedtls_ecdsa_sign_restartable`, `mbedtls_ecdsa_verify_restartable`, `mbedtls_ecdsa_write_signature_restartable`, `mbedtls_ecdsa_read_signature_restartable`, as well as several configuration and data manipulation functions. - -The PSA API offers similar functionality via “interruptible” public-key operations. As of Mbed TLS 3.5, it is only implemented for ECDSA, for the same curves as the legacy API. This will likely be extended to ECDH in the short term. At the time of writing, no extension is planned to other curves or other algorithms. - -The flow of operations for an interruptible signature operation is as follows: - -1. Create an operation object of type [`psa_sign_hash_interruptible_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga6948d4653175b1b530a265540066a7e7) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_sign_hash_start`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga441988da830205182b3e791352537fac) with the private key object and the hash to verify. -3. Call [`psa_sign_hash_complete`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga79849aaa7004a85d2ffbc4b658a333dd) repeatedly until it returns a status other than `PSA_OPERATION_INCOMPLETE`. - -The flow of operations for an interruptible signature verification operation is as follows: - -1. Create an operation object of type [`psa_verify_hash_interruptible_operation_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga537054cf4909ad1426331ae4ce7148bb) and zero-initialize it (or use the corresponding `INIT` macro). -2. Call [`psa_verify_hash_start`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga912eb51fb94056858f451f276ee289cb) with the private key object and the hash and signature to verify. -3. Call [`psa_verify_hash_complete`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga67fe82352bc2f8c0343e231a70a5bc7d) repeatedly until it returns a status other than `PSA_OPERATION_INCOMPLETE`. - -If you need to cancel the operation after calling the start function without waiting for the loop calling the complete function to finish, call [`psa_sign_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1gae893a4813aa8e03bd201fe4f1bbbb403) or [`psa_verify_hash_abort`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga18dc9c0cc27d590c5e3b186094d90f88). - -Call [`psa_interruptible_set_max_ops`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga6d86790b31657c13705214f373af869e) to set the number of basic operations per call. This is the same unit as `mbedtls_ecp_set_max_ops`. You can retrieve the current value with [`psa_interruptible_get_max_ops`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible__hash/#group__interruptible__hash_1ga73e66a6d93f2690b626fcea20ada62b2). The value is [`PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__interruptible/#group__interruptible_1gad19c1da7f6b7d59d5873d5b68eb943d4) if operations are not restartable, which corresponds to `mbedtls_ecp_restart_is_enabled()` being false. - -#### PKCS#1 v1.5 RSA signature - -This mechanism corresponds to `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_rsa_pkcs1_sign` and `mbedtls_rsa_pkcs1_verify` for an RSA key, unless PSS has been selected with `mbedtls_rsa_set_padding` on the underlying RSA key context. This mechanism also corresponds to `mbedtls_rsa_rsassa_pkcs1_v15_sign` and `mbedtls_rsa_rsassa_pkcs1_v15_verify`. - -The PSA API has two algorithm constructors: - -* [`PSA_ALG_RSA_PKCS1V15_SIGN(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga702ff75385a6ae7d4247033f479439af) formats the hash as specified in PKCS#1. The hash algorithm corresponds to the `md_alg` parameter of the legacy functions. -* [`PSA_ALG_RSA_PKCS1V15_SIGN_RAW`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4215e2a78dcf834e9a625927faa2a817) uses the “hash” input in lieu of a DigestInfo structure. This is the same as calling the legacy functions with `md_alg=MBEDTLS_MD_NONE`. - -#### PKCS#1 RSASSA-PSS signature - -This mechanism corresponds to `mbedtls_pk_sign_ext` and `mbedtls_pk_verify_ext` for an RSA key, as well as `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_rsa_pkcs1_sign` and `mbedtls_rsa_pkcs1_verify` if PSS has been selected on the underlying RSA context with `mbedlts_rsa_set_padding`. -It also corresponds to `mbedtls_rsa_rsassa_pss_sign` and `mbedtls_rsa_rsassa_pss_sign_ext`, `mbedtls_rsa_rsassa_pss_verify` and `mbedtls_rsa_rsassa_pss_verify_ext`. - -The PSA API has two algorithm constructors: [`PSA_ALG_RSA_PSS(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga62152bf4cb4bf6aace5e1be8f143564d) and [`PSA_ALG_RSA_PSS_ANY_SALT(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga9b7355a2cd6bde88177634d539127f2b). They differ only for verification, and have exactly the same behavior for signature. The hash algorithm `hash` corresponds to the `md_alg` parameter passed to the legacy API. It is used to hash the message, to create the salted hash, and for the mask generation with MGF1. The PSA API does not support using different hash algorithms for these different purposes. - -With respect to the salt length: - -* When signing, the salt is random, and the salt length is the largest possible salt length up to the hash length. This is the same as passing `MBEDTLS_RSA_SALT_LEN_ANY` as the salt length to `xxx_ext` legacy functions or using a legacy function that does not have a `saltlen` argument. -* When verifying, `PSA_ALG_RSA_PSS` requires the the salt length to the largest possible salt length up to the hash length (i.e. the same that would be used for signing). -* When verifying, `PSA_ALG_RSA_PSS_ANY_SALT` accepts any salt length. This is the same as passing `MBEDTLS_RSA_SALT_LEN_ANY` as the salt length to `xxx_ext` legacy functions or using a legacy function that does not have a `saltlen` argument. - -### Asymmetric encryption and decryption - -The equivalent of `mbedtls_pk_encrypt`, `mbedtls_rsa_pkcs1_encrypt`, `mbedtls_rsa_rsaes_pkcs1_v15_encrypt` or `mbedtls_rsa_rsaes_oaep_encrypt` to encrypt a short message (typically a symmetric key) is [`psa_asymmetric_encrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1gaa17f61e4ddafd1823d2c834b3706c290). -The key must be a public key (or a key pair) allowing the usage `PSA_KEY_USAGE_ENCRYPT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -Use the macro [`PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1a66ba3bd93e5ec52870ccc3848778bad8) or [`PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE) to determine the output buffer size. - -The equivalent of `mbedtls_pk_decrypt`, `mbedtls_rsa_pkcs1_decrypt`, `mbedtls_rsa_rsaes_pkcs1_v15_decrypt` or `mbedtls_rsa_rsaes_oaep_decrypt` to decrypt a short message (typically a symmetric key) is [`psa_asymmetric_decrypt`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__asymmetric/#group__asymmetric_1ga4f968756f6b22aab362b598b202d83d7). -The key must be a key pair allowing the usage `PSA_KEY_USAGE_DECRYPT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -Use the macro [`PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#crypto__sizes_8h_1a61a246f3eac41989821d982e56fea6c1) or [`PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE) to determine the output buffer size. - -The following subsections describe the PSA asymmetric encryption mechanisms that correspond to legacy Mbed TLS mechanisms. - -#### RSA PKCS#1v1.5 encryption - -This is the mechanism used by the PK functions and by `mbedtls_rsa_pkcs1_{encrypt,decrypt}` unless `mbedtls_rsa_set_padding` has been called on the underlying RSA key context. -This is also the mechanism used by `mbedtls_rsa_rsaes_pkcs1_v15_{encrypt,decrypt}`. - -The PSA algorithm is [`PSA_ALG_RSA_PKCS1V15_CRYPT`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga4c540d3abe43fb9abcb94f2bc51acef9). - -Beware that PKCS#1v1.5 decryption is subject to padding oracle attacks. Revealing when `psa_asymmetric_decrypt` returns `PSA_ERROR_INVALID_PADDING` may allow an adversary to decrypt arbitrary ciphertexts. - -#### RSA RSAES-OAEP - -This is the mechanism used by `mbedtls_rsa_rsaes_oaep_{encrypt,decrypt}`. - -The PSA algorithm is [`PSA_ALG_RSA_OAEP(hash)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gaa1235dc3fdd9839c6c1b1a9857344c76) where `hash` is a hash algorithm value (`PSA_ALG_xxx`, see “[Hash mechanism selection](#hash-mechanism-selection)”). - -As with the PK API, the mask generation is MGF1, the label is empty, and the same hash algorithm is used for MGF1 and to hash the label. The PSA API does not offer a way to choose a different label or a different hash algorithm for the label. - -### Private-public key consistency - -There is no direct equivalent of the functions `mbedtls_rsa_check_privkey`, `mbedtls_rsa_check_pubkey`,`mbedtls_ecp_check_privkey`, `mbedtls_ecp_check_pubkey`. The PSA API performs some basic checks when it imports a key, and may perform additional checks before performing an operation if needed, so it will never perform an operation on a key that does not satisfy these checks, but the details of when the check is performed may change between versions of the library. - -The legacy API provides functions `mbedtls_pk_check_pair`, `mbedtls_rsa_check_pub_priv` and `mbedtls_ecp_check_pub_priv`, which can be used to check the consistency between a private key and a public key. To perform such a check with the PSA API, you can export the public keys; this works because the PSA representation of public keys is canonical. - -* Prepare a key object containing the private key, for example with [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b). -* Prepare a key object containing the public key, for example with [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b). -* Export both public keys with [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) (this is possible regardless of the usage policies on the keys) and compare the output. - ``` - // Error checking omitted - unsigned char pub1[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; - unsigned char pub2[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; - size_t length1, length2; - psa_export_public_key(key1, pub1, sizeof(pub1), &length1); - psa_export_public_key(key2, pub2, sizeof(pub2), &length2); - if (length1 == length2 && !memcmp(pub1, pub2, length1)) - puts("The keys match"); - else - puts("The keys do not match"); - ``` - -### PK functionality with no PSA equivalent - -There is no PSA equivalent of the debug functionality provided by `mbedtls_pk_debug`. Use `psa_export_key` to export the key if desired. - -There is no PSA equivalent to Mbed TLS's custom key type names exposed by `mbedtls_pk_get_name`. - -### Key agreement - -The PSA API has a generic interface for key agreement, covering the main use of both `ecdh.h` and `dhm.h`. - - - -#### Diffie-Hellman key pair management - -The PSA API manipulates keys as such, rather than via an operation context. Thus, to use Diffie-Hellman, you need to create a key object, then perform the key exchange, then destroy the key. There is no equivalent to the types `mbedtls_ecdh_context` and `mbedtls_dhm_context`. - -Here is an overview of the lifecycle of a key object. - -1. First define the attributes of the key by filling a [`psa_key_attributes_t` structure](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga0ec645e1fdafe59d591104451ebf5680). You need to set the following parameters: - * Call [`psa_set_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga6857ef0ecb3fa844d4536939d9c64025) to set the key type to the desired `PSA_KEY_TYPE_xxx` value: - * [`PSA_KEY_TYPE_DH_KEY_PAIR(group)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab4f857c4cd56f5fe65ded421e61bcc8c) for finite-field Diffie-Hellman (see “[Diffie-Hellman mechanism selection](#diffie-hellman-mechanism-selection)”). - * [`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0b6f5d4d5037c54ffa850d8059c32df0) for elliptic-curve Diffie-Hellman (see “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)”). - * Call [`psa_set_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaf61683ac87f87687a40262b5afbfa018) to set the private key size in bits. This is optional with `psa_import_key`, which determines the key size from the length of the key material. - * Call [`psa_set_key_algorithm`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gaeb8341ca52baa0279475ea3fd3bcdc98) to select the appropriate algorithm: - * [`PSA_ALG_ECDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gab2dbcf71b63785e7dd7b54a100edee43) or [`PSA_ALG_FFDH`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga0ebbb6f93a05b6511e6f108ffd2d1eb4) for a raw key agreement. - * [`PSA_ALG_KEY_AGREEMENT(ka, kdf)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga78bb81cffb87a635c247725eeb2a2682) if the key will be used as part of a key derivation, where: - * `ka` is either `PSA_ALG_ECDH` or `PSA_ALG_FFDH`. - * `kdf` is a key derivation algorithm. - * Call [`psa_set_key_usage_flags`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga42a65b3c4522ce9b67ea5ea7720e17de) to enable at least [`PSA_KEY_USAGE_DERIVE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__policy/#c.PSA_KEY_USAGE_DERIVE). See “[Public-key cryptography policies](#public-key-cryptography-policies)” for more information. -2. Call one of the key creation functions, passing the attributes defined in the previous step, to get an identifier of type [`psa_key_id_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__types_8h/#_CPPv412psa_key_id_t) to the key object. - * Use [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5) to generate a random key. This is normally the case for a Diffie-Hellman key. - * Use [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b) to directly import key material. - * If the key is derived deterministically from other material, use the [key derivation interface](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/) and create the key with [`psa_key_derivation_output_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1gada7a6e17222ea9e7a6be6864a00316e1). -3. Call the functions in the following sections to perform operations on the key. The same key object can be used in multiple operations. -4. To free the resources used by the key object, call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) after all operations with that key are finished. - -#### Performing a key agreement - -Call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) to obtain the public key that needs to be sent to the other party. -Use the macros [`PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE) or [`PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) to determine a sufficient size for the output buffer. - -Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) to calculate the shared secret from your private key and the other party's public key. -Use the macros [`PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE) or [`PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) to determine a sufficient size for the output buffer. - -Call [`psa_key_derivation_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga2cd5a8ac906747d3204ec442db78745f) instead of `psa_raw_key_agreement` to use the resulting shared secret as the secret input to a key derivation. See “[HKDF](#hkdf)” for an example of the key derivation interface. - -#### Translating a legacy key agreement contextless workflow - -A typical workflow for ECDH using the legacy API without a context object is: - -1. Initialize objects: - * `mbedtls_ecp_group grp` for the curve; - * `mbedtls_mpi our_priv` for our private key; - * `mbedtls_ecp_point our_pub` for our public key; - * `mbedtls_ecp_point their_pub` for their public key (this may be the same variable as `our_pub` if the application does not need to hold both at the same time); - * `mbedtls_mpi z` for the shared secret (this may be the same variable as `our_priv` when doing ephemeral ECDH). -2. Call `mbedtls_ecp_group_load` on `grp` to select the curve. -3. Call `mbedtls_ecdh_gen_public` on `grp`, `our_priv` (output) and `our_pub` (output) to generate a key pair and retrieve the corresponding public key. -4. Send `our_pub` to the peer. Retrieve the peer's public key and import it into `their_pub`. These two actions may be performed in either order. -5. Call `mbedtls_ecdh_compute_shared` on `grp`, `z` (output), `their_pub` and `our_priv`. Use the raw shared secret `z`, typically, to construct a shared key. -6. Free `grp`, `our_priv`, `our_pub`, `their_pub` and `z`. - -The corresponding workflow with the PSA API is as follows: - -1. Initialize objects: - * `psa_key_id_t our_key`: a handle to our key pair; - * `psa_key_attributes_t attributes`: key attributes used in steps 2–3;; - * `our_pub`: a buffer of size [`PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, bits)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE) (where `key_type` is the value passed to `psa_set_key_size` in step 2) or [`PSA_EXPORT_PUBLIC_KEY_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) to hold our key. - * `their_pub`: a buffer of the same size, to hold the peer's key. This can be the same as `our_pub` if the application does not need to hold both at the same time; - * `shared_secret`: a buffer of size [`PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, bits)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE) or [`PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE) (if not using a key derivation operation). -2. Prepare an attribute structure as described in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”, in particular selecting the curve with `psa_set_key_type`. -3. Call [`psa_generate_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__random/#group__random_1ga1985eae417dfbccedf50d5fff54ea8c5) on `attributes` and `our_key` (output) to generate a key pair, then [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on `our_key` and `our_pub` (output) to obtain our public key. -4. Send `our_pub` to the peer. Retrieve the peer's public key and import it into `their_pub`. These two actions may be performed in either order. -5. Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) on `our_key`, `their_pub` and `shared_secret` (output). - Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”). -6. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) on `key_id`, and free the memory buffers. - -Steps 4–6 are only performed once for a "true" ephemeral Diffie-Hellman. They may be repeated multiple times for a "fake ephemeral" Diffie-Hellman where the same private key is used for multiple key exchanges, but it not saved. - -#### Translating a legacy ephemeral key agreement TLS server workflow - -The legacy API offers the following workflow for an ephemeral Diffie-Hellman key agreement in a TLS 1.2 server. The PSA version of this workflow can also be used with other protocols, on the side of the party that selects the curve or group and sends its public key first. - -1. Setup phase: - 1. Initialize a context of type `mbedtls_ecdh_context` or `mbedtls_dhm_context` with `mbedtls_ecdh_init` or `mbedtls_dhm_init`. - 2. Call `mbedtls_ecdh_setup` or `mbedtls_dhm_set_group` to select the curve or group. - 3. Call `mbedtls_ecdh_make_params` or `mbedtls_dhm_make_params` to generate our key pair and obtain a TLS ServerKeyExchange message encoding the selected curve/group and our public key. -2. Send the ServerKeyExchange message to the peer. -3. Retrieve the peer's public key. -4. Call `mbedtls_ecdh_read_public` or `mbedtls_dhm_read_public` on the peer's public key, then call `mbedtls_ecdh_calc_secret` or `mbedtls_dhm_calc_secret` to calculate the shared secret. -5. Free the context with `mbedtls_ecdh_free` or `mbedtls_dhm_free`. - -The corresponding workflow with the PSA API is as follows: - -1. Setup phase: - 1. Generate an ECDH or DHM key pair with `psa_generate_key` as described in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”. - 2. Call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) to obtain our public key. - 3. Format a ServerKeyExchange message containing the curve/group selection and our public key. -2. Send the ServerKeyExchange message to the peer. -3. Retrieve the peer's public key. -4. Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) on `our_key`, `their_pub` and `shared_secret` (output). - Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”). -5. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) to free the resources associated with our key pair. - -#### Translating a legacy ephemeral key agreement TLS client workflow - -The legacy API offers the following workflow for an ephemeral Diffie-Hellman key agreement in a TLS 1.2 client. The PSA version of this workflow can also be used with other protocols, on the side of the party that receives a message indicating both the choice of curve or group, and the peer's public key. - -1. Upon reception of a TLS ServerKeyExchange message received from the peer, which encodes the selected curve/group and the peer's public key: - 1. Initialize a context of type `mbedtls_ecdh_context` or `mbedtls_dhm_context` with `mbedtls_ecdh_init` or `mbedtls_dhm_init`. - 2. Call `mbedtls_ecdh_read_params` or `mbedtls_dhm_read_params` to input the data from the ServerKeyExchange message. -2. Call `mbedtls_ecdh_make_public` or `mbedtls_dh_make_public` to generate our private key and export our public key. -3. Send our public key to the peer. -4. Call `mbedtls_ecdh_calc_secret` or `mbedtls_dhm_calc_secret` to calculate the shared secret. -5. Free the context with `mbedtls_ecdh_free` or `mbedtls_dhm_free`. - -The corresponding workflow with the PSA API is as follows: - -1. Upon reception of a TLS ServerKeyExchange message received from the peer, which encodes the selected curve/group and the peer's public key: - 1. Decode the selected curve/group and use this to determine a PSA key type (`PSA_KEY_TYPE_ECC_KEY_PAIR(curve)` or `PSA_KEY_TYPE_DH_KEY_PAIR(group)`), a key size and an algorithm. -2. Generate an ECDH or DHM key pair with `psa_generate_key` as described in “[Diffie-Hellman key pair management](#diffie-hellman-key-pair-management)”. - Call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) to obtain our public key. -3. Send our public key to the peer. -4. Call [`psa_raw_key_agreement`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__derivation/#group__key__derivation_1ga90fdd2716124d0bd258826184824675f) on `our_key`, `their_pub` and `shared_secret` (output). - Alternatively, call `psa_key_derivation_key_agreement` to use the shared secret directly in a key derivation operation (see “[Performing a key agreement](#performing-a-key-agreement)”). -5. Call [`psa_destroy_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__key__management/#group__key__management_1ga5f52644312291335682fbc0292c43cd2) to free the resources associated with our key pair. - -#### ECDH and DHM metadata functions - -You can obtain data and metadata from an ECDH key agreement through the PSA API as follows: - -* With either side, accessing the group: call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) on the key identifier, then [`psa_get_key_type`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gae4fb812af4f57aa1ad85e335a865b918) and [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06) to obtain metadata about the key. -* Accessing our public key: call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on the PSA key identifier. -* Accessing our private key: call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) on the key identifier. Note that the key policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -* Accessing the peer's public key: there is no PSA equivalent since the PSA API only uses the peer's public key to immediately calculate the shared secret. If your application needs the peer's public key for some other purpose, store it separately. - -The functions `mbedtls_dhm_get_bitlen`, `mbedtls_dhm_get_len` and `mbedtls_dhm_get_value` allow the caller to obtain metadata about the keys used for the key exchange. The PSA equivalents access the key identifier: - -* `mbedtls_dhm_get_bitlen`, `mbedtls_dhm_get_len`: call [`psa_get_key_attributes`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gacbbf5c11eac6cd70c87ffb936e1b9be2) on the PSA key identifier, then [`psa_get_key_bits`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1ga5bee85c2164ad3d4c0d42501241eeb06). -* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_X` (our private key): call [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) on the key identifier. Note that the key policy must allow `PSA_KEY_USAGE_EXPORT` (see “[Public-key cryptography policies](#public-key-cryptography-policies)”). -* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_GX` (our public key): call [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) on the PSA key identifier. -* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_GY` (peer's public key): the there is no PSA equivalent since the PSA API only uses the peer's public key to immediately calculate the shared secret. If your application needs the peer's public key for some other purpose, store it separately. -* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_K` (shared secret): this is the value calculated by `psa_raw_key_agreement` or `psa_key_derivation_key_agreement`. If you need to use it multiple times (for example to derive multiple values independently), call `psa_raw_key_agreement` and make a copy. -* `mbedtls_dhm_get_value` for `MBEDTLS_DHM_PARAM_P` or `MBEDTLS_DHM_PARAM_G` (group parameters): [there is no PSA API to retrieve these values](https://github.com/Mbed-TLS/mbedtls/issues/7780). - -The PSA API for finite-field Diffie-Hellman only supports predefined groups. Therefore there is no equivalent to `mbedtls_dhm_parse_dhm`, `mbedtls_dhm_parse_dhmfile`, and the `MBEDTLS_DHM_xxx_BIN` macros. - -#### Restartable key agreement - -Restartable key agreement (enabled by `mbedtls_ecdh_enable_restart`) is not yet available through the PSA API. It will be added under the name “interruptible key agreement” in a future version of the library, with an interface that's similar to the interruptible signature interface described in “[Restartable ECDSA signature](#restartable-ecdsa-signature)”. - -### Additional information about Elliptic-curve cryptography - -#### Information about a curve - -The legacy API identifies a curve by an `MBEDTLS_ECP_DP_xxx` value of type `mbedtls_ecp_group_id`. The PSA API identifies a curve by a `PSA_ECC_FAMILY_xxx` value and the private value's bit-size. See “[Elliptic curve mechanism selection](#elliptic-curve-mechanism-selection)” for the correspondence between the two sets of values. - -There is no PSA equivalent of the `mbedtls_ecp_group` data structure (and so no equivalent to `mbedtls_ecp_group_init`, `mbedtls_ecp_group_load`, `mbedtls_ecp_group_copy` and `mbedtls_ecp_group_free`) or of the `mbedtls_ecp_curve_info` data structure (and so no equivalent to `mbedtls_ecp_curve_info_from_grp_id`) because they are not needed. All API elements identify the curve directly by its family and size. - -The bit-size used by the PSA API is the size of the private key. For most curves, the PSA bit-size, the `bit_size` field in `mbedtls_ecp_curve_info`, the `nbits` field in `mbedtls_ecp_group` and the `pbits` field in `mbedtls_ecp_group` are the same. The following table lists curves for which they are different. - -| Curve | `grp->nbits` | `grp->pbits` | `curve_info->bit_size` | PSA bit-size | -| ----- | ------------ | ------------ | ---------------------- | ------------ | -| secp224k1 | 225 | 224 | 224 | not supported | -| Curve25519 | 253 | 255 | 256 | 255 | -| Curve448 | 446 | 448 | 448 | 448 | - -There is no exact PSA equivalent of the type `mbedtls_ecp_curve_type` and the function `mbedtls_ecp_get_type`, but the curve family encodes the same information. `PSA_ECC_FAMILY_MONTGOMERY` is the only Montgomery family. All other families supported in Mbed TLS 3.4.0 are short Weierstrass families. - -There is no PSA equivalent for the following functionality: - -* The `name` field of `mbedtls_ecp_curve_info`, and the function `mbedtls_ecp_curve_info_from_name`. There is no equivalent of Mbed TLS's lookup based on the name used for the curve in TLS specifications. -* The `tls_id` field of `mbedtls_ecp_curve_info`, the constant `MBEDTLS_ECP_TLS_NAMED_CURVE`, and the functions `mbedtls_ecp_curve_info_from_tls_id`, `mbedtls_ecp_tls_read_group`, `mbedtls_ecp_tls_read_group_id` and `mbedtls_ecp_tls_write_group`. The PSA crypto API does not have this dedicated support for the TLS protocol. -* Retrieving the parameters of a curve from the fields of an `mbedtls_ecp_group` structure. - -#### Information about supported curves - -The PSA API does not currently have a discovery mechanism for cryptographic mechanisms (although one may be added in the future). Thus there is no equivalent for `MBEDTLS_ECP_DP_MAX` and the functions `mbedtls_ecp_curve_list` and `mbedtls_ecp_grp_id_list`. - -The API provides macros that give the maximum supported sizes for various kinds of objects. The following table lists equivalents for `MBEDTLS_ECP_MAX_xxx` macros. - -| Legacy macro | PSA equivalent | -| ------------ | -------------- | -| `MBEDTLS_ECP_MAX_BITS` | [`PSA_VENDOR_ECC_MAX_CURVE_BITS`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_VENDOR_ECC_MAX_CURVE_BITS) | -| `MBEDTLS_ECP_MAX_BYTES` | `PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)` | -| `MBEDTLS_ECP_MAX_PT_LEN` | [`PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__sizes_8h/#c.PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE) | - -#### Restartable ECC - -The PSA API supports the equivalent of restartable operations, but only for signatures at the time of writing. See “[Restartable ECDSA signature](#restartable-ecdsa-signature)”. - -There is no PSA API for elliptic curve arithmetic as such, and therefore no equivalent of `mbedtls_ecp_restart_ctx` and functions that operate on it. - -There is PSA no equivalent of the `MBEDTLS_ECP_OPS_xxx` constants. - -#### ECC functionality with no PSA equivalent - -There is no PSA equivalent of `mbedtls_ecdsa_can_do` and `mbedtls_ecdh_can_do` to query the capabilities of a curve at runtime. Check the documentation of each curve family to see what algorithms it supports. - -There is no PSA equivalent to the types `mbedtls_ecdsa_context` and `mbedtls_ecdsa_restart_ctx`, and to basic ECDSA context manipulation functions including `mbedtls_ecdsa_from_keypair`, because they are not needed: the PSA API does not have ECDSA-specific context types. - -#### No curve arithmetic - -The PSA API is a cryptography API, not an arithmetic API. As a consequence, there is no PSA equivalent for the ECC arithmetic functionality exposed by `ecp.h`: - -* Manipulation of point objects and input-output: the type `mbedtls_ecp_point` and functions operating on it (`mbedtls_ecp_point_xxx`, `mbedtls_ecp_copy`, `mbedtls_ecp_{set,is}_zero`, `mbedtls_ecp_tls_{read,write}_point`). Note that the PSA export format for public keys corresponds to the uncompressed point format (`MBEDTLS_ECP_PF_UNCOMPRESSED`), so [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b), [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) and [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) are equivalent to `mbedtls_ecp_point_read_binary` and `mbedtls_ecp_point_write_binary` for uncompressed points. The PSA API does not currently support compressed points, but it is likely that such support will be added in the future. -* Manipulation of key pairs as such, with a bridge to bignum arithmetic (`mbedtls_ecp_keypair` type, `mbedtls_ecp_export`). However, the PSA export format for ECC private keys used by [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b), [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) is the same as the format used by `mbedtls_ecp_read_key` and `mbedtls_ecp_write_key_ext`. -* Elliptic curve arithmetic (`mbedtls_ecp_mul`, `mbedtls_ecp_muladd` and their restartable variants). - -### Additional information about RSA - -#### RSA-ALT interface - -Implementers of the RSA-ALT interface (`MBEDTLS_PK_RSA_ALT` pk type, `mbedtls_pk_setup_rsa_alt` setup function) should migrate to the [PSA cryptoprocessor driver interface](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-driver-example-and-guide.md). - -* If the purpose of the ALT interface is acceleration only: use the accelerator driver interface. This is fully transparent to application code. -* If the purpose of the ALT interface is to isolate the private key in a high-security environment: use the opaque driver interface. This is mostly transparent to user code. Code that uses a key via its key identifier does not need to know whether the key is transparent (equivalent of `MBEDTLS_PK_RSA`) or opaque (equivalent of `MBEDTLS_PK_RSA_ALT`). When creating a key, it will be transparent by default; to create an opaque key, call [`psa_set_key_lifetime`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__attributes/#group__attributes_1gac03ccf09ca6d36cc3d5b43f8303db6f7) to set the key's location to the chosen location value for the driver, e.g. - ``` - psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( - PSA_KEY_PERSISTENCE_VOLATILE, MY_RSA_DRIVER_LOCATION)); - ``` - -The PSA subsystem uses its internal random generator both for randomized algorithms and to generate blinding values. As a consequence, none of the API functions take an RNG parameter. - -#### RSA functionality with no PSA equivalent - -The PSA API does not provide direct access to the exponentiation primitive as with `mbedtls_rsa_public` and `mbedtls_rsa_private`. If you need an RSA-based mechanism that is not supported by the PSA API, please [submit an issue on GitHub](https://github.com/ARM-software/psa-api/issues) so that we can extend the API to support it. - -The PSA API does not support constructing RSA keys progressively from numbers with `mbedtls_rsa_import` or `mbedtls_rsa_import_raw` followed by `mbedtls_rsa_complete`. See “[Importing a PK key by wrapping](#importing-a-pk-key-by-wrapping)”. - -There is no direct equivalent of `mbedtls_rsa_export`, `mbedtls_rsa_export_raw` and `mbedtls_rsa_export_crt` to export some of the numbers in a key. You can export the whole key with `psa_export_key`, or with `psa_export_public_key` to export the public key from a key pair object. See also “[Exporting a public key or a key pair](#exporting-a-public-key-or-a-key-pair)”. - -A PSA key object is immutable, so there is no need for an equivalent of `mbedtls_rsa_copy`. (There is a function `psa_copy_key`, but it is only useful to make a copy of a key with a different policy of ownership; both concepts are out of scope of this document since they have no equivalent in the legacy API.) - -### LMS signatures - -A future version of Mbed TLS will support LMS keys and signatures through the PSA API (`psa_generate_key`, `psa_export_public_key`, `psa_import_key`, `psa_sign_hash`, `psa_verify_hash`, etc.). However, this is likely to happen after Mbed TLS 4.0, therefore the next major version of Mbed TLS will likely keep the existing `lms.h` interface. - -### PK format support interfaces - -The interfaces in `base64.h`, `asn1.h`, `asn1write.h`, `oid.h` and `pem.h` are intended to support X.509 and key file formats. They have no PSA equivalent since they are not directly about cryptography. - -In Mbed TLS 4.0, we are planning to keep the ASN.1 interfaces mostly unchanged. The evolution of Base64, OID and PEM as separate interfaces is still undecided at the time of writing. - -## EC-JPAKE - -The PSA API exposes EC-JPAKE via the algorithm [`PSA_ALG_JPAKE`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/crypto__extra_8h/#c.PSA_ALG_JPAKE) and the PAKE API functions. At the time of writing, the PAKE API is still experimental, but it should offer the same functionality as the legacy `ecjpake.h`. Please consult the documentation of your version of Mbed TLS for more information. - -Please note a few differences between the two APIs: the legacy API is geared towards the use of EC-JPAKE in TLS 1.2, whereas the PSA API is protocol-agnostic. - -* The PSA API is finer-grained and offers more flexibility in message ordering. Where the legacy API makes a single function call, the PSA API may require multiple calls. -* The legacy API uses the TLS 1.2 wire format in the input or output format of several functions. In particular, one of the messages embeds the curve identifier in the TLS protocol. The PSA API uses protocol-agnostic formats. -* The legacy API always applies the key derivation specified by TLS 1.2 to the shared secret. With the PSA API, use a key derivation with `PSA_ALG_TLS12_ECJPAKE_TO_PMS` for the same calculation. From cd5abfe7b485b6e81f6115238966657a1ab4eb08 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 16:43:49 +0200 Subject: [PATCH 0687/1548] Move the X.509 and SSL content from the crypto migration guide Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/rng-removal.md | 119 ++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 docs/4.0-migration-guide/rng-removal.md diff --git a/docs/4.0-migration-guide/rng-removal.md b/docs/4.0-migration-guide/rng-removal.md new file mode 100644 index 0000000000..8ec273b2c3 --- /dev/null +++ b/docs/4.0-migration-guide/rng-removal.md @@ -0,0 +1,119 @@ +## RNG removal + +### Public functions no longer take a RNG callback + +The `f_rng` and `p_rng` arguments have been removed from the X509 and SSL modules. All calls to `f_rng` have then been replaced by a call to `psa_generate_random` and all software utilising these modules will now require a call to `psa_crypto_init` prior to calling them. + +### Changes in x509 + +The following function calls have been changed in x509: + +```c +int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); +``` + +```c +int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); +``` + +```c +int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); +``` + +```c +int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); +``` + +to + +```c +int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); +``` + +```c +int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); +``` + +```c +int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); +``` + +```c +int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); +``` + +### Changes in SSL + +The following function calls have been changed in SSL: + +```c +int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime); +``` + +```c +int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); +``` + +to + +```c +int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, + psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime); +``` + +```c +int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx); +``` + +The following structs have also been changed in SSL + +```c +typedef struct mbedtls_ssl_ticket_context { + mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */ + unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */ + + uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */ + + /** Callback for getting (pseudo-)random numbers */ + int(*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t); + void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */ + +#if defined(MBEDTLS_THREADING_C) + mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); +#endif +} +mbedtls_ssl_ticket_context; +``` + + +to + +```c +typedef struct mbedtls_ssl_ticket_context { + mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */ + unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */ + + uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */ + +#if defined(MBEDTLS_THREADING_C) + mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); +#endif +} +mbedtls_ssl_ticket_context; +``` + +### Removal of `mbedtls_ssl_conf_rng` + +`mbedtls_ssl_conf_rng` has been removed from the library as its sole purpose is to configure RNG for ssl and this is no longer required. From 617ee75e983526657c423adc544db57a73880e57 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 16:52:01 +0200 Subject: [PATCH 0688/1548] Copyediting and wording improvements Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/rng-removal.md | 33 +++++++++++-------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/docs/4.0-migration-guide/rng-removal.md b/docs/4.0-migration-guide/rng-removal.md index 8ec273b2c3..447a6aefe4 100644 --- a/docs/4.0-migration-guide/rng-removal.md +++ b/docs/4.0-migration-guide/rng-removal.md @@ -2,31 +2,36 @@ ### Public functions no longer take a RNG callback -The `f_rng` and `p_rng` arguments have been removed from the X509 and SSL modules. All calls to `f_rng` have then been replaced by a call to `psa_generate_random` and all software utilising these modules will now require a call to `psa_crypto_init` prior to calling them. +Functions that need randomness no longer take an RNG callback in the form of `f_rng, p_rng` arguments. Instead, they use the PSA Crypto random generator (accessible as `psa_generate_random()`). All software using the X.509 or SSL modules must call `psa_crypto_init()` before calling any of the functions listed here. -### Changes in x509 +### Changes in X.509 -The following function calls have been changed in x509: +The following function prototypes have been changed in `mbedtls/x509_crt.h`: ```c int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); -``` -```c int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); ``` +to + +```c +int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); + +int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); +``` + +The following function prototypes have been changed in `mbedtls/x509_csr.h`: ```c int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); -``` -```c int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); @@ -34,25 +39,15 @@ int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, si to -```c -int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); -``` - -```c -int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); -``` - ```c int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); -``` -```c int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); ``` ### Changes in SSL -The following function calls have been changed in SSL: +The following function prototypes have been changed in `mbedtls/ssl.h`: ```c int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, @@ -116,4 +111,4 @@ mbedtls_ssl_ticket_context; ### Removal of `mbedtls_ssl_conf_rng` -`mbedtls_ssl_conf_rng` has been removed from the library as its sole purpose is to configure RNG for ssl and this is no longer required. +`mbedtls_ssl_conf_rng()` has been removed from the library. Its sole purpose was to configure the RNG used for TLS, but now the PSA Crypto random generator is used throughout the library. From 6f035a854b0f6d7a9ef84d421ec7ce0b8af95021 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 16:56:38 +0200 Subject: [PATCH 0689/1548] Explain why the programs have been removed Also fix the indentation of `*`. Signed-off-by: Gilles Peskine --- ChangeLog.d/9964.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/9964.txt b/ChangeLog.d/9964.txt index ca0cc4b48d..30029f2d3f 100644 --- a/ChangeLog.d/9964.txt +++ b/ChangeLog.d/9964.txt @@ -1,5 +1,5 @@ Removals - * Removal of the following sample programs: + * Sample programs for the legacy crypto API have been removed. pkey/rsa_genkey.c pkey/pk_decrypt.c pkey/dh_genprime.c From 663b6df5227b1c74ecd73230c3ad5076e578fe5a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 17:06:28 +0200 Subject: [PATCH 0690/1548] Generalize section to other function prototype changes Signed-off-by: Gilles Peskine --- ...g-removal.md => function-prototype-changes-for-psa.md} | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) rename docs/4.0-migration-guide/{rng-removal.md => function-prototype-changes-for-psa.md} (95%) diff --git a/docs/4.0-migration-guide/rng-removal.md b/docs/4.0-migration-guide/function-prototype-changes-for-psa.md similarity index 95% rename from docs/4.0-migration-guide/rng-removal.md rename to docs/4.0-migration-guide/function-prototype-changes-for-psa.md index 447a6aefe4..1778a582c9 100644 --- a/docs/4.0-migration-guide/rng-removal.md +++ b/docs/4.0-migration-guide/function-prototype-changes-for-psa.md @@ -1,10 +1,12 @@ -## RNG removal +## High-level API tweaks for PSA + +A number of existing functions now take a different list of arguments, to migrate them to the PSA API. ### Public functions no longer take a RNG callback Functions that need randomness no longer take an RNG callback in the form of `f_rng, p_rng` arguments. Instead, they use the PSA Crypto random generator (accessible as `psa_generate_random()`). All software using the X.509 or SSL modules must call `psa_crypto_init()` before calling any of the functions listed here. -### Changes in X.509 +### RNG removal in X.509 The following function prototypes have been changed in `mbedtls/x509_crt.h`: @@ -45,7 +47,7 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, si int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); ``` -### Changes in SSL +### RNG removal in SSL The following function prototypes have been changed in `mbedtls/ssl.h`: From 15037deab3f815480d812239dff800e0ed6fe2cc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 17:13:57 +0200 Subject: [PATCH 0691/1548] Consolidate changes to mbedtls_ssl_ticket_setup() Describe the change to the cipher mechanism specification. Consolidate that with the removal of the RNG arguments. Signed-off-by: Gilles Peskine --- .../function-prototype-changes-for-psa.md | 34 ++++++++++++------- 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/docs/4.0-migration-guide/function-prototype-changes-for-psa.md b/docs/4.0-migration-guide/function-prototype-changes-for-psa.md index 1778a582c9..055c9001df 100644 --- a/docs/4.0-migration-guide/function-prototype-changes-for-psa.md +++ b/docs/4.0-migration-guide/function-prototype-changes-for-psa.md @@ -49,13 +49,7 @@ int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, si ### RNG removal in SSL -The following function prototypes have been changed in `mbedtls/ssl.h`: - -```c -int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime); -``` +The following function prototype has been changed in `mbedtls/ssl_cookie.h`: ```c int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, @@ -65,11 +59,6 @@ int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, to -```c -int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime); -``` - ```c int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx); ``` @@ -114,3 +103,24 @@ mbedtls_ssl_ticket_context; ### Removal of `mbedtls_ssl_conf_rng` `mbedtls_ssl_conf_rng()` has been removed from the library. Its sole purpose was to configure the RNG used for TLS, but now the PSA Crypto random generator is used throughout the library. + +### Changes to mbedtls_ssl_ticket_setup + +In the arguments of the function `mbedtls_ssl_ticket_setup()`, the `mbedtls_cipher_type_t` argument specifying the AEAD mechanism for ticket protection has been replaced by an equivalent PSA description consisting of a key type, a size and an algorithm. Also, the function no longer takes RNG arguments. + +The prototype in `mbedtls/ssl_ticket.h` has changed from + +```c +int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, + mbedtls_f_rng_t *f_rng, void *p_rng, + mbedtls_cipher_type_t cipher, + uint32_t lifetime); +``` + +to + +```c +int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, + psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, + uint32_t lifetime); +``` From a0e06dd6d3731de9b683f0c989f5ea5a143e53bb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 17:14:45 +0200 Subject: [PATCH 0692/1548] Don't mention changes to fields that were already private Signed-off-by: Gilles Peskine --- .../function-prototype-changes-for-psa.md | 37 ------------------- 1 file changed, 37 deletions(-) diff --git a/docs/4.0-migration-guide/function-prototype-changes-for-psa.md b/docs/4.0-migration-guide/function-prototype-changes-for-psa.md index 055c9001df..b5ba1c43d6 100644 --- a/docs/4.0-migration-guide/function-prototype-changes-for-psa.md +++ b/docs/4.0-migration-guide/function-prototype-changes-for-psa.md @@ -63,43 +63,6 @@ to int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx); ``` -The following structs have also been changed in SSL - -```c -typedef struct mbedtls_ssl_ticket_context { - mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */ - unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */ - - uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */ - - /** Callback for getting (pseudo-)random numbers */ - int(*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t); - void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */ - -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); -#endif -} -mbedtls_ssl_ticket_context; -``` - - -to - -```c -typedef struct mbedtls_ssl_ticket_context { - mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */ - unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */ - - uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */ - -#if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); -#endif -} -mbedtls_ssl_ticket_context; -``` - ### Removal of `mbedtls_ssl_conf_rng` `mbedtls_ssl_conf_rng()` has been removed from the library. Its sole purpose was to configure the RNG used for TLS, but now the PSA Crypto random generator is used throughout the library. From 826225fe317b43081b046434db9eb22de4b18caa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 17:19:12 +0200 Subject: [PATCH 0693/1548] Migration guide entries for removed deprecated functions Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/deprecated-removals.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 docs/4.0-migration-guide/deprecated-removals.md diff --git a/docs/4.0-migration-guide/deprecated-removals.md b/docs/4.0-migration-guide/deprecated-removals.md new file mode 100644 index 0000000000..e74b1adc10 --- /dev/null +++ b/docs/4.0-migration-guide/deprecated-removals.md @@ -0,0 +1,14 @@ +## Removal of deprecated functions + +### Removal of deprecated X.509 functions + +The deprecated function `mbedtls_x509write_crt_set_serial()` has been removed. The function was superseded by `mbedtls_x509write_crt_set_serial_raw()`. + +### Removal of deprecated SSL functions + +The deprecated function `mbedtls_ssl_conf_curves()` has been removed. +The function was superseded by `mbedtls_ssl_conf_groups()`. + +### Removal of `compat-2.x.h` + +The header `compat-2.x.h`, containing some definitions for backward compatibility with Mbed TLS 2.x, has been removed. From f6c03d1b7f27c77aa9aa97881e828097897f0a64 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 17:19:30 +0200 Subject: [PATCH 0694/1548] typo Signed-off-by: Gilles Peskine --- ChangeLog.d/9892.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/9892.txt b/ChangeLog.d/9892.txt index 01d21b6e5f..cf9f9dc132 100644 --- a/ChangeLog.d/9892.txt +++ b/ChangeLog.d/9892.txt @@ -1,4 +1,4 @@ Removals * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was - already deprecated and superseeded by + already deprecated and superseded by mbedtls_x509write_crt_set_serial_raw(). From 72968cca33b62debe1f1e065f8f8ed4720847dc5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 21:14:24 +0200 Subject: [PATCH 0695/1548] Generalize the section on function prototype changes Not everything will be about PSA. Signed-off-by: Gilles Peskine --- ...otype-changes-for-psa.md => function-prototype-changes.md} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename docs/4.0-migration-guide/{function-prototype-changes-for-psa.md => function-prototype-changes.md} (97%) diff --git a/docs/4.0-migration-guide/function-prototype-changes-for-psa.md b/docs/4.0-migration-guide/function-prototype-changes.md similarity index 97% rename from docs/4.0-migration-guide/function-prototype-changes-for-psa.md rename to docs/4.0-migration-guide/function-prototype-changes.md index b5ba1c43d6..52e37c7286 100644 --- a/docs/4.0-migration-guide/function-prototype-changes-for-psa.md +++ b/docs/4.0-migration-guide/function-prototype-changes.md @@ -1,6 +1,6 @@ -## High-level API tweaks for PSA +## Function prototype changes -A number of existing functions now take a different list of arguments, to migrate them to the PSA API. +A number of existing functions now take a different list of arguments, mostly to migrate them to the PSA API. ### Public functions no longer take a RNG callback From fbab8c1df157b866e74357935be2305c745f2507 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 21:17:07 +0200 Subject: [PATCH 0696/1548] General notes about the transition to PSA Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/psa-only.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 docs/4.0-migration-guide/psa-only.md diff --git a/docs/4.0-migration-guide/psa-only.md b/docs/4.0-migration-guide/psa-only.md new file mode 100644 index 0000000000..68b7f1bc5e --- /dev/null +++ b/docs/4.0-migration-guide/psa-only.md @@ -0,0 +1,15 @@ +## PSA as the only cryptography API + +The PSA API is now the only API for cryptographic primitives. + +### Impact on application code + +The X.509, PKCS7 and SSL always use PSA for cryptography, with a few exceptions documented in the [PSA limitations](../architecture/psa-migration/psa-limitations.md) document. (These limitations are mostly transparent unless you want to leverage PSA accelerator drivers.) This corresponds to the behavior of Mbed TLS 3.x when `MBEDTLS_USE_PSA_CRYPTO` is enabled. In effect, `MBEDTLS_USE_PSA_CRYPTO` is now always enabled. + +`psa_crypto_init()` must be called before performing any cryptographic operation, including indirect requests such as parsing a key or certificate or starting a TLS handshake. + +A few functions take different parameters to migrate them to the PSA API. See “[Function prototype changes](#function-prototype-changes)”. + +### Impact on the library configuration + +Mbed TLS follows the configuration of TF-PSA-Crypto with respect to cryptographic mechanisms. They are now based on `PSA_WANT_xxx` macros instead of legacy configuration macros such as `MBEDTLS_RSA_C`, `MBEDTLS_PKCS1_V15`, etc. The configuration of X.509 and TLS is not directly affected by the configuration. However, applications and middleware that rely on these configuration symbols to know which cryptographic mechanisms to support will need to migrate to `PSA_WANT_xxx` macros. For more information, consult the PSA transition guide in TF-PSA-Crypto. From 2ee5c55c79bf377d95b6737da5ab889749a8404a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 21:19:26 +0200 Subject: [PATCH 0697/1548] Fix spelling of psa_generate_random() Signed-off-by: Gilles Peskine --- ChangeLog.d/removal-of-rng.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/removal-of-rng.txt b/ChangeLog.d/removal-of-rng.txt index a8a19f4ee3..c7357e67b8 100644 --- a/ChangeLog.d/removal-of-rng.txt +++ b/ChangeLog.d/removal-of-rng.txt @@ -1,5 +1,5 @@ API changes - * All API functions now use the PSA random generator psa_get_random() + * All API functions now use the PSA random generator psa_generate_random() internally. As a consequence, functions no longer take RNG parameters. Please refer to the migration guide at : tf-psa-crypto/docs/4.0-migration-guide.md. From 2649aa283b4fcd63460a6850c3bd5bdeec256316 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 21:41:23 +0200 Subject: [PATCH 0698/1548] TLS key exchange removals Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/feature-removals.md | 111 +++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 docs/4.0-migration-guide/feature-removals.md diff --git a/docs/4.0-migration-guide/feature-removals.md b/docs/4.0-migration-guide/feature-removals.md new file mode 100644 index 0000000000..d2af880901 --- /dev/null +++ b/docs/4.0-migration-guide/feature-removals.md @@ -0,0 +1,111 @@ +## Removed features + +### Removal of obsolete key exchanges methods in (D)TLS 1.2 + +Mbed TLS 4.0 no longer supports key exchange methods that rely on finite-field Diffie-Hellman (DHE) in TLS 1.2 and TLS 1.2. (Only ephemeral Diffie-Hellman was ever supported, Mbed TLS 3.x already did not support static Diffie-Hellman.) Finite-field Diffie-Hellman remains supported in TLS 1.3. + +Mbed TLS 4.0 no longer supports key exchange methods that rely on RSA decryption (without forward secrecy). This affects TLS 1.2 and DTLS 1.2 (TLS 1.3 does not have key exchanges using RSA decryption). + +That is, the following key exchange types are no longer supported: + +* RSA-PSK; +* RSA (i.e. cipher suites using only RSA decryption: cipher suites using RSA signatures remain supported); +* DHE-PSK (except in TLS 1.3); +* DHE-RSA (except in TLS 1.3). + +The full list of removed cipher suites is: + +``` +TLS-DHE-PSK-WITH-AES-128-CBC-SHA +TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 +TLS-DHE-PSK-WITH-AES-128-CCM +TLS-DHE-PSK-WITH-AES-128-CCM-8 +TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 +TLS-DHE-PSK-WITH-AES-256-CBC-SHA +TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 +TLS-DHE-PSK-WITH-AES-256-CCM +TLS-DHE-PSK-WITH-AES-256-CCM-8 +TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 +TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 +TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 +TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 +TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 +TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 +TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 +TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 +TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 +TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 +TLS-DHE-PSK-WITH-NULL-SHA +TLS-DHE-PSK-WITH-NULL-SHA256 +TLS-DHE-PSK-WITH-NULL-SHA384 +TLS-DHE-RSA-WITH-AES-128-CBC-SHA +TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 +TLS-DHE-RSA-WITH-AES-128-CCM +TLS-DHE-RSA-WITH-AES-128-CCM-8 +TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 +TLS-DHE-RSA-WITH-AES-256-CBC-SHA +TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 +TLS-DHE-RSA-WITH-AES-256-CCM +TLS-DHE-RSA-WITH-AES-256-CCM-8 +TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 +TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 +TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 +TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 +TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 +TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA +TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 +TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 +TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA +TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 +TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 +TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 +TLS-RSA-PSK-WITH-AES-128-CBC-SHA +TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 +TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 +TLS-RSA-PSK-WITH-AES-256-CBC-SHA +TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 +TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 +TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 +TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 +TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 +TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 +TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 +TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 +TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 +TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 +TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 +TLS-RSA-PSK-WITH-NULL-SHA +TLS-RSA-PSK-WITH-NULL-SHA256 +TLS-RSA-PSK-WITH-NULL-SHA384 +TLS-RSA-WITH-AES-128-CBC-SHA +TLS-RSA-WITH-AES-128-CBC-SHA256 +TLS-RSA-WITH-AES-128-CCM +TLS-RSA-WITH-AES-128-CCM-8 +TLS-RSA-WITH-AES-128-GCM-SHA256 +TLS-RSA-WITH-AES-256-CBC-SHA +TLS-RSA-WITH-AES-256-CBC-SHA256 +TLS-RSA-WITH-AES-256-CCM +TLS-RSA-WITH-AES-256-CCM-8 +TLS-RSA-WITH-AES-256-GCM-SHA384 +TLS-RSA-WITH-ARIA-128-CBC-SHA256 +TLS-RSA-WITH-ARIA-128-GCM-SHA256 +TLS-RSA-WITH-ARIA-256-CBC-SHA384 +TLS-RSA-WITH-ARIA-256-GCM-SHA384 +TLS-RSA-WITH-CAMELLIA-128-CBC-SHA +TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 +TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 +TLS-RSA-WITH-CAMELLIA-256-CBC-SHA +TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 +TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 +TLS-RSA-WITH-NULL-MD5 +TLS-RSA-WITH-NULL-SHA +TLS-RSA-WITH-NULL-SHA256 +``` + +As a consequence of the removal of support for DHE in (D)TLS 1.2, the following functions are no longer useful and have been removed: + +``` +mbedtls_ssl_conf_dh_param_bin() +mbedtls_ssl_conf_dh_param_ctx() +mbedtls_ssl_conf_dhm_min_bitlen() +``` From 9000633f0eb949751f3f65a976d3f5ae70baa1e1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 25 Jun 2025 21:43:30 +0200 Subject: [PATCH 0699/1548] Move some crypto changelog files to TF-PSA-Crypto These files had gone on the wrong side during the repo split. Signed-off-by: Gilles Peskine --- ChangeLog.d/remove-crypto-alt-interface.txt | 5 ----- ChangeLog.d/remove-via-padlock-support.txt | 3 --- 2 files changed, 8 deletions(-) delete mode 100644 ChangeLog.d/remove-crypto-alt-interface.txt delete mode 100644 ChangeLog.d/remove-via-padlock-support.txt diff --git a/ChangeLog.d/remove-crypto-alt-interface.txt b/ChangeLog.d/remove-crypto-alt-interface.txt deleted file mode 100644 index f9ab4c221c..0000000000 --- a/ChangeLog.d/remove-crypto-alt-interface.txt +++ /dev/null @@ -1,5 +0,0 @@ -Removals - * Drop support for crypto alt interface. Removes MBEDTLS_XXX_ALT options - at the module and function level for crypto mechanisms only. The remaining - alt interfaces for platform, threading and timing are unchanged. - Fixes #8149. diff --git a/ChangeLog.d/remove-via-padlock-support.txt b/ChangeLog.d/remove-via-padlock-support.txt deleted file mode 100644 index a3f4b96573..0000000000 --- a/ChangeLog.d/remove-via-padlock-support.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C. - Fixes #5903. From d3a6cbb6bb17502d40c0a30d8c8f00edce2df673 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Jun 2025 13:39:37 +0200 Subject: [PATCH 0700/1548] Subsection for the removal of explicit RNG contexts Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/psa-only.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/4.0-migration-guide/psa-only.md b/docs/4.0-migration-guide/psa-only.md index 68b7f1bc5e..e4f293dda8 100644 --- a/docs/4.0-migration-guide/psa-only.md +++ b/docs/4.0-migration-guide/psa-only.md @@ -10,6 +10,14 @@ The X.509, PKCS7 and SSL always use PSA for cryptography, with a few exceptions A few functions take different parameters to migrate them to the PSA API. See “[Function prototype changes](#function-prototype-changes)”. +### No random generator instantiation + +Formerly, applications using TLS, asymmetric cryptography operations involving a private key, or other features needing random numbers, needed to provide a random generator, generally by instantiating an entropy context (`mbedtls_entropy_context`) and a DRBG context (`mbedtls_ctr_drbg_context` or `mbedtls_hmac_drbg_context`). This is no longer necessary, or possible. All features that require a random generator (RNG) now use the one provided by the PSA subsystem. + +Instead, applications that use random generators or keys (even public keys) need to call `psa_crypto_init()` before any cryptographic operation or key management operation. + +See also [function prototype changes](#function-prototype-changes), many of which are related to the move from RNG callbacks to a global RNG. + ### Impact on the library configuration Mbed TLS follows the configuration of TF-PSA-Crypto with respect to cryptographic mechanisms. They are now based on `PSA_WANT_xxx` macros instead of legacy configuration macros such as `MBEDTLS_RSA_C`, `MBEDTLS_PKCS1_V15`, etc. The configuration of X.509 and TLS is not directly affected by the configuration. However, applications and middleware that rely on these configuration symbols to know which cryptographic mechanisms to support will need to migrate to `PSA_WANT_xxx` macros. For more information, consult the PSA transition guide in TF-PSA-Crypto. From bf92bae959cb4a45eec4c7356c51ac71441f2740 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Jun 2025 14:36:06 +0200 Subject: [PATCH 0701/1548] Copy error-codes.md from tf-psa-crypto Much of it also applies to Mbed TLS. Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/error-codes.md | 28 +++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 docs/4.0-migration-guide/error-codes.md diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md new file mode 100644 index 0000000000..43b6bd4e0e --- /dev/null +++ b/docs/4.0-migration-guide/error-codes.md @@ -0,0 +1,28 @@ +## Error codes + +### Unified error code space + +The convention still applies that functions return 0 for success and a negative value between -32767 and -1 on error. PSA functions (`psa_xxx()` or `mbedtls_psa_xxx()`) still return a `PSA_ERROR_xxx` error codes. Non-PSA functions (`mbedtls_xxx()` excluding `mbedtls_psa_xxx()`) can return either `PSA_ERROR_xxx` or `MBEDTLS_ERR_xxx` error codes. + +There may be cases where an `MBEDTLS_ERR_xxx` constant has the same numerical value as a `PSA_ERROR_xxx`. In such cases, they have the same meaning: they are different names for the same error condition. + +### Simplified legacy error codes + +All values returned by a function to indicate an error now have a defined constant named `MBEDTLS_ERR_xxx` or `PSA_ERROR_xxx`. Functions no longer return the sum of a “low-level” and a “high-level” error code. + +Generally, functions that used to return the sum of two error codes now return the low-level code. However, as before, the exact error code returned in a given scenario can change without notice unless the condition is specifically described in the function's documentation and no other condition is applicable. + +As a consequence, the functions `mbedtls_low_level_sterr()` and `mbedtls_high_level_strerr()` no longer exist. + +### Removed error code names + +Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface. + +| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0, TF-PSA-Crypto 1.0) | +| ------------------------------ | ---------------------------------------------- | +| `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` | +| `MBEDTLS_ERR_ERROR_GENERIC_ERROR` | `PSA_ERROR_GENERIC_ERROR` | +| `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` | `PSA_ERROR_NOT_SUPPORTED` | +| `MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED` | `PSA_ERROR_HARDWARE_FAILURE` | +| `MBEDTLS_ERR_ECP_IN_PROGRESS` | `PSA_OPERATION_INCOMPLETE` | +| `MBEDTLS_ERR_RSA_VERIFY_FAILED` | `PSA_ERROR_INVALID_SIGNATURE` | From 9b6997258927bcaf071710316f99ad2d6afe004b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Jun 2025 14:38:07 +0200 Subject: [PATCH 0702/1548] Remove crypto error codes, refer to the crypto guide instead Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/error-codes.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md index 43b6bd4e0e..ca62025132 100644 --- a/docs/4.0-migration-guide/error-codes.md +++ b/docs/4.0-migration-guide/error-codes.md @@ -18,11 +18,11 @@ As a consequence, the functions `mbedtls_low_level_sterr()` and `mbedtls_high_le Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface. -| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0, TF-PSA-Crypto 1.0) | -| ------------------------------ | ---------------------------------------------- | +| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) | +| ------------------------------ | --------------------------- | | `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` | | `MBEDTLS_ERR_ERROR_GENERIC_ERROR` | `PSA_ERROR_GENERIC_ERROR` | -| `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` | `PSA_ERROR_NOT_SUPPORTED` | -| `MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED` | `PSA_ERROR_HARDWARE_FAILURE` | -| `MBEDTLS_ERR_ECP_IN_PROGRESS` | `PSA_OPERATION_INCOMPLETE` | -| `MBEDTLS_ERR_RSA_VERIFY_FAILED` | `PSA_ERROR_INVALID_SIGNATURE` | +| `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` +| `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | + +See also the corresponding section in the TF-PSA-Crypto migration guide, which lists errors from cryptography modules. From ac18d0c0dbd86d6fa1e53c822321c906c51a29dd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Jun 2025 19:02:09 +0200 Subject: [PATCH 0703/1548] Fix spelling of mbedtls_low_level_strerr Signed-off-by: Gilles Peskine --- ChangeLog.d/error-unification.txt | 2 +- docs/4.0-migration-guide/error-codes.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt index bcf5ba1f3d..eddd42c9ea 100644 --- a/ChangeLog.d/error-unification.txt +++ b/ChangeLog.d/error-unification.txt @@ -7,5 +7,5 @@ API changes between -32767 and -1 as before. Removals - * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(), + * Remove mbedtls_low_level_strerr() and mbedtls_high_level_strerr(), since these concepts no longer exists. There is just mbedtls_strerror(). diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md index ca62025132..8cc7098ad9 100644 --- a/docs/4.0-migration-guide/error-codes.md +++ b/docs/4.0-migration-guide/error-codes.md @@ -12,7 +12,7 @@ All values returned by a function to indicate an error now have a defined consta Generally, functions that used to return the sum of two error codes now return the low-level code. However, as before, the exact error code returned in a given scenario can change without notice unless the condition is specifically described in the function's documentation and no other condition is applicable. -As a consequence, the functions `mbedtls_low_level_sterr()` and `mbedtls_high_level_strerr()` no longer exist. +As a consequence, the functions `mbedtls_low_level_strerr()` and `mbedtls_high_level_strerr()` no longer exist. ### Removed error code names From 5acb3a5969b7692d138b8fc709b73bcb0ea5729f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Jun 2025 19:05:55 +0200 Subject: [PATCH 0704/1548] Copyediting Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/error-codes.md | 2 +- docs/4.0-migration-guide/psa-only.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md index 8cc7098ad9..074acc04bb 100644 --- a/docs/4.0-migration-guide/error-codes.md +++ b/docs/4.0-migration-guide/error-codes.md @@ -25,4 +25,4 @@ Many legacy error codes have been removed in favor of PSA error codes. Generally | `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | -See also the corresponding section in the TF-PSA-Crypto migration guide, which lists errors from cryptography modules. +See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules. diff --git a/docs/4.0-migration-guide/psa-only.md b/docs/4.0-migration-guide/psa-only.md index e4f293dda8..7d7bfee193 100644 --- a/docs/4.0-migration-guide/psa-only.md +++ b/docs/4.0-migration-guide/psa-only.md @@ -4,7 +4,7 @@ The PSA API is now the only API for cryptographic primitives. ### Impact on application code -The X.509, PKCS7 and SSL always use PSA for cryptography, with a few exceptions documented in the [PSA limitations](../architecture/psa-migration/psa-limitations.md) document. (These limitations are mostly transparent unless you want to leverage PSA accelerator drivers.) This corresponds to the behavior of Mbed TLS 3.x when `MBEDTLS_USE_PSA_CRYPTO` is enabled. In effect, `MBEDTLS_USE_PSA_CRYPTO` is now always enabled. +The X.509, PKCS7 and SSL modules always use PSA for cryptography, with a few exceptions documented in the [PSA limitations](../architecture/psa-migration/psa-limitations.md) document. (These limitations are mostly transparent unless you want to leverage PSA accelerator drivers.) This corresponds to the behavior of Mbed TLS 3.x when `MBEDTLS_USE_PSA_CRYPTO` is enabled. In effect, `MBEDTLS_USE_PSA_CRYPTO` is now always enabled. `psa_crypto_init()` must be called before performing any cryptographic operation, including indirect requests such as parsing a key or certificate or starting a TLS handshake. From 0b44f56d8d44f58d397b7806fc64f276bcd58be0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 30 Jun 2025 10:45:39 +0200 Subject: [PATCH 0705/1548] Typos Signed-off-by: Gilles Peskine --- doxygen/input/doc_mainpage.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 597eee9928..4eda5ba2aa 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -25,7 +25,7 @@ * * Some parts of the API are best explored from the “Topics” or * “Group list” section. - * This is notable the case for the PSA Cryptography API. + * This is notably the case for the PSA Cryptography API. * Note that many parts of the API are not classified under a topic and * can only be seen through the file structure. * @@ -47,6 +47,6 @@ * - Any structure or union field whose name starts with `private_`. * - Any preprocessor macro that is just listed with its automatically * rendered parameter list, value and location. Macros are part of - * the API only if their documentation includes have custom text. + * the API only if their documentation has custom text. * */ From 159a652096fcb523504bd4dd289ea12adaa0aa66 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 30 Jun 2025 10:59:59 +0200 Subject: [PATCH 0706/1548] Minor clarifications Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/feature-removals.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/4.0-migration-guide/feature-removals.md b/docs/4.0-migration-guide/feature-removals.md index d2af880901..ae611a112c 100644 --- a/docs/4.0-migration-guide/feature-removals.md +++ b/docs/4.0-migration-guide/feature-removals.md @@ -2,9 +2,9 @@ ### Removal of obsolete key exchanges methods in (D)TLS 1.2 -Mbed TLS 4.0 no longer supports key exchange methods that rely on finite-field Diffie-Hellman (DHE) in TLS 1.2 and TLS 1.2. (Only ephemeral Diffie-Hellman was ever supported, Mbed TLS 3.x already did not support static Diffie-Hellman.) Finite-field Diffie-Hellman remains supported in TLS 1.3. +Mbed TLS 4.0 no longer supports key exchange methods that rely on finite-field Diffie-Hellman (DHE) in TLS 1.2 and DTLS 1.2. (Only ephemeral Diffie-Hellman was ever supported, Mbed TLS 3.x already did not support static Diffie-Hellman.) Finite-field Diffie-Hellman remains supported in TLS 1.3. -Mbed TLS 4.0 no longer supports key exchange methods that rely on RSA decryption (without forward secrecy). This affects TLS 1.2 and DTLS 1.2 (TLS 1.3 does not have key exchanges using RSA decryption). +Mbed TLS 4.0 no longer supports key exchange methods that rely on RSA decryption (without forward secrecy). RSA signatures remain supported. This affects TLS 1.2 and DTLS 1.2 (TLS 1.3 does not have key exchanges using RSA decryption). That is, the following key exchange types are no longer supported: From 5341e3c3b3e709d091b6cc805e187138aea7e4f0 Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Mon, 30 Jun 2025 18:28:04 +0100 Subject: [PATCH 0707/1548] Update tf-psa-crypto submodule to include DES error macro changes Signed-off-by: Ari Weiler-Ofek --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index a07506eab0..3308677734 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit a07506eab0b693152d5a522273b812d222ddd87c +Subproject commit 3308677734bdb15d51abc652c2930b16d218470f From 2795197ba05e1eb5dbeade3a356e3c5da844b7da Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Tue, 1 Jul 2025 15:12:35 +0100 Subject: [PATCH 0708/1548] Remove DES handling from error generator Signed-off-by: Ari Weiler-Ofek --- scripts/generate_errors.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 977047af54..69126793c5 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -36,7 +36,7 @@ my $error_format_file = $data_dir.'/error.fmt'; my @low_level_modules = qw( AES ARIA ASN1 BASE64 BIGNUM - CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES + CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG ENTROPY ERROR GCM HKDF HMAC_DRBG LMS MD5 NET PBKDF2 PLATFORM POLY1305 RIPEMD160 SHA1 SHA256 SHA512 SHA3 THREADING ); From 86422e55093cbe86cc641bbb785f081305714ec7 Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Fri, 4 Jul 2025 14:43:30 +0100 Subject: [PATCH 0709/1548] Remove: DES selftest, component_test_psa_crypto_config_accel_des and dead DES mentions prior to TF-PSA-Crypto cleanup Signed-off-by: Ari Weiler-Ofek --- programs/test/selftest.c | 7 +-- scripts/config.py | 2 +- tests/compat.sh | 5 -- .../components-configuration-crypto.sh | 52 +------------------ tests/scripts/components-configuration-tls.sh | 6 +-- 5 files changed, 8 insertions(+), 64 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 8516f3a251..372a84dc79 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -21,7 +21,6 @@ #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" #include "mbedtls/sha3.h" -#include "mbedtls/des.h" #include "mbedtls/aes.h" #include "mbedtls/camellia.h" #include "mbedtls/aria.h" @@ -296,9 +295,6 @@ const selftest_t selftests[] = defined(PSA_WANT_ALG_SHA3_512) { "sha3", mbedtls_sha3_self_test }, #endif -#if defined(MBEDTLS_DES_C) - { "des", mbedtls_des_self_test }, -#endif #if defined(MBEDTLS_AES_C) { "aes", mbedtls_aes_self_test }, #endif @@ -448,7 +444,8 @@ int main(int argc, char *argv[]) } \ } else { \ mbedtls_printf("Padding checks only implemented for types of size 2, 4 or 8" \ - " - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET "\n", \ + " - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET \ + "\n", \ sizeof(TYPE)); \ mbedtls_exit(MBEDTLS_EXIT_FAILURE); \ } \ diff --git a/scripts/config.py b/scripts/config.py index e5182a6a59..a61e9f6d56 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -75,7 +75,7 @@ def realfull_adapter(_name, _value, _active): #pylint: disable=line-too-long 'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency - 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES + 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256 'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options diff --git a/tests/compat.sh b/tests/compat.sh index 975d8dc3d9..a11fffda06 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -599,11 +599,6 @@ setup_arguments() *) O_SUPPORT_STATIC_ECDH="NO";; esac - case $($OPENSSL ciphers ALL) in - *DES-CBC-*) O_SUPPORT_SINGLE_DES="YES";; - *) O_SUPPORT_SINGLE_DES="NO";; - esac - # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL # supports -dtls1_2 from the s_server help. (The s_client # help isn't accurate as of 1.0.2g: it supports DTLS 1.2 diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 9de7597c1c..98204083cd 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1734,53 +1734,6 @@ component_test_psa_crypto_config_reference_hmac () { make test } -component_test_psa_crypto_config_accel_des () { - msg "test: accelerated DES" - - # Albeit this components aims at accelerating DES which should only support - # CBC and ECB modes, we need to accelerate more than that otherwise DES_C - # would automatically be re-enabled by "config_adjust_legacy_from_psa.c" - loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 \ - ALG_CTR ALG_CFB ALG_OFB ALG_XTS ALG_CMAC \ - KEY_TYPE_DES" - - # Note: we cannot accelerate all ciphers' key types otherwise we would also - # have to either disable CCM/GCM or accelerate them, but that's out of scope - # of this component. This limitation will be addressed by #8598. - - # Configure - # --------- - - # Start from the full config - helper_libtestdriver1_adjust_config "full" - - # Disable the things that are being accelerated - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7 - scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR - scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB - scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_DES_C - scripts/config.py unset MBEDTLS_CMAC_C - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_des ${BUILTIN_SRC_PATH}/des.o - - # Run the tests - # ------------- - - msg "test: accelerated DES" - make test -} - component_test_psa_crypto_config_accel_aead () { msg "test: accelerated AEAD" @@ -1841,7 +1794,7 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \ ALG_OFB ALG_XTS ALG_STREAM_CIPHER ALG_CCM_STAR_NO_TAG \ ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 ALG_CMAC \ - KEY_TYPE_DES KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA" + KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA" # Configure # --------- @@ -1878,7 +1831,6 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o - not grep mbedtls_des ${BUILTIN_SRC_PATH}/des.o not grep mbedtls_aes ${BUILTIN_SRC_PATH}/aes.o not grep mbedtls_aria ${BUILTIN_SRC_PATH}/aria.o not grep mbedtls_camellia ${BUILTIN_SRC_PATH}/camellia.o @@ -2168,7 +2120,7 @@ component_build_aes_variations () { cd "$MBEDTLS_ROOT_DIR" msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT" - # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES, + # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW, # manually set or unset those configurations to check # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o. scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 6b3f9c2a67..ff8315711e 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -63,7 +63,7 @@ component_test_tls1_2_default_stream_cipher_only () { # Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 - # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia)) # Note: The unset below is to be removed for 4.0 scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) @@ -96,7 +96,7 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () { scripts/config.py unset MBEDTLS_CHACHAPOLY_C #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia)) scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC @@ -129,7 +129,7 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { scripts/config.py unset MBEDTLS_CHACHAPOLY_C #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia)) scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC From f94bc63fdb365ce0c8fda1644e240fba843f46f8 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Mon, 7 Jul 2025 14:15:34 +0200 Subject: [PATCH 0710/1548] Updated generate_errors.pl to include private directories too: the header is deemed to be private if it is in a private subdirectory Signed-off-by: Anton Matkin --- scripts/generate_errors.pl | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 69126793c5..5e4fe38931 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -52,6 +52,10 @@ my @files = glob qq("$crypto_include_dir/*.h"); push(@files, glob qq("$tls_include_dir/*.h")); + +push(@files, glob qq("$crypto_include_dir/private/*.h")); +push(@files, glob qq("$tls_include_dir/private/*.h")); + my @necessary_include_files; my @matches; foreach my $file (@files) { @@ -85,7 +89,7 @@ $description =~ s/^\s+//; $description =~ s/\n( *\*)? */ /g; $description =~ s/\.?\s+$//; - push @matches, [$name, $value, $description]; + push @matches, [$name, $value, $description, grep(/^.*private\/[^\/]+$/, $file)]; ++$found; } if ($found) { @@ -109,7 +113,7 @@ foreach my $match (@matches) { - my ($error_name, $error_code, $description) = @$match; + my ($error_name, $error_code, $description, $is_private_header) = @$match; die "Duplicated error code: $error_code ($error_name)\n" if( $error_codes_seen{$error_code}++ ); @@ -203,6 +207,11 @@ if ($include_name ne ""); } ${$code_check} .= "\n"; + + if ($is_private_header) { + $include_name = "private/" . $include_name; + } + $headers .= "\n#include \"mbedtls/${include_name}.h\"\n". "#endif\n\n" if ($include_name ne ""); ${$old_define_name} = $define_name; From 471630883561abca899f532953c11c7fde8f21ca Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 4 Jul 2025 16:31:54 +0100 Subject: [PATCH 0711/1548] Bring forward ChangeLog changes. Signed-off-by: Minos Galanakis --- ChangeLog | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7de639e45a..912a1786b7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,7 +21,7 @@ API changes Mbed TLS error codes. This will not affect most applications since the error values are between -32767 and -1 as before. - * All API functions now use the PSA random generator psa_get_random() + * All API functions now use the PSA random generator psa_generate_random() internally. As a consequence, functions no longer take RNG parameters. Please refer to the migration guide at : tf-psa-crypto/docs/4.0-migration-guide.md. @@ -62,7 +62,7 @@ Removals Fixes #8149. * Remove support for the RSA-PSK key exchange in TLS 1.2. * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was - already deprecated and superseeded by + already deprecated and superseded by mbedtls_x509write_crt_set_serial_raw(). * Remove the function mbedtls_ssl_conf_curves() which had been deprecated in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1. @@ -74,9 +74,9 @@ Removals - mbedtls_ssl_conf_dh_param_ctx - mbedtls_ssl_conf_dhm_min_bitlen * Remove support for the RSA key exchange in TLS 1.2. - * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(), + * Remove mbedtls_low_level_strerr() and mbedtls_high_level_strerr(), since these concepts no longer exists. There is just mbedtls_strerror(). - * Removal of the following sample programs: + * Sample programs for the legacy crypto API have been removed. pkey/rsa_genkey.c pkey/pk_decrypt.c pkey/dh_genprime.c From 04c4d9cabdcd9ede255c051d6b3827ff1451ed33 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 7 Jul 2025 17:42:52 +0300 Subject: [PATCH 0712/1548] Updated tf-psa-crypto pointer to tf-psa-crypto1.0.0-beta_mergeback Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 0cc63061c6..110b9a44d7 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 0cc63061c6bfc141d64ec8ba562b4c7bca842a6c +Subproject commit 110b9a44d79975c0eab61f46c65837abc5c9309a From 0c10d9b700c8e2d3a9cfee9091a12c76b478d2c2 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Tue, 8 Jul 2025 14:02:15 +0200 Subject: [PATCH 0713/1548] Improved the error generating script, so that it is a little more explicit Signed-off-by: Anton Matkin --- scripts/generate_errors.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 5e4fe38931..dab3a0c703 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -89,7 +89,7 @@ $description =~ s/^\s+//; $description =~ s/\n( *\*)? */ /g; $description =~ s/\.?\s+$//; - push @matches, [$name, $value, $description, grep(/^.*private\/[^\/]+$/, $file)]; + push @matches, [$name, $value, $description, scalar($file =~ /^.*private\/[^\/]+$/)]; ++$found; } if ($found) { From 08072685bdc9dabf3c5d04106ec59638fa86a4a0 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 11 Jun 2025 15:36:29 +0100 Subject: [PATCH 0714/1548] remove hkdf header file from query_config template Signed-off-by: Ben Taylor --- scripts/data_files/query_config.fmt | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt index 9be9674c1d..12517596d6 100644 --- a/scripts/data_files/query_config.fmt +++ b/scripts/data_files/query_config.fmt @@ -41,7 +41,6 @@ #include "mbedtls/entropy.h" #include "mbedtls/error.h" #include "mbedtls/gcm.h" -#include "mbedtls/hkdf.h" #include "mbedtls/hmac_drbg.h" #include "mbedtls/md.h" #include "mbedtls/md5.h" From b5e283679f3a1ded3e3918475f6b691dff76961e Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 8 Jul 2025 15:09:08 +0100 Subject: [PATCH 0715/1548] Update note about the first 4.x LTS The release date is yet to be determined, to allow time for 4.x to stabilise. Signed-off-by: David Horstmann --- BRANCHES.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/BRANCHES.md b/BRANCHES.md index 49f7e289bb..10f5664d1f 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -25,8 +25,9 @@ ABI compatibility within LTS branches; see the next section for details. We will make regular LTS releases on an 18-month cycle, each of which will have a 3 year support lifetime. On this basis, 3.6 LTS (released March 2024) will be -supported until March 2027. The next LTS release will be a 4.x release, which is -planned for September 2025. +supported until March 2027. The next LTS release will be a 4.x release. Due to +the size and scope of the 4.0 release, the release date of the first 4.x LTS is +yet to be determined. ## Backwards Compatibility for application code From c1d9531c561e1cd286eef141ef5450d05f568bb6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 19 Jun 2025 14:16:32 +0200 Subject: [PATCH 0716/1548] Do not link against builtin/everest/p256m libraries anymore Following the move of all crypto code to the tfpsacrypto library, do not link against the driver libraries anymore. Signed-off-by: Ronald Cron --- CMakeLists.txt | 9 ++------- pkgconfig/mbedcrypto.pc.in | 2 +- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a099356389..64a390a307 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -376,15 +376,10 @@ if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) endif() set(tf_psa_crypto_library_targets - ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto - ${TF_PSA_CRYPTO_TARGET_PREFIX}builtin - ${TF_PSA_CRYPTO_TARGET_PREFIX}everest - ${TF_PSA_CRYPTO_TARGET_PREFIX}p256m) + ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto) if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) - list(APPEND tf_psa_crypto_library_targets - ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto_static - ${TF_PSA_CRYPTO_TARGET_PREFIX}builtin_static) + list(APPEND tf_psa_crypto_library_targets) endif() foreach(target IN LISTS tf_psa_crypto_library_targets) diff --git a/pkgconfig/mbedcrypto.pc.in b/pkgconfig/mbedcrypto.pc.in index 28b9716b64..303f8852cd 100644 --- a/pkgconfig/mbedcrypto.pc.in +++ b/pkgconfig/mbedcrypto.pc.in @@ -7,4 +7,4 @@ Description: @PKGCONFIG_PROJECT_DESCRIPTION@ URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ Version: @PROJECT_VERSION@ Cflags: -I"${includedir}" -Libs: -L"${libdir}" -ltfpsacrypto -lbuiltin -leverest -lp256m +Libs: -L"${libdir}" -ltfpsacrypto From 5d8d299f430120baef814bd6167142fea4c535ae Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Mon, 7 Jul 2025 23:20:29 +0100 Subject: [PATCH 0717/1548] Disable PSA_WANT_KEY_TYPE_DES to stop DES from being re-enabled Signed-off-by: Ari Weiler-Ofek --- tests/scripts/components-configuration-crypto.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 98204083cd..43c30a2bb7 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1818,6 +1818,10 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { scripts/config.py unset MBEDTLS_CHACHA20_C scripts/config.py unset MBEDTLS_CAMELLIA_C + # Disable DES, if it still exists. + # This can be removed once we remove DES from the library. + scripts/config.py unset PSA_WANT_KEY_TYPE_DES + # Disable CIPHER_C entirely as all ciphers/AEADs are accelerated and PSA # does not depend on it. scripts/config.py unset MBEDTLS_CIPHER_C @@ -1856,6 +1860,10 @@ component_test_psa_crypto_config_reference_cipher_aead_cmac () { msg "build: full config with non-accelerated cipher inc. AEAD and CMAC" common_psa_crypto_config_accel_cipher_aead_cmac + # Disable DES, if it still exists. + # This can be removed once we remove DES from the library. + scripts/config.py unset PSA_WANT_KEY_TYPE_DES + make msg "test: full config with non-accelerated cipher inc. AEAD and CMAC" From aeac0b31accc9b7ece5398ea30eb31668f981e88 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 10 Jul 2025 13:00:36 +0200 Subject: [PATCH 0718/1548] Disable new platform-related option Signed-off-by: Gilles Peskine --- scripts/config.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/config.py b/scripts/config.py index e5182a6a59..8d2ed10e03 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -89,6 +89,7 @@ def realfull_adapter(_name, _value, _active): 'MBEDTLS_NO_64BIT_MULTIPLICATION', # influences anything that uses bignum 'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum + 'MBEDTLS_PSA_DRIVER_GET_ENTROPY', # incompatible with MBEDTLS_PSA_BUILTIN_GET_ENTROPY 'MBEDTLS_PSA_P256M_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature 'MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS', # removes a feature From d5da020a632a953eb33b5079c9e425a5eb04d8e6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 2 Jul 2025 09:12:50 +0200 Subject: [PATCH 0719/1548] depends.py: Do not fail when disabling a non-existing option To ease the removal of legacy crypto options, do not fail in depends.py when disabling a non-existing option. This mimics the behavior of 'config.py unset'. Signed-off-by: Ronald Cron --- tests/scripts/depends.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 0cb55377a7..08829d1936 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -109,6 +109,8 @@ def set_config_option_value(conf, option, colors, value: Union[bool, str]): value can be either True/False (set/unset config option), or a string, which will make a symbol defined with a certain value.""" if not option_exists(conf, option): + if value is False: + return True log_line('Symbol {} was not found in {}'.format(option, conf.filename), color=colors.red) return False From bd28acf24004e548c9e8c5825f49d1a08b75024e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Jul 2025 09:53:50 +0200 Subject: [PATCH 0720/1548] ssl-opt.sh: Remove dependencies on built-in CBC and AES Remove dependencies on MBEDTLS_CIPHER_MODE_CBC and MBEDTLS_AES_C, as these options will no longer be available once they are removed from the configuration. The affected tests rely on the built-in CBC and AES implementations. With the removal of MBEDTLS_CIPHER_MODE_CBC and MBEDTLS_AES_C as configuration options, there is no longer a mechanism in ssl-opt.sh to express these dependencies. As a result, filter out these tests at the all.sh component level when the built-in CBC and AES implementations are not available. Signed-off-by: Ronald Cron --- .../components-configuration-crypto.sh | 6 ++++-- tests/ssl-opt.sh | 21 +++++++++++-------- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 9de7597c1c..f7eb6d617f 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1894,7 +1894,8 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { make test msg "ssl-opt: full config with accelerated cipher inc. AEAD and CMAC" - tests/ssl-opt.sh + # Exclude password-protected key tests — they require built-in CBC and AES. + tests/ssl-opt.sh -e "TLS: password protected" msg "compat.sh: full config with accelerated cipher inc. AEAD and CMAC" tests/compat.sh -V NO -p mbedTLS @@ -1910,7 +1911,8 @@ component_test_psa_crypto_config_reference_cipher_aead_cmac () { make test msg "ssl-opt: full config with non-accelerated cipher inc. AEAD and CMAC" - tests/ssl-opt.sh + # Exclude password-protected key tests as in test_psa_crypto_config_accel_cipher_aead_cmac. + tests/ssl-opt.sh -e "TLS: password protected" msg "compat.sh: full config with non-accelerated cipher inc. AEAD and CMAC" tests/compat.sh -V NO -p mbedTLS diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5b2425bf55..5b7bb517c6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2245,9 +2245,10 @@ run_test "key size: TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C # server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM -# module does not support PSA dispatching so we need builtin support. -requires_config_enabled MBEDTLS_CIPHER_MODE_CBC -requires_config_enabled MBEDTLS_AES_C +# module does not support PSA dispatching so we need builtin support. With the +# removal of the legacy cryptography configuration options, there is currently +# no way to express this dependency. This test fails if run in a configuration +# where the built-in implementation of CBC or AES is not present. requires_hash_alg MD5 requires_hash_alg SHA_256 run_test "TLS: password protected client key" \ @@ -2257,9 +2258,10 @@ run_test "TLS: password protected client key" \ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C # server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM -# module does not support PSA dispatching so we need builtin support. -requires_config_enabled MBEDTLS_CIPHER_MODE_CBC -requires_config_enabled MBEDTLS_AES_C +# module does not support PSA dispatching so we need builtin support. With the +# removal of the legacy cryptography configuration options, there is currently +# no way to express this dependency. This test fails if run in a configuration +# where the built-in implementation of CBC or AES is not present. requires_hash_alg MD5 requires_hash_alg SHA_256 run_test "TLS: password protected server key" \ @@ -2270,9 +2272,10 @@ run_test "TLS: password protected server key" \ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C # server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM -# module does not support PSA dispatching so we need builtin support. -requires_config_enabled MBEDTLS_CIPHER_MODE_CBC -requires_config_enabled MBEDTLS_AES_C +# module does not support PSA dispatching so we need builtin support. With the +# removal of the legacy cryptography configuration options, there is currently +# no way to express this dependency. This test fails if run in a configuration +# where the built-in implementation of CBC or AES is not present. requires_hash_alg MD5 requires_hash_alg SHA_256 run_test "TLS: password protected server key, two certificates" \ From 68ba7f7ab7885394cb03d7884d8f71c78d05f715 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 30 Jun 2025 07:45:17 +0200 Subject: [PATCH 0721/1548] ssl-opt.sh: Replace MBEDTLS_RSA_C dependencies In preparation of the removal of MBEDTLS_RSA_C, replace MBEDTLS_RSA_C by its PSA_WANT_ closest equivalent PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC in dependencies. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 134 +++++++++++++++++++++++------------------------ 1 file changed, 67 insertions(+), 67 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5b7bb517c6..d4e23b538a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -559,7 +559,7 @@ detect_required_features() { # we aren't currently running ssl-opt.sh in configurations # where partial RSA support is a problem, so generically, we # just require RSA and it works out for our tests so far. - requires_config_enabled "MBEDTLS_RSA_C" + requires_config_enabled "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" esac unset tmp @@ -2270,7 +2270,7 @@ run_test "TLS: password protected server key" \ 0 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC # server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM # module does not support PSA dispatching so we need builtin support. With the # removal of the legacy cryptography configuration options, there is currently @@ -2324,7 +2324,7 @@ run_test "Opaque key for client authentication: ECDHE-ECDSA" \ # Test using a RSA opaque private key for client authentication requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED requires_hash_alg SHA_256 run_test "Opaque key for client authentication: ECDHE-RSA" \ @@ -2373,7 +2373,7 @@ run_test "Opaque key for server authentication: ECDH-" \ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE requires_hash_alg SHA_256 run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \ @@ -2388,7 +2388,7 @@ run_test "Opaque key for server authentication: invalid key: ecdh with RSA ke -c "Public key type mismatch" requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_hash_alg SHA_256 run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \ @@ -2471,7 +2471,7 @@ run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: no suitable algorithm found" \ @@ -2484,7 +2484,7 @@ run_test "TLS 1.3 opaque key: no suitable algorithm found" \ -s "no suitable signature algorithm" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: suitable algorithm found" \ @@ -2497,7 +2497,7 @@ run_test "TLS 1.3 opaque key: suitable algorithm found" \ -S "error" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: first client sig alg not suitable" \ @@ -2511,7 +2511,7 @@ run_test "TLS 1.3 opaque key: first client sig alg not suitable" \ -S "error" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \ @@ -2525,7 +2525,7 @@ run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \ # Test using a RSA opaque private key for server authentication requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED requires_hash_alg SHA_256 run_test "Opaque key for server authentication: ECDHE-RSA" \ @@ -2541,7 +2541,7 @@ run_test "Opaque key for server authentication: ECDHE-RSA" \ -C "error" requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED run_test "Opaque key for server authentication: ECDHE-RSA, PSS instead of PKCS1" \ @@ -2556,7 +2556,7 @@ run_test "Opaque key for server authentication: ECDHE-RSA, PSS instead of PKC -c "error" requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -2576,7 +2576,7 @@ run_test "Opaque keys for server authentication: RSA keys with different algs -C "error" requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED requires_hash_alg SHA_384 requires_config_disabled MBEDTLS_X509_REMOVE_INFO @@ -2616,7 +2616,7 @@ run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \ # Test using a RSA opaque private key for client/server authentication requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED run_test "Opaque key for client/server authentication: ECDHE-RSA" \ @@ -2751,7 +2751,7 @@ run_test "SHA-256 allowed by default in server certificate" \ 0 requires_hash_alg SHA_1 -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC run_test "SHA-1 forbidden by default in client certificate" \ "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha1.crt" \ @@ -2759,13 +2759,13 @@ run_test "SHA-1 forbidden by default in client certificate" \ -s "The certificate is signed with an unacceptable hash" requires_hash_alg SHA_1 -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC run_test "SHA-1 explicitly allowed in client certificate" \ "$P_SRV force_version=tls12 auth_mode=required allow_sha1=1" \ "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha1.crt" \ 0 -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 run_test "SHA-256 allowed by default in client certificate" \ "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ @@ -10190,7 +10190,7 @@ run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ # All those tests assume MAX_CONTENT_LEN is at least 2048 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -10211,7 +10211,7 @@ run_test "DTLS fragmenting: none (for reference)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -10236,7 +10236,7 @@ run_test "DTLS fragmenting: server only (max_frag_len)" \ # test can't be replicated with an MTU proxy such as the one # `client-initiated, server only (max_frag_len)` below. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -10257,7 +10257,7 @@ run_test "DTLS fragmenting: server only (more) (max_frag_len)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -10285,7 +10285,7 @@ run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \ # The next test checks that no datagrams significantly larger than the # negotiated MFL are sent. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -10307,7 +10307,7 @@ run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), pro -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -10335,7 +10335,7 @@ run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \ # The next test checks that no datagrams significantly larger than the # negotiated MFL are sent. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -10357,7 +10357,7 @@ run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: none (for reference) (MTU)" \ @@ -10377,7 +10377,7 @@ run_test "DTLS fragmenting: none (for reference) (MTU)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: client (MTU)" \ @@ -10397,7 +10397,7 @@ run_test "DTLS fragmenting: client (MTU)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: server (MTU)" \ @@ -10417,7 +10417,7 @@ run_test "DTLS fragmenting: server (MTU)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: both (MTU=1024)" \ @@ -10439,7 +10439,7 @@ run_test "DTLS fragmenting: both (MTU=1024)" \ # Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_max_content_len 2048 run_test "DTLS fragmenting: both (MTU=512)" \ @@ -10468,7 +10468,7 @@ run_test "DTLS fragmenting: both (MTU=512)" \ # hence the ratio of 8. not_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \ -p "$P_PXY mtu=508" \ @@ -10489,7 +10489,7 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \ # Forcing ciphersuite for this test to fit the MTU of 508 with full config. only_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \ -p "$P_PXY mtu=508" \ @@ -10512,7 +10512,7 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \ # a HelloVerifyRequest, so only check for no retransmission server-side not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ @@ -10539,7 +10539,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ # a HelloVerifyRequest, so only check for no retransmission server-side not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ -p "$P_PXY mtu=512" \ @@ -10562,7 +10562,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ @@ -10586,7 +10586,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ # Forcing ciphersuite for this test to fit the MTU of 512 with full config. not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ -p "$P_PXY mtu=512" \ @@ -10619,7 +10619,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ # resumed listening, which would result in a spurious autoreduction. not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ -p "$P_PXY mtu=1450" \ @@ -10644,7 +10644,7 @@ run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ # slow to reset, therefore omitting '-C "autoreduction"' below. not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_max_content_len 2048 @@ -10673,7 +10673,7 @@ run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ # slow to reset, therefore omitting '-C "autoreduction"' below. not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_max_content_len 2048 @@ -10702,7 +10702,7 @@ run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ # slow to reset, therefore omitting '-C "autoreduction"' below. not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_max_content_len 2048 @@ -10731,7 +10731,7 @@ run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ # slow to reset, therefore omitting '-C "autoreduction"' below. not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC @@ -10761,7 +10761,7 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ # slow to reset, therefore omitting '-C "autoreduction"' below. not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_max_content_len 2048 @@ -10788,7 +10788,7 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ # Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 2 requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU + 3d" \ @@ -10809,7 +10809,7 @@ run_test "DTLS fragmenting: proxy MTU + 3d" \ # Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 2 requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ @@ -10833,7 +10833,7 @@ run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ # here and below we just want to test that the we fragment in a way that # pleases other implementations, so we don't need the peer to fragment requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_gnutls requires_max_content_len 2048 run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ @@ -10854,7 +10854,7 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ # certificate validation fail, but passing --insecure makes # GnuTLS continue the connection nonetheless. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_gnutls requires_not_i686 requires_max_content_len 2048 @@ -10868,7 +10868,7 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ -s "fragmenting handshake message" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ "$O_SRV -dtls1_2 -verify 10" \ @@ -10881,7 +10881,7 @@ run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ "$P_SRV dtls=1 debug_level=2 \ @@ -10898,7 +10898,7 @@ run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ # pleases other implementations, so we don't need the peer to fragment requires_gnutls_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 4 requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ @@ -10914,7 +10914,7 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ requires_gnutls_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 4 requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ @@ -10931,7 +10931,7 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ ## it might trigger a bug due to openssl server (https://github.com/openssl/openssl/issues/6902) requires_openssl_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 4 requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ @@ -10949,7 +10949,7 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ ## The cause is an openssl bug (https://github.com/openssl/openssl/issues/18887) skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 4 requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ @@ -12469,7 +12469,7 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \ requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ @@ -12485,7 +12485,7 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ @@ -12500,7 +12500,7 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ @@ -12516,7 +12516,7 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ @@ -12531,7 +12531,7 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \ requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ @@ -12547,7 +12547,7 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ @@ -12562,7 +12562,7 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \ requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 @@ -12579,7 +12579,7 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ @@ -12710,7 +12710,7 @@ run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ @@ -12726,7 +12726,7 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ @@ -12741,7 +12741,7 @@ run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ @@ -12757,7 +12757,7 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ @@ -12772,7 +12772,7 @@ run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ @@ -12788,7 +12788,7 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ @@ -12803,7 +12803,7 @@ run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 @@ -12820,7 +12820,7 @@ requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ From fbd51579895eceea3447315bbf4e8bbbf7a5a093 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Jul 2025 13:19:31 +0200 Subject: [PATCH 0722/1548] ssl-opt.sh: Replace MBEDTLS_ECP_DP_* dependencies In preparation of the removal of MBEDTLS_ECP_DP_* configuration options, replace them by their PSA_WANT_ECC_* equivalent in dependencies. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 39 ++++++++++++++++++--------------------- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d4e23b538a..c667cd14bd 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2201,8 +2201,7 @@ trap cleanup INT TERM HUP # - the expected parameters are selected requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 requires_hash_alg SHA_512 # "signature_algorithm ext: 6" -requires_any_configs_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED \ - PSA_WANT_ECC_MONTGOMERY_255 +requires_config_enabled PSA_WANT_ECC_MONTGOMERY_255 run_test "Default, TLS 1.2" \ "$P_SRV debug_level=3" \ "$P_CLI force_version=tls12" \ @@ -2685,8 +2684,7 @@ run_test "Unique IV in GCM" \ -U "IV used" # Test for correctness of sent single supported algorithm -requires_any_configs_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED \ - PSA_WANT_ECC_SECP_R1_256 +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2701,8 +2699,7 @@ run_test "Single supported algorithm sending: mbedtls client" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_SRV_C -requires_any_configs_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED \ - PSA_WANT_ECC_SECP_R1_256 +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 requires_hash_alg SHA_256 run_test "Single supported algorithm sending: openssl client" \ "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ @@ -9408,7 +9405,7 @@ run_test "Large server packet TLS 1.3 AEAD shorter tag" \ # Force the use of a curve that supports restartable ECC (secp256r1). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, default" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -9421,7 +9418,7 @@ run_test "EC restart: TLS, default" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=0" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -9434,7 +9431,7 @@ run_test "EC restart: TLS, max_ops=0" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=65535" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -9461,7 +9458,7 @@ run_test "EC restart: TLS, max_ops=65535" \ # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required" \ @@ -9477,7 +9474,7 @@ run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -9492,7 +9489,7 @@ run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ # This works the same with & without USE_PSA as we never get to ECDH: # we abort as soon as we determined the cert is bad. requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000, badsign" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -9511,7 +9508,7 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \ # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ @@ -9532,7 +9529,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_P # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -9551,7 +9548,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA) # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ @@ -9572,7 +9569,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -9591,7 +9588,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ @@ -9607,7 +9604,7 @@ run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -9621,7 +9618,7 @@ run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ "$P_SRV groups=secp256r1" \ @@ -9637,7 +9634,7 @@ run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \ "$P_SRV groups=secp256r1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -9653,7 +9650,7 @@ run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \ # This is the same as "EC restart: TLS, max_ops=1000" except with ECDHE-RSA, # and all 4 assertions negated. requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ From 3f1200644177138feb2efa7f784d9a7415d357c9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 3 Jul 2025 14:45:51 +0200 Subject: [PATCH 0723/1548] build_psa_config_file: Check PSA_WANT_ALG_CMAC instead of MBEDTLS_CMAC_C Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index f7eb6d617f..a290c3ed06 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2541,7 +2541,7 @@ component_build_psa_config_file () { echo '#error "TF_PSA_CRYPTO_CONFIG_FILE is not working"' >"$CRYPTO_CONFIG_H" make CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'" # Make sure this feature is enabled. We'll disable it in the next phase. - programs/test/query_compile_time_config MBEDTLS_CMAC_C + programs/test/query_compile_time_config PSA_WANT_ALG_CMAC make clean msg "build: make with TF_PSA_CRYPTO_CONFIG_FILE + TF_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s @@ -2552,7 +2552,7 @@ component_build_psa_config_file () { echo '#undef PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128' >> psa_user_config.h echo '#undef MBEDTLS_CMAC_C' >> psa_user_config.h make CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DTF_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'" - not programs/test/query_compile_time_config MBEDTLS_CMAC_C + not programs/test/query_compile_time_config PSA_WANT_ALG_CMAC rm -f psa_test_config.h psa_user_config.h } From b5c6fcc4c9abd378b17c5eab13c681b461f61bcf Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Jul 2025 13:40:00 +0200 Subject: [PATCH 0724/1548] test_psa_crypto_config_accel_cipher_aead_cmac: Disable POLY1305 In preparation of the removal of the configuration option MBEDTLS_POLY1305_C, disable it in test_psa_crypto_config_accel_cipher_aead_cmac as it will be not possible to enable it when CHACHA20_POLY1305 is accelerated. Signed-off-by: Ronald Cron --- tests/scripts/analyze_outcomes.py | 6 +++--- tests/scripts/components-configuration-crypto.sh | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 429a04f7f5..2ea3cd9511 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -292,15 +292,15 @@ class DriverVSReference_cipher_aead_cmac(outcome_analysis.DriverVSReference): IGNORED_SUITES = [ # low-level (block/stream) cipher modules 'aes', 'aria', 'camellia', 'des', 'chacha20', - # AEAD modes and CMAC - 'ccm', 'chachapoly', 'cmac', 'gcm', + # AEAD modes, CMAC and POLY1305 + 'ccm', 'chachapoly', 'cmac', 'gcm', 'poly1305', # The Cipher abstraction layer 'cipher', ] IGNORED_TESTS = { 'test_suite_config': [ re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA|CHACHA20|DES)_.*'), - re.compile(r'.*\bMBEDTLS_(CCM|CHACHAPOLY|CMAC|GCM)_.*'), + re.compile(r'.*\bMBEDTLS_(CCM|CHACHAPOLY|CMAC|GCM|POLY1305)_.*'), re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'), re.compile(r'.*\bMBEDTLS_CIPHER_.*'), ], diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index a290c3ed06..ffe7248b7a 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1864,6 +1864,7 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { scripts/config.py unset MBEDTLS_ARIA_C scripts/config.py unset MBEDTLS_CHACHA20_C scripts/config.py unset MBEDTLS_CAMELLIA_C + scripts/config.py unset MBEDTLS_POLY1305_C # Disable CIPHER_C entirely as all ciphers/AEADs are accelerated and PSA # does not depend on it. @@ -1886,6 +1887,7 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { not grep mbedtls_gcm ${BUILTIN_SRC_PATH}/gcm.o not grep mbedtls_chachapoly ${BUILTIN_SRC_PATH}/chachapoly.o not grep mbedtls_cmac ${BUILTIN_SRC_PATH}/cmac.o + not grep mbedtls_poly1305 ${BUILTIN_SRC_PATH}/poly1305.o # Run the tests # ------------- From f256f8ac3e2fb92c0a796533a1cc9849e09ecf4c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Jul 2025 17:37:18 +0200 Subject: [PATCH 0725/1548] Add test_xts component Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index ffe7248b7a..c966c14b5a 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2589,3 +2589,18 @@ component_test_min_mpi_window_size () { msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s make test } + +component_test_xts () { + # Component dedicated to run XTS unit test cases while XTS is not + # supported through the PSA API. + msg "build: Default + MBEDTLS_CIPHER_MODE_XTS" + + echo "#define MBEDTLS_CIPHER_MODE_XTS" > psa_user_config.h + cmake -DTF_PSA_CRYPTO_USER_CONFIG_FILE="psa_user_config.h" + make + + msg "test: Default + MBEDTLS_CIPHER_MODE_XTS" + make test + + rm -f psa_user_config.h +} From e0b06eb3a12fe94b9096a7ebe560f647257a040d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 15 Jul 2025 08:58:32 +0200 Subject: [PATCH 0726/1548] test_xts: Remove temporarily file earlier Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index c966c14b5a..cdef0d1173 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2599,8 +2599,8 @@ component_test_xts () { cmake -DTF_PSA_CRYPTO_USER_CONFIG_FILE="psa_user_config.h" make + rm -f psa_user_config.h + msg "test: Default + MBEDTLS_CIPHER_MODE_XTS" make test - - rm -f psa_user_config.h } From 50f99caf42094f6e43321935452e2e99b2b75d57 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 15 Jul 2025 09:32:03 +0200 Subject: [PATCH 0727/1548] depends.py: Add warning log Add warning log when disabling a configuration option that does not exist. When the removal of the legacy crypto config options is completed, the warning will be reverted to an error. Signed-off-by: Ronald Cron --- tests/scripts/depends.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 08829d1936..7fccb2006f 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -110,6 +110,10 @@ def set_config_option_value(conf, option, colors, value: Union[bool, str]): which will make a symbol defined with a certain value.""" if not option_exists(conf, option): if value is False: + log_line( + f'Warning, disabling {option} that does not exist in {conf.filename}', + color=colors.cyan + ) return True log_line('Symbol {} was not found in {}'.format(option, conf.filename), color=colors.red) return False From a5f36483ef3bd9296e11b7aee7cdd4a3c51fb8c1 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 30 Jun 2025 10:36:25 +0200 Subject: [PATCH 0728/1548] Replace legacy RSA crypto options in check_config.h For the test_psa_crypto_config_accel_rsa_crypto component, ignore test cases that depend on MBEDTLS_GENPRIME being enabled. When all RSA cryptographic operations are provided by drivers, MBEDTLS_GENPRIME will not be enabled, as it will no longer be a configuration option. Signed-off-by: Ronald Cron --- include/mbedtls/check_config.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 22ddaa80fd..5e5a5b31db 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -64,7 +64,7 @@ #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ - ( !defined(MBEDTLS_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ + ( !defined(MBEDTLS_CAN_ECDH) || !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites" #endif @@ -75,8 +75,8 @@ #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \ - ( !defined(MBEDTLS_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) ) + ( !defined(MBEDTLS_CAN_ECDH) || !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \ + !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) || !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) ) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" #endif @@ -109,7 +109,7 @@ #endif #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ - ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) ) + ( !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || !defined(PSA_WANT_ALG_RSA_OAEP) ) #error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites" #endif @@ -130,7 +130,7 @@ #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) #if !( (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \ defined(MBEDTLS_X509_CRT_PARSE_C) && \ - ( defined(PSA_HAVE_ALG_ECDSA_SIGN) || defined(MBEDTLS_PKCS1_V21) ) ) + ( defined(PSA_HAVE_ALG_ECDSA_SIGN) || defined(PSA_WANT_ALG_RSA_OAEP) ) ) #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites" #endif #endif From 4c48114f7dc0573ccde3f24cbc804dc4ec66484b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 11 Jul 2025 17:23:41 +0200 Subject: [PATCH 0729/1548] analyze_outcomes.py: Ignore test cases depending on MBEDTLS_GENPRIME For the component test_psa_crypto_config_accel_rsa_crypto, ignore the test cases depending on MBEDTLS_GENPRIME being enabled. When all RSA crypto is provided by drivers MBEDTLS_GENPRIME will not be enabled when it is not a configuration option anymore. Signed-off-by: Ronald Cron --- tests/scripts/analyze_outcomes.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 2ea3cd9511..132d53ec97 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -568,6 +568,10 @@ class DriverVSReference_rsa(outcome_analysis.DriverVSReference): 'pk', 'pkwrite', 'pkparse' ] IGNORED_TESTS = { + 'test_suite_bignum.misc': [ + re.compile(r'.*\bmbedtls_mpi_is_prime.*'), + re.compile(r'.*\bmbedtls_mpi_gen_prime.*'), + ], 'test_suite_config': [ re.compile(r'.*\bMBEDTLS_(PKCS1|RSA)_.*'), re.compile(r'.*\bMBEDTLS_GENPRIME\b.*') From 9edf4c54b61c192596caf5a17fe315326fc8489a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 15 Jul 2025 15:40:46 +0200 Subject: [PATCH 0730/1548] test_psa_crypto_config_accel_rsa_crypto: Disable MBEDTLS_GENPRIME Disable MBEDTLS_GENPRIME in the test_psa_crypto_config_accel_rsa_crypto component. This should likely have been the case already, as all RSA crypto in this component is expected to be provided by the test driver. This change is necessary following the previous commit to prevent analyze_outcomes.py from complaining that, as MBEDTLS_GENPRIME tests are passing in both the driver and reference components, they should not be ignored. Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index cdef0d1173..b2ea2b3039 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1429,6 +1429,7 @@ config_psa_crypto_accel_rsa () { scripts/config.py unset MBEDTLS_RSA_C scripts/config.py unset MBEDTLS_PKCS1_V15 scripts/config.py unset MBEDTLS_PKCS1_V21 + scripts/config.py unset MBEDTLS_GENPRIME # We need PEM parsing in the test library as well to support the import # of PEM encoded RSA keys. From abcfd4c160d6269a8b84f1d8e5e1c1a95753d238 Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Tue, 17 Jun 2025 15:18:20 +0100 Subject: [PATCH 0731/1548] Modified dlopen.c and tfpsacrypto_dlopen.c so that they use PSA API-only dynamic loading - Replaced soon-deprecated mbedtls_md_list() in dlopen.c with psa_hash_compute() - Added tfpsacrypto_dlopen.c as a PSA-only shared-library loading test - Enabled -fPIC for tf-psa-crypto builtins to support shared linking - Confirmed clean builds and successful dlopen() test execution. Signed-off-by: Ari Weiler-Ofek --- programs/test/dlopen.c | 42 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 8 deletions(-) diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index bb7fba88af..9aba73308c 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -98,16 +98,42 @@ int main(void) * "gcc -std=c99 -pedantic" complains about it, but it is perfectly * fine on platforms that have dlsym(). */ #pragma GCC diagnostic ignored "-Wpedantic" - const int *(*md_list)(void) = - dlsym(crypto_so, "mbedtls_md_list"); + psa_status_t (*dyn_psa_crypto_init)(void) = + dlsym(crypto_so, "psa_crypto_init"); + psa_status_t (*dyn_psa_hash_compute)(psa_algorithm_t, const uint8_t *, size_t, uint8_t *, + size_t, size_t *) = + dlsym(crypto_so, "psa_hash_compute"); + #pragma GCC diagnostic pop - CHECK_DLERROR("dlsym", "mbedtls_md_list"); - const int *mds = md_list(); - for (n = 0; mds[n] != 0; n++) {/* nothing to do, we're just counting */ - ; + /* Use psa_hash_compute from PSA Crypto API instead of deprecated mbedtls_md_list() + * to demonstrate runtime linking of libmbedcrypto / libtfpsacrypto */ + + CHECK_DLERROR("dlsym", "psa_crypto_init"); + CHECK_DLERROR("dlsym", "psa_hash_compute"); + + psa_status_t status = dyn_psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "psa_crypto_init failed: %d\n", (int) status); + mbedtls_exit(MBEDTLS_EXIT_FAILURE); + } + + const uint8_t input[] = "hello world"; + uint8_t hash[32]; // Buffer to hold the output hash + size_t hash_len = 0; + + status = dyn_psa_hash_compute(PSA_ALG_SHA_256, + input, sizeof(input) - 1, + hash, sizeof(hash), + &hash_len); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "psa_hash_compute failed: %d\n", (int) status); + mbedtls_exit(MBEDTLS_EXIT_FAILURE); } - mbedtls_printf("dlopen(%s): %u hashes\n", - crypto_so_filename, n); + + mbedtls_printf("dlopen(%s): psa_hash_compute succeeded. SHA-256 output length: %zu\n", + crypto_so_filename, hash_len); + + dlclose(crypto_so); CHECK_DLERROR("dlclose", crypto_so_filename); #endif /* MBEDTLS_MD_C */ From c3d54b619e63f7042a1094a5d000d7b0ba3c7c7b Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Tue, 15 Jul 2025 14:08:24 +0100 Subject: [PATCH 0732/1548] Fix comment in dlopen.c to remove reference to deprecated API Signed-off-by: Ari Weiler-Ofek --- programs/test/dlopen.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index 9aba73308c..58a6af52e7 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -105,8 +105,7 @@ int main(void) dlsym(crypto_so, "psa_hash_compute"); #pragma GCC diagnostic pop - /* Use psa_hash_compute from PSA Crypto API instead of deprecated mbedtls_md_list() - * to demonstrate runtime linking of libmbedcrypto / libtfpsacrypto */ + /* Demonstrate hashing a message with PSA Crypto */ CHECK_DLERROR("dlsym", "psa_crypto_init"); CHECK_DLERROR("dlsym", "psa_hash_compute"); From 30a53fe5a494b68a5517c968de68eed72cb7583c Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Tue, 15 Jul 2025 14:16:11 +0100 Subject: [PATCH 0733/1548] Update TF-PSA-Crypto submodule to PSA-only dynamic loading Signed-off-by: Ari Weiler-Ofek --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 110b9a44d7..b1c98ebee8 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 110b9a44d79975c0eab61f46c65837abc5c9309a +Subproject commit b1c98ebee82c1056cec0f64e24f1b780a5889a0d From 606671b6a55c8f4c6b4957f77c2aaacd89a80d5d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jul 2025 13:09:00 +0200 Subject: [PATCH 0734/1548] Explicitly enable built-in entropy in sample and test configs Now that built-in entropy is a positive option `MBEDTLS_PSA_BUILTIN_GET_ENTROPY` instead of a negative option `MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES`, it needs to be enabled explicitly in sample and test configurations. Signed-off-by: Gilles Peskine --- configs/crypto-config-ccm-psk-tls1_2.h | 8 +------- configs/crypto-config-suite-b.h | 7 +------ configs/crypto-config-thread.h | 1 + 3 files changed, 3 insertions(+), 13 deletions(-) diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h index e4de8b3fb6..163520ed34 100644 --- a/configs/crypto-config-ccm-psk-tls1_2.h +++ b/configs/crypto-config-ccm-psk-tls1_2.h @@ -31,15 +31,9 @@ #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C +#define MBEDTLS_PSA_BUILTIN_GET_ENTROPY /* Save RAM at the expense of ROM */ #define MBEDTLS_AES_ROM_TABLES -/* - * You should adjust this to the exact number of sources you're using: default - * is the "platform_entropy_poll" source, but you may want to add other ones - * Minimum is 2 for the entropy test suite. - */ -#define MBEDTLS_ENTROPY_MAX_SOURCES 2 - #endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h index dd304c1c5d..0437bda3ce 100644 --- a/configs/crypto-config-suite-b.h +++ b/configs/crypto-config-suite-b.h @@ -51,6 +51,7 @@ #define MBEDTLS_ENTROPY_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PSA_BUILTIN_GET_ENTROPY /* For test certificates */ #define MBEDTLS_BASE64_C @@ -69,10 +70,4 @@ /* Significant speed benefit at the expense of some ROM */ #define MBEDTLS_ECP_NIST_OPTIM -/* - * You should adjust this to the exact number of sources you're using: default - * is the "mbedtls_platform_entropy_poll" source, but you may want to add other ones. - * Minimum is 2 for the entropy test suite. - */ -#define MBEDTLS_ENTROPY_MAX_SOURCES 2 #endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h index 18206e1a9f..5475a0af20 100644 --- a/configs/crypto-config-thread.h +++ b/configs/crypto-config-thread.h @@ -60,6 +60,7 @@ #define MBEDTLS_MD_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PSA_BUILTIN_GET_ENTROPY /* Save RAM at the expense of ROM */ #define MBEDTLS_AES_ROM_TABLES From 3c2a1cb1d61363c73fdeebb6125e0e5f85c1ba01 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jul 2025 19:09:08 +0200 Subject: [PATCH 0735/1548] Prepare to ignore a new test case Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 429a04f7f5..21845137f8 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -62,6 +62,12 @@ def _has_word_re(words: typing.Iterable[str], # https://github.com/Mbed-TLS/mbedtls/issues/9586 'Config: !MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED', ], + 'test_suite_config.crypto_combinations': [ + # New thing in crypto. Not intended to be tested separately + # in mbedtls. + # https://github.com/Mbed-TLS/mbedtls/issues/10300 + 'Config: entropy: NV seed only', + ], 'test_suite_config.psa_boolean': [ # We don't test with HMAC disabled. # https://github.com/Mbed-TLS/mbedtls/issues/9591 From ce7de61ad4c672a91066e7911de54e8e602e3d21 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 16 Jul 2025 10:23:17 +0200 Subject: [PATCH 0736/1548] cmake: Fix list of TF-PSA-Crypto library targets Signed-off-by: Ronald Cron --- CMakeLists.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 64a390a307..162373182b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -379,7 +379,8 @@ set(tf_psa_crypto_library_targets ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto) if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) - list(APPEND tf_psa_crypto_library_targets) + list(APPEND tf_psa_crypto_library_targets + ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto_static) endif() foreach(target IN LISTS tf_psa_crypto_library_targets) From 4561164e7c2fd19bf12bbc44ca3ee93b8775ed2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 16 Jul 2025 13:23:18 +0200 Subject: [PATCH 0737/1548] Freeze cryptography version on the CI at 35.0.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The version was unspecified because of our use of Python 3.5 on the CI, whichi has since been eliminated. Signed-off-by: Bence Szépkúti --- scripts/ci.requirements.txt | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt index fc10c63b85..123b5430bf 100644 --- a/scripts/ci.requirements.txt +++ b/scripts/ci.requirements.txt @@ -16,12 +16,8 @@ pylint == 2.4.4 mypy == 0.942 # At the time of writing, only needed for tests/scripts/audit-validity-dates.py. -# It needs >=35.0.0 for correct operation, and that requires Python >=3.6, -# but our CI has Python 3.5. So let pip install the newest version that's -# compatible with the running Python: this way we get something good enough -# for mypy and pylint under Python 3.5, and we also get something good enough -# to run audit-validity-dates.py on Python >=3.6. -cryptography # >= 35.0.0 +# It needs >=35.0.0 for correct operation, and that requires Python >=3.6. +cryptography >= 35.0.0 # For building `framework/data_files/server9-bad-saltlen.crt` and check python # files. From 9dda0ca1959db344307fbdb96869ee05f3101fc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 16 Jul 2025 13:33:17 +0200 Subject: [PATCH 0738/1548] Don't install cryptography on the FreeBSD CI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Recent versions of cryptography require a Rust toolchain to install on FreeBSD, which we do not have set up yet. Signed-off-by: Bence Szépkúti --- scripts/ci.requirements.txt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt index 123b5430bf..4bb41e5136 100644 --- a/scripts/ci.requirements.txt +++ b/scripts/ci.requirements.txt @@ -17,7 +17,10 @@ mypy == 0.942 # At the time of writing, only needed for tests/scripts/audit-validity-dates.py. # It needs >=35.0.0 for correct operation, and that requires Python >=3.6. -cryptography >= 35.0.0 +# >=35.0.0 also requires Rust to build from source, which we are forced to do on +# FreeBSD, since PyPI doesn't carry binary wheels for the BSDs. +# Disable on FreeBSD until we get a Rust toolchain up and running on the CI. +cryptography >= 35.0.0; platform_system != 'FreeBSD' # For building `framework/data_files/server9-bad-saltlen.crt` and check python # files. From 5956d28c0b045578ac0b8578fc9ea4c34a40651a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 16 Jul 2025 14:18:12 +0200 Subject: [PATCH 0739/1548] Restrict CI-specific python requirements to Linux MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The dependencies declared in ci.requirements.txt are only used in scripts that we run on the Linux CI. Signed-off-by: Bence Szépkúti --- scripts/ci.requirements.txt | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt index 4bb41e5136..2ab7ba98da 100644 --- a/scripts/ci.requirements.txt +++ b/scripts/ci.requirements.txt @@ -2,10 +2,12 @@ -r driver.requirements.txt +# The dependencies below are only used in scripts that we run on the Linux CI. + # Use a known version of Pylint, because new versions tend to add warnings # that could start rejecting our code. # 2.4.4 is the version in Ubuntu 20.04. It supports Python >=3.5. -pylint == 2.4.4 +pylint == 2.4.4; platform_system == 'Linux' # Use a version of mypy that is compatible with our code base. # mypy <0.940 is known not to work: see commit @@ -13,15 +15,14 @@ pylint == 2.4.4 # mypy >=0.960 is known not to work: # https://github.com/Mbed-TLS/mbedtls-framework/issues/50 # mypy 0.942 is the version in Ubuntu 22.04. -mypy == 0.942 +mypy == 0.942; platform_system == 'Linux' # At the time of writing, only needed for tests/scripts/audit-validity-dates.py. # It needs >=35.0.0 for correct operation, and that requires Python >=3.6. # >=35.0.0 also requires Rust to build from source, which we are forced to do on # FreeBSD, since PyPI doesn't carry binary wheels for the BSDs. -# Disable on FreeBSD until we get a Rust toolchain up and running on the CI. -cryptography >= 35.0.0; platform_system != 'FreeBSD' +cryptography >= 35.0.0; platform_system == 'Linux' # For building `framework/data_files/server9-bad-saltlen.crt` and check python # files. -asn1crypto +asn1crypto; platform_system == 'Linux' From 901cca7bc3fec0732ce2113bdf7fae0d66763649 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 16 Jul 2025 15:35:00 +0100 Subject: [PATCH 0740/1548] Disambiguate version.h in doxygen comment Specify mbedtls/version.h, since we are about to add include/tf-psa-crypto/version.h. Signed-off-by: David Horstmann --- include/mbedtls/version.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 637f9d38bf..718e99eb4a 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -1,5 +1,5 @@ /** - * \file version.h + * \file mbedtls/version.h * * \brief Run-time version information */ From 375fab7c73d7e96f5194ce293e9130b47f0d1153 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Thu, 17 Jul 2025 13:48:36 +0200 Subject: [PATCH 0741/1548] Added a fix for the CI failure due to private access error Signed-off-by: Anton Matkin --- tests/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/Makefile b/tests/Makefile index 45231cd9a5..3a6f0e62ea 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -370,6 +370,7 @@ libtestdriver1.a: perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/core/*.[ch] perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/include/*/*.h perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*/*.h perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/src/*.[ch] $(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a From c801d3293e93a6b988880bf66afd6606aa6acb42 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 3 Jul 2025 15:01:39 +0100 Subject: [PATCH 0742/1548] include private pk.h internally Signed-off-by: Ben Taylor --- programs/pkey/gen_key.c | 3 +++ programs/pkey/pk_sign.c | 3 +++ programs/pkey/pk_verify.c | 3 +++ programs/pkey/rsa_sign_pss.c | 3 +++ programs/pkey/rsa_verify_pss.c | 3 +++ programs/ssl/ssl_server2.c | 3 +++ tests/src/certs.c | 3 +++ tests/suites/test_suite_debug.function | 3 +++ tests/suites/test_suite_ssl.function | 3 +++ tests/suites/test_suite_x509parse.function | 3 +++ tests/suites/test_suite_x509write.function | 3 +++ 11 files changed, 33 insertions(+) diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 4d329f2db0..94604ceeb6 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -25,6 +25,9 @@ int main(void) #else #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "mbedtls/ecdsa.h" #include "mbedtls/rsa.h" #include "mbedtls/entropy.h" diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 1598986f6e..551173e496 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -30,6 +30,9 @@ int main(void) #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include #include diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index d9e3bf1ee3..507812e350 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -26,6 +26,9 @@ int main(void) #else #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include #include diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 94333ae54c..8f605b56bc 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -31,6 +31,9 @@ int main(void) #include "mbedtls/ctr_drbg.h" #include "mbedtls/rsa.h" #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include #include diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 19f92affb3..97f9d186e8 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -30,6 +30,9 @@ int main(void) #include "mbedtls/md.h" #include "mbedtls/pem.h" #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include #include diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 42fa8d6ed4..639fe5616e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -58,6 +58,9 @@ int main(void) #endif #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ /* Size of memory to be allocated for the heap, when using the library's memory * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ diff --git a/tests/src/certs.c b/tests/src/certs.c index d1af5b2aa4..f7a73bf74e 100644 --- a/tests/src/certs.c +++ b/tests/src/certs.c @@ -12,6 +12,9 @@ #include "mbedtls/build_info.h" #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "test/test_certs.h" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 57b8f4e175..1d37137416 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -2,6 +2,9 @@ #include "debug_internal.h" #include "string.h" #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include #if defined(_WIN32) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c47b2165b0..918edd5aca 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3,6 +3,9 @@ #include #include #include +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include #include #include diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 4f0605cd1c..079dca48c9 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -11,6 +11,9 @@ #include "mbedtls/base64.h" #include "mbedtls/error.h" #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "mbedtls/asn1.h" #include "mbedtls/asn1write.h" #include "string.h" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 224768ab4e..49ecc54278 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -10,6 +10,9 @@ #include "mbedtls/asn1.h" #include "mbedtls/asn1write.h" #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "mbedtls/psa_util.h" #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ From 1030f80a0b9cab71941c83cbd322f3c4a9d52ddb Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 15 Jul 2025 14:55:41 +0100 Subject: [PATCH 0743/1548] Add private include to additional files Signed-off-by: Ben Taylor --- library/ssl_ciphersuites_internal.h | 3 +++ library/ssl_misc.h | 3 +++ library/x509_oid.h | 3 +++ 3 files changed, 9 insertions(+) diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index a7981dbdf6..d1db2dba46 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -11,6 +11,9 @@ #define MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #if defined(MBEDTLS_PK_C) mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 9228a3bc7f..a462a07e70 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -42,6 +42,9 @@ extern const mbedtls_error_pair_t psa_to_ssl_errors[7]; #endif #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "ssl_ciphersuites_internal.h" #include "x509_internal.h" #include "pk_internal.h" diff --git a/library/x509_oid.h b/library/x509_oid.h index c2fe8dc403..8d5e1bbff1 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -13,6 +13,9 @@ #include "mbedtls/asn1.h" #include "mbedtls/pk.h" +#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) +#include +#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "mbedtls/x509.h" #include From 306ffd3a369a33d492543af24fc7da8170dfe0af Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 7 Jul 2025 09:41:34 +0100 Subject: [PATCH 0744/1548] Switch to mbedtls_pk_verify_new Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 3 +-- library/ssl_tls13_generic.c | 2 +- library/x509_crt.c | 4 ++-- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index b244921554..2129da122d 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2082,8 +2082,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - ret = mbedtls_pk_verify_ext(pk_alg, NULL, - peer_pk, + ret = mbedtls_pk_verify_new(pk_alg, peer_pk, md_alg, hash, hashlen, p, sig_len); } else diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 44525dd153..f5cdc65e55 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -300,7 +300,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - if ((ret = mbedtls_pk_verify_ext(sig_alg, NULL, + if ((ret = mbedtls_pk_verify_new(sig_alg, &ssl->session_negotiate->peer_cert->pk, md_alg, verify_hash, verify_hash_len, p, signature_len)) == 0) { diff --git a/library/x509_crt.c b/library/x509_crt.c index 4ac5d9b7e6..3947eb09aa 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2060,7 +2060,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCERT_BAD_KEY; } - if (mbedtls_pk_verify_ext(crl_list->sig_pk, NULL, &ca->pk, + if (mbedtls_pk_verify_new(crl_list->sig_pk, &ca->pk, crl_list->sig_md, hash, hash_length, crl_list->sig.p, crl_list->sig.len) != 0) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; @@ -2134,7 +2134,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, (void) rs_ctx; #endif - return mbedtls_pk_verify_ext(child->sig_pk, NULL, &parent->pk, + return mbedtls_pk_verify_new(child->sig_pk, &parent->pk, child->sig_md, hash, hash_len, child->sig.p, child->sig.len); } From 0de87611bbbac901376249f44a6ace45be661466 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 14 Jul 2025 08:27:01 +0100 Subject: [PATCH 0745/1548] Remove additional calls to mbedtls_pk_verify_ext Signed-off-by: Ben Taylor --- library/ssl_tls13_generic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index f5cdc65e55..372bf84608 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -306,7 +306,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, p, signature_len)) == 0) { return 0; } - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_new", ret); error: /* RFC 8446 section 4.4.3 From 0c787e3de84c77075fbecf006d16e1253bd8be99 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 14 Jul 2025 08:33:24 +0100 Subject: [PATCH 0746/1548] Remove additional calls to mbedtls_pk_verify_ext Signed-off-by: Ben Taylor --- tests/suites/test_suite_x509write.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 49ecc54278..b7e531e653 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -41,7 +41,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - if (mbedtls_pk_verify_ext(csr.sig_pk, NULL, &csr.pk, + if (mbedtls_pk_verify_new(csr.sig_pk, NULL, &csr.pk, csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; From 5be8511151e8a982b87165452dca532fc01d3f9f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 17 Jul 2025 10:05:23 +0100 Subject: [PATCH 0747/1548] Fix too many arguments in mbedtls_pk_verify_new Signed-off-by: Ben Taylor --- tests/suites/test_suite_x509write.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index b7e531e653..db571dab65 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -41,7 +41,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - if (mbedtls_pk_verify_new(csr.sig_pk, NULL, &csr.pk, + if (mbedtls_pk_verify_new(csr.sig_pk, &csr.pk, csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; From ed4a10661c6eff4acfa66419e26abb2c86dada8b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 14 May 2025 10:22:31 +0200 Subject: [PATCH 0748/1548] cmake: library: Remove unnecessary link_to_source If we do not generate error.c, version_features.c, ... then they are supposed to be in the source tree. The CMake build get them from here and there is no need for a symbolic link or a copy in the build tree. Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 451dbfdb7c..b6693d1a19 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -84,10 +84,6 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ssl_debug_helpers.py ${tls_error_headers} ) -else() - link_to_source(error.c) - link_to_source(version_features.c) - link_to_source(ssl_debug_helpers_generated.c) endif() if(CMAKE_COMPILER_IS_GNUCC) From a2c37b3b2d7c2c9a255637c7f5b6c03830f11c52 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 14 May 2025 09:41:04 +0200 Subject: [PATCH 0749/1548] cmake: library: Add custom targets for generated files Add a custom target that depends on TLS generated files, and make both the static and shared crypto libraries depend on it. This ensures that when both libraries are built, the files are not generated concurrently by the static and shared library targets. Do the same for the x509 libraries. Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index b6693d1a19..ee0381c036 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -84,6 +84,17 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ssl_debug_helpers.py ${tls_error_headers} ) + + add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target + DEPENDS + ${CMAKE_CURRENT_BINARY_DIR}/error.c + ) + + add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target + DEPENDS + ${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c + ${CMAKE_CURRENT_BINARY_DIR}/version_features.c + ) endif() if(CMAKE_COMPILER_IS_GNUCC) @@ -161,6 +172,13 @@ if(USE_STATIC_MBEDTLS_LIBRARY) target_compile_options(${mbedtls_static_target} PRIVATE ${LIBS_C_FLAGS}) set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls) target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target}) + + if(GEN_FILES) + add_dependencies(${mbedx509_static_target} + ${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target) + add_dependencies(${mbedtls_static_target} + ${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target) + endif() endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) @@ -175,6 +193,13 @@ if(USE_SHARED_MBEDTLS_LIBRARY) target_compile_options(${mbedtls_target} PRIVATE ${LIBS_C_FLAGS}) set_target_properties(${mbedtls_target} PROPERTIES VERSION 4.0.0 SOVERSION 21) target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) + + if(GEN_FILES) + add_dependencies(${mbedx509_target} + ${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target) + add_dependencies(${mbedtls_target} + ${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target) + endif() endif(USE_SHARED_MBEDTLS_LIBRARY) foreach(target IN LISTS target_libraries) From 37ddcf0ab4d8683eb50fa7f55691068c352bc704 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 14 May 2025 13:15:36 +0200 Subject: [PATCH 0750/1548] Add change log Signed-off-by: Ronald Cron --- ChangeLog.d/fix-dependency-on-generated-files.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/fix-dependency-on-generated-files.txt diff --git a/ChangeLog.d/fix-dependency-on-generated-files.txt b/ChangeLog.d/fix-dependency-on-generated-files.txt new file mode 100644 index 0000000000..b3e7e4e16b --- /dev/null +++ b/ChangeLog.d/fix-dependency-on-generated-files.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix potential CMake parallel build failure when building both the static + and shared libraries. From 2fc0475dc9951892a78285bf562f9508b366f741 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 20 Jun 2025 09:19:20 +0200 Subject: [PATCH 0751/1548] cmake_package_install: Fail in case of warnings with GNU GCC Fail the cmake package install demonstration in case of warnings when building the cmake_package_install executable. This would have caught the library installation issue reported in #10022. Signed-off-by: Ronald Cron --- programs/test/cmake_package_install/CMakeLists.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt index 0d7dbe4dad..60a4481e48 100644 --- a/programs/test/cmake_package_install/CMakeLists.txt +++ b/programs/test/cmake_package_install/CMakeLists.txt @@ -37,5 +37,11 @@ find_package(MbedTLS REQUIRED) # add_executable(cmake_package_install cmake_package_install.c) + +string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}") +if(CMAKE_COMPILER_IS_GNU) + target_compile_options(cmake_package_install PRIVATE -Wall -Werror) +endif() + target_link_libraries(cmake_package_install MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto) From 27125ceacfd0f97294d34d519ed2fbd945668a71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 18 Jul 2025 19:10:04 +0200 Subject: [PATCH 0752/1548] Update references to tf-psa-crypto/core/common.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit was generated using the following command: sed -i 's/\(^\|[^_]\)common\.h/\1tf_psa_crypto_common.h/g' \ $(git ls-files . \ ':!:programs/fuzz' \ ':!:tests/psa-client-server' \ ':!:tf-psa-crypto' \ ':!:framework') \ $(git grep -l 'tf-psa-crypto/core/common.h') Signed-off-by: Bence Szépkúti --- library/ssl_misc.h | 2 +- library/x509_internal.h | 2 +- scripts/data_files/error.fmt | 2 +- .../psasim/src/aut_psa_aead_encrypt_decrypt.c | 4 ++-- .../psasim/src/aut_psa_cipher_encrypt_decrypt.c | 2 +- tests/src/certs.c | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a462a07e70..a308711754 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -10,7 +10,7 @@ #ifndef MBEDTLS_SSL_MISC_H #define MBEDTLS_SSL_MISC_H -#include "common.h" +#include "tf_psa_crypto_common.h" #include "mbedtls/build_info.h" #include "mbedtls/error.h" diff --git a/library/x509_internal.h b/library/x509_internal.h index 9360471b96..8160270be1 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -10,7 +10,7 @@ #ifndef MBEDTLS_X509_INTERNAL_H #define MBEDTLS_X509_INTERNAL_H -#include "common.h" +#include "tf_psa_crypto_common.h" #include "mbedtls/build_info.h" #include "mbedtls/private_access.h" diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 14522ecd20..69bec9fe40 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "tf_psa_crypto_common.h" #include "mbedtls/error.h" diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c index 71173d2b52..87ef39a9ed 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c @@ -12,13 +12,13 @@ * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include * None of those cover tf-psa-crypto/core, so we rely on the * “-I$(MBEDTLS_ROOT_PATH)/include” entry plus a parent-relative - * include "../tf-psa-crypto/core/common.h" in order to pull in common.h here, + * include "../tf-psa-crypto/core/tf_psa_crypto_common.h" in order to pull in tf_psa_crypto_common.h here, * which in turn gets MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING (to silence the * new GCC-15 unterminated-string-initialization warning). * See GitHub issue #10223 for the proper long-term fix. * https://github.com/Mbed-TLS/mbedtls/issues/10223 */ -#include "../tf-psa-crypto/core/common.h" +#include "../tf-psa-crypto/core/tf_psa_crypto_common.h" #include #include #include diff --git a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c index 25c0b8a61e..82bdca54dc 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c +++ b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c @@ -4,7 +4,7 @@ */ #include "psa/crypto.h" -#include "../tf-psa-crypto/core/common.h" +#include "../tf-psa-crypto/core/tf_psa_crypto_common.h" #include #include #include diff --git a/tests/src/certs.c b/tests/src/certs.c index f7a73bf74e..c45f0628c0 100644 --- a/tests/src/certs.c +++ b/tests/src/certs.c @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "common.h" +#include "tf_psa_crypto_common.h" #include From e6167e7a51569ae6f67756df9885fe9513fdeadb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 18 Jul 2025 19:06:18 +0200 Subject: [PATCH 0753/1548] Update tf-psa-crypto submodule MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index b1c98ebee8..a0ff5d6483 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit b1c98ebee82c1056cec0f64e24f1b780a5889a0d +Subproject commit a0ff5d64831aad7d19aa7e02eb8af065e07506f2 From 89becc987f6452410a473566920a689c60e28aea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Tue, 22 Jul 2025 10:26:44 +0200 Subject: [PATCH 0754/1548] Update framework submodule MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 893ad9e845..df3307f2b4 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 893ad9e8450a8e7459679d952abd5d6df26c41c4 +Subproject commit df3307f2b4fe512def60886024f7be8fd1523ccd From 772a8ad219e38512fe78c638ddc69539c2fb6c7e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 21 Jul 2025 12:36:29 +0200 Subject: [PATCH 0755/1548] all.sh: Remove unset of now removed legacy hash config options Signed-off-by: Ronald Cron --- .../components-configuration-crypto.sh | 22 ++----------------- 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index bb0375add1..61a043d407 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1550,15 +1550,6 @@ component_test_psa_crypto_config_accel_hash () { # Start from default config (no USE_PSA) helper_libtestdriver1_adjust_config "default" - # Disable the things that are being accelerated - scripts/config.py unset MBEDTLS_MD5_C - scripts/config.py unset MBEDTLS_RIPEMD160_C - scripts/config.py unset MBEDTLS_SHA1_C - scripts/config.py unset MBEDTLS_SHA224_C - scripts/config.py unset MBEDTLS_SHA256_C - scripts/config.py unset MBEDTLS_SHA384_C - scripts/config.py unset MBEDTLS_SHA512_C - # Build # ----- @@ -1588,14 +1579,7 @@ config_psa_crypto_hash_use_psa () { helper_libtestdriver1_adjust_config "full" if [ "$driver_only" -eq 1 ]; then # disable the built-in implementation of hashes - scripts/config.py unset MBEDTLS_MD5_C - scripts/config.py unset MBEDTLS_RIPEMD160_C - scripts/config.py unset MBEDTLS_SHA1_C - scripts/config.py unset MBEDTLS_SHA224_C - scripts/config.py unset MBEDTLS_SHA256_C # see external RNG below scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT - scripts/config.py unset MBEDTLS_SHA384_C - scripts/config.py unset MBEDTLS_SHA512_C scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT fi } @@ -1676,11 +1660,9 @@ config_psa_crypto_hmac_use_psa () { # Disable MD_C in order to disable the builtin support for HMAC. MD_LIGHT # is still enabled though (for ENTROPY_C among others). scripts/config.py unset MBEDTLS_MD_C - # Disable also the builtin hashes since they are supported by the driver - # and MD module is able to perform PSA dispathing. + # Also disable the configuration options that tune the builtin hashes, + # since those hashes are disabled. scripts/config.py unset-all MBEDTLS_SHA - scripts/config.py unset MBEDTLS_MD5_C - scripts/config.py unset MBEDTLS_RIPEMD160_C fi # Direct dependencies of MD_C. We disable them also in the reference From 8719c2f00bbd0e27e83f83294e5271e48fe1a48c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 22 Jul 2025 11:27:39 +0200 Subject: [PATCH 0756/1548] ssl_misc.h: Update PKCS1 dependencies Signed-off-by: Ronald Cron --- library/ssl_misc.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a308711754..72dc9418f2 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2376,7 +2376,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( #endif /* PSA_WANT_ALG_SHA_512 && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #endif /* PSA_HAVE_ALG_SOME_ECDSA */ -#if defined(MBEDTLS_PKCS1_V21) +#if defined(PSA_WANT_ALG_RSA_PSS) #if defined(PSA_WANT_ALG_SHA_256) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: break; @@ -2389,7 +2389,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: break; #endif /* PSA_WANT_ALG_SHA_512 */ -#endif /* MBEDTLS_PKCS1_V21 */ +#endif /* PSA_WANT_ALG_RSA_PSS */ default: return 0; } @@ -2401,7 +2401,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_is_supported( const uint16_t sig_alg) { switch (sig_alg) { -#if defined(MBEDTLS_PKCS1_V15) +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) #if defined(PSA_WANT_ALG_SHA_256) case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: break; @@ -2414,7 +2414,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_is_supported( case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: break; #endif /* PSA_WANT_ALG_SHA_512 */ -#endif /* MBEDTLS_PKCS1_V15 */ +#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */ default: return mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( sig_alg); @@ -2455,7 +2455,7 @@ static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( } switch (sig_alg) { -#if defined(MBEDTLS_PKCS1_V21) +#if defined(PSA_WANT_ALG_RSA_PSS) #if defined(PSA_WANT_ALG_SHA_256) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: *md_alg = MBEDTLS_MD_SHA256; @@ -2474,7 +2474,7 @@ static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( *pk_type = MBEDTLS_PK_RSASSA_PSS; break; #endif /* PSA_WANT_ALG_SHA_512 */ -#endif /* MBEDTLS_PKCS1_V21 */ +#endif /* PSA_WANT_ALG_RSA_PSS */ default: return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; } From 892bb612946a48c4b9a5f489522347eb590f3f85 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 21 Jul 2025 14:26:27 +0200 Subject: [PATCH 0757/1548] all.sh: Remove unset of now removed legacy RSA config options Signed-off-by: Ronald Cron --- .../scripts/components-configuration-crypto.sh | 17 ++--------------- tests/scripts/components-configuration-tls.sh | 4 ---- 2 files changed, 2 insertions(+), 19 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 61a043d407..faca872060 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -138,7 +138,6 @@ component_test_psa_crypto_without_heap() { component_test_no_rsa_key_pair_generation () { msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" - scripts/config.py unset MBEDTLS_GENPRIME scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE make @@ -1148,9 +1147,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { # on BIGNUM_C. scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*" scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*" - scripts/config.py unset MBEDTLS_RSA_C - scripts/config.py unset MBEDTLS_PKCS1_V15 - scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT # Also disable key exchanges that depend on RSA scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -1425,12 +1421,6 @@ config_psa_crypto_accel_rsa () { helper_libtestdriver1_adjust_config "crypto_full" if [ "$driver_only" -eq 1 ]; then - # Remove RSA support and its dependencies - scripts/config.py unset MBEDTLS_RSA_C - scripts/config.py unset MBEDTLS_PKCS1_V15 - scripts/config.py unset MBEDTLS_PKCS1_V21 - scripts/config.py unset MBEDTLS_GENPRIME - # We need PEM parsing in the test library as well to support the import # of PEM encoded RSA keys. scripts/config.py -c "$CONFIG_TEST_DRIVER_H" set MBEDTLS_PEM_PARSE_C @@ -1494,7 +1484,7 @@ component_test_psa_crypto_config_reference_rsa_crypto () { # This is a temporary test to verify that full RSA support is present even when # only one single new symbols (PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) is defined. component_test_new_psa_want_key_pair_symbol () { - msg "Build: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" + msg "Build: crypto config - PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" # Create a temporary output file unless there is already one set if [ "$MBEDTLS_TEST_OUTCOME_FILE" ]; then @@ -1509,11 +1499,8 @@ component_test_new_psa_want_key_pair_symbol () { scripts/config.py crypto # Remove RSA support and its dependencies - scripts/config.py unset MBEDTLS_PKCS1_V15 - scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_RSA_C scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT # Keep only PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC enabled in order to ensure @@ -1524,7 +1511,7 @@ component_test_new_psa_want_key_pair_symbol () { make - msg "Test: crypto config - MBEDTLS_RSA_C + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" + msg "Test: crypto config - PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" make test # Parse only 1 relevant line from the outcome file, i.e. a test which is diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index ff8315711e..f9678b98f2 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -472,7 +472,6 @@ component_test_tls13_only_psk () { # Note: The four unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_PKCS1_V21 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -536,7 +535,6 @@ component_test_tls13_only_psk_ephemeral () { scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS # Note: The two unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_PKCS1_V21 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -566,7 +564,6 @@ component_test_tls13_only_psk_ephemeral_ffdh () { # Note: The three unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_PKCS1_V21 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -593,7 +590,6 @@ component_test_tls13_only_psk_all () { scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS # Note: The two unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_PKCS1_V21 make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" From e13c7015ea8309c59c17bf611103b3ac19c8bd9c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 21 Jul 2025 14:22:59 +0200 Subject: [PATCH 0758/1548] all.sh: Remove unset of now removed legacy symmetric crypto options Signed-off-by: Ronald Cron --- .../components-configuration-crypto.sh | 50 ------------------- tests/scripts/components-configuration-tls.sh | 21 +------- 2 files changed, 2 insertions(+), 69 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index faca872060..6cf8cd9155 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -309,7 +309,6 @@ component_test_full_no_cipher () { msg "build: full no CIPHER" scripts/config.py full - scripts/config.py unset MBEDTLS_CIPHER_C # The built-in implementation of the following algs/key-types depends # on CIPHER_C so we disable them. @@ -328,7 +327,6 @@ component_test_full_no_cipher () { scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES # The following modules directly depends on CIPHER_C - scripts/config.py unset MBEDTLS_CMAC_C scripts/config.py unset MBEDTLS_NIST_KW_C make @@ -478,7 +476,6 @@ component_test_crypto_for_psa_service () { scripts/config.py unset MBEDTLS_VERSION_FEATURES # Crypto stuff with no PSA interface scripts/config.py unset MBEDTLS_BASE64_C - # Keep MBEDTLS_CIPHER_C because psa_crypto_cipher, CCM and GCM need it. scripts/config.py unset MBEDTLS_HKDF_C # PSA's HKDF is independent # Keep MBEDTLS_MD_C because deterministic ECDSA needs it for HMAC_DRBG. scripts/config.py unset MBEDTLS_NIST_KW_C @@ -1716,11 +1713,6 @@ component_test_psa_crypto_config_accel_aead () { # Start from full config helper_libtestdriver1_adjust_config "full" - # Disable things that are being accelerated - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - # Disable CCM_STAR_NO_TAG because this re-enables CCM_C. scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG @@ -1771,32 +1763,10 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { common_psa_crypto_config_accel_cipher_aead_cmac - # Disable the things that are being accelerated - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7 - scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR - scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB - scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - scripts/config.py unset MBEDTLS_CMAC_C - scripts/config.py unset MBEDTLS_DES_C - scripts/config.py unset MBEDTLS_AES_C - scripts/config.py unset MBEDTLS_ARIA_C - scripts/config.py unset MBEDTLS_CHACHA20_C - scripts/config.py unset MBEDTLS_CAMELLIA_C - scripts/config.py unset MBEDTLS_POLY1305_C - # Disable DES, if it still exists. # This can be removed once we remove DES from the library. scripts/config.py unset PSA_WANT_KEY_TYPE_DES - # Disable CIPHER_C entirely as all ciphers/AEADs are accelerated and PSA - # does not depend on it. - scripts/config.py unset MBEDTLS_CIPHER_C - # Build # ----- @@ -1856,14 +1826,6 @@ common_block_cipher_dispatch () { # Start from the full config helper_libtestdriver1_adjust_config "full" - if [ "$TEST_WITH_DRIVER" -eq 1 ]; then - # Disable key types that are accelerated (there is no legacy equivalent - # symbol for ECB) - scripts/config.py unset MBEDTLS_AES_C - scripts/config.py unset MBEDTLS_ARIA_C - scripts/config.py unset MBEDTLS_CAMELLIA_C - fi - # Disable cipher's modes that, when not accelerated, cause # legacy key types to be re-enabled in "config_adjust_legacy_from_psa.h". # Keep this also in the reference component in order to skip the same tests @@ -1968,7 +1930,6 @@ component_test_full_block_cipher_legacy_dispatch () { component_test_aead_chachapoly_disabled () { msg "build: full minus CHACHAPOLY" scripts/config.py full - scripts/config.py unset MBEDTLS_CHACHAPOLY_C scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" @@ -1979,8 +1940,6 @@ component_test_aead_chachapoly_disabled () { component_test_aead_only_ccm () { msg "build: full minus CHACHAPOLY and GCM" scripts/config.py full - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - scripts/config.py unset MBEDTLS_GCM_C scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" @@ -2106,16 +2065,12 @@ component_build_aes_variations () { # manually set or unset those configurations to check # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o. scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS scripts/config.py unset MBEDTLS_NIST_KW_C scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES - # Note: The two unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_DES_C build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ "MBEDTLS_AES_ROM_TABLES" \ @@ -2319,7 +2274,6 @@ helper_block_cipher_no_decrypt_build_test () { # This is a configuration function used in component_test_block_cipher_no_decrypt_xxx: config_block_cipher_no_decrypt () { scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS scripts/config.py unset MBEDTLS_NIST_KW_C # Enable support for cryptographic mechanisms through the PSA API. @@ -2328,9 +2282,6 @@ config_block_cipher_no_decrypt () { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES - # Note: The two unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_DES_C } component_test_block_cipher_no_decrypt_aesni () { @@ -2482,7 +2433,6 @@ component_build_psa_config_file () { # query_compile_time_config. echo '#undef PSA_WANT_ALG_CMAC' >psa_user_config.h echo '#undef PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128' >> psa_user_config.h - echo '#undef MBEDTLS_CMAC_C' >> psa_user_config.h make CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DTF_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'" not programs/test/query_compile_time_config PSA_WANT_ALG_CMAC diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index f9678b98f2..450bdebab1 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -54,18 +54,11 @@ component_test_tls1_2_default_stream_cipher_only () { scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 - # Note: The three unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 - # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia)) - # Note: The unset below is to be removed for 4.0 - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) @@ -90,13 +83,9 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () { scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 - # Note: The three unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia)) + # Enable CBC-legacy scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC @@ -123,13 +112,9 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 - # Note: The three unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia)) + # Enable CBC-legacy scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC @@ -399,8 +384,6 @@ component_test_when_no_ciphersuites_have_mac () { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CMAC_C make From 0668036ada60730071e21be06dc1587bba6c7ad3 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 21 Jul 2025 15:21:22 +0200 Subject: [PATCH 0759/1548] Replace MBEDTLS_AES_C Replace the remaining instances of MBEDTLS_AES_C as a configuration option. Signed-off-by: Ronald Cron --- include/mbedtls/version.h | 2 +- tests/scripts/analyze_outcomes.py | 8 -------- tests/scripts/components-configuration-crypto.sh | 2 +- tests/scripts/test_config_script.py | 2 +- 4 files changed, 3 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 718e99eb4a..837787bc7f 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -60,7 +60,7 @@ void mbedtls_version_get_string_full(char *string); * support", "Mbed TLS modules" and "Mbed TLS feature * support" in mbedtls_config.h * - * \param feature The string for the define to check (e.g. "MBEDTLS_AES_C") + * \param feature The string for the define to check (e.g. "MBEDTLS_SSL_SRV_C") * * \return 0 if the feature is present, * -1 if the feature is not present and diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 67a3885677..d1bb553c67 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -327,10 +327,6 @@ class DriverVSReference_cipher_aead_cmac(outcome_analysis.DriverVSReference): 'Low and high error', 'Single low error' ], - # Similar to test_suite_error above. - 'test_suite_version': [ - 'Check for MBEDTLS_AES_C when already present', - ], # The en/decryption part of PKCS#12 is not supported so far. # The rest of PKCS#12 (key derivation) works though. 'test_suite_pkcs12': [ @@ -659,10 +655,6 @@ class DriverVSReference_block_cipher_dispatch(outcome_analysis.DriverVSReference 'Single low error', 'Low and high error', ], - 'test_suite_version': [ - # Similar to test_suite_error above. - 'Check for MBEDTLS_AES_C when already present', - ], 'test_suite_platform': [ # Incompatible with sanitizers (e.g. ASan). If the driver # component uses a sanitizer but the reference component diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 6cf8cd9155..834eb1f3ab 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2091,7 +2091,7 @@ END #define PSA_WANT_ALG_SHA3_256 1 #define PSA_WANT_ALG_SHA3_384 1 #define PSA_WANT_ALG_SHA3_512 1 - #define MBEDTLS_AES_C + #define PSA_WANT_KEY_TYPE_AES 1 #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C #define MBEDTLS_PSA_CRYPTO_C diff --git a/tests/scripts/test_config_script.py b/tests/scripts/test_config_script.py index e500b3362f..b58a3114cf 100755 --- a/tests/scripts/test_config_script.py +++ b/tests/scripts/test_config_script.py @@ -130,7 +130,7 @@ def run_one(options, args, stem_prefix='', input_file=None): ### config.py stops handling that case correctly. TEST_SYMBOLS = [ 'CUSTOM_SYMBOL', # does not exist - 'MBEDTLS_AES_C', # set, no value + 'PSA_WANT_KEY_TYPE_AES', # set, no value 'MBEDTLS_MPI_MAX_SIZE', # unset, has a value 'MBEDTLS_NO_UDBL_DIVISION', # unset, in "System support" 'MBEDTLS_PLATFORM_ZEROIZE_ALT', # unset, in "Customisation configuration options" From fb03d1391b321914da88ef12c4dba43ddb821317 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 9 Jul 2025 11:54:26 +0200 Subject: [PATCH 0760/1548] depends.py: Remove cipher_padding domain Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 5 ----- tests/scripts/depends.py | 13 ------------- 2 files changed, 18 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 834eb1f3ab..da776e70b8 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -515,11 +515,6 @@ component_test_depends_py_cipher_chaining () { tests/scripts/depends.py cipher_chaining } -component_test_depends_py_cipher_padding () { - msg "test/build: depends.py cipher_padding (gcc)" - tests/scripts/depends.py cipher_padding -} - component_test_depends_py_curves () { msg "test/build: depends.py curves (gcc)" tests/scripts/depends.py curves diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 7fccb2006f..265b99fc1e 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -273,13 +273,6 @@ def test(self, options): 'PSA_WANT_ALG_OFB': ['MBEDTLS_CIPHER_MODE_OFB'], 'PSA_WANT_ALG_XTS': ['MBEDTLS_CIPHER_MODE_XTS'], - 'MBEDTLS_CIPHER_PADDING_PKCS7': ['MBEDTLS_PKCS5_C', - 'MBEDTLS_PKCS12_C', - 'PSA_WANT_ALG_CBC_PKCS7'], - 'MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS': ['MBEDTLS_CIPHER_MODE_CBC'], - 'MBEDTLS_CIPHER_PADDING_ZEROS': ['MBEDTLS_CIPHER_MODE_CBC'], - 'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN': ['MBEDTLS_CIPHER_MODE_CBC'], - 'PSA_WANT_ECC_BRAINPOOL_P_R1_256': ['MBEDTLS_ECP_DP_BP256R1_ENABLED'], 'PSA_WANT_ECC_BRAINPOOL_P_R1_384': ['MBEDTLS_ECP_DP_BP384R1_ENABLED'], 'PSA_WANT_ECC_BRAINPOOL_P_R1_512': ['MBEDTLS_ECP_DP_BP512R1_ENABLED'], @@ -531,9 +524,6 @@ def __init__(self, options, conf): # Get cipher modes cipher_chaining_symbols = {algs[cipher_alg] for cipher_alg in cipher_algs} - # Find block padding mode enabling macros by name. - cipher_padding_symbols = self.config_symbols_matching(r'MBEDTLS_CIPHER_PADDING_\w+\Z') - self.domains = { # Cipher key types 'cipher_id': ExclusiveDomain(cipher_key_types, build_and_test), @@ -544,9 +534,6 @@ def __init__(self, options, conf): build_and_test, exclude=r'PSA_WANT_ALG_XTS'), - 'cipher_padding': ExclusiveDomain(cipher_padding_symbols, - build_and_test), - # Elliptic curves. Run the test suites. 'curves': ExclusiveDomain(curve_symbols, build_and_test), From dfd501d3fb2352a004fd1f6ed702f719025d7e5b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 21 Jul 2025 14:44:12 +0200 Subject: [PATCH 0761/1548] depends.py: Adapt to the removal of legacy crypto config options Adapt to the removal of the legacy hash, cipher, cmac, aead and RSA configuration options. Signed-off-by: Ronald Cron --- tests/scripts/depends.py | 54 +++++++++++----------------------------- 1 file changed, 14 insertions(+), 40 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 265b99fc1e..679f05af1b 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -30,11 +30,11 @@ direct dependencies, but rather non-trivial results of other configs missing. Then look for any unset symbols and handle their reverse dependencies. Examples of EXCLUSIVE_GROUPS usage: - - MBEDTLS_SHA512_C job turns off all hashes except SHA512. MBEDTLS_SSL_COOKIE_C + - PSA_WANT_ALG_SHA_512 job turns off all hashes except SHA512. MBEDTLS_SSL_COOKIE_C requires either SHA256 or SHA384 to work, so it also has to be disabled. - This is not a dependency on SHA512_C, but a result of an exclusive domain + This is not a dependency on SHA512, but a result of an exclusive domain config building method. Relevant field: - 'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C'], + 'PSA_WANT_ALG_SHA_512': ['-MBEDTLS_SSL_COOKIE_C'], - DualDomain - combination of the two above - both complementary and exclusive domain job generation code will be run. Currently only used for hashes. @@ -251,27 +251,11 @@ def test(self, options): REVERSE_DEPENDENCIES = { 'PSA_WANT_KEY_TYPE_AES': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128', 'MBEDTLS_CTR_DRBG_C', - 'MBEDTLS_NIST_KW_C', - 'MBEDTLS_AES_C'], - 'PSA_WANT_KEY_TYPE_ARIA': ['MBEDTLS_ARIA_C'], - 'PSA_WANT_KEY_TYPE_CAMELLIA': ['MBEDTLS_CAMELLIA_C'], + 'MBEDTLS_NIST_KW_C'], 'PSA_WANT_KEY_TYPE_CHACHA20': ['PSA_WANT_ALG_CHACHA20_POLY1305', - 'PSA_WANT_ALG_STREAM_CIPHER', - 'MBEDTLS_CHACHA20_C', - 'MBEDTLS_CHACHAPOLY_C'], - 'PSA_WANT_KEY_TYPE_DES': ['MBEDTLS_DES_C'], - 'PSA_WANT_ALG_CCM': ['PSA_WANT_ALG_CCM_STAR_NO_TAG', - 'MBEDTLS_CCM_C'], - 'PSA_WANT_ALG_CMAC': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128', - 'MBEDTLS_CMAC_C'], - 'PSA_WANT_ALG_GCM': ['MBEDTLS_GCM_C'], - - 'PSA_WANT_ALG_CBC_NO_PADDING': ['MBEDTLS_CIPHER_MODE_CBC'], - 'PSA_WANT_ALG_CBC_PKCS7': ['MBEDTLS_CIPHER_MODE_CBC'], - 'PSA_WANT_ALG_CFB': ['MBEDTLS_CIPHER_MODE_CFB'], - 'PSA_WANT_ALG_CTR': ['MBEDTLS_CIPHER_MODE_CTR'], - 'PSA_WANT_ALG_OFB': ['MBEDTLS_CIPHER_MODE_OFB'], - 'PSA_WANT_ALG_XTS': ['MBEDTLS_CIPHER_MODE_XTS'], + 'PSA_WANT_ALG_STREAM_CIPHER'], + 'PSA_WANT_ALG_CCM': ['PSA_WANT_ALG_CCM_STAR_NO_TAG'], + 'PSA_WANT_ALG_CMAC': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128'], 'PSA_WANT_ECC_BRAINPOOL_P_R1_256': ['MBEDTLS_ECP_DP_BP256R1_ENABLED'], 'PSA_WANT_ECC_BRAINPOOL_P_R1_384': ['MBEDTLS_ECP_DP_BP384R1_ENABLED'], @@ -312,11 +296,9 @@ def test(self, options): 'PSA_WANT_ALG_JPAKE': ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], 'PSA_WANT_ALG_RSA_OAEP': ['PSA_WANT_ALG_RSA_PSS', - 'MBEDTLS_X509_RSASSA_PSS_SUPPORT', - 'MBEDTLS_PKCS1_V21'], + 'MBEDTLS_X509_RSASSA_PSS_SUPPORT'], 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT': ['PSA_WANT_ALG_RSA_PKCS1V15_SIGN', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', - 'MBEDTLS_PKCS1_V15'], + 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED'], 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC': [ 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT', 'PSA_WANT_ALG_RSA_OAEP', @@ -324,29 +306,21 @@ def test(self, options): 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT', 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT', 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE', - 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', - 'MBEDTLS_RSA_C'], + 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED'], - 'PSA_WANT_ALG_MD5': ['MBEDTLS_MD5_C'], - 'PSA_WANT_ALG_RIPEMD160': ['MBEDTLS_RIPEMD160_C'], - 'PSA_WANT_ALG_SHA_1': ['MBEDTLS_SHA1_C'], 'PSA_WANT_ALG_SHA_224': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', 'MBEDTLS_ENTROPY_FORCE_SHA256', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', - 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', - 'MBEDTLS_SHA224_C'], + 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY'], 'PSA_WANT_ALG_SHA_256': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', 'MBEDTLS_ENTROPY_FORCE_SHA256', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', 'MBEDTLS_LMS_C', 'MBEDTLS_LMS_PRIVATE', - 'MBEDTLS_SHA256_C', 'PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS'], - 'PSA_WANT_ALG_SHA_384': ['MBEDTLS_SHA384_C'], 'PSA_WANT_ALG_SHA_512': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', - 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', - 'MBEDTLS_SHA512_C'], + 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY'], 'PSA_WANT_ALG_ECB_NO_PADDING' : ['MBEDTLS_NIST_KW_C'], } @@ -626,8 +600,8 @@ def main(): description= "Test Mbed TLS with a subset of algorithms.\n\n" "Example usage:\n" - r"./tests/scripts/depends.py \!MBEDTLS_SHA1_C MBEDTLS_SHA256_C""\n" - "./tests/scripts/depends.py MBEDTLS_AES_C hashes\n" + r"./tests/scripts/depends.py \!PSA_WANT_ALG_SHA_1 PSA_WANT_ALG_SHA_256""\n" + "./tests/scripts/depends.py PSA_WANT_KEY_TYPE_AES hashes\n" "./tests/scripts/depends.py cipher_id cipher_chaining\n") parser.add_argument('--color', metavar='WHEN', help='Colorize the output (always/auto/never)', From 5eb9aba3589aa93320909697b48b582549c084f7 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 22 Jul 2025 10:58:44 +0200 Subject: [PATCH 0762/1548] mbedtls_config.h: Update "requires" comments Following the removal of the legacy hash, cipher, CMAC, AEAD, and RSA configuration options in TF-PSA-Crypto, update the "requires" comments that referred to the removed options. Signed-off-by: Ronald Cron --- include/mbedtls/mbedtls_config.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index ddab7d0c32..d18d0fadb8 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -255,7 +255,7 @@ * * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH * MBEDTLS_RSA_C - * MBEDTLS_PKCS1_V15 + * PSA_WANT_ALG_RSA_PKCS1V15_SIGN * MBEDTLS_X509_CRT_PARSE_C * * This enables the following ciphersuites (if other requisites are @@ -331,7 +331,7 @@ * might still happen. For this reason, this is disabled by default. * * Requires: MBEDTLS_ECJPAKE_C or PSA_WANT_ALG_JPAKE - * SHA-256 (via MBEDTLS_SHA256_C or a PSA driver) + * PSA_WANT_ALG_SHA_256 * MBEDTLS_ECP_DP_SECP256R1_ENABLED * * This enables the following ciphersuites (if other requisites are @@ -446,7 +446,7 @@ * saved after the handshake to allow for more efficient serialization, so if * you don't need this feature you'll save RAM by disabling it. * - * Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C + * Requires: PSA_WANT_ALG_GCM or PSA_WANT_ALG_CCM or PSA_WANT_ALG_CHACHA20_POLY1305 * * Comment to disable the context serialization APIs. */ @@ -824,7 +824,7 @@ * Module: library/ssl_ticket.c * Caller: * - * Requires: MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C + * Requires: PSA_WANT_ALG_GCM or PSA_WANT_ALG_CCM or PSA_WANT_ALG_CHACHA20_POLY1305 */ #define MBEDTLS_SSL_TICKET_C @@ -859,7 +859,7 @@ * MBEDTLS_X509_CRT_PARSE_C * and at least one of: * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA - * MBEDTLS_PKCS1_V21 + * PSA_WANT_ALG_RSA_PSS * * Comment to disable support for the ephemeral key exchange mode in TLS 1.3. * If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any @@ -903,7 +903,7 @@ * Caller: library/ssl*_client.c * library/ssl*_server.c * - * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C + * Requires: PSA_WANT_ALG_SHA_256 or PSA_WANT_ALG_SHA_384 * and at least one of the MBEDTLS_SSL_PROTO_XXX defines * * This module is required for SSL/TLS. @@ -1210,7 +1210,7 @@ * Enable parsing and verification of X.509 certificates, CRLs and CSRS * signed with RSASSA-PSS (aka PKCS#1 v2.1). * - * Requires: MBEDTLS_PKCS1_V21 + * Requires: PSA_WANT_ALG_RSA_PSS * * Comment this macro to disallow using RSASSA-PSS in certificates. */ From c7c480a95fbb771d28b495f0f6af8330e411153d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 4 Jun 2025 08:29:58 +0100 Subject: [PATCH 0763/1548] Revert temporary merge changes Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 5 +- programs/fuzz/common.c | 107 ----------------------------------- programs/fuzz/common.h | 28 --------- programs/fuzz/onefile.c | 70 ----------------------- 4 files changed, 3 insertions(+), 207 deletions(-) delete mode 100644 programs/fuzz/common.c delete mode 100644 programs/fuzz/common.h delete mode 100644 programs/fuzz/onefile.c diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 54b07b4ddc..bd9bf91d94 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -31,18 +31,19 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) $ $) if(NOT FUZZINGENGINE_LIB) - list(APPEND exe_sources onefile.c) + list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/onefile.c) endif() # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_with_common_c ${exe} exe_index) if(${exe_index} GREATER -1) - list(APPEND exe_sources common.c) + list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/fuzz_common.c) endif() add_executable(${exe} ${exe_sources}) set_base_compile_options(${exe}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include + ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/programs/fuzz/ ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) if (NOT FUZZINGENGINE_LIB) diff --git a/programs/fuzz/common.c b/programs/fuzz/common.c deleted file mode 100644 index 41fa858a41..0000000000 --- a/programs/fuzz/common.c +++ /dev/null @@ -1,107 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "common.h" -#include -#include -#include -#include -#include "mbedtls/ctr_drbg.h" - -#if defined(MBEDTLS_PLATFORM_TIME_ALT) -mbedtls_time_t dummy_constant_time(mbedtls_time_t *time) -{ - (void) time; - return 0x5af2a056; -} -#endif - -void dummy_init(void) -{ -#if defined(MBEDTLS_PLATFORM_TIME_ALT) - mbedtls_platform_set_time(dummy_constant_time); -#else - fprintf(stderr, "Warning: fuzzing without constant time\n"); -#endif -} - -int dummy_send(void *ctx, const unsigned char *buf, size_t len) -{ - //silence warning about unused parameter - (void) ctx; - (void) buf; - - //pretends we wrote everything ok - if (len > INT_MAX) { - return -1; - } - return (int) len; -} - -int fuzz_recv(void *ctx, unsigned char *buf, size_t len) -{ - //reads from the buffer from fuzzer - fuzzBufferOffset_t *biomemfuzz = (fuzzBufferOffset_t *) ctx; - - if (biomemfuzz->Offset == biomemfuzz->Size) { - //EOF - return 0; - } - if (len > INT_MAX) { - return -1; - } - if (len + biomemfuzz->Offset > biomemfuzz->Size) { - //do not overflow - len = biomemfuzz->Size - biomemfuzz->Offset; - } - memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len); - biomemfuzz->Offset += len; - return (int) len; -} - -int dummy_random(void *p_rng, unsigned char *output, size_t output_len) -{ - int ret; - size_t i; - -#if defined(MBEDTLS_CTR_DRBG_C) - //mbedtls_ctr_drbg_random requires a valid mbedtls_ctr_drbg_context in p_rng - if (p_rng != NULL) { - //use mbedtls_ctr_drbg_random to find bugs in it - ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); - } else { - //fall through to pseudo-random - ret = 0; - } -#else - (void) p_rng; - ret = 0; -#endif - for (i = 0; i < output_len; i++) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return ret; -} - -int dummy_entropy(void *data, unsigned char *output, size_t len) -{ - size_t i; - (void) data; - - //use mbedtls_entropy_func to find bugs in it - //test performance impact of entropy - //ret = mbedtls_entropy_func(data, output, len); - for (i = 0; i < len; i++) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return 0; -} - -int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, - uint32_t timeout) -{ - (void) timeout; - - return fuzz_recv(ctx, buf, len); -} diff --git a/programs/fuzz/common.h b/programs/fuzz/common.h deleted file mode 100644 index 88dceacf72..0000000000 --- a/programs/fuzz/common.h +++ /dev/null @@ -1,28 +0,0 @@ -#include "mbedtls/build_info.h" - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif -#include -#include - -typedef struct fuzzBufferOffset { - const uint8_t *Data; - size_t Size; - size_t Offset; -} fuzzBufferOffset_t; - -#if defined(MBEDTLS_HAVE_TIME) -mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); -#endif -void dummy_init(void); - -int dummy_send(void *ctx, const unsigned char *buf, size_t len); -int fuzz_recv(void *ctx, unsigned char *buf, size_t len); -int dummy_random(void *p_rng, unsigned char *output, size_t output_len); -int dummy_entropy(void *data, unsigned char *output, size_t len); -int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, - uint32_t timeout); - -/* Implemented in the fuzz_*.c sources and required by onefile.c */ -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c deleted file mode 100644 index 6c02a641da..0000000000 --- a/programs/fuzz/onefile.c +++ /dev/null @@ -1,70 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include -#include -#include -#include "common.h" - -/* This file doesn't use any Mbed TLS function, but grab mbedtls_config.h anyway - * in case it contains platform-specific #defines related to malloc or - * stdio functions. */ -#include "mbedtls/build_info.h" - -int main(int argc, char **argv) -{ - FILE *fp; - uint8_t *Data; - size_t Size; - const char *argv0 = argv[0] == NULL ? "PROGRAM_NAME" : argv[0]; - - if (argc != 2) { - fprintf(stderr, "Usage: %s REPRODUCER_FILE\n", argv0); - return 1; - } - //opens the file, get its size, and reads it into a buffer - fp = fopen(argv[1], "rb"); - if (fp == NULL) { - fprintf(stderr, "%s: Error in fopen\n", argv0); - perror(argv[1]); - return 2; - } - if (fseek(fp, 0L, SEEK_END) != 0) { - fprintf(stderr, "%s: Error in fseek(SEEK_END)\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - Size = ftell(fp); - if (Size == (size_t) -1) { - fprintf(stderr, "%s: Error in ftell\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - if (fseek(fp, 0L, SEEK_SET) != 0) { - fprintf(stderr, "%s: Error in fseek(0)\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - Data = malloc(Size); - if (Data == NULL) { - fprintf(stderr, "%s: Could not allocate memory\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - if (fread(Data, Size, 1, fp) != 1) { - fprintf(stderr, "%s: Error in fread\n", argv0); - perror(argv[1]); - free(Data); - fclose(fp); - return 2; - } - - //launch fuzzer - LLVMFuzzerTestOneInput(Data, Size); - free(Data); - fclose(fp); - return 0; -} From 52510b27fc282660ca5bddf8fee8663437719093 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 4 Jun 2025 09:35:35 +0100 Subject: [PATCH 0764/1548] Update header names Signed-off-by: Ben Taylor --- programs/fuzz/fuzz_client.c | 2 +- programs/fuzz/fuzz_dtlsclient.c | 2 +- programs/fuzz/fuzz_dtlsserver.c | 2 +- programs/fuzz/fuzz_pkcs7.c | 2 +- programs/fuzz/fuzz_server.c | 2 +- programs/fuzz/fuzz_x509crl.c | 2 +- programs/fuzz/fuzz_x509crt.c | 2 +- programs/fuzz/fuzz_x509csr.c | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 6d3b73fa93..440c0245ff 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -4,7 +4,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "test/certs.h" -#include "common.h" +#include "fuzz_common.h" #include #include #include diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index efe1362275..7a1da13c38 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -3,7 +3,7 @@ #include #include #include -#include "common.h" +#include "fuzz_common.h" #include "mbedtls/ssl.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) #include "mbedtls/entropy.h" diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 31eb514275..98a70216e1 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -3,7 +3,7 @@ #include #include #include -#include "common.h" +#include "fuzz_common.h" #include "mbedtls/ssl.h" #include "test/certs.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) diff --git a/programs/fuzz/fuzz_pkcs7.c b/programs/fuzz/fuzz_pkcs7.c index 9ec9351794..f236190c2c 100644 --- a/programs/fuzz/fuzz_pkcs7.c +++ b/programs/fuzz/fuzz_pkcs7.c @@ -2,7 +2,7 @@ #include #include "mbedtls/pkcs7.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index bb9dd0a58c..05b7480cbc 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -5,7 +5,7 @@ #include "mbedtls/ctr_drbg.h" #include "mbedtls/ssl_ticket.h" #include "test/certs.h" -#include "common.h" +#include "fuzz_common.h" #include #include #include diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 2840fbbb0c..92e0f5d12e 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_crl.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index 29331b94d4..c99ae2e7b1 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_crt.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index e0aaabc019..4ab071f1ca 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_csr.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { From 60a5b32198ab28037e22d9aadbbbfa6e8979acde Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 4 Jun 2025 10:45:15 +0100 Subject: [PATCH 0765/1548] Correct onefile name Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index bd9bf91d94..d5995aa194 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -31,7 +31,7 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) $ $) if(NOT FUZZINGENGINE_LIB) - list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/onefile.c) + list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/fuzz_onefile.c) endif() # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 From 8beeed046258d9308652af846aa2fe6dec8e744d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 13 Jun 2025 11:05:09 +0100 Subject: [PATCH 0766/1548] Add further updates to paths Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 29483eafda..bf66a1dde3 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -3,7 +3,7 @@ MBEDTLS_TEST_PATH:=../../tests MBEDTLS_PATH := ../.. include ../../scripts/common.make -PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/programs/fuzz +PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ DEP=${MBEDLIBS} @@ -15,6 +15,8 @@ LOCAL_CFLAGS += -I$(PROGRAM_FUZZ_PATH) # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) +APPS += $(basename $(PROGRAM_FUZZ_PATH)/fuzz_privkey.c) +APPS += $(basename $(PROGRAM_FUZZ_PATH)/fuzz_pubkey.c) # Construct executable name by adding OS specific suffix $(EXEXT). BINARIES := $(addsuffix $(EXEXT),$(APPS)) @@ -32,13 +34,13 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/common.o $(DEP) - echo " $(PROGRAM_FUZZ_PATH)/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) $(PROGRAM_FUZZ_PATH)/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(DEP) + echo " $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CXX) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else -$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/common.o $(PROGRAM_FUZZ_PATH)/onefile.o $(DEP) - echo " $(CC) $(PROGRAM_FUZZ_PATH)/common.o $(PROGRAM_FUZZ_PATH)/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CC) $(PROGRAM_FUZZ_PATH)/common.o $(PROGRAM_FUZZ_PATH)/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(PROGRAM_FUZZ_PATH)/fuzz_onefile.o $(DEP) + echo " $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(PROGRAM_FUZZ_PATH)/fuzz_onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(PROGRAM_FUZZ_PATH)/fuzz_onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ endif clean: From 4e85cbd2275adfc2db22889a4b6544f76bed3dd2 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 13 Jun 2025 11:00:07 +0100 Subject: [PATCH 0767/1548] update submodules to pull in previous PR's Signed-off-by: Ben Taylor --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index a0ff5d6483..5157a286d5 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit a0ff5d64831aad7d19aa7e02eb8af065e07506f2 +Subproject commit 5157a286d52c1e5fe825476bec6a2ee3a4a0c4c5 From 250e8b8b6d3d37083cb1320b1530ee6aefe14839 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 23 Jul 2025 15:15:05 +0100 Subject: [PATCH 0768/1548] Update submodule pointer Signed-off-by: Ben Taylor --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 5157a286d5..19edaa785d 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 5157a286d52c1e5fe825476bec6a2ee3a4a0c4c5 +Subproject commit 19edaa785dd71ec8f0c9f72235243314c3d895fa From 361ce2b484d42846bcc67c3da89554fe5aaf59a1 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 4 Jul 2025 10:36:53 +0100 Subject: [PATCH 0769/1548] Rename mbedtls_pk_setup_opaque to mbedtls_pk_wrap_psa Signed-off-by: Ben Taylor --- programs/ssl/ssl_test_lib.c | 2 +- tests/src/test_helpers/ssl_helpers.c | 2 +- tests/suites/test_suite_x509write.function | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 6aa60fbfb6..f9a6402525 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -293,7 +293,7 @@ int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algor } mbedtls_pk_free(pk); mbedtls_pk_init(pk); - ret = mbedtls_pk_setup_opaque(pk, *key_id); + ret = mbedtls_pk_wrap_psa(pk, *key_id); if (ret != 0) { return ret; } diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index e6c082eacb..faa79ffd92 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -772,7 +772,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, TEST_EQUAL(mbedtls_pk_import_into_psa(ep->pkey, &key_attr, &key_slot), 0); mbedtls_pk_free(ep->pkey); mbedtls_pk_init(ep->pkey); - TEST_EQUAL(mbedtls_pk_setup_opaque(ep->pkey, key_slot), 0); + TEST_EQUAL(mbedtls_pk_wrap_psa(ep->pkey, key_slot), 0); } #else (void) opaque_alg; diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index db571dab65..e0aad90a04 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -286,7 +286,7 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage, TEST_EQUAL(mbedtls_pk_import_into_psa(&key, &key_attr, &key_id), 0); mbedtls_pk_free(&key); mbedtls_pk_init(&key); - TEST_EQUAL(mbedtls_pk_setup_opaque(&key, key_id), 0); + TEST_EQUAL(mbedtls_pk_wrap_psa(&key, key_id), 0); mbedtls_x509write_csr_set_md_alg(&req, md_type); mbedtls_x509write_csr_set_key(&req, &key); @@ -417,7 +417,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, TEST_EQUAL(mbedtls_pk_import_into_psa(&issuer_key, &key_attr, &key_id), 0); mbedtls_pk_free(&issuer_key); mbedtls_pk_init(&issuer_key); - TEST_EQUAL(mbedtls_pk_setup_opaque(&issuer_key, key_id), 0); + TEST_EQUAL(mbedtls_pk_wrap_psa(&issuer_key, key_id), 0); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ From 02c76ebb21dc303b07d568e4ef994c534073ecb8 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 24 Jul 2025 11:13:23 +0100 Subject: [PATCH 0770/1548] Add minor corrections to the fuzz Makefile Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index bf66a1dde3..65ac6f8949 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -3,7 +3,7 @@ MBEDTLS_TEST_PATH:=../../tests MBEDTLS_PATH := ../.. include ../../scripts/common.make -PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ +PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz DEP=${MBEDLIBS} @@ -35,7 +35,7 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE $(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(DEP) - echo " $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + echo " $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" $(CXX) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else $(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(PROGRAM_FUZZ_PATH)/fuzz_onefile.o $(DEP) From c0a562c8959564e4c34f748b4eea28e2cb77bd07 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Jul 2025 17:07:13 +0200 Subject: [PATCH 0771/1548] query_config.fmt: glob headers instead of listing them explicitly This lets us remove or rename crypto headers without hassle, and means we don't risk forgetting to add a new header. Fix #10323 Signed-off-by: Gilles Peskine --- scripts/data_files/query_config.fmt | 69 ++--------------------------- scripts/generate_query_config.pl | 24 ++++++++++ 2 files changed, 27 insertions(+), 66 deletions(-) diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt index 12517596d6..559734a6af 100644 --- a/scripts/data_files/query_config.fmt +++ b/scripts/data_files/query_config.fmt @@ -1,4 +1,4 @@ -/* +/* -*-c-*- * Query Mbed TLS compile time configurations from mbedtls_config.h * * Copyright The Mbed TLS Contributors @@ -10,73 +10,10 @@ #include "query_config.h" #include "mbedtls/platform.h" - -/* - * Include all the headers with public APIs in case they define a macro to its - * default value when that configuration is not set in mbedtls_config.h, or - * for PSA_WANT macros, in case they're auto-defined based on mbedtls_config.h - * rather than defined directly in crypto_config.h. - */ -#include "psa/crypto.h" - -#include "mbedtls/aes.h" -#include "mbedtls/aria.h" -#include "mbedtls/asn1.h" -#include "mbedtls/asn1write.h" -#include "mbedtls/base64.h" -#include "mbedtls/bignum.h" -#include "mbedtls/camellia.h" -#include "mbedtls/ccm.h" -#include "mbedtls/chacha20.h" -#include "mbedtls/chachapoly.h" -#include "mbedtls/cipher.h" -#include "mbedtls/cmac.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/debug.h" -#include "mbedtls/des.h" -#include "mbedtls/ecdh.h" -#include "mbedtls/ecdsa.h" -#include "mbedtls/ecjpake.h" -#include "mbedtls/ecp.h" -#include "mbedtls/entropy.h" -#include "mbedtls/error.h" -#include "mbedtls/gcm.h" -#include "mbedtls/hmac_drbg.h" -#include "mbedtls/md.h" -#include "mbedtls/md5.h" -#include "mbedtls/memory_buffer_alloc.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/nist_kw.h" -#include "mbedtls/oid.h" -#include "mbedtls/pem.h" -#include "mbedtls/pk.h" -#include "mbedtls/pkcs12.h" -#include "mbedtls/pkcs5.h" -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif -#include "mbedtls/platform_util.h" -#include "mbedtls/poly1305.h" -#include "mbedtls/ripemd160.h" -#include "mbedtls/rsa.h" -#include "mbedtls/sha1.h" -#include "mbedtls/sha256.h" -#include "mbedtls/sha512.h" -#include "mbedtls/ssl.h" -#include "mbedtls/ssl_cache.h" -#include "mbedtls/ssl_ciphersuites.h" -#include "mbedtls/ssl_cookie.h" -#include "mbedtls/ssl_ticket.h" -#include "mbedtls/threading.h" -#include "mbedtls/timing.h" -#include "mbedtls/version.h" -#include "mbedtls/x509.h" -#include "mbedtls/x509_crl.h" -#include "mbedtls/x509_crt.h" -#include "mbedtls/x509_csr.h" - #include +INCLUDE_HEADERS + /* * Helper macros to convert a macro or its expansion into a string * WARNING: This does not work for expanding function-like macros. However, diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index 6a2f9cbdfa..61ea9028a4 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -100,6 +100,29 @@ close(CONFIG_FILE); } +# We need to include all the headers with public APIs in case they +# define a macro to its default value when that configuration is not +# set in a header included by build_info.h (crypto_config.h, +# mbedtls_config.h, *adjust*.h). Some module-specific macros are set +# in that module's header. For simplicity, include all headers, with +# some ad hoc knowledge of headers that are included by other headers +# and should not be included directly. We don't include internal headers +# because those should not define configurable macros. +my @header_files = (); +my @header_roots = qw( + include + tf-psa-crypto/include + tf-psa-crypto/drivers/builtin/include + ); +for my $root (@header_roots) { + my @paths = glob "$root/*/*.h $root/*/*/*.h"; + map {s!^\Q$root/!!} @paths; + # Exclude some headers that are included by build_info.h and cannot + # be included directly. + push @header_files, grep {!m!_config\.h|[/_]adjust[/_]!} @paths; +} +my $include_headers = join('', map {"#include <$_>\n"} @header_files); + # Read the full format file into a string local $/; open(FORMAT_FILE, "<", $query_config_format_file) or die "Opening query config format file '$query_config_format_file': $!"; @@ -107,6 +130,7 @@ close(FORMAT_FILE); # Replace the body of the query_config() function with the code we just wrote +$query_config_format =~ s/INCLUDE_HEADERS/$include_headers/g; $query_config_format =~ s/CHECK_CONFIG/$config_check/g; $query_config_format =~ s/LIST_CONFIG/$list_config/g; From 8b006ce95f627be702df7a1c583903847e137a12 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Jul 2025 19:51:17 +0200 Subject: [PATCH 0772/1548] Invoke generate_query_config.pl from the root Otherwise it can't find headers to include. Signed-off-by: Gilles Peskine --- programs/test/CMakeLists.txt | 1 + scripts/generate_query_config.pl | 2 ++ 2 files changed, 3 insertions(+) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 949708420c..ca6e8b2070 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -56,6 +56,7 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_config.h ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt ${CMAKE_CURRENT_BINARY_DIR}/query_config.c + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../.. DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index 61ea9028a4..e99d633de6 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -49,6 +49,8 @@ or die "No arguments supplied, must be run from project root or a first-level subdirectory\n"; } } +-f 'include/mbedtls/build_info.h' + or die "$0: must be run from project root, or from a first-level subdirectory with no arguments\n"; # Excluded macros from the generated query_config.c. For example, macros that # have commas or function-like macros cannot be transformed into strings easily From 1b4bfdf554e3badaf65c34a20becd00694d8b8cf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 26 Jul 2025 00:00:49 +0200 Subject: [PATCH 0773/1548] Add missing include Fix compilation error when `mbedtls/oid.h` is included without having first included `mbedtls/asn1.h`. Fix #10326 Signed-off-by: Gilles Peskine --- include/mbedtls/oid.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 375ea60cb6..d769ff2180 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -11,6 +11,7 @@ #define MBEDTLS_OID_H #include "mbedtls/build_info.h" +#include "mbedtls/asn1.h" /* * Top level OID tuples From 409c688c4b595db2e178e805260fbfbbb9de5fd7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 26 Jul 2025 00:15:21 +0200 Subject: [PATCH 0774/1548] Include mbedtls/platform_time.h conditionally on MBEDTLS_HAVE_TIME Work around https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/393 Signed-off-by: Gilles Peskine --- scripts/data_files/query_config.fmt | 5 +++++ scripts/generate_query_config.pl | 6 +++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt index 559734a6af..c60458b61b 100644 --- a/scripts/data_files/query_config.fmt +++ b/scripts/data_files/query_config.fmt @@ -12,6 +12,11 @@ #include "mbedtls/platform.h" #include +/* Work around https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/393 */ +#if defined(MBEDTLS_HAVE_TIME) +#include +#endif + INCLUDE_HEADERS /* diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index e99d633de6..49e363de54 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -121,7 +121,11 @@ map {s!^\Q$root/!!} @paths; # Exclude some headers that are included by build_info.h and cannot # be included directly. - push @header_files, grep {!m!_config\.h|[/_]adjust[/_]!} @paths; + push @header_files, grep {!m[ + ^mbedtls/platform_time\.h$ | # errors without time.h + _config\.h | + [/_]adjust[/_] + ]x} @paths; } my $include_headers = join('', map {"#include <$_>\n"} @header_files); From 4995d4435c26fe8bcaa11a7db73669ac153d41a2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 26 Jul 2025 00:19:32 +0200 Subject: [PATCH 0775/1548] Don't incude auxiliary headers that have alternative versions When compiling with `MBEDTLS_PSA_CRYPTO_PLATFORM_FILE`, we must not include ``. Signed-off-by: Gilles Peskine --- scripts/generate_query_config.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index 49e363de54..99128ca7ac 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -122,6 +122,7 @@ # Exclude some headers that are included by build_info.h and cannot # be included directly. push @header_files, grep {!m[ + ^psa/crypto_(platform|struct)\.h$ | # have alt versions, included by psa/crypto.h anyway ^mbedtls/platform_time\.h$ | # errors without time.h _config\.h | [/_]adjust[/_] From bb8bafa5e55952e4eaa2ae61d69aac5c59db872a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 26 Jul 2025 00:23:05 +0200 Subject: [PATCH 0776/1548] Pacify uncrustify Signed-off-by: Gilles Peskine --- scripts/data_files/query_config.fmt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt index c60458b61b..603c7dd200 100644 --- a/scripts/data_files/query_config.fmt +++ b/scripts/data_files/query_config.fmt @@ -17,7 +17,9 @@ #include #endif +/* *INDENT-OFF* */ INCLUDE_HEADERS +/* *INDENT-ON* */ /* * Helper macros to convert a macro or its expansion into a string From 018e09872d728f291e32f03dd5fbe0a36ae25269 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Jul 2025 16:16:45 +0200 Subject: [PATCH 0777/1548] New source file for configuration checks This will be populated in subsequent commits. Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 1 + library/Makefile | 1 + library/mbedtls_config.c | 9 +++++++++ 3 files changed, 11 insertions(+) create mode 100644 library/mbedtls_config.c diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 451dbfdb7c..0875bb92d9 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -1,5 +1,6 @@ set(src_x509 error.c + mbedtls_config.c pkcs7.c x509.c x509_create.c diff --git a/library/Makefile b/library/Makefile index a880f26171..f8729344b4 100644 --- a/library/Makefile +++ b/library/Makefile @@ -121,6 +121,7 @@ LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS) OBJS_X509= \ + mbedtls_config.o \ x509.o \ x509_create.o \ x509_crl.o \ diff --git a/library/mbedtls_config.c b/library/mbedtls_config.c new file mode 100644 index 0000000000..692dce705f --- /dev/null +++ b/library/mbedtls_config.c @@ -0,0 +1,9 @@ +/* + * Mbed TLS configuration checks + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include From ac637ac9f81c4218b8c2dfffec244e85915f9338 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 22 Jul 2025 21:54:31 +0200 Subject: [PATCH 0778/1548] Make check_config.h private `check_config.h` only needs to run once on the configuration. It doesn't need to run every time an application is built. It used to be public up to Mbed TLS 2.x because it was included from `config.h`, and users could substitute that file completely and should still include `check_config.h` from their file. But since Mbed TLS 3.x, including `check_config.h` is a purely internal thing (done in `build_info.h`). So make the file itself purely internal. We don't need to include `check_config.h` when building every library file, just one: `mbedtls_config.c`, that's its job. Give the file a unique name, to avoid any clashes with TF-PSA-Crypto's `check_config.h`. Signed-off-by: Gilles Peskine --- include/mbedtls/build_info.h | 2 -- .../mbedtls/check_config.h => library/mbedtls_check_config.h | 0 library/mbedtls_config.c | 4 ++++ 3 files changed, 4 insertions(+), 2 deletions(-) rename include/mbedtls/check_config.h => library/mbedtls_check_config.h (100%) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 534f01658c..c6e89db677 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -85,6 +85,4 @@ */ #define MBEDTLS_CONFIG_IS_FINALIZED -#include "mbedtls/check_config.h" - #endif /* MBEDTLS_BUILD_INFO_H */ diff --git a/include/mbedtls/check_config.h b/library/mbedtls_check_config.h similarity index 100% rename from include/mbedtls/check_config.h rename to library/mbedtls_check_config.h diff --git a/library/mbedtls_config.c b/library/mbedtls_config.c index 692dce705f..679f8e36f9 100644 --- a/library/mbedtls_config.c +++ b/library/mbedtls_config.c @@ -7,3 +7,7 @@ */ #include + +/* Consistency checks in the configuration: check for incompatible options, + * missing options when at least one of a set needs to be enabled, etc. */ +#include "mbedtls_check_config.h" From 1819a915bccedd06783b333311a3fd43c5572b81 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 22 Jul 2025 21:54:50 +0200 Subject: [PATCH 0779/1548] Include limits.h where needed This will be needed when TF-PSA-Crypto's `build_info.h` stops including `limits.h`, which it currently does by accident because it includes `check_config.h` which wants `limits.h` to check `CHAR_BIT`. Signed-off-by: Gilles Peskine --- library/x509.c | 1 + library/x509_create.c | 1 + library/x509_crt.c | 1 + programs/test/udp_proxy.c | 1 + tests/src/test_helpers/ssl_helpers.c | 2 ++ 5 files changed, 6 insertions(+) diff --git a/library/x509.c b/library/x509.c index f315821fdf..03ca1b72e6 100644 --- a/library/x509.c +++ b/library/x509.c @@ -24,6 +24,7 @@ #include "mbedtls/oid.h" #include "x509_oid.h" +#include #include #include diff --git a/library/x509_create.c b/library/x509_create.c index 17fc8fbeb5..09ac69d00b 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -14,6 +14,7 @@ #include "mbedtls/oid.h" #include "x509_oid.h" +#include #include #include "mbedtls/platform.h" diff --git a/library/x509_crt.c b/library/x509_crt.c index 3947eb09aa..7b65b698a3 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -27,6 +27,7 @@ #include "x509_oid.h" #include "mbedtls/platform_util.h" +#include #include #if defined(MBEDTLS_PEM_PARSE_C) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 6e9ebf9a28..c80a3f59fc 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -16,6 +16,7 @@ #include "mbedtls/build_info.h" +#include #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index faa79ffd92..1eca6e496d 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -11,6 +11,8 @@ #include #include "mbedtls/psa_util.h" +#include + #if defined(MBEDTLS_SSL_TLS_C) int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len) { From aca3b5ec79d2cea605de2d8c28d0725e6acec6af Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 22 Jul 2025 23:40:36 +0200 Subject: [PATCH 0780/1548] Update framework with unittest_config_checks.py Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index df3307f2b4..87dbfb290f 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit df3307f2b4fe512def60886024f7be8fd1523ccd +Subproject commit 87dbfb290fa42ca2ccfb403e8c2fa7334fa4f1dd From 01def64425c4a1477a2dcf08c473ca18abb293ce Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Apr 2025 18:30:47 +0200 Subject: [PATCH 0781/1548] Unit tests for check_config.h Ensure that `mbedtls_check_config.h` is taken into account. Signed-off-by: Gilles Peskine --- tests/scripts/components-basic-checks.sh | 3 ++ tests/scripts/test_config_checks.py | 63 ++++++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100755 tests/scripts/test_config_checks.py diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 85731a1710..c7d8161893 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -123,4 +123,7 @@ component_check_test_helpers () { msg "unit test: translate_ciphers.py" python3 -m unittest framework/scripts/translate_ciphers.py 2>&1 + + msg "unit test: generate_config_checks.py" + tests/scripts/test_config_checks.py 2>&1 } diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py new file mode 100755 index 0000000000..540144923e --- /dev/null +++ b/tests/scripts/test_config_checks.py @@ -0,0 +1,63 @@ +#!/usr/bin/env python3 +"""Test the configuration checks generated by generate_config_checks.py. +""" + +## Copyright The Mbed TLS Contributors +## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +import unittest + +import scripts_path # pylint: disable=unused-import +from mbedtls_framework import unittest_config_checks + + +class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks): + """Mbed TLS unit tests for checks generated by config_checks_generator.""" + + #pylint: disable=invalid-name # uppercase letters make sense here + + PROJECT_CONFIG_C = 'library/mbedtls_config.c' + PROJECT_SPECIFIC_INCLUDE_DIRECTORIES = [ + 'tf-psa-crypto/include', + 'tf-psa-crypto/drivers/builtin/include', + ] + + @unittest.skip("At this time, mbedtls does not go through crypto's check_config.h.") + def test_crypto_no_fs_io(self) -> None: + """A sample error expected from crypto's check_config.h.""" + self.bad_case('#undef MBEDTLS_FS_IO', + None, + error=('MBEDTLS_PSA_ITS_FILE_C')) + + def test_mbedtls_no_session_tickets_for_early_data(self) -> None: + """An error expected from mbedtls_check_config.h based on the TLS configuration.""" + self.bad_case(None, + ''' + #define MBEDTLS_SSL_EARLY_DATA + #undef MBEDTLS_SSL_SESSION_TICKETS + ''', + error=('MBEDTLS_SSL_EARLY_DATA')) + + def test_mbedtls_no_ecdsa(self) -> None: + """An error expected from mbedtls_check_config.h based on crypto+TLS configuration.""" + self.bad_case(''' + #undef PSA_WANT_ALG_ECDSA + #undef PSA_WANT_ALG_DETERMINISTIC_ECDSA + #undef MBEDTLS_ECDSA_C + ''', + ''' + #if defined(PSA_WANT_ALG_ECDSA) + #error PSA_WANT_ALG_ECDSA unexpected + #endif + #if defined(PSA_WANT_ALG_DETERMINSTIC_ECDSA) + #error PSA_WANT_ALG_DETERMINSTIC_ECDSA unexpected + #endif + #if defined(MBEDTLS_ECDSA_C) + #error MBEDTLS_ECDSA_C unexpected + #endif + ''', + error=('MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED')) + + +if __name__ == '__main__': + unittest.main() From fff4b323242f0c2cad2be2de8ee23ab71a7bf066 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 22 Jul 2025 23:44:07 +0200 Subject: [PATCH 0782/1548] Announce that no longer exists It was already deprecated since 3.0 (although we forgot to announce it in the changelog back then). Signed-off-by: Gilles Peskine --- ChangeLog.d/check_config.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/check_config.txt diff --git a/ChangeLog.d/check_config.txt b/ChangeLog.d/check_config.txt new file mode 100644 index 0000000000..f9f44a4b85 --- /dev/null +++ b/ChangeLog.d/check_config.txt @@ -0,0 +1,5 @@ +Removals + * The header no longer exists. Including it + from a custom config file was no longer needed since Mbed TLS 3.0, + and could lead to spurious errors. The checks that it performed are + now done automatically when building the library. From bf650eeb88afe1d1a2e59eb02693f2a4e6b8647d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 3 Jul 2025 13:21:38 +0100 Subject: [PATCH 0783/1548] Temporarily disable Werror Signed-off-by: Ben Taylor --- CMakeLists.txt | 9 --------- 1 file changed, 9 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 162373182b..1e3c4910a1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -271,9 +271,6 @@ function(set_gnu_base_compile_options target) target_compile_options(${target} PRIVATE $<$:-Os>) target_compile_options(${target} PRIVATE $<$:-Os -Wcast-qual>) - if(MBEDTLS_FATAL_WARNINGS) - target_compile_options(${target} PRIVATE -Werror) - endif(MBEDTLS_FATAL_WARNINGS) endfunction(set_gnu_base_compile_options) function(set_clang_base_compile_options target) @@ -296,9 +293,6 @@ function(set_clang_base_compile_options target) set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread") target_compile_options(${target} PRIVATE $<$:-Os>) - if(MBEDTLS_FATAL_WARNINGS) - target_compile_options(${target} PRIVATE -Werror) - endif(MBEDTLS_FATAL_WARNINGS) endfunction(set_clang_base_compile_options) function(set_iar_base_compile_options target) @@ -306,9 +300,6 @@ function(set_iar_base_compile_options target) target_compile_options(${target} PRIVATE $<$:-Ohz>) target_compile_options(${target} PRIVATE $<$:--debug -On>) - if(MBEDTLS_FATAL_WARNINGS) - target_compile_options(${target} PRIVATE --warnings_are_errors) - endif(MBEDTLS_FATAL_WARNINGS) endfunction(set_iar_base_compile_options) function(set_msvc_base_compile_options target) From 04b03d7712badeaad673019277615c779b398d20 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 14 Jul 2025 09:46:18 +0100 Subject: [PATCH 0784/1548] Replace Werror removal with pragma Signed-off-by: Ben Taylor --- CMakeLists.txt | 9 +++++++++ library/ssl_tls12_client.c | 1 + library/ssl_tls13_generic.c | 1 + library/x509_crt.c | 2 ++ tests/suites/test_suite_x509write.function | 1 + 5 files changed, 14 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 1e3c4910a1..162373182b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -271,6 +271,9 @@ function(set_gnu_base_compile_options target) target_compile_options(${target} PRIVATE $<$:-Os>) target_compile_options(${target} PRIVATE $<$:-Os -Wcast-qual>) + if(MBEDTLS_FATAL_WARNINGS) + target_compile_options(${target} PRIVATE -Werror) + endif(MBEDTLS_FATAL_WARNINGS) endfunction(set_gnu_base_compile_options) function(set_clang_base_compile_options target) @@ -293,6 +296,9 @@ function(set_clang_base_compile_options target) set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread") target_compile_options(${target} PRIVATE $<$:-Os>) + if(MBEDTLS_FATAL_WARNINGS) + target_compile_options(${target} PRIVATE -Werror) + endif(MBEDTLS_FATAL_WARNINGS) endfunction(set_clang_base_compile_options) function(set_iar_base_compile_options target) @@ -300,6 +306,9 @@ function(set_iar_base_compile_options target) target_compile_options(${target} PRIVATE $<$:-Ohz>) target_compile_options(${target} PRIVATE $<$:--debug -On>) + if(MBEDTLS_FATAL_WARNINGS) + target_compile_options(${target} PRIVATE --warnings_are_errors) + endif(MBEDTLS_FATAL_WARNINGS) endfunction(set_iar_base_compile_options) function(set_msvc_base_compile_options target) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 2129da122d..820cab17a8 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -19,6 +19,7 @@ #include "psa_util_internal.h" #include "psa/crypto.h" +#pragma GCC diagnostic warning "-Wenum-conversion" #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 372bf84608..cdf42128f8 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -25,6 +25,7 @@ #include "psa/crypto.h" #include "psa_util_internal.h" +#pragma GCC diagnostic warning "-Wenum-conversion" #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) /* Define a local translating function to save code size by not using too many diff --git a/library/x509_crt.c b/library/x509_crt.c index 3947eb09aa..b6d95f534e 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -17,6 +17,8 @@ * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf */ +#pragma GCC diagnostic warning "-Wenum-conversion" + #include "x509_internal.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index e0aad90a04..5e3d470f5a 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -14,6 +14,7 @@ #include #endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "mbedtls/psa_util.h" +#pragma GCC diagnostic warning "-Wenum-conversion" #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C) From 1c1535f153fb46d95137b575fd57c310c7bf4dd7 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 16 Jul 2025 09:29:38 +0100 Subject: [PATCH 0785/1548] Make pragmas more specific Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 4 +++- library/x509_crt.c | 2 -- tests/suites/test_suite_x509write.function | 1 - 4 files changed, 4 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 820cab17a8..21541b8fc4 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -19,7 +19,6 @@ #include "psa_util_internal.h" #include "psa/crypto.h" -#pragma GCC diagnostic warning "-Wenum-conversion" #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ @@ -2086,6 +2085,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) ret = mbedtls_pk_verify_new(pk_alg, peer_pk, md_alg, hash, hashlen, p, sig_len); + #pragma GCC diagnostic pop } else #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ ret = mbedtls_pk_verify_restartable(peer_pk, diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index cdf42128f8..cda1f8a426 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -25,7 +25,6 @@ #include "psa/crypto.h" #include "psa_util_internal.h" -#pragma GCC diagnostic warning "-Wenum-conversion" #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) /* Define a local translating function to save code size by not using too many @@ -964,9 +963,12 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); + #pragma GCC diagnostic push + #pragma GCC diagnostic warning "-Wenum-conversion" if ((ret = mbedtls_pk_sign_ext(pk_type, own_key, md_alg, verify_hash, verify_hash_len, p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) { + #pragma GCC diagnostic pop MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s", mbedtls_ssl_sig_alg_to_str(*sig_alg))); MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret); diff --git a/library/x509_crt.c b/library/x509_crt.c index b6d95f534e..3947eb09aa 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -17,8 +17,6 @@ * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf */ -#pragma GCC diagnostic warning "-Wenum-conversion" - #include "x509_internal.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 5e3d470f5a..e0aad90a04 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -14,7 +14,6 @@ #include #endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "mbedtls/psa_util.h" -#pragma GCC diagnostic warning "-Wenum-conversion" #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C) From d3ae1701f36db5c2c6282861ed48ec81cebb7588 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 23 Jul 2025 11:34:24 +0100 Subject: [PATCH 0786/1548] Remove pragmas and use alias Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 21541b8fc4..b882d47a5c 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2083,9 +2083,9 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { ret = mbedtls_pk_verify_new(pk_alg, peer_pk, + peer_pk, md_alg, hash, hashlen, p, sig_len); - #pragma GCC diagnostic pop } else #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ ret = mbedtls_pk_verify_restartable(peer_pk, diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index cda1f8a426..372bf84608 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -963,12 +963,9 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - #pragma GCC diagnostic push - #pragma GCC diagnostic warning "-Wenum-conversion" if ((ret = mbedtls_pk_sign_ext(pk_type, own_key, md_alg, verify_hash, verify_hash_len, p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) { - #pragma GCC diagnostic pop MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s", mbedtls_ssl_sig_alg_to_str(*sig_alg))); MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret); From 73b39872911d477187fd2f7145a0b5bbfd07acd1 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 23 Jul 2025 14:38:47 +0100 Subject: [PATCH 0787/1548] Correct rebase and add in additional type cast Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 1 - library/ssl_tls13_generic.c | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index b882d47a5c..2129da122d 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2083,7 +2083,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { ret = mbedtls_pk_verify_new(pk_alg, peer_pk, - peer_pk, md_alg, hash, hashlen, p, sig_len); } else diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 372bf84608..15731ca150 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -963,7 +963,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - if ((ret = mbedtls_pk_sign_ext(pk_type, own_key, + if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) pk_type, own_key, md_alg, verify_hash, verify_hash_len, p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) { MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s", From 7523b548e8400e37433a0bfada467444210fc8a2 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 28 Jul 2025 13:08:34 +0100 Subject: [PATCH 0788/1548] Update tf-psa-crypto submodule Signed-off-by: Ben Taylor --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 19edaa785d..5df033ee3c 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 19edaa785dd71ec8f0c9f72235243314c3d895fa +Subproject commit 5df033ee3cb9e0c05262bc57b821ca20b9483b54 From 532dfeeacb7c6f0de064ab4ec580c1b88c51a5b4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 22 Jul 2025 08:42:27 +0100 Subject: [PATCH 0789/1548] Add copy of header file for libtestdriver1 Signed-off-by: Ben Taylor --- tests/Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/Makefile b/tests/Makefile index 3a6f0e62ea..094c039436 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -332,6 +332,7 @@ libtestdriver1.a: mkdir ./libtestdriver1/tf-psa-crypto/drivers mkdir ./libtestdriver1/tf-psa-crypto/drivers/everest mkdir ./libtestdriver1/tf-psa-crypto/drivers/p256-m +# mkdir -p ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/private/ touch ./libtestdriver1/tf-psa-crypto/drivers/everest/Makefile.inc touch ./libtestdriver1/tf-psa-crypto/drivers/p256-m/Makefile.inc cp -Rf ../framework/scripts ./libtestdriver1/framework @@ -342,6 +343,8 @@ libtestdriver1.a: cp -Rf ../tf-psa-crypto/include ./libtestdriver1/tf-psa-crypto cp -Rf ../tf-psa-crypto/drivers/builtin ./libtestdriver1/tf-psa-crypto/drivers cp -Rf ../tf-psa-crypto/scripts ./libtestdriver1/tf-psa-crypto + mkdir -p libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/private/ + cp -r libtestdriver1/tf-psa-crypto/include/mbedtls/private/pk_private.h libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/private/pk_private.h # Set the test driver base (minimal) configuration. cp ../tf-psa-crypto/tests/configs/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h From 1787ea43a7f6ab444e84775e23d3c4d005eff457 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 23 Jul 2025 08:49:06 +0100 Subject: [PATCH 0790/1548] Removed debug comment Signed-off-by: Ben Taylor --- tests/Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/Makefile b/tests/Makefile index 094c039436..ed53f73518 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -332,7 +332,6 @@ libtestdriver1.a: mkdir ./libtestdriver1/tf-psa-crypto/drivers mkdir ./libtestdriver1/tf-psa-crypto/drivers/everest mkdir ./libtestdriver1/tf-psa-crypto/drivers/p256-m -# mkdir -p ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/private/ touch ./libtestdriver1/tf-psa-crypto/drivers/everest/Makefile.inc touch ./libtestdriver1/tf-psa-crypto/drivers/p256-m/Makefile.inc cp -Rf ../framework/scripts ./libtestdriver1/framework From d56079944e9c2447ba71e5a7f1802acb5aa74ef5 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 28 Jul 2025 15:09:14 +0100 Subject: [PATCH 0791/1548] Adjust libtestdriver1_rewrite.pl to work on private Signed-off-by: Ben Taylor --- tests/scripts/libtestdriver1_rewrite.pl | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/scripts/libtestdriver1_rewrite.pl b/tests/scripts/libtestdriver1_rewrite.pl index 202575d855..f96ff5e05c 100755 --- a/tests/scripts/libtestdriver1_rewrite.pl +++ b/tests/scripts/libtestdriver1_rewrite.pl @@ -15,6 +15,10 @@ my $public_files_regex = join('|', map { quotemeta($_) } @public_files); +my @private_files = map { basename($_) } glob("../tf-psa-crypto/include/mbedtls/private/*.h"); + +my $private_files_regex = join('|', map { quotemeta($_) } @private_files); + while (<>) { s!^(\s*#\s*include\s*[\"<])mbedtls/build_info.h!${1}libtestdriver1/include/mbedtls/build_info.h!; s!^(\s*#\s*include\s*[\"<])mbedtls/mbedtls_config.h!${1}libtestdriver1/include/mbedtls/mbedtls_config.h!; @@ -28,6 +32,9 @@ if ( $public_files_regex ) { s!^(\s*#\s*include\s*[\"<])mbedtls/($public_files_regex)!${1}libtestdriver1/tf-psa-crypto/include/mbedtls/${2}!; } + if ( $private_files_regex ) { + s!^(\s*#\s*include\s*[\"<])mbedtls/private/($private_files_regex)!${1}libtestdriver1/tf-psa-crypto/include/mbedtls/private/${2}!; + } s!^(\s*#\s*include\s*[\"<])mbedtls/!${1}libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/!; s!^(\s*#\s*include\s*[\"<])psa/!${1}libtestdriver1/tf-psa-crypto/include/psa/!; s!^(\s*#\s*include\s*[\"<])tf-psa-crypto/!${1}libtestdriver1/tf-psa-crypto/include/tf-psa-crypto/!; From cd1b7ffa705bbf4600e21205e2991f1655522457 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 29 Jul 2025 10:40:12 +0200 Subject: [PATCH 0792/1548] tests: x509write: replace MBEDTLS_ECDSA_DETERMINISTIC with PSA_WANT one Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509write.data | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 4dcd967226..3860076d2c 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -47,7 +47,7 @@ depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0 Certificate Request check Server5 ECDSA, key_usage -depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_256 x509_csr_check:"../framework/data_files/server5.key":"../framework/data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0:0 Certificate Request check Server1, set_extension @@ -155,11 +155,11 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.long_serial_FF.crt":0:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server5 ECDSA -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256 x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"../framework/data_files/server5.crt":0:0:"../framework/data_files/test-ca2.crt":0 Certificate write check Server5 ECDSA, Opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_USE_PSA_CRYPTO +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_USE_PSA_CRYPTO x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"../framework/data_files/test-ca2.crt":0 Certificate write check Server1 SHA1, SubjectAltNames @@ -337,4 +337,3 @@ oid_from_numeric_string:"2.4294967215":0:"8FFFFFFF7F" OID from numeric string - OID with overflowing subidentifier oid_from_numeric_string:"2.4294967216":MBEDTLS_ERR_ASN1_INVALID_DATA:"" - From 3f48668e5a3c216039832be276315ed09db025c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 29 Jul 2025 09:24:03 +0200 Subject: [PATCH 0793/1548] Update crypto pointer to development-restricted MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 19edaa785d..ae71e1e43f 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 19edaa785dd71ec8f0c9f72235243314c3d895fa +Subproject commit ae71e1e43f0dbb7ff54a6dcdd4ddc89ba4c2b600 From b3a2005141ec9518531c0eb1e414f0af41f4b120 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 29 Jul 2025 15:19:06 +0100 Subject: [PATCH 0794/1548] Remove copy from Makefile Signed-off-by: Ben Taylor --- tests/Makefile | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index ed53f73518..3a6f0e62ea 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -342,8 +342,6 @@ libtestdriver1.a: cp -Rf ../tf-psa-crypto/include ./libtestdriver1/tf-psa-crypto cp -Rf ../tf-psa-crypto/drivers/builtin ./libtestdriver1/tf-psa-crypto/drivers cp -Rf ../tf-psa-crypto/scripts ./libtestdriver1/tf-psa-crypto - mkdir -p libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/private/ - cp -r libtestdriver1/tf-psa-crypto/include/mbedtls/private/pk_private.h libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/private/pk_private.h # Set the test driver base (minimal) configuration. cp ../tf-psa-crypto/tests/configs/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h From 4bb98be277192dcc43e2f9842d111b083073e912 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 7 May 2025 14:21:20 +0100 Subject: [PATCH 0795/1548] initial remove of MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Ben Taylor --- programs/fuzz/fuzz_client.c | 4 - programs/fuzz/fuzz_dtlsclient.c | 4 - programs/fuzz/fuzz_dtlsserver.c | 4 - programs/fuzz/fuzz_server.c | 10 +-- programs/fuzz/fuzz_x509crl.c | 10 +-- programs/fuzz/fuzz_x509crt.c | 8 +- programs/fuzz/fuzz_x509csr.c | 10 +-- programs/pkey/gen_key.c | 4 - programs/pkey/pk_sign.c | 4 - programs/pkey/pk_verify.c | 4 - programs/pkey/rsa_sign_pss.c | 4 - programs/pkey/rsa_verify_pss.c | 4 - programs/ssl/ssl_client2.c | 65 ++-------------- programs/ssl/ssl_server2.c | 76 +++---------------- programs/ssl/ssl_test_lib.c | 6 +- programs/ssl/ssl_test_lib.h | 21 +----- programs/x509/cert_app.c | 4 - programs/x509/cert_req.c | 4 - programs/x509/cert_write.c | 4 - programs/x509/crl_app.c | 4 - programs/x509/load_roots.c | 4 - programs/x509/req_app.c | 4 - tests/include/test/ssl_helpers.h | 9 --- tests/src/test_helpers/ssl_helpers.c | 108 --------------------------- 24 files changed, 33 insertions(+), 346 deletions(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 440c0245ff..1840570488 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -78,12 +78,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { @@ -179,9 +177,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index 7a1da13c38..ca7626d5ba 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -61,12 +61,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { @@ -124,9 +122,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 98a70216e1..4f159fbefe 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -58,12 +58,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ssl_config_init(&conf); mbedtls_ssl_cookie_init(&cookie_ctx); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { @@ -166,9 +164,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 05b7480cbc..40fd9caa0f 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -67,12 +67,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) mbedtls_ssl_ticket_init(&ticket_ctx); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { @@ -194,19 +192,17 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) exit: #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) mbedtls_ssl_ticket_free(&ticket_ctx); -#endif +#endif /* (MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) */ mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_x509_crt_free(&srvcert); mbedtls_pk_free(&pkey); -#endif +#endif /* (MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) */ mbedtls_ssl_free(&ssl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif -#else +#else /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ (void) Data; (void) Size; #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 92e0f5d12e..ae0f85282b 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -12,31 +12,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) unsigned char buf[4096]; mbedtls_x509_crl_init(&crl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_x509_crl_parse(&crl, Data, Size); #if !defined(MBEDTLS_X509_REMOVE_INFO) if (ret == 0) { ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl); } -#else +#else /* MBEDTLS_X509_REMOVE_INFO */ ((void) ret); ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_x509_crl_free(&crl); -#else +#else /* MBEDTLS_X509_CRL_PARSE_C */ (void) Data; (void) Size; -#endif +#endif /* MBEDTLS_X509_CRL_PARSE_C */ return 0; } diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index c99ae2e7b1..709fd200f9 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -12,12 +12,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) unsigned char buf[4096]; mbedtls_x509_crt_init(&crt); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_x509_crt_parse(&crt, Data, Size); #if !defined(MBEDTLS_X509_REMOVE_INFO) if (ret == 0) { @@ -28,15 +26,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_x509_crt_free(&crt); -#else +#else /* MBEDTLS_X509_CRT_PARSE_C */ (void) Data; (void) Size; -#endif +#endif /* MBEDTLS_X509_CRT_PARSE_C */ return 0; } diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 4ab071f1ca..1c26e6f082 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -12,31 +12,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) unsigned char buf[4096]; mbedtls_x509_csr_init(&csr); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_x509_csr_parse(&csr, Data, Size); #if !defined(MBEDTLS_X509_REMOVE_INFO) if (ret == 0) { ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr); } -#else +#else /* !MBEDTLS_X509_REMOVE_INFO */ ((void) ret); ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_x509_csr_free(&csr); -#else +#else /* MBEDTLS_X509_CSR_PARSE_C */ (void) Data; (void) Size; -#endif +#endif /* MBEDTLS_X509_CSR_PARSE_C */ return 0; } diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 94604ceeb6..ba35534388 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -257,14 +257,12 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_init(&ctr_drbg); memset(buf, 0, sizeof(buf)); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -473,9 +471,7 @@ int main(int argc, char *argv[]) mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 551173e496..4ddb473c0f 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -55,14 +55,12 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_pk_init(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc != 3) { mbedtls_printf("usage: mbedtls_pk_sign \n"); @@ -139,9 +137,7 @@ int main(int argc, char *argv[]) mbedtls_pk_free(&pk); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 507812e350..27aff441a1 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -47,14 +47,12 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc != 3) { mbedtls_printf("usage: mbedtls_pk_verify \n"); @@ -115,9 +113,7 @@ int main(int argc, char *argv[]) exit: mbedtls_pk_free(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 8f605b56bc..d94daf3977 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -57,14 +57,12 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); mbedtls_ctr_drbg_init(&ctr_drbg); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc != 3) { mbedtls_printf("usage: rsa_sign_pss \n"); @@ -153,9 +151,7 @@ int main(int argc, char *argv[]) mbedtls_pk_free(&pk); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 97f9d186e8..15049203ee 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -51,14 +51,12 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc != 3) { mbedtls_printf("usage: rsa_verify_pss \n"); @@ -131,9 +129,7 @@ int main(int argc, char *argv[]) exit: mbedtls_pk_free(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d5e7fdf304..b76055ed5b 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -9,9 +9,7 @@ #include "ssl_test_lib.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "test/psa_crypto_helpers.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) int main(void) @@ -145,7 +143,7 @@ int main(void) #else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #define USAGE_IO "" #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #define USAGE_KEY_OPAQUE \ " key_opaque=%%d Handle your private key as if it were opaque\n" \ " default: 0 (disabled)\n" @@ -172,7 +170,6 @@ int main(void) " psk=%%s default: \"\" (disabled)\n" \ " The PSK values are in hex, without 0x.\n" \ " psk_identity=%%s default: \"Client_identity\"\n" -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_PSK_SLOT \ " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \ " Enable this to store the PSK configured through command line\n" \ @@ -185,7 +182,6 @@ int main(void) " with prepopulated key slots instead of importing raw key material.\n" #else #define USAGE_PSK_SLOT "" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT #else #define USAGE_PSK "" @@ -309,14 +305,9 @@ int main(void) #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_ECJPAKE \ " ecjpake_pw=%%s default: none (disabled)\n" \ " ecjpake_pw_opaque=%%d default: 0 (disabled)\n" -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#define USAGE_ECJPAKE \ - " ecjpake_pw=%%s default: none (disabled)\n" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #define USAGE_ECJPAKE "" #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -488,9 +479,7 @@ struct options { const char *crt_file; /* the file with the client certificate */ const char *key_file; /* the file with the client key */ int key_opaque; /* handle private key as if it were opaque */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int psk_opaque; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback; /* Use callback for trusted certificate list */ #endif @@ -498,9 +487,7 @@ struct options { const char *psk; /* the pre-shared key */ const char *psk_identity; /* the pre-shared key identity */ const char *ecjpake_pw; /* the EC J-PAKE password */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ -#endif int ec_max_ops; /* EC consecutive operations limit */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -824,16 +811,12 @@ int main(int argc, char *argv[]) const char *pers = "ssl_client2"; -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = 0; psa_key_attributes_t key_attributes; #endif psa_status_t status; -#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) - psa_status_t status; -#endif rng_context_t rng; mbedtls_ssl_context ssl; @@ -850,9 +833,7 @@ int main(int argc, char *argv[]) mbedtls_x509_crt clicert; mbedtls_pk_context pkey; mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ -#endif #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ char *p, *q; const int *list; @@ -877,10 +858,9 @@ int main(int argc, char *argv[]) MBEDTLS_TLS_SRTP_UNSET }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */ -#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); @@ -907,7 +887,6 @@ int main(int argc, char *argv[]) memset((void *) alpn_list, 0, sizeof(alpn_list)); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", @@ -915,7 +894,6 @@ int main(int argc, char *argv[]) ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) mbedtls_test_enable_insecure_external_rng(); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ @@ -942,17 +920,13 @@ int main(int argc, char *argv[]) opt.key_opaque = DFL_KEY_OPAQUE; opt.key_pwd = DFL_KEY_PWD; opt.psk = DFL_PSK; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.psk_opaque = DFL_PSK_OPAQUE; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) opt.ca_callback = DFL_CA_CALLBACK; #endif opt.psk_identity = DFL_PSK_IDENTITY; opt.ecjpake_pw = DFL_ECJPAKE_PW; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; -#endif opt.ec_max_ops = DFL_EC_MAX_OPS; opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -1127,7 +1101,7 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "key_pwd") == 0) { opt.key_pwd = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) else if (strcmp(p, "key_opaque") == 0) { opt.key_opaque = atoi(q); } @@ -1152,11 +1126,9 @@ int main(int argc, char *argv[]) else if (strcmp(p, "psk") == 0) { opt.psk = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "psk_opaque") == 0) { opt.psk_opaque = atoi(q); } -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) else if (strcmp(p, "ca_callback") == 0) { opt.ca_callback = atoi(q); @@ -1167,11 +1139,9 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "ecjpake_pw") == 0) { opt.ecjpake_pw = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); } -#endif else if (strcmp(p, "ec_max_ops") == 0) { opt.ec_max_ops = atoi(q); } else if (strcmp(p, "force_ciphersuite") == 0) { @@ -1500,7 +1470,6 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { if (opt.psk == NULL) { mbedtls_printf("psk_opaque set but no psk to be imported specified.\n"); @@ -1515,7 +1484,6 @@ int main(int argc, char *argv[]) goto usage; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (opt.force_ciphersuite[0] > 0) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -1550,7 +1518,6 @@ int main(int argc, char *argv[]) } } -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0) { /* Determine KDF algorithm the opaque PSK will be used in. */ @@ -1562,7 +1529,6 @@ int main(int argc, char *argv[]) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -1786,7 +1752,6 @@ int main(int argc, char *argv[]) goto exit; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.key_opaque != 0) { psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; psa_key_usage_t usage = 0; @@ -1805,7 +1770,6 @@ int main(int argc, char *argv[]) } } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf(" ok (key type: %s)\n", strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ? @@ -2006,7 +1970,6 @@ int main(int argc, char *argv[]) #endif #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); @@ -2027,7 +1990,6 @@ int main(int argc, char *argv[]) goto exit; } } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (psk_len > 0) { ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len, (const unsigned char *) opt.psk_identity, @@ -2098,7 +2060,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (opt.ecjpake_pw != DFL_ECJPAKE_PW) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -2124,7 +2085,6 @@ int main(int argc, char *argv[]) } mbedtls_printf("using opaque password\n"); } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ { if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, (const unsigned char *) opt.ecjpake_pw, @@ -3206,13 +3166,10 @@ int main(int argc, char *argv[]) mbedtls_x509_crt_free(&clicert); mbedtls_x509_crt_free(&cacert); mbedtls_pk_free(&pkey); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(key_slot); -#endif #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0) { /* This is ok even if the slot hasn't been * initialized (we might have jumed here @@ -3229,11 +3186,9 @@ int main(int argc, char *argv[]) } } } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && - MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* * In case opaque keys it's the user responsibility to keep the key valid * for the duration of the handshake and destroy it at the end @@ -3252,9 +3207,8 @@ int main(int argc, char *argv[]) psa_destroy_key(ecjpake_pw_slot); } } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) const char *message = mbedtls_test_helper_is_psa_leaking(); if (message) { if (ret == 0) { @@ -3262,14 +3216,11 @@ int main(int argc, char *argv[]) } mbedtls_printf("PSA memory leak detected: %s\n", message); } -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto * resources are freed by rng_free(). */ -#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \ !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); -#endif rng_free(&rng); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 639fe5616e..cb933e7e6d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -53,9 +53,7 @@ int main(void) #include #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "test/psa_crypto_helpers.h" -#endif #include "mbedtls/pk.h" #if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) @@ -205,7 +203,7 @@ int main(void) #else #define USAGE_IO "" #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #define USAGE_KEY_OPAQUE \ " key_opaque=%%d Handle your private keys as if they were opaque\n" \ " default: 0 (disabled)\n" @@ -248,7 +246,6 @@ int main(void) " The PSK values are in hex, without 0x.\n" \ " id1,psk1[,id2,psk2[,...]]\n" \ " psk_identity=%%s default: \"Client_identity\"\n" -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_PSK_SLOT \ " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \ " Enable this to store the PSK configured through command line\n" \ @@ -270,7 +267,6 @@ int main(void) " with prepopulated key slots instead of importing raw key material.\n" #else #define USAGE_PSK_SLOT "" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT #else #define USAGE_PSK "" @@ -419,14 +415,9 @@ int main(void) #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_ECJPAKE \ " ecjpake_pw=%%s default: none (disabled)\n" \ " ecjpake_pw_opaque=%%d default: 0 (disabled)\n" -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#define USAGE_ECJPAKE \ - " ecjpake_pw=%%s default: none (disabled)\n" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #define USAGE_ECJPAKE "" #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -641,10 +632,8 @@ struct options { int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */ int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */ int async_private_error; /* inject error in async private callback */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int psk_opaque; int psk_list_opaque; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback; /* Use callback for trusted certificate list */ #endif @@ -652,9 +641,7 @@ struct options { const char *psk_identity; /* the pre-shared key identity */ char *psk_list; /* list of PSK id/key pairs for callback */ const char *ecjpake_pw; /* the EC J-PAKE password */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ -#endif int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */ @@ -962,9 +949,7 @@ struct _psk_entry { const char *name; size_t key_len; unsigned char key[MBEDTLS_PSK_MAX_LEN]; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t slot; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ psk_entry *next; }; @@ -976,7 +961,6 @@ static int psk_free(psk_entry *head) psk_entry *next; while (head != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; mbedtls_svc_key_id_t const slot = head->slot; @@ -986,7 +970,6 @@ static int psk_free(psk_entry *head) return status; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ next = head->next; mbedtls_free(head); @@ -1052,11 +1035,9 @@ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl, while (cur != NULL) { if (name_len == strlen(cur->name) && memcmp(name, cur->name, name_len) == 0) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) { return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot); } else -#endif return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len); } @@ -1302,7 +1283,6 @@ static void ssl_async_cancel(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot, psa_algorithm_t alg, @@ -1326,7 +1306,6 @@ static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot, return PSA_SUCCESS; } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) static int report_cid_usage(mbedtls_ssl_context *ssl, @@ -1543,10 +1522,8 @@ int main(int argc, char *argv[]) io_ctx_t io_ctx; unsigned char *buf = 0; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg = 0; mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char psk[MBEDTLS_PSK_MAX_LEN]; size_t psk_len = 0; psk_entry *psk_info = NULL; @@ -1574,10 +1551,8 @@ int main(int argc, char *argv[]) mbedtls_x509_crt srvcert2; mbedtls_pk_context pkey2; mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ -#endif int key_cert_init = 0, key_cert_init2 = 0; #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) @@ -1609,10 +1584,9 @@ int main(int argc, char *argv[]) unsigned char *context_buf = NULL; size_t context_buf_len = 0; #endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */ -#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) uint16_t sig_alg_list[SIG_ALG_LIST_SIZE]; @@ -1621,9 +1595,7 @@ int main(int argc, char *argv[]) int i; char *p, *q; const int *list; -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) psa_status_t status; -#endif unsigned char eap_tls_keymaterial[16]; unsigned char eap_tls_iv[8]; const char *eap_tls_label = "client EAP encryption"; @@ -1684,7 +1656,6 @@ int main(int argc, char *argv[]) mbedtls_ssl_cookie_init(&cookie_ctx); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", @@ -1692,7 +1663,6 @@ int main(int argc, char *argv[]) ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) mbedtls_test_enable_insecure_external_rng(); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ @@ -1731,19 +1701,15 @@ int main(int argc, char *argv[]) opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2; opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR; opt.psk = DFL_PSK; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.psk_opaque = DFL_PSK_OPAQUE; opt.psk_list_opaque = DFL_PSK_LIST_OPAQUE; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) opt.ca_callback = DFL_CA_CALLBACK; #endif opt.psk_identity = DFL_PSK_IDENTITY; opt.psk_list = DFL_PSK_LIST; opt.ecjpake_pw = DFL_ECJPAKE_PW; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; -#endif opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES; @@ -1924,7 +1890,7 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "key_pwd") == 0) { opt.key_pwd = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) else if (strcmp(p, "key_opaque") == 0) { opt.key_opaque = atoi(q); } @@ -1973,13 +1939,11 @@ int main(int argc, char *argv[]) else if (strcmp(p, "psk") == 0) { opt.psk = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "psk_opaque") == 0) { opt.psk_opaque = atoi(q); } else if (strcmp(p, "psk_list_opaque") == 0) { opt.psk_list_opaque = atoi(q); } -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) else if (strcmp(p, "ca_callback") == 0) { opt.ca_callback = atoi(q); @@ -1992,11 +1956,9 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "ecjpake_pw") == 0) { opt.ecjpake_pw = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); } -#endif else if (strcmp(p, "force_ciphersuite") == 0) { opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); @@ -2367,7 +2329,6 @@ int main(int argc, char *argv[]) goto exit; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { if (strlen(opt.psk) == 0) { mbedtls_printf("psk_opaque set but no psk to be imported specified.\n"); @@ -2397,7 +2358,6 @@ int main(int argc, char *argv[]) goto usage; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (opt.force_ciphersuite[0] > 0) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -2427,7 +2387,6 @@ int main(int argc, char *argv[]) opt.min_version = ciphersuite_info->min_tls_version; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) { /* Determine KDF algorithm the opaque PSK will be used in. */ @@ -2439,7 +2398,6 @@ int main(int argc, char *argv[]) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -2732,7 +2690,6 @@ int main(int argc, char *argv[]) #endif /* PSA_HAVE_ALG_SOME_ECDSA && PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.key_opaque != 0) { psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; psa_key_usage_t psa_usage = 0; @@ -2768,7 +2725,6 @@ int main(int argc, char *argv[]) } } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf(" ok (key types: %s, %s)\n", key_cert_init ? mbedtls_pk_get_name(&pkey) : "none", @@ -3182,7 +3138,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (strlen(opt.psk) != 0 && strlen(opt.psk_identity) != 0) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { /* The algorithm has already been determined earlier. */ status = psa_setup_psk_key_slot(&psk_slot, alg, psk, psk_len); @@ -3199,7 +3154,6 @@ int main(int argc, char *argv[]) goto exit; } } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (psk_len > 0) { ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len, (const unsigned char *) opt.psk_identity, @@ -3213,7 +3167,6 @@ int main(int argc, char *argv[]) } if (opt.psk_list != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_list_opaque != 0) { psk_entry *cur_psk; for (cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next) { @@ -3227,7 +3180,6 @@ int main(int argc, char *argv[]) } } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_ssl_conf_psk_cb(&conf, psk_callback, psk_info); } @@ -3384,7 +3336,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (opt.ecjpake_pw != DFL_ECJPAKE_PW) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -3410,7 +3361,6 @@ int main(int argc, char *argv[]) } mbedtls_printf("using opaque password\n"); } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ { if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, (const unsigned char *) opt.ecjpake_pw, @@ -4253,11 +4203,9 @@ int main(int argc, char *argv[]) mbedtls_pk_free(&pkey); mbedtls_x509_crt_free(&srvcert2); mbedtls_pk_free(&pkey2); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(key_slot); psa_destroy_key(key_slot2); #endif -#endif #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) { @@ -4269,8 +4217,7 @@ int main(int argc, char *argv[]) } #endif -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0) { /* This is ok even if the slot hasn't been * initialized (we might have jumed here @@ -4284,11 +4231,9 @@ int main(int argc, char *argv[]) (int) status); } } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && - MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* * In case opaque keys it's the user responsibility to keep the key valid * for the duration of the handshake and destroy it at the end @@ -4307,9 +4252,8 @@ int main(int argc, char *argv[]) psa_destroy_key(ecjpake_pw_slot); } } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) const char *message = mbedtls_test_helper_is_psa_leaking(); if (message) { if (ret == 0) { @@ -4317,12 +4261,10 @@ int main(int argc, char *argv[]) } mbedtls_printf("PSA memory leak detected: %s\n", message); } -#endif /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto * resources are freed by rng_free(). */ -#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) \ - && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) +#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); #endif diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index f9a6402525..ad3feb65b8 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -83,13 +83,11 @@ void rng_init(rng_context_t *rng) int rng_seed(rng_context_t *rng, int reproducible, const char *pers) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (reproducible) { mbedtls_fprintf(stderr, - "MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n"); + "reproducible mode is not supported.\n"); return -1; } -#endif #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) /* The PSA crypto RNG does its own seeding. */ (void) rng; @@ -217,7 +215,6 @@ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2) return 0; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) int key_opaque_set_alg_usage(const char *alg1, const char *alg2, psa_algorithm_t *psa_alg1, psa_algorithm_t *psa_alg2, @@ -301,7 +298,6 @@ int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algor return 0; } #endif /* MBEDTLS_PK_C */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback(void *data, mbedtls_x509_crt const *child, diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index c001a2afa1..ea5dbecb89 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -14,9 +14,8 @@ #include "mbedtls/md.h" #undef HAVE_RNG -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \ - (defined(MBEDTLS_USE_PSA_CRYPTO) || \ - defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)) +#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) || \ + defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) #define HAVE_RNG #elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) #define HAVE_RNG @@ -55,10 +54,8 @@ #include "mbedtls/base64.h" #include "test/certs.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#endif #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #include "mbedtls/memory_buffer_alloc.h" @@ -108,7 +105,7 @@ void my_debug(void *ctx, int level, mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) +#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) /* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use * mbedtls_psa_get_random() rather than entropy+DRBG as a random generator. * @@ -121,14 +118,6 @@ mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); * where the test programs use the PSA RNG while the PSA RNG is itself based * on entropy+DRBG, and at least one configuration where the test programs * do not use the PSA RNG even though it's there. - * - * A simple choice that meets the constraints is to use the PSA RNG whenever - * MBEDTLS_USE_PSA_CRYPTO is enabled. There's no real technical reason the - * choice to use the PSA RNG in the test programs and the choice to use - * PSA crypto when TLS code needs crypto have to be tied together, but it - * happens to be a good match. It's also a good match from an application - * perspective: either PSA is preferred for TLS (both for crypto and for - * random generation) or it isn't. */ #define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG #endif @@ -213,7 +202,6 @@ int rng_get(void *p_rng, unsigned char *output, size_t output_len); */ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2); -#if defined(MBEDTLS_USE_PSA_CRYPTO) /** Parse given opaque key algorithms to obtain psa algs and usage * that will be passed to mbedtls_pk_wrap_as_opaque(). * @@ -259,9 +247,8 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2, psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id); #endif /* MBEDTLS_PK_C */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) +#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) /* The test implementation of the PSA external RNG is insecure. When * MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto * function that makes use of an RNG, you must call diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index d9d5bb60ac..c747505519 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -152,14 +152,12 @@ int main(int argc, char *argv[]) memset(&cacrl, 0, sizeof(mbedtls_x509_crl)); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -446,9 +444,7 @@ int main(int argc, char *argv[]) #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index e59772ffda..02fd567841 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -162,14 +162,12 @@ int main(int argc, char *argv[]) memset(buf, 0, sizeof(buf)); mbedtls_entropy_init(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -502,9 +500,7 @@ int main(int argc, char *argv[]) mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ cur = opt.san_list; while (cur != NULL) { diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 3cabff4b5a..fb55c3f291 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -326,14 +326,12 @@ int main(int argc, char *argv[]) memset(buf, 0, sizeof(buf)); memset(serial, 0, sizeof(serial)); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -1026,9 +1024,7 @@ int main(int argc, char *argv[]) mbedtls_pk_free(&loaded_issuer_key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index fee8b693ce..bb518adeef 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -60,14 +60,12 @@ int main(int argc, char *argv[]) */ mbedtls_x509_crl_init(&crl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -124,9 +122,7 @@ int main(int argc, char *argv[]) exit: mbedtls_x509_crl_free(&crl); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index 2ae7c9b017..34d3508459 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -86,14 +86,12 @@ int main(int argc, char *argv[]) struct mbedtls_timing_hr_time timer; unsigned long ms; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc <= 1) { mbedtls_printf(USAGE); @@ -159,9 +157,7 @@ int main(int argc, char *argv[]) exit_code = MBEDTLS_EXIT_SUCCESS; exit: -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } #endif /* necessary configuration */ diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index 2929d687d4..b960818a09 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -60,14 +60,12 @@ int main(int argc, char *argv[]) */ mbedtls_x509_csr_init(&csr); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", (int) status); goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -124,9 +122,7 @@ int main(int argc, char *argv[]) exit: mbedtls_x509_csr_free(&csr); -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 5bfdedaaf0..d019c5065e 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -31,11 +31,9 @@ #include "mbedtls/ssl_cache.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ psa_to_ssl_errors, \ psa_generic_status_to_mbedtls) -#endif #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(PSA_WANT_KEY_TYPE_AES) @@ -751,18 +749,11 @@ int mbedtls_test_get_tls13_ticket( #define ECJPAKE_TEST_PWD "bla" -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ ret = (use_opaque_arg) ? \ mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl, pwd_slot) : \ mbedtls_ssl_set_hs_ecjpake_password(&ssl, pwd_string, pwd_len); \ TEST_EQUAL(ret, exp_ret_val) -#else -#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \ - ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, \ - pwd_string, pwd_len); \ - TEST_EQUAL(ret, exp_ret_val) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define TEST_AVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \ TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 1eca6e496d..83dac17419 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -644,11 +644,9 @@ static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) ep->cert = NULL; } if (ep->pkey != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (mbedtls_pk_get_type(ep->pkey) == MBEDTLS_PK_OPAQUE) { psa_destroy_key(ep->pkey->priv_id); } -#endif mbedtls_pk_free(ep->pkey); mbedtls_free(ep->pkey); ep->pkey = NULL; @@ -725,9 +723,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, int i = 0; int ret = -1; int ok = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; -#endif if (ep == NULL) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -759,7 +755,6 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, TEST_EQUAL(load_endpoint_ecc(ep), 0); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opaque_alg != 0) { psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; /* Use a fake key usage to get a successful initial guess for the PSA attributes. */ @@ -776,11 +771,6 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, mbedtls_pk_init(ep->pkey); TEST_EQUAL(mbedtls_pk_wrap_psa(ep->pkey, key_slot), 0); } -#else - (void) opaque_alg; - (void) opaque_alg2; - (void) opaque_usage; -#endif mbedtls_ssl_conf_ca_chain(&(ep->conf), ep->ca_chain, NULL); @@ -1212,7 +1202,6 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, unsigned char *output, size_t *olen) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; size_t part_len; @@ -1246,10 +1235,6 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, *olen += part_len; return 0; -#else - return mbedtls_cipher_crypt(&transform->cipher_ctx_enc, - iv, iv_len, input, ilen, output, olen); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && PSA_WANT_ALG_CBC_NO_PADDING && PSA_WANT_KEY_TYPE_AES */ @@ -1383,14 +1368,10 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, size_t key_bits = 0; int ret = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_type_t key_type; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#else - mbedtls_cipher_info_t const *cipher_info; -#endif size_t keylen, maclen, ivlen = 0; unsigned char *key0 = NULL, *key1 = NULL; @@ -1422,58 +1403,10 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, memset(key0, 0x1, keylen); memset(key1, 0x2, keylen); -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - /* Pick cipher */ - cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type); - CHK(cipher_info != NULL); - CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16); - CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0); - - /* Setup cipher contexts */ - CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0); - CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0); - -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if (cipher_mode == MBEDTLS_MODE_CBC) { - CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc, - MBEDTLS_PADDING_NONE) == 0); - CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec, - MBEDTLS_PADDING_NONE) == 0); - } -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - - CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_ENCRYPT) - == 0); - CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_DECRYPT) - == 0); - CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_ENCRYPT) - == 0); - CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0, - (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, - MBEDTLS_DECRYPT) - == 0); -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ - /* Setup MAC contexts */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) if (cipher_mode == MBEDTLS_MODE_CBC || cipher_mode == MBEDTLS_MODE_STREAM) { -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id); - CHK(md_info != NULL); -#endif maclen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) hash_id); CHK(maclen != 0); /* Pick hash keys */ @@ -1482,7 +1415,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, memset(md0, 0x5, maclen); memset(md1, 0x6, maclen); -#if defined(MBEDTLS_USE_PSA_CRYPTO) alg = mbedtls_md_psa_alg_from_type(hash_id); CHK(alg != 0); @@ -1523,21 +1455,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, CHK(psa_import_key(&attributes, md0, maclen, &t_out->psa_mac_dec) == PSA_SUCCESS); -#else - CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0); - CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0); - - CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc, - md0, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec, - md1, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc, - md1, maclen) == 0); - CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec, - md0, maclen) == 0); -#endif } #else ((void) hash_id); @@ -1657,7 +1574,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, t_out->out_cid_len = (uint8_t) cid0_len; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = mbedtls_ssl_cipher_to_psa(cipher_type, t_in->taglen, &alg, @@ -1720,7 +1636,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, goto cleanup; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ cleanup: @@ -1737,9 +1652,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, mbedtls_ssl_transform *transform_out) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; -#endif /* Serialized version of record header for MAC purposes */ unsigned char add_data[13]; @@ -1751,7 +1664,6 @@ int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, add_data[12] = (record->data_len >> 0) & 0xff; /* MAC with additional data */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) size_t sign_mac_length = 0; TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation, transform_out->psa_mac_enc, @@ -1767,26 +1679,13 @@ int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation, mac, sizeof(mac), &sign_mac_length)); -#else - TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13)); - TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, - record->buf + record->data_offset, - record->data_len)); - /* Use a temporary buffer for the MAC, because with the truncated HMAC - * extension, there might not be enough room in the record for the - * full-length MAC. */ - unsigned char mac[MBEDTLS_MD_MAX_SIZE]; - TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac)); -#endif memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen); record->data_len += transform_out->maclen; return 0; exit: -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_mac_abort(&operation); -#endif return -1; } #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ @@ -1840,7 +1739,6 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, return -1; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type( MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE); size_t hash_size = 0; @@ -1851,12 +1749,6 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN, &hash_size); ret = PSA_TO_MBEDTLS_ERR(status); -#else - ret = mbedtls_md(mbedtls_md_info_from_type( - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE), - tmp_crt.raw.p, tmp_crt.raw.len, - session->peer_cert_digest); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (ret != 0) { return ret; } From 6bcdd67f8321cef2e695220d4902a0ee2e0fbf58 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 2 Jun 2025 15:51:32 +0100 Subject: [PATCH 0796/1548] Update ssl progs to restore build Signed-off-by: Ben Taylor --- programs/ssl/ssl_client2.c | 65 ++++++++++++++++++++++++++++---- programs/ssl/ssl_server2.c | 76 +++++++++++++++++++++++++++++++++----- 2 files changed, 124 insertions(+), 17 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index b76055ed5b..d5e7fdf304 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -9,7 +9,9 @@ #include "ssl_test_lib.h" +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "test/psa_crypto_helpers.h" +#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) int main(void) @@ -143,7 +145,7 @@ int main(void) #else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #define USAGE_IO "" #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #define USAGE_KEY_OPAQUE \ " key_opaque=%%d Handle your private key as if it were opaque\n" \ " default: 0 (disabled)\n" @@ -170,6 +172,7 @@ int main(void) " psk=%%s default: \"\" (disabled)\n" \ " The PSK values are in hex, without 0x.\n" \ " psk_identity=%%s default: \"Client_identity\"\n" +#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_PSK_SLOT \ " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \ " Enable this to store the PSK configured through command line\n" \ @@ -182,6 +185,7 @@ int main(void) " with prepopulated key slots instead of importing raw key material.\n" #else #define USAGE_PSK_SLOT "" +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT #else #define USAGE_PSK "" @@ -305,9 +309,14 @@ int main(void) #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_ECJPAKE \ " ecjpake_pw=%%s default: none (disabled)\n" \ " ecjpake_pw_opaque=%%d default: 0 (disabled)\n" +#else /* MBEDTLS_USE_PSA_CRYPTO */ +#define USAGE_ECJPAKE \ + " ecjpake_pw=%%s default: none (disabled)\n" +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #define USAGE_ECJPAKE "" #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -479,7 +488,9 @@ struct options { const char *crt_file; /* the file with the client certificate */ const char *key_file; /* the file with the client key */ int key_opaque; /* handle private key as if it were opaque */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) int psk_opaque; +#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback; /* Use callback for trusted certificate list */ #endif @@ -487,7 +498,9 @@ struct options { const char *psk; /* the pre-shared key */ const char *psk_identity; /* the pre-shared key identity */ const char *ecjpake_pw; /* the EC J-PAKE password */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ +#endif int ec_max_ops; /* EC consecutive operations limit */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -811,12 +824,16 @@ int main(int argc, char *argv[]) const char *pers = "ssl_client2"; +#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = 0; psa_key_attributes_t key_attributes; #endif psa_status_t status; +#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) + psa_status_t status; +#endif rng_context_t rng; mbedtls_ssl_context ssl; @@ -833,7 +850,9 @@ int main(int argc, char *argv[]) mbedtls_x509_crt clicert; mbedtls_pk_context pkey; mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ +#endif #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ char *p, *q; const int *list; @@ -858,9 +877,10 @@ int main(int argc, char *argv[]) MBEDTLS_TLS_SRTP_UNSET }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); @@ -887,6 +907,7 @@ int main(int argc, char *argv[]) memset((void *) alpn_list, 0, sizeof(alpn_list)); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", @@ -894,6 +915,7 @@ int main(int argc, char *argv[]) ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto exit; } +#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) mbedtls_test_enable_insecure_external_rng(); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ @@ -920,13 +942,17 @@ int main(int argc, char *argv[]) opt.key_opaque = DFL_KEY_OPAQUE; opt.key_pwd = DFL_KEY_PWD; opt.psk = DFL_PSK; +#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.psk_opaque = DFL_PSK_OPAQUE; +#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) opt.ca_callback = DFL_CA_CALLBACK; #endif opt.psk_identity = DFL_PSK_IDENTITY; opt.ecjpake_pw = DFL_ECJPAKE_PW; +#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; +#endif opt.ec_max_ops = DFL_EC_MAX_OPS; opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -1101,7 +1127,7 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "key_pwd") == 0) { opt.key_pwd = q; } -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) else if (strcmp(p, "key_opaque") == 0) { opt.key_opaque = atoi(q); } @@ -1126,9 +1152,11 @@ int main(int argc, char *argv[]) else if (strcmp(p, "psk") == 0) { opt.psk = q; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "psk_opaque") == 0) { opt.psk_opaque = atoi(q); } +#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) else if (strcmp(p, "ca_callback") == 0) { opt.ca_callback = atoi(q); @@ -1139,9 +1167,11 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "ecjpake_pw") == 0) { opt.ecjpake_pw = q; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); } +#endif else if (strcmp(p, "ec_max_ops") == 0) { opt.ec_max_ops = atoi(q); } else if (strcmp(p, "force_ciphersuite") == 0) { @@ -1470,6 +1500,7 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { if (opt.psk == NULL) { mbedtls_printf("psk_opaque set but no psk to be imported specified.\n"); @@ -1484,6 +1515,7 @@ int main(int argc, char *argv[]) goto usage; } } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (opt.force_ciphersuite[0] > 0) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -1518,6 +1550,7 @@ int main(int argc, char *argv[]) } } +#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0) { /* Determine KDF algorithm the opaque PSK will be used in. */ @@ -1529,6 +1562,7 @@ int main(int argc, char *argv[]) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -1752,6 +1786,7 @@ int main(int argc, char *argv[]) goto exit; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.key_opaque != 0) { psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; psa_key_usage_t usage = 0; @@ -1770,6 +1805,7 @@ int main(int argc, char *argv[]) } } } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf(" ok (key type: %s)\n", strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ? @@ -1970,6 +2006,7 @@ int main(int argc, char *argv[]) #endif #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); @@ -1990,6 +2027,7 @@ int main(int argc, char *argv[]) goto exit; } } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (psk_len > 0) { ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len, (const unsigned char *) opt.psk_identity, @@ -2060,6 +2098,7 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (opt.ecjpake_pw != DFL_ECJPAKE_PW) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -2085,6 +2124,7 @@ int main(int argc, char *argv[]) } mbedtls_printf("using opaque password\n"); } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ { if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, (const unsigned char *) opt.ecjpake_pw, @@ -3166,10 +3206,13 @@ int main(int argc, char *argv[]) mbedtls_x509_crt_free(&clicert); mbedtls_x509_crt_free(&cacert); mbedtls_pk_free(&pkey); +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(key_slot); +#endif #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { /* This is ok even if the slot hasn't been * initialized (we might have jumed here @@ -3186,9 +3229,11 @@ int main(int argc, char *argv[]) } } } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && + MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) /* * In case opaque keys it's the user responsibility to keep the key valid * for the duration of the handshake and destroy it at the end @@ -3207,8 +3252,9 @@ int main(int argc, char *argv[]) psa_destroy_key(ecjpake_pw_slot); } } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) const char *message = mbedtls_test_helper_is_psa_leaking(); if (message) { if (ret == 0) { @@ -3216,11 +3262,14 @@ int main(int argc, char *argv[]) } mbedtls_printf("PSA memory leak detected: %s\n", message); } +#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto * resources are freed by rng_free(). */ +#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \ !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); +#endif rng_free(&rng); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index cb933e7e6d..639fe5616e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -53,7 +53,9 @@ int main(void) #include #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "test/psa_crypto_helpers.h" +#endif #include "mbedtls/pk.h" #if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) @@ -203,7 +205,7 @@ int main(void) #else #define USAGE_IO "" #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #define USAGE_KEY_OPAQUE \ " key_opaque=%%d Handle your private keys as if they were opaque\n" \ " default: 0 (disabled)\n" @@ -246,6 +248,7 @@ int main(void) " The PSK values are in hex, without 0x.\n" \ " id1,psk1[,id2,psk2[,...]]\n" \ " psk_identity=%%s default: \"Client_identity\"\n" +#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_PSK_SLOT \ " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \ " Enable this to store the PSK configured through command line\n" \ @@ -267,6 +270,7 @@ int main(void) " with prepopulated key slots instead of importing raw key material.\n" #else #define USAGE_PSK_SLOT "" +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT #else #define USAGE_PSK "" @@ -415,9 +419,14 @@ int main(void) #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_ECJPAKE \ " ecjpake_pw=%%s default: none (disabled)\n" \ " ecjpake_pw_opaque=%%d default: 0 (disabled)\n" +#else /* MBEDTLS_USE_PSA_CRYPTO */ +#define USAGE_ECJPAKE \ + " ecjpake_pw=%%s default: none (disabled)\n" +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #define USAGE_ECJPAKE "" #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -632,8 +641,10 @@ struct options { int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */ int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */ int async_private_error; /* inject error in async private callback */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) int psk_opaque; int psk_list_opaque; +#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback; /* Use callback for trusted certificate list */ #endif @@ -641,7 +652,9 @@ struct options { const char *psk_identity; /* the pre-shared key identity */ char *psk_list; /* list of PSK id/key pairs for callback */ const char *ecjpake_pw; /* the EC J-PAKE password */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ +#endif int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */ @@ -949,7 +962,9 @@ struct _psk_entry { const char *name; size_t key_len; unsigned char key[MBEDTLS_PSK_MAX_LEN]; +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t slot; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ psk_entry *next; }; @@ -961,6 +976,7 @@ static int psk_free(psk_entry *head) psk_entry *next; while (head != NULL) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; mbedtls_svc_key_id_t const slot = head->slot; @@ -970,6 +986,7 @@ static int psk_free(psk_entry *head) return status; } } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ next = head->next; mbedtls_free(head); @@ -1035,9 +1052,11 @@ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl, while (cur != NULL) { if (name_len == strlen(cur->name) && memcmp(name, cur->name, name_len) == 0) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) { return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot); } else +#endif return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len); } @@ -1283,6 +1302,7 @@ static void ssl_async_cancel(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot, psa_algorithm_t alg, @@ -1306,6 +1326,7 @@ static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot, return PSA_SUCCESS; } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) static int report_cid_usage(mbedtls_ssl_context *ssl, @@ -1522,8 +1543,10 @@ int main(int argc, char *argv[]) io_ctx_t io_ctx; unsigned char *buf = 0; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg = 0; mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char psk[MBEDTLS_PSK_MAX_LEN]; size_t psk_len = 0; psk_entry *psk_info = NULL; @@ -1551,8 +1574,10 @@ int main(int argc, char *argv[]) mbedtls_x509_crt srvcert2; mbedtls_pk_context pkey2; mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ +#endif int key_cert_init = 0, key_cert_init2 = 0; #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) @@ -1584,9 +1609,10 @@ int main(int argc, char *argv[]) unsigned char *context_buf = NULL; size_t context_buf_len = 0; #endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) uint16_t sig_alg_list[SIG_ALG_LIST_SIZE]; @@ -1595,7 +1621,9 @@ int main(int argc, char *argv[]) int i; char *p, *q; const int *list; +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) psa_status_t status; +#endif unsigned char eap_tls_keymaterial[16]; unsigned char eap_tls_iv[8]; const char *eap_tls_label = "client EAP encryption"; @@ -1656,6 +1684,7 @@ int main(int argc, char *argv[]) mbedtls_ssl_cookie_init(&cookie_ctx); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", @@ -1663,6 +1692,7 @@ int main(int argc, char *argv[]) ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto exit; } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) mbedtls_test_enable_insecure_external_rng(); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ @@ -1701,15 +1731,19 @@ int main(int argc, char *argv[]) opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2; opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR; opt.psk = DFL_PSK; +#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.psk_opaque = DFL_PSK_OPAQUE; opt.psk_list_opaque = DFL_PSK_LIST_OPAQUE; +#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) opt.ca_callback = DFL_CA_CALLBACK; #endif opt.psk_identity = DFL_PSK_IDENTITY; opt.psk_list = DFL_PSK_LIST; opt.ecjpake_pw = DFL_ECJPAKE_PW; +#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; +#endif opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES; @@ -1890,7 +1924,7 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "key_pwd") == 0) { opt.key_pwd = q; } -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) else if (strcmp(p, "key_opaque") == 0) { opt.key_opaque = atoi(q); } @@ -1939,11 +1973,13 @@ int main(int argc, char *argv[]) else if (strcmp(p, "psk") == 0) { opt.psk = q; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "psk_opaque") == 0) { opt.psk_opaque = atoi(q); } else if (strcmp(p, "psk_list_opaque") == 0) { opt.psk_list_opaque = atoi(q); } +#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) else if (strcmp(p, "ca_callback") == 0) { opt.ca_callback = atoi(q); @@ -1956,9 +1992,11 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "ecjpake_pw") == 0) { opt.ecjpake_pw = q; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); } +#endif else if (strcmp(p, "force_ciphersuite") == 0) { opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); @@ -2329,6 +2367,7 @@ int main(int argc, char *argv[]) goto exit; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { if (strlen(opt.psk) == 0) { mbedtls_printf("psk_opaque set but no psk to be imported specified.\n"); @@ -2358,6 +2397,7 @@ int main(int argc, char *argv[]) goto usage; } } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (opt.force_ciphersuite[0] > 0) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -2387,6 +2427,7 @@ int main(int argc, char *argv[]) opt.min_version = ciphersuite_info->min_tls_version; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) { /* Determine KDF algorithm the opaque PSK will be used in. */ @@ -2398,6 +2439,7 @@ int main(int argc, char *argv[]) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -2690,6 +2732,7 @@ int main(int argc, char *argv[]) #endif /* PSA_HAVE_ALG_SOME_ECDSA && PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ } +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.key_opaque != 0) { psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; psa_key_usage_t psa_usage = 0; @@ -2725,6 +2768,7 @@ int main(int argc, char *argv[]) } } } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf(" ok (key types: %s, %s)\n", key_cert_init ? mbedtls_pk_get_name(&pkey) : "none", @@ -3138,6 +3182,7 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (strlen(opt.psk) != 0 && strlen(opt.psk_identity) != 0) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { /* The algorithm has already been determined earlier. */ status = psa_setup_psk_key_slot(&psk_slot, alg, psk, psk_len); @@ -3154,6 +3199,7 @@ int main(int argc, char *argv[]) goto exit; } } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (psk_len > 0) { ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len, (const unsigned char *) opt.psk_identity, @@ -3167,6 +3213,7 @@ int main(int argc, char *argv[]) } if (opt.psk_list != NULL) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_list_opaque != 0) { psk_entry *cur_psk; for (cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next) { @@ -3180,6 +3227,7 @@ int main(int argc, char *argv[]) } } } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_ssl_conf_psk_cb(&conf, psk_callback, psk_info); } @@ -3336,6 +3384,7 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (opt.ecjpake_pw != DFL_ECJPAKE_PW) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -3361,6 +3410,7 @@ int main(int argc, char *argv[]) } mbedtls_printf("using opaque password\n"); } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ { if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, (const unsigned char *) opt.ecjpake_pw, @@ -4203,9 +4253,11 @@ int main(int argc, char *argv[]) mbedtls_pk_free(&pkey); mbedtls_x509_crt_free(&srvcert2); mbedtls_pk_free(&pkey2); +#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(key_slot); psa_destroy_key(key_slot2); #endif +#endif #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) { @@ -4217,7 +4269,8 @@ int main(int argc, char *argv[]) } #endif -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { /* This is ok even if the slot hasn't been * initialized (we might have jumed here @@ -4231,9 +4284,11 @@ int main(int argc, char *argv[]) (int) status); } } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && + MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) /* * In case opaque keys it's the user responsibility to keep the key valid * for the duration of the handshake and destroy it at the end @@ -4252,8 +4307,9 @@ int main(int argc, char *argv[]) psa_destroy_key(ecjpake_pw_slot); } } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) const char *message = mbedtls_test_helper_is_psa_leaking(); if (message) { if (ret == 0) { @@ -4261,10 +4317,12 @@ int main(int argc, char *argv[]) } mbedtls_printf("PSA memory leak detected: %s\n", message); } +#endif /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto * resources are freed by rng_free(). */ -#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) +#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) \ + && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); #endif From 62278dc93d5845e1e8356edb25281bb78ce195f2 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 6 Jun 2025 08:17:22 +0100 Subject: [PATCH 0797/1548] remove MBEDTLS_USE_PSA_CRYPTO from ssl progs Signed-off-by: Ben Taylor --- programs/ssl/ssl_client2.c | 68 +++++---------------------------- programs/ssl/ssl_server2.c | 78 +++++--------------------------------- 2 files changed, 18 insertions(+), 128 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d5e7fdf304..8c0453d6e3 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -9,9 +9,7 @@ #include "ssl_test_lib.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "test/psa_crypto_helpers.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) int main(void) @@ -145,7 +143,7 @@ int main(void) #else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #define USAGE_IO "" #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #define USAGE_KEY_OPAQUE \ " key_opaque=%%d Handle your private key as if it were opaque\n" \ " default: 0 (disabled)\n" @@ -172,7 +170,6 @@ int main(void) " psk=%%s default: \"\" (disabled)\n" \ " The PSK values are in hex, without 0x.\n" \ " psk_identity=%%s default: \"Client_identity\"\n" -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_PSK_SLOT \ " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \ " Enable this to store the PSK configured through command line\n" \ @@ -183,9 +180,6 @@ int main(void) " Note: This is to test integration of PSA-based opaque PSKs with\n" \ " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \ " with prepopulated key slots instead of importing raw key material.\n" -#else -#define USAGE_PSK_SLOT "" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT #else #define USAGE_PSK "" @@ -309,14 +303,9 @@ int main(void) #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_ECJPAKE \ " ecjpake_pw=%%s default: none (disabled)\n" \ " ecjpake_pw_opaque=%%d default: 0 (disabled)\n" -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#define USAGE_ECJPAKE \ - " ecjpake_pw=%%s default: none (disabled)\n" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #define USAGE_ECJPAKE "" #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -488,9 +477,7 @@ struct options { const char *crt_file; /* the file with the client certificate */ const char *key_file; /* the file with the client key */ int key_opaque; /* handle private key as if it were opaque */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int psk_opaque; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback; /* Use callback for trusted certificate list */ #endif @@ -498,9 +485,7 @@ struct options { const char *psk; /* the pre-shared key */ const char *psk_identity; /* the pre-shared key identity */ const char *ecjpake_pw; /* the EC J-PAKE password */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ -#endif int ec_max_ops; /* EC consecutive operations limit */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -824,16 +809,12 @@ int main(int argc, char *argv[]) const char *pers = "ssl_client2"; -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = 0; psa_key_attributes_t key_attributes; #endif psa_status_t status; -#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) - psa_status_t status; -#endif rng_context_t rng; mbedtls_ssl_context ssl; @@ -850,9 +831,7 @@ int main(int argc, char *argv[]) mbedtls_x509_crt clicert; mbedtls_pk_context pkey; mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ -#endif #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ char *p, *q; const int *list; @@ -877,10 +856,9 @@ int main(int argc, char *argv[]) MBEDTLS_TLS_SRTP_UNSET }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */ -#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); @@ -907,7 +885,6 @@ int main(int argc, char *argv[]) memset((void *) alpn_list, 0, sizeof(alpn_list)); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", @@ -915,7 +892,6 @@ int main(int argc, char *argv[]) ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) mbedtls_test_enable_insecure_external_rng(); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ @@ -942,17 +918,13 @@ int main(int argc, char *argv[]) opt.key_opaque = DFL_KEY_OPAQUE; opt.key_pwd = DFL_KEY_PWD; opt.psk = DFL_PSK; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.psk_opaque = DFL_PSK_OPAQUE; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) opt.ca_callback = DFL_CA_CALLBACK; #endif opt.psk_identity = DFL_PSK_IDENTITY; opt.ecjpake_pw = DFL_ECJPAKE_PW; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; -#endif opt.ec_max_ops = DFL_EC_MAX_OPS; opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -1127,7 +1099,7 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "key_pwd") == 0) { opt.key_pwd = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) else if (strcmp(p, "key_opaque") == 0) { opt.key_opaque = atoi(q); } @@ -1152,11 +1124,9 @@ int main(int argc, char *argv[]) else if (strcmp(p, "psk") == 0) { opt.psk = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "psk_opaque") == 0) { opt.psk_opaque = atoi(q); } -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) else if (strcmp(p, "ca_callback") == 0) { opt.ca_callback = atoi(q); @@ -1167,11 +1137,9 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "ecjpake_pw") == 0) { opt.ecjpake_pw = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); } -#endif else if (strcmp(p, "ec_max_ops") == 0) { opt.ec_max_ops = atoi(q); } else if (strcmp(p, "force_ciphersuite") == 0) { @@ -1500,7 +1468,6 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { if (opt.psk == NULL) { mbedtls_printf("psk_opaque set but no psk to be imported specified.\n"); @@ -1515,7 +1482,6 @@ int main(int argc, char *argv[]) goto usage; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (opt.force_ciphersuite[0] > 0) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -1550,7 +1516,6 @@ int main(int argc, char *argv[]) } } -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0) { /* Determine KDF algorithm the opaque PSK will be used in. */ @@ -1562,7 +1527,6 @@ int main(int argc, char *argv[]) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -1786,7 +1750,6 @@ int main(int argc, char *argv[]) goto exit; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.key_opaque != 0) { psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; psa_key_usage_t usage = 0; @@ -1805,7 +1768,6 @@ int main(int argc, char *argv[]) } } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf(" ok (key type: %s)\n", strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ? @@ -2006,7 +1968,6 @@ int main(int argc, char *argv[]) #endif #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { key_attributes = psa_key_attributes_init(); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); @@ -2027,7 +1988,6 @@ int main(int argc, char *argv[]) goto exit; } } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (psk_len > 0) { ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len, (const unsigned char *) opt.psk_identity, @@ -2098,7 +2058,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (opt.ecjpake_pw != DFL_ECJPAKE_PW) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -2124,7 +2083,6 @@ int main(int argc, char *argv[]) } mbedtls_printf("using opaque password\n"); } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ { if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, (const unsigned char *) opt.ecjpake_pw, @@ -3206,13 +3164,10 @@ int main(int argc, char *argv[]) mbedtls_x509_crt_free(&clicert); mbedtls_x509_crt_free(&cacert); mbedtls_pk_free(&pkey); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(key_slot); -#endif #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0) { /* This is ok even if the slot hasn't been * initialized (we might have jumed here @@ -3229,11 +3184,9 @@ int main(int argc, char *argv[]) } } } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && - MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* * In case opaque keys it's the user responsibility to keep the key valid * for the duration of the handshake and destroy it at the end @@ -3252,9 +3205,8 @@ int main(int argc, char *argv[]) psa_destroy_key(ecjpake_pw_slot); } } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) const char *message = mbedtls_test_helper_is_psa_leaking(); if (message) { if (ret == 0) { @@ -3262,12 +3214,10 @@ int main(int argc, char *argv[]) } mbedtls_printf("PSA memory leak detected: %s\n", message); } -#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto * resources are freed by rng_free(). */ -#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \ - !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) +#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); #endif diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 639fe5616e..e463c63046 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -53,9 +53,7 @@ int main(void) #include #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "test/psa_crypto_helpers.h" -#endif #include "mbedtls/pk.h" #if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) @@ -205,7 +203,7 @@ int main(void) #else #define USAGE_IO "" #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #define USAGE_KEY_OPAQUE \ " key_opaque=%%d Handle your private keys as if they were opaque\n" \ " default: 0 (disabled)\n" @@ -248,7 +246,6 @@ int main(void) " The PSK values are in hex, without 0x.\n" \ " id1,psk1[,id2,psk2[,...]]\n" \ " psk_identity=%%s default: \"Client_identity\"\n" -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_PSK_SLOT \ " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \ " Enable this to store the PSK configured through command line\n" \ @@ -268,9 +265,6 @@ int main(void) " Note: This is to test integration of PSA-based opaque PSKs with\n" \ " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \ " with prepopulated key slots instead of importing raw key material.\n" -#else -#define USAGE_PSK_SLOT "" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT #else #define USAGE_PSK "" @@ -419,14 +413,9 @@ int main(void) #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USAGE_ECJPAKE \ " ecjpake_pw=%%s default: none (disabled)\n" \ " ecjpake_pw_opaque=%%d default: 0 (disabled)\n" -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#define USAGE_ECJPAKE \ - " ecjpake_pw=%%s default: none (disabled)\n" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #define USAGE_ECJPAKE "" #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -641,10 +630,8 @@ struct options { int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */ int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */ int async_private_error; /* inject error in async private callback */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int psk_opaque; int psk_list_opaque; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback; /* Use callback for trusted certificate list */ #endif @@ -652,9 +639,7 @@ struct options { const char *psk_identity; /* the pre-shared key identity */ char *psk_list; /* list of PSK id/key pairs for callback */ const char *ecjpake_pw; /* the EC J-PAKE password */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ -#endif int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */ @@ -962,9 +947,7 @@ struct _psk_entry { const char *name; size_t key_len; unsigned char key[MBEDTLS_PSK_MAX_LEN]; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t slot; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ psk_entry *next; }; @@ -976,7 +959,6 @@ static int psk_free(psk_entry *head) psk_entry *next; while (head != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; mbedtls_svc_key_id_t const slot = head->slot; @@ -986,7 +968,6 @@ static int psk_free(psk_entry *head) return status; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ next = head->next; mbedtls_free(head); @@ -1052,11 +1033,9 @@ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl, while (cur != NULL) { if (name_len == strlen(cur->name) && memcmp(name, cur->name, name_len) == 0) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) { return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot); } else -#endif return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len); } @@ -1302,7 +1281,6 @@ static void ssl_async_cancel(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot, psa_algorithm_t alg, @@ -1326,7 +1304,6 @@ static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot, return PSA_SUCCESS; } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) static int report_cid_usage(mbedtls_ssl_context *ssl, @@ -1543,10 +1520,8 @@ int main(int argc, char *argv[]) io_ctx_t io_ctx; unsigned char *buf = 0; #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg = 0; mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char psk[MBEDTLS_PSK_MAX_LEN]; size_t psk_len = 0; psk_entry *psk_info = NULL; @@ -1574,10 +1549,8 @@ int main(int argc, char *argv[]) mbedtls_x509_crt srvcert2; mbedtls_pk_context pkey2; mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */ -#endif int key_cert_init = 0, key_cert_init2 = 0; #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) @@ -1609,10 +1582,9 @@ int main(int argc, char *argv[]) unsigned char *context_buf = NULL; size_t context_buf_len = 0; #endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */ -#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) uint16_t sig_alg_list[SIG_ALG_LIST_SIZE]; @@ -1621,9 +1593,7 @@ int main(int argc, char *argv[]) int i; char *p, *q; const int *list; -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) psa_status_t status; -#endif unsigned char eap_tls_keymaterial[16]; unsigned char eap_tls_iv[8]; const char *eap_tls_label = "client EAP encryption"; @@ -1684,7 +1654,6 @@ int main(int argc, char *argv[]) mbedtls_ssl_cookie_init(&cookie_ctx); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", @@ -1692,7 +1661,6 @@ int main(int argc, char *argv[]) ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto exit; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) mbedtls_test_enable_insecure_external_rng(); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ @@ -1731,19 +1699,15 @@ int main(int argc, char *argv[]) opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2; opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR; opt.psk = DFL_PSK; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.psk_opaque = DFL_PSK_OPAQUE; opt.psk_list_opaque = DFL_PSK_LIST_OPAQUE; -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) opt.ca_callback = DFL_CA_CALLBACK; #endif opt.psk_identity = DFL_PSK_IDENTITY; opt.psk_list = DFL_PSK_LIST; opt.ecjpake_pw = DFL_ECJPAKE_PW; -#if defined(MBEDTLS_USE_PSA_CRYPTO) opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; -#endif opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES; @@ -1924,7 +1888,7 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "key_pwd") == 0) { opt.key_pwd = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) else if (strcmp(p, "key_opaque") == 0) { opt.key_opaque = atoi(q); } @@ -1973,13 +1937,11 @@ int main(int argc, char *argv[]) else if (strcmp(p, "psk") == 0) { opt.psk = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "psk_opaque") == 0) { opt.psk_opaque = atoi(q); } else if (strcmp(p, "psk_list_opaque") == 0) { opt.psk_list_opaque = atoi(q); } -#endif #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) else if (strcmp(p, "ca_callback") == 0) { opt.ca_callback = atoi(q); @@ -1992,11 +1954,9 @@ int main(int argc, char *argv[]) } else if (strcmp(p, "ecjpake_pw") == 0) { opt.ecjpake_pw = q; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); } -#endif else if (strcmp(p, "force_ciphersuite") == 0) { opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); @@ -2367,7 +2327,6 @@ int main(int argc, char *argv[]) goto exit; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { if (strlen(opt.psk) == 0) { mbedtls_printf("psk_opaque set but no psk to be imported specified.\n"); @@ -2397,7 +2356,6 @@ int main(int argc, char *argv[]) goto usage; } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (opt.force_ciphersuite[0] > 0) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -2427,7 +2385,6 @@ int main(int argc, char *argv[]) opt.min_version = ciphersuite_info->min_tls_version; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) { /* Determine KDF algorithm the opaque PSK will be used in. */ @@ -2439,7 +2396,6 @@ int main(int argc, char *argv[]) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -2732,7 +2688,6 @@ int main(int argc, char *argv[]) #endif /* PSA_HAVE_ALG_SOME_ECDSA && PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ } -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.key_opaque != 0) { psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; psa_key_usage_t psa_usage = 0; @@ -2768,7 +2723,6 @@ int main(int argc, char *argv[]) } } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf(" ok (key types: %s, %s)\n", key_cert_init ? mbedtls_pk_get_name(&pkey) : "none", @@ -3182,7 +3136,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (strlen(opt.psk) != 0 && strlen(opt.psk_identity) != 0) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_opaque != 0) { /* The algorithm has already been determined earlier. */ status = psa_setup_psk_key_slot(&psk_slot, alg, psk, psk_len); @@ -3199,7 +3152,6 @@ int main(int argc, char *argv[]) goto exit; } } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (psk_len > 0) { ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len, (const unsigned char *) opt.psk_identity, @@ -3213,7 +3165,6 @@ int main(int argc, char *argv[]) } if (opt.psk_list != NULL) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.psk_list_opaque != 0) { psk_entry *cur_psk; for (cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next) { @@ -3227,7 +3178,6 @@ int main(int argc, char *argv[]) } } } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_ssl_conf_psk_cb(&conf, psk_callback, psk_info); } @@ -3384,7 +3334,6 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (opt.ecjpake_pw != DFL_ECJPAKE_PW) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -3410,7 +3359,6 @@ int main(int argc, char *argv[]) } mbedtls_printf("using opaque password\n"); } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ { if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, (const unsigned char *) opt.ecjpake_pw, @@ -4253,11 +4201,9 @@ int main(int argc, char *argv[]) mbedtls_pk_free(&pkey); mbedtls_x509_crt_free(&srvcert2); mbedtls_pk_free(&pkey2); -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(key_slot); psa_destroy_key(key_slot2); #endif -#endif #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) { @@ -4269,8 +4215,7 @@ int main(int argc, char *argv[]) } #endif -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0) { /* This is ok even if the slot hasn't been * initialized (we might have jumed here @@ -4284,11 +4229,9 @@ int main(int argc, char *argv[]) (int) status); } } -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED && - MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* * In case opaque keys it's the user responsibility to keep the key valid * for the duration of the handshake and destroy it at the end @@ -4307,9 +4250,8 @@ int main(int argc, char *argv[]) psa_destroy_key(ecjpake_pw_slot); } } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) const char *message = mbedtls_test_helper_is_psa_leaking(); if (message) { if (ret == 0) { @@ -4317,12 +4259,10 @@ int main(int argc, char *argv[]) } mbedtls_printf("PSA memory leak detected: %s\n", message); } -#endif /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto * resources are freed by rng_free(). */ -#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) \ - && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) +#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); #endif From 0f21429af5422e764f5bba3e4e49e3cf5fcf0670 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 6 Jun 2025 08:31:48 +0100 Subject: [PATCH 0798/1548] Correct ifdef logic Signed-off-by: Ben Taylor --- programs/ssl/ssl_test_lib.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index ea5dbecb89..fbb0efff84 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -14,8 +14,7 @@ #include "mbedtls/md.h" #undef HAVE_RNG -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) || \ - defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) +#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) #define HAVE_RNG #elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) #define HAVE_RNG From 9020426b14ab2a84d5f186d97cdf9ef524bf39e8 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 9 Jun 2025 11:51:28 +0100 Subject: [PATCH 0799/1548] remove MBEDTLS_USE_PSA_CRYPTO from tests Signed-off-by: Ben Taylor --- tests/scripts/components-sanitizers.sh | 8 +-- tests/ssl-opt.sh | 9 ---- .../test_suite_constant_time_hmac.function | 51 ------------------- tests/suites/test_suite_ssl.data | 34 ++++++------- tests/suites/test_suite_ssl.function | 12 +---- tests/suites/test_suite_x509parse.data | 2 +- tests/suites/test_suite_x509write.data | 12 ++--- tests/suites/test_suite_x509write.function | 34 ++----------- 8 files changed, 33 insertions(+), 129 deletions(-) diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh index 45d0960a1d..26b149f69e 100644 --- a/tests/scripts/components-sanitizers.sh +++ b/tests/scripts/components-sanitizers.sh @@ -66,7 +66,7 @@ component_release_test_valgrind_constant_flow_no_asm () { # - or alternatively, build with debug info and manually run the offending # test suite with valgrind --track-origins=yes, then check if the origin # was TEST_CF_SECRET() or something else. - msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO, minus MBEDTLS_HAVE_ASM with constant flow testing" + msg "build: cmake release GCC, full config minus MBEDTLS_HAVE_ASM with constant flow testing" scripts/config.py full scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND scripts/config.py unset MBEDTLS_AESNI_C @@ -77,7 +77,7 @@ component_release_test_valgrind_constant_flow_no_asm () { # this only shows a summary of the results (how many of each type) # details are left in Testing//DynamicAnalysis.xml - msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, minus MBEDTLS_HAVE_ASM, valgrind + constant flow)" + msg "test: some suites (full minus MBEDTLS_HAVE_ASM, valgrind + constant flow)" make memcheck } @@ -150,7 +150,7 @@ component_test_memsan () { component_release_test_valgrind () { msg "build: Release (clang)" - # default config, in particular without MBEDTLS_USE_PSA_CRYPTO + # default config CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . make @@ -178,7 +178,7 @@ component_release_test_valgrind () { component_release_test_valgrind_psa () { msg "build: Release, full (clang)" - # full config, in particular with MBEDTLS_USE_PSA_CRYPTO + # full config scripts/config.py full CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . make diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c667cd14bd..36bde20bfc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9443,15 +9443,6 @@ run_test "EC restart: TLS, max_ops=65535" \ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" -# The following test cases for restartable ECDH come in two variants: -# * The "(USE_PSA)" variant expects the current behavior, which is the behavior -# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is disabled. This tests -# the partial implementation where ECDH in TLS is not actually restartable. -# * The "(no USE_PSA)" variant expects the desired behavior. These test -# cases cannot currently pass because the implementation of restartable ECC -# in TLS is partial: ECDH is not actually restartable. This is the behavior -# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled. -# # As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294, # we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test # cases. diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 0e870d80fd..057d104d0e 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -16,15 +16,10 @@ void ssl_cf_hmac(int hash) * Test the function mbedtls_ct_hmac() against a reference * implementation. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; -#else - mbedtls_md_context_t ctx, ref_ctx; - const mbedtls_md_info_t *md_info; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ size_t out_len, block_size; size_t min_in_len, in_len, max_in_len, i; /* TLS additional data is 13 bytes (hence the "lucky 13" name) */ @@ -36,7 +31,6 @@ void ssl_cf_hmac(int hash) USE_PSA_INIT(); -#if defined(MBEDTLS_USE_PSA_CRYPTO) alg = PSA_ALG_HMAC(mbedtls_md_psa_alg_from_type(hash)); out_len = PSA_HASH_LENGTH(alg); @@ -47,36 +41,15 @@ void ssl_cf_hmac(int hash) PSA_KEY_USAGE_VERIFY_HASH); psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(alg)); psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); -#else - mbedtls_md_init(&ctx); - mbedtls_md_init(&ref_ctx); - - md_info = mbedtls_md_info_from_type(hash); - TEST_ASSERT(md_info != NULL); - out_len = mbedtls_md_get_size(md_info); - TEST_ASSERT(out_len != 0); - block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Use allocated out buffer to catch overwrites */ TEST_CALLOC(out, out_len); -#if defined(MBEDTLS_USE_PSA_CRYPTO) /* Set up dummy key */ memset(ref_out, 42, sizeof(ref_out)); TEST_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, ref_out, out_len, &key)); -#else - /* Set up contexts with the given hash and a dummy key */ - TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 1)); - TEST_EQUAL(0, mbedtls_md_setup(&ref_ctx, md_info, 1)); - memset(ref_out, 42, sizeof(ref_out)); - TEST_EQUAL(0, mbedtls_md_hmac_starts(&ctx, ref_out, out_len)); - TEST_EQUAL(0, mbedtls_md_hmac_starts(&ref_ctx, ref_out, out_len)); - memset(ref_out, 0, sizeof(ref_out)); -#endif - /* * Test all possible lengths up to a point. The difference between * max_in_len and min_in_len is at most 255, and make sure they both vary @@ -101,22 +74,14 @@ void ssl_cf_hmac(int hash) /* Get the function's result */ TEST_CF_SECRET(&in_len, sizeof(in_len)); -#if defined(MBEDTLS_USE_PSA_CRYPTO) TEST_EQUAL(0, mbedtls_ct_hmac(key, PSA_ALG_HMAC(alg), add_data, sizeof(add_data), data, in_len, min_in_len, max_in_len, out)); -#else - TEST_EQUAL(0, mbedtls_ct_hmac(&ctx, add_data, sizeof(add_data), - data, in_len, - min_in_len, max_in_len, - out)); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ TEST_CF_PUBLIC(&in_len, sizeof(in_len)); TEST_CF_PUBLIC(out, out_len); -#if defined(MBEDTLS_USE_PSA_CRYPTO) TEST_EQUAL(PSA_SUCCESS, psa_mac_verify_setup(&operation, key, alg)); TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, @@ -125,17 +90,6 @@ void ssl_cf_hmac(int hash) data, in_len)); TEST_EQUAL(PSA_SUCCESS, psa_mac_verify_finish(&operation, out, out_len)); -#else - /* Compute the reference result */ - TEST_EQUAL(0, mbedtls_md_hmac_update(&ref_ctx, add_data, - sizeof(add_data))); - TEST_EQUAL(0, mbedtls_md_hmac_update(&ref_ctx, data, in_len)); - TEST_EQUAL(0, mbedtls_md_hmac_finish(&ref_ctx, ref_out)); - TEST_EQUAL(0, mbedtls_md_hmac_reset(&ref_ctx)); - - /* Compare */ - TEST_MEMORY_COMPARE(out, out_len, ref_out, out_len); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } mbedtls_free(data); @@ -143,13 +97,8 @@ void ssl_cf_hmac(int hash) } exit: -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_mac_abort(&operation); psa_destroy_key(key); -#else - mbedtls_md_free(&ref_ctx); - mbedtls_md_free(&ctx); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_free(data); mbedtls_free(out); diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 378c5339fe..ec62c2cb2e 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -440,23 +440,23 @@ depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_R handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque @@ -464,19 +464,19 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256 -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque @@ -484,15 +484,15 @@ depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDIN handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque @@ -500,19 +500,19 @@ depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_P handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_PSA_CRYPTO_C handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_PSA_CRYPTO_C handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Sending app data via TLS, MFL=512 without fragmentation @@ -3236,7 +3236,7 @@ depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED ssl_ecjpake_set_password:0 EC-JPAKE set opaque password -depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED ssl_ecjpake_set_password:1 Test Elliptic curves' info parsing diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 918edd5aca..c70080317c 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3422,7 +3422,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ void test_multiple_psks_opaque(int mode) { /* @@ -3768,7 +3768,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ void raw_key_agreement_fail(int bad_server_ecdhe_key) { enum { BUFFSIZE = 17000 }; @@ -3941,11 +3941,7 @@ void ssl_ecjpake_set_password(int use_opaque_arg) { mbedtls_ssl_context ssl; mbedtls_ssl_config conf; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t pwd_slot = MBEDTLS_SVC_KEY_ID_INIT; -#else /* MBEDTLS_USE_PSA_CRYPTO */ - (void) use_opaque_arg; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char pwd_string[sizeof(ECJPAKE_TEST_PWD)] = ""; size_t pwd_len = 0; int ret; @@ -3971,7 +3967,6 @@ void ssl_ecjpake_set_password(int use_opaque_arg) pwd_len = strlen(ECJPAKE_TEST_PWD); memcpy(pwd_string, ECJPAKE_TEST_PWD, pwd_len); -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (use_opaque_arg) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -3998,16 +3993,13 @@ void ssl_ecjpake_set_password(int use_opaque_arg) PSA_ASSERT(psa_import_key(&attributes, pwd_string, pwd_len, &pwd_slot)); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* final check which should work without errors */ ECJPAKE_TEST_SET_PASSWORD(0); -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (use_opaque_arg) { psa_destroy_key(pwd_slot); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index c2a7f30fd9..14e7afa740 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -900,7 +900,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_ x509_verify:"../framework/data_files/server9-defaults.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #68 (RSASSA-PSS, wrong salt_len, USE_PSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 x509_verify:"../framework/data_files/server9-bad-saltlen.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #70 (v1 trusted CA) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 3860076d2c..4d57a8fb69 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -123,23 +123,23 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"../framework/data_files/server1.ca_noauthid.crt":1:1:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.crt":2:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"../framework/data_files/server1.key_usage.crt":2:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"../framework/data_files/server1.cert_type.crt":2:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"../framework/data_files/server1.v1.crt":2:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.ca.crt":2:1:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Full length serial @@ -159,7 +159,7 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINIST x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"../framework/data_files/server5.crt":0:0:"../framework/data_files/test-ca2.crt":0 Certificate write check Server5 ECDSA, Opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_USE_PSA_CRYPTO +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256 x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"../framework/data_files/test-ca2.crt":0 Certificate write check Server1 SHA1, SubjectAltNames diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index e0aad90a04..f42349cb5b 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -15,8 +15,7 @@ #endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "mbedtls/psa_util.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C) +#if defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C) static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) { unsigned char hash[PSA_HASH_MAX_SIZE]; @@ -53,7 +52,7 @@ cleanup: mbedtls_x509_csr_free(&csr); return ret; } -#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */ +#endif /* MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */ #if defined(MBEDTLS_X509_CSR_WRITE_C) @@ -131,11 +130,6 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, mbedtls_x509write_csr req; unsigned char buf[4096]; int ret; -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - unsigned char check_buf[4000]; - FILE *f; - size_t olen = 0; -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ size_t pem_len = 0, buf_index; int der_len = -1; const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; @@ -215,20 +209,10 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, TEST_ASSERT(buf[buf_index] == 0); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) // When using PSA crypto, RNG isn't controllable, so cert_req_check_file can't be used (void) cert_req_check_file; buf[pem_len] = '\0'; TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0); -#else - f = fopen(cert_req_check_file, "r"); - TEST_ASSERT(f != NULL); - olen = fread(check_buf, 1, sizeof(check_buf), f); - fclose(f); - - TEST_ASSERT(olen >= pem_len - 1); - TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf)); TEST_ASSERT(der_len >= 0); @@ -237,14 +221,10 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, goto exit; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) // When using PSA crypto, RNG isn't controllable, result length isn't // deterministic over multiple runs, removing a single byte isn't enough to // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case der_len /= 2; -#else - der_len -= 1; -#endif ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len)); TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); @@ -256,7 +236,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C:MBEDTLS_USE_PSA_CRYPTO */ +/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage, int cert_type) { @@ -342,10 +322,8 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, int der_len = -1; FILE *f; mbedtls_test_rnd_pseudo_info rnd_info; -#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; -#endif mbedtls_pk_type_t issuer_key_type; mbedtls_x509_san_list san_ip; mbedtls_x509_san_list san_dns; @@ -409,7 +387,6 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, issuer_key_type = mbedtls_pk_get_type(&issuer_key); -#if defined(MBEDTLS_USE_PSA_CRYPTO) /* Turn the issuer PK context into an opaque one. */ if (pk_wrap == 2) { TEST_EQUAL(mbedtls_pk_get_psa_attributes(&issuer_key, PSA_KEY_USAGE_SIGN_HASH, @@ -419,7 +396,6 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, mbedtls_pk_init(&issuer_key); TEST_EQUAL(mbedtls_pk_wrap_psa(&issuer_key, key_id), 0); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (pk_wrap == 2) { TEST_ASSERT(mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_OPAQUE); @@ -570,14 +546,12 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, TEST_ASSERT(p < end); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) // When using PSA crypto, RNG isn't controllable, result length isn't // deterministic over multiple runs, removing a single byte isn't enough to // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case if (issuer_key_type != MBEDTLS_PK_RSA) { der_len /= 2; } else -#endif der_len -= 1; ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len)); @@ -592,9 +566,7 @@ exit: #if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) mbedtls_mpi_free(&serial_mpi); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(key_id); -#endif MD_OR_USE_PSA_DONE(); } /* END_CASE */ From a4915abc5628bd498dbe64272c9895141b9ef817 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 9 Jun 2025 13:30:39 +0100 Subject: [PATCH 0800/1548] fix code style issues Signed-off-by: Ben Taylor --- programs/ssl/ssl_client2.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 8c0453d6e3..1ce4e46b1c 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1123,8 +1123,7 @@ int main(int argc, char *argv[]) #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ else if (strcmp(p, "psk") == 0) { opt.psk = q; - } - else if (strcmp(p, "psk_opaque") == 0) { + } else if (strcmp(p, "psk_opaque") == 0) { opt.psk_opaque = atoi(q); } #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) @@ -1136,11 +1135,9 @@ int main(int argc, char *argv[]) opt.psk_identity = q; } else if (strcmp(p, "ecjpake_pw") == 0) { opt.ecjpake_pw = q; - } - else if (strcmp(p, "ecjpake_pw_opaque") == 0) { + } else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); - } - else if (strcmp(p, "ec_max_ops") == 0) { + } else if (strcmp(p, "ec_max_ops") == 0) { opt.ec_max_ops = atoi(q); } else if (strcmp(p, "force_ciphersuite") == 0) { opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); @@ -2082,8 +2079,7 @@ int main(int argc, char *argv[]) goto exit; } mbedtls_printf("using opaque password\n"); - } else - { + } else { if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, (const unsigned char *) opt.ecjpake_pw, strlen(opt.ecjpake_pw))) != 0) { From 98ecfdb440aeccb714014a89286401bb08c88ea5 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 10 Jun 2025 07:47:13 +0100 Subject: [PATCH 0801/1548] corrected code style Signed-off-by: Ben Taylor --- programs/ssl/ssl_server2.c | 14 ++++++-------- tests/suites/test_suite_x509write.function | 5 +++-- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index e463c63046..28623bfc84 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1035,8 +1035,9 @@ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl, memcmp(name, cur->name, name_len) == 0) { if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) { return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot); - } else - return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len); + } else { + return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len); + } } cur = cur->next; @@ -1936,8 +1937,7 @@ int main(int argc, char *argv[]) #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ else if (strcmp(p, "psk") == 0) { opt.psk = q; - } - else if (strcmp(p, "psk_opaque") == 0) { + } else if (strcmp(p, "psk_opaque") == 0) { opt.psk_opaque = atoi(q); } else if (strcmp(p, "psk_list_opaque") == 0) { opt.psk_list_opaque = atoi(q); @@ -1953,8 +1953,7 @@ int main(int argc, char *argv[]) opt.psk_list = q; } else if (strcmp(p, "ecjpake_pw") == 0) { opt.ecjpake_pw = q; - } - else if (strcmp(p, "ecjpake_pw_opaque") == 0) { + } else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); } else if (strcmp(p, "force_ciphersuite") == 0) { @@ -3358,8 +3357,7 @@ int main(int argc, char *argv[]) goto exit; } mbedtls_printf("using opaque password\n"); - } else - { + } else { if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, (const unsigned char *) opt.ecjpake_pw, strlen(opt.ecjpake_pw))) != 0) { diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index f42349cb5b..03746b4047 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -551,8 +551,9 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case if (issuer_key_type != MBEDTLS_PK_RSA) { der_len /= 2; - } else - der_len -= 1; + } else { + der_len -= 1; + } ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len)); TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); From cdc191b50052db6d0aaa98e8c823240a7dafe53c Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 10 Jun 2025 14:52:38 +0100 Subject: [PATCH 0802/1548] Correct code style Signed-off-by: Ben Taylor --- programs/ssl/ssl_server2.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 28623bfc84..c5f22c4116 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1037,7 +1037,7 @@ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl, return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot); } else { return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len); - } + } } cur = cur->next; @@ -1955,8 +1955,7 @@ int main(int argc, char *argv[]) opt.ecjpake_pw = q; } else if (strcmp(p, "ecjpake_pw_opaque") == 0) { opt.ecjpake_pw_opaque = atoi(q); - } - else if (strcmp(p, "force_ciphersuite") == 0) { + } else if (strcmp(p, "force_ciphersuite") == 0) { opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); if (opt.force_ciphersuite[0] == 0) { From 39a68bf3472dce1c101bdd6ec5c9b424ea27a609 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 15 Jul 2025 13:34:55 +0100 Subject: [PATCH 0803/1548] removed additional references to USE_PSA in tests and comments Signed-off-by: Ben Taylor --- .../components-configuration-crypto.sh | 21 ++++---- tests/ssl-opt.sh | 52 +++++++------------ 2 files changed, 30 insertions(+), 43 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index da776e70b8..c78e53244d 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -16,7 +16,7 @@ component_test_psa_crypto_key_id_encodes_owner () { CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" + msg "test: full config - PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" make test } @@ -188,16 +188,16 @@ component_test_no_ctr_drbg_use_psa () { CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites" + msg "test: Full minus CTR_DRBG- main suites" make test # In this configuration, the TLS test programs use HMAC_DRBG. # The SSL tests are slow, so run a small subset, just enough to get # confidence that the SSL code copes with HMAC_DRBG. - msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" + msg "test: Full minus CTR_DRBG - ssl-opt.sh (subset)" tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' - msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)" + msg "test: Full minus CTR_DRBG - compat.sh (subset)" tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL } @@ -210,7 +210,7 @@ component_test_no_hmac_drbg_use_psa () { CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites" + msg "test: Full minus HMAC_DRBG - main suites" make test # Normally our ECDSA implementation uses deterministic ECDSA. But since @@ -218,12 +218,12 @@ component_test_no_hmac_drbg_use_psa () { # instead. # Test SSL with non-deterministic ECDSA. Only test features that # might be affected by how ECDSA signature is performed. - msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" + msg "test: Full minus HMAC_DRBG - ssl-opt.sh (subset)" tests/ssl-opt.sh -f 'Default\|SSL async private: sign' # To save time, only test one protocol version, since this part of # the protocol is identical in (D)TLS up to 1.2. - msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)" + msg "test: Full minus HMAC_DRBG - compat.sh (ECDSA)" tests/compat.sh -m tls12 -t 'ECDSA' } @@ -247,16 +247,16 @@ component_test_psa_external_rng_no_drbg_use_psa () { } component_test_psa_external_rng_use_psa_crypto () { - msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" + msg "build: full + PSA_CRYPTO_EXTERNAL_RNG minus CTR_DRBG" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG scripts/config.py unset MBEDTLS_CTR_DRBG_C make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" + msg "test: full + PSA_CRYPTO_EXTERNAL_RNG minus CTR_DRBG" make test - msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" + msg "test: full + PSA_CRYPTO_EXTERNAL_RNG minus CTR_DRBG" tests/ssl-opt.sh -f 'Default\|opaque' } @@ -342,7 +342,6 @@ component_test_full_no_ccm () { msg "build: full no PSA_WANT_ALG_CCM" # Full config enables: - # - USE_PSA_CRYPTO so that TLS code dispatches cipher/AEAD to PSA # - CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated scripts/config.py full diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 36bde20bfc..201a788385 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9443,15 +9443,10 @@ run_test "EC restart: TLS, max_ops=65535" \ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" -# As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294, -# we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test -# cases. - -# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ +run_test "EC restart: TLS, max_ops=1000" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ @@ -9462,11 +9457,9 @@ run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" -# With USE_PSA enabled we expect only partial restartable behaviour: -# everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ +requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +run_test "EC restart: TLS, max_ops=1000" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ @@ -9477,8 +9470,7 @@ run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" -# This works the same with & without USE_PSA as we never get to ECDH: -# we abort as soon as we determined the cert is bad. +# We abort as soon as we determined the cert is bad. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000, badsign" \ @@ -9497,11 +9489,10 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \ -c "! mbedtls_ssl_handshake returned" \ -c "X509 - Certificate verification failed" -# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \ +run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -9517,11 +9508,11 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_P -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" -# With USE_PSA enabled we expect only partial restartable behaviour: +# We expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \ +requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -9537,11 +9528,10 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA) -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" -# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \ +run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -9557,11 +9547,11 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" -# With USE_PSA enabled we expect only partial restartable behaviour: +# We expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ +requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -9577,11 +9567,10 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" -# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ +run_test "EC restart: DTLS, max_ops=1000" \ "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ @@ -9592,11 +9581,11 @@ run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" -# With USE_PSA enabled we expect only partial restartable behaviour: +# We expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ +requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +run_test "EC restart: DTLS, max_ops=1000" \ "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ @@ -9607,11 +9596,10 @@ run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" -# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ +run_test "EC restart: TLS, max_ops=1000 no client auth" \ "$P_SRV groups=secp256r1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ debug_level=1 ec_max_ops=1000" \ @@ -9622,11 +9610,11 @@ run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" -# With USE_PSA enabled we expect only partial restartable behaviour: +# We expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \ +requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +run_test "EC restart: TLS, max_ops=1000 no client auth" \ "$P_SRV groups=secp256r1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ debug_level=1 ec_max_ops=1000" \ From 07687266b9f33d66b36885784cb9130e0ddb59ab Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 16 Jul 2025 08:03:43 +0100 Subject: [PATCH 0804/1548] restoring test comment that refer to USE_PSA Signed-off-by: Ben Taylor --- .../components-configuration-crypto.sh | 21 +++++----- tests/ssl-opt.sh | 42 ++++++++++++------- 2 files changed, 38 insertions(+), 25 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index c78e53244d..da776e70b8 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -16,7 +16,7 @@ component_test_psa_crypto_key_id_encodes_owner () { CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: full config - PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" + msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" make test } @@ -188,16 +188,16 @@ component_test_no_ctr_drbg_use_psa () { CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: Full minus CTR_DRBG- main suites" + msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites" make test # In this configuration, the TLS test programs use HMAC_DRBG. # The SSL tests are slow, so run a small subset, just enough to get # confidence that the SSL code copes with HMAC_DRBG. - msg "test: Full minus CTR_DRBG - ssl-opt.sh (subset)" + msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' - msg "test: Full minus CTR_DRBG - compat.sh (subset)" + msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)" tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL } @@ -210,7 +210,7 @@ component_test_no_hmac_drbg_use_psa () { CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: Full minus HMAC_DRBG - main suites" + msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites" make test # Normally our ECDSA implementation uses deterministic ECDSA. But since @@ -218,12 +218,12 @@ component_test_no_hmac_drbg_use_psa () { # instead. # Test SSL with non-deterministic ECDSA. Only test features that # might be affected by how ECDSA signature is performed. - msg "test: Full minus HMAC_DRBG - ssl-opt.sh (subset)" + msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" tests/ssl-opt.sh -f 'Default\|SSL async private: sign' # To save time, only test one protocol version, since this part of # the protocol is identical in (D)TLS up to 1.2. - msg "test: Full minus HMAC_DRBG - compat.sh (ECDSA)" + msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)" tests/compat.sh -m tls12 -t 'ECDSA' } @@ -247,16 +247,16 @@ component_test_psa_external_rng_no_drbg_use_psa () { } component_test_psa_external_rng_use_psa_crypto () { - msg "build: full + PSA_CRYPTO_EXTERNAL_RNG minus CTR_DRBG" + msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG scripts/config.py unset MBEDTLS_CTR_DRBG_C make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - msg "test: full + PSA_CRYPTO_EXTERNAL_RNG minus CTR_DRBG" + msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" make test - msg "test: full + PSA_CRYPTO_EXTERNAL_RNG minus CTR_DRBG" + msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" tests/ssl-opt.sh -f 'Default\|opaque' } @@ -342,6 +342,7 @@ component_test_full_no_ccm () { msg "build: full no PSA_WANT_ALG_CCM" # Full config enables: + # - USE_PSA_CRYPTO so that TLS code dispatches cipher/AEAD to PSA # - CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated scripts/config.py full diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 201a788385..0cf9e23cc4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9443,10 +9443,15 @@ run_test "EC restart: TLS, max_ops=65535" \ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" +# As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294, +# we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test +# cases. + +# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: TLS, max_ops=1000" \ +run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ @@ -9457,9 +9462,11 @@ run_test "EC restart: TLS, max_ops=1000" \ -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" +# With USE_PSA enabled we expect only partial restartable behaviour: +# everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: TLS, max_ops=1000" \ +run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ @@ -9470,7 +9477,8 @@ run_test "EC restart: TLS, max_ops=1000" \ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" -# We abort as soon as we determined the cert is bad. +# This works the same with & without USE_PSA as we never get to ECDH: +# we abort as soon as we determined the cert is bad. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000, badsign" \ @@ -9489,10 +9497,11 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \ -c "! mbedtls_ssl_handshake returned" \ -c "X509 - Certificate verification failed" +# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ +run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -9508,11 +9517,11 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" -# We expect only partial restartable behaviour: +# With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ +run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -9528,10 +9537,11 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" +# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ +run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -9547,11 +9557,11 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" -# We expect only partial restartable behaviour: +# With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ +run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ @@ -9567,10 +9577,11 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" +# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: DTLS, max_ops=1000" \ +run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ @@ -9581,11 +9592,11 @@ run_test "EC restart: DTLS, max_ops=1000" \ -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" -# We expect only partial restartable behaviour: +# With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: DTLS, max_ops=1000" \ +run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \ @@ -9596,10 +9607,11 @@ run_test "EC restart: DTLS, max_ops=1000" \ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" +# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled PSA_WANT_ECC_SECP_R1_256 skip_next_test -run_test "EC restart: TLS, max_ops=1000 no client auth" \ +run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ "$P_SRV groups=secp256r1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ debug_level=1 ec_max_ops=1000" \ @@ -9610,11 +9622,11 @@ run_test "EC restart: TLS, max_ops=1000 no client auth" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" -# We expect only partial restartable behaviour: +# With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED -run_test "EC restart: TLS, max_ops=1000 no client auth" \ +run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \ "$P_SRV groups=secp256r1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ debug_level=1 ec_max_ops=1000" \ From 6164e92d3b93b3544dd42ecf0dc447c0c268e4af Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 16 Jul 2025 08:06:28 +0100 Subject: [PATCH 0805/1548] Restore comment in ssl-opt.sh as it is still relevent Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0cf9e23cc4..ef78ef0cdc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9443,6 +9443,15 @@ run_test "EC restart: TLS, max_ops=65535" \ -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" +# The following test cases for restartable ECDH come in two variants: +# * The "(USE_PSA)" variant expects the current behavior, which is the behavior +# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is disabled. This tests +# the partial implementation where ECDH in TLS is not actually restartable. +# * The "(no USE_PSA)" variant expects the desired behavior. These test +# cases cannot currently pass because the implementation of restartable ECC +# in TLS is partial: ECDH is not actually restartable. This is the behavior +# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled. +# # As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294, # we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test # cases. From 8519c3e0bae71a7563f963203b5a7bda7aee64aa Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 16 Jul 2025 08:11:37 +0100 Subject: [PATCH 0806/1548] corrected copy paste error for MBEDTLS_USE_PSA_CRYPTO enabled/disabled Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ef78ef0cdc..d38e578de1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9445,12 +9445,12 @@ run_test "EC restart: TLS, max_ops=65535" \ # The following test cases for restartable ECDH come in two variants: # * The "(USE_PSA)" variant expects the current behavior, which is the behavior -# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is disabled. This tests +# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled. This tests # the partial implementation where ECDH in TLS is not actually restartable. # * The "(no USE_PSA)" variant expects the desired behavior. These test # cases cannot currently pass because the implementation of restartable ECC # in TLS is partial: ECDH is not actually restartable. This is the behavior -# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled. +# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is disabled. # # As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294, # we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test From a750e1be5fde58ab6ec0b2ad7b4b1f0933ac8f65 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 22 Jul 2025 14:27:47 +0100 Subject: [PATCH 0807/1548] Minor comment updates Signed-off-by: Ben Taylor --- programs/fuzz/fuzz_server.c | 2 +- programs/fuzz/fuzz_x509crl.c | 2 +- programs/ssl/ssl_test_lib.h | 15 --------------- 3 files changed, 2 insertions(+), 17 deletions(-) diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 40fd9caa0f..03e33b7080 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -199,7 +199,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_x509_crt_free(&srvcert); mbedtls_pk_free(&pkey); -#endif /* (MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) */ +#endif /* MBEDTLS_X509_CRT_PARSE_C MBEDTLS_PEM_PARSE_C */ mbedtls_ssl_free(&ssl); mbedtls_psa_crypto_free(); #else /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index ae0f85282b..af50e25f13 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -21,7 +21,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) if (ret == 0) { ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl); } -#else /* MBEDTLS_X509_REMOVE_INFO */ +#else /* !MBEDTLS_X509_REMOVE_INFO */ ((void) ret); ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index fbb0efff84..20dbe61dfe 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -104,22 +104,7 @@ void my_debug(void *ctx, int level, mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); #endif -#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) -/* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use - * mbedtls_psa_get_random() rather than entropy+DRBG as a random generator. - * - * The constraints are: - * - Without the entropy module, the PSA RNG is the only option. - * - Without at least one of the DRBG modules, the PSA RNG is the only option. - * - The PSA RNG does not support explicit seeding, so it is incompatible with - * the reproducible mode used by test programs. - * - For good overall test coverage, there should be at least one configuration - * where the test programs use the PSA RNG while the PSA RNG is itself based - * on entropy+DRBG, and at least one configuration where the test programs - * do not use the PSA RNG even though it's there. - */ #define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG -#endif /** A context for random number generation (RNG). */ From d5b655ab2141e49dfa7bbe9a1d9bffad91420674 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 22 Jul 2025 14:47:28 +0100 Subject: [PATCH 0808/1548] Re-add missing and Signed-off-by: Ben Taylor --- programs/fuzz/fuzz_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 03e33b7080..9a5b80db77 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -199,7 +199,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_x509_crt_free(&srvcert); mbedtls_pk_free(&pkey); -#endif /* MBEDTLS_X509_CRT_PARSE_C MBEDTLS_PEM_PARSE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_PEM_PARSE_C */ mbedtls_ssl_free(&ssl); mbedtls_psa_crypto_free(); #else /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ From 44703e4cc206fae78b92d95742a3ab3e43e1c576 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 23 Jul 2025 09:15:14 +0100 Subject: [PATCH 0809/1548] Update comment format Signed-off-by: Ben Taylor --- programs/fuzz/fuzz_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 9a5b80db77..3a5e502fe5 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -192,7 +192,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) exit: #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) mbedtls_ssl_ticket_free(&ticket_ctx); -#endif /* (MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) */ +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); From 1e2e2ea36df143b324d06dd340f7d7c067d327e4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 29 Jul 2025 13:19:27 +0100 Subject: [PATCH 0810/1548] Added back crypto treatment of certs as the keyfile is now passed in and the previous rng issue should no longer be relevent Signed-off-by: Ben Taylor --- tests/suites/test_suite_x509write.function | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 03746b4047..edcc14d3f1 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -130,6 +130,9 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, mbedtls_x509write_csr req; unsigned char buf[4096]; int ret; + unsigned char check_buf[4000]; + FILE *f; + size_t olen = 0; size_t pem_len = 0, buf_index; int der_len = -1; const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; @@ -209,10 +212,14 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, TEST_ASSERT(buf[buf_index] == 0); } - // When using PSA crypto, RNG isn't controllable, so cert_req_check_file can't be used - (void) cert_req_check_file; - buf[pem_len] = '\0'; - TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0); + f = fopen(cert_req_check_file, "r"); //open the file + TEST_ASSERT(f != NULL); //check the file has been opened. + olen = fread(check_buf, 1, sizeof(check_buf), f); // read the file + fclose(f); // close the file + + TEST_ASSERT(olen >= pem_len - 1); + TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); + der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf)); TEST_ASSERT(der_len >= 0); @@ -221,10 +228,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, goto exit; } - // When using PSA crypto, RNG isn't controllable, result length isn't - // deterministic over multiple runs, removing a single byte isn't enough to - // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case - der_len /= 2; + der_len -= 1; ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len)); TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); From dbea0a9cc541199bfd6f21cd6ad2d97c1142d959 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 29 Jul 2025 13:27:39 +0100 Subject: [PATCH 0811/1548] Remove additional unused no rng case Signed-off-by: Ben Taylor --- tests/suites/test_suite_x509write.function | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index edcc14d3f1..89de9599ab 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -550,14 +550,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, TEST_ASSERT(p < end); } - // When using PSA crypto, RNG isn't controllable, result length isn't - // deterministic over multiple runs, removing a single byte isn't enough to - // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case - if (issuer_key_type != MBEDTLS_PK_RSA) { - der_len /= 2; - } else { - der_len -= 1; - } + der_len -= 1; ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len)); TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); From 4df61d408d9bc6288e0430f8556e25f27deeefb0 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 29 Jul 2025 15:03:55 +0100 Subject: [PATCH 0812/1548] fix style issues Signed-off-by: Ben Taylor --- tests/suites/test_suite_x509write.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 89de9599ab..c2ab27b01d 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -217,8 +217,8 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type, olen = fread(check_buf, 1, sizeof(check_buf), f); // read the file fclose(f); // close the file - TEST_ASSERT(olen >= pem_len - 1); - TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); + TEST_ASSERT(olen >= pem_len - 1); + TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf)); From c454b5b658092327cb97debd37023f7ea182d300 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 30 Jul 2025 07:54:31 +0100 Subject: [PATCH 0813/1548] Fix rebase failure Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d38e578de1..60b970aefb 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9474,7 +9474,7 @@ run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -9529,7 +9529,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_P # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -9569,7 +9569,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required \ crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -9604,7 +9604,7 @@ run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ @@ -9634,7 +9634,7 @@ run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \ "$P_SRV groups=secp256r1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ From 72d6030f89a25a66e40313b0a20d2cb3012f59e0 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Wed, 19 Mar 2025 14:56:57 +0100 Subject: [PATCH 0814/1548] Combine psa_pake_set_password_key and psa_pake_setup into a single function Signed-off-by: Anton Matkin --- library/ssl_tls.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 051fce36e3..dee80292e2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1827,7 +1827,7 @@ static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common( 256)); psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); - status = psa_pake_setup(&ssl->handshake->psa_pake_ctx, &cipher_suite); + status = psa_pake_setup(&ssl->handshake->psa_pake_ctx, pwd, &cipher_suite); if (status != PSA_SUCCESS) { return status; } @@ -1854,11 +1854,6 @@ static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common( return status; } - status = psa_pake_set_password_key(&ssl->handshake->psa_pake_ctx, pwd); - if (status != PSA_SUCCESS) { - return status; - } - ssl->handshake->psa_pake_ctx_is_ok = 1; return PSA_SUCCESS; From 23189f41cb79f21feb86f3d5a8b5cca5ddbc2cf8 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Wed, 19 Mar 2025 14:57:27 +0100 Subject: [PATCH 0815/1548] Updated the tf-psa-crypto git link Signed-off-by: Anton Matkin --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 5df033ee3c..fc1dca6195 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 5df033ee3cb9e0c05262bc57b821ca20b9483b54 +Subproject commit fc1dca61954ee58701a47ba24cc27004e05440b2 From 4a43804d690979cf34f1289f53ff1098b5c4e6c4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 11 Jul 2025 09:47:39 +0100 Subject: [PATCH 0816/1548] Remove deprecated items Signed-off-by: Ben Taylor --- include/mbedtls/config_adjust_ssl.h | 1 - include/mbedtls/mbedtls_config.h | 22 ---------------------- include/mbedtls/ssl.h | 12 ------------ library/mbedtls_check_config.h | 13 ------------- library/ssl_msg.c | 12 ++++-------- library/ssl_tls.c | 12 ------------ tests/configs/tls13-only.h | 1 - 7 files changed, 4 insertions(+), 69 deletions(-) diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h index 2221e5b2e7..36641e18b6 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/config_adjust_ssl.h @@ -51,7 +51,6 @@ #if !defined(MBEDTLS_SSL_PROTO_DTLS) #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY #undef MBEDTLS_SSL_DTLS_CONNECTION_ID -#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT #undef MBEDTLS_SSL_DTLS_HELLO_VERIFY #undef MBEDTLS_SSL_DTLS_SRTP #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index d18d0fadb8..827b96165f 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -533,28 +533,6 @@ */ #define MBEDTLS_SSL_DTLS_CONNECTION_ID -/** - * \def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT - * - * Defines whether RFC 9146 (default) or the legacy version - * (version draft-ietf-tls-dtls-connection-id-05, - * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) - * is used. - * - * Set the value to 0 for the standard version, and - * 1 for the legacy draft version. - * - * \deprecated Support for the legacy version of the DTLS - * Connection ID feature is deprecated. Please - * switch to the standardized version defined - * in RFC 9146 enabled by utilizing - * MBEDTLS_SSL_DTLS_CONNECTION_ID without use - * of MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. - * - * Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID - */ -#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0 - /** * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7ea0174612..4bfe4af02c 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -470,14 +470,6 @@ /** \} name SECTION: Module settings */ -/* - * Default to standard CID mode - */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) -#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0 -#endif - /* * Length of the verify data for secure renegotiation */ @@ -649,11 +641,7 @@ #define MBEDTLS_TLS_EXT_SIG_ALG_CERT 50 /* RFC 8446 TLS 1.3 */ #define MBEDTLS_TLS_EXT_KEY_SHARE 51 /* RFC 8446 TLS 1.3 */ -#if MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 #define MBEDTLS_TLS_EXT_CID 54 /* RFC 9146 DTLS 1.2 CID */ -#else -#define MBEDTLS_TLS_EXT_CID 254 /* Pre-RFC 9146 DTLS 1.2 CID */ -#endif #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */ diff --git a/library/mbedtls_check_config.h b/library/mbedtls_check_config.h index 5e5a5b31db..43c2308800 100644 --- a/library/mbedtls_check_config.h +++ b/library/mbedtls_check_config.h @@ -238,19 +238,6 @@ #error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)" #endif -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && \ - !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0 -#if defined(MBEDTLS_DEPRECATED_REMOVED) -#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is deprecated and will be removed in a future version of Mbed TLS" -#elif defined(MBEDTLS_DEPRECATED_WARNING) -#warning "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is deprecated and will be removed in a future version of Mbed TLS" -#endif -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0 */ - #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ !defined(MBEDTLS_SSL_PROTO_TLS1_2) #error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites" diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 5774bfc865..5eeb154047 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -663,8 +663,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data, unsigned char *cur = add_data; size_t ad_len_field = rec->data_len; -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) const unsigned char seq_num_placeholder[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; #endif @@ -680,8 +679,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data, ((void) tls_version); ((void) taglen); -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if (rec->cid_len != 0) { // seq_num_placeholder memcpy(cur, seq_num_placeholder, sizeof(seq_num_placeholder)); @@ -711,8 +709,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data, memcpy(cur, rec->ver, sizeof(rec->ver)); cur += sizeof(rec->ver); -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 1 +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if (rec->cid_len != 0) { // CID @@ -727,8 +724,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data, MBEDTLS_PUT_UINT16_BE(ad_len_field, cur, 0); cur += 2; } else -#elif defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ - MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0 +#elif defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if (rec->cid_len != 0) { // epoch + sequence number diff --git a/library/ssl_tls.c b/library/ssl_tls.c index dee80292e2..ecc9187af2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2633,18 +2633,6 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl } #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, int minor) -{ - conf->max_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor); -} - -void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, int minor) -{ - conf->min_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor); -} -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - #if defined(MBEDTLS_SSL_SRV_C) void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, char cert_req_ca_list) diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h index 342bbed91e..8260ef5e12 100644 --- a/tests/configs/tls13-only.h +++ b/tests/configs/tls13-only.h @@ -25,4 +25,3 @@ #undef MBEDTLS_SSL_DTLS_SRTP #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE #undef MBEDTLS_SSL_DTLS_CONNECTION_ID -#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT From 889ac064f460a9f1c8c058caeaf9f63549d5a0ba Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 16 Jul 2025 15:03:31 +0100 Subject: [PATCH 0817/1548] Add ChangeLog for deprecated items Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ChangeLog.d/remove-deprecated-items.txt diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt new file mode 100644 index 0000000000..b16e7babc5 --- /dev/null +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -0,0 +1,8 @@ +Removals + * Remove mbedtls_asn1_free_named_data, it has now been replaced with + mbedtls_asn1_free_named_data_list or + mbedtls_asn1_free_named_data_list_shallow + * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT, now only the + standard version is supported. + * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with + mbedtls_ssl_conf_max/min_tls_version() From d2da53fbe67dbd240ecb272d27ddbf6fba593e7d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 16 Jul 2025 15:13:46 +0100 Subject: [PATCH 0818/1548] Remove further deprecated items Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 108 ------------------------------------------ 1 file changed, 108 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4bfe4af02c..aa850aa123 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -284,15 +284,6 @@ * Various constants */ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/* These are the high and low bytes of ProtocolVersion as defined by: - * - RFC 5246: ProtocolVersion version = { 3, 3 }; // TLS v1.2 - * - RFC 8446: see section 4.2.1 - */ -#define MBEDTLS_SSL_MAJOR_VERSION_3 3 -#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */ -#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 */ -#endif /* MBEDTLS_DEPRECATED_REMOVED */ #define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */ #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ @@ -1495,9 +1486,6 @@ struct mbedtls_ssl_config { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */ -#endif const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ @@ -3721,41 +3709,6 @@ void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, const uint16_t *groups); #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2) -/** - * \brief Set the allowed hashes for signatures during the handshake. - * - * \note This only affects which hashes are offered and can be used - * for signatures during the handshake. Hashes for message - * authentication and the TLS PRF are controlled by the - * ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes - * used for certificate signature are controlled by the - * verification profile, see \c mbedtls_ssl_conf_cert_profile(). - * - * \deprecated Superseded by mbedtls_ssl_conf_sig_algs(). - * - * \note This list should be ordered by decreasing preference - * (preferred hash first). - * - * \note By default, all supported hashes whose length is at least - * 256 bits are allowed. This is the same set as the default - * for certificate verification - * (#mbedtls_x509_crt_profile_default). - * The preference order is currently unspecified and may - * change in future versions. - * - * \note New minor versions of Mbed TLS may extend this list, - * for example if new curves are added to the library. - * New minor versions of Mbed TLS will not remove items - * from this list unless serious security concerns require it. - * - * \param conf SSL configuration - * \param hashes Ordered list of allowed signature hashes, - * terminated by \c MBEDTLS_MD_NONE. - */ -void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, - const int *hashes); -#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */ /** * \brief Configure allowed signature algorithms for use in TLS @@ -4102,28 +4055,6 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl mbedtls_dtls_srtp_info *dtls_srtp_info); #endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/** - * \brief Set the maximum supported version sent from the client side - * and/or accepted at the server side. - * - * See also the documentation of mbedtls_ssl_conf_min_version(). - * - * \note This ignores ciphersuites from higher versions. - * - * \note This function is deprecated and has been replaced by - * \c mbedtls_ssl_conf_max_tls_version(). - * - * \param conf SSL configuration - * \param major Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3) - * \param minor Minor version number - * (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2, - * #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3) - */ -void MBEDTLS_DEPRECATED mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, - int minor); -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - /** * \brief Set the maximum supported version sent from the client side * and/or accepted at the server side. @@ -4142,45 +4073,6 @@ static inline void mbedtls_ssl_conf_max_tls_version(mbedtls_ssl_config *conf, conf->MBEDTLS_PRIVATE(max_tls_version) = tls_version; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/** - * \brief Set the minimum accepted SSL/TLS protocol version - * - * \note By default, all supported versions are accepted. - * Future versions of the library may disable older - * protocol versions by default if they become deprecated. - * - * \note The following versions are supported (if enabled at - * compile time): - * - (D)TLS 1.2: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3, - * \p minor = #MBEDTLS_SSL_MINOR_VERSION_3 - * - TLS 1.3: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3, - * \p minor = #MBEDTLS_SSL_MINOR_VERSION_4 - * - * Note that the numbers in the constant names are the - * TLS internal protocol numbers, and the minor versions - * differ by one from the human-readable versions! - * - * \note Input outside of the SSL_MAX_XXXXX_VERSION and - * SSL_MIN_XXXXX_VERSION range is ignored. - * - * \note After the handshake, you can call - * mbedtls_ssl_get_version_number() to see what version was - * negotiated. - * - * \note This function is deprecated and has been replaced by - * \c mbedtls_ssl_conf_min_tls_version(). - * - * \param conf SSL configuration - * \param major Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3) - * \param minor Minor version number - * (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2, - * #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3) - */ -void MBEDTLS_DEPRECATED mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, - int minor); -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - /** * \brief Set the minimum supported version sent from the client side * and/or accepted at the server side. From 7aa4c40b84cc629de2781f601ea3f15ab8bd8947 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 16 Jul 2025 15:14:11 +0100 Subject: [PATCH 0819/1548] Update ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt index b16e7babc5..61400279f6 100644 --- a/ChangeLog.d/remove-deprecated-items.txt +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -1,8 +1,11 @@ Removals - * Remove mbedtls_asn1_free_named_data, it has now been replaced with - mbedtls_asn1_free_named_data_list or - mbedtls_asn1_free_named_data_list_shallow * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT, now only the standard version is supported. * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with mbedtls_ssl_conf_max/min_tls_version() + * Remove ssl versions MBEDTLS_SSL_MAJOR_VERSION_3, + MBEDTLS_SSL_MINOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_4 + * Remove sig_hashes + * Remove mbedtls_ssl_conf_sig_hashes + * Remove mbedtls_ssl_conf_max_version + * Remove mbedtls_ssl_conf_min_version From b98aa511285486e9ad4166a6211c99aee737228e Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 17 Jul 2025 13:26:48 +0100 Subject: [PATCH 0820/1548] correct logic in ssl_msg Signed-off-by: Ben Taylor --- library/ssl_msg.c | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 5eeb154047..731cbc8ece 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -711,21 +711,6 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data, #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (rec->cid_len != 0) { - // CID - memcpy(cur, rec->cid, rec->cid_len); - cur += rec->cid_len; - - // cid_length - *cur = rec->cid_len; - cur++; - - // length of inner plaintext - MBEDTLS_PUT_UINT16_BE(ad_len_field, cur, 0); - cur += 2; - } else -#elif defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if (rec->cid_len != 0) { // epoch + sequence number memcpy(cur, rec->ctr, sizeof(rec->ctr)); From 01bf8bafcd12592d609ae361cc76966933c61b92 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 17 Jul 2025 13:58:30 +0100 Subject: [PATCH 0821/1548] removed mbedtls_ssl_conf_sig_hashes and temporarily re-add sig_hashes Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 3 +++ library/ssl_tls.c | 10 ---------- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index aa850aa123..de8f13bb81 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1486,6 +1486,9 @@ struct mbedtls_ssl_config { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) + const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */ +#endif const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ecc9187af2..3794d388de 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2420,16 +2420,6 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type } #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2) -/* - * Set allowed/preferred hashes for handshake signatures - */ -void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, - const int *hashes) -{ - conf->sig_hashes = hashes; -} -#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */ /* Configure allowed signature algorithms for handshake */ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, From 73de8aa8c621fa3abf6dd14de7f30c2626aca3de Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 23 Jul 2025 10:40:09 +0100 Subject: [PATCH 0822/1548] Removal of sig_hashes in ssl.h Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 4 --- library/ssl_tls.c | 64 ------------------------------------------- 2 files changed, 68 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index de8f13bb81..9cba94e9b3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1485,10 +1485,6 @@ struct mbedtls_ssl_config { #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */ -#endif const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3794d388de..8b5d6a19c9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1069,68 +1069,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* Heap allocate and translate sig_hashes from internal hash identifiers to - signature algorithms IANA identifiers. */ - if (mbedtls_ssl_conf_is_tls12_only(ssl->conf) && - ssl->conf->sig_hashes != NULL) { - const int *md; - const int *sig_hashes = ssl->conf->sig_hashes; - size_t sig_algs_len = 0; - uint16_t *p; - - MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN - <= (SIZE_MAX - (2 * sizeof(uint16_t))), - "MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN too big"); - - for (md = sig_hashes; *md != MBEDTLS_MD_NONE; md++) { - if (mbedtls_ssl_hash_from_md_alg(*md) == MBEDTLS_SSL_HASH_NONE) { - continue; - } -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - sig_algs_len += sizeof(uint16_t); -#endif - -#if defined(MBEDTLS_RSA_C) - sig_algs_len += sizeof(uint16_t); -#endif - if (sig_algs_len > MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - } - - if (sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN) { - return MBEDTLS_ERR_SSL_BAD_CONFIG; - } - - ssl->handshake->sig_algs = mbedtls_calloc(1, sig_algs_len + - sizeof(uint16_t)); - if (ssl->handshake->sig_algs == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - p = (uint16_t *) ssl->handshake->sig_algs; - for (md = sig_hashes; *md != MBEDTLS_MD_NONE; md++) { - unsigned char hash = mbedtls_ssl_hash_from_md_alg(*md); - if (hash == MBEDTLS_SSL_HASH_NONE) { - continue; - } -#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) - *p = ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA); - p++; -#endif -#if defined(MBEDTLS_RSA_C) - *p = ((hash << 8) | MBEDTLS_SSL_SIG_RSA); - p++; -#endif - } - *p = MBEDTLS_TLS_SIG_NONE; - ssl->handshake->sig_algs_heap_allocated = 1; - } else -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - { ssl->handshake->sig_algs_heap_allocated = 0; - } #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ return 0; @@ -2425,9 +2364,6 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, const uint16_t *sig_algs) { -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - conf->sig_hashes = NULL; -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ conf->sig_algs = sig_algs; } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ From dbb15e6d2f0969f2f78e3e566aff431b10e6ff41 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 23 Jul 2025 10:58:33 +0100 Subject: [PATCH 0823/1548] Reword ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt index 61400279f6..90df78a4c7 100644 --- a/ChangeLog.d/remove-deprecated-items.txt +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -1,6 +1,6 @@ Removals - * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT, now only the - standard version is supported. + * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the + standard version (defined in RFC 9146) of DTLS connection ID is supported. * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with mbedtls_ssl_conf_max/min_tls_version() * Remove ssl versions MBEDTLS_SSL_MAJOR_VERSION_3, From 9db2e91cfed85f1dce5ad5b99aaeafcf7516e06a Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 1 Aug 2025 10:34:42 +0100 Subject: [PATCH 0824/1548] Fix style issues Signed-off-by: Ben Taylor --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8b5d6a19c9..39a97325ec 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1069,7 +1069,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) - ssl->handshake->sig_algs_heap_allocated = 0; + ssl->handshake->sig_algs_heap_allocated = 0; #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ return 0; From 4265e91930770933e6338d097ba01a49ef055b45 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 1 Aug 2025 11:03:48 +0100 Subject: [PATCH 0825/1548] Remove test component_test_dtls_cid_legacy as it is no longer required Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-tls.sh | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 450bdebab1..c8b2287d71 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -342,23 +342,6 @@ component_test_variable_ssl_in_out_buffer_len () { tests/compat.sh } -component_test_dtls_cid_legacy () { - msg "build: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled (ASan build)" - scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 1 - - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy)" - make test - - msg "test: ssl-opt.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled" - tests/ssl-opt.sh - - msg "test: compat.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled" - tests/compat.sh -} - component_test_ssl_alloc_buffer_and_mfl () { msg "build: default config with memory buffer allocator and MFL extension" scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C From 4e7b2543c7f9656494cf78e8f6457cb715144318 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 4 Aug 2025 08:19:45 +0100 Subject: [PATCH 0826/1548] Remove trailing whitespace Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt index 90df78a4c7..b0c1cda11d 100644 --- a/ChangeLog.d/remove-deprecated-items.txt +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -1,9 +1,9 @@ Removals - * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the + * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the standard version (defined in RFC 9146) of DTLS connection ID is supported. - * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with - mbedtls_ssl_conf_max/min_tls_version() - * Remove ssl versions MBEDTLS_SSL_MAJOR_VERSION_3, + * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with + mbedtls_ssl_conf_max/min_tls_version() + * Remove ssl versions MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_4 * Remove sig_hashes * Remove mbedtls_ssl_conf_sig_hashes From 27a4cc9de27642cb6cf0b49a6b42bf4edc0f05e7 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 4 Aug 2025 15:13:34 +0100 Subject: [PATCH 0827/1548] Remove mbedtls_ssl_conf_sig_hashes from comments Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 4 ---- library/ssl_misc.h | 4 ---- programs/fuzz/fuzz_client.c | 2 +- tf-psa-crypto | 2 +- 4 files changed, 2 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 9cba94e9b3..5305425e7b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3364,10 +3364,6 @@ int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len, /** * \brief Set the X.509 security profile used for verification * - * \note The restrictions are enforced for all certificates in the - * chain. However, signatures in the handshake are not covered - * by this setting but by \b mbedtls_ssl_conf_sig_hashes(). - * * \param conf SSL configuration * \param profile Profile to use */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 72dc9418f2..f045f8d5a3 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2310,11 +2310,7 @@ static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group) /* * Return supported signature algorithms. * - * In future, invocations can be changed to ssl->conf->sig_algs when - * mbedtls_ssl_conf_sig_hashes() is deleted. - * * ssl->handshake->sig_algs is either a translation of sig_hashes to IANA TLS - * signature algorithm identifiers when mbedtls_ssl_conf_sig_hashes() has been * used, or a pointer to ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has * been more recently invoked. * diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 1840570488..0878480ea7 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -137,7 +137,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } #endif //There may be other options to add : - // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes + // mbedtls_ssl_conf_cert_profile if (mbedtls_ssl_setup(&ssl, &conf) != 0) { goto exit; diff --git a/tf-psa-crypto b/tf-psa-crypto index fc1dca6195..5df033ee3c 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit fc1dca61954ee58701a47ba24cc27004e05440b2 +Subproject commit 5df033ee3cb9e0c05262bc57b821ca20b9483b54 From dc1d098de2f4d634a180a7ed064f65c7f58cb0cc Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 07:59:07 +0100 Subject: [PATCH 0828/1548] Remove reference to sig_hashes from the ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt index b0c1cda11d..8818acafe6 100644 --- a/ChangeLog.d/remove-deprecated-items.txt +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -5,7 +5,6 @@ Removals mbedtls_ssl_conf_max/min_tls_version() * Remove ssl versions MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_4 - * Remove sig_hashes * Remove mbedtls_ssl_conf_sig_hashes * Remove mbedtls_ssl_conf_max_version * Remove mbedtls_ssl_conf_min_version From 75b30e8347b49a9f3dc717bf7210147fd2effc1f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:02:36 +0100 Subject: [PATCH 0829/1548] Combined references to removed constants in ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt index 8818acafe6..40584c6aeb 100644 --- a/ChangeLog.d/remove-deprecated-items.txt +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -3,8 +3,7 @@ Removals standard version (defined in RFC 9146) of DTLS connection ID is supported. * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with mbedtls_ssl_conf_max/min_tls_version() - * Remove ssl versions MBEDTLS_SSL_MAJOR_VERSION_3, - MBEDTLS_SSL_MINOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_4 + * Removed the constants MBEDTLS_SSL_MAJOR_VERSION_3, + MBEDTLS_SSL_MINOR_VERSION_3 MBEDTLS_SSL_MINOR_VERSION_4, + Remove mbedtls_ssl_conf_max_version and Remove mbedtls_ssl_conf_min_version. * Remove mbedtls_ssl_conf_sig_hashes - * Remove mbedtls_ssl_conf_max_version - * Remove mbedtls_ssl_conf_min_version From 9822bb8d5e387ad98b0e43be304d31834fd1b1ab Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:05:14 +0100 Subject: [PATCH 0830/1548] Remove duplicate mbedtls_ssl_conf_*version from ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt index 40584c6aeb..0d3faa4816 100644 --- a/ChangeLog.d/remove-deprecated-items.txt +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -2,8 +2,7 @@ Removals * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the standard version (defined in RFC 9146) of DTLS connection ID is supported. * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with - mbedtls_ssl_conf_max/min_tls_version() - * Removed the constants MBEDTLS_SSL_MAJOR_VERSION_3, - MBEDTLS_SSL_MINOR_VERSION_3 MBEDTLS_SSL_MINOR_VERSION_4, - Remove mbedtls_ssl_conf_max_version and Remove mbedtls_ssl_conf_min_version. + mbedtls_ssl_conf_max/min_tls_version() and removed the constants + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3 + MBEDTLS_SSL_MINOR_VERSION_4. * Remove mbedtls_ssl_conf_sig_hashes From 304839238a074bab7570b35505fbfebed7e83468 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:09:10 +0100 Subject: [PATCH 0831/1548] Updated description in the ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt index 0d3faa4816..63bc2c151c 100644 --- a/ChangeLog.d/remove-deprecated-items.txt +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -1,8 +1,10 @@ Removals * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the standard version (defined in RFC 9146) of DTLS connection ID is supported. - * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with - mbedtls_ssl_conf_max/min_tls_version() and removed the constants - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3 - MBEDTLS_SSL_MINOR_VERSION_4. + * Remove mbedtls_ssl_conf_min_version(), mbedtls_ssl_conf_max_version(), and + the associated constants MBEDTLS_SSL_MAJOR_VERSION_x and + MBEDTLS_SSL_MINOR_VERSION_y. Use mbedtls_ssl_conf_min_tls_version() and + mbedtls_ssl_conf_max_tls_version() with MBEDTLS_SSL_VERSION_TLS1_y instead. + Note that the new names of the new constants use the TLS protocol versions, + unlike the old constants whose names are based on internal encodings. * Remove mbedtls_ssl_conf_sig_hashes From 71fcb1c64b55ac8d78bcf0bcc4c39fbd16a7e9a2 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:11:12 +0100 Subject: [PATCH 0832/1548] Added more detail to the ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt index 63bc2c151c..f0d66eb454 100644 --- a/ChangeLog.d/remove-deprecated-items.txt +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -7,4 +7,5 @@ Removals mbedtls_ssl_conf_max_tls_version() with MBEDTLS_SSL_VERSION_TLS1_y instead. Note that the new names of the new constants use the TLS protocol versions, unlike the old constants whose names are based on internal encodings. - * Remove mbedtls_ssl_conf_sig_hashes + * Remove mbedtls_ssl_conf_sig_hashes. Use mbedtls_ssl_conf_sig_algs() + instead. From 543caa7ec4f765241ef85b5157fdfa2d6e2825ae Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:16:12 +0100 Subject: [PATCH 0833/1548] Re-add note Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 5305425e7b..9cba94e9b3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3364,6 +3364,10 @@ int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len, /** * \brief Set the X.509 security profile used for verification * + * \note The restrictions are enforced for all certificates in the + * chain. However, signatures in the handshake are not covered + * by this setting but by \b mbedtls_ssl_conf_sig_hashes(). + * * \param conf SSL configuration * \param profile Profile to use */ From 9ff2b736365122407cec4953e400f3014b7b0bad Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:17:13 +0100 Subject: [PATCH 0834/1548] Change referenc funtion to include/mbedtls/ssl.h in note Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 9cba94e9b3..623ffd1dae 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3366,7 +3366,7 @@ int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len, * * \note The restrictions are enforced for all certificates in the * chain. However, signatures in the handshake are not covered - * by this setting but by \b mbedtls_ssl_conf_sig_hashes(). + * by this setting but by \b mbedtls_ssl_conf_sig_algs(). * * \param conf SSL configuration * \param profile Profile to use From 8b5c5b4daa84f0462dcd4faa30fd184267bb6ccb Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:20:32 +0100 Subject: [PATCH 0835/1548] Remove mbedtls_ssl_sig_hash_set_t as it is no longer required Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 623ffd1dae..1a8a4ba8c2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -870,7 +870,6 @@ typedef struct mbedtls_ssl_config mbedtls_ssl_config; /* Defined in library/ssl_misc.h */ typedef struct mbedtls_ssl_transform mbedtls_ssl_transform; typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params; -typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t; #if defined(MBEDTLS_X509_CRT_PARSE_C) typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert; #endif From 8b914369032185c92661f6a367e5d73b8282205a Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:22:10 +0100 Subject: [PATCH 0836/1548] Remove paragraph in comments as it is no longer required Signed-off-by: Ben Taylor --- library/ssl_misc.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index f045f8d5a3..245b1f4af1 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2309,11 +2309,6 @@ static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group) /* * Return supported signature algorithms. - * - * ssl->handshake->sig_algs is either a translation of sig_hashes to IANA TLS - * used, or a pointer to ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has - * been more recently invoked. - * */ static inline const void *mbedtls_ssl_get_sig_algs( const mbedtls_ssl_context *ssl) From 9f54408c318260d5ec580d49cfcddfa71ff1f431 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:28:33 +0100 Subject: [PATCH 0837/1548] Remove sig_algs_heap_allocated=0 as it is always 0 Signed-off-by: Ben Taylor --- library/ssl_tls.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 39a97325ec..5f4d31cabc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1066,12 +1066,6 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) mbedtls_ssl_set_timer(ssl, 0); } #endif - -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - ssl->handshake->sig_algs_heap_allocated = 0; -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ return 0; } From 37e1ca9efa801356b2dbc981b3aad3c26e717724 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 08:32:12 +0100 Subject: [PATCH 0838/1548] Update tf-psa-crypto submodule pointer Signed-off-by: Ben Taylor --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 5df033ee3c..fc1dca6195 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 5df033ee3cb9e0c05262bc57b821ca20b9483b54 +Subproject commit fc1dca61954ee58701a47ba24cc27004e05440b2 From db92768497b09d1216c161f6cb819914e9133f4d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 5 Aug 2025 11:22:13 +0200 Subject: [PATCH 0839/1548] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 87dbfb290f..3f2ef1ecf6 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 87dbfb290fa42ca2ccfb403e8c2fa7334fa4f1dd +Subproject commit 3f2ef1ecf6d70b1e6bb7ad587f9a5bd6eaf65a2a From 70a4a31cb566407a7c308f473472c967c070064a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 5 Aug 2025 11:22:29 +0200 Subject: [PATCH 0840/1548] remove secp224[k|r]1 curves Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 2 -- library/ssl_misc.h | 2 -- library/ssl_tls.c | 5 ----- programs/ssl/ssl_test_lib.c | 5 ----- tests/scripts/depends.py | 5 +---- tests/scripts/set_psa_test_dependencies.py | 2 -- tests/ssl-opt.sh | 2 -- tests/suites/test_suite_ssl.function | 6 ------ 8 files changed, 1 insertion(+), 28 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7ea0174612..aa1590f41d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -231,8 +231,6 @@ #define MBEDTLS_SSL_IANA_TLS_GROUP_NONE 0 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 0x0012 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 0x0013 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 0x0014 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 0x0015 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 0x0016 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 0x0017 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 0x0018 diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 72dc9418f2..66e348c780 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2245,8 +2245,6 @@ static inline int mbedtls_ssl_tls12_named_group_is_ecdhe(uint16_t named_group) /* Below deprecated curves should be removed with notice to users */ named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 || named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 || named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 || named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 || named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 || diff --git a/library/ssl_tls.c b/library/ssl_tls.c index dee80292e2..5709ab7c3c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5893,9 +5893,6 @@ static const struct { #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) { 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256 }, #endif -#if defined(PSA_WANT_ECC_SECP_R1_224) - { 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224 }, -#endif #if defined(PSA_WANT_ECC_SECP_R1_192) { 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192 }, #endif @@ -5966,8 +5963,6 @@ static const struct { { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" }, { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1" }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1" }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1" }, { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" }, diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index ad3feb65b8..d14ff660bd 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -505,11 +505,6 @@ static const struct { #else { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224) - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 0 }, -#endif #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192) { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 1 }, #else diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 679f05af1b..940c661f12 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -263,7 +263,6 @@ def test(self, options): 'PSA_WANT_ECC_MONTGOMERY_255': ['MBEDTLS_ECP_DP_CURVE25519_ENABLED'], 'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'], 'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'], - 'PSA_WANT_ECC_SECP_R1_224': ['MBEDTLS_ECP_DP_SECP224R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE', 'MBEDTLS_ECP_DP_SECP256R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'], @@ -482,9 +481,7 @@ def __init__(self, options, conf): if alg.can_do(crypto_knowledge.AlgorithmCategory.HASH)} # Find elliptic curve enabling macros by name. - # MBEDTLS_ECP_DP_SECP224K1_ENABLED added to disable it for all curves - curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z|' - r'MBEDTLS_ECP_DP_SECP224K1_ENABLED') + curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z|') # Find key exchange enabling macros by name. key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z') diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py index 2267311e44..411cf0c2a0 100755 --- a/tests/scripts/set_psa_test_dependencies.py +++ b/tests/scripts/set_psa_test_dependencies.py @@ -28,12 +28,10 @@ 'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN', 'MBEDTLS_CIPHER_PADDING_ZEROS', #curve#'MBEDTLS_ECP_DP_SECP192R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP224R1_ENABLED', #curve#'MBEDTLS_ECP_DP_SECP256R1_ENABLED', #curve#'MBEDTLS_ECP_DP_SECP384R1_ENABLED', #curve#'MBEDTLS_ECP_DP_SECP521R1_ENABLED', #curve#'MBEDTLS_ECP_DP_SECP192K1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP224K1_ENABLED', #curve#'MBEDTLS_ECP_DP_SECP256K1_ENABLED', #curve#'MBEDTLS_ECP_DP_BP256R1_ENABLED', #curve#'MBEDTLS_ECP_DP_BP384R1_ENABLED', diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 60b970aefb..8d26cec242 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2659,8 +2659,6 @@ requires_config_enabled PSA_WANT_ECC_SECP_K1_256 run_test_psa_force_curve "secp256k1" requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_256 run_test_psa_force_curve "brainpoolP256r1" -requires_config_enabled PSA_WANT_ECC_SECP_R1_224 -run_test_psa_force_curve "secp224r1" requires_config_enabled PSA_WANT_ECC_SECP_R1_192 run_test_psa_force_curve "secp192r1" requires_config_enabled PSA_WANT_ECC_SECP_K1_192 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c70080317c..ad274daec3 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3538,7 +3538,6 @@ exit: void conf_group() { uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; @@ -4050,11 +4049,6 @@ void elliptic_curve_get_properties() #else TEST_UNAVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256); #endif -#if defined(PSA_WANT_ECC_SECP_R1_224) - TEST_AVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224); -#else - TEST_UNAVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224); -#endif #if defined(PSA_WANT_ECC_SECP_R1_192) TEST_AVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192); #else From d0d0791aed6a1aac8ff685fd7916e4133408cda4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 5 Aug 2025 11:29:04 +0200 Subject: [PATCH 0841/1548] remove usage of secp192[k|r]1 curves Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 2 -- library/ssl_misc.h | 2 -- library/ssl_tls.c | 8 -------- programs/ssl/ssl_test_lib.c | 10 ---------- tests/scripts/depends.py | 2 -- tests/scripts/set_psa_test_dependencies.py | 2 -- tests/ssl-opt.sh | 4 ---- tests/suites/test_suite_ssl.function | 13 +------------ 8 files changed, 1 insertion(+), 42 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index aa1590f41d..55d832c354 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -229,8 +229,6 @@ /* Elliptic Curve Groups (ECDHE) */ #define MBEDTLS_SSL_IANA_TLS_GROUP_NONE 0 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 0x0012 -#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 0x0013 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 0x0016 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 0x0017 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 0x0018 diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 66e348c780..b635fd9d0c 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2243,8 +2243,6 @@ static inline int mbedtls_ssl_tls12_named_group_is_ecdhe(uint16_t named_group) named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 || named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 || /* Below deprecated curves should be removed with notice to users */ - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 || - named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 || named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 || named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 || named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 || diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5709ab7c3c..a997e41f32 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5893,12 +5893,6 @@ static const struct { #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) { 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256 }, #endif -#if defined(PSA_WANT_ECC_SECP_R1_192) - { 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192 }, -#endif -#if defined(PSA_WANT_ECC_SECP_K1_192) - { 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192 }, -#endif #if defined(PSA_WANT_ECC_MONTGOMERY_255) { 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255 }, #endif @@ -5963,8 +5957,6 @@ static const struct { { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" }, { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" }, { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1" }, { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" }, { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448" }, { 0, NULL }, diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index d14ff660bd..79d3059306 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -505,16 +505,6 @@ static const struct { #else { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192) - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 0 }, -#endif -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192) - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 1 }, -#else - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 0 }, -#endif #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255) { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 1 }, #else diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 940c661f12..b3fbea4b4f 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -262,12 +262,10 @@ def test(self, options): 'PSA_WANT_ECC_BRAINPOOL_P_R1_512': ['MBEDTLS_ECP_DP_BP512R1_ENABLED'], 'PSA_WANT_ECC_MONTGOMERY_255': ['MBEDTLS_ECP_DP_CURVE25519_ENABLED'], 'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'], - 'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE', 'MBEDTLS_ECP_DP_SECP256R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'], 'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'], - 'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'], 'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'], 'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA', diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py index 411cf0c2a0..0be8ac5e4e 100755 --- a/tests/scripts/set_psa_test_dependencies.py +++ b/tests/scripts/set_psa_test_dependencies.py @@ -27,11 +27,9 @@ 'MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS', 'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN', 'MBEDTLS_CIPHER_PADDING_ZEROS', - #curve#'MBEDTLS_ECP_DP_SECP192R1_ENABLED', #curve#'MBEDTLS_ECP_DP_SECP256R1_ENABLED', #curve#'MBEDTLS_ECP_DP_SECP384R1_ENABLED', #curve#'MBEDTLS_ECP_DP_SECP521R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP192K1_ENABLED', #curve#'MBEDTLS_ECP_DP_SECP256K1_ENABLED', #curve#'MBEDTLS_ECP_DP_BP256R1_ENABLED', #curve#'MBEDTLS_ECP_DP_BP384R1_ENABLED', diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8d26cec242..d0278b123c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2659,10 +2659,6 @@ requires_config_enabled PSA_WANT_ECC_SECP_K1_256 run_test_psa_force_curve "secp256k1" requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_256 run_test_psa_force_curve "brainpoolP256r1" -requires_config_enabled PSA_WANT_ECC_SECP_R1_192 -run_test_psa_force_curve "secp192r1" -requires_config_enabled PSA_WANT_ECC_SECP_K1_192 -run_test_psa_force_curve "secp192k1" # Test current time in ServerHello requires_config_enabled MBEDTLS_HAVE_TIME diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index ad274daec3..8b192ed97c 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3537,8 +3537,7 @@ exit: /* BEGIN_CASE */ void conf_group() { - uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, + uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; mbedtls_ssl_config conf; @@ -4049,16 +4048,6 @@ void elliptic_curve_get_properties() #else TEST_UNAVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256); #endif -#if defined(PSA_WANT_ECC_SECP_R1_192) - TEST_AVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192); -#else - TEST_UNAVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192); -#endif -#if defined(PSA_WANT_ECC_SECP_K1_192) - TEST_AVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192); -#else - TEST_UNAVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192); -#endif #if defined(PSA_WANT_ECC_MONTGOMERY_255) TEST_AVAILABLE_ECC(29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255); #else From 60236527113a16cc1197de0f7a57929427043ac9 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 6 Aug 2025 08:28:43 +0100 Subject: [PATCH 0842/1548] Remove additional references to sig_algs_heap_allocated Signed-off-by: Ben Taylor --- library/ssl_tls.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5f4d31cabc..f7d7d9d269 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4379,9 +4379,6 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) - if (ssl->handshake->sig_algs_heap_allocated) { - mbedtls_free((void *) handshake->sig_algs); - } handshake->sig_algs = NULL; #endif /* MBEDTLS_DEPRECATED_REMOVED */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) From 8bd8e91485ea79c2b0354ce9c5f24325ad73a2ec Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 6 Aug 2025 08:31:13 +0100 Subject: [PATCH 0843/1548] Improve ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-deprecated-items.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt index f0d66eb454..855265788e 100644 --- a/ChangeLog.d/remove-deprecated-items.txt +++ b/ChangeLog.d/remove-deprecated-items.txt @@ -7,5 +7,5 @@ Removals mbedtls_ssl_conf_max_tls_version() with MBEDTLS_SSL_VERSION_TLS1_y instead. Note that the new names of the new constants use the TLS protocol versions, unlike the old constants whose names are based on internal encodings. - * Remove mbedtls_ssl_conf_sig_hashes. Use mbedtls_ssl_conf_sig_algs() + * Remove mbedtls_ssl_conf_sig_hashes(). Use mbedtls_ssl_conf_sig_algs() instead. From fa648bacb2bd47471ac7988ad522e0d51ba97f16 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 6 Aug 2025 11:02:25 +0200 Subject: [PATCH 0844/1548] depends.py: keep reverse dependencies for p192 and p224 curves These reverse dependencies will be removed once tf-psa-crypto will remove the corresponding build symbols. Signed-off-by: Valerio Setti --- tests/scripts/depends.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index b3fbea4b4f..513c6413a5 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -257,6 +257,8 @@ def test(self, options): 'PSA_WANT_ALG_CCM': ['PSA_WANT_ALG_CCM_STAR_NO_TAG'], 'PSA_WANT_ALG_CMAC': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128'], + # These reverse dependencies can be removed as part of issue + # tf-psa-crypto#364. 'PSA_WANT_ECC_BRAINPOOL_P_R1_256': ['MBEDTLS_ECP_DP_BP256R1_ENABLED'], 'PSA_WANT_ECC_BRAINPOOL_P_R1_384': ['MBEDTLS_ECP_DP_BP384R1_ENABLED'], 'PSA_WANT_ECC_BRAINPOOL_P_R1_512': ['MBEDTLS_ECP_DP_BP512R1_ENABLED'], @@ -268,6 +270,14 @@ def test(self, options): 'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'], 'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'], + # Support for secp224[k|r]1 was removed in tfpsacrypto#408 while + # secp192[k|r]1 were kept only for internal testing (hidden to the end + # user). We need to keep these reverse dependencies here until + # symbols are hidden/removed from crypto_config.h. + 'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'], + 'PSA_WANT_ECC_SECP_R1_224': ['MBEDTLS_ECP_DP_SECP224R1_ENABLED'], + 'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'], + 'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA', 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', @@ -479,7 +489,7 @@ def __init__(self, options, conf): if alg.can_do(crypto_knowledge.AlgorithmCategory.HASH)} # Find elliptic curve enabling macros by name. - curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z|') + curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z') # Find key exchange enabling macros by name. key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z') From 80a623089d8bbbda72e630c72de47495ffe89188 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 6 Aug 2025 11:38:45 +0200 Subject: [PATCH 0845/1548] tests: ssl: allow more groups in conf_group() Previously 3 different groups were allowed, but since the removal of secp192r1 and secp224r1 only secp256r1 was left. This commit adds other 2 options. Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.function | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8b192ed97c..3335e5c84e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3538,6 +3538,8 @@ exit: void conf_group() { uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; mbedtls_ssl_config conf; From 2fc59949b2bd40a0f50a9b11063a2a77cdf3c5ed Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 9 Jul 2025 18:20:48 +0300 Subject: [PATCH 0846/1548] Added MBEDTLS_PSA_CRYPTO_RNG_STRENGTH to tests. Signed-off-by: Minos Galanakis --- tests/scripts/components-configuration-crypto.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index da776e70b8..af1b91440e 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2139,6 +2139,7 @@ component_build_aes_aesce_armcc () { component_test_aes_only_128_bit_keys () { msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH" scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH + scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 make CFLAGS='-O2 -Werror -Wall -Wextra' @@ -2149,6 +2150,7 @@ component_test_aes_only_128_bit_keys () { component_test_no_ctr_drbg_aes_only_128_bit_keys () { msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C" scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH + scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 scripts/config.py unset MBEDTLS_CTR_DRBG_C make CC=clang CFLAGS='-Werror -Wall -Wextra' @@ -2160,6 +2162,7 @@ component_test_no_ctr_drbg_aes_only_128_bit_keys () { component_test_aes_only_128_bit_keys_have_builtins () { msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH + scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AESCE_C From 8a43e7cfeadf43e1abb18bb1b66aeb913b30d409 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 31 Jul 2025 11:12:28 +0300 Subject: [PATCH 0847/1548] Updated tf-psa-crypto pointer Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index fc1dca6195..71adc72ae3 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit fc1dca61954ee58701a47ba24cc27004e05440b2 +Subproject commit 71adc72ae31bd6096741955be12422d41355c5fb From a2a1c084ef867a9d122b529d7c5d59f9fc0dad6f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 6 Aug 2025 14:02:47 +0200 Subject: [PATCH 0848/1548] mbedtls_check_config: remove reference to MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 Signed-off-by: Valerio Setti --- library/mbedtls_check_config.h | 1 - 1 file changed, 1 deletion(-) diff --git a/library/mbedtls_check_config.h b/library/mbedtls_check_config.h index 5e5a5b31db..cf5e981da0 100644 --- a/library/mbedtls_check_config.h +++ b/library/mbedtls_check_config.h @@ -45,7 +45,6 @@ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) || \ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) || \ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) From d95ea27e8c41d2741b6c4d4b48fbfabdb37c87f0 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 3 Jul 2025 13:21:38 +0100 Subject: [PATCH 0849/1548] Create new enum mbedtls_pk_sigalg_t Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/x509_crt.c | 4 ++-- tests/suites/test_suite_x509write.function | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 2129da122d..e2134c594b 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2082,7 +2082,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - ret = mbedtls_pk_verify_new(pk_alg, peer_pk, + ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)pk_alg, peer_pk, md_alg, hash, hashlen, p, sig_len); } else diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 15731ca150..3ee157a8e8 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -300,7 +300,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - if ((ret = mbedtls_pk_verify_new(sig_alg, + if ((ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)sig_alg, &ssl->session_negotiate->peer_cert->pk, md_alg, verify_hash, verify_hash_len, p, signature_len)) == 0) { diff --git a/library/x509_crt.c b/library/x509_crt.c index 7b65b698a3..1b05e017ef 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2061,7 +2061,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCERT_BAD_KEY; } - if (mbedtls_pk_verify_new(crl_list->sig_pk, &ca->pk, + if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)crl_list->sig_pk, &ca->pk, crl_list->sig_md, hash, hash_length, crl_list->sig.p, crl_list->sig.len) != 0) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; @@ -2135,7 +2135,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, (void) rs_ctx; #endif - return mbedtls_pk_verify_new(child->sig_pk, &parent->pk, + return mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)child->sig_pk, &parent->pk, child->sig_md, hash, hash_len, child->sig.p, child->sig.len); } diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index c2ab27b01d..74cca8c5ae 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -40,7 +40,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - if (mbedtls_pk_verify_new(csr.sig_pk, &csr.pk, + if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)csr.sig_pk, &csr.pk, csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; From adf5d537b29c5594467a6871108bbc4b73ba13dc Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 4 Jul 2025 08:50:40 +0100 Subject: [PATCH 0850/1548] Fix code style Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 5 +++-- library/x509_crt.c | 4 ++-- tests/suites/test_suite_x509write.function | 2 +- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index e2134c594b..5488eb04ce 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2082,7 +2082,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)pk_alg, peer_pk, + ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) pk_alg, peer_pk, md_alg, hash, hashlen, p, sig_len); } else diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 3ee157a8e8..7e2daefa74 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -300,7 +300,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - if ((ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)sig_alg, + if ((ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) sig_alg, &ssl->session_negotiate->peer_cert->pk, md_alg, verify_hash, verify_hash_len, p, signature_len)) == 0) { @@ -1144,7 +1144,8 @@ static int ssl_tls13_prepare_finished_message(mbedtls_ssl_context *ssl) ssl->handshake->state_local.finished_out.digest, sizeof(ssl->handshake->state_local.finished_out. digest), - &ssl->handshake->state_local.finished_out.digest_len, + &ssl->handshake->state_local.finished_out. + digest_len, ssl->conf->endpoint); if (ret != 0) { diff --git a/library/x509_crt.c b/library/x509_crt.c index 1b05e017ef..c2d86176ed 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2061,7 +2061,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCERT_BAD_KEY; } - if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)crl_list->sig_pk, &ca->pk, + if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) crl_list->sig_pk, &ca->pk, crl_list->sig_md, hash, hash_length, crl_list->sig.p, crl_list->sig.len) != 0) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; @@ -2135,7 +2135,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, (void) rs_ctx; #endif - return mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)child->sig_pk, &parent->pk, + return mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) child->sig_pk, &parent->pk, child->sig_md, hash, hash_len, child->sig.p, child->sig.len); } diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 74cca8c5ae..087088ead9 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -40,7 +40,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)csr.sig_pk, &csr.pk, + if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) csr.sig_pk, &csr.pk, csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; From 500e497c059f6949acb992b1788177f6881b326d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 7 Jul 2025 07:56:50 +0100 Subject: [PATCH 0851/1548] Fix code style issues Signed-off-by: Ben Taylor --- library/x509_crt.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index c2d86176ed..ac36a0f1e7 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1663,25 +1663,25 @@ int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path) #if !defined(MBEDTLS_X509_REMOVE_INFO) #define PRINT_ITEM(i) \ - do { \ - ret = mbedtls_snprintf(p, n, "%s" i, sep); \ - MBEDTLS_X509_SAFE_SNPRINTF; \ - sep = ", "; \ - } while (0) + do { \ + ret = mbedtls_snprintf(p, n, "%s" i, sep); \ + MBEDTLS_X509_SAFE_SNPRINTF; \ + sep = ", "; \ + } while (0) #define CERT_TYPE(type, name) \ - do { \ - if (ns_cert_type & (type)) { \ - PRINT_ITEM(name); \ - } \ - } while (0) + do { \ + if (ns_cert_type & (type)) { \ + PRINT_ITEM(name); \ + } \ + } while (0) #define KEY_USAGE(code, name) \ - do { \ - if (key_usage & (code)) { \ - PRINT_ITEM(name); \ - } \ - } while (0) + do { \ + if (key_usage & (code)) { \ + PRINT_ITEM(name); \ + } \ + } while (0) static int x509_info_ext_key_usage(char **buf, size_t *size, const mbedtls_x509_sequence *extended_key_usage) From b2eecc621d31b066ac08e92dfaaa094483bfba3a Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 7 Jul 2025 14:18:37 +0100 Subject: [PATCH 0852/1548] switch to mbedtls_pk_sigalg_t Signed-off-by: Ben Taylor --- include/mbedtls/x509_crl.h | 2 +- include/mbedtls/x509_crt.h | 2 +- include/mbedtls/x509_csr.h | 2 +- library/x509.c | 10 +++++----- library/x509_create.c | 4 ++-- library/x509_crt.c | 8 ++++---- library/x509_internal.h | 6 +++--- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- 9 files changed, 19 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index e59d16502d..095cb5d9a5 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -82,7 +82,7 @@ typedef struct mbedtls_x509_crl { mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2); mbedtls_x509_buf MBEDTLS_PRIVATE(sig); mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ + mbedtls_pk_sigalg_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ /** Next element in the linked list of CRL. * \p NULL indicates the end of the list. diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index a3f07892f6..bf418a6851 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -81,7 +81,7 @@ typedef struct mbedtls_x509_crt { mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part signed with the private key. */ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ + mbedtls_pk_sigalg_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ /** Next certificate in the linked list that constitutes the CA chain. * \p NULL indicates the end of the list. diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index bed1c953e5..b11539440c 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -55,7 +55,7 @@ typedef struct mbedtls_x509_csr { mbedtls_x509_buf sig_oid; mbedtls_x509_buf MBEDTLS_PRIVATE(sig); mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ + mbedtls_pk_sigalg_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ } mbedtls_x509_csr; diff --git a/library/x509.c b/library/x509.c index 03ca1b72e6..14f9ba59b3 100644 --- a/library/x509.c +++ b/library/x509.c @@ -717,16 +717,16 @@ int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x5 * Get signature algorithm from alg OID and optional parameters */ int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg) + mbedtls_md_type_t *md_alg, mbedtls_pk_sigalg_t *pk_alg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) { + if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, (mbedtls_pk_type_t*)pk_alg)) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret); } #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if (*pk_alg == MBEDTLS_PK_RSASSA_PSS) { + if (*pk_alg == MBEDTLS_PK_SIGALG_RSA_PSS) { mbedtls_md_type_t mgf1_hash_id; int expected_salt_len; @@ -1039,7 +1039,7 @@ int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *ser * Helper for writing signature algorithms */ int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, - mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg) + mbedtls_pk_sigalg_t pk_alg, mbedtls_md_type_t md_alg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; char *p = buf; @@ -1055,7 +1055,7 @@ int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *si MBEDTLS_X509_SAFE_SNPRINTF; #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { + if (pk_alg == MBEDTLS_PK_SIGALG_RSA_PSS) { const char *name = md_type_to_string(md_alg); if (name != NULL) { ret = mbedtls_snprintf(p, n, " (%s)", name); diff --git a/library/x509_create.c b/library/x509_create.c index 09ac69d00b..370eb9b2e1 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -646,7 +646,7 @@ int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size, - mbedtls_pk_type_t pk_alg) + mbedtls_pk_sigalg_t pk_alg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int write_null_par; @@ -672,7 +672,7 @@ int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, // Write OID // - if (pk_alg == MBEDTLS_PK_ECDSA) { + if (pk_alg == MBEDTLS_PK_SIGALG_ECDSA) { /* * The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature * algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and diff --git a/library/x509_crt.c b/library/x509_crt.c index ac36a0f1e7..ded1317b0e 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -188,9 +188,9 @@ static int x509_profile_check_md_alg(const mbedtls_x509_crt_profile *profile, * Return 0 if pk_alg is acceptable for this profile, -1 otherwise */ static int x509_profile_check_pk_alg(const mbedtls_x509_crt_profile *profile, - mbedtls_pk_type_t pk_alg) + mbedtls_pk_sigalg_t pk_alg) { - if (pk_alg == MBEDTLS_PK_NONE) { + if (pk_alg == MBEDTLS_PK_SIGALG_NONE) { return -1; } @@ -2121,7 +2121,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, } /* Skip expensive computation on obvious mismatch */ - if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) { + if (!mbedtls_pk_can_do(&parent->pk, (mbedtls_pk_type_t) child->sig_pk)) { return -1; } @@ -3057,7 +3057,7 @@ static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt, /* Check the type and size of the key */ pk_type = mbedtls_pk_get_type(&crt->pk); - if (x509_profile_check_pk_alg(profile, pk_type) != 0) { + if (x509_profile_check_pk_alg(profile, (mbedtls_pk_sigalg_t)pk_type) != 0) { ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; } diff --git a/library/x509_internal.h b/library/x509_internal.h index 8160270be1..b44b957f9b 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -35,7 +35,7 @@ int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, #endif int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig); int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); + mbedtls_md_type_t *md_alg, mbedtls_pk_sigalg_t *pk_alg); int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, mbedtls_x509_time *t); int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, @@ -44,7 +44,7 @@ int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag); #if !defined(MBEDTLS_X509_REMOVE_INFO) int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, - mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg); + mbedtls_pk_sigalg_t pk_alg, mbedtls_md_type_t md_alg); #endif int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name); int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, @@ -57,7 +57,7 @@ int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size, - mbedtls_pk_type_t pk_alg); + mbedtls_pk_sigalg_t pk_alg); int mbedtls_x509_get_ns_cert_type(unsigned char **p, const unsigned char *end, unsigned char *ns_cert_type); diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 09c2328b1a..93cdd2c151 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -587,7 +587,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, c2 = buf + size; MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c, sig_oid, sig_oid_len, - sig, sig_len, pk_alg)); + sig, sig_len, (mbedtls_pk_sigalg_t)pk_alg)); /* * Memory layout after this step: diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 88adf794f7..9040d63ed4 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -249,7 +249,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, c2 = buf + size; MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len, - sig, sig_len, pk_alg)); + sig, sig_len, (mbedtls_pk_sigalg_t)pk_alg)); /* * Compact the space between the CSR data and signature by moving the From 1c118a564dce57e63e43feee688ecd1e5ea62120 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 10:40:08 +0100 Subject: [PATCH 0853/1548] reverted enum in pk_verify_new Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/x509_crt.c | 4 ++-- tests/suites/test_suite_x509write.function | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 5488eb04ce..2129da122d 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2082,7 +2082,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) pk_alg, peer_pk, + ret = mbedtls_pk_verify_new(pk_alg, peer_pk, md_alg, hash, hashlen, p, sig_len); } else diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 7e2daefa74..e88c00a564 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -300,7 +300,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - if ((ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) sig_alg, + if ((ret = mbedtls_pk_verify_new(sig_alg, &ssl->session_negotiate->peer_cert->pk, md_alg, verify_hash, verify_hash_len, p, signature_len)) == 0) { diff --git a/library/x509_crt.c b/library/x509_crt.c index ded1317b0e..ed85d06636 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2061,7 +2061,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCERT_BAD_KEY; } - if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) crl_list->sig_pk, &ca->pk, + if (mbedtls_pk_verify_new((mbedtls_pk_type_t) crl_list->sig_pk, &ca->pk, crl_list->sig_md, hash, hash_length, crl_list->sig.p, crl_list->sig.len) != 0) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; @@ -2135,7 +2135,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, (void) rs_ctx; #endif - return mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) child->sig_pk, &parent->pk, + return mbedtls_pk_verify_new((mbedtls_pk_type_t) child->sig_pk, &parent->pk, child->sig_md, hash, hash_len, child->sig.p, child->sig.len); } diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 087088ead9..cb372014cd 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -40,7 +40,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) csr.sig_pk, &csr.pk, + if (mbedtls_pk_verify_new((mbedtls_pk_type_t) csr.sig_pk, &csr.pk, csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; From 8e832b6594e9985a559cec9e2babe977f3bfaf89 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 13:30:05 +0100 Subject: [PATCH 0854/1548] Add sigalg types to x509_crt.c Signed-off-by: Ben Taylor --- library/x509_crt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index ed85d06636..dca46792a0 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2126,7 +2126,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, } #if defined(MBEDTLS_ECP_RESTARTABLE) - if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) { + if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_SIGALG_ECDSA) { return mbedtls_pk_verify_restartable(&parent->pk, child->sig_md, hash, hash_len, child->sig.p, child->sig.len, &rs_ctx->pk); From 7573321f61ff6e6b29f6b9907473406a19104919 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 5 Aug 2025 14:14:18 +0100 Subject: [PATCH 0855/1548] Fix style issues Signed-off-by: Ben Taylor --- library/x509.c | 2 +- library/x509_crt.c | 32 ++++++++++++++++---------------- library/x509write_crt.c | 3 ++- library/x509write_csr.c | 2 +- 4 files changed, 20 insertions(+), 19 deletions(-) diff --git a/library/x509.c b/library/x509.c index 14f9ba59b3..b8f2847437 100644 --- a/library/x509.c +++ b/library/x509.c @@ -721,7 +721,7 @@ int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509 { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, (mbedtls_pk_type_t*)pk_alg)) != 0) { + if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, (mbedtls_pk_type_t *) pk_alg)) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret); } diff --git a/library/x509_crt.c b/library/x509_crt.c index dca46792a0..dde6513927 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1663,25 +1663,25 @@ int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path) #if !defined(MBEDTLS_X509_REMOVE_INFO) #define PRINT_ITEM(i) \ - do { \ - ret = mbedtls_snprintf(p, n, "%s" i, sep); \ - MBEDTLS_X509_SAFE_SNPRINTF; \ - sep = ", "; \ - } while (0) + do { \ + ret = mbedtls_snprintf(p, n, "%s" i, sep); \ + MBEDTLS_X509_SAFE_SNPRINTF; \ + sep = ", "; \ + } while (0) #define CERT_TYPE(type, name) \ - do { \ - if (ns_cert_type & (type)) { \ - PRINT_ITEM(name); \ - } \ - } while (0) + do { \ + if (ns_cert_type & (type)) { \ + PRINT_ITEM(name); \ + } \ + } while (0) #define KEY_USAGE(code, name) \ - do { \ - if (key_usage & (code)) { \ - PRINT_ITEM(name); \ - } \ - } while (0) + do { \ + if (key_usage & (code)) { \ + PRINT_ITEM(name); \ + } \ + } while (0) static int x509_info_ext_key_usage(char **buf, size_t *size, const mbedtls_x509_sequence *extended_key_usage) @@ -3057,7 +3057,7 @@ static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt, /* Check the type and size of the key */ pk_type = mbedtls_pk_get_type(&crt->pk); - if (x509_profile_check_pk_alg(profile, (mbedtls_pk_sigalg_t)pk_type) != 0) { + if (x509_profile_check_pk_alg(profile, (mbedtls_pk_sigalg_t) pk_type) != 0) { ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; } diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 93cdd2c151..e1d5758f7c 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -587,7 +587,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, c2 = buf + size; MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c, sig_oid, sig_oid_len, - sig, sig_len, (mbedtls_pk_sigalg_t)pk_alg)); + sig, sig_len, + (mbedtls_pk_sigalg_t) pk_alg)); /* * Memory layout after this step: diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 9040d63ed4..5b2a17b0bc 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -249,7 +249,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, c2 = buf + size; MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len, - sig, sig_len, (mbedtls_pk_sigalg_t)pk_alg)); + sig, sig_len, (mbedtls_pk_sigalg_t) pk_alg)); /* * Compact the space between the CSR data and signature by moving the From df6a6eacedcc9f6af094a4a1e5eeb22e379e97b2 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 6 Aug 2025 08:08:10 +0100 Subject: [PATCH 0856/1548] Add ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove_mbedtls_pk_type.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/remove_mbedtls_pk_type.txt diff --git a/ChangeLog.d/remove_mbedtls_pk_type.txt b/ChangeLog.d/remove_mbedtls_pk_type.txt new file mode 100644 index 0000000000..0ad38e0a50 --- /dev/null +++ b/ChangeLog.d/remove_mbedtls_pk_type.txt @@ -0,0 +1,4 @@ + +Removals + * Remove mbedtls_pk_type_t from the public interface and replace it with + mbedtls_pk_sigalg_t. From 563d360a9bcdac46d2e2f7b5fe4786ad87eaacd9 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 6 Aug 2025 08:22:25 +0100 Subject: [PATCH 0857/1548] Fix ChangeLog format Signed-off-by: Ben Taylor --- ChangeLog.d/remove_mbedtls_pk_type.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/ChangeLog.d/remove_mbedtls_pk_type.txt b/ChangeLog.d/remove_mbedtls_pk_type.txt index 0ad38e0a50..4b33d1e110 100644 --- a/ChangeLog.d/remove_mbedtls_pk_type.txt +++ b/ChangeLog.d/remove_mbedtls_pk_type.txt @@ -1,4 +1,3 @@ - Removals * Remove mbedtls_pk_type_t from the public interface and replace it with mbedtls_pk_sigalg_t. From 6816fd781e89e3fa83a7d5ba363edb74d9fb4de8 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 6 Aug 2025 13:50:24 +0100 Subject: [PATCH 0858/1548] Adjust for change in mbedtls_pk_verify_new function prototype Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/x509_crt.c | 4 ++-- tests/suites/test_suite_x509write.function | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 2129da122d..5488eb04ce 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2082,7 +2082,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - ret = mbedtls_pk_verify_new(pk_alg, peer_pk, + ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) pk_alg, peer_pk, md_alg, hash, hashlen, p, sig_len); } else diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index e88c00a564..7e2daefa74 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -300,7 +300,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - if ((ret = mbedtls_pk_verify_new(sig_alg, + if ((ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) sig_alg, &ssl->session_negotiate->peer_cert->pk, md_alg, verify_hash, verify_hash_len, p, signature_len)) == 0) { diff --git a/library/x509_crt.c b/library/x509_crt.c index dde6513927..9ac9658009 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2061,7 +2061,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCERT_BAD_KEY; } - if (mbedtls_pk_verify_new((mbedtls_pk_type_t) crl_list->sig_pk, &ca->pk, + if (mbedtls_pk_verify_new(crl_list->sig_pk, &ca->pk, crl_list->sig_md, hash, hash_length, crl_list->sig.p, crl_list->sig.len) != 0) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; @@ -2135,7 +2135,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, (void) rs_ctx; #endif - return mbedtls_pk_verify_new((mbedtls_pk_type_t) child->sig_pk, &parent->pk, + return mbedtls_pk_verify_new(child->sig_pk, &parent->pk, child->sig_md, hash, hash_len, child->sig.p, child->sig.len); } diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index cb372014cd..c2ab27b01d 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -40,7 +40,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - if (mbedtls_pk_verify_new((mbedtls_pk_type_t) csr.sig_pk, &csr.pk, + if (mbedtls_pk_verify_new(csr.sig_pk, &csr.pk, csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; From 8b3b7e5cacdde75f9a650d2739d7183f6cd4526f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 6 Aug 2025 15:23:33 +0100 Subject: [PATCH 0859/1548] Update further type mismatches Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/x509_crt.c | 4 ++-- tests/suites/test_suite_x509write.function | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 5488eb04ce..2129da122d 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2082,7 +2082,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) pk_alg, peer_pk, + ret = mbedtls_pk_verify_new(pk_alg, peer_pk, md_alg, hash, hashlen, p, sig_len); } else diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 7e2daefa74..e88c00a564 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -300,7 +300,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - if ((ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) sig_alg, + if ((ret = mbedtls_pk_verify_new(sig_alg, &ssl->session_negotiate->peer_cert->pk, md_alg, verify_hash, verify_hash_len, p, signature_len)) == 0) { diff --git a/library/x509_crt.c b/library/x509_crt.c index 9ac9658009..e6b9252859 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2061,7 +2061,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCERT_BAD_KEY; } - if (mbedtls_pk_verify_new(crl_list->sig_pk, &ca->pk, + if (mbedtls_pk_verify_ext(crl_list->sig_pk, &ca->pk, crl_list->sig_md, hash, hash_length, crl_list->sig.p, crl_list->sig.len) != 0) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; @@ -2135,7 +2135,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, (void) rs_ctx; #endif - return mbedtls_pk_verify_new(child->sig_pk, &parent->pk, + return mbedtls_pk_verify_ext(child->sig_pk, &parent->pk, child->sig_md, hash, hash_len, child->sig.p, child->sig.len); } diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index c2ab27b01d..000c09a950 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -40,7 +40,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - if (mbedtls_pk_verify_new(csr.sig_pk, &csr.pk, + if (mbedtls_pk_verify_ext(csr.sig_pk, &csr.pk, csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; From 8dfed9fc15527c44f4dc22988300565dcf626ada Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 6 Aug 2025 15:46:21 +0100 Subject: [PATCH 0860/1548] Remove pointer cast in mbedtls_x509_oid_get_sig_alg Signed-off-by: Ben Taylor --- library/x509.c | 2 +- library/x509_oid.c | 34 +++++++++++++++++----------------- library/x509_oid.h | 4 ++-- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- 5 files changed, 22 insertions(+), 22 deletions(-) diff --git a/library/x509.c b/library/x509.c index b8f2847437..1adff8fafc 100644 --- a/library/x509.c +++ b/library/x509.c @@ -721,7 +721,7 @@ int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509 { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, (mbedtls_pk_type_t *) pk_alg)) != 0) { + if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret); } diff --git a/library/x509_oid.c b/library/x509_oid.c index d69fd513ba..cc0063bcd3 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -381,7 +381,7 @@ FN_OID_GET_ATTR1(mbedtls_x509_oid_get_certificate_policies, typedef struct { mbedtls_x509_oid_descriptor_t descriptor; mbedtls_md_type_t md_alg; - mbedtls_pk_type_t pk_alg; + mbedtls_pk_sigalg_t pk_alg; } oid_sig_alg_t; static const oid_sig_alg_t oid_sig_alg[] = @@ -390,47 +390,47 @@ static const oid_sig_alg_t oid_sig_alg[] = #if defined(PSA_WANT_ALG_MD5) { OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5"), - MBEDTLS_MD_MD5, MBEDTLS_PK_RSA, + MBEDTLS_MD_MD5, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, }, #endif /* PSA_WANT_ALG_MD5 */ #if defined(PSA_WANT_ALG_SHA_1) { OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA1, "sha-1WithRSAEncryption", "RSA with SHA1"), - MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, + MBEDTLS_MD_SHA1, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, }, #endif /* PSA_WANT_ALG_SHA_1 */ #if defined(PSA_WANT_ALG_SHA_224) { OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA224, "sha224WithRSAEncryption", "RSA with SHA-224"), - MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA, + MBEDTLS_MD_SHA224, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, }, #endif /* PSA_WANT_ALG_SHA_224 */ #if defined(PSA_WANT_ALG_SHA_256) { OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA256, "sha256WithRSAEncryption", "RSA with SHA-256"), - MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA, + MBEDTLS_MD_SHA256, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, }, #endif /* PSA_WANT_ALG_SHA_256 */ #if defined(PSA_WANT_ALG_SHA_384) { OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA384, "sha384WithRSAEncryption", "RSA with SHA-384"), - MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA, + MBEDTLS_MD_SHA384, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, }, #endif /* PSA_WANT_ALG_SHA_384 */ #if defined(PSA_WANT_ALG_SHA_512) { OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA512, "sha512WithRSAEncryption", "RSA with SHA-512"), - MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA, + MBEDTLS_MD_SHA512, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, }, #endif /* PSA_WANT_ALG_SHA_512 */ #if defined(PSA_WANT_ALG_SHA_1) { OID_DESCRIPTOR(MBEDTLS_OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1"), - MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, + MBEDTLS_MD_SHA1, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, }, #endif /* PSA_WANT_ALG_SHA_1 */ #endif /* MBEDTLS_RSA_C */ @@ -438,43 +438,43 @@ static const oid_sig_alg_t oid_sig_alg[] = #if defined(PSA_WANT_ALG_SHA_1) { OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA1, "ecdsa-with-SHA1", "ECDSA with SHA1"), - MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA, + MBEDTLS_MD_SHA1, MBEDTLS_PK_SIGALG_ECDSA, }, #endif /* PSA_WANT_ALG_SHA_1 */ #if defined(PSA_WANT_ALG_SHA_224) { OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224"), - MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA, + MBEDTLS_MD_SHA224, MBEDTLS_PK_SIGALG_ECDSA, }, #endif #if defined(PSA_WANT_ALG_SHA_256) { OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA256, "ecdsa-with-SHA256", "ECDSA with SHA256"), - MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA, + MBEDTLS_MD_SHA256, MBEDTLS_PK_SIGALG_ECDSA, }, #endif /* PSA_WANT_ALG_SHA_256 */ #if defined(PSA_WANT_ALG_SHA_384) { OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384"), - MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA, + MBEDTLS_MD_SHA384, MBEDTLS_PK_SIGALG_ECDSA, }, #endif /* PSA_WANT_ALG_SHA_384 */ #if defined(PSA_WANT_ALG_SHA_512) { OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512"), - MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA, + MBEDTLS_MD_SHA512, MBEDTLS_PK_SIGALG_ECDSA, }, #endif /* PSA_WANT_ALG_SHA_512 */ #endif /* PSA_HAVE_ALG_SOME_ECDSA */ #if defined(MBEDTLS_RSA_C) { OID_DESCRIPTOR(MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS"), - MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS, + MBEDTLS_MD_NONE, MBEDTLS_PK_SIGALG_RSA_PSS, }, #endif /* MBEDTLS_RSA_C */ { NULL_OID_DESCRIPTOR, - MBEDTLS_MD_NONE, MBEDTLS_PK_NONE, + MBEDTLS_MD_NONE, MBEDTLS_PK_SIGALG_NONE, }, }; @@ -494,14 +494,14 @@ FN_OID_GET_ATTR2(mbedtls_x509_oid_get_sig_alg, sig_alg, mbedtls_md_type_t, md_alg, - mbedtls_pk_type_t, + mbedtls_pk_sigalg_t, pk_alg) #endif /* MBEDTLS_X509_USE_C */ #if defined(MBEDTLS_X509_CRT_WRITE_C) || defined(MBEDTLS_X509_CSR_WRITE_C) FN_OID_GET_OID_BY_ATTR2(mbedtls_x509_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, - mbedtls_pk_type_t, + mbedtls_pk_sigalg_t, pk_alg, mbedtls_md_type_t, md_alg) diff --git a/library/x509_oid.h b/library/x509_oid.h index 8d5e1bbff1..0752953aac 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -80,7 +80,7 @@ int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); + mbedtls_md_type_t *md_alg, mbedtls_pk_sigalg_t *pk_alg); #if !defined(MBEDTLS_X509_REMOVE_INFO) /** @@ -106,7 +106,7 @@ int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char ** * * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID */ -int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, +int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_sigalg_t pk_alg, mbedtls_md_type_t md_alg, const char **oid, size_t *olen); #endif /* MBEDTLS_X509_CRT_WRITE_C || MBEDTLS_X509_CSR_WRITE_C */ diff --git a/library/x509write_crt.c b/library/x509write_crt.c index e1d5758f7c..1f8a006de6 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -416,7 +416,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, return MBEDTLS_ERR_X509_INVALID_ALG; } - if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, + if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg((mbedtls_pk_sigalg_t) pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len)) != 0) { return ret; } diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 5b2a17b0bc..8e37278f95 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -230,7 +230,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, return MBEDTLS_ERR_X509_INVALID_ALG; } - if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, + if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg((mbedtls_pk_sigalg_t) pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len)) != 0) { return ret; } From 602fa5dd99435a637b162fbe598eab958e7f02b0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 7 Aug 2025 10:18:40 +0200 Subject: [PATCH 0861/1548] changelog: add note about EC curves support removal in TLS Signed-off-by: Valerio Setti --- ChangeLog.d/secp256k1-removal.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/secp256k1-removal.txt diff --git a/ChangeLog.d/secp256k1-removal.txt b/ChangeLog.d/secp256k1-removal.txt new file mode 100644 index 0000000000..9933b8e7a9 --- /dev/null +++ b/ChangeLog.d/secp256k1-removal.txt @@ -0,0 +1,3 @@ +Removals + * Support for secp192k1, secp192r1, secp224k1 and secp224r1 EC curves is + removed from TLS. From ed0db45b635d30eb6c122e25213b093658567fbd Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 7 Aug 2025 09:40:42 +0100 Subject: [PATCH 0862/1548] Completely remove sig_algs_heap_allocated Signed-off-by: Ben Taylor --- library/ssl_misc.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 245b1f4af1..ed0f7ab2c5 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -714,7 +714,6 @@ struct mbedtls_ssl_handshake_params { #if !defined(MBEDTLS_DEPRECATED_REMOVED) unsigned char group_list_heap_allocated; - unsigned char sig_algs_heap_allocated; #endif #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) @@ -2317,7 +2316,6 @@ static inline const void *mbedtls_ssl_get_sig_algs( #if !defined(MBEDTLS_DEPRECATED_REMOVED) if (ssl->handshake != NULL && - ssl->handshake->sig_algs_heap_allocated == 1 && ssl->handshake->sig_algs != NULL) { return ssl->handshake->sig_algs; } From 5a27010faba8c2c4f9d56a6c86444746314c2c87 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 8 Aug 2025 08:33:03 +0100 Subject: [PATCH 0863/1548] Remove group_list_heap_allocated Signed-off-by: Ben Taylor --- library/ssl_misc.h | 4 ---- library/ssl_tls.c | 9 --------- 2 files changed, 13 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index ed0f7ab2c5..e3ec3686e5 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -712,10 +712,6 @@ struct mbedtls_ssl_handshake_params { unsigned char retransmit_state; /*!< Retransmission state */ #endif -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - unsigned char group_list_heap_allocated; -#endif - #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) uint8_t ecrs_enabled; /*!< Handshake supports EC restart? */ enum { /* this complements ssl->state with info on intra-state operations */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f7d7d9d269..a957482ce5 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4368,15 +4368,6 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) return; } -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - if (ssl->handshake->group_list_heap_allocated) { - mbedtls_free((void *) handshake->group_list); - } - handshake->group_list = NULL; -#endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) handshake->sig_algs = NULL; From 6569cc63dedbd634506dc8aae97bc02f2426cf5e Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Mon, 11 Aug 2025 09:12:37 +0100 Subject: [PATCH 0864/1548] Update framework pointer Signed-off-by: Felix Conway --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index ae71e1e43f..52691f95e9 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit ae71e1e43f0dbb7ff54a6dcdd4ddc89ba4c2b600 +Subproject commit 52691f95e9235dff461836a2c440e70d44661a7f From 37a4281710919381289fa2b432c46c2e99937765 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 11 Aug 2025 12:52:49 +0200 Subject: [PATCH 0865/1548] tests: configuration_crypto: fix selection of EC/DH group to accelerate Some EC/DH group might be disabled in default configuration in "crypto_config.h" so before running "helper_get_psa_key_type_list" and/or "helper_get_psa_curve_list" it's better to set/unset what's required for that test component and only then parse the enabled groups. Signed-off-by: Valerio Setti --- .../components-configuration-crypto.sh | 138 +++++++++--------- 1 file changed, 71 insertions(+), 67 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index af1b91440e..8e9df371cf 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -553,17 +553,17 @@ component_test_psa_crypto_config_ffdh_2048_only () { component_test_psa_crypto_config_accel_ecdsa () { msg "build: accelerated ECDSA" - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - # Configure # --------- # Start from default config + TLS 1.3 helper_libtestdriver1_adjust_config "default" + # Algorithms and key types to accelerate + loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ + $(helper_get_psa_key_type_list "ECC") \ + $(helper_get_psa_curve_list)" + # Disable the module that's accelerated scripts/config.py unset MBEDTLS_ECDSA_C @@ -595,17 +595,17 @@ component_test_psa_crypto_config_accel_ecdsa () { component_test_psa_crypto_config_accel_ecdh () { msg "build: accelerated ECDH" - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDH \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - # Configure # --------- # Start from default config (no USE_PSA) helper_libtestdriver1_adjust_config "default" + # Algorithms and key types to accelerate + loc_accel_list="ALG_ECDH \ + $(helper_get_psa_key_type_list "ECC") \ + $(helper_get_psa_curve_list)" + # Disable the module that's accelerated scripts/config.py unset MBEDTLS_ECDH_C @@ -636,17 +636,17 @@ component_test_psa_crypto_config_accel_ecdh () { component_test_psa_crypto_config_accel_ffdh () { msg "build: full with accelerated FFDH" - # Algorithms and key types to accelerate - loc_accel_list="ALG_FFDH \ - $(helper_get_psa_key_type_list "DH") \ - $(helper_get_psa_dh_group_list)" - # Configure # --------- # start with full (USE_PSA and TLS 1.3) helper_libtestdriver1_adjust_config "full" + # Algorithms and key types to accelerate + loc_accel_list="ALG_FFDH \ + $(helper_get_psa_key_type_list "DH") \ + $(helper_get_psa_dh_group_list)" + # Build # ----- @@ -685,15 +685,15 @@ component_test_psa_crypto_config_reference_ffdh () { component_test_psa_crypto_config_accel_pake () { msg "build: full with accelerated PAKE" - loc_accel_list="ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - # Configure # --------- helper_libtestdriver1_adjust_config "full" + loc_accel_list="ALG_JPAKE \ + $(helper_get_psa_key_type_list "ECC") \ + $(helper_get_psa_curve_list)" + # Make built-in fallback not available scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED @@ -718,6 +718,12 @@ component_test_psa_crypto_config_accel_pake () { component_test_psa_crypto_config_accel_ecc_some_key_types () { msg "build: full with accelerated EC algs and some key types" + # Configure + # --------- + + # start with config full for maximum coverage (also enables USE_PSA) + helper_libtestdriver1_adjust_config "full" + # Algorithms and key types to accelerate # For key types, use an explicitly list to omit GENERATE (and DERIVE) loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ @@ -729,12 +735,6 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { KEY_TYPE_ECC_KEY_PAIR_EXPORT \ $(helper_get_psa_curve_list)" - # Configure - # --------- - - # start with config full for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - # Disable modules that are accelerated - some will be re-enabled scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECDH_C @@ -789,7 +789,26 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { msg "build: crypto_full minus PK with accelerated EC algs and $desc curves" - # Note: Curves are handled in a special way by the libtestdriver machinery, + # Configure + # --------- + + # Start with config crypto_full and remove PK_C: + # that's what's supported now, see docs/driver-only-builds.md. + helper_libtestdriver1_adjust_config "crypto_full" + scripts/config.py unset MBEDTLS_PK_C + scripts/config.py unset MBEDTLS_PK_PARSE_C + scripts/config.py unset MBEDTLS_PK_WRITE_C + + # Disable modules that are accelerated - some will be re-enabled + scripts/config.py unset MBEDTLS_ECDSA_C + scripts/config.py unset MBEDTLS_ECDH_C + scripts/config.py unset MBEDTLS_ECJPAKE_C + scripts/config.py unset MBEDTLS_ECP_C + + # Disable all curves - those that aren't accelerated should be re-enabled + helper_disable_builtin_curves + + # Note: Curves are handled in a special way by the libtestdriver machinery, # so we only want to include them in the accel list when building the main # libraries, hence the use of a separate variable. # Note: the following loop is a modified version of @@ -819,25 +838,6 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { $(helper_get_psa_key_type_list "ECC") \ $loc_curve_list" - # Configure - # --------- - - # Start with config crypto_full and remove PK_C: - # that's what's supported now, see docs/driver-only-builds.md. - helper_libtestdriver1_adjust_config "crypto_full" - scripts/config.py unset MBEDTLS_PK_C - scripts/config.py unset MBEDTLS_PK_PARSE_C - scripts/config.py unset MBEDTLS_PK_WRITE_C - - # Disable modules that are accelerated - some will be re-enabled - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECDH_C - scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py unset MBEDTLS_ECP_C - - # Disable all curves - those that aren't accelerated should be re-enabled - helper_disable_builtin_curves - # Restartable feature is not yet supported by PSA. Once it will in # the future, the following line could be removed (see issues # 6061, 6332 and following ones) @@ -884,7 +884,11 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { # ------------- msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves" - make test + # make test + ( + cd tf-psa-crypto/tests + ./test_suite_psa_crypto_driver_wrappers + ) } component_test_psa_crypto_config_accel_ecc_weierstrass_curves () { @@ -928,6 +932,12 @@ config_psa_crypto_config_ecp_light_only () { component_test_psa_crypto_config_accel_ecc_ecp_light_only () { msg "build: full with accelerated EC algs" + # Configure + # --------- + + # Use the same config as reference, only without built-in EC algs + config_psa_crypto_config_ecp_light_only 1 + # Algorithms and key types to accelerate loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ ALG_ECDH \ @@ -935,12 +945,6 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () { $(helper_get_psa_key_type_list "ECC") \ $(helper_get_psa_curve_list)" - # Configure - # --------- - - # Use the same config as reference, only without built-in EC algs - config_psa_crypto_config_ecp_light_only 1 - # Do not disable builtin curves because that support is required for: # - MBEDTLS_PK_PARSE_EC_EXTENDED # - MBEDTLS_PK_PARSE_EC_COMPRESSED @@ -1032,13 +1036,6 @@ config_psa_crypto_no_ecp_at_all () { component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { msg "build: full + accelerated EC algs - ECP" - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - ALG_ECDH \ - ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - # Configure # --------- @@ -1047,6 +1044,13 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { # Disable all the builtin curves. All the required algs are accelerated. helper_disable_builtin_curves + # Algorithms and key types to accelerate + loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ + ALG_ECDH \ + ALG_JPAKE \ + $(helper_get_psa_key_type_list "ECC") \ + $(helper_get_psa_curve_list)" + # Build # ----- @@ -1183,6 +1187,14 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { msg "build: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" + # Configure + # --------- + + # Set common configurations between library's and driver's builds + config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$test_target" + # Disable all the builtin curves. All the required algs are accelerated. + helper_disable_builtin_curves + # By default we accelerate all EC keys/algs loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ ALG_ECDH \ @@ -1197,14 +1209,6 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { $(helper_get_psa_dh_group_list)" fi - # Configure - # --------- - - # Set common configurations between library's and driver's builds - config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$test_target" - # Disable all the builtin curves. All the required algs are accelerated. - helper_disable_builtin_curves - # Build # ----- From 981a0c46b2cb2487f90d90b65269e519474b5f86 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 12 Aug 2025 11:31:11 +0200 Subject: [PATCH 0866/1548] tests: remove leftover from debug session and extra spaces Signed-off-by: Valerio Setti --- tests/scripts/components-configuration-crypto.sh | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 8e9df371cf..cd8bd24563 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -808,7 +808,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { # Disable all curves - those that aren't accelerated should be re-enabled helper_disable_builtin_curves - # Note: Curves are handled in a special way by the libtestdriver machinery, + # Note: Curves are handled in a special way by the libtestdriver machinery, # so we only want to include them in the accel list when building the main # libraries, hence the use of a separate variable. # Note: the following loop is a modified version of @@ -884,11 +884,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { # ------------- msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves" - # make test - ( - cd tf-psa-crypto/tests - ./test_suite_psa_crypto_driver_wrappers - ) + make test } component_test_psa_crypto_config_accel_ecc_weierstrass_curves () { From 1b70084bd9ef584a8facfb4d4eb061b20d38938e Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Mon, 10 Mar 2025 18:51:20 +0100 Subject: [PATCH 0867/1548] TF-PSA-Crypto submodule link fixup Signed-off-by: Anton Matkin --- library/ssl_tls.c | 5 ++--- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- tests/suites/test_suite_ssl.function | 2 +- tf-psa-crypto | 2 +- 5 files changed, 6 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8cf23f2d3b..76430b593b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1753,12 +1753,11 @@ static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common( size_t user_len = 0; const uint8_t *peer = NULL; size_t peer_len = 0; - psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); + psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); psa_pake_cs_set_primitive(&cipher_suite, PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256)); - psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); status = psa_pake_setup(&ssl->handshake->psa_pake_ctx, pwd, &cipher_suite); if (status != PSA_SUCCESS) { @@ -1809,7 +1808,7 @@ int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl, } psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); + psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); status = psa_import_key(&attributes, pw, pw_len, diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 1ce4e46b1c..ae77a173fb 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2059,7 +2059,7 @@ int main(int argc, char *argv[]) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); + psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); status = psa_import_key(&attributes, diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c5f22c4116..3b07c8d368 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3336,7 +3336,7 @@ int main(int argc, char *argv[]) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); + psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); status = psa_import_key(&attributes, diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 3335e5c84e..3fbeac2479 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3973,7 +3973,7 @@ void ssl_ecjpake_set_password(int use_opaque_arg) /* First try with an invalid usage */ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); + psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); PSA_ASSERT(psa_import_key(&attributes, pwd_string, diff --git a/tf-psa-crypto b/tf-psa-crypto index 71adc72ae3..bd17dc8bcc 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 71adc72ae31bd6096741955be12422d41355c5fb +Subproject commit bd17dc8bcc4cbb00c7bd3481a107a2b0e940d277 From e8073180ac995f4c4dc3efe8f70a955ea01f33f8 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Thu, 13 Mar 2025 15:10:52 +0100 Subject: [PATCH 0868/1548] Create a changelog entry Signed-off-by: Anton Matkin --- ChangeLog.d/9321.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/9321.txt diff --git a/ChangeLog.d/9321.txt b/ChangeLog.d/9321.txt new file mode 100644 index 0000000000..b6c90e6a0e --- /dev/null +++ b/ChangeLog.d/9321.txt @@ -0,0 +1,3 @@ +Changes + * Use the new `PSA_ALG_XXX` related macros for JPAKE instead of old macros, + which do not conform to the standard PAKE interface \ No newline at end of file From e2c5ca332ff66e655664774799186a46b9a8c74f Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Thu, 3 Apr 2025 13:38:43 +0200 Subject: [PATCH 0869/1548] Fixed the changelog entry, missing trailing newline Signed-off-by: Anton Matkin --- ChangeLog.d/9321.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/9321.txt b/ChangeLog.d/9321.txt index b6c90e6a0e..816817dce8 100644 --- a/ChangeLog.d/9321.txt +++ b/ChangeLog.d/9321.txt @@ -1,3 +1,3 @@ Changes * Use the new `PSA_ALG_XXX` related macros for JPAKE instead of old macros, - which do not conform to the standard PAKE interface \ No newline at end of file + which do not conform to the standard PAKE interface From e8be4ee08ca729348cf031c0de3fdfa701e3ab11 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Mon, 7 Apr 2025 16:26:06 +0200 Subject: [PATCH 0870/1548] Fixed the changelog entry wording Signed-off-by: Anton Matkin --- ChangeLog.d/9321.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/9321.txt b/ChangeLog.d/9321.txt index 816817dce8..672d6e4304 100644 --- a/ChangeLog.d/9321.txt +++ b/ChangeLog.d/9321.txt @@ -1,3 +1,3 @@ Changes - * Use the new `PSA_ALG_XXX` related macros for JPAKE instead of old macros, - which do not conform to the standard PAKE interface + * Use the new `PSA_ALG_XXX` related macros for JPAKE to be conformant to + the PSA API 1.2 PAKE extension \ No newline at end of file From 143d5d8a3a50642bef0af85ed89c50139e1d72e0 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Wed, 9 Apr 2025 12:24:40 +0200 Subject: [PATCH 0871/1548] Deleted the changelog entry as requested Signed-off-by: Anton Matkin --- ChangeLog.d/9321.txt | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 ChangeLog.d/9321.txt diff --git a/ChangeLog.d/9321.txt b/ChangeLog.d/9321.txt deleted file mode 100644 index 672d6e4304..0000000000 --- a/ChangeLog.d/9321.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Use the new `PSA_ALG_XXX` related macros for JPAKE to be conformant to - the PSA API 1.2 PAKE extension \ No newline at end of file From 6eb5335ef0caa8bb77d5ec1b94a1736677acac0a Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Wed, 28 May 2025 20:02:35 +0200 Subject: [PATCH 0872/1548] Fixed issues with policy verification, since wildcard JPAKE policy is now disallowed, changed to concrete jpake algorithm (with SHA256 hash) Signed-off-by: Anton Matkin --- library/ssl_tls.c | 2 +- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- tests/suites/test_suite_ssl.function | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 76430b593b..9144f9222b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1808,7 +1808,7 @@ int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl, } psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE); + psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); status = psa_import_key(&attributes, pw, pw_len, diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index ae77a173fb..40304dd381 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2059,7 +2059,7 @@ int main(int argc, char *argv[]) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE); + psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); status = psa_import_key(&attributes, diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3b07c8d368..64fd45952f 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3336,7 +3336,7 @@ int main(int argc, char *argv[]) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE); + psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); status = psa_import_key(&attributes, diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 3fbeac2479..5b6500898e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3973,7 +3973,7 @@ void ssl_ecjpake_set_password(int use_opaque_arg) /* First try with an invalid usage */ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); - psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE); + psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); PSA_ASSERT(psa_import_key(&attributes, pwd_string, From eca92dcdeb1aee4f1a73f2cd5bf2ee462525475f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 13 Aug 2025 09:50:12 +0200 Subject: [PATCH 0873/1548] Update tf-psa-crypto to current development MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index bd17dc8bcc..f0b51e354b 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit bd17dc8bcc4cbb00c7bd3481a107a2b0e940d277 +Subproject commit f0b51e354bb69071d3fab28650894287fac2348e From a785eea41f6c906db69796babd03b7f0064cf27a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 13 Aug 2025 10:57:46 +0200 Subject: [PATCH 0874/1548] tests: configuration-crypto: enable p192 curves in test_psa_crypto_without_heap Enable p192[k|r]1 curves which are disabled by default in tf-psa-crypto. This is required to get the proper test coverage otherwise there are tests in 'test_suite_psa_crypto_op_fail' that would never be executed. Signed-off-by: Valerio Setti --- tests/scripts/components-configuration-crypto.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index cd8bd24563..f7647415c5 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -95,6 +95,11 @@ component_test_psa_crypto_without_heap() { scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES # EC-JPAKE use calloc/free in PSA core scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + # Enable p192[k|r]1 curves which are disabled by default in tf-psa-crypto. + # This is required to get the proper test coverage otherwise there are + # tests in 'test_suite_psa_crypto_op_fail' that would never be executed. + scripts/config.py set PSA_WANT_ECC_SECP_K1_192 + scripts/config.py set PSA_WANT_ECC_SECP_R1_192 # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H). PSA_SYM_LIST=$(./scripts/config.py -c $CRYPTO_CONFIG_H get-all-enabled PSA_WANT) From 73728d56cf69fb0d0564a9ae1cc5b903dd590f92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 14 Aug 2025 09:30:52 +0200 Subject: [PATCH 0875/1548] Make test more robust MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This will be needed when we change how many times some functions are callled in ecp.c, making them more susceptible to inlining. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/components-configuration-crypto.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index da776e70b8..5a13d5102a 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -854,7 +854,8 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - helper_libtestdriver1_make_main "$loc_accel_list" + # For grep to work below we need less inlining in ecp.c + ASAN_CFLAGS="$ASAN_CFLAGS -O0" helper_libtestdriver1_make_main "$loc_accel_list" # We expect ECDH to be re-enabled for the missing curves grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o From b2ba9fa68b64afeed108dd41f94060edb614f3f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Mon, 18 Aug 2025 11:35:47 +0200 Subject: [PATCH 0876/1548] Simplify runtime version info string methods MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Return a const char* instead of taking a char* as an argument. This aligns us with the interface used in TF PSA Crypto. Signed-off-by: Bence Szépkúti --- ChangeLog.d/runtime-version-interface.txt | 9 +++++++++ include/mbedtls/version.h | 17 ++++------------- library/version.c | 10 ++++------ tests/suites/test_suite_version.function | 10 ++++------ 4 files changed, 21 insertions(+), 25 deletions(-) create mode 100644 ChangeLog.d/runtime-version-interface.txt diff --git a/ChangeLog.d/runtime-version-interface.txt b/ChangeLog.d/runtime-version-interface.txt new file mode 100644 index 0000000000..1cf42665ca --- /dev/null +++ b/ChangeLog.d/runtime-version-interface.txt @@ -0,0 +1,9 @@ +API changes + * Change the signature of the runtime version information methods that took + a char* as an argument to take zero arguments and return a const char* + instead. This aligns us with the interface used in TF PSA Crypto 1.0. + If you need to support linking against both Mbed TLS 3.x and 4.x, please + use the build-time version macros or mbedtls_version_get_number() to + determine the correct signature for mbedtls_version_get_string() and + mbedtls_version_get_string_full() before calling them. + Fixes issue #10308. diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 837787bc7f..4a0b216e3b 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -32,23 +32,14 @@ extern "C" { unsigned int mbedtls_version_get_number(void); /** - * Get the version string ("x.y.z"). - * - * \param string The string that will receive the value. - * (Should be at least 9 bytes in size) + * Get a pointer to the version string ("x.y.z"). */ -void mbedtls_version_get_string(char *string); +const char *mbedtls_version_get_string(void); /** - * Get the full version string ("Mbed TLS x.y.z"). - * - * \param string The string that will receive the value. The Mbed TLS version - * string will use 18 bytes AT MOST including a terminating - * null byte. - * (So the buffer should be at least 18 bytes to receive this - * version string). + * Get a pointer to the full version string ("Mbed TLS x.y.z"). */ -void mbedtls_version_get_string_full(char *string); +const char *mbedtls_version_get_string_full(void); /** * \brief Check if support for a feature was compiled into this diff --git a/library/version.c b/library/version.c index 2cd947da72..e828673c0d 100644 --- a/library/version.c +++ b/library/version.c @@ -17,16 +17,14 @@ unsigned int mbedtls_version_get_number(void) return MBEDTLS_VERSION_NUMBER; } -void mbedtls_version_get_string(char *string) +const char *mbedtls_version_get_string(void) { - memcpy(string, MBEDTLS_VERSION_STRING, - sizeof(MBEDTLS_VERSION_STRING)); + return MBEDTLS_VERSION_STRING; } -void mbedtls_version_get_string_full(char *string) +const char *mbedtls_version_get_string_full(void) { - memcpy(string, MBEDTLS_VERSION_STRING_FULL, - sizeof(MBEDTLS_VERSION_STRING_FULL)); + return MBEDTLS_VERSION_STRING_FULL; } #endif /* MBEDTLS_VERSION_C */ diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function index eeae512626..af0eb86d23 100644 --- a/tests/suites/test_suite_version.function +++ b/tests/suites/test_suite_version.function @@ -38,19 +38,17 @@ void check_compiletime_version(char *version_str) void check_runtime_version(char *version_str) { char build_str[100]; - char get_str[100]; + const char *get_str; char build_str_full[100]; - char get_str_full[100]; + const char *get_str_full; unsigned int get_int; memset(build_str, 0, 100); - memset(get_str, 0, 100); memset(build_str_full, 0, 100); - memset(get_str_full, 0, 100); get_int = mbedtls_version_get_number(); - mbedtls_version_get_string(get_str); - mbedtls_version_get_string_full(get_str_full); + get_str = mbedtls_version_get_string(); + get_str_full = mbedtls_version_get_string_full(); mbedtls_snprintf(build_str, 100, "%u.%u.%u", (get_int >> 24) & 0xFF, From 8616ee762d77123b5dc30500d040920991242e94 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Mon, 18 Aug 2025 11:32:58 +0100 Subject: [PATCH 0877/1548] Change values for error tests Previously these tests used values that will become PSA aliases, and so the tests will fail once they're changed. Signed-off-by: Felix Conway --- tests/suites/test_suite_error.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_error.data b/tests/suites/test_suite_error.data index dec5639ee0..e496841cf0 100644 --- a/tests/suites/test_suite_error.data +++ b/tests/suites/test_suite_error.data @@ -4,11 +4,11 @@ error_strerror:-0x0020:"AES - Invalid key length" Single high error depends_on:MBEDTLS_RSA_C -error_strerror:-0x4080:"RSA - Bad input parameters to function" +error_strerror:-0x4200:"RSA - Key failed to pass the validity check of the library" Low and high error depends_on:MBEDTLS_AES_C:MBEDTLS_RSA_C -error_strerror:-0x40A0:"RSA - Bad input parameters to function \: AES - Invalid key length" +error_strerror:-0x4220:"RSA - Key failed to pass the validity check of the library \: AES - Invalid key length" Non existing high error error_strerror:-0x8880:"UNKNOWN ERROR CODE (8880)" From 783d8adb15a8559c02ef99029775fa0096778b7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Mon, 18 Aug 2025 14:31:34 +0200 Subject: [PATCH 0878/1548] Update CMake linkage tests to new call signature MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- programs/test/cmake_package/cmake_package.c | 5 +---- programs/test/cmake_package_install/cmake_package_install.c | 5 +---- programs/test/cmake_subproject/cmake_subproject.c | 5 +---- 3 files changed, 3 insertions(+), 12 deletions(-) diff --git a/programs/test/cmake_package/cmake_package.c b/programs/test/cmake_package/cmake_package.c index f7d5230f46..cd050e97bc 100644 --- a/programs/test/cmake_package/cmake_package.c +++ b/programs/test/cmake_package/cmake_package.c @@ -18,10 +18,7 @@ * linkage works, but that is all. */ int main() { - /* This version string is 18 bytes long, as advised by version.h. */ - char version[18]; - - mbedtls_version_get_string_full(version); + const char *version = mbedtls_version_get_string_full(); mbedtls_printf("Built against %s\n", version); diff --git a/programs/test/cmake_package_install/cmake_package_install.c b/programs/test/cmake_package_install/cmake_package_install.c index fb68883fee..a63f7dbb0f 100644 --- a/programs/test/cmake_package_install/cmake_package_install.c +++ b/programs/test/cmake_package_install/cmake_package_install.c @@ -19,10 +19,7 @@ * linkage works, but that is all. */ int main() { - /* This version string is 18 bytes long, as advised by version.h. */ - char version[18]; - - mbedtls_version_get_string_full(version); + const char *version = mbedtls_version_get_string_full(); mbedtls_printf("Built against %s\n", version); diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c index efab789553..69b5d0b819 100644 --- a/programs/test/cmake_subproject/cmake_subproject.c +++ b/programs/test/cmake_subproject/cmake_subproject.c @@ -19,10 +19,7 @@ * linkage works, but that is all. */ int main() { - /* This version string is 18 bytes long, as advised by version.h. */ - char version[18]; - - mbedtls_version_get_string_full(version); + const char *version = mbedtls_version_get_string_full(); mbedtls_printf("Built against %s\n", version); From 0e5fe877cc880e19a892c807170edd7af08d0913 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Mon, 18 Aug 2025 14:38:01 +0200 Subject: [PATCH 0879/1548] Update PSASim tests to new call signature MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- tests/psa-client-server/psasim/src/psa_sim_crypto_client.c | 4 ++-- tests/psa-client-server/psasim/src/psa_sim_generate.pl | 4 ++-- tests/psa-client-server/psasim/src/server.c | 3 +-- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 635a70545a..9051f20535 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -73,12 +73,12 @@ int psa_crypto_call(int function, psa_status_t psa_crypto_init(void) { - char mbedtls_version[18]; + const char *mbedtls_version; uint8_t *result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_version_get_string_full(mbedtls_version); + mbedtls_version = mbedtls_version_get_string_full(); CLIENT_PRINT("%s", mbedtls_version); CLIENT_PRINT("My PID: %d", getpid()); diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 3eec226e16..0f4c86f817 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -390,12 +390,12 @@ sub client_calls_header psa_status_t psa_crypto_init(void) { - char mbedtls_version[18]; + const char *mbedtls_version; uint8_t *result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_version_get_string_full(mbedtls_version); + mbedtls_version = mbedtls_version_get_string_full(); CLIENT_PRINT("%s", mbedtls_version); CLIENT_PRINT("My PID: %d", getpid()); diff --git a/tests/psa-client-server/psasim/src/server.c b/tests/psa-client-server/psasim/src/server.c index 44939f1c2a..aa0c75a488 100644 --- a/tests/psa-client-server/psasim/src/server.c +++ b/tests/psa-client-server/psasim/src/server.c @@ -56,8 +56,7 @@ int psa_server_main(int argc, char *argv[]) extern psa_status_t psa_crypto_close(void); #if defined(MBEDTLS_VERSION_C) - char mbedtls_version[18]; - mbedtls_version_get_string_full(mbedtls_version); + const char *mbedtls_version = mbedtls_version_get_string_full(); SERVER_PRINT("%s", mbedtls_version); #endif From 3f523748e097ff530b1886321be560e54473972b Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 18 Aug 2025 13:47:50 +0100 Subject: [PATCH 0880/1548] Add const to serial argument in mbedtls_x509write_crt_set_serial_raw Signed-off-by: Ben Taylor --- include/mbedtls/x509_crt.h | 2 +- library/x509write_crt.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index bf418a6851..bbe5fc45cf 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -956,7 +956,7 @@ void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version) * is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) */ int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx, - unsigned char *serial, size_t serial_len); + const unsigned char *serial, size_t serial_len); /** * \brief Set the validity period for a Certificate diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 1f8a006de6..663b308d62 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -94,7 +94,7 @@ int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, } int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx, - unsigned char *serial, size_t serial_len) + const unsigned char *serial, size_t serial_len) { if (serial_len > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) { return MBEDTLS_ERR_X509_BAD_INPUT_DATA; From 37ede2c3b4b96987b525e22878564b0d489da84a Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Mon, 18 Aug 2025 14:46:39 +0100 Subject: [PATCH 0881/1548] Unify generic errors to PSA errors Signed-off-by: Felix Conway --- include/mbedtls/net_sockets.h | 12 +++---- include/mbedtls/pkcs7.h | 8 ++--- include/mbedtls/ssl.h | 66 +++++++++++++++++------------------ include/mbedtls/x509.h | 10 +++--- include/mbedtls/x509_crt.h | 28 +++++++-------- include/mbedtls/x509_csr.h | 8 ++--- 6 files changed, 66 insertions(+), 66 deletions(-) diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index 8e69bc0fb3..f4eb683d3a 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -53,7 +53,7 @@ /** Failed to get an IP address for the given hostname. */ #define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /** Buffer is too small to hold the data. */ -#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 +#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL PSA_ERROR_BUFFER_TOO_SMALL /** The context is invalid, eg because it was free()ed. */ #define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /** Polling the net context failed. */ @@ -147,11 +147,11 @@ int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char * * can be NULL if client_ip is null * * \return 0 if successful, or - * MBEDTLS_ERR_NET_SOCKET_FAILED, - * MBEDTLS_ERR_NET_BIND_FAILED, - * MBEDTLS_ERR_NET_ACCEPT_FAILED, or - * MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small, - * MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to + * #MBEDTLS_ERR_NET_SOCKET_FAILED, + * #MBEDTLS_ERR_NET_BIND_FAILED, + * #MBEDTLS_ERR_NET_ACCEPT_FAILED, or + * #PSA_ERROR_BUFFER_TOO_SMALL if buf_size is too small, + * #MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to * non-blocking and accept() would block. */ int mbedtls_net_accept(mbedtls_net_context *bind_ctx, diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index e9b482208e..cf9e4407ce 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -53,11 +53,11 @@ #define MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO -0x5480 /**< The PKCS #7 content info is invalid or cannot be parsed. */ #define MBEDTLS_ERR_PKCS7_INVALID_ALG -0x5500 /**< The algorithm tag or value is invalid or cannot be parsed. */ #define MBEDTLS_ERR_PKCS7_INVALID_CERT -0x5580 /**< The certificate tag or value is invalid or cannot be parsed. */ -#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE -0x5600 /**< Error parsing the signature */ +#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE PSA_ERROR_INVALID_SIGNATURE /**< Error parsing the signature */ #define MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO -0x5680 /**< Error parsing the signer's info */ -#define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA -0x5700 /**< Input invalid. */ -#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED -0x5780 /**< Allocation of memory failed. */ -#define MBEDTLS_ERR_PKCS7_VERIFY_FAIL -0x5800 /**< Verification Failed */ +#define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA PSA_ERROR_INVALID_ARGUMENT /**< Input invalid. */ +#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY /**< Allocation of memory failed. */ +#define MBEDTLS_ERR_PKCS7_VERIFY_FAIL PSA_ERROR_INVALID_SIGNATURE /**< Verification Failed */ #define MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID -0x5880 /**< The PKCS #7 date issued/expired dates are invalid */ /* \} name */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 628d5c7e71..ab3f256913 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -44,7 +44,7 @@ /** The requested feature is not available. */ #define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /** Bad input parameters to function. */ -#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 +#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA PSA_ERROR_INVALID_ARGUMENT /** Verification of the message MAC failed. */ #define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 /** An invalid SSL record was received. */ @@ -105,7 +105,7 @@ /** Cache entry not found */ #define MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND -0x7E80 /** Memory allocation failed */ -#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 +#define MBEDTLS_ERR_SSL_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY /** Hardware acceleration function returned with error */ #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /** Hardware acceleration function skipped / left alone data */ @@ -129,7 +129,7 @@ /** DTLS client must retry for hello verification */ #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /** A buffer is too small to receive or write a message */ -#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 +#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL PSA_ERROR_BUFFER_TOO_SMALL /* Error space gap */ /** No data of requested type currently available on underlying transport. */ #define MBEDTLS_ERR_SSL_WANT_READ -0x6900 @@ -1912,7 +1912,7 @@ void mbedtls_ssl_init(mbedtls_ssl_context *ssl); * \param ssl SSL context * \param conf SSL configuration to use * - * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY if * memory allocation failed */ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, @@ -1924,7 +1924,7 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, * pointers and data. * * \param ssl SSL context - * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY or MBEDTLS_ERR_SSL_HW_ACCEL_FAILED */ int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl); @@ -2579,14 +2579,14 @@ void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf, * milliseconds. * * \return 0 on success, - * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if an input is not valid. + * #PSA_ERROR_INVALID_ARGUMENT if an input is not valid. */ static inline int mbedtls_ssl_session_get_ticket_creation_time( mbedtls_ssl_session *session, mbedtls_ms_time_t *ticket_creation_time) { if (session == NULL || ticket_creation_time == NULL || session->MBEDTLS_PRIVATE(endpoint) != MBEDTLS_SSL_IS_SERVER) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + return PSA_ERROR_INVALID_ARGUMENT; } *ticket_creation_time = session->MBEDTLS_PRIVATE(ticket_creation_time); @@ -2937,8 +2937,8 @@ void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf, * \note An internal copy is made, so the info buffer can be reused. * * \return 0 on success, - * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client, - * MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory. + * #PSA_ERROR_INVALID_ARGUMENT if used on client, + * #PSA_ERROR_INSUFFICIENT_MEMORY if out of memory. */ int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl, const unsigned char *info, @@ -3175,8 +3175,8 @@ int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session * \param len The size of the serialized data in bytes. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid. + * \return #PSA_ERROR_INSUFFICIENT_MEMORY if memory allocation failed. + * \return #PSA_ERROR_INVALID_ARGUMENT if input data is invalid. * \return #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data * was generated in a different version or configuration of * Mbed TLS. @@ -3215,7 +3215,7 @@ int mbedtls_ssl_session_load(mbedtls_ssl_session *session, * tickets. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small. + * \return #PSA_ERROR_BUFFER_TOO_SMALL if \p buf is too small. * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the * MBEDTLS_SSL_SESSION_TICKETS configuration option is disabled * and the session is a TLS 1.3 session. @@ -3348,7 +3348,7 @@ void mbedtls_ssl_conf_tls13_key_exchange_modes(mbedtls_ssl_config *conf, * record headers. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p len + * \return #PSA_ERROR_INVALID_ARGUMENT if \p len * is too large. */ int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len, @@ -3495,7 +3495,7 @@ void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf, * \param own_cert own public certificate chain * \param pk_key own private key * - * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED + * \return 0 on success or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf, mbedtls_x509_crt *own_cert, @@ -3744,8 +3744,8 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, * #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME * for more details. * - * \return 0 if successful, #MBEDTLS_ERR_SSL_ALLOC_FAILED on - * allocation failure, #MBEDTLS_ERR_SSL_BAD_INPUT_DATA on + * \return 0 if successful, #PSA_ERROR_INSUFFICIENT_MEMORY on + * allocation failure, #PSA_ERROR_INVALID_ARGUMENT on * too long input hostname. * * Hostname set to the one provided on success (cleared @@ -3805,7 +3805,7 @@ const unsigned char *mbedtls_ssl_get_hs_sni(mbedtls_ssl_context *ssl, * \param own_cert own public certificate chain * \param pk_key own private key * - * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED + * \return 0 on success or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl, mbedtls_x509_crt *own_cert, @@ -3934,7 +3934,7 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque(mbedtls_ssl_context *ssl, * the lifetime of the table must be at least as long as the * lifetime of the SSL configuration structure. * - * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. + * \return 0 on success, or #PSA_ERROR_INVALID_ARGUMENT. */ int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char *const *protos); @@ -4001,7 +4001,7 @@ void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf, * (excluding the terminating MBEDTLS_TLS_SRTP_UNSET). * * \return 0 on success - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of + * \return #PSA_ERROR_INVALID_ARGUMENT when the list of * protection profiles is incorrect. */ int mbedtls_ssl_conf_dtls_srtp_protection_profiles @@ -4021,7 +4021,7 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles * is ignored. * * \return 0 on success - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA + * \return #PSA_ERROR_INVALID_ARGUMENT * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE */ int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl, @@ -4166,7 +4166,7 @@ void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, * MBEDTLS_SSL_MAX_FRAG_LEN_512, MBEDTLS_SSL_MAX_FRAG_LEN_1024, * MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096) * - * \return 0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA + * \return 0 if successful or #PSA_ERROR_INVALID_ARGUMENT */ int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code); #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ @@ -4892,7 +4892,7 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len); * fragment length (either the built-in limit or the one set * or negotiated with the peer), then: * - with TLS, less bytes than requested are written. - * - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned. + * - with DTLS, #PSA_ERROR_INVALID_ARGUMENT is returned. * \c mbedtls_ssl_get_max_out_record_payload() may be used to * query the active maximum fragment length. * @@ -4976,7 +4976,7 @@ int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl); * \param len maximum number of bytes to read * * \return The (positive) number of bytes read if successful. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid. + * \return #PSA_ERROR_INVALID_ARGUMENT if input data is invalid. * \return #MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA if it is not * possible to read early data for the SSL context \p ssl. Note * that this function is intended to be called for an SSL @@ -5082,10 +5082,10 @@ int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl, * * \param ssl The SSL context to query * - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if this function is called + * \return #PSA_ERROR_INVALID_ARGUMENT if this function is called * from the server-side. * - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if this function is called + * \return #PSA_ERROR_INVALID_ARGUMENT if this function is called * prior to completion of the handshake. * * \return #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED if the client @@ -5134,7 +5134,7 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl); * * \note This feature is currently only available under certain * conditions, see the documentation of the return value - * #MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details. + * #PSA_ERROR_INVALID_ARGUMENT for details. * * \note When this function succeeds, it calls * mbedtls_ssl_session_reset() on \p ssl which as a result is @@ -5159,15 +5159,15 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl); * to determine the necessary size by calling this function * with \p buf set to \c NULL and \p buf_len to \c 0. However, * the value of \p olen is only guaranteed to be correct when - * the function returns #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL or + * the function returns #PSA_ERROR_BUFFER_TOO_SMALL or * \c 0. If the return value is different, then the value of * \p olen is undefined. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small. - * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed + * \return #PSA_ERROR_BUFFER_TOO_SMALL if \p buf is too small. + * \return #PSA_ERROR_INSUFFICIENT_MEMORY if memory allocation failed * while resetting the context. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in + * \return #PSA_ERROR_INVALID_ARGUMENT if a handshake is in * progress, or there is pending data for reading or sending, * or the connection does not use DTLS 1.2 with an AEAD * ciphersuite, or renegotiation is enabled. @@ -5240,10 +5240,10 @@ int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl, * \param len The size of the serialized data in bytes. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed. + * \return #PSA_ERROR_INSUFFICIENT_MEMORY if memory allocation failed. * \return #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data * comes from a different Mbed TLS version or build. - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid. + * \return #PSA_ERROR_INVALID_ARGUMENT if input data is invalid. */ int mbedtls_ssl_context_load(mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -5352,7 +5352,7 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * context_len are ignored and a 0-length context is used. * * \return 0 on success. - * \return MBEDTLS_ERR_SSL_BAD_INPUT_DATA if the handshake is not yet completed. + * \return #PSA_ERROR_INVALID_ARGUMENT if the handshake is not yet completed. * \return An SSL-specific error on failure. */ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index b1a80e3011..a021a7d996 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -58,7 +58,7 @@ /** The date tag or value is invalid. */ #define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 /** The signature tag or value invalid. */ -#define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480 +#define MBEDTLS_ERR_X509_INVALID_SIGNATURE PSA_ERROR_INVALID_SIGNATURE /** The extension tag or value is invalid. */ #define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500 /** CRT/CRL/CSR has an unsupported version number. */ @@ -68,17 +68,17 @@ /** Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */ #define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680 /** Certificate verification failed, e.g. CRL, CA or signature check failed. */ -#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700 +#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED PSA_ERROR_INVALID_SIGNATURE /** Format not recognized as DER or PEM. */ #define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 /** Input invalid. */ -#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 +#define MBEDTLS_ERR_X509_BAD_INPUT_DATA PSA_ERROR_INVALID_ARGUMENT /** Allocation of memory failed. */ -#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 +#define MBEDTLS_ERR_X509_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY /** Read/write of file failed. */ #define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 /** Destination buffer is too small. */ -#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 +#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL PSA_ERROR_BUFFER_TOO_SMALL /** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */ #define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 /** \} name X509 Error codes */ diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index bf418a6851..6b81652bb0 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -234,7 +234,7 @@ mbedtls_x509write_cert; * \param ctx Certificate context to use * \param san_list List of SAN values * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY * * \note "dnsName", "uniformResourceIdentifier", "IP address", * "otherName", and "DirectoryName", as defined in RFC 5280, @@ -610,7 +610,7 @@ int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, * other than fatal error, as a non-zero return code * immediately aborts the verification process. For fatal * errors, a specific error code should be used (different - * from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not + * from #PSA_ERROR_INVALID_SIGNATURE which should not * be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR * can be used if no better code is available. * @@ -653,7 +653,7 @@ int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, * * \return \c 0 if the chain is valid with respect to the * passed CN, CAs, CRLs and security profile. - * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the + * \return #PSA_ERROR_INVALID_SIGNATURE in case the * certificate chain verification failed. In this case, * \c *flags will have one or more * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX @@ -694,7 +694,7 @@ int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, * * \return \c 0 if the chain is valid with respect to the * passed CN, CAs, CRLs and security profile. - * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the + * \return #PSA_ERROR_INVALID_SIGNATURE in case the * certificate chain verification failed. In this case, * \c *flags will have one or more * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX @@ -826,7 +826,7 @@ int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, * that bit MAY be set. * * \return 0 is these uses of the certificate are allowed, - * MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension + * #PSA_ERROR_INVALID_ARGUMENT if the keyUsage extension * is present but does not match the usage argument. * * \note You should only call this function on leaf certificates, on @@ -845,7 +845,7 @@ int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()). * * \return 0 if this use of the certificate is allowed, - * MBEDTLS_ERR_X509_BAD_INPUT_DATA if not. + * #PSA_ERROR_INVALID_ARGUMENT if not. * * \note Usually only makes sense on leaf certificates. */ @@ -952,7 +952,7 @@ void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version) * input buffer * * \return 0 if successful, or - * MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer + * #PSA_ERROR_INVALID_ARGUMENT if the provided input buffer * is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) */ int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx, @@ -1041,7 +1041,7 @@ void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_ty * \param val value of the extension OCTET STRING * \param val_len length of the value data * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, const char *oid, size_t oid_len, @@ -1057,7 +1057,7 @@ int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, * certificate (only for CA certificates, -1 is * unlimited) * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, int is_ca, int max_pathlen); @@ -1070,7 +1070,7 @@ int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, * * \param ctx CRT context to use * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx); @@ -1081,7 +1081,7 @@ int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx * * \param ctx CRT context to use * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx); #endif /* PSA_WANT_ALG_SHA_1 */ @@ -1093,7 +1093,7 @@ int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *c * \param ctx CRT context to use * \param key_usage key usage flags to set * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, unsigned int key_usage); @@ -1106,7 +1106,7 @@ int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, * \param exts extended key usage extensions to set, a sequence of * MBEDTLS_ASN1_OID objects * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx, const mbedtls_asn1_sequence *exts); @@ -1118,7 +1118,7 @@ int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx, * \param ctx CRT context to use * \param ns_cert_type Netscape Cert Type flags to set * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, unsigned char ns_cert_type); diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index b11539440c..60a553f55d 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -263,7 +263,7 @@ void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_typ * \param ctx CSR context to use * \param key_usage key usage flags to set * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY * * \note The decipherOnly flag from the Key Usage * extension is represented by bit 8 (i.e. @@ -281,7 +281,7 @@ int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned cha * \param ctx CSR context to use * \param san_list List of SAN values * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY * * \note Only "dnsName", "uniformResourceIdentifier" and "otherName", * as defined in RFC 5280, are supported. @@ -296,7 +296,7 @@ int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ct * \param ctx CSR context to use * \param ns_cert_type Netscape Cert Type flags to set * - * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx, unsigned char ns_cert_type); @@ -312,7 +312,7 @@ int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx, * \param val value of the extension OCTET STRING * \param val_len length of the value data * - * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED + * \return 0 if successful, or a #PSA_ERROR_INSUFFICIENT_MEMORY */ int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx, const char *oid, size_t oid_len, From f5b48c3d9c741d3b8e0519eb3a77ae0a5f7ee9ee Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Mon, 18 Aug 2025 14:52:41 +0100 Subject: [PATCH 0882/1548] Add Changelog and documentation Signed-off-by: Felix Conway --- ChangeLog.d/unify-errors.txt | 8 ++++++++ docs/4.0-migration-guide/error-codes.md | 14 ++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 ChangeLog.d/unify-errors.txt diff --git a/ChangeLog.d/unify-errors.txt b/ChangeLog.d/unify-errors.txt new file mode 100644 index 0000000000..3dad7f3b67 --- /dev/null +++ b/ChangeLog.d/unify-errors.txt @@ -0,0 +1,8 @@ +API changes + * Make the following error codes aliases of their PSA equivalents, where + xxx is a module, e.g. X509 or SSL. + MBEDTLS_ERR_xxx_BAD_INPUT_DATA -> PSA_ERROR_INVALID_ARGUMENT + MBEDTLS_ERR_xxx_ALLOC_FAILED -> PSA_ERROR_INSUFFICIENT_MEMORY + MBEDTLS_ERR_xxx_VERIFY_FAILED -> PSA_ERROR_INVALID_SIGNATURE + MBEDTLS_ERR_xxx_INVALID_SIGNATURE -> PSA_ERROR_INVALID_SIGNATURE + MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL -> PSA_ERROR_BUFFER_TOO_SMALL diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md index 074acc04bb..3bcdb8c580 100644 --- a/docs/4.0-migration-guide/error-codes.md +++ b/docs/4.0-migration-guide/error-codes.md @@ -18,6 +18,8 @@ As a consequence, the functions `mbedtls_low_level_strerr()` and `mbedtls_high_l Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface. +#### Specific error codes + | Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) | | ------------------------------ | --------------------------- | | `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` | @@ -25,4 +27,16 @@ Many legacy error codes have been removed in favor of PSA error codes. Generally | `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | +#### General Replacements + +The module-specific error codes in the table below have been replaced with a single PSA error code. Here `xxx` corresponds to all modules (e.g. `X509` or `SSL`) with the specific error code. + +| Legacy constant (Mbed TLS 3.6) | PSA constant (TF-PSA-Crypto 1.0) | +|---------------------------------| ---------------------------------------------- | +| `MBEDTLS_ERR_xxx_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | +| `MBEDTLS_ERR_xxx_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_xxx_VERIFY_FAILED` | `PSA_ERROR_INVALID_SIGNATURE` | +| `MBEDTLS_ERR_xxx_INVALID_SIGNATURE` | `PSA_ERROR_INVALID_SIGNATURE` | +| `MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | + See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules. From f8b4aa135b565c65db8f8336782f7edf9eb5f8e6 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 19 Aug 2025 07:52:48 +0100 Subject: [PATCH 0883/1548] Add ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/509write_crt_set_serial_raw-alignment.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/509write_crt_set_serial_raw-alignment.txt diff --git a/ChangeLog.d/509write_crt_set_serial_raw-alignment.txt b/ChangeLog.d/509write_crt_set_serial_raw-alignment.txt new file mode 100644 index 0000000000..1fc938bdcb --- /dev/null +++ b/ChangeLog.d/509write_crt_set_serial_raw-alignment.txt @@ -0,0 +1,3 @@ +API changes + * Change the serial argument of the mbedtls_x509write_crt_set_serial_raw + function so a const to align with the restof the API. From e984d35590a1fc8351a9b01096fa193cf9c76cb6 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 19 Aug 2025 10:06:27 +0100 Subject: [PATCH 0884/1548] Fix ssl tests expecting old X509 error output Signed-off-by: Felix Conway --- tests/ssl-opt.sh | 98 ++++++++++++++++++++++++------------------------ 1 file changed, 49 insertions(+), 49 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d0278b123c..35afb8fcf9 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5839,7 +5839,7 @@ run_test "Authentication: server badcert, client required" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ -c "send alert level=2 message=48" \ - -c "X509 - Certificate verification failed" + -c "Last error was: \(-0x95\|-149\)" # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA # We don't check that the server receives the alert because it might # detect that its write end of the connection is closed and abort @@ -5854,7 +5854,7 @@ run_test "Authentication: server badcert, client required (1.2)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ -c "send alert level=2 message=48" \ - -c "X509 - Certificate verification failed" + -c "Last error was: \(-0x95\|-149\)" # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA run_test "Authentication: server badcert, client optional" \ @@ -5866,7 +5866,7 @@ run_test "Authentication: server badcert, client optional" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "send alert level=2 message=48" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: server badcert, client optional (1.2)" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -5877,7 +5877,7 @@ run_test "Authentication: server badcert, client optional (1.2)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "send alert level=2 message=48" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: server badcert, client none" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -5888,7 +5888,7 @@ run_test "Authentication: server badcert, client none" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "send alert level=2 message=48" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: server badcert, client none (1.2)" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -5899,7 +5899,7 @@ run_test "Authentication: server badcert, client none (1.2)" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "send alert level=2 message=48" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: server goodcert, client required, no trusted CA" \ "$P_SRV" \ @@ -5930,7 +5930,7 @@ run_test "Authentication: server goodcert, client optional, no trusted CA" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! Certificate verification flags"\ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" \ + -C "Last error was: \(-0x95\|-149\)" \ -C "SSL - No CA Chain is set, but required to operate" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT @@ -5942,7 +5942,7 @@ run_test "Authentication: server goodcert, client optional, no trusted CA (1. -c "! The certificate is not correctly signed by the trusted CA" \ -c "! Certificate verification flags"\ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" \ + -C "Last error was: \(-0x95\|-149\)" \ -C "SSL - No CA Chain is set, but required to operate" run_test "Authentication: server goodcert, client none, no trusted CA" \ @@ -5953,7 +5953,7 @@ run_test "Authentication: server goodcert, client none, no trusted CA" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! Certificate verification flags"\ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" \ + -C "Last error was: \(-0x95\|-149\)" \ -C "SSL - No CA Chain is set, but required to operate" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT @@ -5965,7 +5965,7 @@ run_test "Authentication: server goodcert, client none, no trusted CA (1.2)" -C "! The certificate is not correctly signed by the trusted CA" \ -C "! Certificate verification flags"\ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" \ + -C "Last error was: \(-0x95\|-149\)" \ -C "SSL - No CA Chain is set, but required to operate" # The next few tests check what happens if the server has a valid certificate @@ -5980,7 +5980,7 @@ run_test "Authentication: hostname match, client required" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname match, client required, CA callback" \ "$P_SRV" \ @@ -5992,7 +5992,7 @@ run_test "Authentication: hostname match, client required, CA callback" \ -c "use CA callback for X.509 CRT verification" \ -C "x509_verify_cert() returned -" \ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname mismatch (wrong), client required" \ "$P_SRV" \ @@ -6001,7 +6001,7 @@ run_test "Authentication: hostname mismatch (wrong), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" + -c "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname mismatch (empty), client required" \ "$P_SRV" \ @@ -6010,7 +6010,7 @@ run_test "Authentication: hostname mismatch (empty), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" + -c "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname mismatch (truncated), client required" \ "$P_SRV" \ @@ -6019,7 +6019,7 @@ run_test "Authentication: hostname mismatch (truncated), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" + -c "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname mismatch (last char), client required" \ "$P_SRV" \ @@ -6028,7 +6028,7 @@ run_test "Authentication: hostname mismatch (last char), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" + -c "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname mismatch (trailing), client required" \ "$P_SRV" \ @@ -6037,7 +6037,7 @@ run_test "Authentication: hostname mismatch (trailing), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" + -c "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname mismatch, client optional" \ "$P_SRV" \ @@ -6045,7 +6045,7 @@ run_test "Authentication: hostname mismatch, client optional" \ 0 \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname mismatch, client none" \ "$P_SRV" \ @@ -6055,7 +6055,7 @@ run_test "Authentication: hostname mismatch, client none" \ -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname null, client required" \ "$P_SRV" \ @@ -6066,7 +6066,7 @@ run_test "Authentication: hostname null, client required" \ -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname null, client optional" \ "$P_SRV" \ @@ -6076,7 +6076,7 @@ run_test "Authentication: hostname null, client optional" \ -C "Certificate verification without having set hostname" \ -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname null, client none" \ "$P_SRV" \ @@ -6086,7 +6086,7 @@ run_test "Authentication: hostname null, client none" \ -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname unset, client required" \ "$P_SRV" \ @@ -6098,7 +6098,7 @@ run_test "Authentication: hostname unset, client required" \ -c "get_hostname_for_verification() returned -" \ -C "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname unset, client required, CA callback" \ "$P_SRV" \ @@ -6111,7 +6111,7 @@ run_test "Authentication: hostname unset, client required, CA callback" \ -C "use CA callback for X.509 CRT verification" \ -C "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname unset, client optional" \ "$P_SRV" \ @@ -6121,7 +6121,7 @@ run_test "Authentication: hostname unset, client optional" \ -c "Certificate verification without having set hostname" \ -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname unset, client none" \ "$P_SRV" \ @@ -6131,7 +6131,7 @@ run_test "Authentication: hostname unset, client none" \ -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname unset, client default, server picks cert, 1.2" \ "$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ @@ -6142,7 +6142,7 @@ run_test "Authentication: hostname unset, client default, server picks cert, 1.2 -C "Certificate verification without CN verification" \ -c "get_hostname_for_verification() returned -" \ -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Authentication: hostname unset, client default, server picks cert, 1.3" \ @@ -6154,7 +6154,7 @@ run_test "Authentication: hostname unset, client default, server picks cert, 1.3 -C "Certificate verification without CN verification" \ -c "get_hostname_for_verification() returned -" \ -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" \ "$P_SRV force_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \ @@ -6164,7 +6164,7 @@ run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" \ @@ -6175,7 +6175,7 @@ run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" # The purpose of the next two tests is to test the client's behaviour when receiving a server # certificate with an unsupported elliptic curve. This should usually not happen because @@ -6252,7 +6252,7 @@ run_test "Authentication: client badcert, server required" \ -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ -s "send alert level=2 message=48" \ - -s "X509 - Certificate verification failed" + -s "Last error was: \(-0x95\|-149\)" # We don't check that the client receives the alert because it might # detect that its write end of the connection is closed and abort # before reading the alert message. @@ -6270,7 +6270,7 @@ run_test "Authentication: client cert self-signed and trusted, server require -S "skip parse certificate verify" \ -S "x509_verify_cert() returned" \ -S "! The certificate is not correctly signed" \ - -S "X509 - Certificate verification failed" + -S "Last error was: \(-0x95\|-149\)" run_test "Authentication: client cert not trusted, server required" \ "$P_SRV debug_level=3 auth_mode=required" \ @@ -6286,7 +6286,7 @@ run_test "Authentication: client cert not trusted, server required" \ -s "x509_verify_cert() returned" \ -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ - -s "X509 - Certificate verification failed" + -s "Last error was: \(-0x95\|-149\)" run_test "Authentication: client badcert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ @@ -6303,7 +6303,7 @@ run_test "Authentication: client badcert, server optional" \ -s "! The certificate is not correctly signed by the trusted CA" \ -S "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" + -S "Last error was: \(-0x95\|-149\)" run_test "Authentication: client badcert, server none" \ "$P_SRV debug_level=3 auth_mode=none" \ @@ -6320,7 +6320,7 @@ run_test "Authentication: client badcert, server none" \ -S "! The certificate is not correctly signed by the trusted CA" \ -S "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" + -S "Last error was: \(-0x95\|-149\)" run_test "Authentication: client no cert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ @@ -6336,7 +6336,7 @@ run_test "Authentication: client no cert, server optional" \ -s "! Certificate was missing" \ -S "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" + -S "Last error was: \(-0x95\|-149\)" requires_openssl_tls1_3_with_compatible_ephemeral run_test "Authentication: openssl client no cert, server optional" \ @@ -6347,7 +6347,7 @@ run_test "Authentication: openssl client no cert, server optional" \ -s "skip parse certificate verify" \ -s "! Certificate was missing" \ -S "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" + -S "Last error was: \(-0x95\|-149\)" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client no cert, openssl server optional" \ @@ -6483,7 +6483,7 @@ run_test "Authentication: send CA list in CertificateRequest, client self sig -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ -c "! mbedtls_ssl_handshake returned" \ - -s "X509 - Certificate verification failed" + -s "Last error was: \(-0x95\|-149\)" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: send alt conf DN hints in CertificateRequest" \ @@ -6530,7 +6530,7 @@ run_test "Authentication, CA callback: server badcert, client required" \ -c "x509_verify_cert() returned" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" + -c "Last error was: \(-0x95\|-149\)" run_test "Authentication, CA callback: server badcert, client optional" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -6541,7 +6541,7 @@ run_test "Authentication, CA callback: server badcert, client optional" \ -c "x509_verify_cert() returned" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" run_test "Authentication, CA callback: server badcert, client none" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -6552,7 +6552,7 @@ run_test "Authentication, CA callback: server badcert, client none" \ -C "x509_verify_cert() returned" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" # The purpose of the next two tests is to test the client's behaviour when receiving a server # certificate with an unsupported elliptic curve. This should usually not happen because @@ -6619,7 +6619,7 @@ run_test "Authentication, CA callback: client badcert, server required" \ -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ -s "send alert level=2 message=48" \ - -s "X509 - Certificate verification failed" + -s "Last error was: \(-0x95\|-149\)" # We don't check that the client receives the alert because it might # detect that its write end of the connection is closed and abort # before reading the alert message. @@ -6639,7 +6639,7 @@ run_test "Authentication, CA callback: client cert not trusted, server requir -s "x509_verify_cert() returned" \ -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ - -s "X509 - Certificate verification failed" + -s "Last error was: \(-0x95\|-149\)" run_test "Authentication, CA callback: client badcert, server optional" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \ @@ -6657,7 +6657,7 @@ run_test "Authentication, CA callback: client badcert, server optional" \ -s "! The certificate is not correctly signed by the trusted CA" \ -S "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \ - -S "X509 - Certificate verification failed" + -S "Last error was: \(-0x95\|-149\)" requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer @@ -9498,7 +9498,7 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" + -c "Last error was: \(-0x95\|-149\)" # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE @@ -9518,7 +9518,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_P -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). @@ -9538,7 +9538,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA) -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE @@ -9558,7 +9558,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). @@ -9578,7 +9578,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "X509 - Certificate verification failed" + -C "Last error was: \(-0x95\|-149\)" # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE From 1a1ff64f42de8858680b2262e7bbbd2550d3eebf Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 19 Aug 2025 11:11:58 +0100 Subject: [PATCH 0885/1548] Remove tf-psa-crypto/include/mbedtls/private from Doxygen Signed-off-by: Felix Conway --- doxygen/mbedtls.doxyfile | 1 + 1 file changed, 1 insertion(+) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 04a4f170d0..00e64d05c9 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -8,6 +8,7 @@ EXTRACT_STATIC = YES CASE_SENSE_NAMES = NO INPUT = ../include input ../tf-psa-crypto/include ../tests/include/alt-dummy FILE_PATTERNS = *.h +EXCLUDE = ../tf-psa-crypto/include/mbedtls/private RECURSIVE = YES EXCLUDE_SYMLINKS = YES SOURCE_BROWSER = YES From 24e3388cf3bb50c1d4b762aed63b63de036ffd96 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 19 Aug 2025 16:56:25 +0100 Subject: [PATCH 0886/1548] Clarify use of CC and friends for file generation Add more detail around how generation of configuration-independent files chooses a C compiler. Mention that setting HOSTCC or CC is recommended where there are multiple toolchains. Mention that the fallback location is the cc executable, which may help users troubleshooting when the file generation picks up the wrong toolchain (as in Mbed-TLS/mbedtls#10360). Signed-off-by: David Horstmann --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index fc1536e23c..7981a0236d 100644 --- a/README.md +++ b/README.md @@ -72,7 +72,13 @@ The following tools are required: Depending on your Python installation, you may need to invoke `python` instead of `python3`. To install the packages system-wide, omit the `--user` option. * A C compiler for the host platform, for some test data. -If you are cross-compiling, you must set the `CC` environment variable to a C compiler for the host platform when generating the configuration-independent files. +The scripts that generate the configuration-independent files will look for a host C compiler in the following places (in order of preference): + +1. The `HOSTCC` environment variable. This can be used if `CC` is pointing to a cross-compiler. +2. The `CC` environment variable. +3. An executable called `cc` in the current path. + +Note: If you have multiple toolchains installed, it is recommended to set `CC` or `HOSTCC` to the intended host compiler before generating the files. Any of the following methods are available to generate the configuration-independent files: From f3486e198b94aa9ffe52e3db303ec19fbcbc985c Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 18 Aug 2025 14:09:26 +0100 Subject: [PATCH 0887/1548] components-configuration-crypto.sh: Added setters for MBEDTLS_PSA_CRYPTO_RNG_HASH Signed-off-by: Minos Galanakis --- tests/scripts/components-configuration-crypto.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index f7647415c5..4714194565 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2354,14 +2354,15 @@ component_test_block_cipher_no_decrypt_aesce_armcc () { } component_test_ctr_drbg_aes_256_sha_256 () { - msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" + msg "build: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" scripts/config.py full scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 + scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" + msg "test: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" make test } @@ -2378,15 +2379,16 @@ component_test_ctr_drbg_aes_128_sha_512 () { } component_test_ctr_drbg_aes_128_sha_256 () { - msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" + msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" scripts/config.py full scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 + scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" + msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" make test } From 3492807e0b337925011e16d7d79b25e20709d59d Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 20 Aug 2025 10:26:11 +0100 Subject: [PATCH 0888/1548] Remove component uses of MBEDTLS_ECDSA_DETERMINISTIC Remove all references to MBEDTLS_ECDSA_DETERMINISTIC from components-configuration-crypto.sh. Replace them with PSA_WANT_ALG_DETERMINISTIC_ECDSA. This is safe because: * MBEDTLS_ECDSA_DETERMINISTIC is only ever unset in components in order to avoid errors from disabling its dependency MBEDTLS_HMAC_DRBG_C. * MBEDTLS_ECDSA_DETERMINISTIC is only ever defined in config_adjust_legacy_from_psa.h, and only if PSA_WANT_ALG_DETERMINISTIC_ECDSA is defined. Therefore PSA_WANT_ALG_DETERMINISTIC_ECDSA's dependencies are a superset of MBEDTLS_ECDSA_DETERMINISTIC's dependencies and must include MBEDTLS_HMAC_DRBG_C, so disabling PSA_WANT_ALG_DETERMINISTIC_ECDSA is a sufficient substitute for disabling MBEDTLS_ECDSA_DETERMINISTIC. Signed-off-by: David Horstmann --- tests/scripts/components-configuration-crypto.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index f7647415c5..4d7fceffe3 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -210,7 +210,7 @@ component_test_no_hmac_drbg_use_psa () { msg "build: Full minus HMAC_DRBG, PSA crypto in TLS" scripts/config.py full scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG + scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # requires HMAC_DRBG CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -241,7 +241,7 @@ component_test_psa_external_rng_no_drbg_use_psa () { scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG + scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Requires HMAC_DRBG make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" @@ -293,7 +293,6 @@ component_test_crypto_full_md_light_only () { scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_PKCS7_C # Disable indirect dependencies of MD_C - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Disable things that would auto-enable MD_C scripts/config.py unset MBEDTLS_PKCS5_C @@ -1656,7 +1655,6 @@ config_psa_crypto_hmac_use_psa () { scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_HKDF_C # Dependencies of HMAC_DRBG - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA } From ed7058730a60d473fa8ae5b86393ec34bec79681 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 20 Aug 2025 10:51:23 +0100 Subject: [PATCH 0889/1548] Removed the directory with the programs, and its inclusion in the parent directory CMakeLists.txt file Signed-off-by: Felix Conway --- programs/CMakeLists.txt | 2 +- programs/pkey/CMakeLists.txt | 19 -- programs/pkey/dh_prime.txt | 2 - programs/pkey/gen_key.c | 478 --------------------------------- programs/pkey/pk_sign.c | 154 ----------- programs/pkey/pk_verify.c | 129 --------- programs/pkey/rsa_priv.txt | 8 - programs/pkey/rsa_pub.txt | 2 - programs/pkey/rsa_sign_pss.c | 160 ----------- programs/pkey/rsa_verify_pss.c | 137 ---------- 10 files changed, 1 insertion(+), 1090 deletions(-) delete mode 100644 programs/pkey/CMakeLists.txt delete mode 100644 programs/pkey/dh_prime.txt delete mode 100644 programs/pkey/gen_key.c delete mode 100644 programs/pkey/pk_sign.c delete mode 100644 programs/pkey/pk_verify.c delete mode 100644 programs/pkey/rsa_priv.txt delete mode 100644 programs/pkey/rsa_pub.txt delete mode 100644 programs/pkey/rsa_sign_pss.c delete mode 100644 programs/pkey/rsa_verify_pss.c diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt index 1e5b2a4b67..1aba21b756 100644 --- a/programs/CMakeLists.txt +++ b/programs/CMakeLists.txt @@ -4,7 +4,7 @@ add_custom_target(${programs_target}) if (NOT WIN32) add_subdirectory(fuzz) endif() -add_subdirectory(pkey) + add_subdirectory(ssl) add_subdirectory(test) add_subdirectory(util) diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt deleted file mode 100644 index a2b1836d58..0000000000 --- a/programs/pkey/CMakeLists.txt +++ /dev/null @@ -1,19 +0,0 @@ -set(executables_mbedcrypto - gen_key - pk_sign - pk_verify - rsa_sign_pss - rsa_verify_pss -) -add_dependencies(${programs_target} ${executables_mbedcrypto}) - -foreach(exe IN LISTS executables_mbedcrypto) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables_mbedcrypto} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/pkey/dh_prime.txt b/programs/pkey/dh_prime.txt deleted file mode 100644 index de0c281483..0000000000 --- a/programs/pkey/dh_prime.txt +++ /dev/null @@ -1,2 +0,0 @@ -P = FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF -G = 02 diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c deleted file mode 100644 index ba35534388..0000000000 --- a/programs/pkey/gen_key.c +++ /dev/null @@ -1,478 +0,0 @@ -/* - * Key generation application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "tf-psa-crypto/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_BIGNUM_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_PEM_WRITE_C and/or MBEDTLS_BIGNUM_C " - "not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ -#include "mbedtls/ecdsa.h" -#include "mbedtls/rsa.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#include - -#if !defined(_WIN32) -#include - -#define DEV_RANDOM_THRESHOLD 32 - -static int dev_random_entropy_poll(void *data, unsigned char *output, - size_t len, size_t *olen) -{ - FILE *file; - size_t ret, left = len; - unsigned char *p = output; - ((void) data); - - *olen = 0; - - file = fopen("/dev/random", "rb"); - if (file == NULL) { - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } - - while (left > 0) { - /* /dev/random can return much less than requested. If so, try again */ - ret = fread(p, 1, left, file); - if (ret == 0 && ferror(file)) { - fclose(file); - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } - - p += ret; - left -= ret; - sleep(1); - } - fclose(file); - *olen = len; - - return 0; -} -#endif /* !_WIN32 */ - -#if defined(MBEDTLS_ECP_C) -#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id -#else -#define DFL_EC_CURVE 0 -#endif - -#if !defined(_WIN32) && defined(MBEDTLS_FS_IO) -#define USAGE_DEV_RANDOM \ - " use_dev_random=0|1 default: 0\n" -#else -#define USAGE_DEV_RANDOM "" -#endif /* !_WIN32 && MBEDTLS_FS_IO */ - -#define FORMAT_PEM 0 -#define FORMAT_DER 1 - -#define DFL_TYPE MBEDTLS_PK_RSA -#define DFL_RSA_KEYSIZE 4096 -#define DFL_FILENAME "keyfile.key" -#define DFL_FORMAT FORMAT_PEM -#define DFL_USE_DEV_RANDOM 0 - -#define USAGE \ - "\n usage: gen_key param=<>...\n" \ - "\n acceptable parameters:\n" \ - " type=rsa|ec default: rsa\n" \ - " rsa_keysize=%%d default: 4096\n" \ - " ec_curve=%%s see below\n" \ - " filename=%%s default: keyfile.key\n" \ - " format=pem|der default: pem\n" \ - USAGE_DEV_RANDOM \ - "\n" - - -/* - * global options - */ -struct options { - int type; /* the type of key to generate */ - int rsa_keysize; /* length of key in bits */ - int ec_curve; /* curve identifier for EC keys */ - const char *filename; /* filename of the key file */ - int format; /* the output format to use */ - int use_dev_random; /* use /dev/random as entropy source */ -} opt; - -static int write_private_key(mbedtls_pk_context *key, const char *output_file) -{ - int ret; - FILE *f; - unsigned char output_buf[16000]; - unsigned char *c = output_buf; - size_t len = 0; - - memset(output_buf, 0, 16000); - if (opt.format == FORMAT_PEM) { - if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) { - return ret; - } - - len = strlen((char *) output_buf); - } else { - if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) { - return ret; - } - - len = ret; - c = output_buf + sizeof(output_buf) - len; - } - - if ((f = fopen(output_file, "wb")) == NULL) { - return -1; - } - - if (fwrite(c, 1, len, f) != len) { - fclose(f); - return -1; - } - - fclose(f); - - return 0; -} - -#if defined(MBEDTLS_ECP_C) -static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) -{ - int ret = 0; - - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id( - mbedtls_ecp_keypair_get_group_id(ecp)); - mbedtls_printf("curve: %s\n", curve_info->name); - - mbedtls_ecp_group grp; - mbedtls_ecp_group_init(&grp); - mbedtls_mpi D; - mbedtls_mpi_init(&D); - mbedtls_ecp_point pt; - mbedtls_ecp_point_init(&pt); - mbedtls_mpi X, Y; - mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); - - MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, - (has_private ? &D : NULL), - &pt)); - - unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; - size_t len = 0; - MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( - &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, point_bin, sizeof(point_bin))); - switch (mbedtls_ecp_get_type(&grp)) { - case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: - if ((len & 1) == 0 || point_bin[0] != 0x04) { - /* Point in an unxepected format. This shouldn't happen. */ - ret = -1; - goto cleanup; - } - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); - break; - case MBEDTLS_ECP_TYPE_MONTGOMERY: - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - break; - default: - mbedtls_printf( - "This program does not yet support listing coordinates for this curve type.\n"); - break; - } - - if (has_private) { - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - } - -cleanup: - mbedtls_ecp_group_free(&grp); - mbedtls_mpi_free(&D); - mbedtls_ecp_point_free(&pt); - mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); - return ret; -} -#endif - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_pk_context key; - char buf[1024]; - int i; - char *p, *q; -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; -#endif /* MBEDTLS_RSA_C */ - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "gen_key"; -#if defined(MBEDTLS_ECP_C) - const mbedtls_ecp_curve_info *curve_info; -#endif - - /* - * Set to sane values - */ -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); -#endif /* MBEDTLS_RSA_C */ - - mbedtls_entropy_init(&entropy); - mbedtls_pk_init(&key); - mbedtls_ctr_drbg_init(&ctr_drbg); - memset(buf, 0, sizeof(buf)); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); -#if defined(MBEDTLS_ECP_C) - mbedtls_printf(" available ec_curve values:\n"); - curve_info = mbedtls_ecp_curve_list(); - mbedtls_printf(" %s (default)\n", curve_info->name); - while ((++curve_info)->name != NULL) { - mbedtls_printf(" %s\n", curve_info->name); - } -#endif /* MBEDTLS_ECP_C */ - goto exit; - } - - opt.type = DFL_TYPE; - opt.rsa_keysize = DFL_RSA_KEYSIZE; - opt.ec_curve = DFL_EC_CURVE; - opt.filename = DFL_FILENAME; - opt.format = DFL_FORMAT; - opt.use_dev_random = DFL_USE_DEV_RANDOM; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "type") == 0) { - if (strcmp(q, "rsa") == 0) { - opt.type = MBEDTLS_PK_RSA; - } else if (strcmp(q, "ec") == 0) { - opt.type = MBEDTLS_PK_ECKEY; - } else { - goto usage; - } - } else if (strcmp(p, "format") == 0) { - if (strcmp(q, "pem") == 0) { - opt.format = FORMAT_PEM; - } else if (strcmp(q, "der") == 0) { - opt.format = FORMAT_DER; - } else { - goto usage; - } - } else if (strcmp(p, "rsa_keysize") == 0) { - opt.rsa_keysize = atoi(q); - if (opt.rsa_keysize < 1024 || - opt.rsa_keysize > MBEDTLS_MPI_MAX_BITS) { - goto usage; - } - } -#if defined(MBEDTLS_ECP_C) - else if (strcmp(p, "ec_curve") == 0) { - if ((curve_info = mbedtls_ecp_curve_info_from_name(q)) == NULL) { - goto usage; - } - opt.ec_curve = curve_info->grp_id; - } -#endif - else if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else if (strcmp(p, "use_dev_random") == 0) { - opt.use_dev_random = atoi(q); - if (opt.use_dev_random < 0 || opt.use_dev_random > 1) { - goto usage; - } - } else { - goto usage; - } - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - -#if !defined(_WIN32) && defined(MBEDTLS_FS_IO) - if (opt.use_dev_random) { - if ((ret = mbedtls_entropy_add_source(&entropy, dev_random_entropy_poll, - NULL, DEV_RANDOM_THRESHOLD, - MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_entropy_add_source returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n Using /dev/random, so can take a long time! "); - fflush(stdout); - } -#endif /* !_WIN32 && MBEDTLS_FS_IO */ - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * 1.1. Generate the key - */ - mbedtls_printf("\n . Generating the private key ..."); - fflush(stdout); - - if ((ret = mbedtls_pk_setup(&key, - mbedtls_pk_info_from_type((mbedtls_pk_type_t) opt.type))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret); - goto exit; - } - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) - if (opt.type == MBEDTLS_PK_RSA) { - ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(key), mbedtls_ctr_drbg_random, &ctr_drbg, - opt.rsa_keysize, 65537); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_gen_key returned -0x%04x", - (unsigned int) -ret); - goto exit; - } - } else -#endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_C) - if (opt.type == MBEDTLS_PK_ECKEY) { - ret = mbedtls_ecp_gen_key((mbedtls_ecp_group_id) opt.ec_curve, - mbedtls_pk_ec(key), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecp_gen_key returned -0x%04x", - (unsigned int) -ret); - goto exit; - } - } else -#endif /* MBEDTLS_ECP_C */ - { - mbedtls_printf(" failed\n ! key type not supported\n"); - goto exit; - } - - /* - * 1.2 Print the key - */ - mbedtls_printf(" ok\n . Key information:\n"); - -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key); - - if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 || - (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto exit; - } - - mbedtls_mpi_write_file("N: ", &N, 16, NULL); - mbedtls_mpi_write_file("E: ", &E, 16, NULL); - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - mbedtls_mpi_write_file("P: ", &P, 16, NULL); - mbedtls_mpi_write_file("Q: ", &Q, 16, NULL); - mbedtls_mpi_write_file("DP: ", &DP, 16, NULL); - mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL); - mbedtls_mpi_write_file("QP: ", &QP, 16, NULL); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto exit; - } - } else -#endif - mbedtls_printf(" ! key type not supported\n"); - - /* - * 1.3 Export key - */ - mbedtls_printf(" . Writing key to file..."); - - if ((ret = write_private_key(&key, opt.filename)) != 0) { - mbedtls_printf(" failed\n"); - goto exit; - } - - mbedtls_printf(" ok\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - if (exit_code != MBEDTLS_EXIT_SUCCESS) { -#ifdef MBEDTLS_ERROR_C - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" - %s\n", buf); */ -#else - mbedtls_printf("\n"); -#endif - } - -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); -#endif /* MBEDTLS_RSA_C */ - - mbedtls_pk_free(&key); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} -#endif /* program viability conditions */ diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c deleted file mode 100644 index 4ddb473c0f..0000000000 --- a/programs/pkey/pk_sign.c +++ /dev/null @@ -1,154 +0,0 @@ -/* - * Public key-based signature creation program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "tf-psa-crypto/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_MD_C and/or " - "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ - -#include -#include - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_pk_context pk; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; - char filename[512]; - const char *pers = "mbedtls_pk_sign"; - size_t olen = 0; - - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_pk_init(&pk); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc != 3) { - mbedtls_printf("usage: mbedtls_pk_sign \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . Reading private key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) { - mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]); - goto exit; - } - - /* - * Compute the SHA-256 hash of the input file, - * then calculate the signature of the hash. - */ - mbedtls_printf("\n . Generating the SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[2], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]); - goto exit; - } - - if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, sizeof(buf), &olen)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret); - goto exit; - } - - /* - * Write the signature into .sig - */ - mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]); - - if ((f = fopen(filename, "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", filename); - goto exit; - } - - if (fwrite(buf, 1, olen, f) != olen) { - mbedtls_printf("failed\n ! fwrite failed\n\n"); - fclose(f); - goto exit; - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", filename); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_pk_free(&pk); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, (char *) buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && - PSA_WANT_ALG_SHA_256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c deleted file mode 100644 index 27aff441a1..0000000000 --- a/programs/pkey/pk_verify.c +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Public key-based signature verification program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "tf-psa-crypto/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \ - !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_PK_PARSE_C and/or " - "MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_pk_context pk; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; - char filename[512]; - - mbedtls_pk_init(&pk); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc != 3) { - mbedtls_printf("usage: mbedtls_pk_verify \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Reading public key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Extract the signature from the file - */ - mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]); - - if ((f = fopen(filename, "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", filename); - goto exit; - } - - i = fread(buf, 1, sizeof(buf), f); - - fclose(f); - - /* - * Compute the SHA-256 hash of the input file and - * verify the signature - */ - mbedtls_printf("\n . Verifying the SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[2], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]); - goto exit; - } - - if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, i)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . OK (the signature is valid)\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_pk_free(&pk); - mbedtls_psa_crypto_free(); - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, (char *) buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_priv.txt b/programs/pkey/rsa_priv.txt deleted file mode 100644 index 254fcf8522..0000000000 --- a/programs/pkey/rsa_priv.txt +++ /dev/null @@ -1,8 +0,0 @@ -N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211 -E = 010001 -D = 589552BB4F2F023ADDDD5586D0C8FD857512D82080436678D07F984A29D892D31F1F7000FC5A39A0F73E27D885E47249A4148C8A5653EF69F91F8F736BA9F84841C2D99CD8C24DE8B72B5C9BE0EDBE23F93D731749FEA9CFB4A48DD2B7F35A2703E74AA2D4DB7DE9CEEA7D763AF0ADA7AC176C4E9A22C4CDA65CEC0C65964401 -P = CD083568D2D46C44C40C1FA0101AF2155E59C70B08423112AF0C1202514BBA5210765E29FF13036F56C7495894D80CF8C3BAEE2839BACBB0B86F6A2965F60DB1 -Q = CA0EEEA5E710E8E9811A6B846399420E3AE4A4C16647E426DDF8BBBCB11CD3F35CE2E4B6BCAD07AE2C0EC2ECBFCC601B207CDD77B5673E16382B1130BF465261 -DP = 0D0E21C07BF434B4A83B116472C2147A11D8EB98A33CFBBCF1D275EF19D815941622435AAF3839B6C432CA53CE9E772CFBE1923A937A766FD93E96E6EDEC1DF1 -DQ = 269CEBE6305DFEE4809377F078C814E37B45AE6677114DFC4F76F5097E1F3031D592567AC55B9B98213B40ECD54A4D2361F5FAACA1B1F51F71E4690893C4F081 -QP = 97AC5BB885ABCA314375E9E4DB1BA4B2218C90619F61BD474F5785075ECA81750A735199A8C191FE2D3355E7CF601A70E5CABDE0E02C2538BB9FB4871540B3C1 diff --git a/programs/pkey/rsa_pub.txt b/programs/pkey/rsa_pub.txt deleted file mode 100644 index 1e7ae0c9c9..0000000000 --- a/programs/pkey/rsa_pub.txt +++ /dev/null @@ -1,2 +0,0 @@ -N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211 -E = 010001 diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c deleted file mode 100644 index d94daf3977..0000000000 --- a/programs/pkey/rsa_sign_pss.c +++ /dev/null @@ -1,160 +0,0 @@ -/* - * RSASSA-PSS/SHA-256 signature creation program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "tf-psa-crypto/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(PSA_WANT_ALG_SHA_256) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_RSA_C and/or PSA_WANT_ALG_SHA_256 and/or " - "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/rsa.h" -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_pk_context pk; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - char filename[512]; - const char *pers = "rsa_sign_pss"; - size_t olen = 0; - - mbedtls_entropy_init(&entropy); - mbedtls_pk_init(&pk); - mbedtls_ctr_drbg_init(&ctr_drbg); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc != 3) { - mbedtls_printf("usage: rsa_sign_pss \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf("\n . Reading private key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) { - mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]); - mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret); - goto exit; - } - - if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) { - mbedtls_printf(" failed\n ! Key is not an RSA key\n"); - goto exit; - } - - if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), - MBEDTLS_RSA_PKCS_V21, - MBEDTLS_MD_SHA256)) != 0) { - mbedtls_printf(" failed\n ! Padding not supported\n"); - goto exit; - } - - /* - * Compute the SHA-256 hash of the input file, - * then calculate the RSA signature of the hash. - */ - mbedtls_printf("\n . Generating the RSA/SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[2], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]); - goto exit; - } - - if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, sizeof(buf), &olen)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_sign returned %d\n\n", ret); - goto exit; - } - - /* - * Write the signature into .sig - */ - mbedtls_snprintf(filename, 512, "%s.sig", argv[2]); - - if ((f = fopen(filename, "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", filename); - goto exit; - } - - if (fwrite(buf, 1, olen, f) != olen) { - mbedtls_printf("failed\n ! fwrite failed\n\n"); - fclose(f); - goto exit; - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", filename); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_pk_free(&pk); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C && - PSA_WANT_ALG_SHA_256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c deleted file mode 100644 index 15049203ee..0000000000 --- a/programs/pkey/rsa_verify_pss.c +++ /dev/null @@ -1,137 +0,0 @@ -/* - * RSASSA-PSS/SHA-256 signature verification program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "tf-psa-crypto/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(PSA_WANT_ALG_SHA_256) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_RSA_C and/or PSA_WANT_ALG_SHA_256 and/or " - "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/md.h" -#include "mbedtls/pem.h" -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_pk_context pk; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - char filename[512]; - - mbedtls_pk_init(&pk); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc != 3) { - mbedtls_printf("usage: rsa_verify_pss \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Reading public key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) { - mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]); - mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret); - goto exit; - } - - if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) { - mbedtls_printf(" failed\n ! Key is not an RSA key\n"); - goto exit; - } - - if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), - MBEDTLS_RSA_PKCS_V21, - MBEDTLS_MD_SHA256)) != 0) { - mbedtls_printf(" failed\n ! Invalid padding\n"); - goto exit; - } - - /* - * Extract the RSA signature from the file - */ - mbedtls_snprintf(filename, 512, "%s.sig", argv[2]); - - if ((f = fopen(filename, "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", filename); - goto exit; - } - - i = fread(buf, 1, MBEDTLS_MPI_MAX_SIZE, f); - - fclose(f); - - /* - * Compute the SHA-256 hash of the input file and - * verify the signature - */ - mbedtls_printf("\n . Verifying the RSA/SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[2], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]); - goto exit; - } - - if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, i)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_verify returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf("\n . OK (the signature is valid)\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_pk_free(&pk); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ From 87ae4e6a14c4db5301c78ddb480783ac148d802e Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Wed, 30 Jul 2025 05:46:28 +0200 Subject: [PATCH 0890/1548] Added a changelog entry for the removal Signed-off-by: Anton Matkin --- ChangeLog.d/10285.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/10285.txt diff --git a/ChangeLog.d/10285.txt b/ChangeLog.d/10285.txt new file mode 100644 index 0000000000..dae7e330cd --- /dev/null +++ b/ChangeLog.d/10285.txt @@ -0,0 +1,3 @@ +Removals + * Removed the programs/pkey directory. These will be moved to the + TF-PSA-Crypto repository later. \ No newline at end of file From 5b49f31956c89d7253563fb2237d710b86bc04e8 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Wed, 30 Jul 2025 12:14:30 +0200 Subject: [PATCH 0891/1548] Adjusted the Makefile in the programs directory - removed the pkey programs Signed-off-by: Anton Matkin --- programs/Makefile | 25 ------------------------- 1 file changed, 25 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index a043fe1912..f99021aa69 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -36,11 +36,6 @@ LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs ## Note: Variables cannot be used to define an apps path. This cannot be ## substituted by the script generate_visualc_files.pl. APPS = \ - pkey/gen_key \ - pkey/pk_sign \ - pkey/pk_verify \ - pkey/rsa_sign_pss \ - pkey/rsa_verify_pss \ ../tf-psa-crypto/programs/psa/aead_demo \ ../tf-psa-crypto/programs/psa/crypto_examples \ ../tf-psa-crypto/programs/psa/hmac_demo \ @@ -136,26 +131,6 @@ test/query_config.c: echo " Gen $@" $(PERL) ../scripts/generate_query_config.pl -pkey/gen_key$(EXEXT): pkey/gen_key.c $(DEP) - echo " CC pkey/gen_key.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/gen_key.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/pk_sign$(EXEXT): pkey/pk_sign.c $(DEP) - echo " CC pkey/pk_sign.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/pk_verify$(EXEXT): pkey/pk_verify.c $(DEP) - echo " CC pkey/pk_verify.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_sign_pss$(EXEXT): pkey/rsa_sign_pss.c $(DEP) - echo " CC pkey/rsa_sign_pss.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_verify_pss$(EXEXT): pkey/rsa_verify_pss.c $(DEP) - echo " CC pkey/rsa_verify_pss.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - ../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP) echo " CC psa/aead_demo.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ From 3962284de6e0bf6fe52666a4030db74145822af3 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 20 Aug 2025 11:00:01 +0100 Subject: [PATCH 0892/1548] Update & fix changelog Signed-off-by: Felix Conway --- ChangeLog.d/10285.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/10285.txt b/ChangeLog.d/10285.txt index dae7e330cd..2ac05ab90f 100644 --- a/ChangeLog.d/10285.txt +++ b/ChangeLog.d/10285.txt @@ -1,3 +1,3 @@ Removals - * Removed the programs/pkey directory. These will be moved to the - TF-PSA-Crypto repository later. \ No newline at end of file + * Removed all public key sample programs from the programs/pkey + directory. From 1cf9a1590bf51790af0c30c97d5807e995962221 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 20 Aug 2025 11:00:59 +0100 Subject: [PATCH 0893/1548] Remove programs from gitignore and documentation Signed-off-by: Felix Conway --- programs/.gitignore | 5 ----- programs/README.md | 10 ---------- 2 files changed, 15 deletions(-) diff --git a/programs/.gitignore b/programs/.gitignore index 7eaf38d85b..004dcf22f7 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -8,11 +8,6 @@ hash/md5sum hash/sha1sum hash/sha2sum -pkey/gen_key -pkey/pk_sign -pkey/pk_verify -pkey/rsa_sign_pss -pkey/rsa_verify_pss ssl/dtls_client ssl/dtls_server ssl/mini_client diff --git a/programs/README.md b/programs/README.md index 9239e8a603..b9260bffe9 100644 --- a/programs/README.md +++ b/programs/README.md @@ -3,16 +3,6 @@ Mbed TLS sample programs This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs. -### Generic public-key cryptography (`pk`) examples - -* [`pkey/gen_key.c`](pkey/gen_key.c): generates a key for any of the supported public-key algorithms (RSA or ECC) and writes it to a file that can be used by the other pk sample programs. - -* [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): loads a PEM or DER private/public key file and uses the key to sign/verify a short string. - -### ECDSA and RSA signature examples - -* [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSASSA-PSS algorithm. - ### SSL/TLS sample applications * [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response. From 32e100a573d347147df6596f80b78189c0ee4556 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 21 Aug 2025 08:00:07 +0100 Subject: [PATCH 0894/1548] Renamed and corrected ChangeLog Signed-off-by: Ben Taylor --- ...alignment.txt => x509write_crt_set_serial_raw-alignment.txt} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename ChangeLog.d/{509write_crt_set_serial_raw-alignment.txt => x509write_crt_set_serial_raw-alignment.txt} (59%) diff --git a/ChangeLog.d/509write_crt_set_serial_raw-alignment.txt b/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt similarity index 59% rename from ChangeLog.d/509write_crt_set_serial_raw-alignment.txt rename to ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt index 1fc938bdcb..e04f45a488 100644 --- a/ChangeLog.d/509write_crt_set_serial_raw-alignment.txt +++ b/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt @@ -1,3 +1,3 @@ API changes * Change the serial argument of the mbedtls_x509write_crt_set_serial_raw - function so a const to align with the restof the API. + function to a const to align with the rest of the API. From 5dbc24a25546e5484d21fdf3bb1864098f512aab Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 14 Aug 2025 14:38:15 +0100 Subject: [PATCH 0895/1548] components-configuration-crypto: Removed legacy options. Removed setters for `MBEDTLS_CTR_DRBG_USE_128_BIT_KEY` and `MBEDTLS_ENTROPY_FORCE_SHA256` Signed-off-by: Minos Galanakis --- tests/scripts/components-configuration-crypto.sh | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 4714194565..dd8b49dcfa 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2357,7 +2357,6 @@ component_test_ctr_drbg_aes_256_sha_256 () { msg "build: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" scripts/config.py full scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -2367,28 +2366,27 @@ component_test_ctr_drbg_aes_256_sha_256 () { } component_test_ctr_drbg_aes_128_sha_512 () { - msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" + msg "build: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 (ASan build)" scripts/config.py full scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)" + msg "test: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 (ASan build)" make test } component_test_ctr_drbg_aes_128_sha_256 () { - msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" + msg "build: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" scripts/config.py full scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C - scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY - scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256 + scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" + msg "test: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" make test } From 906950d8dc353351759f12dc88d6a6add273dcc8 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 14 Aug 2025 15:59:53 +0100 Subject: [PATCH 0896/1548] config/depends.py: Removed legacy options. Signed-off-by: Minos Galanakis --- scripts/config.py | 2 -- tests/scripts/depends.py | 2 -- 2 files changed, 4 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index 750ff88c72..20555db846 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -76,12 +76,10 @@ def realfull_adapter(_name, _value, _active): 'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW - 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256 'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS 'MBEDTLS_ECP_WITH_MPI_UINT', # disables the default ECP and is experimental - 'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_HAVE_SSE2', # hardware dependency 'MBEDTLS_MEMORY_BACKTRACE', # depends on MEMORY_BUFFER_ALLOC_C 'MBEDTLS_MEMORY_BUFFER_ALLOC_C', # makes sanitizers (e.g. ASan) less effective diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 513c6413a5..ae88abf1e2 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -316,11 +316,9 @@ def test(self, options): 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED'], 'PSA_WANT_ALG_SHA_224': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', - 'MBEDTLS_ENTROPY_FORCE_SHA256', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY'], 'PSA_WANT_ALG_SHA_256': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', - 'MBEDTLS_ENTROPY_FORCE_SHA256', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', 'MBEDTLS_LMS_C', From a1e867981b0263d02876808160a2f1dd64b998f6 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 18 Aug 2025 10:31:31 +0100 Subject: [PATCH 0897/1548] ssl-opt.sh: Adjust dependency to MBEDTLS_PSA_CRYPTO_C Signed-off-by: Minos Galanakis --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d0278b123c..220e897f6f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -484,7 +484,7 @@ detect_required_features() { *"programs/ssl/dtls_client "*|\ *"programs/ssl/ssl_client1 "*) requires_config_enabled MBEDTLS_CTR_DRBG_C - requires_config_enabled MBEDTLS_ENTROPY_C + requires_config_enabled MBEDTLS_PSA_CRYPTO_C requires_config_enabled MBEDTLS_PEM_PARSE_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_certificate_authentication @@ -494,7 +494,7 @@ detect_required_features() { *"programs/ssl/ssl_pthread_server "*|\ *"programs/ssl/ssl_server "*) requires_config_enabled MBEDTLS_CTR_DRBG_C - requires_config_enabled MBEDTLS_ENTROPY_C + requires_config_enabled MBEDTLS_PSA_CRYPTO_C requires_config_enabled MBEDTLS_PEM_PARSE_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_certificate_authentication From 1eda7487ae08a3a32a1e9f554071c6fbc74195ac Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 21 Aug 2025 15:57:15 +0100 Subject: [PATCH 0898/1548] Updated tf-psa-crypto pointer Signed-off-by: Minos Galanakis Signed-off-by: Ronald Cron --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index f0b51e354b..86060cd714 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit f0b51e354bb69071d3fab28650894287fac2348e +Subproject commit 86060cd714013678ac6483b95c6b9585570b9273 From 8fc000ec2c1e3134293fbaa95cfa4ec003e872aa Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 25 Aug 2025 15:19:59 +0200 Subject: [PATCH 0899/1548] ssl-opt.sh: Fix MBEDTLS_ENTROPY_C dependency adjustment Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 220e897f6f..140409c9cc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -485,6 +485,7 @@ detect_required_features() { *"programs/ssl/ssl_client1 "*) requires_config_enabled MBEDTLS_CTR_DRBG_C requires_config_enabled MBEDTLS_PSA_CRYPTO_C + requires_config_disabled MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG requires_config_enabled MBEDTLS_PEM_PARSE_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_certificate_authentication @@ -495,6 +496,7 @@ detect_required_features() { *"programs/ssl/ssl_server "*) requires_config_enabled MBEDTLS_CTR_DRBG_C requires_config_enabled MBEDTLS_PSA_CRYPTO_C + requires_config_disabled MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG requires_config_enabled MBEDTLS_PEM_PARSE_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_certificate_authentication From aad5f1bedd09e29e45438135d57026bb3a78d2a5 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 25 Aug 2025 15:32:48 +0200 Subject: [PATCH 0900/1548] tests: Prepare to switch to SHA-256 as the default CTR_DRBG hash Ensure that when we switch from SHA-512 to SHA-256 as the default CTR_DRBG hash, we still properly test CTR_DRBG with SHA-512. Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index dd8b49dcfa..17c235bb17 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2353,6 +2353,18 @@ component_test_block_cipher_no_decrypt_aesce_armcc () { not grep aesce_decrypt_block ${BUILTIN_SRC_PATH}/aesce.o } +component_test_ctr_drbg_aes_256_sha_512 () { + msg "build: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512 (ASan build)" + scripts/config.py full + scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512 + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512 (ASan build)" + make test +} + component_test_ctr_drbg_aes_256_sha_256 () { msg "build: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)" scripts/config.py full @@ -2370,6 +2382,7 @@ component_test_ctr_drbg_aes_128_sha_512 () { scripts/config.py full scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 + scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make From a0b1c8c7fb46dc35a328eedf4a8fad823a16e00a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 26 Aug 2025 09:15:18 +0200 Subject: [PATCH 0901/1548] build: Remove CTR_DRBG 128 bits key warnings Signed-off-by: Ronald Cron --- CMakeLists.txt | 21 --------------------- Makefile | 19 ------------------- 2 files changed, 40 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 162373182b..12ddc2738d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -100,17 +100,6 @@ option(USE_SHARED_MBEDTLS_LIBRARY "Build Mbed TLS shared library." OFF) option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF) option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF) -# Warning string - created as a list for compatibility with CMake 2.8 -set(CTR_DRBG_128_BIT_KEY_WARN_L1 "**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!\n") -set(CTR_DRBG_128_BIT_KEY_WARN_L2 "**** Using 128-bit keys for CTR_DRBG limits the security of generated\n") -set(CTR_DRBG_128_BIT_KEY_WARN_L3 "**** keys and operations that use random values generated to 128-bit security\n") - -set(CTR_DRBG_128_BIT_KEY_WARNING "${WARNING_BORDER}" - "${CTR_DRBG_128_BIT_KEY_WARN_L1}" - "${CTR_DRBG_128_BIT_KEY_WARN_L2}" - "${CTR_DRBG_128_BIT_KEY_WARN_L3}" - "${WARNING_BORDER}") - # Python 3 is only needed here to check for configuration warnings. if(NOT CMAKE_VERSION VERSION_LESS 3.15.0) set(Python3_FIND_STRATEGY LOCATION) @@ -124,16 +113,6 @@ else() set(MBEDTLS_PYTHON_EXECUTABLE ${PYTHON_EXECUTABLE}) endif() endif() -if(MBEDTLS_PYTHON_EXECUTABLE) - - # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning - execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/mbedtls_config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY - RESULT_VARIABLE result) - if(${result} EQUAL 0) - message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING}) - endif() - -endif() # We now potentially need to link all executables against PThreads, if available set(CMAKE_THREAD_PREFER_PTHREAD TRUE) diff --git a/Makefile b/Makefile index a580736602..6706143a24 100644 --- a/Makefile +++ b/Makefile @@ -26,7 +26,6 @@ endif .PHONY: all no_test programs lib tests install uninstall clean test check lcov apidoc apidoc_clean all: programs tests - $(MAKE) post_build no_test: programs @@ -146,24 +145,6 @@ uninstall: done endif - -WARNING_BORDER_LONG =**********************************************************************************\n -CTR_DRBG_128_BIT_KEY_WARN_L1=**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined! ****\n -CTR_DRBG_128_BIT_KEY_WARN_L2=**** Using 128-bit keys for CTR_DRBG limits the security of generated ****\n -CTR_DRBG_128_BIT_KEY_WARN_L3=**** keys and operations that use random values generated to 128-bit security ****\n - -CTR_DRBG_128_BIT_KEY_WARNING=\n$(WARNING_BORDER_LONG)$(CTR_DRBG_128_BIT_KEY_WARN_L1)$(CTR_DRBG_128_BIT_KEY_WARN_L2)$(CTR_DRBG_128_BIT_KEY_WARN_L3)$(WARNING_BORDER_LONG) - -# Post build steps -post_build: -ifndef WINDOWS - - # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning - -scripts/config.py get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \ - echo '$(CTR_DRBG_128_BIT_KEY_WARNING)' - -endif - clean: clean_more_on_top $(MAKE) -C library clean $(MAKE) -C programs clean From 7cbeedc6074b2c2a3e1818185a86c324d68cef30 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 26 Aug 2025 17:26:45 +0100 Subject: [PATCH 0902/1548] Remove uses of the -c $CRYPTO_CONFIG_H idiom This is no longer needed as config.py knows where the crypto config file is these days. Signed-off-by: David Horstmann --- .../components-configuration-crypto.sh | 68 +++++++++---------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 4d7fceffe3..d422bf8edb 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -82,19 +82,19 @@ component_test_psa_crypto_without_heap() { msg "crypto without heap: build libtestdriver1" # Disable PSA features that cannot be accelerated and whose builtin support # requires calloc/free. - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_HKDF" - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_PBKDF2_" - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_TLS12_" + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + scripts/config.py unset-all "^PSA_WANT_ALG_HKDF" + scripts/config.py unset-all "^PSA_WANT_ALG_PBKDF2_" + scripts/config.py unset-all "^PSA_WANT_ALG_TLS12_" # RSA key support requires ASN1 parse/write support for testing, but ASN1 # is disabled below. - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_KEY_TYPE_RSA_" - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_RSA_" + scripts/config.py unset-all "^PSA_WANT_KEY_TYPE_RSA_" + scripts/config.py unset-all "^PSA_WANT_ALG_RSA_" # DES requires built-in support for key generation (parity check) so it # cannot be accelerated - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES + scripts/config.py unset PSA_WANT_KEY_TYPE_DES # EC-JPAKE use calloc/free in PSA core - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + scripts/config.py unset PSA_WANT_ALG_JPAKE # Enable p192[k|r]1 curves which are disabled by default in tf-psa-crypto. # This is required to get the proper test coverage otherwise there are # tests in 'test_suite_psa_crypto_op_fail' that would never be executed. @@ -102,7 +102,7 @@ component_test_psa_crypto_without_heap() { scripts/config.py set PSA_WANT_ECC_SECP_R1_192 # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H). - PSA_SYM_LIST=$(./scripts/config.py -c $CRYPTO_CONFIG_H get-all-enabled PSA_WANT) + PSA_SYM_LIST=$(./scripts/config.py get-all-enabled PSA_WANT) loc_accel_list=$(echo $PSA_SYM_LIST | sed 's/PSA_WANT_//g') helper_libtestdriver1_adjust_config crypto @@ -143,7 +143,7 @@ component_test_psa_crypto_without_heap() { component_test_no_rsa_key_pair_generation () { msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE + scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE make msg "test: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" @@ -210,7 +210,7 @@ component_test_no_hmac_drbg_use_psa () { msg "build: Full minus HMAC_DRBG, PSA crypto in TLS" scripts/config.py full scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # requires HMAC_DRBG + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # requires HMAC_DRBG CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -241,7 +241,7 @@ component_test_psa_external_rng_no_drbg_use_psa () { scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Requires HMAC_DRBG + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Requires HMAC_DRBG make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" @@ -293,7 +293,7 @@ component_test_crypto_full_md_light_only () { scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_PKCS7_C # Disable indirect dependencies of MD_C - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Disable things that would auto-enable MD_C scripts/config.py unset MBEDTLS_PKCS5_C @@ -318,17 +318,17 @@ component_test_full_no_cipher () { # on CIPHER_C so we disable them. # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305 # so we keep them enabled. - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_CMAC + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset PSA_WANT_ALG_CFB + scripts/config.py unset PSA_WANT_ALG_CTR + scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_OFB + scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 + scripts/config.py unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py unset PSA_WANT_KEY_TYPE_DES # The following modules directly depends on CIPHER_C scripts/config.py unset MBEDTLS_NIST_KW_C @@ -433,18 +433,18 @@ component_test_everest_curve25519_only () { msg "build: Everest ECDH context, only Curve25519" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_ECDSA + scripts/config.py set PSA_WANT_ALG_ECDH scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + scripts/config.py unset PSA_WANT_ALG_JPAKE # Disable all curves scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ECC_MONTGOMERY_255 + scripts/config.py unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" + scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" @@ -2065,10 +2065,10 @@ component_build_aes_variations () { scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_NIST_KW_C - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py unset PSA_WANT_KEY_TYPE_DES build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ "MBEDTLS_AES_ROM_TABLES" \ From c50ce1b02b2c7e1cdc0132447ecf477d2942e70b Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Wed, 27 Aug 2025 10:15:54 +0200 Subject: [PATCH 0903/1548] Update crypto submodule link Signed-off-by: Anton Matkin --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 86060cd714..3fd4e754b2 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 86060cd714013678ac6483b95c6b9585570b9273 +Subproject commit 3fd4e754b283d7b766d8f3798fe07d42b3bcf961 From a15729d38e8469e3ccb4238052e22ad41e743dd1 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 19 Aug 2025 13:35:19 +0100 Subject: [PATCH 0904/1548] Fix libtestdriver1 rewrite in include/mbedtls/private Signed-off-by: Felix Conway --- tests/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/Makefile b/tests/Makefile index 3a6f0e62ea..a52bc32f57 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -369,6 +369,7 @@ libtestdriver1.a: perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/include/*/*.h perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/core/*.[ch] perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/include/*/*.h + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/include/*/*/*.h perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*/*.h perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/src/*.[ch] From b907dbc4d3c3bc813d3da3baa96f8217e87480a2 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 27 Aug 2025 15:19:40 +0100 Subject: [PATCH 0905/1548] Remove other cases of explicit crypto config file Remove unnecessary passing of the crypto config filename either with the '-f' or '-c' switch, throughout all of the all.sh component files. Signed-off-by: David Horstmann --- .../components-configuration-crypto.sh | 88 +++++++-------- tests/scripts/components-configuration-tls.sh | 100 +++++++++--------- tests/scripts/components-psasim.sh | 2 +- 3 files changed, 95 insertions(+), 95 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index d422bf8edb..24b7d6cbfb 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -356,7 +356,7 @@ component_test_full_no_ccm () { # # Note: also PSA_WANT_ALG_CCM_STAR_NO_TAG is enabled, but it does not cause # PSA_WANT_ALG_CCM to be re-enabled. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM + scripts/config.py unset PSA_WANT_ALG_CCM make @@ -377,17 +377,17 @@ component_test_full_no_ccm_star_no_tag () { # # Note: PSA_WANT_ALG_CCM is enabled, but it does not cause # PSA_WANT_ALG_CCM_STAR_NO_TAG to be re-enabled. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py unset PSA_WANT_ALG_CTR + scripts/config.py unset PSA_WANT_ALG_CFB + scripts/config.py unset PSA_WANT_ALG_OFB + scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING # NOTE unsettting PSA_WANT_ALG_ECB_NO_PADDING without unsetting NIST_KW_C will # mean PSA_WANT_ALG_ECB_NO_PADDING is re-enabled, so disabling it also. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset MBEDTLS_NIST_KW_C - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset MBEDTLS_NIST_KW_C + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 make @@ -540,10 +540,10 @@ component_test_psa_crypto_config_ffdh_2048_only () { scripts/config.py full # Disable all DH groups other than 2048. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_3072 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_4096 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_6144 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_8192 + scripts/config.py unset PSA_WANT_DH_RFC7919_3072 + scripts/config.py unset PSA_WANT_DH_RFC7919_4096 + scripts/config.py unset PSA_WANT_DH_RFC7919_6144 + scripts/config.py unset PSA_WANT_DH_RFC7919_8192 make CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS" @@ -754,7 +754,7 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { scripts/config.py unset MBEDTLS_ECP_RESTARTABLE # this is not supported by the driver API yet - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # Build # ----- @@ -848,7 +848,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { scripts/config.py unset MBEDTLS_ECP_RESTARTABLE # this is not supported by the driver API yet - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # Build # ----- @@ -1020,7 +1020,7 @@ config_psa_crypto_no_ecp_at_all () { # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # Restartable feature is not yet supported by PSA. Once it will in # the future, the following line could be removed (see issues @@ -1137,12 +1137,12 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # RSA support is intentionally disabled on this test because RSA_C depends # on BIGNUM_C. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*" - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*" + scripts/config.py unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*" + scripts/config.py unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*" scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT # Also disable key exchanges that depend on RSA scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -1151,9 +1151,9 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { if [ "$test_target" = "ECC" ]; then # When testing ECC only, we disable FFDH support, both from builtin and # PSA sides. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_FFDH - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*" + scripts/config.py unset PSA_WANT_ALG_FFDH + scripts/config.py unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" + scripts/config.py unset-all "PSA_WANT_DH_RFC7919_[0-9]*" fi # Restartable feature is not yet supported by PSA. Once it will in @@ -1390,7 +1390,7 @@ build_and_test_psa_want_key_pair_partial () { # All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in # crypto_config.h so we just disable the one we don't want. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want" + scripts/config.py unset "$disabled_psa_want" make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" @@ -1501,9 +1501,9 @@ component_test_new_psa_want_key_pair_symbol () { # Keep only PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC enabled in order to ensure # that proper translations is done in crypto_legacy.h. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE + scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT + scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT + scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE make @@ -1655,7 +1655,7 @@ config_psa_crypto_hmac_use_psa () { scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_HKDF_C # Dependencies of HMAC_DRBG - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA } component_test_psa_crypto_config_accel_hmac () { @@ -1712,7 +1712,7 @@ component_test_psa_crypto_config_accel_aead () { helper_libtestdriver1_adjust_config "full" # Disable CCM_STAR_NO_TAG because this re-enables CCM_C. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG # Build # ----- @@ -1828,14 +1828,14 @@ common_block_cipher_dispatch () { # legacy key types to be re-enabled in "config_adjust_legacy_from_psa.h". # Keep this also in the reference component in order to skip the same tests # that were skipped in the accelerated one. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 + scripts/config.py unset PSA_WANT_ALG_CTR + scripts/config.py unset PSA_WANT_ALG_CFB + scripts/config.py unset PSA_WANT_ALG_OFB + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset PSA_WANT_ALG_CMAC + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 # Disable direct dependency on AES_C scripts/config.py unset MBEDTLS_NIST_KW_C @@ -1928,7 +1928,7 @@ component_test_full_block_cipher_legacy_dispatch () { component_test_aead_chachapoly_disabled () { msg "build: full minus CHACHAPOLY" scripts/config.py full - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 + scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full minus CHACHAPOLY" @@ -1938,8 +1938,8 @@ component_test_aead_chachapoly_disabled () { component_test_aead_only_ccm () { msg "build: full minus CHACHAPOLY and GCM" scripts/config.py full - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM + scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 + scripts/config.py unset PSA_WANT_ALG_GCM make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full minus CHACHAPOLY and GCM" @@ -2279,10 +2279,10 @@ config_block_cipher_no_decrypt () { # Enable support for cryptographic mechanisms through the PSA API. # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py unset PSA_WANT_KEY_TYPE_DES } component_test_block_cipher_no_decrypt_aesni () { diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index c8b2287d71..b74b30477c 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -50,15 +50,15 @@ component_test_tls1_2_default_stream_cipher_only () { msg "build: default with only stream cipher use psa" # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 + scripts/config.py unset PSA_WANT_ALG_CCM + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_GCM + scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) @@ -79,14 +79,14 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () { msg "build: default with only CBC-legacy cipher use psa" # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 + scripts/config.py unset PSA_WANT_ALG_CCM + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_GCM + scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Enable CBC-legacy - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py set PSA_WANT_ALG_CBC_NO_PADDING # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) @@ -108,14 +108,14 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa" # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 + scripts/config.py unset PSA_WANT_ALG_CCM + scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py unset PSA_WANT_ALG_GCM + scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Enable CBC-legacy - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py set PSA_WANT_ALG_CBC_NO_PADDING # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) @@ -361,10 +361,10 @@ component_test_ssl_alloc_buffer_and_mfl () { component_test_when_no_ciphersuites_have_mac () { msg "build: when no ciphersuites have MAC" - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 + scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py unset PSA_WANT_ALG_CMAC + scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER @@ -419,22 +419,22 @@ component_test_tls13_only_psk () { scripts/config.py set MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_FFDH - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_2048 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_3072 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_4096 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_6144 - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_8192 + scripts/config.py unset PSA_WANT_ALG_ECDH + scripts/config.py unset PSA_WANT_ALG_ECDSA + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py unset PSA_WANT_ALG_RSA_PSS + scripts/config.py unset PSA_WANT_ALG_FFDH + scripts/config.py unset PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY + scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC + scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT + scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT + scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE + scripts/config.py unset PSA_WANT_DH_RFC7919_2048 + scripts/config.py unset PSA_WANT_DH_RFC7919_3072 + scripts/config.py unset PSA_WANT_DH_RFC7919_4096 + scripts/config.py unset PSA_WANT_DH_RFC7919_6144 + scripts/config.py unset PSA_WANT_DH_RFC7919_8192 # Note: The four unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDSA_C @@ -471,7 +471,7 @@ component_test_tls13_only_ephemeral_ffdh () { scripts/config.py unset MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH + scripts/config.py unset PSA_WANT_ALG_ECDH # Note: The unset below is to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDH_C @@ -495,10 +495,10 @@ component_test_tls13_only_psk_ephemeral () { scripts/config.py set MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS + scripts/config.py unset PSA_WANT_ALG_ECDSA + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py unset PSA_WANT_ALG_RSA_PSS # Note: The two unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDSA_C @@ -522,11 +522,11 @@ component_test_tls13_only_psk_ephemeral_ffdh () { scripts/config.py set MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS + scripts/config.py unset PSA_WANT_ALG_ECDH + scripts/config.py unset PSA_WANT_ALG_ECDSA + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py unset PSA_WANT_ALG_RSA_PSS # Note: The three unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDSA_C @@ -550,10 +550,10 @@ component_test_tls13_only_psk_all () { scripts/config.py set MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS + scripts/config.py unset PSA_WANT_ALG_ECDSA + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py unset PSA_WANT_ALG_RSA_PSS # Note: The two unsets below are to be removed for Mbed TLS 4.0 scripts/config.py unset MBEDTLS_ECDSA_C diff --git a/tests/scripts/components-psasim.sh b/tests/scripts/components-psasim.sh index ba8ab331d2..a20f917ddb 100644 --- a/tests/scripts/components-psasim.sh +++ b/tests/scripts/components-psasim.sh @@ -78,7 +78,7 @@ component_test_suite_with_psasim() msg "build client library" helper_psasim_config client # PAKE functions are still unsupported from PSASIM - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + scripts/config.py unset PSA_WANT_ALG_JPAKE scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED helper_psasim_build client From 07eb02889efd9d3d72ab1dad7f4dab0a96731c46 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 28 Aug 2025 11:54:46 +0100 Subject: [PATCH 0906/1548] Remove a redundant error test case and improve another Signed-off-by: Felix Conway --- tests/suites/test_suite_error.data | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_error.data b/tests/suites/test_suite_error.data index e496841cf0..8565098286 100644 --- a/tests/suites/test_suite_error.data +++ b/tests/suites/test_suite_error.data @@ -3,12 +3,8 @@ depends_on:MBEDTLS_AES_C error_strerror:-0x0020:"AES - Invalid key length" Single high error -depends_on:MBEDTLS_RSA_C -error_strerror:-0x4200:"RSA - Key failed to pass the validity check of the library" - -Low and high error -depends_on:MBEDTLS_AES_C:MBEDTLS_RSA_C -error_strerror:-0x4220:"RSA - Key failed to pass the validity check of the library \: AES - Invalid key length" +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_X509_CRT_PARSE_C +error_strerror:-0x2280:"X509 - The serial tag or value is invalid" Non existing high error error_strerror:-0x8880:"UNKNOWN ERROR CODE (8880)" From a01ddf65b7f58dc145ac3be10d1eac7365a74b7a Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 28 Aug 2025 14:18:43 +0100 Subject: [PATCH 0907/1548] Revert unification for some error codes Signed-off-by: Felix Conway --- ChangeLog.d/unify-errors.txt | 1 - include/mbedtls/pkcs7.h | 2 +- include/mbedtls/x509.h | 6 +-- include/mbedtls/x509_crt.h | 12 ++--- tests/ssl-opt.sh | 98 ++++++++++++++++++------------------ 5 files changed, 59 insertions(+), 60 deletions(-) diff --git a/ChangeLog.d/unify-errors.txt b/ChangeLog.d/unify-errors.txt index 3dad7f3b67..0ed56ba305 100644 --- a/ChangeLog.d/unify-errors.txt +++ b/ChangeLog.d/unify-errors.txt @@ -4,5 +4,4 @@ API changes MBEDTLS_ERR_xxx_BAD_INPUT_DATA -> PSA_ERROR_INVALID_ARGUMENT MBEDTLS_ERR_xxx_ALLOC_FAILED -> PSA_ERROR_INSUFFICIENT_MEMORY MBEDTLS_ERR_xxx_VERIFY_FAILED -> PSA_ERROR_INVALID_SIGNATURE - MBEDTLS_ERR_xxx_INVALID_SIGNATURE -> PSA_ERROR_INVALID_SIGNATURE MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL -> PSA_ERROR_BUFFER_TOO_SMALL diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index cf9e4407ce..957ca53d71 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -53,7 +53,7 @@ #define MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO -0x5480 /**< The PKCS #7 content info is invalid or cannot be parsed. */ #define MBEDTLS_ERR_PKCS7_INVALID_ALG -0x5500 /**< The algorithm tag or value is invalid or cannot be parsed. */ #define MBEDTLS_ERR_PKCS7_INVALID_CERT -0x5580 /**< The certificate tag or value is invalid or cannot be parsed. */ -#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE PSA_ERROR_INVALID_SIGNATURE /**< Error parsing the signature */ +#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE -0x5600 /**< Error parsing the signature */ #define MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO -0x5680 /**< Error parsing the signer's info */ #define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA PSA_ERROR_INVALID_ARGUMENT /**< Input invalid. */ #define MBEDTLS_ERR_PKCS7_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY /**< Allocation of memory failed. */ diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index a021a7d996..3cced52f47 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -58,7 +58,7 @@ /** The date tag or value is invalid. */ #define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 /** The signature tag or value invalid. */ -#define MBEDTLS_ERR_X509_INVALID_SIGNATURE PSA_ERROR_INVALID_SIGNATURE +#define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480 /** The extension tag or value is invalid. */ #define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500 /** CRT/CRL/CSR has an unsupported version number. */ @@ -68,11 +68,11 @@ /** Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */ #define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680 /** Certificate verification failed, e.g. CRL, CA or signature check failed. */ -#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED PSA_ERROR_INVALID_SIGNATURE +#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700 /** Format not recognized as DER or PEM. */ #define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 /** Input invalid. */ -#define MBEDTLS_ERR_X509_BAD_INPUT_DATA PSA_ERROR_INVALID_ARGUMENT +#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 /** Allocation of memory failed. */ #define MBEDTLS_ERR_X509_ALLOC_FAILED PSA_ERROR_INSUFFICIENT_MEMORY /** Read/write of file failed. */ diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 6b81652bb0..61986483bb 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -610,7 +610,7 @@ int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, * other than fatal error, as a non-zero return code * immediately aborts the verification process. For fatal * errors, a specific error code should be used (different - * from #PSA_ERROR_INVALID_SIGNATURE which should not + * from #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not * be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR * can be used if no better code is available. * @@ -653,7 +653,7 @@ int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, * * \return \c 0 if the chain is valid with respect to the * passed CN, CAs, CRLs and security profile. - * \return #PSA_ERROR_INVALID_SIGNATURE in case the + * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the * certificate chain verification failed. In this case, * \c *flags will have one or more * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX @@ -694,7 +694,7 @@ int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, * * \return \c 0 if the chain is valid with respect to the * passed CN, CAs, CRLs and security profile. - * \return #PSA_ERROR_INVALID_SIGNATURE in case the + * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the * certificate chain verification failed. In this case, * \c *flags will have one or more * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX @@ -826,7 +826,7 @@ int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, * that bit MAY be set. * * \return 0 is these uses of the certificate are allowed, - * #PSA_ERROR_INVALID_ARGUMENT if the keyUsage extension + * #MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension * is present but does not match the usage argument. * * \note You should only call this function on leaf certificates, on @@ -845,7 +845,7 @@ int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()). * * \return 0 if this use of the certificate is allowed, - * #PSA_ERROR_INVALID_ARGUMENT if not. + * #MBEDTLS_ERR_X509_BAD_INPUT_DATA if not. * * \note Usually only makes sense on leaf certificates. */ @@ -952,7 +952,7 @@ void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version) * input buffer * * \return 0 if successful, or - * #PSA_ERROR_INVALID_ARGUMENT if the provided input buffer + * #MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer * is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) */ int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx, diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 35afb8fcf9..d0278b123c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5839,7 +5839,7 @@ run_test "Authentication: server badcert, client required" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ -c "send alert level=2 message=48" \ - -c "Last error was: \(-0x95\|-149\)" + -c "X509 - Certificate verification failed" # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA # We don't check that the server receives the alert because it might # detect that its write end of the connection is closed and abort @@ -5854,7 +5854,7 @@ run_test "Authentication: server badcert, client required (1.2)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ -c "send alert level=2 message=48" \ - -c "Last error was: \(-0x95\|-149\)" + -c "X509 - Certificate verification failed" # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA run_test "Authentication: server badcert, client optional" \ @@ -5866,7 +5866,7 @@ run_test "Authentication: server badcert, client optional" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "send alert level=2 message=48" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: server badcert, client optional (1.2)" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -5877,7 +5877,7 @@ run_test "Authentication: server badcert, client optional (1.2)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "send alert level=2 message=48" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: server badcert, client none" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -5888,7 +5888,7 @@ run_test "Authentication: server badcert, client none" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "send alert level=2 message=48" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: server badcert, client none (1.2)" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -5899,7 +5899,7 @@ run_test "Authentication: server badcert, client none (1.2)" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "send alert level=2 message=48" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: server goodcert, client required, no trusted CA" \ "$P_SRV" \ @@ -5930,7 +5930,7 @@ run_test "Authentication: server goodcert, client optional, no trusted CA" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! Certificate verification flags"\ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" \ + -C "X509 - Certificate verification failed" \ -C "SSL - No CA Chain is set, but required to operate" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT @@ -5942,7 +5942,7 @@ run_test "Authentication: server goodcert, client optional, no trusted CA (1. -c "! The certificate is not correctly signed by the trusted CA" \ -c "! Certificate verification flags"\ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" \ + -C "X509 - Certificate verification failed" \ -C "SSL - No CA Chain is set, but required to operate" run_test "Authentication: server goodcert, client none, no trusted CA" \ @@ -5953,7 +5953,7 @@ run_test "Authentication: server goodcert, client none, no trusted CA" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! Certificate verification flags"\ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" \ + -C "X509 - Certificate verification failed" \ -C "SSL - No CA Chain is set, but required to operate" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT @@ -5965,7 +5965,7 @@ run_test "Authentication: server goodcert, client none, no trusted CA (1.2)" -C "! The certificate is not correctly signed by the trusted CA" \ -C "! Certificate verification flags"\ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" \ + -C "X509 - Certificate verification failed" \ -C "SSL - No CA Chain is set, but required to operate" # The next few tests check what happens if the server has a valid certificate @@ -5980,7 +5980,7 @@ run_test "Authentication: hostname match, client required" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname match, client required, CA callback" \ "$P_SRV" \ @@ -5992,7 +5992,7 @@ run_test "Authentication: hostname match, client required, CA callback" \ -c "use CA callback for X.509 CRT verification" \ -C "x509_verify_cert() returned -" \ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname mismatch (wrong), client required" \ "$P_SRV" \ @@ -6001,7 +6001,7 @@ run_test "Authentication: hostname mismatch (wrong), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "Last error was: \(-0x95\|-149\)" + -c "X509 - Certificate verification failed" run_test "Authentication: hostname mismatch (empty), client required" \ "$P_SRV" \ @@ -6010,7 +6010,7 @@ run_test "Authentication: hostname mismatch (empty), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "Last error was: \(-0x95\|-149\)" + -c "X509 - Certificate verification failed" run_test "Authentication: hostname mismatch (truncated), client required" \ "$P_SRV" \ @@ -6019,7 +6019,7 @@ run_test "Authentication: hostname mismatch (truncated), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "Last error was: \(-0x95\|-149\)" + -c "X509 - Certificate verification failed" run_test "Authentication: hostname mismatch (last char), client required" \ "$P_SRV" \ @@ -6028,7 +6028,7 @@ run_test "Authentication: hostname mismatch (last char), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "Last error was: \(-0x95\|-149\)" + -c "X509 - Certificate verification failed" run_test "Authentication: hostname mismatch (trailing), client required" \ "$P_SRV" \ @@ -6037,7 +6037,7 @@ run_test "Authentication: hostname mismatch (trailing), client required" \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -c "Last error was: \(-0x95\|-149\)" + -c "X509 - Certificate verification failed" run_test "Authentication: hostname mismatch, client optional" \ "$P_SRV" \ @@ -6045,7 +6045,7 @@ run_test "Authentication: hostname mismatch, client optional" \ 0 \ -c "does not match with the expected CN" \ -c "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname mismatch, client none" \ "$P_SRV" \ @@ -6055,7 +6055,7 @@ run_test "Authentication: hostname mismatch, client none" \ -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname null, client required" \ "$P_SRV" \ @@ -6066,7 +6066,7 @@ run_test "Authentication: hostname null, client required" \ -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname null, client optional" \ "$P_SRV" \ @@ -6076,7 +6076,7 @@ run_test "Authentication: hostname null, client optional" \ -C "Certificate verification without having set hostname" \ -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname null, client none" \ "$P_SRV" \ @@ -6086,7 +6086,7 @@ run_test "Authentication: hostname null, client none" \ -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client required" \ "$P_SRV" \ @@ -6098,7 +6098,7 @@ run_test "Authentication: hostname unset, client required" \ -c "get_hostname_for_verification() returned -" \ -C "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client required, CA callback" \ "$P_SRV" \ @@ -6111,7 +6111,7 @@ run_test "Authentication: hostname unset, client required, CA callback" \ -C "use CA callback for X.509 CRT verification" \ -C "x509_verify_cert() returned -" \ -c "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client optional" \ "$P_SRV" \ @@ -6121,7 +6121,7 @@ run_test "Authentication: hostname unset, client optional" \ -c "Certificate verification without having set hostname" \ -c "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client none" \ "$P_SRV" \ @@ -6131,7 +6131,7 @@ run_test "Authentication: hostname unset, client none" \ -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client default, server picks cert, 1.2" \ "$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ @@ -6142,7 +6142,7 @@ run_test "Authentication: hostname unset, client default, server picks cert, 1.2 -C "Certificate verification without CN verification" \ -c "get_hostname_for_verification() returned -" \ -C "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "Authentication: hostname unset, client default, server picks cert, 1.3" \ @@ -6154,7 +6154,7 @@ run_test "Authentication: hostname unset, client default, server picks cert, 1.3 -C "Certificate verification without CN verification" \ -c "get_hostname_for_verification() returned -" \ -C "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" \ "$P_SRV force_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \ @@ -6164,7 +6164,7 @@ run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" \ @@ -6175,7 +6175,7 @@ run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" # The purpose of the next two tests is to test the client's behaviour when receiving a server # certificate with an unsupported elliptic curve. This should usually not happen because @@ -6252,7 +6252,7 @@ run_test "Authentication: client badcert, server required" \ -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ -s "send alert level=2 message=48" \ - -s "Last error was: \(-0x95\|-149\)" + -s "X509 - Certificate verification failed" # We don't check that the client receives the alert because it might # detect that its write end of the connection is closed and abort # before reading the alert message. @@ -6270,7 +6270,7 @@ run_test "Authentication: client cert self-signed and trusted, server require -S "skip parse certificate verify" \ -S "x509_verify_cert() returned" \ -S "! The certificate is not correctly signed" \ - -S "Last error was: \(-0x95\|-149\)" + -S "X509 - Certificate verification failed" run_test "Authentication: client cert not trusted, server required" \ "$P_SRV debug_level=3 auth_mode=required" \ @@ -6286,7 +6286,7 @@ run_test "Authentication: client cert not trusted, server required" \ -s "x509_verify_cert() returned" \ -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ - -s "Last error was: \(-0x95\|-149\)" + -s "X509 - Certificate verification failed" run_test "Authentication: client badcert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ @@ -6303,7 +6303,7 @@ run_test "Authentication: client badcert, server optional" \ -s "! The certificate is not correctly signed by the trusted CA" \ -S "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \ - -S "Last error was: \(-0x95\|-149\)" + -S "X509 - Certificate verification failed" run_test "Authentication: client badcert, server none" \ "$P_SRV debug_level=3 auth_mode=none" \ @@ -6320,7 +6320,7 @@ run_test "Authentication: client badcert, server none" \ -S "! The certificate is not correctly signed by the trusted CA" \ -S "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \ - -S "Last error was: \(-0x95\|-149\)" + -S "X509 - Certificate verification failed" run_test "Authentication: client no cert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ @@ -6336,7 +6336,7 @@ run_test "Authentication: client no cert, server optional" \ -s "! Certificate was missing" \ -S "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \ - -S "Last error was: \(-0x95\|-149\)" + -S "X509 - Certificate verification failed" requires_openssl_tls1_3_with_compatible_ephemeral run_test "Authentication: openssl client no cert, server optional" \ @@ -6347,7 +6347,7 @@ run_test "Authentication: openssl client no cert, server optional" \ -s "skip parse certificate verify" \ -s "! Certificate was missing" \ -S "! mbedtls_ssl_handshake returned" \ - -S "Last error was: \(-0x95\|-149\)" + -S "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Authentication: client no cert, openssl server optional" \ @@ -6483,7 +6483,7 @@ run_test "Authentication: send CA list in CertificateRequest, client self sig -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ -c "! mbedtls_ssl_handshake returned" \ - -s "Last error was: \(-0x95\|-149\)" + -s "X509 - Certificate verification failed" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: send alt conf DN hints in CertificateRequest" \ @@ -6530,7 +6530,7 @@ run_test "Authentication, CA callback: server badcert, client required" \ -c "x509_verify_cert() returned" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ - -c "Last error was: \(-0x95\|-149\)" + -c "X509 - Certificate verification failed" run_test "Authentication, CA callback: server badcert, client optional" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -6541,7 +6541,7 @@ run_test "Authentication, CA callback: server badcert, client optional" \ -c "x509_verify_cert() returned" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" run_test "Authentication, CA callback: server badcert, client none" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ @@ -6552,7 +6552,7 @@ run_test "Authentication, CA callback: server badcert, client none" \ -C "x509_verify_cert() returned" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" # The purpose of the next two tests is to test the client's behaviour when receiving a server # certificate with an unsupported elliptic curve. This should usually not happen because @@ -6619,7 +6619,7 @@ run_test "Authentication, CA callback: client badcert, server required" \ -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ -s "send alert level=2 message=48" \ - -s "Last error was: \(-0x95\|-149\)" + -s "X509 - Certificate verification failed" # We don't check that the client receives the alert because it might # detect that its write end of the connection is closed and abort # before reading the alert message. @@ -6639,7 +6639,7 @@ run_test "Authentication, CA callback: client cert not trusted, server requir -s "x509_verify_cert() returned" \ -s "! The certificate is not correctly signed by the trusted CA" \ -s "! mbedtls_ssl_handshake returned" \ - -s "Last error was: \(-0x95\|-149\)" + -s "X509 - Certificate verification failed" run_test "Authentication, CA callback: client badcert, server optional" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \ @@ -6657,7 +6657,7 @@ run_test "Authentication, CA callback: client badcert, server optional" \ -s "! The certificate is not correctly signed by the trusted CA" \ -S "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \ - -S "Last error was: \(-0x95\|-149\)" + -S "X509 - Certificate verification failed" requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer @@ -9498,7 +9498,7 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \ -C "mbedtls_pk_sign.*\(4b00\|-248\)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -c "! mbedtls_ssl_handshake returned" \ - -c "Last error was: \(-0x95\|-149\)" + -c "X509 - Certificate verification failed" # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE @@ -9518,7 +9518,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_P -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). @@ -9538,7 +9538,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA) -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -c "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE @@ -9558,7 +9558,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" # With USE_PSA enabled we expect only partial restartable behaviour: # everything except ECDH (where TLS calls PSA directly). @@ -9578,7 +9578,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ -c "mbedtls_pk_sign.*\(4b00\|-248\)" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ - -C "Last error was: \(-0x95\|-149\)" + -C "X509 - Certificate verification failed" # With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE From 6361e54b221b7f8a065bd6a6bef502f5109a4851 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 28 Aug 2025 14:30:04 +0100 Subject: [PATCH 0908/1548] Add each whole unified error code to the migration guide Signed-off-by: Felix Conway --- docs/4.0-migration-guide/error-codes.md | 33 +++++++++++-------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md index 3bcdb8c580..ffb1e0e3bb 100644 --- a/docs/4.0-migration-guide/error-codes.md +++ b/docs/4.0-migration-guide/error-codes.md @@ -18,25 +18,20 @@ As a consequence, the functions `mbedtls_low_level_strerr()` and `mbedtls_high_l Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface. -#### Specific error codes - -| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) | -| ------------------------------ | --------------------------- | +| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) | +|-----------------------------------------| --------------------------- | | `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` | -| `MBEDTLS_ERR_ERROR_GENERIC_ERROR` | `PSA_ERROR_GENERIC_ERROR` | -| `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` -| `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | - -#### General Replacements - -The module-specific error codes in the table below have been replaced with a single PSA error code. Here `xxx` corresponds to all modules (e.g. `X509` or `SSL`) with the specific error code. - -| Legacy constant (Mbed TLS 3.6) | PSA constant (TF-PSA-Crypto 1.0) | -|---------------------------------| ---------------------------------------------- | -| `MBEDTLS_ERR_xxx_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | -| `MBEDTLS_ERR_xxx_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | -| `MBEDTLS_ERR_xxx_VERIFY_FAILED` | `PSA_ERROR_INVALID_SIGNATURE` | -| `MBEDTLS_ERR_xxx_INVALID_SIGNATURE` | `PSA_ERROR_INVALID_SIGNATURE` | -| `MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | +| `MBEDTLS_ERR_ERROR_GENERIC_ERROR` | `PSA_ERROR_GENERIC_ERROR` | +| `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | +| `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL`| +| `MBEDTLS_ERR_NET_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | +| `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | +| `MBEDTLS_ERR_X509_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | +| `MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | +| `MBEDTLS_ERR_SSL_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | +| `MBEDTLS_ERR_PKCS7_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_SSL_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_X509_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_PKCS7_VERIFY_FAILED` | `PSA_ERROR_INVALID_SIGNATURE` | See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules. From bc48725b64c6ebec8dbdf1b1c4142c824a37a607 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Mon, 16 Jun 2025 13:37:03 +0200 Subject: [PATCH 0909/1548] Include fixups (headers moves to private directory) Signed-off-by: Anton Matkin --- include/mbedtls/debug.h | 2 +- include/mbedtls/error.h | 2 +- include/mbedtls/ssl.h | 6 +-- include/mbedtls/ssl_ciphersuites.h | 2 +- include/mbedtls/x509.h | 2 +- include/mbedtls/x509_crt.h | 2 +- library/pkcs7.c | 2 +- library/ssl_misc.h | 10 ++-- library/ssl_msg.c | 2 +- library/ssl_tls.c | 2 +- library/ssl_tls12_server.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/ssl_tls13_server.c | 2 +- library/x509.c | 2 +- library/x509_create.c | 2 +- library/x509_crl.c | 2 +- library/x509_crt.c | 2 +- library/x509_csr.c | 2 +- library/x509_internal.h | 2 +- library/x509_oid.c | 2 +- library/x509write.c | 2 +- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- programs/fuzz/fuzz_client.c | 4 +- programs/fuzz/fuzz_dtlsclient.c | 4 +- programs/fuzz/fuzz_dtlsserver.c | 4 +- programs/fuzz/fuzz_server.c | 4 +- programs/ssl/dtls_client.c | 4 +- programs/ssl/dtls_server.c | 4 +- programs/ssl/mini_client.c | 4 +- programs/ssl/ssl_client1.c | 4 +- programs/ssl/ssl_fork_server.c | 4 +- programs/ssl/ssl_mail_client.c | 4 +- programs/ssl/ssl_pthread_server.c | 4 +- programs/ssl/ssl_server.c | 4 +- programs/ssl/ssl_test_lib.h | 6 +-- programs/test/selftest.c | 46 +++++++++---------- programs/x509/cert_app.c | 4 +- programs/x509/cert_req.c | 4 +- programs/x509/cert_write.c | 6 +-- .../psasim/src/aut_psa_random.c | 2 +- tests/suites/test_suite_pkcs7.function | 6 +-- tests/suites/test_suite_x509parse.function | 4 +- tests/suites/test_suite_x509write.function | 6 +-- tf-psa-crypto | 2 +- 45 files changed, 96 insertions(+), 96 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index b6d4e27052..c293e87315 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -15,7 +15,7 @@ #include "mbedtls/ssl.h" #if defined(MBEDTLS_ECP_C) -#include "mbedtls/ecp.h" +#include "mbedtls/private/ecp.h" #endif #if defined(MBEDTLS_DEBUG_C) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 7abb00fd03..ee3d093c93 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -11,7 +11,7 @@ #define MBEDTLS_ERROR_H #include "mbedtls/build_info.h" -#include "mbedtls/error_common.h" +#include "mbedtls/private/error_common.h" #include diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 628d5c7e71..36132c34e3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -14,8 +14,8 @@ #include "mbedtls/build_info.h" -#include "mbedtls/bignum.h" -#include "mbedtls/ecp.h" +#include "mbedtls/private/bignum.h" +#include "mbedtls/private/ecp.h" #include "mbedtls/ssl_ciphersuites.h" @@ -27,7 +27,7 @@ #include "mbedtls/md.h" #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) -#include "mbedtls/ecdh.h" +#include "mbedtls/private/ecdh.h" #endif #if defined(MBEDTLS_HAVE_TIME) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index b03123107c..c97f6abeee 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -14,7 +14,7 @@ #include "mbedtls/build_info.h" #include "mbedtls/pk.h" -#include "mbedtls/cipher.h" +#include "mbedtls/private/cipher.h" #include "mbedtls/md.h" #ifdef __cplusplus diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index b1a80e3011..f0742a8a87 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -17,7 +17,7 @@ #include "mbedtls/pk.h" #if defined(MBEDTLS_RSA_C) -#include "mbedtls/rsa.h" +#include "mbedtls/private/rsa.h" #endif /** diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index bbe5fc45cf..a7bf0291aa 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -15,7 +15,7 @@ #include "mbedtls/x509.h" #include "mbedtls/x509_crl.h" -#include "mbedtls/bignum.h" +#include "mbedtls/private/bignum.h" /** * \addtogroup x509_module diff --git a/library/pkcs7.c b/library/pkcs7.c index 3481cbdb1b..57b4e96bdf 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -9,7 +9,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include "mbedtls/error.h" diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 981ac0ecf1..ed3c4a776f 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -19,26 +19,26 @@ #include "mbedtls/debug.h" #include "debug_internal.h" -#include "mbedtls/cipher.h" +#include "mbedtls/private/cipher.h" #include "psa/crypto.h" #include "psa_util_internal.h" extern const mbedtls_error_pair_t psa_to_ssl_errors[7]; #if defined(PSA_WANT_ALG_MD5) -#include "mbedtls/md5.h" +#include "mbedtls/private/md5.h" #endif #if defined(PSA_WANT_ALG_SHA_1) -#include "mbedtls/sha1.h" +#include "mbedtls/private/sha1.h" #endif #if defined(PSA_WANT_ALG_SHA_256) -#include "mbedtls/sha256.h" +#include "mbedtls/private/sha256.h" #endif #if defined(PSA_WANT_ALG_SHA_512) -#include "mbedtls/sha512.h" +#include "mbedtls/private/sha512.h" #endif #include "mbedtls/pk.h" diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 731cbc8ece..fd7e16cb97 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -30,7 +30,7 @@ #include "psa/crypto.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #endif /* Define a local translating function to save code size by not using too many diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9144f9222b..c575a428e8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -34,7 +34,7 @@ #include "psa/crypto.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #endif /* Define local translating functions to save code size by not using too many diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index b2b5e33c0b..181c6de3a0 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -34,7 +34,7 @@ static int local_err_translation(psa_status_t status) #endif #if defined(MBEDTLS_ECP_C) -#include "mbedtls/ecp.h" +#include "mbedtls/private/ecp.h" #endif #if defined(MBEDTLS_HAVE_TIME) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index e88c00a564..756d5290b4 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -13,7 +13,7 @@ #include "mbedtls/error.h" #include "debug_internal.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" #include "psa/crypto.h" diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index dc50bee868..2a4744572b 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -13,7 +13,7 @@ #include "mbedtls/error.h" #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "mbedtls/psa_util.h" #include "ssl_tls13_keys.h" diff --git a/library/x509.c b/library/x509.c index 1adff8fafc..9d7b4b7e23 100644 --- a/library/x509.c +++ b/library/x509.c @@ -21,7 +21,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include diff --git a/library/x509_create.c b/library/x509_create.c index 370eb9b2e1..341d74189e 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -11,7 +11,7 @@ #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include diff --git a/library/x509_crl.c b/library/x509_crl.c index 0b98ba4664..e8aca5bb80 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -21,7 +21,7 @@ #include "mbedtls/x509_crl.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "mbedtls/platform_util.h" #include diff --git a/library/x509_crt.c b/library/x509_crt.c index e6b9252859..df1dbf6179 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -23,7 +23,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_csr.c b/library/x509_csr.c index 32a3bb2e78..e78b5d7e60 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -21,7 +21,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_internal.h b/library/x509_internal.h index b44b957f9b..5505b9778c 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -19,7 +19,7 @@ #include "pk_internal.h" #if defined(MBEDTLS_RSA_C) -#include "mbedtls/rsa.h" +#include "mbedtls/private/rsa.h" #endif int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, diff --git a/library/x509_oid.c b/library/x509_oid.c index cc0063bcd3..8963529853 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -14,7 +14,7 @@ * disabled. */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include diff --git a/library/x509write.c b/library/x509write.c index 0906a5a9d1..1d4d556291 100644 --- a/library/x509write.c +++ b/library/x509write.c @@ -11,7 +11,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 663b308d62..ccf5a92281 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -18,7 +18,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 8e37278f95..88e5e5ae81 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -17,7 +17,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 0878480ea7..70eb656487 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -1,8 +1,8 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "test/certs.h" #include "fuzz_common.h" #include diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index ca7626d5ba..c83f314138 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -6,8 +6,8 @@ #include "fuzz_common.h" #include "mbedtls/ssl.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/timing.h" #include "test/certs.h" diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 4f159fbefe..dd2a8b644b 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -7,8 +7,8 @@ #include "mbedtls/ssl.h" #include "test/certs.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/timing.h" #include "mbedtls/ssl_cookie.h" diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 3a5e502fe5..3b1054e16a 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -1,8 +1,8 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/ssl_ticket.h" #include "test/certs.h" #include "fuzz_common.h" diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 26eb20d49f..bb1d5af2e3 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -31,8 +31,8 @@ int main(void) #include "mbedtls/net_sockets.h" #include "mbedtls/debug.h" #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include "mbedtls/timing.h" #include "test/certs.h" diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 0e155fd0d2..479b5430f9 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -45,8 +45,8 @@ int main(void) #include #include -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_cookie.h" diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index e3adb3cf8a..96d41b35ba 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -43,8 +43,8 @@ int main(void) #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include #include diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index dba8aab658..c56ff0702f 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -27,8 +27,8 @@ int main(void) #include "mbedtls/net_sockets.h" #include "mbedtls/debug.h" #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include "test/certs.h" diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index f8752bb604..ff1c877ee2 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -31,8 +31,8 @@ int main(void) } #else -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "test/certs.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 521bc5418a..0c2822cb30 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -38,8 +38,8 @@ int main(void) #include "mbedtls/error.h" #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "test/certs.h" #include "mbedtls/x509.h" diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 5701a7b838..867926d98c 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -38,8 +38,8 @@ int main(void) #include #endif -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/net_sockets.h" diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 2f26ca4801..fd9da18490 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -31,8 +31,8 @@ int main(void) #include #endif -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/net_sockets.h" diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 20dbe61dfe..1dda8d62ac 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -43,9 +43,9 @@ #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_ciphersuites.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/hmac_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" +#include "mbedtls/private/hmac_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/error.h" #include "mbedtls/debug.h" diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 372a84dc79..2c2b48ed82 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -9,31 +9,31 @@ #include "mbedtls/build_info.h" -#include "mbedtls/entropy.h" -#include "mbedtls/hmac_drbg.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/gcm.h" -#include "mbedtls/ccm.h" -#include "mbedtls/cmac.h" -#include "mbedtls/md5.h" -#include "mbedtls/ripemd160.h" -#include "mbedtls/sha1.h" -#include "mbedtls/sha256.h" -#include "mbedtls/sha512.h" -#include "mbedtls/sha3.h" -#include "mbedtls/aes.h" -#include "mbedtls/camellia.h" -#include "mbedtls/aria.h" -#include "mbedtls/chacha20.h" -#include "mbedtls/poly1305.h" -#include "mbedtls/chachapoly.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/hmac_drbg.h" +#include "mbedtls/private/ctr_drbg.h" +#include "mbedtls/private/gcm.h" +#include "mbedtls/private/ccm.h" +#include "mbedtls/private/cmac.h" +#include "mbedtls/private/md5.h" +#include "mbedtls/private/ripemd160.h" +#include "mbedtls/private/sha1.h" +#include "mbedtls/private/sha256.h" +#include "mbedtls/private/sha512.h" +#include "mbedtls/private/sha3.h" +#include "mbedtls/private/aes.h" +#include "mbedtls/private/camellia.h" +#include "mbedtls/private/aria.h" +#include "mbedtls/private/chacha20.h" +#include "mbedtls/private/poly1305.h" +#include "mbedtls/private/chachapoly.h" #include "mbedtls/base64.h" -#include "mbedtls/bignum.h" -#include "mbedtls/rsa.h" +#include "mbedtls/private/bignum.h" +#include "mbedtls/private/rsa.h" #include "mbedtls/x509.h" -#include "mbedtls/pkcs5.h" -#include "mbedtls/ecp.h" -#include "mbedtls/ecjpake.h" +#include "mbedtls/private/pkcs5.h" +#include "mbedtls/private/ecp.h" +#include "mbedtls/private/ecjpake.h" #include "mbedtls/timing.h" #include "mbedtls/nist_kw.h" #include "mbedtls/debug.h" diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index c747505519..2f31a8e3ae 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -27,8 +27,8 @@ int main(void) } #else -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/x509.h" diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 02fd567841..c20f08d569 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -29,8 +29,8 @@ int main(void) #else #include "mbedtls/x509_csr.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index fb55c3f291..be3223088e 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -30,9 +30,9 @@ int main(void) #include "mbedtls/x509_crt.h" #include "mbedtls/x509_csr.h" -#include "mbedtls/oid.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" +#include "mbedtls/private/oid.h" +#include "mbedtls/private/entropy.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include "test/helpers.h" diff --git a/tests/psa-client-server/psasim/src/aut_psa_random.c b/tests/psa-client-server/psasim/src/aut_psa_random.c index 5880c4deb9..203f4d44ba 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_random.c +++ b/tests/psa-client-server/psasim/src/aut_psa_random.c @@ -10,7 +10,7 @@ #include #include -#include "mbedtls/entropy.h" +#include "mbedtls/private/entropy.h" #define BUFFER_SIZE 100 diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 0c4a00b9e3..335bec5a88 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -1,14 +1,14 @@ /* BEGIN_HEADER */ -#include "mbedtls/bignum.h" +#include "mbedtls/private/bignum.h" #include "mbedtls/pkcs7.h" #include "mbedtls/x509.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" #include "x509_internal.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "sys/types.h" #include "sys/stat.h" -#include "mbedtls/rsa.h" +#include "mbedtls/private/rsa.h" #include "mbedtls/error.h" /* END_HEADER */ diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 079dca48c9..4ce66e9074 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1,12 +1,12 @@ /* BEGIN_HEADER */ -#include "mbedtls/bignum.h" +#include "mbedtls/private/bignum.h" #include "mbedtls/x509.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" #include "mbedtls/base64.h" #include "mbedtls/error.h" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 000c09a950..0c0e7993e2 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -1,12 +1,12 @@ /* BEGIN_HEADER */ -#include "mbedtls/bignum.h" +#include "mbedtls/private/bignum.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" -#include "mbedtls/oid.h" +#include "mbedtls/private/oid.h" #include "x509_oid.h" -#include "mbedtls/rsa.h" +#include "mbedtls/private/rsa.h" #include "mbedtls/asn1.h" #include "mbedtls/asn1write.h" #include "mbedtls/pk.h" diff --git a/tf-psa-crypto b/tf-psa-crypto index 3fd4e754b2..20524a8972 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 3fd4e754b283d7b766d8f3798fe07d42b3bcf961 +Subproject commit 20524a89722972a7dbf06a32ab7bb225053713f6 From 5fe229da406288db00f566ab42721311b8997222 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Mon, 16 Jun 2025 15:06:22 +0200 Subject: [PATCH 0910/1548] Update framework submodule git link: Signed-off-by: Anton Matkin --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 3f2ef1ecf6..f6e287cd79 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 3f2ef1ecf6d70b1e6bb7ad587f9a5bd6eaf65a2a +Subproject commit f6e287cd798535f56b9fd33cdd5585fbc399ad0e From 7a65ce6737ff83b1f22081ecfdddb0510c8739ef Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Mon, 16 Jun 2025 23:23:36 +0200 Subject: [PATCH 0911/1548] Unfortunately, we had two files named oid.h - one in the main repo, and one in the tf-psa-crypto repo, and these files included the mbedtls one, so I restored the header include Signed-off-by: Anton Matkin --- library/pkcs7.c | 2 +- library/ssl_msg.c | 2 +- library/ssl_tls.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/ssl_tls13_server.c | 2 +- library/x509.c | 2 +- library/x509_create.c | 2 +- library/x509_crl.c | 2 +- library/x509_crt.c | 2 +- library/x509_csr.c | 2 +- library/x509_oid.c | 2 +- library/x509write.c | 2 +- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- programs/x509/cert_write.c | 2 +- tests/suites/test_suite_pkcs7.function | 2 +- tests/suites/test_suite_x509parse.function | 2 +- tests/suites/test_suite_x509write.function | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 57b4e96bdf..3481cbdb1b 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -9,7 +9,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/error.h" diff --git a/library/ssl_msg.c b/library/ssl_msg.c index fd7e16cb97..731cbc8ece 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -30,7 +30,7 @@ #include "psa/crypto.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #endif /* Define a local translating function to save code size by not using too many diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c575a428e8..9144f9222b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -34,7 +34,7 @@ #include "psa/crypto.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #endif /* Define local translating functions to save code size by not using too many diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 756d5290b4..e88c00a564 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -13,7 +13,7 @@ #include "mbedtls/error.h" #include "debug_internal.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" #include "psa/crypto.h" diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 2a4744572b..dc50bee868 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -13,7 +13,7 @@ #include "mbedtls/error.h" #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "mbedtls/psa_util.h" #include "ssl_tls13_keys.h" diff --git a/library/x509.c b/library/x509.c index 9d7b4b7e23..1adff8fafc 100644 --- a/library/x509.c +++ b/library/x509.c @@ -21,7 +21,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include diff --git a/library/x509_create.c b/library/x509_create.c index 341d74189e..370eb9b2e1 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -11,7 +11,7 @@ #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include diff --git a/library/x509_crl.c b/library/x509_crl.c index e8aca5bb80..0b98ba4664 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -21,7 +21,7 @@ #include "mbedtls/x509_crl.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "mbedtls/platform_util.h" #include diff --git a/library/x509_crt.c b/library/x509_crt.c index df1dbf6179..e6b9252859 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -23,7 +23,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_csr.c b/library/x509_csr.c index e78b5d7e60..32a3bb2e78 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -21,7 +21,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_oid.c b/library/x509_oid.c index 8963529853..cc0063bcd3 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -14,7 +14,7 @@ * disabled. */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include diff --git a/library/x509write.c b/library/x509write.c index 1d4d556291..0906a5a9d1 100644 --- a/library/x509write.c +++ b/library/x509write.c @@ -11,7 +11,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" diff --git a/library/x509write_crt.c b/library/x509write_crt.c index ccf5a92281..663b308d62 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -18,7 +18,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 88e5e5ae81..8e37278f95 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -17,7 +17,7 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/platform_util.h" diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index be3223088e..2ed63f08de 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -30,7 +30,7 @@ int main(void) #include "mbedtls/x509_crt.h" #include "mbedtls/x509_csr.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "mbedtls/private/entropy.h" #include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 335bec5a88..91e0e46ae3 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -5,7 +5,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" #include "x509_internal.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "sys/types.h" #include "sys/stat.h" #include "mbedtls/private/rsa.h" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 4ce66e9074..f813cc1ac3 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -6,7 +6,7 @@ #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/base64.h" #include "mbedtls/error.h" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 0c0e7993e2..40677f2338 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -4,7 +4,7 @@ #include "mbedtls/x509_csr.h" #include "x509_internal.h" #include "mbedtls/pem.h" -#include "mbedtls/private/oid.h" +#include "mbedtls/oid.h" #include "x509_oid.h" #include "mbedtls/private/rsa.h" #include "mbedtls/asn1.h" From 4e091786cab3fda62331e8597a69bad29c19c751 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Fri, 4 Jul 2025 15:07:15 +0200 Subject: [PATCH 0912/1548] Moved the MbedTLS config adjust headers to a private subdirectory Signed-off-by: Anton Matkin --- include/mbedtls/build_info.h | 4 ++-- include/mbedtls/{ => private}/config_adjust_ssl.h | 2 +- include/mbedtls/{ => private}/config_adjust_x509.h | 2 +- tests/scripts/libtestdriver1_rewrite.pl | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) rename include/mbedtls/{ => private}/config_adjust_ssl.h (98%) rename include/mbedtls/{ => private}/config_adjust_x509.h (96%) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index c6e89db677..b46db36d1f 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -74,9 +74,9 @@ */ #define MBEDTLS_CONFIG_FILES_READ -#include "mbedtls/config_adjust_x509.h" +#include "mbedtls/private/config_adjust_x509.h" -#include "mbedtls/config_adjust_ssl.h" +#include "mbedtls/private/config_adjust_ssl.h" /* Indicate that all configuration symbols are set, * even the ones that are calculated programmatically. diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/private/config_adjust_ssl.h similarity index 98% rename from include/mbedtls/config_adjust_ssl.h rename to include/mbedtls/private/config_adjust_ssl.h index 36641e18b6..4e006f86da 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/private/config_adjust_ssl.h @@ -1,5 +1,5 @@ /** - * \file mbedtls/config_adjust_ssl.h + * \file mbedtls/private/config_adjust_ssl.h * \brief Adjust TLS configuration * * This is an internal header. Do not include it directly. diff --git a/include/mbedtls/config_adjust_x509.h b/include/mbedtls/private/config_adjust_x509.h similarity index 96% rename from include/mbedtls/config_adjust_x509.h rename to include/mbedtls/private/config_adjust_x509.h index cfb2d88916..4af976666b 100644 --- a/include/mbedtls/config_adjust_x509.h +++ b/include/mbedtls/private/config_adjust_x509.h @@ -1,5 +1,5 @@ /** - * \file mbedtls/config_adjust_x509.h + * \file mbedtls/private/config_adjust_x509.h * \brief Adjust X.509 configuration * * This is an internal header. Do not include it directly. diff --git a/tests/scripts/libtestdriver1_rewrite.pl b/tests/scripts/libtestdriver1_rewrite.pl index f96ff5e05c..36143b0caf 100755 --- a/tests/scripts/libtestdriver1_rewrite.pl +++ b/tests/scripts/libtestdriver1_rewrite.pl @@ -22,8 +22,8 @@ while (<>) { s!^(\s*#\s*include\s*[\"<])mbedtls/build_info.h!${1}libtestdriver1/include/mbedtls/build_info.h!; s!^(\s*#\s*include\s*[\"<])mbedtls/mbedtls_config.h!${1}libtestdriver1/include/mbedtls/mbedtls_config.h!; - s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_x509.h!${1}libtestdriver1/include/mbedtls/config_adjust_x509.h!; - s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_ssl.h!${1}libtestdriver1/include/mbedtls/config_adjust_ssl.h!; + s!^(\s*#\s*include\s*[\"<])mbedtls/private/config_adjust_x509.h!${1}libtestdriver1/include/mbedtls/private/config_adjust_x509.h!; + s!^(\s*#\s*include\s*[\"<])mbedtls/private/config_adjust_ssl.h!${1}libtestdriver1/include/mbedtls/private/config_adjust_ssl.h!; s!^(\s*#\s*include\s*[\"<])mbedtls/check_config.h!${1}libtestdriver1/include/mbedtls/check_config.h!; # Files in include/mbedtls and drivers/builtin/include/mbedtls are both # included in files via #include mbedtls/.h, so when expanding to the From 34b3bb3a3ff1bfa38db3354c80647d6d3bfffc7f Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Fri, 29 Aug 2025 07:18:06 +0200 Subject: [PATCH 0913/1548] Updated the framework pointer Signed-off-by: Anton Matkin --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index f6e287cd79..a85d4bfa3b 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit f6e287cd798535f56b9fd33cdd5585fbc399ad0e +Subproject commit a85d4bfa3b25dced8229a27800b9498b9fbb5439 From bb7b2b765fb4178e756b5087bc4195b07f43dd11 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Fri, 29 Aug 2025 08:04:35 +0200 Subject: [PATCH 0914/1548] Fixed the mbedtls installation cmake: now private headers, which are used in the installation, are included in it too Signed-off-by: Anton Matkin --- include/CMakeLists.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt index 755efedd1c..9ea17af8b8 100644 --- a/include/CMakeLists.txt +++ b/include/CMakeLists.txt @@ -7,6 +7,12 @@ if(INSTALL_MBEDTLS_HEADERS) install(FILES ${headers} DESTINATION include/mbedtls PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) + + file(GLOB private_headers "mbedtls/private/*.h") + + install(FILES ${private_headers} + DESTINATION include/mbedtls/private + PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) endif(INSTALL_MBEDTLS_HEADERS) # Make mbedtls_config.h available in an out-of-source build. ssl-opt.sh requires it. From 55862e126fc724bf147840ba086dc9b17dae8704 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Fri, 29 Aug 2025 09:39:34 +0200 Subject: [PATCH 0915/1548] Updated the framework pointer Signed-off-by: Anton Matkin --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index a85d4bfa3b..6cb0bcb7d8 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit a85d4bfa3b25dced8229a27800b9498b9fbb5439 +Subproject commit 6cb0bcb7d8dad05e29f611117b69accc4626a62f From 0f7cf1942b8da5a437b25a8b136cb9abb3883da7 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Fri, 29 Aug 2025 09:41:59 +0100 Subject: [PATCH 0916/1548] Small documentation fixes Signed-off-by: Felix Conway --- ChangeLog.d/unify-errors.txt | 2 +- docs/4.0-migration-guide/error-codes.md | 22 +++++++++++----------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ChangeLog.d/unify-errors.txt b/ChangeLog.d/unify-errors.txt index 0ed56ba305..f229f1bc4d 100644 --- a/ChangeLog.d/unify-errors.txt +++ b/ChangeLog.d/unify-errors.txt @@ -3,5 +3,5 @@ API changes xxx is a module, e.g. X509 or SSL. MBEDTLS_ERR_xxx_BAD_INPUT_DATA -> PSA_ERROR_INVALID_ARGUMENT MBEDTLS_ERR_xxx_ALLOC_FAILED -> PSA_ERROR_INSUFFICIENT_MEMORY - MBEDTLS_ERR_xxx_VERIFY_FAILED -> PSA_ERROR_INVALID_SIGNATURE MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL -> PSA_ERROR_BUFFER_TOO_SMALL + MBEDTLS_ERR_PKCS7_VERIFY_FAIL -> PSA_ERROR_INVALID_SIGNATURE diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md index ffb1e0e3bb..a2744679e0 100644 --- a/docs/4.0-migration-guide/error-codes.md +++ b/docs/4.0-migration-guide/error-codes.md @@ -18,20 +18,20 @@ As a consequence, the functions `mbedtls_low_level_strerr()` and `mbedtls_high_l Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface. -| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) | -|-----------------------------------------| --------------------------- | +| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) | +|-----------------------------------------|---------------------------------| | `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` | -| `MBEDTLS_ERR_ERROR_GENERIC_ERROR` | `PSA_ERROR_GENERIC_ERROR` | -| `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | -| `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL`| -| `MBEDTLS_ERR_NET_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | -| `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | -| `MBEDTLS_ERR_X509_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | -| `MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | -| `MBEDTLS_ERR_SSL_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | +| `MBEDTLS_ERR_ERROR_GENERIC_ERROR` | `PSA_ERROR_GENERIC_ERROR` | +| `MBEDTLS_ERR_NET_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | +| `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | +| `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | | `MBEDTLS_ERR_PKCS7_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | +| `MBEDTLS_ERR_PKCS7_VERIFY_FAIL` | `PSA_ERROR_INVALID_SIGNATURE` | | `MBEDTLS_ERR_SSL_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_SSL_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | +| `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | | `MBEDTLS_ERR_X509_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | -| `MBEDTLS_ERR_PKCS7_VERIFY_FAILED` | `PSA_ERROR_INVALID_SIGNATURE` | +| `MBEDTLS_ERR_X509_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules. From 8e4d8c92277aab24568da37a816badf5ddaaf2b0 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Thu, 13 Mar 2025 13:38:30 +0100 Subject: [PATCH 0917/1548] Update ssl_tls.c to use psa_pake_get_shared_key Signed-off-by: Anton Matkin --- library/ssl_tls.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9144f9222b..b75c6d4c11 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6385,13 +6385,29 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } - status = psa_pake_get_implicit_key(&handshake->psa_pake_ctx, - &derivation); + mbedtls_svc_key_id_t shared_key_id = MBEDTLS_SVC_KEY_ID_INIT; + + psa_key_attributes_t shared_key_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_set_key_usage_flags(&shared_key_attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&shared_key_attributes, alg); + psa_set_key_type(&shared_key_attributes, PSA_KEY_TYPE_PASSWORD); + + status = psa_pake_get_shared_key(&handshake->psa_pake_ctx, &shared_key_attributes, &shared_key_id); + + if (status != PSA_SUCCESS) { + psa_key_derivation_abort(&derivation); + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + } + + status = psa_key_derivation_input_key(&derivation, PSA_KEY_DERIVATION_INPUT_SECRET, shared_key_id); + if (status != PSA_SUCCESS) { psa_key_derivation_abort(&derivation); return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } + psa_destroy_key(shared_key_id); + status = psa_key_derivation_output_bytes(&derivation, handshake->premaster, handshake->pmslen); From ce42312229a05d7f925d4f0a31a0bcaaee8fcfee Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Thu, 13 Mar 2025 13:39:16 +0100 Subject: [PATCH 0918/1548] Finished updating the tests Signed-off-by: Anton Matkin --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 20524a8972..59cba29b14 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 20524a89722972a7dbf06a32ab7bb225053713f6 +Subproject commit 59cba29b14bbfd76e7ae8618b3cc1c96e542b3b7 From 5663c2379997cc4bc72d291d955af54951b12093 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Thu, 13 Mar 2025 15:01:48 +0100 Subject: [PATCH 0919/1548] Create a changelog entry Signed-off-by: Anton Matkin --- ChangeLog.d/9322.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/9322.txt diff --git a/ChangeLog.d/9322.txt b/ChangeLog.d/9322.txt new file mode 100644 index 0000000000..582e47f66b --- /dev/null +++ b/ChangeLog.d/9322.txt @@ -0,0 +1,3 @@ +Changes + * Use the new `psa_pake_get_shared_key()` function implemented in + tf-psa-crypto instead of the removed `psa_pake_get_implicit_key()` From 8135b84ed2f5a2c2ab032098b0816f1bf1e4f405 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Thu, 3 Apr 2025 16:36:24 +0200 Subject: [PATCH 0920/1548] Fixed incorrect usage of key derivation procedures Signed-off-by: Anton Matkin --- library/ssl_tls.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b75c6d4c11..12af239374 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6390,7 +6390,7 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, psa_key_attributes_t shared_key_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags(&shared_key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&shared_key_attributes, alg); - psa_set_key_type(&shared_key_attributes, PSA_KEY_TYPE_PASSWORD); + psa_set_key_type(&shared_key_attributes, PSA_KEY_TYPE_DERIVE); status = psa_pake_get_shared_key(&handshake->psa_pake_ctx, &shared_key_attributes, &shared_key_id); @@ -6401,13 +6401,13 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, status = psa_key_derivation_input_key(&derivation, PSA_KEY_DERIVATION_INPUT_SECRET, shared_key_id); + psa_destroy_key(shared_key_id); + if (status != PSA_SUCCESS) { psa_key_derivation_abort(&derivation); return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } - psa_destroy_key(shared_key_id); - status = psa_key_derivation_output_bytes(&derivation, handshake->premaster, handshake->pmslen); From 92129adcf2e5cc3f656412a0aa9a454761c1a7c0 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Mon, 7 Apr 2025 16:10:42 +0200 Subject: [PATCH 0921/1548] Removed the whitespace which is causing CI to fail Signed-off-by: Anton Matkin --- library/ssl_tls.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 12af239374..78bcb92f4c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6392,14 +6392,18 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, psa_set_key_algorithm(&shared_key_attributes, alg); psa_set_key_type(&shared_key_attributes, PSA_KEY_TYPE_DERIVE); - status = psa_pake_get_shared_key(&handshake->psa_pake_ctx, &shared_key_attributes, &shared_key_id); + status = psa_pake_get_shared_key(&handshake->psa_pake_ctx, + &shared_key_attributes, + &shared_key_id); if (status != PSA_SUCCESS) { psa_key_derivation_abort(&derivation); return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } - status = psa_key_derivation_input_key(&derivation, PSA_KEY_DERIVATION_INPUT_SECRET, shared_key_id); + status = psa_key_derivation_input_key(&derivation, + PSA_KEY_DERIVATION_INPUT_SECRET, + shared_key_id); psa_destroy_key(shared_key_id); From ab4716619aa31b67be0cd84bdf33dd04e947c7ea Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Thu, 28 Aug 2025 04:21:29 +0200 Subject: [PATCH 0922/1548] Removed the unnecessary changelog entry Signed-off-by: Anton Matkin --- ChangeLog.d/9322.txt | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 ChangeLog.d/9322.txt diff --git a/ChangeLog.d/9322.txt b/ChangeLog.d/9322.txt deleted file mode 100644 index 582e47f66b..0000000000 --- a/ChangeLog.d/9322.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Use the new `psa_pake_get_shared_key()` function implemented in - tf-psa-crypto instead of the removed `psa_pake_get_implicit_key()` From 68f658c95ed1de59c94c0ba84e1b6d5ec8fe6f71 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Fri, 29 Aug 2025 16:07:44 +0200 Subject: [PATCH 0923/1548] Updated tf-psa-crypto pointer Signed-off-by: Anton Matkin --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 59cba29b14..197f8859a7 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 59cba29b14bbfd76e7ae8618b3cc1c96e542b3b7 +Subproject commit 197f8859a7111deb66578e401c320d08bf534e62 From f19a900ed5099c8f65cdb40c8dc51b554b1479f0 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 8 Aug 2025 08:53:31 +0100 Subject: [PATCH 0924/1548] Temporarily include private symbols in sample programs Signed-off-by: Ben Taylor --- programs/ssl/ssl_client2.c | 3 +++ programs/ssl/ssl_test_lib.h | 3 +++ 2 files changed, 6 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 40304dd381..b31dc92694 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -6,6 +6,9 @@ */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + +#include "mbedtls/private/pk_private.h" #include "ssl_test_lib.h" diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 1dda8d62ac..5cfa7d2327 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -7,6 +7,9 @@ #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H #define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + +#include "mbedtls/private/pk_private.h" #include "mbedtls/build_info.h" From 69aa8d08e0158a84c498eddb817339b11d559b50 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 15 Aug 2025 09:42:50 +0100 Subject: [PATCH 0925/1548] Remove MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS from ssl_clinet.c as it it not required Signed-off-by: Ben Taylor --- programs/ssl/ssl_client2.c | 1 - 1 file changed, 1 deletion(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index b31dc92694..b099fded5a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -6,7 +6,6 @@ */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/private/pk_private.h" From a8a9beccc25e6394e8150c96b08850d10e780415 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 15 Aug 2025 09:48:06 +0100 Subject: [PATCH 0926/1548] Remove MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS from ssl_test_lib.h as it is not required Signed-off-by: Ben Taylor --- programs/ssl/ssl_test_lib.h | 1 - 1 file changed, 1 deletion(-) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 5cfa7d2327..6602b1ae21 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -7,7 +7,6 @@ #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H #define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/private/pk_private.h" From dfdac46163b222817f3cdfef496606efa58bf65d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 1 Sep 2025 14:32:39 +0100 Subject: [PATCH 0927/1548] Update header guard use in p256m test Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 17c235bb17..00a13b29af 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1356,7 +1356,7 @@ component_test_tfm_config_no_p256m () { # Disable P256M driver, which is on by default, so that analyze_outcomes # can compare this test with test_tfm_config_p256m_driver_accel_ec - sed -i '/PROFILE_M_PSA_CRYPTO_CONFIG_H/i #undef MBEDTLS_PSA_P256M_DRIVER_ENABLED' "$CRYPTO_CONFIG_H" + sed -i '/PSA_CRYPTO_CONFIGS_EXT_CRYPTO_CONFIG_PROFILE_MEDIUM_H/i #undef MBEDTLS_PSA_P256M_DRIVER_ENABLED' "$CRYPTO_CONFIG_H" msg "build: TF-M config without p256m" make CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests From ecde0aaa41b2ac20867c2fbea709ea3a089b03e0 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 2 Sep 2025 11:12:39 +0100 Subject: [PATCH 0928/1548] replace undef with deletion in p256m test Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 00a13b29af..0df6455cec 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1356,7 +1356,7 @@ component_test_tfm_config_no_p256m () { # Disable P256M driver, which is on by default, so that analyze_outcomes # can compare this test with test_tfm_config_p256m_driver_accel_ec - sed -i '/PSA_CRYPTO_CONFIGS_EXT_CRYPTO_CONFIG_PROFILE_MEDIUM_H/i #undef MBEDTLS_PSA_P256M_DRIVER_ENABLED' "$CRYPTO_CONFIG_H" + sed -i '/MBEDTLS_PSA_P256M_DRIVER_ENABLED/d' "$CRYPTO_CONFIG_H" msg "build: TF-M config without p256m" make CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests From a2aa7daacae757dac9cc02fa1250778b92f79ffe Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 4 Sep 2025 11:22:52 +0100 Subject: [PATCH 0929/1548] Change unset of MBEDTLS config to more standard method Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 0df6455cec..e5d8905fa1 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1356,7 +1356,7 @@ component_test_tfm_config_no_p256m () { # Disable P256M driver, which is on by default, so that analyze_outcomes # can compare this test with test_tfm_config_p256m_driver_accel_ec - sed -i '/MBEDTLS_PSA_P256M_DRIVER_ENABLED/d' "$CRYPTO_CONFIG_H" + scripts/config.py -f "$CRYPTO_CONFIG_H" unset MBEDTLS_PSA_P256M_DRIVER_ENABLED msg "build: TF-M config without p256m" make CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests From 6c30c0040e6d884ac0afaf42f29a887f51c09bf2 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 5 Sep 2025 09:34:15 +0100 Subject: [PATCH 0930/1548] Upgrade packages in requirements.txt Signed-off-by: David Horstmann --- docs/requirements.txt | 75 +++++++++++++++++++++---------------------- 1 file changed, 37 insertions(+), 38 deletions(-) diff --git a/docs/requirements.txt b/docs/requirements.txt index 2287b2a72b..38499f768c 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,84 +1,83 @@ # -# This file is autogenerated by pip-compile with Python 3.8 +# This file is autogenerated by pip-compile with Python 3.9 # by the following command: # -# pip-compile requirements.in +# pip-compile docs/requirements.in # -alabaster==0.7.13 +alabaster==0.7.16 # via sphinx -babel==2.15.0 +babel==2.17.0 # via sphinx -breathe==4.35.0 - # via -r requirements.in -certifi==2024.7.4 +breathe==4.36.0 + # via -r docs/requirements.in +certifi==2025.8.3 # via requests -charset-normalizer==3.3.2 +charset-normalizer==3.4.3 # via requests -click==8.1.7 +click==8.1.8 # via readthedocs-cli -docutils==0.20.1 +docutils==0.21.2 # via - # breathe # sphinx # sphinx-rtd-theme -idna==3.7 +idna==3.10 # via requests imagesize==1.4.1 # via sphinx -importlib-metadata==8.0.0 +importlib-metadata==8.7.0 # via sphinx -jinja2==3.1.4 +jinja2==3.1.6 # via sphinx markdown-it-py==3.0.0 # via rich -markupsafe==2.1.5 +markupsafe==3.0.2 # via jinja2 mdurl==0.1.2 # via markdown-it-py -packaging==24.1 +packaging==25.0 # via sphinx -pygments==2.18.0 +pygments==2.19.2 # via # rich # sphinx -pytz==2024.1 - # via babel -pyyaml==6.0.1 +pyyaml==6.0.2 # via readthedocs-cli -readthedocs-cli==4 - # via -r requirements.in -requests==2.32.3 +readthedocs-cli==5 + # via -r docs/requirements.in +requests==2.32.5 # via # readthedocs-cli # sphinx -rich==13.7.1 +rich==14.1.0 # via readthedocs-cli -snowballstemmer==2.2.0 +snowballstemmer==3.0.1 # via sphinx -sphinx==7.1.2 +sphinx==7.4.7 # via # breathe # sphinx-rtd-theme # sphinxcontrib-jquery -sphinx-rtd-theme==2.0.0 - # via -r requirements.in -sphinxcontrib-applehelp==1.0.4 +sphinx-rtd-theme==3.0.2 + # via -r docs/requirements.in +sphinxcontrib-applehelp==2.0.0 # via sphinx -sphinxcontrib-devhelp==1.0.2 +sphinxcontrib-devhelp==2.0.0 # via sphinx -sphinxcontrib-htmlhelp==2.0.1 +sphinxcontrib-htmlhelp==2.1.0 # via sphinx sphinxcontrib-jquery==4.1 # via sphinx-rtd-theme sphinxcontrib-jsmath==1.0.1 # via sphinx -sphinxcontrib-qthelp==1.0.3 +sphinxcontrib-qthelp==2.0.0 # via sphinx -sphinxcontrib-serializinghtml==1.1.5 +sphinxcontrib-serializinghtml==2.0.0 # via sphinx -typing-extensions==4.12.2 - # via rich -urllib3==2.2.2 - # via requests -zipp==3.19.2 +tomli==2.2.1 + # via sphinx +urllib3==2.5.0 + # via + # readthedocs-cli + # requests +zipp==3.23.0 # via importlib-metadata From f0b8364cff2d4a30d2064641b31bf9ae554f09f5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 6 Sep 2025 16:25:30 +0200 Subject: [PATCH 0931/1548] Allow metatest.c to use crypto internal headers Signed-off-by: Gilles Peskine --- programs/Makefile | 2 +- programs/test/CMakeLists.txt | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/programs/Makefile b/programs/Makefile index f99021aa69..6c9d4d7342 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -233,7 +233,7 @@ endif test/metatest$(EXEXT): $(FRAMEWORK)/tests/programs/metatest.c $(DEP) echo " CC $(FRAMEWORK)/tests/programs/metatest.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core $(FRAMEWORK)/tests/programs/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core -I../tf-psa-crypto/drivers/builtin/include -I../tf-psa-crypto/drivers/builtin/src $(FRAMEWORK)/tests/programs/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ test/query_config.o: test/query_config.c $(FRAMEWORK)/tests/programs/query_config.h $(DEP) echo " CC test/query_config.c" diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index ca6e8b2070..8a5d6ba822 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -102,6 +102,10 @@ foreach(exe IN LISTS executables) target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) endforeach() +target_include_directories(metatest + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/include + ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/src) + install(TARGETS ${executables} DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) From a450affbcaca5480fa97b6aca36e1e7b9e06e3d2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 24 Jul 2025 21:59:52 +0200 Subject: [PATCH 0932/1548] Fix MBEDTLS_SSL_TLS1_2_SOME_ECC definition Signed-off-by: Ronald Cron --- include/mbedtls/private/config_adjust_ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/private/config_adjust_ssl.h b/include/mbedtls/private/config_adjust_ssl.h index 4e006f86da..040216a04e 100644 --- a/include/mbedtls/private/config_adjust_ssl.h +++ b/include/mbedtls/private/config_adjust_ssl.h @@ -78,7 +78,7 @@ #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ + (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_ECDSA) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) #define MBEDTLS_SSL_TLS1_2_SOME_ECC #endif From 5df9d9d53e13fbec12ef47cb43104bd8b5f62f72 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 18 Aug 2025 15:04:22 +0200 Subject: [PATCH 0933/1548] ssl-opt.sh: Fix dependency on ECDSA Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 140409c9cc..a90d5afa9f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2373,7 +2373,7 @@ run_test "Opaque key for server authentication: ECDH-" \ -C "error" requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled PSA_WANT_ALG_ECDSA requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE requires_hash_alg SHA_256 From 1ce0ad089dc7f8fdc3e30ebc7ffe1cbae3b8443c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 10 Sep 2025 10:07:38 +0200 Subject: [PATCH 0934/1548] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 197f8859a7..06bae1e110 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 197f8859a7111deb66578e401c320d08bf534e62 +Subproject commit 06bae1e110ce71b44c3f4d17974d24feea4d2a92 From 82bf414d25c1d70f6f6fb34b481de03a52e23a50 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 10 Sep 2025 10:54:37 +0200 Subject: [PATCH 0935/1548] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 6cb0bcb7d8..d0d817541a 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 6cb0bcb7d8dad05e29f611117b69accc4626a62f +Subproject commit d0d817541ae3f449b8cd51afc165668179659699 From efcec8cecd5afabdfd43d930cccf6c22a6438407 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 2 Sep 2025 17:22:35 +0200 Subject: [PATCH 0936/1548] Cleanup following the removal of MBEDTLS_ENTROPY_C option Signed-off-by: Ronald Cron --- configs/crypto-config-ccm-psk-tls1_2.h | 1 - configs/crypto-config-suite-b.h | 1 - configs/crypto-config-thread.h | 1 - tests/scripts/components-configuration-crypto.sh | 2 -- tests/scripts/depends.py | 4 ++-- 5 files changed, 2 insertions(+), 7 deletions(-) diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h index 163520ed34..c2dabc28e8 100644 --- a/configs/crypto-config-ccm-psk-tls1_2.h +++ b/configs/crypto-config-ccm-psk-tls1_2.h @@ -30,7 +30,6 @@ /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ #define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ENTROPY_C #define MBEDTLS_PSA_BUILTIN_GET_ENTROPY /* Save RAM at the expense of ROM */ diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h index 0437bda3ce..4bae5a45c6 100644 --- a/configs/crypto-config-suite-b.h +++ b/configs/crypto-config-suite-b.h @@ -48,7 +48,6 @@ #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ENTROPY_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C #define MBEDTLS_PSA_BUILTIN_GET_ENTROPY diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h index 5475a0af20..1b2621cf58 100644 --- a/configs/crypto-config-thread.h +++ b/configs/crypto-config-thread.h @@ -55,7 +55,6 @@ #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ENTROPY_C #define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_MD_C #define MBEDTLS_PK_C diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 6ed656bff9..d5efbffde8 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -236,7 +236,6 @@ component_test_psa_external_rng_no_drbg_use_psa () { msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG - scripts/config.py unset MBEDTLS_ENTROPY_C scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_CTR_DRBG_C @@ -2091,7 +2090,6 @@ END #define PSA_WANT_ALG_SHA3_512 1 #define PSA_WANT_KEY_TYPE_AES 1 #define MBEDTLS_CTR_DRBG_C - #define MBEDTLS_ENTROPY_C #define MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_SELF_TEST END diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index ae88abf1e2..cd91b78479 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -515,10 +515,10 @@ def __init__(self, options, conf): 'curves': ExclusiveDomain(curve_symbols, build_and_test), # Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1, SHA3*, - # SHA224 and SHA384 because MBEDTLS_ENTROPY_C is extensively used + # SHA224 and SHA384 because the built-in entropy module is extensively used # across various modules, but it depends on either SHA256 or SHA512. # As a consequence an "exclusive" test of anything other than SHA256 - # or SHA512 with MBEDTLS_ENTROPY_C enabled is not possible. + # or SHA512 with the built-in entropy module enabled is not possible. 'hashes': DualDomain(hash_symbols, build_and_test, exclude=r'PSA_WANT_ALG_(?!SHA_(256|512))'), From 3b30643143553d7e02cca6655fb9487c5b587e4f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 2 Sep 2025 18:30:08 +0200 Subject: [PATCH 0937/1548] Adapt configurations to stricter compile-time checks Adapt configurations to stricter compile-time checks for entropy enablement and MBEDTLS_ENTROPY_NV_SEED option. Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index d5efbffde8..be2b040c29 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -251,16 +251,18 @@ component_test_psa_external_rng_no_drbg_use_psa () { } component_test_psa_external_rng_use_psa_crypto () { - msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" + msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG scripts/config.py unset MBEDTLS_CTR_DRBG_C + scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" + msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" make test - msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" + msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" tests/ssl-opt.sh -f 'Default\|opaque' } @@ -2089,8 +2091,9 @@ END #define PSA_WANT_ALG_SHA3_384 1 #define PSA_WANT_ALG_SHA3_512 1 #define PSA_WANT_KEY_TYPE_AES 1 - #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_PSA_CRYPTO_C + #define MBEDTLS_CTR_DRBG_C + #define MBEDTLS_PSA_BUILTIN_GET_ENTROPY #define MBEDTLS_SELF_TEST END From eb16a9d9ea780bccf86ec6e769894034c40e99b4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 3 Sep 2025 09:57:29 +0200 Subject: [PATCH 0938/1548] Prepare for the removal of MBEDTLS_PLATFORM_GET_ENTROPY_ALT We cannot remove it completely yet. It must remain in config.py so that it is not included in the full configuration. A temporary exception is required for it in analyze_outcomes.py. Signed-off-by: Ronald Cron --- programs/test/selftest.c | 4 ++-- scripts/config.py | 4 +++- scripts/footprint.sh | 3 ++- tests/scripts/analyze_outcomes.py | 2 ++ tests/scripts/components-configuration-platform.sh | 12 +++++++----- tests/scripts/components-configuration.sh | 3 ++- 6 files changed, 18 insertions(+), 10 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 2c2b48ed82..0e906ab4a3 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -210,7 +210,7 @@ static int run_test_snprintf(void) * back. */ #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C) -#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PLATFORM_GET_ENTROPY_ALT) +#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY) static void dummy_entropy(unsigned char *output, size_t output_size) { srand(1); @@ -239,7 +239,7 @@ static void create_entropy_seed_file(void) static int mbedtls_entropy_self_test_wrapper(int verbose) { -#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PLATFORM_GET_ENTROPY_ALT) +#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY) create_entropy_seed_file(); #endif return mbedtls_entropy_self_test(verbose); diff --git a/scripts/config.py b/scripts/config.py index 20555db846..8493ee655f 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -180,8 +180,10 @@ def baremetal_adapter(name, value, active): """Config adapter for "baremetal".""" if not is_boolean_setting(name, value): return active - if name == 'MBEDTLS_PLATFORM_GET_ENTROPY_ALT': + if name == 'MBEDTLS_PSA_BUILTIN_GET_ENTROPY': # No OS-provided entropy source + return False + if name == 'MBEDTLS_PSA_DRIVER_GET_ENTROPY': return True return include_in_full(name) and keep_in_baremetal(name) diff --git a/scripts/footprint.sh b/scripts/footprint.sh index e45a9265ac..e7078cff16 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -64,7 +64,8 @@ doit() scripts/config.py unset MBEDTLS_NET_C || true scripts/config.py unset MBEDTLS_TIMING_C || true scripts/config.py unset MBEDTLS_FS_IO || true - scripts/config.py --force set MBEDTLS_PLATFORM_GET_ENTROPY_ALT || true + scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY || true + scripts/config.py --force set MBEDTLS_PSA_DRIVER_GET_ENTROPY || true } >/dev/null 2>&1 make clean >/dev/null diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index d1bb553c67..a6f03a83c9 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -128,6 +128,8 @@ def _has_word_re(words: typing.Iterable[str], # PSA entropy drivers. # https://github.com/Mbed-TLS/mbedtls/issues/8150 'Config: MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', + # Obsolete config option that we are about to remove + 'Config: MBEDTLS_PLATFORM_GET_ENTROPY_ALT', # Untested aspect of the platform interface. # https://github.com/Mbed-TLS/mbedtls/issues/9589 'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', diff --git a/tests/scripts/components-configuration-platform.sh b/tests/scripts/components-configuration-platform.sh index ade207a650..b408bec618 100644 --- a/tests/scripts/components-configuration-platform.sh +++ b/tests/scripts/components-configuration-platform.sh @@ -20,17 +20,18 @@ component_build_no_std_function () { make } -component_test_platform_get_entropy_alt() +component_test_psa_driver_get_entropy() { - msg "build: default config + MBEDTLS_PLATFORM_GET_ENTROPY_ALT" + msg "build: default - MBEDTLS_PSA_BUILTIN_GET_ENTROPY + MBEDTLS_PSA_DRIVER_GET_ENTROPY" # Use hardware polling as the only source for entropy - scripts/config.py set MBEDTLS_PLATFORM_GET_ENTROPY_ALT + scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.py set MBEDTLS_PSA_DRIVER_GET_ENTROPY make # Run all the tests - msg "test: default config + MBEDTLS_PLATFORM_GET_ENTROPY_ALT" + msg "test: default - MBEDTLS_PSA_BUILTIN_GET_ENTROPY + MBEDTLS_PSA_DRIVER_GET_ENTROPY" make test } @@ -40,7 +41,8 @@ component_build_no_sockets () { msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. - scripts/config.py set MBEDTLS_PLATFORM_GET_ENTROPY_ALT # prevent syscall() on GNU/Linux + scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY # prevent syscall() on GNU/Linux + scripts/config.py set MBEDTLS_PSA_DRIVER_GET_ENTROPY make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib } diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index 5fd9ede124..a35704f299 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -284,7 +284,8 @@ component_test_no_platform () { # Use the test alternative implementation of mbedtls_platform_get_entropy() # which is provided in "framework/tests/src/fake_external_rng_for_test.c" # since the default one is excluded in this scenario. - scripts/config.py set MBEDTLS_PLATFORM_GET_ENTROPY_ALT + scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY + scripts/config.py set MBEDTLS_PSA_DRIVER_GET_ENTROPY # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, # to re-enable platform integration features otherwise disabled in C99 builds make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs From ab7610c318a2d81f65daaa441461ea8b9b85fcba Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 3 Sep 2025 10:02:03 +0200 Subject: [PATCH 0939/1548] Cleanup following the removal of entropy options Cleanup following the removal in TF-PSA-Crypto of: - MBEDTLS_NO_PLATFORM_ENTROPY - MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - MBEDTLS_ENTROPY_HARDWARE_ALT - MBEDTLS_ENTROPY_MIN_HARDWARE Only MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES was still present in Mbed TLS. Signed-off-by: Ronald Cron --- scripts/config.py | 1 - tests/scripts/analyze_outcomes.py | 4 ---- 2 files changed, 5 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index 8493ee655f..e60d1606f1 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -85,7 +85,6 @@ def realfull_adapter(_name, _value, _active): 'MBEDTLS_MEMORY_BUFFER_ALLOC_C', # makes sanitizers (e.g. ASan) less effective 'MBEDTLS_MEMORY_DEBUG', # depends on MEMORY_BUFFER_ALLOC_C 'MBEDTLS_NO_64BIT_MULTIPLICATION', # influences anything that uses bignum - 'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum 'MBEDTLS_PSA_DRIVER_GET_ENTROPY', # incompatible with MBEDTLS_PSA_BUILTIN_GET_ENTROPY 'MBEDTLS_PSA_P256M_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index a6f03a83c9..8660e68942 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -124,10 +124,6 @@ def _has_word_re(words: typing.Iterable[str], # Untested platform-specific optimizations. # https://github.com/Mbed-TLS/mbedtls/issues/9588 'Config: MBEDTLS_HAVE_SSE2', - # Obsolete configuration options, to be replaced by - # PSA entropy drivers. - # https://github.com/Mbed-TLS/mbedtls/issues/8150 - 'Config: MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # Obsolete config option that we are about to remove 'Config: MBEDTLS_PLATFORM_GET_ENTROPY_ALT', # Untested aspect of the platform interface. From b01be14907e669bcf9676e86a5cf73352209a96a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Sep 2025 12:01:52 +0200 Subject: [PATCH 0940/1548] Fix footprint.sh Signed-off-by: Ronald Cron --- scripts/footprint.sh | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/scripts/footprint.sh b/scripts/footprint.sh index e7078cff16..c228a26c04 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -19,6 +19,7 @@ set -eu CONFIG_H='include/mbedtls/mbedtls_config.h' +CRYPTO_CONFIG_H='tf-psa-crypto/include/psa/crypto_config.h' if [ -r $CONFIG_H ]; then :; else echo "$CONFIG_H not found" >&2 @@ -27,6 +28,13 @@ if [ -r $CONFIG_H ]; then :; else exit 1 fi +if [ -r $CRYPTO_CONFIG_H ]; then :; else + echo "$CRYPTO_CONFIG_H not found" >&2 + echo "This script needs to be run from the root of" >&2 + echo "a git checkout or uncompressed tarball" >&2 + exit 1 +fi + if grep -i cmake Makefile >/dev/null; then echo "Not compatible with CMake" >&2 exit 1 @@ -56,16 +64,25 @@ doit() log "$NAME ($FILE):" cp $CONFIG_H ${CONFIG_H}.bak + cp $CRYPTO_CONFIG_H ${CRYPTO_CONFIG_H}.bak if [ "$FILE" != $CONFIG_H ]; then + CRYPTO_FILE="${FILE%/*}/crypto-${FILE##*/}" cp "$FILE" $CONFIG_H + cp "$CRYPTO_FILE" $CRYPTO_CONFIG_H fi { + scripts/config.py unset MBEDTLS_HAVE_TIME || true + scripts/config.py unset MBEDTLS_HAVE_TIME_DATE || true scripts/config.py unset MBEDTLS_NET_C || true scripts/config.py unset MBEDTLS_TIMING_C || true scripts/config.py unset MBEDTLS_FS_IO || true + scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C || true + scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C || true scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY || true - scripts/config.py --force set MBEDTLS_PSA_DRIVER_GET_ENTROPY || true + # Force the definition of MBEDTLS_PSA_DRIVER_GET_ENTROPY as it may + # not exist in custom configurations. + scripts/config.py --force -f ${CRYPTO_CONFIG_H} set MBEDTLS_PSA_DRIVER_GET_ENTROPY || true } >/dev/null 2>&1 make clean >/dev/null @@ -77,7 +94,8 @@ doit() log "$( head -n1 "$OUT" )" log "$( tail -n1 "$OUT" )" - cp ${CONFIG_H}.bak $CONFIG_H + mv ${CONFIG_H}.bak $CONFIG_H + mv ${CRYPTO_CONFIG_H}.bak $CRYPTO_CONFIG_H } # truncate the file just this time From 9a10e398faac5441ed61075ca74ddc867dda1165 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Sep 2025 17:08:12 +0200 Subject: [PATCH 0941/1548] Simplify footprint.sh Signed-off-by: Ronald Cron --- scripts/footprint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/footprint.sh b/scripts/footprint.sh index c228a26c04..1f2945159e 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -21,14 +21,14 @@ set -eu CONFIG_H='include/mbedtls/mbedtls_config.h' CRYPTO_CONFIG_H='tf-psa-crypto/include/psa/crypto_config.h' -if [ -r $CONFIG_H ]; then :; else +if [ ! -r $CONFIG_H ]; then echo "$CONFIG_H not found" >&2 echo "This script needs to be run from the root of" >&2 echo "a git checkout or uncompressed tarball" >&2 exit 1 fi -if [ -r $CRYPTO_CONFIG_H ]; then :; else +if [ ! -r $CRYPTO_CONFIG_H ]; then echo "$CRYPTO_CONFIG_H not found" >&2 echo "This script needs to be run from the root of" >&2 echo "a git checkout or uncompressed tarball" >&2 From 15f1d7f812520c76a7b4ed59b6557a51377b351f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 10 Jul 2025 09:41:09 +0100 Subject: [PATCH 0942/1548] Remove support for static ECDH cipher suites Signed-off-by: Ben Taylor --- docs/architecture/tls13-support.md | 2 - docs/proposed/config-split.md | 2 - include/mbedtls/mbedtls_config.h | 48 ---- include/mbedtls/private/config_adjust_ssl.h | 2 - include/mbedtls/ssl.h | 4 +- include/mbedtls/ssl_ciphersuites.h | 12 +- library/mbedtls_check_config.h | 15 - library/ssl_ciphersuites.c | 264 ------------------ library/ssl_ciphersuites_internal.h | 10 +- library/ssl_tls.c | 5 - library/ssl_tls12_client.c | 99 +------ library/ssl_tls12_server.c | 106 +------ .../components-configuration-crypto.sh | 8 +- tests/scripts/depends.py | 4 +- tests/ssl-opt.sh | 7 +- tests/suites/test_suite_ssl.data | 44 --- 16 files changed, 14 insertions(+), 618 deletions(-) diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md index f49e9194ba..c7b11fd1dd 100644 --- a/docs/architecture/tls13-support.md +++ b/docs/architecture/tls13-support.md @@ -118,8 +118,6 @@ Support description | MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED | n/a | - | MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED | n/a | - | MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED | n/a | | MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED | n/a | | | | | MBEDTLS_PSA_CRYPTO_C | no (1) | diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index 1baab356b2..aa1090328f 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -392,8 +392,6 @@ PSA_WANT_\* macros as in current `crypto_config.h`. #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 827b96165f..f11bcb3fb0 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -273,54 +273,6 @@ */ #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - * - * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH - * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - -/** - * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - * - * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS. - * - * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH - * MBEDTLS_RSA_C - * MBEDTLS_X509_CRT_PARSE_C - * - * This enables the following ciphersuites (if other requisites are - * enabled as well): - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 - * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 - */ -#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - /** * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED * diff --git a/include/mbedtls/private/config_adjust_ssl.h b/include/mbedtls/private/config_adjust_ssl.h index 040216a04e..ee35a67c9f 100644 --- a/include/mbedtls/private/config_adjust_ssl.h +++ b/include/mbedtls/private/config_adjust_ssl.h @@ -64,8 +64,6 @@ #undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #endif diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 44d28a2d81..02e527cdf5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -659,9 +659,7 @@ union mbedtls_ssl_premaster_secret { unsigned char dummy; /* Make the union non-empty even with SSL disabled */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]; /* RFC 4492 5.10 */ #endif #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index c97f6abeee..d6c0667aa6 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -163,16 +163,12 @@ typedef enum { MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_KEY_EXCHANGE_ECJPAKE, } mbedtls_key_exchange_type_t; /* Key exchanges using a certificate */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) #define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED #endif @@ -220,12 +216,6 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED #endif -/* Key exchanges using ECDH */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED -#endif - /* Key exchanges that don't involve ephemeral keys */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) diff --git a/library/mbedtls_check_config.h b/library/mbedtls_check_config.h index 82fef7481d..3107c11077 100644 --- a/library/mbedtls_check_config.h +++ b/library/mbedtls_check_config.h @@ -55,19 +55,6 @@ #endif /* not all curves accelerated */ #endif /* some curve accelerated */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_CAN_ECDH) || \ - !defined(PSA_HAVE_ALG_ECDSA_SIGN) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \ - ( !defined(MBEDTLS_CAN_ECDH) || !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \ - !defined(MBEDTLS_X509_CRT_PARSE_C) ) -#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \ !defined(MBEDTLS_CAN_ECDH) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites" @@ -150,8 +137,6 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ !(defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) ) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index b979cad94f..961a4205e7 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -467,186 +467,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_SHA_1) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, - "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, - "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, - "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, - "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -#if defined(PSA_WANT_KEY_TYPE_AES) -#if defined(PSA_WANT_ALG_SHA_1) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* PSA_WANT_ALG_SHA_1 */ -#if defined(PSA_WANT_ALG_SHA_256) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#if defined(PSA_WANT_ALG_GCM) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_GCM) -#if defined(PSA_WANT_ALG_SHA_256) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, - "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_256 */ -#if defined(PSA_WANT_ALG_SHA_384) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, - "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_384 */ -#endif /* PSA_WANT_ALG_GCM */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) -#if defined(PSA_WANT_ALG_SHA_1) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_CIPHERSUITE_WEAK, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #if defined(PSA_WANT_KEY_TYPE_AES) #if defined(PSA_WANT_ALG_GCM) @@ -898,41 +718,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) @@ -1024,41 +809,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_384)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif -#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - defined(PSA_WANT_ALG_SHA_256)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - 0, - MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - #endif /* PSA_WANT_KEY_TYPE_ARIA */ @@ -1203,10 +953,6 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphe case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return MBEDTLS_PK_ECDSA; - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return MBEDTLS_PK_ECKEY; - default: return MBEDTLS_PK_NONE; } @@ -1222,10 +968,6 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return PSA_ALG_ECDH; - default: return PSA_ALG_NONE; } @@ -1238,10 +980,6 @@ psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_c case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return PSA_KEY_USAGE_SIGN_HASH; - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return PSA_KEY_USAGE_DERIVE; - default: return 0; } @@ -1272,8 +1010,6 @@ int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECJPAKE: return 1; diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index d1db2dba46..54199dba8a 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -45,8 +45,6 @@ static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_PSK: return 1; @@ -60,9 +58,7 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return 1; + return 1; default: return 0; @@ -73,9 +69,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuit static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return 1; @@ -87,9 +81,7 @@ static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_cip static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: return 1; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 78bcb92f4c..38db9cd103 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8623,11 +8623,6 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; break; - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - usage = MBEDTLS_X509_KU_KEY_AGREEMENT; - break; - /* Don't use default: we want warnings when adding new values */ case MBEDTLS_KEY_EXCHANGE_NONE: case MBEDTLS_KEY_EXCHANGE_PSK: diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 2129da122d..7675f95e37 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1732,71 +1732,6 @@ static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_pk_context *peer_pk; - -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - peer_pk = &ssl->handshake->peer_pubkey; -#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (ssl->session_negotiate->peer_cert == NULL) { - /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - peer_pk = &ssl->session_negotiate->peer_cert->pk; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - /* This is a public key, so it can't be opaque, so can_do() is a good - * enough check to ensure pk_ec() is safe to use below. */ - if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_ECKEY)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("server key not ECDH capable")); - return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - - uint16_t tls_id = 0; - psa_key_type_t key_type = PSA_KEY_TYPE_NONE; - mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(peer_pk); - - if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)")); - return MBEDTLS_ERR_SSL_BAD_CERTIFICATE; - } - - tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); - if (tls_id == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("ECC group %u not supported", - grp_id)); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - /* If the above conversion to TLS ID was fine, then also this one will be, - so there is no need to check the return value here */ - mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, - &ssl->handshake->xxdh_psa_bits); - - ssl->handshake->xxdh_psa_type = key_type; - - /* Store peer's public key in psa format. */ - memcpy(ssl->handshake->xxdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len); - ssl->handshake->xxdh_psa_peerkey_len = peer_pk->pub_raw_len; - ret = 0; -#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* We don't need the peer's public key anymore. Free it, - * so that more RAM is available for upcoming expensive - * operations like ECDHE. */ - mbedtls_pk_free(peer_pk); -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) { @@ -1807,28 +1742,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server key exchange")); -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { - if ((ret = ssl_get_ecdh_params_from_cert(ssl)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_ecdh_params_from_cert", ret); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return ret; - } - - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange")); - mbedtls_ssl_handshake_increment_state(ssl); - return 0; - } - ((void) p); - ((void) end); -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if (ssl->handshake->ecrs_enabled && ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing) { @@ -2380,13 +2293,9 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client key exchange")); #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t key_attributes; @@ -2460,9 +2369,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) } } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 181c6de3a0..96598cc427 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2513,100 +2513,6 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) } #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ -#if (defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_pk_context *pk; - mbedtls_pk_type_t pk_type; - psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; - unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; - size_t key_len; - - pk = mbedtls_ssl_own_key(ssl); - - if (pk == NULL) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - } - - pk_type = mbedtls_pk_get_type(pk); - - switch (pk_type) { - case MBEDTLS_PK_OPAQUE: - case MBEDTLS_PK_ECKEY: - case MBEDTLS_PK_ECKEY_DH: - case MBEDTLS_PK_ECDSA: - if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) { - return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - - /* Get the attributes of the key previously parsed by PK module in - * order to extract its type and length (in bits). */ - status = psa_get_key_attributes(pk->priv_id, &key_attributes); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes); - ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes); - - if (pk_type != MBEDTLS_PK_OPAQUE) { - /* PK_ECKEY[_DH] and PK_ECDSA instead as parsed from the PK - * module and only have ECDSA capabilities. Since we need - * them for ECDH later, we export and then re-import them with - * proper flags and algorithm. Of course We also set key's type - * and bits that we just got above. */ - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); - psa_set_key_type(&key_attributes, - PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type)); - psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits); - - status = psa_export_key(pk->priv_id, buf, sizeof(buf), &key_len); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - status = psa_import_key(&key_attributes, buf, key_len, - &ssl->handshake->xxdh_psa_privkey); - if (status != PSA_SUCCESS) { - ret = PSA_TO_MBEDTLS_ERR(status); - goto exit; - } - - /* Set this key as owned by the TLS library: it will be its duty - * to clear it exit. */ - ssl->handshake->xxdh_psa_privkey_is_external = 0; - - ret = 0; - break; - } - - /* Opaque key is created by the user (externally from Mbed TLS) - * so we assume it already has the right algorithm and flags - * set. Just copy its ID as reference. */ - ssl->handshake->xxdh_psa_privkey = pk->priv_id; - ssl->handshake->xxdh_psa_privkey_is_external = 1; - ret = 0; - break; - - default: - ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } - -exit: - psa_reset_key_attributes(&key_attributes); - mbedtls_platform_zeroize(buf, sizeof(buf)); - - return ret; -} -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ defined(MBEDTLS_SSL_ASYNC_PRIVATE) MBEDTLS_CHECK_RETURN_CRITICAL @@ -3210,13 +3116,9 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) } #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) { size_t data_len = (size_t) (*p++); size_t buf_len = (size_t) (end - p); psa_status_t status = PSA_ERROR_GENERIC_ERROR; @@ -3279,9 +3181,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) { if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index be2b040c29..38a5d85e7d 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -437,7 +437,6 @@ component_test_everest_curve25519_only () { scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA scripts/config.py unset PSA_WANT_ALG_ECDSA scripts/config.py set PSA_WANT_ALG_ECDH - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset PSA_WANT_ALG_JPAKE @@ -574,7 +573,6 @@ component_test_psa_crypto_config_accel_ecdsa () { # Disable things that depend on it scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED # Build # ----- @@ -615,8 +613,6 @@ component_test_psa_crypto_config_accel_ecdh () { scripts/config.py unset MBEDTLS_ECDH_C # Disable things that depend on it - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED @@ -1147,7 +1143,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT # Also disable key exchanges that depend on RSA scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED if [ "$test_target" = "ECC" ]; then # When testing ECC only, we disable FFDH support, both from builtin and @@ -1496,7 +1491,8 @@ component_test_new_psa_want_key_pair_symbol () { scripts/config.py crypto # Remove RSA support and its dependencies - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + scripts/config.py unset MBEDTLS_PKCS1_V15 + scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index cd91b78479..34ecf4cdbc 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -280,7 +280,6 @@ def test(self, options): 'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA', 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', - 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', 'MBEDTLS_ECDSA_C'], 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC': [ 'PSA_WANT_ALG_ECDSA', @@ -294,7 +293,6 @@ def test(self, options): 'MBEDTLS_ECP_RESTARTABLE', 'MBEDTLS_PK_PARSE_EC_EXTENDED', 'MBEDTLS_PK_PARSE_EC_COMPRESSED', - 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', 'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED', 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED', @@ -313,7 +311,7 @@ def test(self, options): 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT', 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT', 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE', - 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED'], + 'MBEDTLS_RSA_C'], 'PSA_WANT_ALG_SHA_224': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a90d5afa9f..a13afd6206 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -312,12 +312,9 @@ requires_any_configs_disabled() { } TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" -TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ - MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" +TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index ec62c2cb2e..6c5e718c60 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -380,10 +380,6 @@ Handshake, ECDHE-ECDSA-WITH-AES-256-CCM depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0 -Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0 - Handshake, PSK-WITH-AES-128-CBC-SHA depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0 @@ -408,10 +404,6 @@ DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1 -DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1 - DTLS Handshake, PSK-WITH-AES-128-CBC-SHA depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1 @@ -479,42 +471,6 @@ Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 -Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - -Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - -Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_PSA_CRYPTO_C -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_PSA_CRYPTO_C -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - -Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 - Sending app data via TLS, MFL=512 without fragmentation depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1 From 558766d814c42d49c7a3548bbfcb97bb078c8b01 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 11 Jul 2025 08:37:22 +0100 Subject: [PATCH 0943/1548] Remove additional ifdef's Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 6 ++---- library/ssl_ciphersuites_internal.h | 12 ------------ library/ssl_tls12_server.c | 15 +-------------- 3 files changed, 3 insertions(+), 30 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index d6c0667aa6..11eaf6ba14 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -217,8 +217,7 @@ typedef enum { #endif /* Key exchanges that don't involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED #endif @@ -244,8 +243,7 @@ typedef enum { #endif /* TLS 1.2 key exchanges using ECDH or ECDHE*/ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED #endif diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index 54199dba8a..2e9f077571 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -54,18 +54,6 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ - static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 96598cc427..755b837bca 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -22,8 +22,7 @@ /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) static int local_err_translation(psa_status_t status) { return psa_status_to_mbedtls(status, psa_to_ssl_errors, @@ -2914,18 +2913,6 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) /* Extract static ECDH parameters and abort if ServerKeyExchange * is not needed. */ if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) { - /* For suites involving ECDH, extract DH parameters - * from certificate at this point. */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) - if (mbedtls_ssl_ciphersuite_uses_ecdh(ciphersuite_info)) { - ret = ssl_get_ecdh_params_from_cert(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_ecdh_params_from_cert", ret); - return ret; - } - } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ - /* Key exchanges not involving ephemeral keys don't use * ServerKeyExchange, so end here. */ MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write server key exchange")); From 50b45a98ce54b977eaf66f932ba2d571c0365692 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 17 Jul 2025 10:43:05 +0100 Subject: [PATCH 0944/1548] Reverted changes to config-split Signed-off-by: Ben Taylor --- docs/proposed/config-split.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md index aa1090328f..1baab356b2 100644 --- a/docs/proposed/config-split.md +++ b/docs/proposed/config-split.md @@ -392,6 +392,8 @@ PSA_WANT_\* macros as in current `crypto_config.h`. #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED From 4d7f715c0775144bb8be651ee8157e7ba78d6577 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 23 Jul 2025 09:56:11 +0100 Subject: [PATCH 0945/1548] Remove further symbols that are not required Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 29 --------------------- library/ssl_ciphersuites.c | 42 ------------------------------ 2 files changed, 71 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 11eaf6ba14..5ef0786eb5 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -38,38 +38,25 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004 -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A -#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B /**< Weak! */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F - #define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036 @@ -81,20 +68,12 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065 /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A /**< TLS 1.2 */ @@ -104,21 +83,13 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC074 -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC075 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC078 -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC079 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E /**< TLS 1.2 */ #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F /**< TLS 1.2 */ diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 961a4205e7..39826eee66 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -109,46 +109,6 @@ static const int ciphersuite_preference[] = /* The ECJPAKE suite */ MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, - /* All AES-256 suites */ - MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - - /* All CAMELLIA-256 suites */ - MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - - /* All ARIA-256 suites */ - MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, - MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, - MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, - - /* All AES-128 suites */ - MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - - /* All CAMELLIA-128 suites */ - MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - - /* All ARIA-128 suites */ - MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, - MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, - MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, - /* The PSK suites */ MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, @@ -178,8 +138,6 @@ static const int ciphersuite_preference[] = MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, - MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, - MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, MBEDTLS_TLS_PSK_WITH_NULL_SHA384, MBEDTLS_TLS_PSK_WITH_NULL_SHA256, MBEDTLS_TLS_PSK_WITH_NULL_SHA, From 3116f2febeab278b9be662ac236c0297e67229f6 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 30 Jul 2025 10:48:45 +0100 Subject: [PATCH 0946/1548] Remove further symbols Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 5ef0786eb5..17666b2de2 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -37,8 +37,6 @@ extern "C" { #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0 /**< Weak! */ #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1 /**< Weak! */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */ - #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A From 39280a411055cf3318bc6f5f1db137d06be41b8f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 30 Jul 2025 13:43:21 +0100 Subject: [PATCH 0947/1548] Remove ECDH from ssl-opt Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 63 ++++++------------------------------------------ 1 file changed, 7 insertions(+), 56 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a13afd6206..9a6b5bfd92 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -433,14 +433,12 @@ requires_cipher_enabled() { # - $1 = command line (call to a TLS client or server program) # - $2 = client/server # - $3 = TLS version (TLS12 or TLS13) -# - $4 = Use an external tool without ECDH support -# - $5 = run test options +# - $4 = run test options detect_required_features() { CMD_LINE=$1 ROLE=$2 TLS_VERSION=$3 - EXT_WO_ECDH=$4 - TEST_OPTIONS=${5:-} + TEST_OPTIONS=${4:-} case "$CMD_LINE" in *\ force_version=*) @@ -522,24 +520,9 @@ detect_required_features() { else # For TLS12 requirements are different between server and client if [ "$ROLE" = "server" ]; then - # If the server uses "server5*" certificates, then an ECDSA based - # key exchange is required. However gnutls also does not - # support ECDH, so this limit the choice to ECDHE-ECDSA - if [ "$EXT_WO_ECDH" = "yes" ]; then - requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - else - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT - fi + requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED elif [ "$ROLE" = "client" ]; then - # On the client side it is enough to have any certificate - # based authentication together with support for ECDSA. - # Of course the GnuTLS limitation mentioned above applies - # also here. - if [ "$EXT_WO_ECDH" = "yes" ]; then - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH - else - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT - fi + requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH requires_pk_alg "ECDSA" fi fi @@ -801,10 +784,6 @@ requires_openssl_tls1_3_with_ffdh() { # skip next test if openssl cannot handle ephemeral key exchange requires_openssl_tls1_3_with_compatible_ephemeral() { requires_openssl_next - - if !(is_config_enabled "PSA_WANT_ALG_ECDH"); then - requires_openssl_tls1_3_with_ffdh - fi } # skip next test if tls1_3 is not available @@ -1302,28 +1281,6 @@ is_gnutls() { esac } -# Some external tools (gnutls or openssl) might not have support for static ECDH -# and this limit the tests that can be run with them. This function checks server -# and client command lines, given as input, to verify if the current test -# is using one of these tools. -use_ext_tool_without_ecdh_support() { - case "$1" in - *$GNUTLS_SERV*|\ - *${GNUTLS_NEXT_SERV:-"gnutls-serv-dummy"}*|\ - *${OPENSSL_NEXT:-"openssl-dummy"}*) - echo "yes" - return;; - esac - case "$2" in - *$GNUTLS_CLI*|\ - *${GNUTLS_NEXT_CLI:-"gnutls-cli-dummy"}*|\ - *${OPENSSL_NEXT:-"openssl-dummy"}*) - echo "yes" - return;; - esac - echo "no" -} - # Generate random psk_list argument for ssl_server2 get_srv_psk_list () { @@ -1810,26 +1767,20 @@ run_test() { requires_config_enabled MBEDTLS_SSL_PROTO_DTLS fi - # Check if we are trying to use an external tool which does not support ECDH - EXT_WO_ECDH=$(use_ext_tool_without_ecdh_support "$SRV_CMD" "$CLI_CMD") # Guess the TLS version which is going to be used. # Note that this detection is wrong in some cases, which causes unduly # skipped test cases in builds with TLS 1.3 but not TLS 1.2. # https://github.com/Mbed-TLS/mbedtls/issues/9560 - if [ "$EXT_WO_ECDH" = "no" ]; then - TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD") - else - TLS_VERSION="TLS12" - fi + TLS_VERSION="TLS12" # If we're in a PSK-only build and the test can be adapted to PSK, do that. maybe_adapt_for_psk "$@" # If the client or server requires certain features that can be detected # from their command-line arguments, check whether they're enabled. - detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" - detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" + detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$@" + detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$@" # should we skip? if [ "X$SKIP_NEXT" = "XYES" ]; then From dbf397710743ff01e403217de81fcc2d97c64d70 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 11 Aug 2025 11:22:50 +0100 Subject: [PATCH 0948/1548] Remove tests from ssl-opt.sh that are depedendent the removed ECDH algorithm's Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9a6b5bfd92..b67a371134 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2627,30 +2627,6 @@ run_test "Unique IV in GCM" \ -u "IV used" \ -U "IV used" -# Test for correctness of sent single supported algorithm -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" -requires_hash_alg SHA_256 -run_test "Single supported algorithm sending: mbedtls client" \ - "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ - "$P_CLI force_version=tls12 sig_algs=ecdsa_secp256r1_sha256 debug_level=3" \ - 0 \ - -c "Supported Signature Algorithm found: 04 03" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled PSA_WANT_ECC_SECP_R1_256 -requires_hash_alg SHA_256 -run_test "Single supported algorithm sending: openssl client" \ - "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ - "$O_CLI -cert $DATA_FILES_PATH/server6.crt \ - -key $DATA_FILES_PATH/server6.key" \ - 0 - # Tests for certificate verification callback run_test "Configuration-specific CRT verification callback" \ "$P_SRV debug_level=3" \ From 0a7c5588db6f793cca03ba43226d7b411440dae6 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 11 Aug 2025 14:43:32 +0100 Subject: [PATCH 0949/1548] Remove further ECDH tests Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 77 +----------------------------------------------- 1 file changed, 1 insertion(+), 76 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b67a371134..401ca85d4c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2306,22 +2306,7 @@ run_test "Opaque key for server authentication: ECDHE-ECDSA" \ -C "error" requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: ECDH-" \ - "$P_SRV auth_mode=required key_opaque=1\ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt\ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none" \ - "$P_CLI force_version=tls12" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDH-" \ - -s "key types: Opaque, none" \ - -s "Ciphersuite is TLS-ECDH-" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_ALG_ECDSA +requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE requires_hash_alg SHA_256 @@ -6103,31 +6088,6 @@ run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" -# The purpose of the next two tests is to test the client's behaviour when receiving a server -# certificate with an unsupported elliptic curve. This should usually not happen because -# the client informs the server about the supported curves - it does, though, in the -# corner case of a static ECDH suite, because the server doesn't check the curve on that -# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a -# different means to have the server ignoring the client's supported curve list. - -run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=required groups=secp521r1" \ - 1 \ - -c "bad certificate (EC key curve)"\ - -c "! Certificate verification flags"\ - -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage - -run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional groups=secp521r1" \ - 1 \ - -c "bad certificate (EC key curve)"\ - -c "! Certificate verification flags"\ - -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: client SHA256, server required" \ "$P_SRV auth_mode=required" \ @@ -6480,33 +6440,6 @@ run_test "Authentication, CA callback: server badcert, client none" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" -# The purpose of the next two tests is to test the client's behaviour when receiving a server -# certificate with an unsupported elliptic curve. This should usually not happen because -# the client informs the server about the supported curves - it does, though, in the -# corner case of a static ECDH suite, because the server doesn't check the curve on that -# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a -# different means to have the server ignoring the client's supported curve list. - -run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required groups=secp521r1" \ - 1 \ - -c "use CA callback for X.509 CRT verification" \ - -c "bad certificate (EC key curve)" \ - -c "! Certificate verification flags" \ - -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage - -run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \ - "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional groups=secp521r1" \ - 1 \ - -c "use CA callback for X.509 CRT verification" \ - -c "bad certificate (EC key curve)"\ - -c "! Certificate verification flags"\ - -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client SHA384, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ @@ -7911,14 +7844,6 @@ run_test "keyUsage srv 1.2: ECC, digitalSignature -> ECDHE-ECDSA" \ 0 \ -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-" - -run_test "keyUsage srv 1.2: ECC, keyAgreement -> ECDH-" \ - "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ - "$P_CLI" \ - 0 \ - -c "Ciphersuite is TLS-ECDH-" - run_test "keyUsage srv 1.2: ECC, keyEncipherment -> fail" \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ crt_file=$DATA_FILES_PATH/server5.ku-ke.crt" \ From 5802394451911448c020daa791f0b1a07f6f1b66 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 12 Aug 2025 08:20:07 +0100 Subject: [PATCH 0950/1548] Remove further ECDH testd from ssl-opt.sh Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 31 ------------------------------- 1 file changed, 31 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 401ca85d4c..0b182c93d0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2305,37 +2305,6 @@ run_test "Opaque key for server authentication: ECDHE-ECDSA" \ -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "error" \ - -c "error" \ - -c "Public key type mismatch" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "got ciphersuites in common, but none of them usable" \ - -s "error" \ - -c "error" - requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_hash_alg SHA_256 run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \ From fbd806ae95a656f1c474a3435ab17ceffc235491 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 12 Aug 2025 11:41:20 +0100 Subject: [PATCH 0951/1548] Remove everest ECDH test as it is no longer required Signed-off-by: Ben Taylor --- .../components-configuration-crypto.sh | 22 ------------------- 1 file changed, 22 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 38a5d85e7d..c103a6420e 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -430,28 +430,6 @@ component_test_everest () { tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA' } -component_test_everest_curve25519_only () { - msg "build: Everest ECDH context, only Curve25519" # ~ 6 min - scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py unset PSA_WANT_ALG_ECDSA - scripts/config.py set PSA_WANT_ALG_ECDH - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py unset PSA_WANT_ALG_JPAKE - - # Disable all curves - scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" - scripts/config.py unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" - scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255 - - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - - msg "test: Everest ECDH context, only Curve25519" # ~ 50s - make test -} - component_test_psa_collect_statuses () { msg "build+test: psa_collect_statuses" # ~30s scripts/config.py full From a1914ef45371d0491e35cf460bf9e12c7c29f029 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 12 Aug 2025 11:56:04 +0100 Subject: [PATCH 0952/1548] further removals of ssh tests from ssl-opt Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0b182c93d0..29d0b3f53f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2337,24 +2337,6 @@ run_test "Opaque keys for server authentication: EC keys with different algs, -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_hash_alg SHA_384 -requires_config_disabled MBEDTLS_X509_REMOVE_INFO -run_test "Opaque keys for server authentication: EC keys with different algs, force ECDH-ECDSA" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server7.crt \ - key_file=$DATA_FILES_PATH/server7.key key_opaque_algs=ecdsa-sign,none \ - crt_file2=$DATA_FILES_PATH/server5.crt key_file2=$DATA_FILES_PATH/server5.key \ - key_opaque_algs2=ecdh,none debug_level=3" \ - "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDH-ECDSA" \ - -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ - -s "Ciphersuite is TLS-ECDH-ECDSA" \ - -S "error" \ - -C "error" - requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_hash_alg SHA_384 requires_config_disabled MBEDTLS_X509_REMOVE_INFO From 1d651cc8a17d11380c5584cd0dcd6c52264b8cfa Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 12 Aug 2025 14:24:49 +0100 Subject: [PATCH 0953/1548] Remove additional occurances of static ECDH symbols Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 1 - tests/compat.sh | 15 --------------- 2 files changed, 16 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 17666b2de2..48e77d1026 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -47,7 +47,6 @@ extern "C" { #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */ -#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */ #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */ diff --git a/tests/compat.sh b/tests/compat.sh index a11fffda06..2b6f454127 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -359,13 +359,6 @@ add_openssl_ciphersuites() "ECDSA") CIPHERS="$CIPHERS \ - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA \ - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 \ - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 \ - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA \ - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 \ - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 \ - TLS_ECDH_ECDSA_WITH_NULL_SHA \ TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 \ TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 \ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \ @@ -468,14 +461,6 @@ add_mbedtls_ciphersuites() "ECDSA") M_CIPHERS="$M_CIPHERS \ - TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 \ - TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 \ - TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 \ - TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 \ - TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \ - TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \ - TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \ - TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \ TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 \ TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 \ " From 013f8aee4ef26fea69dfbb25e887ab7504e09abe Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:03:57 +0100 Subject: [PATCH 0954/1548] Replace MBEDTLS_KEY_EXCHANGE_PSK_ENABLED with MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 48e77d1026..05cd666ffc 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -185,7 +185,7 @@ typedef enum { #endif /* Key exchanges that don't involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED #endif From b2f6a69d852a3cb621be9fde4427766e79d4bd0c Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:08:00 +0100 Subject: [PATCH 0955/1548] Replace MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED with MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 05cd666ffc..80d5c7efd6 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -210,8 +210,8 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED #endif -/* TLS 1.2 key exchanges using ECDH or ECDHE*/ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) +/* TLS 1.2 key exchanges using ECDHE*/ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED #endif From 844a264317b573c88c4658be83ae56e809b641de Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:10:55 +0100 Subject: [PATCH 0956/1548] Remove stray MBEDTLS_PKCS1_V15 and MBEDTLS_PKCS1_V21 Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index c103a6420e..fcca5ffa0a 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1469,8 +1469,6 @@ component_test_new_psa_want_key_pair_symbol () { scripts/config.py crypto # Remove RSA support and its dependencies - scripts/config.py unset MBEDTLS_PKCS1_V15 - scripts/config.py unset MBEDTLS_PKCS1_V21 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT From 0fe02bb1bfa8c070e518756634ce78716ae9b721 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:20:03 +0100 Subject: [PATCH 0957/1548] Removed TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT as it is no longer used Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 29d0b3f53f..7976eec6a7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -314,8 +314,6 @@ requires_any_configs_disabled() { TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" -TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" - TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" From e16798ec67befca59c1858ee07a12087cf850bb7 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:25:11 +0100 Subject: [PATCH 0958/1548] Re-add reference to PSA_WANT_ALG_ECDH as this will be mantained Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7976eec6a7..8633953f90 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -782,6 +782,11 @@ requires_openssl_tls1_3_with_ffdh() { # skip next test if openssl cannot handle ephemeral key exchange requires_openssl_tls1_3_with_compatible_ephemeral() { requires_openssl_next + + if !(is_config_enabled "PSA_WANT_ALG_ECDH"); then + requires_openssl_tls1_3_with_ffdh + fi + } # skip next test if tls1_3 is not available From b191c02f6bf582aa0961f943ff207d49b28dab15 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:28:42 +0100 Subject: [PATCH 0959/1548] Correct style issues Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8633953f90..4a22686757 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -786,7 +786,6 @@ requires_openssl_tls1_3_with_compatible_ephemeral() { if !(is_config_enabled "PSA_WANT_ALG_ECDH"); then requires_openssl_tls1_3_with_ffdh fi - } # skip next test if tls1_3 is not available From 6f0eb791110b1d929df6002ba2a8a0c7b0ab6dfb Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 08:37:23 +0100 Subject: [PATCH 0960/1548] Use get_tls_version to determine TLS_VERSION instead of statically assigning it Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4a22686757..2978a0e401 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1774,7 +1774,7 @@ run_test() { # Note that this detection is wrong in some cases, which causes unduly # skipped test cases in builds with TLS 1.3 but not TLS 1.2. # https://github.com/Mbed-TLS/mbedtls/issues/9560 - TLS_VERSION="TLS12" + TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD"); # If we're in a PSK-only build and the test can be adapted to PSK, do that. maybe_adapt_for_psk "$@" From 59213b66df2286039904f68c43d3318deab4182f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 14 Aug 2025 10:01:06 +0100 Subject: [PATCH 0961/1548] Re-add everest test, as it was mislabelled Signed-off-by: Ben Taylor --- .../components-configuration-crypto.sh | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index fcca5ffa0a..05c480675c 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -430,6 +430,29 @@ component_test_everest () { tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA' } +component_test_everest_curve25519_only () { + msg "build: Everest ECDH context, only Curve25519" # ~ 6 min + scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED + scripts/config.py unset MBEDTLS_ECDSA_C + scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA + scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_ECJPAKE_C + scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + + # Disable all curves + scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" + scripts/config.py -c $CRYPTO_CONFIG_H unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" + scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ECC_MONTGOMERY_255 + + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + + msg "test: Everest ECDH context, only Curve25519" # ~ 50s + make test +} + component_test_psa_collect_statuses () { msg "build+test: psa_collect_statuses" # ~30s scripts/config.py full From 677994af64b1e577c7aba3231efab75cbe95566a Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 15 Aug 2025 08:22:04 +0100 Subject: [PATCH 0962/1548] Change ecdh to ecdhe on everest test Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 05c480675c..b153fc043d 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -431,7 +431,7 @@ component_test_everest () { } component_test_everest_curve25519_only () { - msg "build: Everest ECDH context, only Curve25519" # ~ 6 min + msg "build: Everest ECDHE context, only Curve25519" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA From a7b3f26864bd413a5de083778f9be4c5f37d6b40 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 15 Aug 2025 09:31:17 +0100 Subject: [PATCH 0963/1548] reverted change to MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED, as it appears it could be causing issues Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 80d5c7efd6..cc9f8d819d 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -185,7 +185,7 @@ typedef enum { #endif /* Key exchanges that don't involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED #endif From 7b14d8228e0103d42cb91567d1ad5b4f4b552607 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 18 Aug 2025 10:45:00 +0100 Subject: [PATCH 0964/1548] Reverting TLS_VERSION derivation improvement, as it appear to be causing issues Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2978a0e401..4a22686757 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1774,7 +1774,7 @@ run_test() { # Note that this detection is wrong in some cases, which causes unduly # skipped test cases in builds with TLS 1.3 but not TLS 1.2. # https://github.com/Mbed-TLS/mbedtls/issues/9560 - TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD"); + TLS_VERSION="TLS12" # If we're in a PSK-only build and the test can be adapted to PSK, do that. maybe_adapt_for_psk "$@" From c8823a262d4985757f03e2b4cc7eca4ac7932bb3 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 18 Aug 2025 14:17:19 +0100 Subject: [PATCH 0965/1548] Remove MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED as it appears to be causing issues Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index cc9f8d819d..48e77d1026 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -210,8 +210,8 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED #endif -/* TLS 1.2 key exchanges using ECDHE*/ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) +/* TLS 1.2 key exchanges using ECDH or ECDHE*/ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED #endif From 4766a23f9cf4fbd1f87ac6cc7cd403fd0e252ea5 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 2 Sep 2025 08:26:07 +0100 Subject: [PATCH 0966/1548] change MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED to MBEDTLS_KEY_EXCHANGE_PSK_ENABLED Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 48e77d1026..d3519f1969 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -198,7 +198,7 @@ typedef enum { #endif /* Key exchanges using a PSK */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED #endif From f57293654e7ab62960400dc425441d3faef0a1a4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 2 Sep 2025 13:10:52 +0100 Subject: [PATCH 0967/1548] Revert change to Everest test message back to ECDH Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index b153fc043d..05c480675c 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -431,7 +431,7 @@ component_test_everest () { } component_test_everest_curve25519_only () { - msg "build: Everest ECDHE context, only Curve25519" # ~ 6 min + msg "build: Everest ECDH context, only Curve25519" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA From 837167404876a715b659c34ceed82cdea9dd57dc Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 3 Sep 2025 08:16:52 +0100 Subject: [PATCH 0968/1548] re-add TLS_VERSION derivation Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4a22686757..1a30d0e2af 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1774,7 +1774,7 @@ run_test() { # Note that this detection is wrong in some cases, which causes unduly # skipped test cases in builds with TLS 1.3 but not TLS 1.2. # https://github.com/Mbed-TLS/mbedtls/issues/9560 - TLS_VERSION="TLS12" + TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD") # If we're in a PSK-only build and the test can be adapted to PSK, do that. maybe_adapt_for_psk "$@" From 120bd868b6d85254eec5eeadd989deb19645497a Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 3 Sep 2025 15:33:46 +0100 Subject: [PATCH 0969/1548] add filter to component_full_without_ecdhe_ecdsa Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-tls.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index b74b30477c..28f4f79515 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -235,6 +235,7 @@ component_test_small_mbedtls_ssl_dtls_max_buffering () { # - test only TLS (i.e. test_suite_tls and ssl-opt) build_full_minus_something_and_test_tls () { symbols_to_disable="$1" + filter="${2-.}" msg "build: full minus something, test TLS" @@ -250,11 +251,12 @@ build_full_minus_something_and_test_tls () { ( cd tests; ./test_suite_ssl ) msg "ssl-opt: full minus something, test TLS" - tests/ssl-opt.sh + tests/ssl-opt.sh -f "$filter" } +#TODO raise a issue to explain this. component_full_without_ecdhe_ecdsa () { - build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" + build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" 'psk\|PSK\|1\.3' } component_full_without_ecdhe_ecdsa_and_tls13 () { From 1a4f4b32a4059b5e0dc7c33a7d2a3999402c3b3b Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 4 Sep 2025 10:13:09 +0100 Subject: [PATCH 0970/1548] Add filter to test_tls13_only_ephemeral_ffdh to remove ffdh tests Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-tls.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 28f4f79515..abee9f61b0 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -483,7 +483,7 @@ component_test_tls13_only_ephemeral_ffdh () { cd tests; ./test_suite_ssl; cd .. msg "ssl-opt.sh: TLS 1.3 only, only ephemeral ffdh key exchange mode" - tests/ssl-opt.sh + tests/ssl-opt.sh -f "ffdh" } component_test_tls13_only_psk_ephemeral () { From a47fd0faf4b9fa78afc4c63358498b7440a694c3 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 4 Sep 2025 10:34:24 +0100 Subject: [PATCH 0971/1548] Add bug link to test modifications Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-tls.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index abee9f61b0..e9f2666d3f 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -254,7 +254,7 @@ build_full_minus_something_and_test_tls () { tests/ssl-opt.sh -f "$filter" } -#TODO raise a issue to explain this. +#These tests are temporarily disabled due to an unknown dependency of static ecdh as described in https://github.com/Mbed-TLS/mbedtls/issues/10385. component_full_without_ecdhe_ecdsa () { build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" 'psk\|PSK\|1\.3' } @@ -466,6 +466,7 @@ component_test_tls13_only_ephemeral () { tests/ssl-opt.sh } +#These tests are temporarily disabled due to an unknown dependency of static ecdh as described in https://github.com/Mbed-TLS/mbedtls/issues/10385. component_test_tls13_only_ephemeral_ffdh () { msg "build: TLS 1.3 only from default, only ephemeral ffdh key exchange mode" scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED From 9e360b8f33410343d1d54d92197119ea7c2ad13d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 5 Sep 2025 09:09:28 +0100 Subject: [PATCH 0972/1548] Remove MBEDTLS_RSA_C from depends.py Signed-off-by: Ben Taylor --- tests/scripts/depends.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 34ecf4cdbc..ad78c26e1c 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -310,8 +310,7 @@ def test(self, options): 'PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY', 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT', 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT', - 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE', - 'MBEDTLS_RSA_C'], + 'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE'], 'PSA_WANT_ALG_SHA_224': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED', 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', From 5cdbe308043883679b88b844a071e36c4f95f094 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 8 Sep 2025 13:12:43 +0100 Subject: [PATCH 0973/1548] replace MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED with MBEDTLS_KEY_EXCHANGE_PSK_ENABLED After the ECDH keyexchange removal the two became synonyms so the former can be removed. Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ciphersuites.h | 7 +------ library/ssl_ciphersuites_internal.h | 4 ++-- library/ssl_tls12_server.c | 8 ++++---- 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index d3519f1969..dfd369416b 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -184,11 +184,6 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED #endif -/* Key exchanges that don't involve ephemeral keys */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) -#define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED -#endif - /* Key exchanges that involve ephemeral keys */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ @@ -198,7 +193,7 @@ typedef enum { #endif /* Key exchanges using a PSK */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) || \ +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED #endif diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index 2e9f077571..524e419f47 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -41,7 +41,7 @@ static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_ } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info) { switch (info->MBEDTLS_PRIVATE(key_exchange)) { @@ -52,7 +52,7 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t return 0; } } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 755b837bca..1f498e0109 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2902,14 +2902,14 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t signature_len = 0; -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server key exchange")); -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) /* Extract static ECDH parameters and abort if ServerKeyExchange * is not needed. */ if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) { @@ -2919,7 +2919,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); return 0; } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ defined(MBEDTLS_SSL_ASYNC_PRIVATE) From df3e595536080189989bad945cf3787cdc57a63c Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 10 Sep 2025 08:30:12 +0100 Subject: [PATCH 0974/1548] Re-instate test for correctness of sent single supported algorithm Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1a30d0e2af..22377b8d04 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2565,6 +2565,30 @@ run_test "Unique IV in GCM" \ -u "IV used" \ -U "IV used" +# Test for correctness of sent single supported algorithm +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" +requires_hash_alg SHA_256 +run_test "Single supported algorithm sending: mbedtls client" \ + "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ + "$P_CLI force_version=tls12 sig_algs=ecdsa_secp256r1_sha256 debug_level=3" \ + 0 \ + -c "Supported Signature Algorithm found: 04 03" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 +requires_hash_alg SHA_256 +run_test "Single supported algorithm sending: openssl client" \ + "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ + "$O_CLI -cert $DATA_FILES_PATH/server6.crt \ + -key $DATA_FILES_PATH/server6.key" \ + 0 + # Tests for certificate verification callback run_test "Configuration-specific CRT verification callback" \ "$P_SRV debug_level=3" \ From 337161eb41f9b4829450921f3db559cd378c16f9 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 10 Sep 2025 08:39:41 +0100 Subject: [PATCH 0975/1548] Remove comment referencing ECDH Signed-off-by: Ben Taylor --- library/ssl_tls12_server.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 1f498e0109..256f1b1583 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2910,8 +2910,6 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server key exchange")); #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - /* Extract static ECDH parameters and abort if ServerKeyExchange - * is not needed. */ if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) { /* Key exchanges not involving ephemeral keys don't use * ServerKeyExchange, so end here. */ From 59474406a6c5bc53293dc8a727ef68e3b40fa0bf Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 10 Sep 2025 08:47:12 +0100 Subject: [PATCH 0976/1548] Re-instate MBEDTLS_PKCS1_V15 unset Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 05c480675c..f0c217ba4f 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1492,6 +1492,7 @@ component_test_new_psa_want_key_pair_symbol () { scripts/config.py crypto # Remove RSA support and its dependencies + scripts/config.py unset MBEDTLS_PKCS1_V15 scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT From 2f3523313bdcb5f4ff9202e5115de277546fd4b9 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 10 Sep 2025 09:08:50 +0100 Subject: [PATCH 0977/1548] Add ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/static-ecdh-removal.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/static-ecdh-removal.txt diff --git a/ChangeLog.d/static-ecdh-removal.txt b/ChangeLog.d/static-ecdh-removal.txt new file mode 100644 index 0000000000..d73add317f --- /dev/null +++ b/ChangeLog.d/static-ecdh-removal.txt @@ -0,0 +1,2 @@ +Removals + * Remove support for static ECDH suites. From 26cdf6ee2b0ac1595034ae510bfd290564302c0e Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 11 Sep 2025 07:52:53 +0100 Subject: [PATCH 0978/1548] Re-adding tests for ECDH Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 22377b8d04..2b10cde5a1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2357,6 +2357,52 @@ run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" -S "error" \ -C "error" +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_hash_alg SHA_256 +run_test "Opaque key for server authentication: ECDH-" \ + "$P_SRV auth_mode=required key_opaque=1\ + crt_file=$DATA_FILES_PATH/server5.ku-ka.crt\ + key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none" \ + "$P_CLI force_version=tls12" \ + 0 \ + -c "Verifying peer X.509 certificate... ok" \ + -c "Ciphersuite is TLS-ECDH-" \ + -s "key types: Opaque, none" \ + -s "Ciphersuite is TLS-ECDH-" \ + -S "error" \ + -C "error" + +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled PSA_WANT_ALG_ECDSA +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC +requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_hash_alg SHA_256 +run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \ + "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ + debug_level=1" \ + "$P_CLI force_version=tls12" \ + 1 \ + -s "key types: Opaque, none" \ + -s "error" \ + -c "error" \ + -c "Public key type mismatch" + +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC +requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_hash_alg SHA_256 +run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \ + "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ + key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ + debug_level=1" \ + "$P_CLI force_version=tls12" \ + 1 \ + -s "key types: Opaque, none" \ + -s "got ciphersuites in common, but none of them usable" \ + -s "error" \ + -c "error" + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_SRV_C From 485d4c1343bae888e39dde8068be2d0ba593262d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 11 Sep 2025 13:14:10 +0100 Subject: [PATCH 0979/1548] reverting last commit as the tests cause failures Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 46 ---------------------------------------------- 1 file changed, 46 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2b10cde5a1..22377b8d04 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2357,52 +2357,6 @@ run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" -S "error" \ -C "error" -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: ECDH-" \ - "$P_SRV auth_mode=required key_opaque=1\ - crt_file=$DATA_FILES_PATH/server5.ku-ka.crt\ - key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none" \ - "$P_CLI force_version=tls12" \ - 0 \ - -c "Verifying peer X.509 certificate... ok" \ - -c "Ciphersuite is TLS-ECDH-" \ - -s "key types: Opaque, none" \ - -s "Ciphersuite is TLS-ECDH-" \ - -S "error" \ - -C "error" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_ALG_ECDSA -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "error" \ - -c "error" \ - -c "Public key type mismatch" - -requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE -requires_hash_alg SHA_256 -run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \ - "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ - key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \ - debug_level=1" \ - "$P_CLI force_version=tls12" \ - 1 \ - -s "key types: Opaque, none" \ - -s "got ciphersuites in common, but none of them usable" \ - -s "error" \ - -c "error" - requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_config_enabled MBEDTLS_SSL_SRV_C From 486ec6e9b62a39dec39ccc2ab643e5df5a523fab Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 11 Sep 2025 13:21:52 +0100 Subject: [PATCH 0980/1548] Improved the text in the Changelog Signed-off-by: Ben Taylor --- ChangeLog.d/static-ecdh-removal.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog.d/static-ecdh-removal.txt b/ChangeLog.d/static-ecdh-removal.txt index d73add317f..b67ee288d7 100644 --- a/ChangeLog.d/static-ecdh-removal.txt +++ b/ChangeLog.d/static-ecdh-removal.txt @@ -1,2 +1,3 @@ Removals - * Remove support for static ECDH suites. + * Removed support for TLS 1.2 static ECDH key + exchanges (ECDH-ECDSA and ECDH-RSA). From c1e76e04fed2ff722ae162228ba0537a0aa16498 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 12 Sep 2025 08:33:38 +0100 Subject: [PATCH 0981/1548] correct whitespace style issue Signed-off-by: Ben Taylor --- ChangeLog.d/static-ecdh-removal.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/static-ecdh-removal.txt b/ChangeLog.d/static-ecdh-removal.txt index b67ee288d7..94512a21f9 100644 --- a/ChangeLog.d/static-ecdh-removal.txt +++ b/ChangeLog.d/static-ecdh-removal.txt @@ -1,3 +1,3 @@ Removals - * Removed support for TLS 1.2 static ECDH key + * Removed support for TLS 1.2 static ECDH key exchanges (ECDH-ECDSA and ECDH-RSA). From bb877a8cbff16ccee27b34f9765488724a6676ea Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 21 Aug 2025 14:27:49 +0100 Subject: [PATCH 0982/1548] remove further references to MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY Signed-off-by: Ben Taylor --- scripts/config.py | 3 --- tests/scripts/analyze_outcomes.py | 2 -- tests/scripts/components-platform.sh | 18 ------------------ 3 files changed, 23 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index e60d1606f1..1f4d73b57f 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -94,10 +94,8 @@ def realfull_adapter(_name, _value, _active): 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # interface and behavior change 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) 'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS - 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT - 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # setting *_USE_ARMV8_A_CRYPTO is sufficient 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) 'MBEDTLS_X509_REMOVE_INFO', # removes a feature @@ -164,7 +162,6 @@ def full_adapter(name, value, active): 'MBEDTLS_THREADING_C', # requires a threading interface 'MBEDTLS_THREADING_PTHREAD', # requires pthread 'MBEDTLS_TIMING_C', # requires a clock - 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection 'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection ]) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 8660e68942..4d51c4e4a5 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -134,8 +134,6 @@ def _has_word_re(words: typing.Iterable[str], # MBEDTLS_PSA_CRYPTO_SPM as enabled. That's ok. 'Config: MBEDTLS_PSA_CRYPTO_SPM', # We don't test on armv8 yet. - 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', - 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', 'Config: MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', 'Config: MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # We don't run test_suite_config when we test this. diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh index 25cfd4163d..2b6eec5853 100644 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -299,12 +299,6 @@ component_build_sha_armce () { # test the deprecated form of the config option - scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY - msg "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY clang, thumb" - make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" - msg "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY clang, test T32 crypto instructions built" - grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, aarch64" @@ -313,18 +307,6 @@ component_build_sha_armce () { grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT - - # test the deprecated form of the config option - scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT - msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, arm" - make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -std=c99" - - msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, thumb" - make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" - msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, test T32 crypto instructions built" - grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT - # examine the disassembly for absence of SHA instructions msg "clang, test A32 crypto instructions not built" make -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72 -marm" From 5496f9025cecb945f1ae8280086cc25869db6abb Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 8 Sep 2025 08:25:35 +0100 Subject: [PATCH 0983/1548] Temporarily revert changes to config.py Signed-off-by: Ben Taylor --- scripts/config.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/config.py b/scripts/config.py index 1f4d73b57f..e60d1606f1 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -94,8 +94,10 @@ def realfull_adapter(_name, _value, _active): 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # interface and behavior change 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) 'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS + 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT + 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # setting *_USE_ARMV8_A_CRYPTO is sufficient 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) 'MBEDTLS_X509_REMOVE_INFO', # removes a feature @@ -162,6 +164,7 @@ def full_adapter(name, value, active): 'MBEDTLS_THREADING_C', # requires a threading interface 'MBEDTLS_THREADING_PTHREAD', # requires pthread 'MBEDTLS_TIMING_C', # requires a clock + 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection 'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection ]) From 5a7a72ee411275ed13e4ecffa8575988089eb01e Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 9 Sep 2025 07:54:47 +0100 Subject: [PATCH 0984/1548] testing with analyze_outcomes changes reverted for merge Signed-off-by: Ben Taylor --- tests/scripts/analyze_outcomes.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 4d51c4e4a5..8660e68942 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -134,6 +134,8 @@ def _has_word_re(words: typing.Iterable[str], # MBEDTLS_PSA_CRYPTO_SPM as enabled. That's ok. 'Config: MBEDTLS_PSA_CRYPTO_SPM', # We don't test on armv8 yet. + 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', + 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', 'Config: MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', 'Config: MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # We don't run test_suite_config when we test this. From 14e1932935e35af6ab112233376e48072e1d9c52 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 12 Sep 2025 10:52:10 +0100 Subject: [PATCH 0985/1548] Remove stray comment int components-platform.sh Signed-off-by: Ben Taylor --- tests/scripts/components-platform.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh index 2b6eec5853..4c297483f6 100644 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -297,9 +297,6 @@ component_build_sha_armce () { grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY - - # test the deprecated form of the config option - scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, aarch64" make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" From 9c2727f9f228a1d972d4ce652776a6cc9a8147fd Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 2 Sep 2025 14:43:01 +0200 Subject: [PATCH 0986/1548] Update framework Signed-off-by: Ronald Cron --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index d0d817541a..820a16cca7 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit d0d817541ae3f449b8cd51afc165668179659699 +Subproject commit 820a16cca705c6842a5a79332c6d40644008c814 From 2ba5d6afccde6d15bfaad1c5e0dae85197702211 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 16 Sep 2025 11:18:04 +0200 Subject: [PATCH 0987/1548] Update tf-psa-crypto Signed-off-by: Ronald Cron --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 06bae1e110..4cc5bb4295 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 06bae1e110ce71b44c3f4d17974d24feea4d2a92 +Subproject commit 4cc5bb429554ba14e36163ff3a82bf53766f7e24 From e5eb2639b2c72145011c8679bc7c20dc0f5561dd Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 9 Sep 2025 15:19:48 +0200 Subject: [PATCH 0988/1548] readthedocs: Install cmake to build the documentation Signed-off-by: Ronald Cron --- .readthedocs.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.readthedocs.yaml b/.readthedocs.yaml index 96d651abc5..3cc34740bd 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -13,6 +13,8 @@ submodules: # Set the version of Python and other tools you might need build: os: ubuntu-20.04 + apt_packages: + - cmake tools: python: "3.9" jobs: From 0dd31fe523f4031ace63e4d847bb896dc06db6fc Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Sep 2025 09:37:46 +0200 Subject: [PATCH 0989/1548] Introduce MBEDTLS_SSL_NULL_CIPHERSUITES The support for TLS ciphersuites without encryption does not rely anymore on the MBEDTLS_CIPHER_NULL_CIPHER feature of the cipher module. Introduce a specific config option to enable these ciphersuites and use it instead of MBEDTLS_CIPHER_NULL_CIPHER. Signed-off-by: Ronald Cron --- ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt | 4 +++ include/mbedtls/mbedtls_config.h | 12 +++++++ library/ssl_ciphersuites.c | 12 +++---- library/ssl_misc.h | 2 +- tests/scripts/components-configuration-tls.sh | 14 ++++---- tests/suites/test_suite_ssl.data | 32 +++++++++---------- tests/suites/test_suite_ssl_decrypt.function | 2 +- 7 files changed, 47 insertions(+), 31 deletions(-) create mode 100644 ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt diff --git a/ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt b/ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt new file mode 100644 index 0000000000..a1312d0cb4 --- /dev/null +++ b/ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt @@ -0,0 +1,4 @@ +API changes + * Add MBEDTLS_SSL_NULL_CIPHERSUITES configuration option. It enables + TLS 1.2 ciphersuites without encryption and is disabled by default. + This new option replaces MBEDTLS_CIPHER_NULL_CIPHER. diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index f11bcb3fb0..e79911428a 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -191,6 +191,18 @@ * \{ */ +/** + * \def MBEDTLS_SSL_NULL_CIPHERSUITES + * + * Enable ciphersuites without encryption. + * + * Warning: Only do so when you know what you are doing. This allows for + * channels without any encryption. All data are transmitted in clear. + * + * Uncomment this macro to enable the NULL ciphersuites + */ +//#define MBEDTLS_SSL_NULL_CIPHERSUITES + /** * \def MBEDTLS_DEBUG_C * diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 39826eee66..6027b7f3c4 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -325,14 +325,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* PSA_WANT_ALG_GCM */ #endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) +#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES) #if defined(PSA_WANT_ALG_SHA_1) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_CIPHERSUITE_WEAK, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ +#endif /* MBEDTLS_SSL_NULL_CIPHERSUITES */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) @@ -415,14 +415,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* PSA_WANT_ALG_GCM */ #endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) +#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES) #if defined(PSA_WANT_ALG_SHA_1) { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_CIPHERSUITE_WEAK, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ +#endif /* MBEDTLS_SSL_NULL_CIPHERSUITES */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) @@ -591,7 +591,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* PSA_WANT_KEY_TYPE_AES */ #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) +#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES) #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #if defined(PSA_WANT_ALG_SHA_1) { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA", @@ -637,7 +637,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ +#endif /* MBEDTLS_SSL_NULL_CIPHERSUITES */ #if defined(PSA_WANT_KEY_TYPE_ARIA) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index ed3c4a776f..9f7ab7f7e4 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -279,7 +279,7 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type); /* This macro determines whether a ciphersuite using a * stream cipher can be used. */ -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) +#if defined(MBEDTLS_SSL_NULL_CIPHERSUITES) #define MBEDTLS_SSL_SOME_SUITES_USE_STREAM #endif diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index e9f2666d3f..9efc7b2af6 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -61,8 +61,8 @@ component_test_tls1_2_default_stream_cipher_only () { scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC - # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) - scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER + # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_SSL_NULL_CIPHERSUITES)) + scripts/config.py set MBEDTLS_SSL_NULL_CIPHERSUITES # Modules that depend on AEAD scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION scripts/config.py unset MBEDTLS_SSL_TICKET_C @@ -89,8 +89,8 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () { scripts/config.py set PSA_WANT_ALG_CBC_NO_PADDING # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC - # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) - scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER + # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_SSL_NULL_CIPHERSUITES)) + scripts/config.py unset MBEDTLS_SSL_NULL_CIPHERSUITES # Modules that depend on AEAD scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION scripts/config.py unset MBEDTLS_SSL_TICKET_C @@ -118,8 +118,8 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { scripts/config.py set PSA_WANT_ALG_CBC_NO_PADDING # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC - # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) - scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER + # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_SSL_NULL_CIPHERSUITES)) + scripts/config.py unset MBEDTLS_SSL_NULL_CIPHERSUITES # Modules that depend on AEAD scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION scripts/config.py unset MBEDTLS_SSL_TICKET_C @@ -368,7 +368,7 @@ component_test_when_no_ciphersuites_have_mac () { scripts/config.py unset PSA_WANT_ALG_CMAC scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 - scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER + scripts/config.py unset MBEDTLS_SSL_NULL_CIPHERSUITES make diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 6c5e718c60..897f90d787 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -1693,35 +1693,35 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, NULL cipher, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, NULL cipher, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, NULL cipher, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, NULL cipher, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, NULL cipher, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, NULL cipher, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, NULL cipher, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, NULL cipher, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ChachaPoly @@ -2565,35 +2565,35 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, NULL cipher, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, NULL cipher, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, NULL cipher, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, NULL cipher, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, NULL cipher, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1 ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, NULL cipher, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, NULL cipher, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, NULL cipher, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_NULL_CIPHERSUITES:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 SSL TLS 1.3 Key schedule: Secret evolution #1 diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function index 37265def88..7a22939eb4 100644 --- a/tests/suites/test_suite_ssl_decrypt.function +++ b/tests/suites/test_suite_ssl_decrypt.function @@ -13,7 +13,7 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CIPHER_NULL_CIPHER */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_NULL_CIPHERSUITES */ void ssl_decrypt_null(int hash_id) { mbedtls_ssl_transform transform_in, transform_out; From 2b7f59535ff319a61a82acdf80806ac9c9018f6c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Sep 2025 14:03:35 +0200 Subject: [PATCH 0990/1548] Remove completely MBEDTLS_PLATFORM_GET_ENTROPY_ALT Signed-off-by: Ronald Cron --- scripts/config.py | 1 - tests/scripts/analyze_outcomes.py | 2 -- 2 files changed, 3 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index e60d1606f1..6c4cc151d6 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -120,7 +120,6 @@ def is_seamless_alt(name): an implementation of the relevant functions and an xxx_alt.h header. """ if name in ( - 'MBEDTLS_PLATFORM_GET_ENTROPY_ALT', 'MBEDTLS_PLATFORM_GMTIME_R_ALT', 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT', 'MBEDTLS_PLATFORM_MS_TIME_ALT', diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 8660e68942..88c450fc86 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -124,8 +124,6 @@ def _has_word_re(words: typing.Iterable[str], # Untested platform-specific optimizations. # https://github.com/Mbed-TLS/mbedtls/issues/9588 'Config: MBEDTLS_HAVE_SSE2', - # Obsolete config option that we are about to remove - 'Config: MBEDTLS_PLATFORM_GET_ENTROPY_ALT', # Untested aspect of the platform interface. # https://github.com/Mbed-TLS/mbedtls/issues/9589 'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', From 919a1e4e223a45b10971d8c49b2815a57cadf084 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Sep 2025 14:39:26 +0200 Subject: [PATCH 0991/1548] Cleanup following the removal of RSA legacy options Signed-off-by: Ronald Cron --- include/mbedtls/mbedtls_config.h | 1 - scripts/config.py | 2 +- tests/scripts/components-configuration-crypto.sh | 3 +-- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index e79911428a..2bfe4d66d0 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -266,7 +266,6 @@ * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. * * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH - * MBEDTLS_RSA_C * PSA_WANT_ALG_RSA_PKCS1V15_SIGN * MBEDTLS_X509_CRT_PARSE_C * diff --git a/scripts/config.py b/scripts/config.py index 6c4cc151d6..175b73cf7f 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -4,7 +4,7 @@ Basic usage, to read the Mbed TLS configuration: config = CombinedConfigFile() - if 'MBEDTLS_RSA_C' in config: print('RSA is enabled') + if 'MBEDTLS_SSL_TLS_C' in config: print('TLS is enabled') """ ## Copyright The Mbed TLS Contributors diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 29e86c34d6..6dab8b6a78 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1491,8 +1491,7 @@ component_test_new_psa_want_key_pair_symbol () { # Start from crypto configuration scripts/config.py crypto - # Remove RSA support and its dependencies - scripts/config.py unset MBEDTLS_PKCS1_V15 + # Remove RSA dependencies scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT From a19ee2819ec8c88ed86d65a737ff9a8488b3e30c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Sep 2025 18:25:06 +0200 Subject: [PATCH 0992/1548] Cleanup following the removal of MBEDTLS_ECDH_C option Signed-off-by: Ronald Cron --- include/mbedtls/mbedtls_config.h | 6 +++--- tests/scripts/components-configuration-crypto.sh | 8 -------- tests/scripts/components-configuration-tls.sh | 4 ---- tests/scripts/depends.py | 2 +- 4 files changed, 4 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 2bfe4d66d0..118a9631c4 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -223,7 +223,7 @@ * * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. * - * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH + * Requires: PSA_WANT_ALG_ECDH * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA * MBEDTLS_X509_CRT_PARSE_C * @@ -247,7 +247,7 @@ * * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS. * - * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH + * Requires: PSA_WANT_ALG_ECDH * * This enables the following ciphersuites (if other requisites are * enabled as well): @@ -265,7 +265,7 @@ * * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS. * - * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH + * Requires: PSA_WANT_ALG_ECDH * PSA_WANT_ALG_RSA_PKCS1V15_SIGN * MBEDTLS_X509_CRT_PARSE_C * diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 6dab8b6a78..8ed678bc40 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -610,9 +610,6 @@ component_test_psa_crypto_config_accel_ecdh () { $(helper_get_psa_key_type_list "ECC") \ $(helper_get_psa_curve_list)" - # Disable the module that's accelerated - scripts/config.py unset MBEDTLS_ECDH_C - # Disable things that depend on it scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -739,7 +736,6 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { # Disable modules that are accelerated - some will be re-enabled scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C @@ -803,7 +799,6 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { # Disable modules that are accelerated - some will be re-enabled scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C @@ -915,7 +910,6 @@ config_psa_crypto_config_ecp_light_only () { if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C fi @@ -1009,7 +1003,6 @@ config_psa_crypto_no_ecp_at_all () { if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECJPAKE_C # Disable ECP module (entirely) scripts/config.py unset MBEDTLS_ECP_C @@ -1124,7 +1117,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECJPAKE_C # Disable ECP module (entirely) scripts/config.py unset MBEDTLS_ECP_C diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 9efc7b2af6..323f98ec1c 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -438,7 +438,6 @@ component_test_tls13_only_psk () { scripts/config.py unset PSA_WANT_DH_RFC7919_6144 scripts/config.py unset PSA_WANT_DH_RFC7919_8192 # Note: The four unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDSA_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -475,8 +474,6 @@ component_test_tls13_only_ephemeral_ffdh () { scripts/config.py set MBEDTLS_TEST_HOOKS scripts/config.py unset PSA_WANT_ALG_ECDH - # Note: The unset below is to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDH_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -531,7 +528,6 @@ component_test_tls13_only_psk_ephemeral_ffdh () { scripts/config.py unset PSA_WANT_ALG_RSA_OAEP scripts/config.py unset PSA_WANT_ALG_RSA_PSS # Note: The three unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECDSA_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index ad78c26e1c..755585d83e 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -283,7 +283,7 @@ def test(self, options): 'MBEDTLS_ECDSA_C'], 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC': [ 'PSA_WANT_ALG_ECDSA', - 'PSA_WANT_ALG_ECDH', 'MBEDTLS_ECDH_C', + 'PSA_WANT_ALG_ECDH', 'PSA_WANT_ALG_JPAKE', 'PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY', 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT', From 3c6bbddfd4daf349c360827d215ca78714a5625d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Sep 2025 18:28:06 +0200 Subject: [PATCH 0993/1548] Cleanup following the removal of MBEDTLS_ECDSA_C option Signed-off-by: Ronald Cron --- include/mbedtls/mbedtls_config.h | 4 ++-- tests/scripts/components-configuration-crypto.sh | 9 --------- tests/scripts/components-configuration-tls.sh | 8 -------- tests/scripts/depends.py | 3 +-- tests/scripts/test_config_checks.py | 4 ---- tests/suites/test_suite_x509parse.function | 2 +- 6 files changed, 4 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 118a9631c4..96521224d5 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -224,7 +224,7 @@ * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS. * * Requires: PSA_WANT_ALG_ECDH - * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA + * PSA_WANT_ALG_ECDSA * MBEDTLS_X509_CRT_PARSE_C * * This enables the following ciphersuites (if other requisites are @@ -799,7 +799,7 @@ * Requires: PSA_WANT_ALG_ECDH or PSA_WANT_ALG_FFDH * MBEDTLS_X509_CRT_PARSE_C * and at least one of: - * MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA + * PSA_WANT_ALG_ECDSA * PSA_WANT_ALG_RSA_PSS * * Comment to disable support for the ephemeral key exchange mode in TLS 1.3. diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 8ed678bc40..51f813d16e 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -433,7 +433,6 @@ component_test_everest () { component_test_everest_curve25519_only () { msg "build: Everest ECDH context, only Curve25519" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH @@ -569,9 +568,6 @@ component_test_psa_crypto_config_accel_ecdsa () { $(helper_get_psa_key_type_list "ECC") \ $(helper_get_psa_curve_list)" - # Disable the module that's accelerated - scripts/config.py unset MBEDTLS_ECDSA_C - # Disable things that depend on it scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -735,7 +731,6 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { $(helper_get_psa_curve_list)" # Disable modules that are accelerated - some will be re-enabled - scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C @@ -798,7 +793,6 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { scripts/config.py unset MBEDTLS_PK_WRITE_C # Disable modules that are accelerated - some will be re-enabled - scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C @@ -909,7 +903,6 @@ config_psa_crypto_config_ecp_light_only () { helper_libtestdriver1_adjust_config "full" if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C fi @@ -1002,7 +995,6 @@ config_psa_crypto_no_ecp_at_all () { if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECJPAKE_C # Disable ECP module (entirely) scripts/config.py unset MBEDTLS_ECP_C @@ -1116,7 +1108,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECJPAKE_C # Disable ECP module (entirely) scripts/config.py unset MBEDTLS_ECP_C diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 323f98ec1c..d69b5853c7 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -437,8 +437,6 @@ component_test_tls13_only_psk () { scripts/config.py unset PSA_WANT_DH_RFC7919_4096 scripts/config.py unset PSA_WANT_DH_RFC7919_6144 scripts/config.py unset PSA_WANT_DH_RFC7919_8192 - # Note: The four unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDSA_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -499,8 +497,6 @@ component_test_tls13_only_psk_ephemeral () { scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA scripts/config.py unset PSA_WANT_ALG_RSA_OAEP scripts/config.py unset PSA_WANT_ALG_RSA_PSS - # Note: The two unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDSA_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -527,8 +523,6 @@ component_test_tls13_only_psk_ephemeral_ffdh () { scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA scripts/config.py unset PSA_WANT_ALG_RSA_OAEP scripts/config.py unset PSA_WANT_ALG_RSA_PSS - # Note: The three unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDSA_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" @@ -553,8 +547,6 @@ component_test_tls13_only_psk_all () { scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA scripts/config.py unset PSA_WANT_ALG_RSA_OAEP scripts/config.py unset PSA_WANT_ALG_RSA_PSS - # Note: The two unsets below are to be removed for Mbed TLS 4.0 - scripts/config.py unset MBEDTLS_ECDSA_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 755585d83e..347634cdff 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -279,8 +279,7 @@ def test(self, options): 'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'], 'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA', - 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', - 'MBEDTLS_ECDSA_C'], + 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'], 'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC': [ 'PSA_WANT_ALG_ECDSA', 'PSA_WANT_ALG_ECDH', diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py index 540144923e..7403f7ebdb 100755 --- a/tests/scripts/test_config_checks.py +++ b/tests/scripts/test_config_checks.py @@ -43,7 +43,6 @@ def test_mbedtls_no_ecdsa(self) -> None: self.bad_case(''' #undef PSA_WANT_ALG_ECDSA #undef PSA_WANT_ALG_DETERMINISTIC_ECDSA - #undef MBEDTLS_ECDSA_C ''', ''' #if defined(PSA_WANT_ALG_ECDSA) @@ -52,9 +51,6 @@ def test_mbedtls_no_ecdsa(self) -> None: #if defined(PSA_WANT_ALG_DETERMINSTIC_ECDSA) #error PSA_WANT_ALG_DETERMINSTIC_ECDSA unexpected #endif - #if defined(MBEDTLS_ECDSA_C) - #error MBEDTLS_ECDSA_C unexpected - #endif ''', error=('MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED')) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index f813cc1ac3..ccd85378b8 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -655,7 +655,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:PSA_WANT_ALG_ECDSA */ void x509_verify_restart(char *crt_file, char *ca_file, int result, int flags_result, int max_ops, int min_restart, int max_restart) From 2ad1e5c1a2f9e755c1c6199d51a00c96b64760d9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Sep 2025 18:30:07 +0200 Subject: [PATCH 0994/1548] Cleanup following the removal of MBEDTLS_ECJPAKE_C option Signed-off-by: Ronald Cron --- include/mbedtls/mbedtls_config.h | 2 +- tests/scripts/components-configuration-crypto.sh | 9 --------- tests/scripts/depends.py | 3 +-- 3 files changed, 2 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 96521224d5..828c0f38dc 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -293,7 +293,7 @@ * Thread v1.0.0 specification; incompatible changes to the specification * might still happen. For this reason, this is disabled by default. * - * Requires: MBEDTLS_ECJPAKE_C or PSA_WANT_ALG_JPAKE + * Requires: PSA_WANT_ALG_JPAKE * PSA_WANT_ALG_SHA_256 * MBEDTLS_ECP_DP_SECP256R1_ENABLED * diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 51f813d16e..3e066d4dc7 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -438,7 +438,6 @@ component_test_everest_curve25519_only () { scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE # Disable all curves @@ -690,7 +689,6 @@ component_test_psa_crypto_config_accel_pake () { $(helper_get_psa_curve_list)" # Make built-in fallback not available - scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED # Build @@ -731,7 +729,6 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { $(helper_get_psa_curve_list)" # Disable modules that are accelerated - some will be re-enabled - scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C # Disable all curves - those that aren't accelerated should be re-enabled @@ -793,7 +790,6 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { scripts/config.py unset MBEDTLS_PK_WRITE_C # Disable modules that are accelerated - some will be re-enabled - scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C # Disable all curves - those that aren't accelerated should be re-enabled @@ -903,7 +899,6 @@ config_psa_crypto_config_ecp_light_only () { helper_libtestdriver1_adjust_config "full" if [ "$driver_only" -eq 1 ]; then # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_ECP_C fi @@ -994,8 +989,6 @@ config_psa_crypto_no_ecp_at_all () { helper_libtestdriver1_adjust_config "full" if [ "$driver_only" -eq 1 ]; then - # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECJPAKE_C # Disable ECP module (entirely) scripts/config.py unset MBEDTLS_ECP_C fi @@ -1107,8 +1100,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { helper_libtestdriver1_adjust_config "full" if [ "$driver_only" -eq 1 ]; then - # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECJPAKE_C # Disable ECP module (entirely) scripts/config.py unset MBEDTLS_ECP_C # Also disable bignum diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 347634cdff..5d2efc724d 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -297,8 +297,7 @@ def test(self, options): 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED', 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED', 'MBEDTLS_ECP_C'], - 'PSA_WANT_ALG_JPAKE': ['MBEDTLS_ECJPAKE_C', - 'MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], + 'PSA_WANT_ALG_JPAKE': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], 'PSA_WANT_ALG_RSA_OAEP': ['PSA_WANT_ALG_RSA_PSS', 'MBEDTLS_X509_RSASSA_PSS_SUPPORT'], 'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT': ['PSA_WANT_ALG_RSA_PKCS1V15_SIGN', From 6cfab2880a59f435214761fa2510d9226a6915c4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Sep 2025 18:32:29 +0200 Subject: [PATCH 0995/1548] Cleanup following the removal of MBEDTLS_ECP_C option Signed-off-by: Ronald Cron --- .../scripts/components-configuration-crypto.sh | 17 ----------------- tests/scripts/depends.py | 3 +-- 2 files changed, 1 insertion(+), 19 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 3e066d4dc7..860371d6fb 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -728,9 +728,6 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { KEY_TYPE_ECC_KEY_PAIR_EXPORT \ $(helper_get_psa_curve_list)" - # Disable modules that are accelerated - some will be re-enabled - scripts/config.py unset MBEDTLS_ECP_C - # Disable all curves - those that aren't accelerated should be re-enabled helper_disable_builtin_curves @@ -789,9 +786,6 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { scripts/config.py unset MBEDTLS_PK_PARSE_C scripts/config.py unset MBEDTLS_PK_WRITE_C - # Disable modules that are accelerated - some will be re-enabled - scripts/config.py unset MBEDTLS_ECP_C - # Disable all curves - those that aren't accelerated should be re-enabled helper_disable_builtin_curves @@ -897,10 +891,6 @@ config_psa_crypto_config_ecp_light_only () { driver_only="$1" # start with config full for maximum coverage (also enables USE_PSA) helper_libtestdriver1_adjust_config "full" - if [ "$driver_only" -eq 1 ]; then - # Disable modules that are accelerated - scripts/config.py unset MBEDTLS_ECP_C - fi # Restartable feature is not yet supported by PSA. Once it will in # the future, the following line could be removed (see issues @@ -988,11 +978,6 @@ config_psa_crypto_no_ecp_at_all () { # start with full config for maximum coverage (also enables USE_PSA) helper_libtestdriver1_adjust_config "full" - if [ "$driver_only" -eq 1 ]; then - # Disable ECP module (entirely) - scripts/config.py unset MBEDTLS_ECP_C - fi - # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED @@ -1100,8 +1085,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { helper_libtestdriver1_adjust_config "full" if [ "$driver_only" -eq 1 ]; then - # Disable ECP module (entirely) - scripts/config.py unset MBEDTLS_ECP_C # Also disable bignum scripts/config.py unset MBEDTLS_BIGNUM_C fi diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 5d2efc724d..7a7c75483a 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -295,8 +295,7 @@ def test(self, options): 'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED', 'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED', 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED', - 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED', - 'MBEDTLS_ECP_C'], + 'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED'], 'PSA_WANT_ALG_JPAKE': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'], 'PSA_WANT_ALG_RSA_OAEP': ['PSA_WANT_ALG_RSA_PSS', 'MBEDTLS_X509_RSASSA_PSS_SUPPORT'], From feb5e26619d0adac15e30e77aed57c7e23f3ebb0 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Sep 2025 18:36:39 +0200 Subject: [PATCH 0996/1548] Cleanup following the removal of MBEDTLS_ECP_DP_.*_ENABLED options Signed-off-by: Ronald Cron --- include/mbedtls/mbedtls_config.h | 2 +- library/ssl_misc.h | 6 +++--- programs/ssl/ssl_test_lib.c | 18 ++++++++-------- .../components-configuration-crypto.sh | 13 ++++++------ tests/scripts/depends.py | 21 +------------------ 5 files changed, 20 insertions(+), 40 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 828c0f38dc..b7a869ad72 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -295,7 +295,7 @@ * * Requires: PSA_WANT_ALG_JPAKE * PSA_WANT_ALG_SHA_256 - * MBEDTLS_ECP_DP_SECP256R1_ENABLED + * PSA_WANT_ECC_SECP_R1_256 * * This enables the following ciphersuites (if other requisites are * enabled as well): diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 9f7ab7f7e4..5b852bdd19 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2346,15 +2346,15 @@ static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( #if defined(PSA_WANT_ALG_SHA_256) && defined(PSA_WANT_ECC_SECP_R1_256) case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: break; -#endif /* PSA_WANT_ALG_SHA_256 && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +#endif /* PSA_WANT_ALG_SHA_256 && PSA_WANT_ECC_SECP_R1_256 */ #if defined(PSA_WANT_ALG_SHA_384) && defined(PSA_WANT_ECC_SECP_R1_384) case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: break; -#endif /* PSA_WANT_ALG_SHA_384 && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +#endif /* PSA_WANT_ALG_SHA_384 && PSA_WANT_ECC_SECP_R1_384 */ #if defined(PSA_WANT_ALG_SHA_512) && defined(PSA_WANT_ECC_SECP_R1_521) case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: break; -#endif /* PSA_WANT_ALG_SHA_512 && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ +#endif /* PSA_WANT_ALG_SHA_512 && PSA_WANT_ECC_SECP_R1_521 */ #endif /* PSA_HAVE_ALG_SOME_ECDSA */ #if defined(PSA_WANT_ALG_RSA_PSS) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 79d3059306..fcbc090500 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -470,47 +470,47 @@ static const struct { uint8_t is_supported; } tls_id_group_name_table[] = { -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521) +#if defined(PSA_WANT_ECC_SECP_R1_521) { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 1 }, #else { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 1 }, #else { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384) +#if defined(PSA_WANT_ECC_SECP_R1_384) { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 1 }, #else { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 1 }, #else { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256) +#if defined(PSA_WANT_ECC_SECP_R1_256) { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 1 }, #else { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256) +#if defined(PSA_WANT_ECC_SECP_K1_256) { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 1 }, #else { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 1 }, #else { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255) +#if defined(PSA_WANT_ECC_MONTGOMERY_255) { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 1 }, #else { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 0 }, #endif -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448) +#if defined(PSA_WANT_ECC_MONTGOMERY_448) { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 1 }, #else { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 0 }, diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 860371d6fb..ccb4a0bae3 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -433,17 +433,16 @@ component_test_everest () { component_test_everest_curve25519_only () { msg "build: Everest ECDH context, only Curve25519" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH + scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset PSA_WANT_ALG_ECDSA + scripts/config.py set PSA_WANT_ALG_ECDH scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + scripts/config.py unset PSA_WANT_ALG_JPAKE # Disable all curves - scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" - scripts/config.py -c $CRYPTO_CONFIG_H unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" - scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ECC_MONTGOMERY_255 + scripts/config.py unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" + scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 7a7c75483a..11ee5a0680 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -257,26 +257,7 @@ def test(self, options): 'PSA_WANT_ALG_CCM': ['PSA_WANT_ALG_CCM_STAR_NO_TAG'], 'PSA_WANT_ALG_CMAC': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128'], - # These reverse dependencies can be removed as part of issue - # tf-psa-crypto#364. - 'PSA_WANT_ECC_BRAINPOOL_P_R1_256': ['MBEDTLS_ECP_DP_BP256R1_ENABLED'], - 'PSA_WANT_ECC_BRAINPOOL_P_R1_384': ['MBEDTLS_ECP_DP_BP384R1_ENABLED'], - 'PSA_WANT_ECC_BRAINPOOL_P_R1_512': ['MBEDTLS_ECP_DP_BP512R1_ENABLED'], - 'PSA_WANT_ECC_MONTGOMERY_255': ['MBEDTLS_ECP_DP_CURVE25519_ENABLED'], - 'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'], - 'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE', - 'MBEDTLS_ECP_DP_SECP256R1_ENABLED'], - 'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'], - 'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'], - 'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'], - - # Support for secp224[k|r]1 was removed in tfpsacrypto#408 while - # secp192[k|r]1 were kept only for internal testing (hidden to the end - # user). We need to keep these reverse dependencies here until - # symbols are hidden/removed from crypto_config.h. - 'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'], - 'PSA_WANT_ECC_SECP_R1_224': ['MBEDTLS_ECP_DP_SECP224R1_ENABLED'], - 'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'], + 'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE'], 'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA', 'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'], From 4fe3760a27a376eada15b6fa489e4aba7afd2771 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Sep 2025 18:45:46 +0200 Subject: [PATCH 0997/1548] Cleanup following the removal of MBEDTLS_BIGNUM_C option Signed-off-by: Ronald Cron --- include/mbedtls/mbedtls_config.h | 6 +++--- tests/scripts/components-configuration-crypto.sh | 5 ----- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index b7a869ad72..b1e30ab2d2 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1043,7 +1043,7 @@ * * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_PK_PARSE_C, * MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C, - * MBEDTLS_BIGNUM_C, MBEDTLS_MD_C + * MBEDTLS_MD_C * * This module is required for the PKCS #7 parsing modules. */ @@ -1056,7 +1056,7 @@ * * Module: library/x509_create.c * - * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_PK_PARSE_C, + * Requires: MBEDTLS_ASN1_WRITE_C, MBEDTLS_PK_PARSE_C * * \warning You must call psa_crypto_init() before doing any X.509 operation. * @@ -1188,7 +1188,7 @@ * library/x509_crt.c * library/x509_csr.c * - * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_PK_PARSE_C + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_PK_PARSE_C * * \warning You must call psa_crypto_init() before doing any X.509 operation. * diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index ccb4a0bae3..28fc189d0a 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1083,11 +1083,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { # start with full config for maximum coverage (also enables USE_PSA) helper_libtestdriver1_adjust_config "full" - if [ "$driver_only" -eq 1 ]; then - # Also disable bignum - scripts/config.py unset MBEDTLS_BIGNUM_C - fi - # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED From 0009b042ac876e05092643125fec0189d6d66e1f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 30 Jul 2025 22:51:53 +0200 Subject: [PATCH 0998/1548] library: ssl: replace mbedtls_pk_can_do_ext with mbedtls_pk_can_do_psa Signed-off-by: Valerio Setti --- library/ssl_tls.c | 4 ++-- library/ssl_tls12_server.c | 6 +++--- library/ssl_tls13_server.c | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 38db9cd103..c6a119fcd2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8147,14 +8147,14 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( mbedtls_md_psa_alg_from_type(md_alg); if (sig_alg_received == MBEDTLS_SSL_SIG_ECDSA && - !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key, + !mbedtls_pk_can_do_psa(ssl->handshake->key_cert->key, PSA_ALG_ECDSA(psa_hash_alg), PSA_KEY_USAGE_SIGN_HASH)) { continue; } if (sig_alg_received == MBEDTLS_SSL_SIG_RSA && - !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key, + !mbedtls_pk_can_do_psa(ssl->handshake->key_cert->key, PSA_ALG_RSA_PKCS1V15_SIGN( psa_hash_alg), PSA_KEY_USAGE_SIGN_HASH)) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 256f1b1583..b8ee41a423 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -693,11 +693,11 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, int key_type_matches = 0; #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) key_type_matches = ((ssl->conf->f_async_sign_start != NULL || - mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage)) && - mbedtls_pk_can_do_ext(&cur->cert->pk, pk_alg, pk_usage)); + mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage)) && + mbedtls_pk_can_do_psa(&cur->cert->pk, pk_alg, pk_usage)); #else key_type_matches = ( - mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage)); + mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage)); #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ if (!key_type_matches) { MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: key type")); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index dc50bee868..2ca42f2444 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1160,7 +1160,7 @@ static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl) if (mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, &key_cert->cert->pk) && psa_alg != PSA_ALG_NONE && - mbedtls_pk_can_do_ext(&key_cert->cert->pk, psa_alg, + mbedtls_pk_can_do_psa(&key_cert->cert->pk, psa_alg, PSA_KEY_USAGE_SIGN_HASH) == 1 ) { ssl->handshake->key_cert = key_cert; From 7b2d72aaf078810436be7617817e87cadc36ce87 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 8 Sep 2025 13:36:08 +0200 Subject: [PATCH 0999/1548] ssl: replace PSA_ALG_ECDSA with MBEDTLS_PK_ALG_ECDSA When the key is parsed from PK it is assigned the pseudo-alg MBEDTLS_PK_ALG_ECDSA. Trying to run "mbedtls_pk_can_do_psa" with an hardcoded deterministc/randomized ECDSA can make the function to fail if the proper variant is not the one also used by PK. This commit fixes this problem. Signed-off-by: Valerio Setti --- library/ssl_ciphersuites.c | 2 +- library/ssl_tls.c | 2 +- library/ssl_tls13_server.c | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 39826eee66..f7aaac29ee 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -924,7 +924,7 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); + return MBEDTLS_PK_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac)); default: return PSA_ALG_NONE; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c6a119fcd2..37e4259e55 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8148,7 +8148,7 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( if (sig_alg_received == MBEDTLS_SSL_SIG_ECDSA && !mbedtls_pk_can_do_psa(ssl->handshake->key_cert->key, - PSA_ALG_ECDSA(psa_hash_alg), + MBEDTLS_PK_ALG_ECDSA(psa_hash_alg), PSA_KEY_USAGE_SIGN_HASH)) { continue; } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 2ca42f2444..8b60a7b30e 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1076,11 +1076,11 @@ static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg(uint16_t sig_alg) { switch (sig_alg) { case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: - return PSA_ALG_ECDSA(PSA_ALG_SHA_256); + return MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_256); case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: - return PSA_ALG_ECDSA(PSA_ALG_SHA_384); + return MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_384); case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: - return PSA_ALG_ECDSA(PSA_ALG_SHA_512); + return MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_512); case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: return PSA_ALG_RSA_PSS(PSA_ALG_SHA_256); case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: From bc611fe44c8fd262359220ad8d838b57c05327fc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 8 Sep 2025 13:41:58 +0200 Subject: [PATCH 1000/1548] [tls12|tls13]_server: fix usage being checked on the certificate key Signed-off-by: Valerio Setti --- library/ssl_tls12_server.c | 3 ++- library/ssl_tls13_server.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index b8ee41a423..07641cb3e8 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -694,7 +694,8 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) key_type_matches = ((ssl->conf->f_async_sign_start != NULL || mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage)) && - mbedtls_pk_can_do_psa(&cur->cert->pk, pk_alg, pk_usage)); + mbedtls_pk_can_do_psa(&cur->cert->pk, pk_alg, + PSA_KEY_USAGE_VERIFY_HASH)); #else key_type_matches = ( mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage)); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 8b60a7b30e..982e6f8c3b 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1161,7 +1161,7 @@ static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl) *sig_alg, &key_cert->cert->pk) && psa_alg != PSA_ALG_NONE && mbedtls_pk_can_do_psa(&key_cert->cert->pk, psa_alg, - PSA_KEY_USAGE_SIGN_HASH) == 1 + PSA_KEY_USAGE_VERIFY_HASH) == 1 ) { ssl->handshake->key_cert = key_cert; MBEDTLS_SSL_DEBUG_MSG(3, From 91c0945def55514d6930bd4d255405796c2134e6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 8 Sep 2025 13:45:28 +0200 Subject: [PATCH 1001/1548] tests: fix alg and usage for some ECDHE-ECDSA opaque key tests Signed-off-by: Valerio Setti --- programs/ssl/ssl_test_lib.c | 4 ++-- tests/suites/test_suite_ssl.data | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 79d3059306..a84bf24dc1 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -242,7 +242,7 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_512); *usage |= PSA_KEY_USAGE_SIGN_HASH; } else if (strcmp(algs[i], "ecdsa-sign") == 0) { - *psa_algs[i] = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); + *psa_algs[i] = MBEDTLS_PK_ALG_ECDSA(PSA_ALG_ANY_HASH); *usage |= PSA_KEY_USAGE_SIGN_HASH; } else if (strcmp(algs[i], "ecdh") == 0) { *psa_algs[i] = PSA_ALG_ECDH; @@ -253,7 +253,7 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, } } else { if (key_type == MBEDTLS_PK_ECKEY) { - *psa_alg1 = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); + *psa_alg1 = MBEDTLS_PK_ALG_ECDSA(PSA_ALG_ANY_HASH); *psa_alg2 = PSA_ALG_ECDH; *usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE; } else if (key_type == MBEDTLS_PK_RSA) { diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 6c5e718c60..41416a67c4 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -457,11 +457,11 @@ handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM +handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM +handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH From e2aed3a6dfec889fcdf708c08e69a88e68e7c1dc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Sep 2025 10:27:03 +0200 Subject: [PATCH 1002/1548] tests: revert changes to test_suite_ssl.data Revert changes previously done at following test cases: - Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH - Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256 Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 41416a67c4..4254208946 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -457,11 +457,11 @@ handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM +handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM +handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":MBEDTLS_PK_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH From 710869bd340178f3e9ec805310f88a4bb6ff4b69 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 Sep 2025 16:24:17 +0200 Subject: [PATCH 1003/1548] Update framework to the merge of main and main-restricted Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index d0d817541a..82a7962c5f 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit d0d817541ae3f449b8cd51afc165668179659699 +Subproject commit 82a7962c5f7cbe6e8a60c239cbb477ee06f94182 From 3091e40774837dfc25d475dce7a281296535d51e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 17 Sep 2025 16:02:09 +0200 Subject: [PATCH 1004/1548] Remove usage of old crypto options in public headers The remaining occurences were related to dead code. Signed-off-by: Ronald Cron --- include/mbedtls/debug.h | 10 ---------- include/mbedtls/x509.h | 4 ---- library/debug_internal.h | 4 +--- 3 files changed, 1 insertion(+), 17 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index c293e87315..bdfc597e0c 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -14,10 +14,6 @@ #include "mbedtls/ssl.h" -#if defined(MBEDTLS_ECP_C) -#include "mbedtls/private/ecp.h" -#endif - #if defined(MBEDTLS_DEBUG_C) #define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__ @@ -32,11 +28,6 @@ #define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) \ mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len) -#if defined(MBEDTLS_BIGNUM_C) -#define MBEDTLS_SSL_DEBUG_MPI(level, text, X) \ - mbedtls_debug_print_mpi(ssl, level, __FILE__, __LINE__, text, X) -#endif - #if defined(MBEDTLS_X509_CRT_PARSE_C) #if !defined(MBEDTLS_X509_REMOVE_INFO) #define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \ @@ -51,7 +42,6 @@ #define MBEDTLS_SSL_DEBUG_MSG(level, args) do { } while (0) #define MBEDTLS_SSL_DEBUG_RET(level, text, ret) do { } while (0) #define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) do { } while (0) -#define MBEDTLS_SSL_DEBUG_MPI(level, text, X) do { } while (0) #define MBEDTLS_SSL_DEBUG_ECP(level, text, X) do { } while (0) #define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index f76928aa10..8b6a1daee5 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -16,10 +16,6 @@ #include "mbedtls/asn1.h" #include "mbedtls/pk.h" -#if defined(MBEDTLS_RSA_C) -#include "mbedtls/private/rsa.h" -#endif - /** * \addtogroup x509_module * \{ diff --git a/library/debug_internal.h b/library/debug_internal.h index 3ffcee12bc..79a4c4540c 100644 --- a/library/debug_internal.h +++ b/library/debug_internal.h @@ -73,9 +73,7 @@ void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, #if defined(MBEDTLS_BIGNUM_C) /** - * \brief Print a MPI variable to the debug output. This function is always - * used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the - * ssl context, file and line number parameters. + * \brief Print a MPI variable to the debug output. * * \param ssl SSL context * \param level error level of the debug message From 2fe29ab54155b370db0fcb88660c223d9b3b0ce1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 17 Sep 2025 18:37:54 +0200 Subject: [PATCH 1005/1548] Update submodules to the merge of the merge PR Signed-off-by: Gilles Peskine --- framework | 2 +- tf-psa-crypto | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/framework b/framework index 82a7962c5f..4f962bfcb3 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 82a7962c5f7cbe6e8a60c239cbb477ee06f94182 +Subproject commit 4f962bfcb30f565e7c995366b13fc8ec6194a0d2 diff --git a/tf-psa-crypto b/tf-psa-crypto index ed6f6b5b0b..a0cb5a0ffa 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit ed6f6b5b0bc72eb789ee62cd7ac87bbf953e0685 +Subproject commit a0cb5a0ffa4cf506f01a797ffce555c5c2e49500 From ff5d117df8a93b0204b4a5b22e85d12c3da31ace Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 17 Sep 2025 21:18:39 +0200 Subject: [PATCH 1006/1548] Increment config version for the new product major version Since we're making incompatible changes to the configuration, we really should advance the configuration version. Signed-off-by: Gilles Peskine --- include/mbedtls/build_info.h | 2 +- include/mbedtls/mbedtls_config.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index b46db36d1f..e40482a99a 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -54,7 +54,7 @@ #endif #if defined(MBEDTLS_CONFIG_VERSION) && ( \ - MBEDTLS_CONFIG_VERSION < 0x03000000 || \ + MBEDTLS_CONFIG_VERSION < 0x04000000 || \ MBEDTLS_CONFIG_VERSION > MBEDTLS_VERSION_NUMBER) #error "Invalid config version, defined value of MBEDTLS_CONFIG_VERSION is unsupported" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index f11bcb3fb0..35a3511ffe 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -19,7 +19,7 @@ * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that * introduced the config format we want to be compatible with. */ -//#define MBEDTLS_CONFIG_VERSION 0x03000000 +//#define MBEDTLS_CONFIG_VERSION 0x04000000 /** * \name SECTION: Platform abstraction layer From 67f54d2213171db8028136a8d13d6b4d72bc3370 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 19 Sep 2025 10:52:35 +0200 Subject: [PATCH 1007/1548] Have the definition of MBEDTLS_CONFIG_VERSION uncommented by default Checking through the history in https://github.com/Mbed-TLS/mbedtls/pull/4589, this seems to have been what we intended from the start. But we couldn't do it yet because the library version was still 2.x while the config version was already 3.0, so we temporarily commented out the definition in 1cafe5ce20c54e68a4de0f85bd4bc844e3798198. But then we forgot to uncomment it during the release since it wasn't part of any process. Thinking about it independently of the history, I think it makes more sense to have it uncommented by default. That way, if someone copies the config from a given version and then keeps it around, they'll get the compatibility mode for that version. Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index bffae6da50..ad843c70c3 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -19,7 +19,7 @@ * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that * introduced the config format we want to be compatible with. */ -//#define MBEDTLS_CONFIG_VERSION 0x04000000 +#define MBEDTLS_CONFIG_VERSION 0x04000000 /** * \name SECTION: Platform abstraction layer From ff6306655b3e3cc1f1b5cd7bed102e5dd6cc10b1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 31 Jul 2025 21:53:41 +0200 Subject: [PATCH 1008/1548] Update submodules with config_checks_generator.py * Update framework with `config_checks_generator.py`. * Update crypto with the files generated by `generate_config_checks.py`. Signed-off-by: Gilles Peskine --- framework | 2 +- tf-psa-crypto | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/framework b/framework index 820a16cca7..92f5d45b22 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 820a16cca705c6842a5a79332c6d40644008c814 +Subproject commit 92f5d45b2293363952bdbe28a7b2fcfe4a0d163a diff --git a/tf-psa-crypto b/tf-psa-crypto index 4cc5bb4295..9a43f3fe86 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 4cc5bb429554ba14e36163ff3a82bf53766f7e24 +Subproject commit 9a43f3fe868ef6da5a312a3da076b9595e02a75e From 3374f6e90bec9d060f038208e04f2ffabe215993 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 31 Jul 2025 21:09:39 +0200 Subject: [PATCH 1009/1548] Generate checks for bad options in the config file Just a proof-of-concept for now. Interesting checks will come later. Signed-off-by: Gilles Peskine --- scripts/generate_config_checks.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100755 scripts/generate_config_checks.py diff --git a/scripts/generate_config_checks.py b/scripts/generate_config_checks.py new file mode 100755 index 0000000000..b0dc26b191 --- /dev/null +++ b/scripts/generate_config_checks.py @@ -0,0 +1,21 @@ +#!/usr/bin/env python3 + +"""Generate C preprocessor code to check for bad configurations. +""" + +import framework_scripts_path # pylint: disable=unused-import +from mbedtls_framework.config_checks_generator import * \ + #pylint: disable=wildcard-import,unused-wildcard-import + +MBEDTLS_CHECKS = BranchData( + header_directory='library', + header_prefix='mbedtls_', + project_cpp_prefix='MBEDTLS', + checkers=[ + Removed('MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', 'Mbed TLS 4.0'), + Removed('MBEDTLS_PADLOCK_C', 'Mbed TLS 4.0'), + ], +) + +if __name__ == '__main__': + main(MBEDTLS_CHECKS) From b53b443f8ec1a391039109fddc8d3e0d34f07a0b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 31 Jul 2025 21:50:35 +0200 Subject: [PATCH 1010/1548] Register generate_config_files.py outputs as generated files Signed-off-by: Gilles Peskine --- library/.gitignore | 3 +++ library/CMakeLists.txt | 34 ++++++++++++++++++++++++++++++++++ library/Makefile | 13 +++++++++++++ 3 files changed, 50 insertions(+) diff --git a/library/.gitignore b/library/.gitignore index 9794129d94..92a33de2bc 100644 --- a/library/.gitignore +++ b/library/.gitignore @@ -4,6 +4,9 @@ libmbed* ###START_GENERATED_FILES### /error.c +/mbedtls_config_check_before.h +/mbedtls_config_check_final.h +/mbedtls_config_check_user.h /version_features.c /ssl_debug_helpers_generated.c ###END_GENERATED_FILES### diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 5b8dc80b53..b31d2ea70e 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -73,6 +73,39 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/version_features.fmt ) + execute_process( + COMMAND + ${MBEDTLS_PYTHON_EXECUTABLE} + ${MBEDTLS_DIR}/scripts/generate_config_checks.py + --list "" + WORKING_DIRECTORY + ${CMAKE_CURRENT_SOURCE_DIR}/.. + OUTPUT_VARIABLE + MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS) + # Turn newline-terminated non-empty list into semicolon-separated list. + string(REPLACE "\n" ";" + MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS "${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS}") + string(REGEX REPLACE ";\$" "" + MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS "${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS}") + # Prepend the binary dir to all element of MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS, + # using features that exist in CMake 3.5.1. + string(REPLACE ";" ";${CMAKE_CURRENT_BINARY_DIR}/" + MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS + "${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS}") + set(MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS + "${CMAKE_CURRENT_BINARY_DIR}/${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS}") + + add_custom_command( + OUTPUT ${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS} + COMMAND + ${MBEDTLS_PYTHON_EXECUTABLE} + ${MBEDTLS_DIR}/scripts/generate_config_checks.py + ${CMAKE_CURRENT_BINARY_DIR} + DEPENDS + ${MBEDTLS_DIR}/scripts/generate_config_checks.py + ${MBEDTLS_FRAMEWORK_DIR}/scripts/mbedtls_framework/config_checks_generator.py + ) + add_custom_command( OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c @@ -89,6 +122,7 @@ if(GEN_FILES) add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/error.c + ${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS} ) add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target diff --git a/library/Makefile b/library/Makefile index f8729344b4..f3667ba307 100644 --- a/library/Makefile +++ b/library/Makefile @@ -5,7 +5,12 @@ endif TF_PSA_CRYPTO_CORE_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/core TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src +# List the generated files without running a script, so that this +# works with no tooling dependencies when GEN_FILES is disabled. GENERATED_FILES := \ + mbedtls_config_check_before.h \ + mbedtls_config_check_final.h \ + mbedtls_config_check_user.h \ error.c \ version_features.c \ ssl_debug_helpers_generated.c \ @@ -326,6 +331,14 @@ $(GENERATED_WRAPPER_FILES): $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o:$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h +GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) ../scripts/generate_config_checks.py --list .) +$(GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \ + $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ + ../framework/scripts/mbedtls_framework/config_checks_generator.py +$(GENERATED_CONFIG_CHECK_FILES): + echo " Gen $(GENERATED_CONFIG_CHECK_FILES)" + $(PYTHON) ../scripts/generate_config_checks.py + clean: ifndef WINDOWS rm -f *.o *.s libmbed* From 67b115cfda5fe3e2e221c58d86ed40623f6634f9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 31 Jul 2025 21:50:45 +0200 Subject: [PATCH 1011/1548] Register crypto's generate_config_files.py outputs as generated files Mbed TLS needs to know the generated files of TF-PSA-Crypto. There's no mechanism for TF-PSA-Crypto to declare them. Signed-off-by: Gilles Peskine --- library/Makefile | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/library/Makefile b/library/Makefile index f3667ba307..21f85b67d9 100644 --- a/library/Makefile +++ b/library/Makefile @@ -13,9 +13,16 @@ GENERATED_FILES := \ mbedtls_config_check_user.h \ error.c \ version_features.c \ - ssl_debug_helpers_generated.c \ + ssl_debug_helpers_generated.c + +# Also list the generated files from crypto that are needed in the build, +# because we don't have the list in a consumable form. +GENERATED_FILES += \ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c + $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c \ + $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_before.h \ + $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_final.h \ + $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_user.h ifneq ($(GENERATED_FILES),$(wildcard $(GENERATED_FILES))) ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make)) @@ -339,6 +346,16 @@ $(GENERATED_CONFIG_CHECK_FILES): echo " Gen $(GENERATED_CONFIG_CHECK_FILES)" $(PYTHON) ../scripts/generate_config_checks.py +TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) \ + $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ + --list $(TF_PSA_CRYPTO_CORE_PATH)) +$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \ + ../scripts/generate_config_checks.py \ + ../framework/scripts/mbedtls_framework/config_checks_generator.py +$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): + echo " Gen $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES)" + $(PYTHON) $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py + clean: ifndef WINDOWS rm -f *.o *.s libmbed* From 6712f1b6af19da1b0c39f59aed772c50cfb80b50 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 15 Sep 2025 20:09:37 +0200 Subject: [PATCH 1012/1548] Use --list-for-cmake with generate_config_checks.py Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index b31d2ea70e..063703bfe8 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -77,23 +77,11 @@ if(GEN_FILES) COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${MBEDTLS_DIR}/scripts/generate_config_checks.py - --list "" + --list-for-cmake "${CMAKE_CURRENT_BINARY_DIR}" WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/.. OUTPUT_VARIABLE MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS) - # Turn newline-terminated non-empty list into semicolon-separated list. - string(REPLACE "\n" ";" - MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS "${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS}") - string(REGEX REPLACE ";\$" "" - MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS "${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS}") - # Prepend the binary dir to all element of MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS, - # using features that exist in CMake 3.5.1. - string(REPLACE ";" ";${CMAKE_CURRENT_BINARY_DIR}/" - MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS - "${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS}") - set(MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS - "${CMAKE_CURRENT_BINARY_DIR}/${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS}") add_custom_command( OUTPUT ${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS} From 62491a93273b1ba0379e3aba4840fe7f94d0d512 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 8 Sep 2025 11:38:30 +0100 Subject: [PATCH 1013/1548] Revert changes to config.py after dependencies have been merged Signed-off-by: Ben Taylor --- scripts/config.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index 175b73cf7f..45561df78c 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -94,10 +94,8 @@ def realfull_adapter(_name, _value, _active): 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # interface and behavior change 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) 'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS - 'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT 'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT - 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # setting *_USE_ARMV8_A_CRYPTO is sufficient 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) 'MBEDTLS_X509_REMOVE_INFO', # removes a feature @@ -163,7 +161,6 @@ def full_adapter(name, value, active): 'MBEDTLS_THREADING_C', # requires a threading interface 'MBEDTLS_THREADING_PTHREAD', # requires pthread 'MBEDTLS_TIMING_C', # requires a clock - 'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection 'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection 'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection ]) From fec1c002d525f5e1cce1ff25245d55ab5f46663b Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 9 Sep 2025 08:17:59 +0100 Subject: [PATCH 1014/1548] Revert changes to analyze outcomes after dependencies have been merged Signed-off-by: Ben Taylor --- tests/scripts/analyze_outcomes.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 88c450fc86..d5843f867e 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -132,8 +132,6 @@ def _has_word_re(words: typing.Iterable[str], # MBEDTLS_PSA_CRYPTO_SPM as enabled. That's ok. 'Config: MBEDTLS_PSA_CRYPTO_SPM', # We don't test on armv8 yet. - 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', - 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', 'Config: MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', 'Config: MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # We don't run test_suite_config when we test this. From 8df65636fd47d0748faa2fdc41e9e7412067abaa Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Sep 2025 11:44:00 +0200 Subject: [PATCH 1015/1548] Clarify target name for library generated files The target mbedtls_generated_files_target could be misinterpreted as the target covering all project generated files, but it does not. It is specifically the target for files generated to build the mbedtls library. Rename it to libmbedtls_generated_files_target and align x509. Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 063703bfe8..4f9da39f54 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -107,13 +107,13 @@ if(GEN_FILES) ${tls_error_headers} ) - add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target + add_custom_target(${MBEDTLS_TARGET_PREFIX}libmbedx509_generated_files_target DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/error.c ${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS} ) - add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target + add_custom_target(${MBEDTLS_TARGET_PREFIX}libmbedtls_generated_files_target DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c ${CMAKE_CURRENT_BINARY_DIR}/version_features.c @@ -198,9 +198,9 @@ if(USE_STATIC_MBEDTLS_LIBRARY) if(GEN_FILES) add_dependencies(${mbedx509_static_target} - ${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target) + ${MBEDTLS_TARGET_PREFIX}libmbedx509_generated_files_target) add_dependencies(${mbedtls_static_target} - ${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target) + ${MBEDTLS_TARGET_PREFIX}libmbedtls_generated_files_target) endif() endif(USE_STATIC_MBEDTLS_LIBRARY) @@ -219,9 +219,9 @@ if(USE_SHARED_MBEDTLS_LIBRARY) if(GEN_FILES) add_dependencies(${mbedx509_target} - ${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target) + ${MBEDTLS_TARGET_PREFIX}libmbedx509_generated_files_target) add_dependencies(${mbedtls_target} - ${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target) + ${MBEDTLS_TARGET_PREFIX}libmbedtls_generated_files_target) endif() endif(USE_SHARED_MBEDTLS_LIBRARY) From 879cba1a67d01317422870ff736057ca2d23247f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 18 Sep 2025 16:55:11 +0200 Subject: [PATCH 1016/1548] cmake: Introduce version and soversion variables Signed-off-by: Ronald Cron --- CMakeLists.txt | 9 +++++++-- library/CMakeLists.txt | 4 ++-- scripts/bump_version.sh | 24 ++++++++++-------------- 3 files changed, 19 insertions(+), 18 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 12ddc2738d..659fd50885 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -37,15 +37,20 @@ cmake_policy(SET CMP0011 NEW) # is deprecated and will be removed in future versions. cmake_policy(SET CMP0012 NEW) +set(MBEDTLS_VERSION 4.0.0) +set(MBEDTLS_CRYPTO_SOVERSION 17) +set(MBEDTLS_X509_SOVERSION 8) +set(MBEDTLS_TLS_SOVERSION 22) + if(TEST_CPP) project("Mbed TLS" LANGUAGES C CXX - VERSION 4.0.0 + VERSION ${MBEDTLS_VERSION} ) else() project("Mbed TLS" LANGUAGES C - VERSION 4.0.0 + VERSION ${MBEDTLS_VERSION} ) endif() diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 4f9da39f54..59e175bb0a 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -208,13 +208,13 @@ if(USE_SHARED_MBEDTLS_LIBRARY) add_library(${mbedx509_target} SHARED ${src_x509}) set_base_compile_options(${mbedx509_target}) target_compile_options(${mbedx509_target} PRIVATE ${LIBS_C_FLAGS}) - set_target_properties(${mbedx509_target} PROPERTIES VERSION 4.0.0 SOVERSION 8) + set_target_properties(${mbedx509_target} PROPERTIES VERSION ${MBEDTLS_VERSION} SOVERSION ${MBEDTLS_X509_SOVERSION}) target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${tfpsacrypto_target}) add_library(${mbedtls_target} SHARED ${src_tls}) set_base_compile_options(${mbedtls_target}) target_compile_options(${mbedtls_target} PRIVATE ${LIBS_C_FLAGS}) - set_target_properties(${mbedtls_target} PROPERTIES VERSION 4.0.0 SOVERSION 21) + set_target_properties(${mbedtls_target} PROPERTIES VERSION ${MBEDTLS_VERSION} SOVERSION ${MBEDTLS_TLS_SOVERSION}) target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) if(GEN_FILES) diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index 86ed74eada..a15bb9649b 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -70,18 +70,14 @@ then fi [ $VERBOSE ] && echo "Bumping VERSION in CMakeLists.txt" -sed -e "s/ VERSION [0-9.]\{1,\}/ VERSION $VERSION/g" < CMakeLists.txt > tmp +sed -e "s/(MBEDTLS_VERSION [0-9.]\{1,\})/(MBEDTLS_VERSION $VERSION)/g" < CMakeLists.txt > tmp mv tmp CMakeLists.txt -[ $VERBOSE ] && echo "Bumping VERSION in library/CMakeLists.txt" -sed -e "s/ VERSION [0-9.]\{1,\}/ VERSION $VERSION/g" < library/CMakeLists.txt > tmp -mv tmp library/CMakeLists.txt - if [ "X" != "X$SO_CRYPTO" ]; then - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedcrypto in library/CMakeLists.txt" - sed -e "/mbedcrypto/ s/ SOVERSION [0-9]\{1,\}/ SOVERSION $SO_CRYPTO/g" < library/CMakeLists.txt > tmp - mv tmp library/CMakeLists.txt + [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedcrypto in CMakeLists.txt" + sed -e "s/(MBEDTLS_CRYPTO_SOVERSION [0-9]\{1,\})/(MBEDTLS_CRYPTO_SOVERSION $SO_CRYPTO)/g" < CMakeLists.txt > tmp + mv tmp CMakeLists.txt [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedcrypto in library/Makefile" sed -e "s/SOEXT_CRYPTO?=so.[0-9]\{1,\}/SOEXT_CRYPTO?=so.$SO_CRYPTO/g" < library/Makefile > tmp @@ -90,9 +86,9 @@ fi if [ "X" != "X$SO_X509" ]; then - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedx509 in library/CMakeLists.txt" - sed -e "/mbedx509/ s/ SOVERSION [0-9]\{1,\}/ SOVERSION $SO_X509/g" < library/CMakeLists.txt > tmp - mv tmp library/CMakeLists.txt + [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedx509 in CMakeLists.txt" + sed -e "s/(MBEDTLS_X509_SOVERSION [0-9]\{1,\})/(MBEDTLS_X509_SOVERSION $SO_X509)/g" < CMakeLists.txt > tmp + mv tmp CMakeLists.txt [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedx509 in library/Makefile" sed -e "s/SOEXT_X509?=so.[0-9]\{1,\}/SOEXT_X509?=so.$SO_X509/g" < library/Makefile > tmp @@ -101,9 +97,9 @@ fi if [ "X" != "X$SO_TLS" ]; then - [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedtls in library/CMakeLists.txt" - sed -e "/mbedtls/ s/ SOVERSION [0-9]\{1,\}/ SOVERSION $SO_TLS/g" < library/CMakeLists.txt > tmp - mv tmp library/CMakeLists.txt + [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedtls in CMakeLists.txt" + sed -e "s/(MBEDTLS_TLS_SOVERSION [0-9]\{1,\})/(MBEDTLS_TLS_SOVERSION $SO_TLS)/g" < CMakeLists.txt > tmp + mv tmp CMakeLists.txt [ $VERBOSE ] && echo "Bumping SOVERSION for libmbedtls in library/Makefile" sed -e "s/SOEXT_TLS?=so.[0-9]\{1,\}/SOEXT_TLS?=so.$SO_TLS/g" < library/Makefile > tmp From c09a84e2852ab7343df79de054f5b4c3f5dd3481 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Sep 2025 14:34:56 +0200 Subject: [PATCH 1017/1548] cmake: library: Rework and improve the copy of the crypto libraries Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 57 +++++++++++++++++++++++++++++++----------- 1 file changed, 42 insertions(+), 15 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 59e175bb0a..231e74e018 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -259,22 +259,49 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) get_target_property(target_type ${target} TYPE) if (target_type STREQUAL STATIC_LIBRARY) add_custom_command( - TARGET ${mbedtls_target} - POST_BUILD - COMMAND ${CMAKE_COMMAND} - ARGS -E copy $ ${CMAKE_BINARY_DIR}/library) + TARGET ${mbedtls_target} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy_if_different + $ + $ + ) else() + # Copy the crypto shared library from tf-psa-crypto: + # - ".so." on Unix + # - ".dylib" on macOS + # - ".dll" on Windows + # The full path to the file is given by $. + # + # On systems that use .so versioning, also create the symbolic links + # ".so." and ".so", which correspond to + # $ and $, + # respectively. + # + # On Windows, also copy the ".lib" file, whose full path is + # $. + add_custom_command( - TARGET ${mbedtls_target} - POST_BUILD - COMMAND ${CMAKE_COMMAND} - ARGS -E copy $ - ${CMAKE_BINARY_DIR}/library/$) - add_custom_command( - TARGET ${mbedtls_target} - POST_BUILD - COMMAND ${CMAKE_COMMAND} - ARGS -E copy $ - ${CMAKE_BINARY_DIR}/library/$) + TARGET ${mbedtls_target} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy_if_different + $ + $ + ) + if(WIN32 AND NOT CYGWIN) + add_custom_command( + TARGET ${mbedtls_target} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy_if_different + $ + $ + ) + else() + add_custom_command( + TARGET ${mbedtls_target} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E create_symlink + $ + $ + COMMAND ${CMAKE_COMMAND} -E create_symlink + $ + $ + ) + endif() endif() endforeach(target) From 466a1a29d9934a55fd293b05ac8bc0040c44a5aa Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Sep 2025 15:27:41 +0200 Subject: [PATCH 1018/1548] cmake: Provide the crypto libs under their historical name Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 38 ++++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 231e74e018..45e6f64ab2 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -263,6 +263,9 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) COMMAND ${CMAKE_COMMAND} -E copy_if_different $ $ + COMMAND ${CMAKE_COMMAND} -E copy_if_different + $ + "libmbedcrypto.a" ) else() # Copy the crypto shared library from tf-psa-crypto: @@ -278,20 +281,38 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) # # On Windows, also copy the ".lib" file, whose full path is # $. - + # + # Provide also the crypto libraries under their historical names: + # "libmbedcrypto.*" add_custom_command( TARGET ${mbedtls_target} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different $ $ ) - if(WIN32 AND NOT CYGWIN) + if(APPLE) + add_custom_command( + TARGET ${mbedtls_target} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E create_symlink + $ + libmbedcrypto.dylib + ) + elseif(WIN32 AND NOT CYGWIN) + add_custom_command( + TARGET ${mbedtls_target} POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy_if_different + $ + libmbedcrypto.dll + ) add_custom_command( TARGET ${mbedtls_target} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different $ $ - ) + COMMAND ${CMAKE_COMMAND} -E copy_if_different + $ + libmbedcrypto.lib + ) else() add_custom_command( TARGET ${mbedtls_target} POST_BUILD @@ -301,7 +322,16 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) COMMAND ${CMAKE_COMMAND} -E create_symlink $ $ - ) + COMMAND ${CMAKE_COMMAND} -E create_symlink + $ + libmbedcrypto.so.${MBEDTLS_VERSION} + COMMAND ${CMAKE_COMMAND} -E create_symlink + libmbedcrypto.so.${MBEDTLS_VERSION} + libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION} + COMMAND ${CMAKE_COMMAND} -E create_symlink + libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION} + libmbedcrypto.so + ) endif() endif() endforeach(target) From a33b371f36f9e271ff40f272a0a2346a5add8ee5 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 22 Sep 2025 14:21:16 +0200 Subject: [PATCH 1019/1548] programs/tests/dlopen.c: Prioritize libtfpsacrypto.so Prioritize libtfpsacrypto.so over libmbedcrypto.so as the crypto library to load to be sure we test the loading of libtfpsacrypto.so. Signed-off-by: Ronald Cron --- programs/test/dlopen.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index 58a6af52e7..2a67635f0d 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -84,13 +84,13 @@ int main(void) #if defined(MBEDTLS_MD_C) const char *crypto_so_filename = NULL; - void *crypto_so = dlopen(MBEDCRYPTO_SO_FILENAME, RTLD_NOW); + void *crypto_so = dlopen(TFPSACRYPTO_SO_FILENAME, RTLD_NOW); if (dlerror() == NULL) { - crypto_so_filename = MBEDCRYPTO_SO_FILENAME; - } else { - crypto_so = dlopen(TFPSACRYPTO_SO_FILENAME, RTLD_NOW); - CHECK_DLERROR("dlopen", TFPSACRYPTO_SO_FILENAME); crypto_so_filename = TFPSACRYPTO_SO_FILENAME; + } else { + crypto_so = dlopen(MBEDCRYPTO_SO_FILENAME, RTLD_NOW); + CHECK_DLERROR("dlopen", MBEDCRYPTO_SO_FILENAME); + crypto_so_filename = MBEDCRYPTO_SO_FILENAME; } #pragma GCC diagnostic push /* dlsym() returns an object pointer which is meant to be used as a From 35d59c6cb62c665a87f99138f318961fb1d7a38f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Sep 2025 17:16:01 +0200 Subject: [PATCH 1020/1548] cmake: Install libmbedcrypto.* libraries Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 32 ++++++++++++++++++- .../test/cmake_package_install/CMakeLists.txt | 1 + tests/scripts/components-build-system.sh | 10 ++++++ 3 files changed, 42 insertions(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 45e6f64ab2..0cc654d35e 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -267,6 +267,10 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) $ "libmbedcrypto.a" ) + install(FILES $ + DESTINATION ${CMAKE_INSTALL_LIBDIR} + RENAME "libmbedcrypto.a" + ) else() # Copy the crypto shared library from tf-psa-crypto: # - ".so." on Unix @@ -296,7 +300,11 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) COMMAND ${CMAKE_COMMAND} -E create_symlink $ libmbedcrypto.dylib - ) + ) + install(FILES $ + DESTINATION ${CMAKE_INSTALL_LIBDIR} + RENAME "libmbedcrypto.dylib" + ) elseif(WIN32 AND NOT CYGWIN) add_custom_command( TARGET ${mbedtls_target} POST_BUILD @@ -313,6 +321,14 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) $ libmbedcrypto.lib ) + install(FILES $ + DESTINATION ${CMAKE_INSTALL_BINDIR} + RENAME "libmbedcrypto.dll" + ) + install(FILES $ + DESTINATION ${CMAKE_INSTALL_LIBDIR} + RENAME "libmbedcrypto.lib" + ) else() add_custom_command( TARGET ${mbedtls_target} POST_BUILD @@ -332,6 +348,20 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION} libmbedcrypto.so ) + install(FILES $ + DESTINATION ${CMAKE_INSTALL_LIBDIR} + RENAME "libmbedcrypto.so.${MBEDTLS_VERSION}" + ) + install(CODE " + set(_libdir \"\${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}\") + + execute_process(COMMAND \"\${CMAKE_COMMAND}\" -E create_symlink + \"libmbedcrypto.so.${MBEDTLS_VERSION}\" + \${_libdir}/libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION}) + execute_process(COMMAND \"\${CMAKE_COMMAND}\" -E create_symlink + \"libmbedcrypto.so.${MBEDTLS_CRYPTO_SOVERSION}\" + \${_libdir}/libmbedcrypto.so) + ") endif() endif() endforeach(target) diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt index 60a4481e48..723538f7f7 100644 --- a/programs/test/cmake_package_install/CMakeLists.txt +++ b/programs/test/cmake_package_install/CMakeLists.txt @@ -17,6 +17,7 @@ execute_process( "-DENABLE_TESTING=NO" # Turn on generated files explicitly in case this is a release "-DGEN_FILES=ON" + "-DUSE_SHARED_MBEDTLS_LIBRARY=ON" "-DCMAKE_INSTALL_PREFIX=${MbedTLS_INSTALL_DIR}") execute_process( diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh index e533cdf0f9..9a277e3c56 100644 --- a/tests/scripts/components-build-system.sh +++ b/tests/scripts/components-build-system.sh @@ -138,6 +138,16 @@ component_test_cmake_as_package_install () { cd programs/test/cmake_package_install cmake . make + + if ! cmp -s "mbedtls/lib/libtfpsacrypto.a" "mbedtls/lib/libmbedcrypto.a"; then + echo "Error: Crypto static libraries are different or one of them is missing/unreadable." >&2 + exit 1 + fi + if ! cmp -s "mbedtls/lib/libtfpsacrypto.so" "mbedtls/lib/libmbedcrypto.so"; then + echo "Error: Crypto shared libraries are different or one of them is missing/unreadable." >&2 + exit 1 + fi + ./cmake_package_install } From d57a0985ab762846b024814a0f43eebab678798e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Sep 2025 15:51:35 +0200 Subject: [PATCH 1021/1548] Add dependency of tf_psa_crypto_config on generated config check headers Fix the build of libtfpsacrypto when generated files are not already present. Signed-off-by: Gilles Peskine --- library/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/Makefile b/library/Makefile index 21f85b67d9..a0b6d6eb1d 100644 --- a/library/Makefile +++ b/library/Makefile @@ -356,6 +356,8 @@ $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): echo " Gen $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES)" $(PYTHON) $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py +$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config.o: $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES) + clean: ifndef WINDOWS rm -f *.o *.s libmbed* From 9da0dce84557c2464ece6a3f452658b41c80b0eb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Sep 2025 15:55:10 +0200 Subject: [PATCH 1022/1548] Bypass config checks when setting a low-level option directly Signed-off-by: Gilles Peskine --- tests/scripts/components-configuration-crypto.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 28fc189d0a..0aeaa673df 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2436,7 +2436,10 @@ component_test_xts () { # supported through the PSA API. msg "build: Default + MBEDTLS_CIPHER_MODE_XTS" - echo "#define MBEDTLS_CIPHER_MODE_XTS" > psa_user_config.h + cat <<'EOF' >psa_user_config.h +#define MBEDTLS_CIPHER_MODE_XTS +#define TF_PSA_CRYPTO_CONFIG_CHECK_BYPASS +EOF cmake -DTF_PSA_CRYPTO_USER_CONFIG_FILE="psa_user_config.h" make From 9a05bb901adf62280194bd82922d2cda9d00fa9d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 2 Sep 2025 14:43:01 +0200 Subject: [PATCH 1023/1548] Update framework Signed-off-by: Ronald Cron --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 92f5d45b22..59d77ef052 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 92f5d45b2293363952bdbe28a7b2fcfe4a0d163a +Subproject commit 59d77ef0528f368b7c8cc39870fef6adab5241db From bb02ec121ea97b6cd71599021cc712b10deb500f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 28 Aug 2025 14:43:59 +0200 Subject: [PATCH 1024/1548] Prepare abi_check.py to scripts/legacy.make Signed-off-by: Ronald Cron --- scripts/abi_check.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index 542136305b..243e6fc482 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -233,8 +233,14 @@ def _build_shared_libraries(self, git_worktree_path, version): my_environment["SHARED"] = "1" if os.path.exists(os.path.join(git_worktree_path, "crypto")): my_environment["USE_CRYPTO_SUBMODULE"] = "1" + + if os.path.exists(os.path.join(git_worktree_path, "scripts", "legacy.make")): + command = [self.make_command, "-f", "scripts/legacy.make", "lib"] + else: + command = [self.make_command, "lib"] + make_output = subprocess.check_output( - [self.make_command, "lib"], + command, env=my_environment, cwd=git_worktree_path, stderr=subprocess.STDOUT From 401f20fb352a1d04edd2e9cdd48659e1d774afd1 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 2 Sep 2025 14:50:10 +0200 Subject: [PATCH 1025/1548] Prepare test components to scripts/legacy.make Signed-off-by: Ronald Cron --- tests/scripts/components-basic-checks.sh | 6 +- tests/scripts/components-build-system.sh | 10 +- tests/scripts/components-compiler.sh | 32 +-- .../components-configuration-crypto.sh | 202 +++++++++--------- .../components-configuration-platform.sh | 26 +-- tests/scripts/components-configuration-tls.sh | 40 ++-- .../scripts/components-configuration-x509.sh | 8 +- tests/scripts/components-configuration.sh | 48 ++--- tests/scripts/components-platform.sh | 122 +++++------ tests/scripts/components-psasim.sh | 4 +- 10 files changed, 249 insertions(+), 249 deletions(-) diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index c7d8161893..74b3ab3055 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -18,14 +18,14 @@ component_check_recursion () { component_check_generated_files () { msg "Check make_generated_files.py consistency" - make neat + $MAKE_COMMAND neat $FRAMEWORK/scripts/make_generated_files.py $FRAMEWORK/scripts/make_generated_files.py --check - make neat + $MAKE_COMMAND neat msg "Check files generated with make" MBEDTLS_ROOT_DIR="$PWD" - make generated_files + $MAKE_COMMAND generated_files $FRAMEWORK/scripts/make_generated_files.py --check cd $TF_PSA_CRYPTO_ROOT_DIR diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh index e533cdf0f9..8a84911b41 100644 --- a/tests/scripts/components-build-system.sh +++ b/tests/scripts/components-build-system.sh @@ -11,7 +11,7 @@ component_test_make_shared () { msg "build/test: make shared" # ~ 40s - make SHARED=1 TEST_CPP=1 all check + $MAKE_COMMAND SHARED=1 TEST_CPP=1 all check ldd programs/util/strerror | grep libmbedcrypto $FRAMEWORK/tests/programs/dlopen_demo.sh } @@ -58,7 +58,7 @@ support_test_cmake_out_of_source () { component_test_cmake_out_of_source () { # Remove existing generated files so that we use the ones cmake # generates - make neat + $MAKE_COMMAND neat msg "build: cmake 'out-of-source' build" MBEDTLS_ROOT_DIR="$PWD" @@ -90,7 +90,7 @@ component_test_cmake_out_of_source () { component_test_cmake_as_subdirectory () { # Remove existing generated files so that we use the ones CMake # generates - make neat + $MAKE_COMMAND neat msg "build: cmake 'as-subdirectory' build" cd programs/test/cmake_subproject @@ -107,7 +107,7 @@ support_test_cmake_as_subdirectory () { component_test_cmake_as_package () { # Remove existing generated files so that we use the ones CMake # generates - make neat + $MAKE_COMMAND neat msg "build: cmake 'as-package' build" root_dir="$(pwd)" @@ -132,7 +132,7 @@ support_test_cmake_as_package () { component_test_cmake_as_package_install () { # Remove existing generated files so that we use the ones CMake # generates - make neat + $MAKE_COMMAND neat msg "build: cmake 'as-installed-package' build" cd programs/test/cmake_package_install diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 9e74572c13..6ccb57d700 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -27,13 +27,13 @@ test_build_opt () { $cc --version for opt in "$@"; do msg "build/test: $cc $opt, $info" # ~ 30s - make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" + $MAKE_COMMAND CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror" # We're confident enough in compilers to not run _all_ the tests, # but at least run the unit tests. In particular, runs with # optimizations use inline assembly whereas runs with -O0 # skip inline assembly. - make test # ~30s - make clean + $MAKE_COMMAND test # ~30s + $MAKE_COMMAND clean done } @@ -94,10 +94,10 @@ component_test_gcc15_drivers_opt () { loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" loc_cflags="${loc_cflags} -I../framework/tests/include -O2" - make CC=$GCC_15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$GCC_15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" msg "test: GCC 15: full + test drivers dispatching to builtins" - make test + $MAKE_COMMAND test } component_test_gcc_earliest_opt () { @@ -111,21 +111,21 @@ support_test_gcc_earliest_opt () { component_build_mingw () { msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 lib programs + $MAKE_COMMAND CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 lib programs # note Make tests only builds the tests, but doesn't run them - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -maes -msse2 -mpclmul' WINDOWS_BUILD=1 tests - make WINDOWS_BUILD=1 clean + $MAKE_COMMAND CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -maes -msse2 -mpclmul' WINDOWS_BUILD=1 tests + $MAKE_COMMAND WINDOWS_BUILD=1 clean msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 lib programs - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 tests - make WINDOWS_BUILD=1 clean + $MAKE_COMMAND CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 lib programs + $MAKE_COMMAND CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 tests + $MAKE_COMMAND WINDOWS_BUILD=1 clean msg "build: Windows cross build - mingw64, make (Library only, default config without MBEDTLS_AESNI_C)" # ~ 30s ./scripts/config.py unset MBEDTLS_AESNI_C # - make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib - make WINDOWS_BUILD=1 clean + $MAKE_COMMAND CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib + $MAKE_COMMAND WINDOWS_BUILD=1 clean } support_build_mingw () { @@ -141,7 +141,7 @@ component_build_zeroize_checks () { scripts/config.py full # Only compile - we're looking for sizeof-pointer-memaccess warnings - make CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"$TF_PSA_CRYPTO_ROOT_DIR/tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" + $MAKE_COMMAND CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"$TF_PSA_CRYPTO_ROOT_DIR/tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" } component_test_zeroize () { @@ -162,12 +162,12 @@ component_test_zeroize () { for optimization_flag in -O2 -O3 -Ofast -Os; do for compiler in clang gcc; do msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" - make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" + $MAKE_COMMAND programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" gdb -ex "$gdb_disable_aslr" -x $FRAMEWORK/tests/programs/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log grep "The buffer was correctly zeroized" test_zeroize.log not grep -i "error" test_zeroize.log rm -f test_zeroize.log - make clean + $MAKE_COMMAND clean done done } diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 28fc189d0a..434fa07462 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -47,7 +47,7 @@ component_test_crypto_with_static_key_slots() { scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC msg "test: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" - make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test + $MAKE_COMMAND CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test } # check_renamed_symbols HEADER LIB @@ -67,7 +67,7 @@ component_build_psa_crypto_spm () { # We can only compile, not link, since our test and sample programs # aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM # is active. - make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' lib + $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' lib # Check that if a symbol is renamed by crypto_spe.h, the non-renamed # version is not present. @@ -138,16 +138,16 @@ component_test_psa_crypto_without_heap() { helper_libtestdriver1_make_main "$loc_accel_list" tests msg "crypto without heap: test" - make test + $MAKE_COMMAND test } component_test_no_rsa_key_pair_generation () { msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE - make + $MAKE_COMMAND msg "test: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" - make test + $MAKE_COMMAND test } component_test_no_pem_no_fs () { @@ -241,10 +241,10 @@ component_test_psa_external_rng_no_drbg_use_psa () { scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Requires HMAC_DRBG - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" - make test + $MAKE_COMMAND test msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)" tests/ssl-opt.sh -f 'Default\|opaque' @@ -257,10 +257,10 @@ component_test_psa_external_rng_use_psa_crypto () { scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" - make test + $MAKE_COMMAND test msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" tests/ssl-opt.sh -f 'Default\|opaque' @@ -273,14 +273,14 @@ component_full_no_pkparse_pkwrite () { scripts/config.py unset MBEDTLS_PK_PARSE_C scripts/config.py unset MBEDTLS_PK_WRITE_C - make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" # Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config). not grep mbedtls_pk_parse_key ${BUILTIN_SRC_PATH}/pkparse.o not grep mbedtls_pk_write_key_der ${BUILTIN_SRC_PATH}/pkwrite.o msg "test: full without pkparse and pkwrite" - make test + $MAKE_COMMAND test } component_test_crypto_full_md_light_only () { @@ -300,14 +300,14 @@ component_test_crypto_full_md_light_only () { # Note: MD-light is auto-enabled in build_info.h by modules that need it, # which we haven't disabled, so no need to explicitly enable it. - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" # Make sure we don't have the HMAC functions, but the hashing functions not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o grep mbedtls_md ${BUILTIN_SRC_PATH}/md.o msg "test: crypto_full with only the light subset of MD" - make test + $MAKE_COMMAND test } component_test_full_no_cipher () { @@ -334,13 +334,13 @@ component_test_full_no_cipher () { # The following modules directly depends on CIPHER_C scripts/config.py unset MBEDTLS_NIST_KW_C - make + $MAKE_COMMAND # Ensure that CIPHER_C was not re-enabled not grep mbedtls_cipher_init ${BUILTIN_SRC_PATH}/cipher.o msg "test: full no CIPHER" - make test + $MAKE_COMMAND test } component_test_full_no_ccm () { @@ -359,10 +359,10 @@ component_test_full_no_ccm () { # PSA_WANT_ALG_CCM to be re-enabled. scripts/config.py unset PSA_WANT_ALG_CCM - make + $MAKE_COMMAND msg "test: full no PSA_WANT_ALG_CCM" - make test + $MAKE_COMMAND test } component_test_full_no_ccm_star_no_tag () { @@ -390,13 +390,13 @@ component_test_full_no_ccm_star_no_tag () { scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 - make + $MAKE_COMMAND # Ensure MBEDTLS_PSA_BUILTIN_CIPHER was not enabled not grep mbedtls_psa_cipher ${PSA_CORE_PATH}/psa_crypto_cipher.o msg "test: full no PSA_WANT_ALG_CCM_STAR_NO_TAG" - make test + $MAKE_COMMAND test } component_test_config_symmetric_only () { @@ -444,10 +444,10 @@ component_test_everest_curve25519_only () { scripts/config.py unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255 - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: Everest ECDH context, only Curve25519" # ~ 50s - make test + $MAKE_COMMAND test } component_test_psa_collect_statuses () { @@ -491,14 +491,14 @@ component_test_crypto_for_psa_service () { scripts/config.py unset MBEDTLS_PK_C scripts/config.py unset MBEDTLS_PK_PARSE_C scripts/config.py unset MBEDTLS_PK_WRITE_C - make CFLAGS='-O1 -Werror' all test + $MAKE_COMMAND CFLAGS='-O1 -Werror' all test are_empty_libraries library/libmbedx509.* library/libmbedtls.* } component_build_crypto_baremetal () { msg "build: make, crypto only, baremetal config" scripts/config.py crypto_baremetal - make CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/" + $MAKE_COMMAND CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/" are_empty_libraries library/libmbedx509.* library/libmbedtls.* } @@ -543,10 +543,10 @@ component_test_psa_crypto_config_ffdh_2048_only () { scripts/config.py unset PSA_WANT_DH_RFC7919_6144 scripts/config.py unset PSA_WANT_DH_RFC7919_8192 - make CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS" msg "test: full config - only DH 2048" - make test + $MAKE_COMMAND test msg "ssl-opt: full config - only DH 2048" tests/ssl-opt.sh -f "ffdh" @@ -587,7 +587,7 @@ component_test_psa_crypto_config_accel_ecdsa () { # ------------- msg "test: accelerated ECDSA" - make test + $MAKE_COMMAND test } component_test_psa_crypto_config_accel_ecdh () { @@ -623,7 +623,7 @@ component_test_psa_crypto_config_accel_ecdh () { # ------------- msg "test: accelerated ECDH" - make test + $MAKE_COMMAND test } component_test_psa_crypto_config_accel_ffdh () { @@ -654,7 +654,7 @@ component_test_psa_crypto_config_accel_ffdh () { # ------------- msg "test: full with accelerated FFDH" - make test + $MAKE_COMMAND test msg "ssl-opt: full with accelerated FFDH alg" tests/ssl-opt.sh -f "ffdh" @@ -666,10 +666,10 @@ component_test_psa_crypto_config_reference_ffdh () { # Start with full (USE_PSA and TLS 1.3) helper_libtestdriver1_adjust_config "full" - make + $MAKE_COMMAND msg "test suites: full with non-accelerated FFDH alg" - make test + $MAKE_COMMAND test msg "ssl-opt: full with non-accelerated FFDH alg" tests/ssl-opt.sh -f "ffdh" @@ -704,7 +704,7 @@ component_test_psa_crypto_config_accel_pake () { # ------------- msg "test: full with accelerated PAKE" - make test + $MAKE_COMMAND test } component_test_psa_crypto_config_accel_ecc_some_key_types () { @@ -758,7 +758,7 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { # ------------- msg "test suites: full with accelerated EC algs and some key types" - make test + $MAKE_COMMAND test } # Run tests with only (non-)Weierstrass accelerated @@ -864,7 +864,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { # ------------- msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves" - make test + $MAKE_COMMAND test } component_test_psa_crypto_config_accel_ecc_weierstrass_curves () { @@ -938,7 +938,7 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () { # ------------- msg "test suites: full with accelerated EC algs" - make test + $MAKE_COMMAND test msg "ssl-opt: full with accelerated EC algs" tests/ssl-opt.sh @@ -950,10 +950,10 @@ component_test_psa_crypto_config_reference_ecc_ecp_light_only () { config_psa_crypto_config_ecp_light_only 0 - make + $MAKE_COMMAND msg "test suites: full with non-accelerated EC algs" - make test + $MAKE_COMMAND test msg "ssl-opt: full with non-accelerated EC algs" tests/ssl-opt.sh @@ -1034,7 +1034,7 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { # ------------- msg "test: full + accelerated EC algs - ECP" - make test + $MAKE_COMMAND test msg "ssl-opt: full + accelerated EC algs - ECP" tests/ssl-opt.sh @@ -1048,10 +1048,10 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { config_psa_crypto_no_ecp_at_all 0 - make + $MAKE_COMMAND msg "test: full + non accelerated EC algs" - make test + $MAKE_COMMAND test msg "ssl-opt: full + non accelerated EC algs" tests/ssl-opt.sh @@ -1183,7 +1183,7 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" - make test + $MAKE_COMMAND test msg "ssl-opt: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" tests/ssl-opt.sh @@ -1214,10 +1214,10 @@ common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$test_target" - make + $MAKE_COMMAND msg "test suites: full + non accelerated EC algs + USE_PSA" - make test + $MAKE_COMMAND test msg "ssl-opt: full + non accelerated $accel_text algs + USE_PSA" tests/ssl-opt.sh @@ -1273,7 +1273,7 @@ component_test_tfm_config_p256m_driver_accel_ec () { common_tfm_config # Build crypto library - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../framework/tests/include/spe" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../framework/tests/include/spe" LDFLAGS="$ASAN_CFLAGS" # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o @@ -1292,7 +1292,7 @@ component_test_tfm_config_p256m_driver_accel_ec () { # Run the tests msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA" - make test + $MAKE_COMMAND test } # Keep this in sync with component_test_tfm_config_p256m_driver_accel_ec() as @@ -1306,7 +1306,7 @@ component_test_tfm_config_no_p256m () { scripts/config.py -f "$CRYPTO_CONFIG_H" unset MBEDTLS_PSA_P256M_DRIVER_ENABLED msg "build: TF-M config without p256m" - make CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests + $MAKE_COMMAND CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests # Check that p256m was not built not grep p256_ecdsa_ library/libmbedcrypto.a @@ -1316,7 +1316,7 @@ component_test_tfm_config_no_p256m () { not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o msg "test: TF-M config without p256m" - make test + $MAKE_COMMAND test } # This is an helper used by: @@ -1340,10 +1340,10 @@ build_and_test_psa_want_key_pair_partial () { # crypto_config.h so we just disable the one we don't want. scripts/config.py unset "$disabled_psa_want" - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: $base_config - ${disabled_psa_want}" - make test + $MAKE_COMMAND test } component_test_psa_ecc_key_pair_no_derive () { @@ -1405,7 +1405,7 @@ component_test_psa_crypto_config_accel_rsa_crypto () { # ------------- msg "test: crypto_full with accelerated RSA" - make test + $MAKE_COMMAND test } component_test_psa_crypto_config_reference_rsa_crypto () { @@ -1417,12 +1417,12 @@ component_test_psa_crypto_config_reference_rsa_crypto () { # Build # ----- - make + $MAKE_COMMAND # Run the tests # ------------- msg "test: crypto_full with non-accelerated RSA" - make test + $MAKE_COMMAND test } # This is a temporary test to verify that full RSA support is present even when @@ -1452,10 +1452,10 @@ component_test_new_psa_want_key_pair_symbol () { scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE - make + $MAKE_COMMAND msg "Test: crypto config - PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" - make test + $MAKE_COMMAND test # Parse only 1 relevant line from the outcome file, i.e. a test which is # performing RSA signature. @@ -1499,7 +1499,7 @@ component_test_psa_crypto_config_accel_hash () { # ------------- msg "test: accelerated hash" - make test + $MAKE_COMMAND test } # Auxiliary function to build config for hashes with and without drivers @@ -1548,7 +1548,7 @@ component_test_psa_crypto_config_accel_hash_use_psa () { # ------------- msg "test: full with accelerated hashes" - make test + $MAKE_COMMAND test # This is mostly useful so that we can later compare outcome files with # the reference config in analyze_outcomes.py, to check that the @@ -1571,10 +1571,10 @@ component_test_psa_crypto_config_reference_hash_use_psa () { config_psa_crypto_hash_use_psa 0 - make + $MAKE_COMMAND msg "test: full without accelerated hashes" - make test + $MAKE_COMMAND test msg "test: ssl-opt.sh, full without accelerated hashes" tests/ssl-opt.sh @@ -1632,7 +1632,7 @@ component_test_psa_crypto_config_accel_hmac () { # ------------- msg "test: full with accelerated hmac" - make test + $MAKE_COMMAND test } component_test_psa_crypto_config_reference_hmac () { @@ -1640,10 +1640,10 @@ component_test_psa_crypto_config_reference_hmac () { config_psa_crypto_hmac_use_psa 0 - make + $MAKE_COMMAND msg "test: full without accelerated hmac" - make test + $MAKE_COMMAND test } component_test_psa_crypto_config_accel_aead () { @@ -1677,7 +1677,7 @@ component_test_psa_crypto_config_accel_aead () { # ------------- msg "test: accelerated AEAD" - make test + $MAKE_COMMAND test } # This is a common configuration function used in: @@ -1734,7 +1734,7 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { # ------------- msg "test: full config with accelerated cipher inc. AEAD and CMAC" - make test + $MAKE_COMMAND test msg "ssl-opt: full config with accelerated cipher inc. AEAD and CMAC" # Exclude password-protected key tests — they require built-in CBC and AES. @@ -1752,10 +1752,10 @@ component_test_psa_crypto_config_reference_cipher_aead_cmac () { # This can be removed once we remove DES from the library. scripts/config.py unset PSA_WANT_KEY_TYPE_DES - make + $MAKE_COMMAND msg "test: full config with non-accelerated cipher inc. AEAD and CMAC" - make test + $MAKE_COMMAND test msg "ssl-opt: full config with non-accelerated cipher inc. AEAD and CMAC" # Exclude password-protected key tests as in test_psa_crypto_config_accel_cipher_aead_cmac. @@ -1826,7 +1826,7 @@ component_test_full_block_cipher_psa_dispatch_static_keystore () { # ------------- msg "test: full + PSA dispatch in block_cipher with static keystore" - make test + $MAKE_COMMAND test } component_test_full_block_cipher_psa_dispatch () { @@ -1857,7 +1857,7 @@ component_test_full_block_cipher_psa_dispatch () { # ------------- msg "test: full + PSA dispatch in block_cipher" - make test + $MAKE_COMMAND test } # This is the reference component of component_test_full_block_cipher_psa_dispatch @@ -1866,20 +1866,20 @@ component_test_full_block_cipher_legacy_dispatch () { common_block_cipher_dispatch 0 - make + $MAKE_COMMAND msg "test: full + legacy dispatch in block_cipher" - make test + $MAKE_COMMAND test } component_test_aead_chachapoly_disabled () { msg "build: full minus CHACHAPOLY" scripts/config.py full scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full minus CHACHAPOLY" - make test + $MAKE_COMMAND test } component_test_aead_only_ccm () { @@ -1887,10 +1887,10 @@ component_test_aead_only_ccm () { scripts/config.py full scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 scripts/config.py unset PSA_WANT_ALG_GCM - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: full minus CHACHAPOLY and GCM" - make test + $MAKE_COMMAND test } component_test_ccm_aes_sha256 () { @@ -1900,9 +1900,9 @@ component_test_ccm_aes_sha256 () { echo '#define MBEDTLS_CONFIG_H ' >"$CONFIG_H" cp tf-psa-crypto/configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H" - make + $MAKE_COMMAND msg "test: CCM + AES + SHA256 configuration" - make test + $MAKE_COMMAND test } # Test that the given .o file builds with all (valid) combinations of the given options. @@ -2044,12 +2044,12 @@ END END msg "all loops unrolled" - make clean + $MAKE_COMMAND clean make -C tests ../tf-psa-crypto/tests/test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=1 -DMBEDTLS_SHA3_PI_UNROLL=1 -DMBEDTLS_SHA3_CHI_UNROLL=1 -DMBEDTLS_SHA3_RHO_UNROLL=1" ./tf-psa-crypto/tests/test_suite_shax msg "all loops rolled up" - make clean + $MAKE_COMMAND clean make -C tests ../tf-psa-crypto/tests/test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=0 -DMBEDTLS_SHA3_PI_UNROLL=0 -DMBEDTLS_SHA3_CHI_UNROLL=0 -DMBEDTLS_SHA3_RHO_UNROLL=0" ./tf-psa-crypto/tests/test_suite_shax } @@ -2091,10 +2091,10 @@ component_test_aes_only_128_bit_keys () { scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 - make CFLAGS='-O2 -Werror -Wall -Wextra' + $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH" - make test + $MAKE_COMMAND test } component_test_no_ctr_drbg_aes_only_128_bit_keys () { @@ -2103,10 +2103,10 @@ component_test_no_ctr_drbg_aes_only_128_bit_keys () { scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 scripts/config.py unset MBEDTLS_CTR_DRBG_C - make CC=clang CFLAGS='-Werror -Wall -Wextra' + $MAKE_COMMAND CC=clang CFLAGS='-Werror -Wall -Wextra' msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C" - make test + $MAKE_COMMAND test } component_test_aes_only_128_bit_keys_have_builtins () { @@ -2116,10 +2116,10 @@ component_test_aes_only_128_bit_keys_have_builtins () { scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AESCE_C - make CFLAGS='-O2 -Werror -Wall -Wextra' + $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" - make test + $MAKE_COMMAND test msg "selftest: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" programs/test/selftest @@ -2131,38 +2131,38 @@ component_test_gcm_largetable () { scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AESCE_C - make CFLAGS='-O2 -Werror -Wall -Wextra' + $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' msg "test: default config - GCM_LARGE_TABLE - AESNI_C - AESCE_C" - make test + $MAKE_COMMAND test } component_test_aes_fewer_tables () { msg "build: default config with AES_FEWER_TABLES enabled" scripts/config.py set MBEDTLS_AES_FEWER_TABLES - make CFLAGS='-O2 -Werror -Wall -Wextra' + $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' msg "test: AES_FEWER_TABLES" - make test + $MAKE_COMMAND test } component_test_aes_rom_tables () { msg "build: default config with AES_ROM_TABLES enabled" scripts/config.py set MBEDTLS_AES_ROM_TABLES - make CFLAGS='-O2 -Werror -Wall -Wextra' + $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' msg "test: AES_ROM_TABLES" - make test + $MAKE_COMMAND test } component_test_aes_fewer_tables_and_rom_tables () { msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" scripts/config.py set MBEDTLS_AES_FEWER_TABLES scripts/config.py set MBEDTLS_AES_ROM_TABLES - make CFLAGS='-O2 -Werror -Wall -Wextra' + $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" - make test + $MAKE_COMMAND test } # helper for component_test_block_cipher_no_decrypt_aesni() which: @@ -2200,8 +2200,8 @@ helper_block_cipher_no_decrypt_build_test () { [ -n "$unset_opts" ] && echo "Disabling: $unset_opts" && scripts/config.py unset-all $unset_opts msg "build: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" - make clean - make CFLAGS="-O2 $cflags" LDFLAGS="$ldflags" + $MAKE_COMMAND clean + $MAKE_COMMAND CFLAGS="-O2 $cflags" LDFLAGS="$ldflags" # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec ${BUILTIN_SRC_PATH}/aes.o @@ -2213,7 +2213,7 @@ helper_block_cipher_no_decrypt_build_test () { not grep mbedtls_aesni_inverse_key ${BUILTIN_SRC_PATH}/aesni.o msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" - make test + $MAKE_COMMAND test msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" programs/test/selftest @@ -2352,10 +2352,10 @@ component_test_full_static_keystore () { msg "build: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC" scripts/config.py full scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC - make CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" msg "test: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC" - make test + $MAKE_COMMAND test } component_test_psa_crypto_drivers () { @@ -2373,20 +2373,20 @@ component_test_psa_crypto_drivers () { loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" loc_cflags="${loc_cflags} -I../framework/tests/include" - make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" msg "test: full + test drivers dispatching to builtins" - make test + $MAKE_COMMAND test } component_build_psa_config_file () { msg "build: make with TF_PSA_CRYPTO_CONFIG_FILE" # ~40s cp "$CRYPTO_CONFIG_H" psa_test_config.h echo '#error "TF_PSA_CRYPTO_CONFIG_FILE is not working"' >"$CRYPTO_CONFIG_H" - make CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'" + $MAKE_COMMAND CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'" # Make sure this feature is enabled. We'll disable it in the next phase. programs/test/query_compile_time_config PSA_WANT_ALG_CMAC - make clean + $MAKE_COMMAND clean msg "build: make with TF_PSA_CRYPTO_CONFIG_FILE + TF_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s # In the user config, disable one feature and its dependencies, which will @@ -2394,7 +2394,7 @@ component_build_psa_config_file () { # query_compile_time_config. echo '#undef PSA_WANT_ALG_CMAC' >psa_user_config.h echo '#undef PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128' >> psa_user_config.h - make CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DTF_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'" + $MAKE_COMMAND CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DTF_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'" not programs/test/query_compile_time_config PSA_WANT_ALG_CMAC rm -f psa_test_config.h psa_user_config.h @@ -2410,7 +2410,7 @@ component_build_psa_alt_headers () { # Build the library and some programs. # Don't build the fuzzers to avoid having to go through hoops to set # a correct include path for programs/fuzz/Makefile. - make CFLAGS="-I ../framework/tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib + $MAKE_COMMAND CFLAGS="-I ../framework/tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib make -C programs -o fuzz CFLAGS="-I ../framework/tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" # Check that we're getting the alternative include guards and not the diff --git a/tests/scripts/components-configuration-platform.sh b/tests/scripts/components-configuration-platform.sh index b408bec618..11885f8840 100644 --- a/tests/scripts/components-configuration-platform.sh +++ b/tests/scripts/components-configuration-platform.sh @@ -28,11 +28,11 @@ component_test_psa_driver_get_entropy() scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED scripts/config.py set MBEDTLS_PSA_DRIVER_GET_ENTROPY - make + $MAKE_COMMAND # Run all the tests msg "test: default - MBEDTLS_PSA_BUILTIN_GET_ENTROPY + MBEDTLS_PSA_DRIVER_GET_ENTROPY" - make test + $MAKE_COMMAND test } component_build_no_sockets () { @@ -43,7 +43,7 @@ component_build_no_sockets () { scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY # prevent syscall() on GNU/Linux scripts/config.py set MBEDTLS_PSA_DRIVER_GET_ENTROPY - make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib + $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib } component_test_no_date_time () { @@ -73,10 +73,10 @@ component_test_have_int32 () { scripts/config.py unset MBEDTLS_HAVE_ASM scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AESCE_C - make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' + $MAKE_COMMAND CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' msg "test: gcc, force 32-bit bignum limbs" - make test + $MAKE_COMMAND test } component_test_have_int64 () { @@ -84,10 +84,10 @@ component_test_have_int64 () { scripts/config.py unset MBEDTLS_HAVE_ASM scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AESCE_C - make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' + $MAKE_COMMAND CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' msg "test: gcc, force 64-bit bignum limbs" - make test + $MAKE_COMMAND test } component_test_have_int32_cmake_new_bignum () { @@ -97,28 +97,28 @@ component_test_have_int32_cmake_new_bignum () { scripts/config.py unset MBEDTLS_AESCE_C scripts/config.py set MBEDTLS_TEST_HOOKS scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT - make CC=gcc CFLAGS="$ASAN_CFLAGS -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=gcc CFLAGS="$ASAN_CFLAGS -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32" LDFLAGS="$ASAN_CFLAGS" msg "test: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)" - make test + $MAKE_COMMAND test } component_test_no_udbl_division () { msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s scripts/config.py full scripts/config.py set MBEDTLS_NO_UDBL_DIVISION - make CFLAGS='-Werror -O1' + $MAKE_COMMAND CFLAGS='-Werror -O1' msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s - make test + $MAKE_COMMAND test } component_test_no_64bit_multiplication () { msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s scripts/config.py full scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION - make CFLAGS='-Werror -O1' + $MAKE_COMMAND CFLAGS='-Werror -O1' msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s - make test + $MAKE_COMMAND test } diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index d69b5853c7..5a77c4defc 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -67,10 +67,10 @@ component_test_tls1_2_default_stream_cipher_only () { scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION scripts/config.py unset MBEDTLS_SSL_TICKET_C - make + $MAKE_COMMAND msg "test: default with only stream cipher use psa" - make test + $MAKE_COMMAND test # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. } @@ -95,10 +95,10 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () { scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION scripts/config.py unset MBEDTLS_SSL_TICKET_C - make + $MAKE_COMMAND msg "test: default with only CBC-legacy cipher use psa" - make test + $MAKE_COMMAND test msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)" tests/ssl-opt.sh -f "TLS 1.2" @@ -124,10 +124,10 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION scripts/config.py unset MBEDTLS_SSL_TICKET_C - make + $MAKE_COMMAND msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa" - make test + $MAKE_COMMAND test msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)" tests/ssl-opt.sh -f "TLS 1.2" @@ -245,7 +245,7 @@ build_full_minus_something_and_test_tls () { scripts/config.py unset $sym done - make + $MAKE_COMMAND msg "test: full minus something, test TLS" ( cd tests; ./test_suite_ssl ) @@ -272,14 +272,14 @@ component_build_no_ssl_srv () { msg "build: full config except SSL server, make, gcc" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_SSL_SRV_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes' + $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes' } component_build_no_ssl_cli () { msg "build: full config except SSL client, make, gcc" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_SSL_CLI_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes' + $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes' } component_test_no_max_fragment_length () { @@ -370,10 +370,10 @@ component_test_when_no_ciphersuites_have_mac () { scripts/config.py unset MBEDTLS_SSL_NULL_CIPHERSUITES - make + $MAKE_COMMAND msg "test: !MBEDTLS_SSL_SOME_SUITES_USE_MAC" - make test + $MAKE_COMMAND test msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_SUITES_USE_MAC" tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM' @@ -401,10 +401,10 @@ component_test_tls13_only () { scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT scripts/config.py set MBEDTLS_TEST_HOOKS - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test: TLS 1.3 only, all key exchange modes enabled" - make test + $MAKE_COMMAND test msg "ssl-opt.sh: TLS 1.3 only, all key exchange modes enabled" tests/ssl-opt.sh @@ -438,7 +438,7 @@ component_test_tls13_only_psk () { scripts/config.py unset PSA_WANT_DH_RFC7919_6144 scripts/config.py unset PSA_WANT_DH_RFC7919_8192 - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, only PSK key exchange mode enabled" cd tests; ./test_suite_ssl; cd .. @@ -454,7 +454,7 @@ component_test_tls13_only_ephemeral () { scripts/config.py unset MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, only ephemeral key exchange mode" cd tests; ./test_suite_ssl; cd .. @@ -473,7 +473,7 @@ component_test_tls13_only_ephemeral_ffdh () { scripts/config.py set MBEDTLS_TEST_HOOKS scripts/config.py unset PSA_WANT_ALG_ECDH - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, only ephemeral ffdh key exchange mode" cd tests; ./test_suite_ssl; cd .. @@ -498,7 +498,7 @@ component_test_tls13_only_psk_ephemeral () { scripts/config.py unset PSA_WANT_ALG_RSA_OAEP scripts/config.py unset PSA_WANT_ALG_RSA_PSS - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral key exchange mode" cd tests; ./test_suite_ssl; cd .. @@ -524,7 +524,7 @@ component_test_tls13_only_psk_ephemeral_ffdh () { scripts/config.py unset PSA_WANT_ALG_RSA_OAEP scripts/config.py unset PSA_WANT_ALG_RSA_PSS - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral ffdh key exchange mode" cd tests; ./test_suite_ssl; cd .. @@ -548,7 +548,7 @@ component_test_tls13_only_psk_all () { scripts/config.py unset PSA_WANT_ALG_RSA_OAEP scripts/config.py unset PSA_WANT_ALG_RSA_PSS - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, PSK and PSK ephemeral key exchange modes" cd tests; ./test_suite_ssl; cd .. @@ -563,7 +563,7 @@ component_test_tls13_only_ephemeral_all () { scripts/config.py set MBEDTLS_SSL_EARLY_DATA scripts/config.py set MBEDTLS_TEST_HOOKS - make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" + $MAKE_COMMAND CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes" cd tests; ./test_suite_ssl; cd .. diff --git a/tests/scripts/components-configuration-x509.sh b/tests/scripts/components-configuration-x509.sh index 800d98ed69..8010a2a2e6 100644 --- a/tests/scripts/components-configuration-x509.sh +++ b/tests/scripts/components-configuration-x509.sh @@ -14,10 +14,10 @@ component_test_no_x509_info () { scripts/config.py full scripts/config.py unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests scripts/config.py set MBEDTLS_X509_REMOVE_INFO - make CFLAGS='-Werror -O2' + $MAKE_COMMAND CFLAGS='-Werror -O2' msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s - make test + $MAKE_COMMAND test msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_INFO" # ~ 1 min tests/ssl-opt.sh @@ -28,8 +28,8 @@ component_test_sw_inet_pton () { # MBEDTLS_TEST_HOOKS required for x509_crt_parse_cn_inet_pton scripts/config.py set MBEDTLS_TEST_HOOKS - make CFLAGS="-DMBEDTLS_TEST_SW_INET_PTON" + $MAKE_COMMAND CFLAGS="-DMBEDTLS_TEST_SW_INET_PTON" msg "test: default plus MBEDTLS_TEST_SW_INET_PTON" - make test + $MAKE_COMMAND test } diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index a35704f299..89104a3bab 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -11,12 +11,12 @@ component_test_default_out_of_box () { msg "build: make, default config (out-of-box)" # ~1min - make + $MAKE_COMMAND # Disable fancy stuff unset MBEDTLS_TEST_OUTCOME_FILE msg "test: main suites make, default config (out-of-box)" # ~10s - make test + $MAKE_COMMAND test msg "selftest: make, default config (out-of-box)" # ~10s programs/test/selftest @@ -160,19 +160,19 @@ component_test_default_no_deprecated () { # configuration leaves something consistent. msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s scripts/config.py set MBEDTLS_DEPRECATED_REMOVED - make CFLAGS='-O -Werror -Wall -Wextra' + $MAKE_COMMAND CFLAGS='-O -Werror -Wall -Wextra' msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s - make test + $MAKE_COMMAND test } component_test_full_no_deprecated () { msg "build: make, full_no_deprecated config" # ~ 30s scripts/config.py full_no_deprecated - make CFLAGS='-O -Werror -Wall -Wextra' + $MAKE_COMMAND CFLAGS='-O -Werror -Wall -Wextra' msg "test: make, full_no_deprecated config" # ~ 5s - make test + $MAKE_COMMAND test msg "test: ensure that X509 has no direct dependency on BIGNUM_C" not grep mbedtls_mpi library/libmbedx509.a @@ -186,10 +186,10 @@ component_test_full_no_deprecated_deprecated_warning () { scripts/config.py full_no_deprecated scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED scripts/config.py set MBEDTLS_DEPRECATED_WARNING - make CFLAGS='-O -Werror -Wall -Wextra' + $MAKE_COMMAND CFLAGS='-O -Werror -Wall -Wextra' msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s - make test + $MAKE_COMMAND test } component_test_full_deprecated_warning () { @@ -201,17 +201,17 @@ component_test_full_deprecated_warning () { # Expect warnings from '#warning' directives in check_config.h. # Note that gcc is required to allow the use of -Wno-error=cpp, which allows us to # display #warning messages without them being treated as errors. - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs + $MAKE_COMMAND CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s # Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features. # By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set. # Expect warnings from '#warning' directives in check_config.h and # from the use of deprecated functions in test suites. - make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests + $MAKE_COMMAND CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s - make test + $MAKE_COMMAND test msg "program demos: full config + MBEDTLS_TEST_DEPRECATED" # ~10s tests/scripts/run_demos.py @@ -220,7 +220,7 @@ component_test_full_deprecated_warning () { component_build_baremetal () { msg "build: make, baremetal config" scripts/config.py baremetal - make CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/" + $MAKE_COMMAND CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/" } support_build_baremetal () { @@ -240,20 +240,20 @@ component_build_tfm () { cp tf-psa-crypto/configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" msg "build: TF-M config, clang, armv7-m thumb2" - make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe" + $MAKE_COMMAND lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe" msg "build: TF-M config, gcc native build" - make clean - make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../framework/tests/include/spe" + $MAKE_COMMAND clean + $MAKE_COMMAND lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../framework/tests/include/spe" } component_test_malloc_0_null () { msg "build: malloc(0) returns NULL (ASan+UBSan build)" scripts/config.py full - make CC=$ASAN_CC CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + $MAKE_COMMAND CC=$ASAN_CC CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test: malloc(0) returns NULL (ASan+UBSan build)" - make test + $MAKE_COMMAND test msg "selftest: malloc(0) returns NULL (ASan+UBSan build)" # Just the calloc selftest. "make test" ran the others as part of the @@ -288,24 +288,24 @@ component_test_no_platform () { scripts/config.py set MBEDTLS_PSA_DRIVER_GET_ENTROPY # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, # to re-enable platform integration features otherwise disabled in C99 builds - make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs - make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test + $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs + $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' test } component_build_mbedtls_config_file () { msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s scripts/config.py -w full_config.h full echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H" - make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" + $MAKE_COMMAND CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'" # Make sure this feature is enabled. We'll disable it in the next phase. programs/test/query_compile_time_config MBEDTLS_SSL_ALL_ALERT_MESSAGES - make clean + $MAKE_COMMAND clean msg "build: make with MBEDTLS_CONFIG_FILE + MBEDTLS_USER_CONFIG_FILE" # In the user config, disable one feature (for simplicity, pick a feature # that nothing else depends on). echo '#undef MBEDTLS_SSL_ALL_ALERT_MESSAGES' >user_config.h - make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'" + $MAKE_COMMAND CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"' -DMBEDTLS_USER_CONFIG_FILE='\"user_config.h\"'" not programs/test/query_compile_time_config MBEDTLS_SSL_ALL_ALERT_MESSAGES rm -f user_config.h full_config.h @@ -319,10 +319,10 @@ component_test_no_strings () { scripts/config.py unset MBEDTLS_ERROR_C scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY scripts/config.py unset MBEDTLS_VERSION_FEATURES - make CFLAGS='-Werror -Os' + $MAKE_COMMAND CFLAGS='-Werror -Os' msg "test: no strings" # ~ 10s - make test + $MAKE_COMMAND test } component_test_memory_buffer_allocator_backtrace () { diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh index 4c297483f6..d6eef6f781 100644 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -19,10 +19,10 @@ component_test_m32_no_asm () { scripts/config.py full scripts/config.py unset MBEDTLS_HAVE_ASM scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" + $MAKE_COMMAND CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" msg "test: i386, make, gcc, no asm (ASan build)" - make test + $MAKE_COMMAND test } support_test_m32_no_asm () { @@ -38,10 +38,10 @@ component_test_m32_o2 () { msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" + $MAKE_COMMAND CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" msg "test: i386, make, gcc -O2 (ASan build)" - make test + $MAKE_COMMAND test msg "test ssl-opt.sh, i386, make, gcc-O2" tests/ssl-opt.sh @@ -55,10 +55,10 @@ component_test_m32_everest () { msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" + $MAKE_COMMAND CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s - make test + $MAKE_COMMAND test msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s tests/ssl-opt.sh -f ECDH @@ -75,10 +75,10 @@ support_test_m32_everest () { component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s scripts/config.py full - make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' + $MAKE_COMMAND CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -mx32' LDFLAGS='-mx32' msg "test: 64-bit ILP32, make, gcc" - make test + $MAKE_COMMAND test } support_test_mx32 () { @@ -118,16 +118,16 @@ component_test_aesni () { # ~ 60s # test the intrinsics implementation msg "AES tests, test intrinsics" - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' + $MAKE_COMMAND clean + $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' # check that the intrinsics implementation is in use - this should be used by default when # supported by the compiler ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" # test the asm implementation msg "AES tests, test assembly" - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes' + $MAKE_COMMAND clean + $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes' # check that the assembly implementation is in use - this should be used if the compiler # does not support intrinsics ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI ASSEMBLY" @@ -136,8 +136,8 @@ component_test_aesni () { # ~ 60s scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY msg "AES tests, plain C" - make clean - make CC=gcc CFLAGS='-O2 -Werror' + $MAKE_COMMAND clean + $MAKE_COMMAND CC=gcc CFLAGS='-O2 -Werror' # check that the plain C implementation is present and the AESNI one is not grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o not grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o @@ -148,8 +148,8 @@ component_test_aesni () { # ~ 60s scripts/config.py set MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY msg "AES tests, test AESNI only" - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' + $MAKE_COMMAND clean + $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' # check that the AESNI implementation is present and the plain C one is not grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o not grep -q mbedtls_internal_aes_encrypt ./tf-psa-crypto/drivers/builtin/src/aes.o @@ -172,8 +172,8 @@ component_test_aesni_m32 () { # ~ 60s # test the intrinsics implementation with gcc msg "AES tests, test intrinsics (gcc)" - make clean - make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' + $MAKE_COMMAND clean + $MAKE_COMMAND CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' # check that we built intrinsics - this should be used by default when supported by the compiler ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" # check that both the AESNI and plain C implementations are present @@ -184,8 +184,8 @@ component_test_aesni_m32 () { # ~ 60s scripts/config.py set MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY msg "AES tests, test AESNI only" - make clean - make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32' + $MAKE_COMMAND clean + $MAKE_COMMAND CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32' ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI" # check that the AESNI implementation is present and the plain C one is not grep -q mbedtls_aesni_crypt_ecb ./tf-psa-crypto/drivers/builtin/src/aesni.o @@ -206,8 +206,8 @@ component_test_aesni_m32_clang () { # test the intrinsics implementation with clang msg "AES tests, test intrinsics (clang)" - make clean - make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' + $MAKE_COMMAND clean + $MAKE_COMMAND CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32' # check that we built intrinsics - this should be used by default when supported by the compiler ./tf-psa-crypto/programs/test/which_aes | grep -q "AESNI INTRINSICS" # check that both the AESNI and plain C implementations are present @@ -227,51 +227,51 @@ component_build_aes_armce () { scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" msg "clang, test aarch64 crypto instructions built" grep -E 'aes[a-z]+\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" msg "clang, test A32 crypto instructions built" grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" msg "clang, test T32 crypto instructions built" grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY msg "MBEDTLS_AES_USE_both, clang, aarch64" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" msg "clang, test aarch64 crypto instructions built" grep -E 'aes[a-z]+\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s msg "MBEDTLS_AES_USE_both, clang, arm" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" msg "clang, test A32 crypto instructions built" grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s msg "MBEDTLS_AES_USE_both, clang, thumb" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" msg "clang, test T32 crypto instructions built" grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s scripts/config.py unset MBEDTLS_AESCE_C msg "no MBEDTLS_AESCE_C, clang, aarch64" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a" msg "clang, test aarch64 crypto instructions not built" not grep -E 'aes[a-z]+\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s msg "no MBEDTLS_AESCE_C, clang, arm" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72 -marm" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72 -marm" msg "clang, test A32 crypto instructions not built" not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s msg "no MBEDTLS_AESCE_C, clang, thumb" - make -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32 -mthumb" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/aesce.o library/../${BUILTIN_SRC_PATH}/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32 -mthumb" msg "clang, test T32 crypto instructions not built" not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' ${BUILTIN_SRC_PATH}/aesce.s } @@ -287,44 +287,44 @@ component_build_sha_armce () { # Test variations of SHA256 Armv8 crypto extensions scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, aarch64" - make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, test aarch64 crypto instructions built" grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, arm" - make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, test A32 crypto instructions built" grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, aarch64" - make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, test aarch64 crypto instructions built" grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT # examine the disassembly for absence of SHA instructions msg "clang, test A32 crypto instructions not built" - make -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72 -marm" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72 -marm" not grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s msg "clang, test T32 crypto instructions not built" - make -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32 -mthumb" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32 -mthumb" not grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s msg "clang, test aarch64 crypto instructions not built" - make -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a" + $MAKE_COMMAND -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a" not grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s } component_test_arm_linux_gnueabi_gcc_arm5vte () { # Mimic Debian armel port msg "test: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, default config" # ~4m - make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' + $MAKE_COMMAND CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' msg "test: main suites make, default config (out-of-box)" # ~7m 40s - make test + $MAKE_COMMAND test msg "selftest: make, default config (out-of-box)" # ~0s programs/test/selftest @@ -341,10 +341,10 @@ support_test_arm_linux_gnueabi_gcc_arm5vte () { # Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os component_test_arm_linux_gnueabi_gcc_thumb_1_opt_0 () { msg "test: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -O0, thumb 1, default config" # ~2m 10s - make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O0 -mcpu=arm1136j-s -mthumb' + $MAKE_COMMAND CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O0 -mcpu=arm1136j-s -mthumb' msg "test: main suites make, default config (out-of-box)" # ~36m - make test + $MAKE_COMMAND test msg "selftest: make, default config (out-of-box)" # ~10s programs/test/selftest @@ -359,10 +359,10 @@ support_test_arm_linux_gnueabi_gcc_thumb_1_opt_0 () { component_test_arm_linux_gnueabi_gcc_thumb_1_opt_s () { msg "test: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -Os, thumb 1, default config" # ~3m 10s - make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -Os -mcpu=arm1136j-s -mthumb' + $MAKE_COMMAND CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -Os -mcpu=arm1136j-s -mthumb' msg "test: main suites make, default config (out-of-box)" # ~21m 10s - make test + $MAKE_COMMAND test msg "selftest: make, default config (out-of-box)" # ~2s programs/test/selftest @@ -377,10 +377,10 @@ support_test_arm_linux_gnueabi_gcc_thumb_1_opt_s () { component_test_arm_linux_gnueabihf_gcc_armv7 () { msg "test: ${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc -O2, A32, default config" # ~4m 30s - make CC="${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O2 -march=armv7-a -marm' + $MAKE_COMMAND CC="${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O2 -march=armv7-a -marm' msg "test: main suites make, default config (out-of-box)" # ~3m 30s - make test + $MAKE_COMMAND test msg "selftest: make, default config (out-of-box)" # ~0s programs/test/selftest @@ -395,10 +395,10 @@ support_test_arm_linux_gnueabihf_gcc_armv7 () { component_test_arm_linux_gnueabihf_gcc_thumb_2 () { msg "test: ${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc -Os, thumb 2, default config" # ~4m - make CC="${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -Os -march=armv7-a -mthumb' + $MAKE_COMMAND CC="${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -Os -march=armv7-a -mthumb' msg "test: main suites make, default config (out-of-box)" # ~3m 40s - make test + $MAKE_COMMAND test msg "selftest: make, default config (out-of-box)" # ~0s programs/test/selftest @@ -413,10 +413,10 @@ support_test_arm_linux_gnueabihf_gcc_thumb_2 () { component_test_aarch64_linux_gnu_gcc () { msg "test: ${AARCH64_LINUX_GNU_GCC_PREFIX}gcc -O2, default config" # ~3m 50s - make CC="${AARCH64_LINUX_GNU_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O2' + $MAKE_COMMAND CC="${AARCH64_LINUX_GNU_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O2' msg "test: main suites make, default config (out-of-box)" # ~1m 50s - make test + $MAKE_COMMAND test msg "selftest: make, default config (out-of-box)" # ~0s programs/test/selftest @@ -433,7 +433,7 @@ support_test_aarch64_linux_gnu_gcc () { component_build_arm_none_eabi_gcc () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" # ~ 10s scripts/config.py baremetal - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib + $MAKE_COMMAND CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o @@ -449,7 +449,7 @@ component_build_arm_linux_gnueabi_gcc_arm5vte () { # See https://github.com/Mbed-TLS/mbedtls/pull/2169 and comments. # Build everything including programs, see for example # https://github.com/Mbed-TLS/mbedtls/pull/3449#issuecomment-675313720 - make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' + $MAKE_COMMAND CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug" ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t library/*.o @@ -467,7 +467,7 @@ component_build_arm_none_eabi_gcc_arm5vte () { # This is an imperfect substitute for # component_build_arm_linux_gnueabi_gcc_arm5vte # in case the gcc-arm-linux-gnueabi toolchain is not available - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib + $MAKE_COMMAND CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug" ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o @@ -478,7 +478,7 @@ component_build_arm_none_eabi_gcc_arm5vte () { component_build_arm_none_eabi_gcc_m0plus () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus, baremetal_size" # ~ 10s scripts/config.py baremetal_size - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib + $MAKE_COMMAND CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size" ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o @@ -494,7 +494,7 @@ component_build_arm_none_eabi_gcc_no_udbl_division () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s scripts/config.py baremetal scripts/config.py set MBEDTLS_NO_UDBL_DIVISION - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib + $MAKE_COMMAND CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib echo "Checking that software 64-bit division is not required" not grep __aeabi_uldiv library/*.o not grep __aeabi_uldiv ${PSA_CORE_PATH}/*.o @@ -505,7 +505,7 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s scripts/config.py baremetal scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib + $MAKE_COMMAND CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib echo "Checking that software 64-bit multiplication is not required" not grep __aeabi_lmul library/*.o not grep __aeabi_lmul ${PSA_CORE_PATH}/*.o @@ -518,17 +518,17 @@ component_build_arm_clang_thumb () { scripts/config.py baremetal msg "build: clang thumb 2, make" - make clean - make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -march=armv7-m -mthumb' lib + $MAKE_COMMAND clean + $MAKE_COMMAND CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -march=armv7-m -mthumb' lib # Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os msg "build: clang thumb 1 -O0, make" - make clean - make CC="clang" CFLAGS='-std=c99 -Werror -O0 --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib + $MAKE_COMMAND clean + $MAKE_COMMAND CC="clang" CFLAGS='-std=c99 -Werror -O0 --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib msg "build: clang thumb 1 -Os, make" - make clean - make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib + $MAKE_COMMAND clean + $MAKE_COMMAND CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib } component_build_armcc () { diff --git a/tests/scripts/components-psasim.sh b/tests/scripts/components-psasim.sh index a20f917ddb..e3952c5095 100644 --- a/tests/scripts/components-psasim.sh +++ b/tests/scripts/components-psasim.sh @@ -83,7 +83,7 @@ component_test_suite_with_psasim() helper_psasim_build client msg "build test suites" - make PSASIM=1 CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" tests + $MAKE_COMMAND PSASIM=1 CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" tests helper_psasim_server start @@ -93,7 +93,7 @@ component_test_suite_with_psasim() export SKIP_TEST_SUITES msg "run test suites" - make PSASIM=1 test + $MAKE_COMMAND PSASIM=1 test helper_psasim_server kill } From 31f63210ec41a30b96d1a1d2daaf207a0a7ff65a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 29 Aug 2025 16:12:40 +0200 Subject: [PATCH 1026/1548] Deprecate Make Move and rename the root Makefile to scripts/legacy.make. That way running make from the root fails. Signed-off-by: Ronald Cron --- Makefile => scripts/legacy.make | 0 tests/scripts/depends.py | 7 ++++--- tests/scripts/psa_collect_statuses.py | 12 +++++++----- 3 files changed, 11 insertions(+), 8 deletions(-) rename Makefile => scripts/legacy.make (100%) diff --git a/Makefile b/scripts/legacy.make similarity index 100% rename from Makefile rename to scripts/legacy.make diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 11ee5a0680..10d7028df0 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -439,8 +439,9 @@ def config_symbols_matching(self, regexp): # pylint: disable=too-many-locals def __init__(self, options, conf): """Gather data about the library and establish a list of domains to test.""" - build_command = [options.make_command, 'CFLAGS=-Werror -O2'] - build_and_test = [build_command, [options.make_command, 'test']] + build_command = [options.make_command, '-f', 'scripts/legacy.make', 'CFLAGS=-Werror -O2'] + build_and_test = [build_command, [options.make_command, '-f', + 'scripts/legacy.make', 'test']] self.all_config_symbols = set(conf.settings.keys()) psa_info = psa_information.Information().constructors algs = {crypto_knowledge.Algorithm(alg): symbol @@ -523,7 +524,7 @@ def get_jobs(self, name): def run(options, job, conf, colors=NO_COLORS): """Run the specified job (a Job instance).""" - subprocess.check_call([options.make_command, 'clean']) + subprocess.check_call([options.make_command, '-f', 'scripts/legacy.make', 'clean']) job.announce(colors, None) if not job.configure(conf, colors): job.announce(colors, False) diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py index d835ba7c9a..a91e3a3b30 100755 --- a/tests/scripts/psa_collect_statuses.py +++ b/tests/scripts/psa_collect_statuses.py @@ -78,23 +78,25 @@ def collect_status_logs(options): os.remove(options.log_file) if not os.path.exists(options.log_file): if options.clean_before: - subprocess.check_call(['make', 'clean'], + subprocess.check_call(['make', '-f', 'scripts/legacy.make', 'clean'], cwd='tests', stdout=sys.stderr) with open(os.devnull, 'w') as devnull: - make_q_ret = subprocess.call(['make', '-q', 'lib', 'tests'], + make_q_ret = subprocess.call(['make', '-f', 'scripts/legacy.make', + '-q', 'lib', 'tests'], stdout=devnull, stderr=devnull) if make_q_ret != 0: - subprocess.check_call(['make', 'RECORD_PSA_STATUS_COVERAGE_LOG=1'], + subprocess.check_call(['make', '-f', 'scripts/legacy.make', + 'RECORD_PSA_STATUS_COVERAGE_LOG=1'], stdout=sys.stderr) rebuilt = True - subprocess.check_call(['make', 'test'], + subprocess.check_call(['make', '-f', 'scripts/legacy.make', 'test'], stdout=sys.stderr) data = Statuses() data.collect_log(options.log_file) data.get_constant_names(options.psa_constant_names) if rebuilt and options.clean_after: - subprocess.check_call(['make', 'clean'], + subprocess.check_call(['make', '-f', 'scripts/legacy.make', 'clean'], cwd='tests', stdout=sys.stderr) return data From e7bac84a22a3b70df6cece3546eac1b3db4e515e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 15 Sep 2025 09:13:19 +0200 Subject: [PATCH 1027/1548] Remove the generation of MS visual studio files Signed-off-by: Ronald Cron --- scripts/bump_version.sh | 3 - scripts/generate_visualc_files.pl | 352 ----------------------- scripts/legacy.make | 27 -- tests/scripts/components-basic-checks.sh | 6 - visualc/VS2017/.gitignore | 16 -- 5 files changed, 404 deletions(-) delete mode 100755 scripts/generate_visualc_files.pl delete mode 100644 visualc/VS2017/.gitignore diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index 86ed74eada..62939e3823 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -143,6 +143,3 @@ scripts/generate_query_config.pl [ $VERBOSE ] && echo "Re-generating library/version_features.c" scripts/generate_features.pl -[ $VERBOSE ] && echo "Re-generating visualc files" -scripts/generate_visualc_files.pl - diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl deleted file mode 100755 index ef684b79d8..0000000000 --- a/scripts/generate_visualc_files.pl +++ /dev/null @@ -1,352 +0,0 @@ -#!/usr/bin/env perl - -# Generate main file, individual apps and solution files for -# MS Visual Studio 2017 -# -# Must be run from Mbed TLS root or scripts directory. -# Takes no argument. -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use warnings; -use strict; -use Getopt::Long; -use Digest::MD5 'md5_hex'; - -# Declare variables for options -my $vsx_dir = "visualc/VS2017"; -my $list = 0; # Default off - -GetOptions( - "directory=s" => \$vsx_dir, # Target directory - "list" => \$list # Only list generated files -) or die "Invalid options\n"; - -my $vsx_ext = "vcxproj"; -my $vsx_app_tpl_file = "scripts/data_files/vs2017-app-template.$vsx_ext"; -my $vsx_main_tpl_file = "scripts/data_files/vs2017-main-template.$vsx_ext"; -my $vsx_main_file = "$vsx_dir/mbedTLS.$vsx_ext"; -my $vsx_sln_tpl_file = "scripts/data_files/vs2017-sln-template.sln"; -my $vsx_sln_file = "$vsx_dir/mbedTLS.sln"; - -my $mbedtls_programs_dir = "programs"; -my $framework_programs_dir = "framework/tests/programs"; -my $tfpsacrypto_programs_dir = "tf-psa-crypto/programs"; - -my $mbedtls_header_dir = 'include/mbedtls'; -my $drivers_builtin_header_dir = 'tf-psa-crypto/drivers/builtin/include/mbedtls'; -my $psa_header_dir = 'tf-psa-crypto/include/psa'; -my $tls_source_dir = 'library'; -my $crypto_core_source_dir = 'tf-psa-crypto/core'; -my $crypto_source_dir = 'tf-psa-crypto/drivers/builtin/src'; -my $tls_test_source_dir = 'tests/src'; -my $tls_test_header_dir = 'tests/include/test'; -my $crypto_test_source_dir = 'tf-psa-crypto/tests/src'; -my $crypto_test_header_dir = 'tf-psa-crypto/tests/include/test'; -my $test_source_dir = 'framework/tests/src'; -my $test_header_dir = 'framework/tests/include/test'; -my $test_drivers_header_dir = 'framework/tests/include/test/drivers'; -my $test_drivers_source_dir = 'framework/tests/src/drivers'; - -my @thirdparty_header_dirs = qw( - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest -); -my @thirdparty_source_dirs = qw( - tf-psa-crypto/drivers/everest/library - tf-psa-crypto/drivers/everest/library/kremlib - tf-psa-crypto/drivers/everest/library/legacy -); - -# Directories to add to the include path. -# Order matters in case there are files with the same name in more than -# one directory: the compiler will use the first match. -my @include_directories = qw( - include - tf-psa-crypto/include - tf-psa-crypto/drivers/builtin/include - tf-psa-crypto/drivers/everest/include/ - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/vs2013 - tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/everest/kremlib - tests/include - tf-psa-crypto/tests/include - framework/tests/include - framework/tests/programs -); -my $include_directories = join(';', map {"../../$_"} @include_directories); - -# Directories to add to the include path when building the libraries, but not -# when building tests or applications. -my @library_include_directories = qw( - library - tf-psa-crypto/core - tf-psa-crypto/drivers/builtin/src -); -my $library_include_directories = - join(';', map {"../../$_"} (@library_include_directories, - @include_directories)); - -my @excluded_files = qw( - tf-psa-crypto/drivers/everest/library/Hacl_Curve25519.c -); -my %excluded_files = (); -foreach (@excluded_files) { $excluded_files{$_} = 1 } - -my $vsx_hdr_tpl = < -EOT -my $vsx_src_tpl = < -EOT - -my $vsx_sln_app_entry_tpl = <; - close $fh; - - return $content; -} - -sub content_to_file { - my ($content, $filename) = @_; - - open my $fh, '>:crlf', $filename or die "Could not write to $filename\n"; - print $fh $content; - close $fh; -} - -sub gen_app_guid { - my ($path) = @_; - - my $guid = md5_hex( "mbedTLS:$path" ); - $guid =~ s/(.{8})(.{4})(.{4})(.{4})(.{12})/\U{$1-$2-$3-$4-$5}/; - - return $guid; -} - -sub gen_app { - my ($path, $template, $dir, $ext) = @_; - - my $guid = gen_app_guid( $path ); - $path =~ s!/!\\!g; - (my $appname = $path) =~ s/.*\\//; - my $is_test_app = ($path =~ m/^test\\/); - - my $srcs; - if( $appname eq "metatest" or $appname eq "query_compile_time_config" or - $appname eq "query_included_headers" or $appname eq "zeroize" ) { - $srcs = ""; - } else { - $srcs = ""; - } - - if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or - $appname eq "query_compile_time_config" ) { - $srcs .= "\n "; - } - if( $appname eq "ssl_client2" or $appname eq "ssl_server2" ) { - $srcs .= "\n "; - } - - my $content = $template; - $content =~ s//$srcs/g; - $content =~ s//$appname/g; - $content =~ s//$guid/g; - $content =~ s/INCLUDE_DIRECTORIES\n/($is_test_app ? - $library_include_directories : - $include_directories)/ge; - - content_to_file( $content, "$dir/$appname.$ext" ); -} - -sub get_app_list { - my $makefile_contents = slurp_file('programs/Makefile'); - $makefile_contents =~ /\n\s*APPS\s*=[\\\s]*(.*?)(? } @header_dirs); - my @source_dirs = ( - $tls_source_dir, - $crypto_core_source_dir, - $crypto_source_dir, - $test_source_dir, - $tls_test_source_dir, - $crypto_test_source_dir, - $test_drivers_source_dir, - @thirdparty_source_dirs, - ); - my @sources = (map { <$_/*.c> } @source_dirs); - - @headers = grep { ! $excluded_files{$_} } @headers; - @sources = grep { ! $excluded_files{$_} } @sources; - map { s!/!\\!g } @headers; - map { s!/!\\!g } @sources; - - if ($list) { - foreach my $app (@app_list) { - $app =~ s/.*\///; - print "$vsx_dir/$app.$vsx_ext\n"; - } - print "$vsx_main_file\n"; - print "$vsx_sln_file\n"; - } else { - gen_app_files( @app_list ); - - gen_main_file( \@headers, \@sources, - $vsx_hdr_tpl, $vsx_src_tpl, - $vsx_main_tpl_file, $vsx_main_file ); - - gen_vsx_solution( @app_list ); - } - - return 0; -} diff --git a/scripts/legacy.make b/scripts/legacy.make index 6706143a24..9c8585cd86 100644 --- a/scripts/legacy.make +++ b/scripts/legacy.make @@ -62,7 +62,6 @@ tests/%: FORCE generated_files: library/generated_files generated_files: programs/generated_files generated_files: tests/generated_files -generated_files: visualc_files # Set GEN_FILES to the empty string to disable dependencies on generated # source files. Then `make generated_files` will only build files that @@ -87,26 +86,6 @@ else gen_file_dep = | endif -.PHONY: visualc_files -VISUALC_FILES = visualc/VS2017/mbedTLS.sln visualc/VS2017/mbedTLS.vcxproj -# TODO: $(app).vcxproj for each $(app) in programs/ -visualc_files: $(VISUALC_FILES) - -# Ensure that the .c files that generate_visualc_files.pl enumerates are -# present before it runs. It doesn't matter if the files aren't up-to-date, -# they just need to be present. -$(VISUALC_FILES): | library/generated_files -$(VISUALC_FILES): | programs/generated_files -$(VISUALC_FILES): | tests/generated_files -$(VISUALC_FILES): $(gen_file_dep) scripts/generate_visualc_files.pl -$(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2017-app-template.vcxproj -$(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2017-main-template.vcxproj -$(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2017-sln-template.sln -# TODO: also the list of .c and .h source files, but not their content -$(VISUALC_FILES): - echo " Gen $@ ..." - $(PERL) scripts/generate_visualc_files.pl - ifndef WINDOWS install: no_test mkdir -p $(DESTDIR)/include/mbedtls @@ -159,12 +138,6 @@ neat: clean_more_on_top $(MAKE) -C library neat $(MAKE) -C programs neat $(MAKE) -C tests neat -ifndef WINDOWS - rm -f visualc/VS2017/*.vcxproj visualc/VS2017/mbedTLS.sln -else - if exist visualc\VS2017\*.vcxproj del /Q /F visualc\VS2017\*.vcxproj - if exist visualc\VS2017\mbedTLS.sln del /Q /F visualc\VS2017\mbedTLS.sln -endif ifndef PSASIM check: lib diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 74b3ab3055..e791ad065c 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -39,12 +39,6 @@ component_check_generated_files () { make cd "$MBEDTLS_ROOT_DIR" - # Files for MS Visual Studio are not generated with cmake thus copy the - # ones generated with make to pacify make_generated_files.py check. - # Files for MS Visual Studio are rather on their way out thus not adding - # support for them with cmake. - cp -Rf visualc "$OUT_OF_SOURCE_DIR" - $FRAMEWORK/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR" --check cd $TF_PSA_CRYPTO_ROOT_DIR diff --git a/visualc/VS2017/.gitignore b/visualc/VS2017/.gitignore deleted file mode 100644 index e45eaf68fb..0000000000 --- a/visualc/VS2017/.gitignore +++ /dev/null @@ -1,16 +0,0 @@ -# Files that may be left over from make_generated-files.py --check -/*.bak - -# Visual Studio artifacts -/.localhistory/ -/.vs/ -/Debug/ -/Release/ -/*.vcxproj.filters -/*.vcxproj.user - -###START_GENERATED_FILES### -# Files automatically generated by generate_visualc_files.pl -/mbedTLS.sln -/*.vcxproj -###END_GENERATED_FILES### From ee63b6489212a3b97cc92c8b5cc7225cc26d1b3f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 29 Aug 2025 16:14:19 +0200 Subject: [PATCH 1028/1548] Update README.md Signed-off-by: Ronald Cron --- README.md | 75 +++++++++++++------------------------------------------ 1 file changed, 17 insertions(+), 58 deletions(-) diff --git a/README.md b/README.md index 7981a0236d..7326a3ebe5 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Configuration Mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/mbedtls_config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Python 3 script `scripts/config.py` (use `--help` for usage instructions). -Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS` when using the Make and CMake build system (see below). +Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS`. We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt` @@ -24,7 +24,9 @@ Documentation for the PSA Cryptography API is available [on GitHub](https://arm- To generate a local copy of the library documentation in HTML format, tailored to your compile-time configuration: 1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed. -1. Run `make apidoc`. +1. Run `mkdir /path/to/build_dir && cd /path/to/build_dir` +1. Run `cmake /path/to/mbedtls/source` +1. Run `make apidoc` 1. Browse `apidoc/index.html` or `apidoc/modules.html`. For other sources of documentation, see the [SUPPORT](SUPPORT.md) document. @@ -32,26 +34,17 @@ For other sources of documentation, see the [SUPPORT](SUPPORT.md) document. Compiling --------- -There are currently three active build systems used within Mbed TLS releases: - -- GNU Make -- CMake -- Microsoft Visual Studio - -The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. - -The Make and CMake build systems create three libraries: libmbedcrypto/libtfpsacrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto/libtfpsacrypto, and libmbedx509 depends on libmbedcrypto/libtfpsacrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. +We use CMake to configure and drive our build process. Three libraries are built: libtfpsacrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libtfpsacrypto, and libmbedx509 depends on libtfpsacrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -ltfpsacrypto`. ### Tool versions -You need the following tools to build the library with the provided makefiles: +You need the following tools to build the library: -* GNU Make 3.82 or a build tool that CMake supports. +* CMake 3.10.2 or later. +* A build system that CMake supports. * A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, IAR 8 and Visual Studio 2017. More recent versions should work. Slightly older versions may work. * Python 3.8 to generate the test code. Python is also needed to integrate PSA drivers and to build the development branch (see next section). * Perl to run the tests, and to generate some source files in the development branch. -* CMake 3.10.2 or later (if using CMake). -* Microsoft Visual Studio 2017 or later (if using Visual Studio). * Doxygen 1.8.11 or later (if building the documentation; slightly older versions should work). ### Git usage @@ -82,47 +75,12 @@ Note: If you have multiple toolchains installed, it is recommended to set `CC` o Any of the following methods are available to generate the configuration-independent files: -* If not cross-compiling, running `make` with any target, or just `make`, will automatically generate required files. -* On non-Windows systems, when not cross-compiling, CMake will generate the required files automatically. -* Run `make generated_files` to generate all the configuration-independent files. -* On Unix/POSIX systems, run `framework/scripts/make_generated_files.py` to generate all the configuration-independent files. -* On Windows, run `scripts\make_generated_files.bat` to generate all the configuration-independent files. - -### Make - -We require GNU Make. To build the library and the sample programs, GNU Make and a C compiler are sufficient. Some of the more advanced build targets require some Unix/Linux tools. - -We intentionally only use a minimum of functionality in the makefiles in order to keep them as simple and independent of different toolchains as possible, to allow users to more easily move between different platforms. Users who need more features are recommended to use CMake. - -In order to build from the source code using GNU Make, just enter at the command line: - - make - -In order to run the tests, enter: - - make check - -The tests need Python to be built and Perl to be run. If you don't have one of them installed, you can skip building the tests with: - - make no_test - -You'll still be able to run a much smaller set of tests with: - - programs/test/selftest - -In order to build for a Windows platform, you should use `WINDOWS_BUILD=1` if the target is Windows but the build environment is Unix-like (for instance when cross-compiling, or compiling from an MSYS shell), and `WINDOWS=1` if the build environment is a Windows shell (for instance using mingw32-make) (in that case some targets will not be available). - -Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; compiler warning options may be overridden separately using `WARNING_CFLAGS`. Some directory-specific options (for example, `-I` directives) are still preserved. - -Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -Wextra`), so if you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overridden from the command line. - -Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://mbed-tls.readthedocs.io/en/latest/kb/) for articles on your platform or issue. - -In case you find that you need to do something else as well, please let us know what, so we can add it to the [Mbed TLS Knowledge Base](https://mbed-tls.readthedocs.io/en/latest/kb/). +* On non-Windows systems, when not cross-compiling, CMake generates the required files automatically. +* Run `framework/scripts/make_generated_files.py` to generate all the configuration-independent files. ### CMake -In order to build the source using CMake in a separate directory (recommended), just enter at the command line: +In order to build the libraries using CMake in a separate directory (recommended), just enter at the command line: mkdir /path/to/build_dir && cd /path/to/build_dir cmake /path/to/mbedtls_source @@ -144,7 +102,7 @@ To configure CMake for building shared libraries, use: cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On /path/to/mbedtls_source -There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific: +There are many different build types available with CMake. Most of them are available for gcc and clang, though some are compiler-specific: - `Release`. This generates the default code without any unnecessary information in the binary files. - `Debug`. This generates debug information and disables optimization of the code. @@ -155,7 +113,7 @@ There are many different build modes available within the CMake buildsystem. Mos - `MemSanDbg`. Same as MemSan but slower, with debug information, better stack traces and origin tracking. - `Check`. This activates the compiler warnings that depend on optimization and treats all warnings as errors. -Switching build modes in CMake is simple. For debug mode, enter at the command line: +Switching build types in CMake is simple. For debug mode, enter at the command line: cmake -D CMAKE_BUILD_TYPE=Debug /path/to/mbedtls_source @@ -175,9 +133,10 @@ If you already invoked cmake and want to change those settings, you need to remove the build directory and create it again. Note that it is possible to build in-place; this will however overwrite the -provided Makefiles (see `scripts/tmp_ignore_makefiles.sh` if you want to -prevent `git status` from showing them as modified). In order to do so, from -the Mbed TLS source directory, use: +legacy Makefiles still used for testing purposes (see +`scripts/tmp_ignore_makefiles.sh` if you want to prevent `git status` from +showing them as modified). In order to do so, from the Mbed TLS source +directory, use: cmake . make From 7f6534617728524e70bc6abe0fffbf562fdf67c4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 17 Sep 2025 08:52:41 +0200 Subject: [PATCH 1029/1548] Add change log Signed-off-by: Ronald Cron --- ChangeLog.d/make-visualc.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/make-visualc.txt diff --git a/ChangeLog.d/make-visualc.txt b/ChangeLog.d/make-visualc.txt new file mode 100644 index 0000000000..4b195da54e --- /dev/null +++ b/ChangeLog.d/make-visualc.txt @@ -0,0 +1,2 @@ +Removals + * Drop support for the GNU Make and Microsoft Visual Studio build systems. From e5bae0dde318fff1e1ef506dc074e3db8f96e5af Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 24 Sep 2025 09:50:06 +0200 Subject: [PATCH 1030/1548] Adapt basic-build-test.sh to make deprecation Signed-off-by: Ronald Cron --- tests/scripts/basic-build-test.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 80012b94dc..298422687f 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -71,11 +71,10 @@ echo # Step 1 - Make and instrumented build for code coverage export CFLAGS=' --coverage -g3 -O0 ' export LDFLAGS=' --coverage' -make clean +make -f scripts/legacy.make clean cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.py full -make - +make -f scripts/legacy.make # Step 2 - Execute the tests TEST_OUTPUT=out_${PPID} @@ -119,7 +118,7 @@ echo # Step 3 - Process the coverage report cd .. { - make lcov + make -f scripts/legacy.make lcov echo SUCCESS } | tee tests/cov-$TEST_OUTPUT @@ -237,7 +236,7 @@ rm -f "tests/basic-build-test-$$.ok" touch "basic-build-test-$$.ok" } | tee coverage-summary.txt -make clean +make -f scripts/legacy.make clean if [ -f "$CONFIG_BAK" ]; then mv "$CONFIG_BAK" "$CONFIG_H" From 15cd8b0a636b90cf94be1b8dbcce1ef4b89b8f19 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 24 Sep 2025 10:16:50 +0200 Subject: [PATCH 1031/1548] Adapt footprint.sh to make deprecation Signed-off-by: Ronald Cron --- scripts/footprint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/footprint.sh b/scripts/footprint.sh index 1f2945159e..f41c7454d1 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -85,9 +85,9 @@ doit() scripts/config.py --force -f ${CRYPTO_CONFIG_H} set MBEDTLS_PSA_DRIVER_GET_ENTROPY || true } >/dev/null 2>&1 - make clean >/dev/null + make -f scripts/legacy.make clean >/dev/null CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld \ - CFLAGS="$ARMGCC_FLAGS" make lib >/dev/null + CFLAGS="$ARMGCC_FLAGS" make -f scripts/legacy.make lib >/dev/null OUT="size-${NAME}.txt" arm-none-eabi-size -t library/libmbed*.a > "$OUT" From 37148d0fe3a79b24313ebe42c52bfbb12544dd2a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 24 Sep 2025 12:17:36 +0200 Subject: [PATCH 1032/1548] Adapt memory.sh to make deprecation Signed-off-by: Ronald Cron --- scripts/memory.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/scripts/memory.sh b/scripts/memory.sh index d119374d54..ffce225f2d 100755 --- a/scripts/memory.sh +++ b/scripts/memory.sh @@ -59,8 +59,8 @@ do_config() printf " Executable size... " - make clean - CFLAGS=$CFLAGS_EXEC make OFLAGS=-Os lib >/dev/null 2>&1 + make -f ./scripts/legacy.make clean + CFLAGS=$CFLAGS_EXEC make -f ./scripts/legacy.make OFLAGS=-Os lib >/dev/null 2>&1 cd programs CFLAGS=$CFLAGS_EXEC make OFLAGS=-Os ssl/$CLIENT >/dev/null strip ssl/$CLIENT @@ -69,8 +69,8 @@ do_config() printf " Peak ram usage... " - make clean - CFLAGS=$CFLAGS_MEM make OFLAGS=-Os lib >/dev/null 2>&1 + make -f ./scripts/legacy.make clean + CFLAGS=$CFLAGS_MEM make -f ./scripts/legacy.make OFLAGS=-Os lib >/dev/null 2>&1 cd programs CFLAGS=$CFLAGS_MEM make OFLAGS=-Os ssl/$CLIENT >/dev/null cd .. @@ -103,8 +103,8 @@ rm -f massif.out.* printf "building server... " -make clean -make lib >/dev/null 2>&1 +make -f ./scripts/legacy.make clean +make -f ./scripts/legacy.make lib >/dev/null 2>&1 (cd programs && make ssl/ssl_server2) >/dev/null cp programs/ssl/ssl_server2 . @@ -123,7 +123,7 @@ do_config "suite-b" \ # cleanup mv $CONFIG_BAK $CONFIG_H -make clean +make -f scripts/legacy.make clean rm ssl_server2 exit $FAILED From 3a252dda0ce310f3054774bcc20ac7e7c6f95a13 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 3 Jul 2024 17:00:50 +0200 Subject: [PATCH 1033/1548] Adapt code_size_compare.py to make deprecation and submodules Signed-off-by: Ronald Cron --- scripts/code_size_compare.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index 8ed5f9cd63..171aafeec3 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -190,7 +190,7 @@ def __init__( self.compiler = size_dist_info.compiler self.opt_level = size_dist_info.opt_level - self.make_cmd = ['make', '-j', 'lib'] + self.make_cmd = ['make', '-f', './scripts/legacy.make', '-j', 'lib'] self.host_arch = host_arch self.logger = logger @@ -287,7 +287,7 @@ def __init__( #pylint: disable=too-many-arguments """ self.repo_path = "." self.git_command = "git" - self.make_clean = 'make clean' + self.make_clean = 'make -f ./scripts/legacy.make clean' self.git_rev = git_rev self.pre_make_cmd = pre_make_cmd @@ -319,6 +319,10 @@ def _create_git_worktree(self) -> str: git_worktree_path, self.git_rev], cwd=self.repo_path, stderr=subprocess.STDOUT ) + subprocess.check_output( + [self.git_command, "submodule", "update", "--init", "--recursive"], + cwd=git_worktree_path, stderr=subprocess.STDOUT + ) return git_worktree_path From d3d0652dcad175ac0c0be67a85c8682f233d4bab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 31 Jul 2025 21:53:41 +0200 Subject: [PATCH 1034/1548] Update framework submodule with config_history.py Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 59d77ef052..0bfaf0ed97 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 59d77ef0528f368b7c8cc39870fef6adab5241db +Subproject commit 0bfaf0ed9721b3858e8982698c618ee748b21a7d From 24d058bc6c09118d897cef42c0a7f91fbdbd3b07 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Apr 2025 18:30:35 +0200 Subject: [PATCH 1035/1548] Enable checks for bad options in the config file Signed-off-by: Gilles Peskine --- include/mbedtls/build_info.h | 5 +++++ library/mbedtls_config.c | 21 +++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index e40482a99a..7b7ff49f5a 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -68,6 +68,11 @@ #include MBEDTLS_USER_CONFIG_FILE #endif +/* For the sake of consistency checks in mbedtls_config.c */ +#if defined(MBEDTLS_INCLUDE_AFTER_RAW_CONFIG) +#include MBEDTLS_INCLUDE_AFTER_RAW_CONFIG +#endif + /* Indicate that all configuration files have been read. * It is now time to adjust the configuration (follow through on dependencies, * make PSA and legacy crypto consistent, etc.). diff --git a/library/mbedtls_config.c b/library/mbedtls_config.c index 679f8e36f9..a3deae3152 100644 --- a/library/mbedtls_config.c +++ b/library/mbedtls_config.c @@ -6,8 +6,29 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +/* Apply the TF-PSA-Crypto configuration first. We need to do this + * before , because "mbedtls_config_check_before.h" + * needs to run after the crypto config (including derived macros) is + * finalized, but before the user's mbedtls config is applied. This way + * it is possible to differentiate macros set by the user's mbedtls config + * from macros set or derived by the crypto config. */ +#include + +/* Consistency checks on the user's configuration. + * Check that it doesn't define macros that we assume are under full + * control of the library, or options from past major versions that + * no longer have any effect. + * These headers are automatically generated. See + * framework/scripts/mbedtls_framework/config_checks_generator.py + */ +#include "mbedtls_config_check_before.h" +#define MBEDTLS_INCLUDE_AFTER_RAW_CONFIG "mbedtls_config_check_user.h" + #include /* Consistency checks in the configuration: check for incompatible options, * missing options when at least one of a set needs to be enabled, etc. */ +/* Manually written checks */ #include "mbedtls_check_config.h" +/* Automatically generated checks */ +#include "mbedtls_config_check_final.h" From 24273c06db37ad4fa67cf15b0b5df8645c0fab65 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 16 Jul 2025 22:27:09 +0200 Subject: [PATCH 1036/1548] Checks for crypto options or internal macros set in mbedtls Signed-off-by: Gilles Peskine --- scripts/generate_config_checks.py | 8 ++++++ tests/scripts/test_config_checks.py | 38 +++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/scripts/generate_config_checks.py b/scripts/generate_config_checks.py index b0dc26b191..c5d8054207 100755 --- a/scripts/generate_config_checks.py +++ b/scripts/generate_config_checks.py @@ -7,11 +7,19 @@ from mbedtls_framework.config_checks_generator import * \ #pylint: disable=wildcard-import,unused-wildcard-import +class CryptoInternal(SubprojectInternal): + SUBPROJECT = 'TF-PSA-Crypto' + +class CryptoOption(SubprojectOption): + SUBPROJECT = 'psa/crypto_config.h' + MBEDTLS_CHECKS = BranchData( header_directory='library', header_prefix='mbedtls_', project_cpp_prefix='MBEDTLS', checkers=[ + CryptoInternal('MBEDTLS_MD5_C', 'PSA_WANT_ALG_MD5 in psa/crypto_config.h'), + CryptoOption('MBEDTLS_BASE64_C'), Removed('MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', 'Mbed TLS 4.0'), Removed('MBEDTLS_PADLOCK_C', 'Mbed TLS 4.0'), ], diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py index 7403f7ebdb..911e2d9a58 100755 --- a/tests/scripts/test_config_checks.py +++ b/tests/scripts/test_config_checks.py @@ -55,5 +55,43 @@ def test_mbedtls_no_ecdsa(self) -> None: error=('MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED')) + def test_define_MBEDTLS_MD5_C_redundant(self) -> None: + """Error when redundantly setting a subproject internal option.""" + self.bad_case('#define PSA_WANT_ALG_MD5 1', + '#define MBEDTLS_MD5_C', + error=r'MBEDTLS_MD5_C.* PSA_WANT_ALG_MD5 in psa/crypto_config\.h') + + def test_define_MBEDTLS_MD5_C_added(self) -> None: + """Error when setting a subproject internal option that was disabled.""" + self.bad_case(''' + #undef PSA_WANT_ALG_MD5 + #undef MBEDTLS_MD5_C + ''', + '#define MBEDTLS_MD5_C', + error=r'MBEDTLS_MD5_C.* PSA_WANT_ALG_MD5 in psa/crypto_config\.h') + + def test_define_MBEDTLS_BASE64_C_redundant(self) -> None: + """Ok to redundantly set a subproject option.""" + self.good_case(None, + '#define MBEDTLS_BASE64_C') + + def test_define_MBEDTLS_BASE64_C_added(self) -> None: + """Error when setting a subproject option that was disabled.""" + self.bad_case(''' + #undef MBEDTLS_BASE64_C + #undef MBEDTLS_PEM_PARSE_C + #undef MBEDTLS_PEM_WRITE_C + ''', + '#define MBEDTLS_BASE64_C', + error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h') + + @unittest.skip("Checks for #undef are not implemented yet.") + def test_define_MBEDTLS_BASE64_C_unset(self) -> None: + """Error when unsetting a subproject option that was enabled.""" + self.bad_case(None, + '#undef MBEDTLS_BASE64_C', + error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h') + + if __name__ == '__main__': unittest.main() From 8e44a94d395c011fdba40f4bb83f6d648169b048 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 15 Sep 2025 15:27:20 +0200 Subject: [PATCH 1037/1548] Automatically generate checkers for removed options Read the list of historical config options in 3.6, compare that to 1.0/4.0 and emit the appropriate checkers. Signed-off-by: Gilles Peskine --- scripts/generate_config_checks.py | 29 +++++++++++++++++++++++------ tests/scripts/test_config_checks.py | 4 ++-- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/scripts/generate_config_checks.py b/scripts/generate_config_checks.py index c5d8054207..a2a174bb4c 100755 --- a/scripts/generate_config_checks.py +++ b/scripts/generate_config_checks.py @@ -3,9 +3,12 @@ """Generate C preprocessor code to check for bad configurations. """ +from typing import Iterator + import framework_scripts_path # pylint: disable=unused-import from mbedtls_framework.config_checks_generator import * \ #pylint: disable=wildcard-import,unused-wildcard-import +from mbedtls_framework import config_history class CryptoInternal(SubprojectInternal): SUBPROJECT = 'TF-PSA-Crypto' @@ -13,16 +16,30 @@ class CryptoInternal(SubprojectInternal): class CryptoOption(SubprojectOption): SUBPROJECT = 'psa/crypto_config.h' +def checkers_for_removed_options() -> Iterator[Checker]: + """Discover removed options. Yield corresponding checkers.""" + history = config_history.ConfigHistory() + old_public = history.options('mbedtls', '3.6') + new_public = history.options('mbedtls', '4.0') + crypto_public = history.options('tfpsacrypto', '1.0') + crypto_internal = history.internal('tfpsacrypto', '1.0') + for option in sorted(old_public - new_public): + if option in crypto_public: + yield CryptoOption(option) + elif option in crypto_internal: + yield CryptoInternal(option) + else: + yield Removed(option, 'Mbed TLS 4.0') + +def all_checkers() -> Iterator[Checker]: + """Yield all checkers.""" + yield from checkers_for_removed_options() + MBEDTLS_CHECKS = BranchData( header_directory='library', header_prefix='mbedtls_', project_cpp_prefix='MBEDTLS', - checkers=[ - CryptoInternal('MBEDTLS_MD5_C', 'PSA_WANT_ALG_MD5 in psa/crypto_config.h'), - CryptoOption('MBEDTLS_BASE64_C'), - Removed('MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', 'Mbed TLS 4.0'), - Removed('MBEDTLS_PADLOCK_C', 'Mbed TLS 4.0'), - ], + checkers=list(all_checkers()), ) if __name__ == '__main__': diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py index 911e2d9a58..86fd4db095 100755 --- a/tests/scripts/test_config_checks.py +++ b/tests/scripts/test_config_checks.py @@ -59,7 +59,7 @@ def test_define_MBEDTLS_MD5_C_redundant(self) -> None: """Error when redundantly setting a subproject internal option.""" self.bad_case('#define PSA_WANT_ALG_MD5 1', '#define MBEDTLS_MD5_C', - error=r'MBEDTLS_MD5_C.* PSA_WANT_ALG_MD5 in psa/crypto_config\.h') + error=r'MBEDTLS_MD5_C is an internal macro') def test_define_MBEDTLS_MD5_C_added(self) -> None: """Error when setting a subproject internal option that was disabled.""" @@ -68,7 +68,7 @@ def test_define_MBEDTLS_MD5_C_added(self) -> None: #undef MBEDTLS_MD5_C ''', '#define MBEDTLS_MD5_C', - error=r'MBEDTLS_MD5_C.* PSA_WANT_ALG_MD5 in psa/crypto_config\.h') + error=r'MBEDTLS_MD5_C is an internal macro') def test_define_MBEDTLS_BASE64_C_redundant(self) -> None: """Ok to redundantly set a subproject option.""" From 379d38de1cfc99d6c5c4f82dc5d9d17557332d98 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Apr 2025 18:30:47 +0200 Subject: [PATCH 1038/1548] Unit tests for checks for removed options in the config file Signed-off-by: Gilles Peskine --- tests/scripts/test_config_checks.py | 30 ++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py index 86fd4db095..dceadf6b7c 100755 --- a/tests/scripts/test_config_checks.py +++ b/tests/scripts/test_config_checks.py @@ -22,12 +22,23 @@ class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks): 'tf-psa-crypto/drivers/builtin/include', ] + def test_crypto_config_read(self) -> None: + """Check that crypto_config.h is read in crypto.""" + self.bad_case('#error witness', + None, + error='witness') + + def test_mbedtls_config_read(self) -> None: + """Check that mbedtls_config.h is read in crypto.""" + self.bad_case('' + '#error witness', + error='witness') + @unittest.skip("At this time, mbedtls does not go through crypto's check_config.h.") - def test_crypto_no_fs_io(self) -> None: + def test_crypto_undef_MBEDTLS_FS_IO(self) -> None: """A sample error expected from crypto's check_config.h.""" self.bad_case('#undef MBEDTLS_FS_IO', - None, - error=('MBEDTLS_PSA_ITS_FILE_C')) + error='MBEDTLS_PSA_ITS_FILE_C') def test_mbedtls_no_session_tickets_for_early_data(self) -> None: """An error expected from mbedtls_check_config.h based on the TLS configuration.""" @@ -36,7 +47,7 @@ def test_mbedtls_no_session_tickets_for_early_data(self) -> None: #define MBEDTLS_SSL_EARLY_DATA #undef MBEDTLS_SSL_SESSION_TICKETS ''', - error=('MBEDTLS_SSL_EARLY_DATA')) + error='MBEDTLS_SSL_EARLY_DATA') def test_mbedtls_no_ecdsa(self) -> None: """An error expected from mbedtls_check_config.h based on crypto+TLS configuration.""" @@ -52,8 +63,17 @@ def test_mbedtls_no_ecdsa(self) -> None: #error PSA_WANT_ALG_DETERMINSTIC_ECDSA unexpected #endif ''', - error=('MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED')) + error='MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED') + + def test_mbedtls_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: + """Error when setting a removed option.""" + self.bad_case('#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', + error='MBEDTLS_KEY_EXCHANGE_RSA_ENABLED was removed') + def test_mbedtls_exempt_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: + """Bypassed error when setting a removed option.""" + self.good_case('#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', + extra_options=['-DMBEDTLS_CONFIG_CHECK_BYPASS']) def test_define_MBEDTLS_MD5_C_redundant(self) -> None: """Error when redundantly setting a subproject internal option.""" From cc1ac1d3dccfc87dacd29743358e36e41c5cd5f4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 19 Sep 2025 22:03:15 +0200 Subject: [PATCH 1039/1548] CMake: support generated headers Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 063703bfe8..6c2b6bb0e6 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -118,6 +118,13 @@ if(GEN_FILES) ${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c ${CMAKE_CURRENT_BINARY_DIR}/version_features.c ) + + # List generated headers as sources explicitly. Normally CMake finds + # headers by tracing include directives, but if that happens before the + # generated headers are generated, this process doesn't find them. + list(APPEND src_x509 + ${MBEDTLS_GENERATED_CONFIG_CHECKS_HEADERS} + ) endif() if(CMAKE_COMPILER_IS_GNUCC) @@ -237,7 +244,9 @@ foreach(target IN LISTS target_libraries) $ PRIVATE ${MBEDTLS_DIR}/library/ ${MBEDTLS_DIR}/tf-psa-crypto/core - ${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/src) + ${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/src + # needed for generated headers + ${CMAKE_CURRENT_BINARY_DIR}) set_config_files_compile_definitions(${target}) install( TARGETS ${target} From c45d9ac4c2b6affb87e5128f04c4bcba15ca2b6d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 19 Sep 2025 22:17:05 +0200 Subject: [PATCH 1040/1548] Allow setting removed options that are now always on Signed-off-by: Gilles Peskine --- scripts/generate_config_checks.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/scripts/generate_config_checks.py b/scripts/generate_config_checks.py index a2a174bb4c..bae93c3662 100755 --- a/scripts/generate_config_checks.py +++ b/scripts/generate_config_checks.py @@ -16,6 +16,11 @@ class CryptoInternal(SubprojectInternal): class CryptoOption(SubprojectOption): SUBPROJECT = 'psa/crypto_config.h' +ALWAYS_ENABLED_SINCE_4_0 = frozenset([ + 'MBEDTLS_PSA_CRYPTO_CONFIG', + 'MBEDTLS_USE_PSA_CRYPTO', +]) + def checkers_for_removed_options() -> Iterator[Checker]: """Discover removed options. Yield corresponding checkers.""" history = config_history.ConfigHistory() @@ -24,6 +29,8 @@ def checkers_for_removed_options() -> Iterator[Checker]: crypto_public = history.options('tfpsacrypto', '1.0') crypto_internal = history.internal('tfpsacrypto', '1.0') for option in sorted(old_public - new_public): + if option in ALWAYS_ENABLED_SINCE_4_0: + continue if option in crypto_public: yield CryptoOption(option) elif option in crypto_internal: From 562763b5bde95f1820142205f2a2f93143c26cce Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Sep 2025 16:18:35 +0200 Subject: [PATCH 1041/1548] Add dependency of mbedtls_config on generated config check headers Fix the build of libmbedx509 when generated files are not already present. Signed-off-by: Gilles Peskine --- library/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/Makefile b/library/Makefile index a0b6d6eb1d..9085ab481c 100644 --- a/library/Makefile +++ b/library/Makefile @@ -346,6 +346,8 @@ $(GENERATED_CONFIG_CHECK_FILES): echo " Gen $(GENERATED_CONFIG_CHECK_FILES)" $(PYTHON) ../scripts/generate_config_checks.py +mbedtls_config.o: $(GENERATED_CONFIG_CHECK_FILES) + TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) \ $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ --list $(TF_PSA_CRYPTO_CORE_PATH)) From 4bb82fdb16f074204759b133b793752f54bdae68 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Sep 2025 10:30:13 +0200 Subject: [PATCH 1042/1548] Fix copypasta in documentation Signed-off-by: Gilles Peskine --- tests/scripts/test_config_checks.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py index dceadf6b7c..edaf525f6d 100755 --- a/tests/scripts/test_config_checks.py +++ b/tests/scripts/test_config_checks.py @@ -23,13 +23,13 @@ class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks): ] def test_crypto_config_read(self) -> None: - """Check that crypto_config.h is read in crypto.""" + """Check that crypto_config.h is read in mbedtls.""" self.bad_case('#error witness', None, error='witness') def test_mbedtls_config_read(self) -> None: - """Check that mbedtls_config.h is read in crypto.""" + """Check that mbedtls_config.h is read in mbedtls.""" self.bad_case('' '#error witness', error='witness') From f7ed4e506fcef9efcd74840c105f51087b20e3f1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Sep 2025 10:32:55 +0200 Subject: [PATCH 1043/1548] Add test case for allowing setting an always-on removed option Signed-off-by: Gilles Peskine --- tests/scripts/test_config_checks.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py index edaf525f6d..ee624d886f 100755 --- a/tests/scripts/test_config_checks.py +++ b/tests/scripts/test_config_checks.py @@ -112,6 +112,15 @@ def test_define_MBEDTLS_BASE64_C_unset(self) -> None: '#undef MBEDTLS_BASE64_C', error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h') + def test_crypto_define_MBEDTLS_USE_PSA_CRYPTO(self) -> None: + """It's ok to set MBEDTLS_USE_PSA_CRYPTO (now effectively always on).""" + self.good_case('#define MBEDTLS_USE_PSA_CRYPTO') + + def test_crypto_define_MBEDTLS_USE_PSA_CRYPTO(self) -> None: + """It's ok to set MBEDTLS_USE_PSA_CRYPTO (now effectively always on).""" + self.good_case(None, + '#define MBEDTLS_USE_PSA_CRYPTO') + if __name__ == '__main__': unittest.main() From 3cee43e8ab8a81a002771d4dbf5d33fa3a6b4dee Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Sep 2025 15:48:58 +0200 Subject: [PATCH 1044/1548] Be more consistent about method naming Indicate which config file has the most relevant tweak. Duplicate a few test cases so that both the crypto config and the mbedtls config are tested. Signed-off-by: Gilles Peskine --- tests/scripts/test_config_checks.py | 38 ++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 11 deletions(-) diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py index ee624d886f..2c6f6b3c81 100755 --- a/tests/scripts/test_config_checks.py +++ b/tests/scripts/test_config_checks.py @@ -22,6 +22,10 @@ class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks): 'tf-psa-crypto/drivers/builtin/include', ] + ## Method naming convention: + ## * test_crypto_xxx when testing a tweak of crypto_config.h + ## * test_mbedtls_xxx when testing a tweak of mbedtls_config.h + def test_crypto_config_read(self) -> None: """Check that crypto_config.h is read in mbedtls.""" self.bad_case('#error witness', @@ -49,7 +53,7 @@ def test_mbedtls_no_session_tickets_for_early_data(self) -> None: ''', error='MBEDTLS_SSL_EARLY_DATA') - def test_mbedtls_no_ecdsa(self) -> None: + def test_crypto_mbedtls_no_ecdsa(self) -> None: """An error expected from mbedtls_check_config.h based on crypto+TLS configuration.""" self.bad_case(''' #undef PSA_WANT_ALG_ECDSA @@ -65,23 +69,35 @@ def test_mbedtls_no_ecdsa(self) -> None: ''', error='MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED') - def test_mbedtls_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: - """Error when setting a removed option.""" + def test_crypto_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: + """Error when setting a removed option via crypto_config.h.""" self.bad_case('#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', error='MBEDTLS_KEY_EXCHANGE_RSA_ENABLED was removed') - def test_mbedtls_exempt_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: - """Bypassed error when setting a removed option.""" + def test_mbedtls_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: + """Error when setting a removed option via mbedtls_config.h.""" + self.bad_case(None, + '#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', + error='MBEDTLS_KEY_EXCHANGE_RSA_ENABLED was removed') + + def test_crypto_exempt_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: + """Bypassed error when setting a removed option via crypto_config.h.""" self.good_case('#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', extra_options=['-DMBEDTLS_CONFIG_CHECK_BYPASS']) - def test_define_MBEDTLS_MD5_C_redundant(self) -> None: + def test_mbedtls_exempt_define_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED(self) -> None: + """Bypassed error when setting a removed option via mbedtls_config.h.""" + self.good_case(None, + '#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED', + extra_options=['-DMBEDTLS_CONFIG_CHECK_BYPASS']) + + def test_mbedtls_define_MBEDTLS_MD5_C_redundant(self) -> None: """Error when redundantly setting a subproject internal option.""" self.bad_case('#define PSA_WANT_ALG_MD5 1', '#define MBEDTLS_MD5_C', error=r'MBEDTLS_MD5_C is an internal macro') - def test_define_MBEDTLS_MD5_C_added(self) -> None: + def test_mbedtls_define_MBEDTLS_MD5_C_added(self) -> None: """Error when setting a subproject internal option that was disabled.""" self.bad_case(''' #undef PSA_WANT_ALG_MD5 @@ -90,12 +106,12 @@ def test_define_MBEDTLS_MD5_C_added(self) -> None: '#define MBEDTLS_MD5_C', error=r'MBEDTLS_MD5_C is an internal macro') - def test_define_MBEDTLS_BASE64_C_redundant(self) -> None: + def test_mbedtls_define_MBEDTLS_BASE64_C_redundant(self) -> None: """Ok to redundantly set a subproject option.""" self.good_case(None, '#define MBEDTLS_BASE64_C') - def test_define_MBEDTLS_BASE64_C_added(self) -> None: + def test_mbedtls_define_MBEDTLS_BASE64_C_added(self) -> None: """Error when setting a subproject option that was disabled.""" self.bad_case(''' #undef MBEDTLS_BASE64_C @@ -106,7 +122,7 @@ def test_define_MBEDTLS_BASE64_C_added(self) -> None: error=r'MBEDTLS_BASE64_C .*psa/crypto_config\.h') @unittest.skip("Checks for #undef are not implemented yet.") - def test_define_MBEDTLS_BASE64_C_unset(self) -> None: + def test_mbedtls_define_MBEDTLS_BASE64_C_unset(self) -> None: """Error when unsetting a subproject option that was enabled.""" self.bad_case(None, '#undef MBEDTLS_BASE64_C', @@ -116,7 +132,7 @@ def test_crypto_define_MBEDTLS_USE_PSA_CRYPTO(self) -> None: """It's ok to set MBEDTLS_USE_PSA_CRYPTO (now effectively always on).""" self.good_case('#define MBEDTLS_USE_PSA_CRYPTO') - def test_crypto_define_MBEDTLS_USE_PSA_CRYPTO(self) -> None: + def test_mbedtls_define_MBEDTLS_USE_PSA_CRYPTO(self) -> None: """It's ok to set MBEDTLS_USE_PSA_CRYPTO (now effectively always on).""" self.good_case(None, '#define MBEDTLS_USE_PSA_CRYPTO') From effa534e710772a612d04e5be4a6fe8f47f539d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Thu, 25 Sep 2025 15:51:07 +0200 Subject: [PATCH 1045/1548] Use worktrees instead of fetches for submodules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/abi_check.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index 243e6fc482..f2a7819048 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -197,6 +197,13 @@ def _update_git_submodules(self, git_worktree_path, version): """If the crypto submodule is present, initialize it. if version.crypto_revision exists, update it to that revision, otherwise update it to the default revision""" + submodule_output = subprocess.check_output( + [self.git_command, "submodule", "foreach", "--recursive", + 'git worktree add --detach "{}/$displaypath" HEAD'.format(git_worktree_path)], + cwd=self.repo_path, + stderr=subprocess.STDOUT + ) + self.log.debug(submodule_output.decode("utf-8")) update_output = subprocess.check_output( [self.git_command, "submodule", "update", "--init", '--recursive'], cwd=git_worktree_path, @@ -390,6 +397,12 @@ def _get_storage_format_tests(self, version, git_worktree_path): def _cleanup_worktree(self, git_worktree_path): """Remove the specified git worktree.""" shutil.rmtree(git_worktree_path) + submodule_output = subprocess.check_output( + [self.git_command, "submodule", "foreach", "--recursive", "git worktree prune"], + cwd=self.repo_path, + stderr=subprocess.STDOUT + ) + self.log.debug(submodule_output.decode("utf-8")) worktree_output = subprocess.check_output( [self.git_command, "worktree", "prune"], cwd=self.repo_path, From 355b00e8e00309e88e9ff83ad64ecfee49cfe3bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 26 Sep 2025 12:11:03 +0200 Subject: [PATCH 1046/1548] Fix includes in udp_proxy.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The program uses atoi() unconditionally, so it should include stdlib.h unconditionally. Previously this happened to be indirectly included by some other header (via pk.h via ssl.h) but we should not rely on that. Signed-off-by: Manuel Pégourié-Gonnard --- programs/test/udp_proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index c80a3f59fc..1c52990a8e 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -17,11 +17,11 @@ #include "mbedtls/build_info.h" #include +#include #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #include -#include #if defined(MBEDTLS_HAVE_TIME) #include #define mbedtls_time time From dc88f6e1f3fdcc5b7d8afdda61498cd8e85bced5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 26 Sep 2025 15:37:42 +0200 Subject: [PATCH 1047/1548] Use f-string literal MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This makes path-construction a bit more readable Signed-off-by: Bence Szépkúti --- scripts/abi_check.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index f2a7819048..18eb9d3dc1 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -199,7 +199,7 @@ def _update_git_submodules(self, git_worktree_path, version): otherwise update it to the default revision""" submodule_output = subprocess.check_output( [self.git_command, "submodule", "foreach", "--recursive", - 'git worktree add --detach "{}/$displaypath" HEAD'.format(git_worktree_path)], + f'git worktree add --detach "{git_worktree_path}/$displaypath" HEAD'], cwd=self.repo_path, stderr=subprocess.STDOUT ) From 8d95062aeb5a2a89d6ba63bf11e11a175385d8ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 26 Sep 2025 15:44:11 +0200 Subject: [PATCH 1048/1548] Eliminate use of git worktree prune MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/abi_check.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index 18eb9d3dc1..c526f15ef6 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -398,13 +398,14 @@ def _cleanup_worktree(self, git_worktree_path): """Remove the specified git worktree.""" shutil.rmtree(git_worktree_path) submodule_output = subprocess.check_output( - [self.git_command, "submodule", "foreach", "--recursive", "git worktree prune"], + [self.git_command, "submodule", "foreach", "--recursive", + f'git worktree remove "{git_worktree_path}/$displaypath"'], cwd=self.repo_path, stderr=subprocess.STDOUT ) self.log.debug(submodule_output.decode("utf-8")) worktree_output = subprocess.check_output( - [self.git_command, "worktree", "prune"], + [self.git_command, "worktree", "remove", git_worktree_path], cwd=self.repo_path, stderr=subprocess.STDOUT ) From cf9b557d1c83a74bc0f94d44db12fc9e9c70df20 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Sep 2025 16:07:38 +0200 Subject: [PATCH 1049/1548] Removed static ECDH Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/feature-removals.md | 31 ++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/docs/4.0-migration-guide/feature-removals.md b/docs/4.0-migration-guide/feature-removals.md index ae611a112c..8b2c4d0b8f 100644 --- a/docs/4.0-migration-guide/feature-removals.md +++ b/docs/4.0-migration-guide/feature-removals.md @@ -12,6 +12,7 @@ That is, the following key exchange types are no longer supported: * RSA (i.e. cipher suites using only RSA decryption: cipher suites using RSA signatures remain supported); * DHE-PSK (except in TLS 1.3); * DHE-RSA (except in TLS 1.3). +* static ECDH (ECDH-RSA and ECDH-ECDSA, as opposed to ephemeral ECDH (ECDHE) which remains supported). The full list of removed cipher suites is: @@ -59,6 +60,36 @@ TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 +TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA +TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 +TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 +TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA +TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 +TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 +TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 +TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 +TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 +TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 +TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 +TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 +TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 +TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 +TLS-ECDH-ECDSA-WITH-NULL-SHA +TLS-ECDH-RSA-WITH-AES-128-CBC-SHA +TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256 +TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256 +TLS-ECDH-RSA-WITH-AES-256-CBC-SHA +TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384 +TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384 +TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256 +TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256 +TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384 +TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384 +TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256 +TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256 +TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384 +TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384 +TLS-ECDH-RSA-WITH-NULL-SHA TLS-RSA-PSK-WITH-AES-128-CBC-SHA TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 From 7d3cf9b3dce7d204c791744564e99f388383eb8c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Sep 2025 18:09:37 +0200 Subject: [PATCH 1050/1548] Add section on the config file split Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/configuration.md | 34 +++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 docs/4.0-migration-guide/configuration.md diff --git a/docs/4.0-migration-guide/configuration.md b/docs/4.0-migration-guide/configuration.md new file mode 100644 index 0000000000..0065de4542 --- /dev/null +++ b/docs/4.0-migration-guide/configuration.md @@ -0,0 +1,34 @@ +## Compile-time configuration + +### Configuration file split + +All configuration options that are relevant to TF-PSA-Crypto must now be configured in one of its configuration files, namely: + +* `TF_PSA_CRYPTO_CONFIG_FILE`, if set on the preprocessor command line; +* otherwise ``; +* additionally `TF_PSA_CRYPTO_USER_CONFIG_FILE`, if set. + +Configuration options that are relevant to X.509 or TLS should still be set in the Mbed TLS configuration file (`MBEDTLS_CONFIG_FILE` or ``, and `MBEDTLS_USER_CONFIG_FILE` is set). However, you can define all options in the crypto configuration, and Mbed TLS will pick them up. + +Generally speaking, the options that must be configured in TF-PSA-Crypto are: + +* options related to platform settings; +* options related to the choice of cryptographic mechanisms included in the build; +* options related to the inner workings of cryptographic mechanisms, such as size/memory/performance compromises; +* options related to crypto-adjacent features, such as ASN.1 and Base64. + +See `include/psa/crypto_config.h` in TF-PSA-Crypto and `include/mbedtls/mbedtls_config.h` in Mbed TLS for details. + +Notably, `` is no longer limited to `PSA_WANT_xxx` options. + +Note that many options related to cryptography have changed; see the TF-PSA-Crypto migration guide for details. + +### Split of `build_info.h` and `version.h` + +TF-PSA-Crypto has a header file `` which includes the configuration file and provides the adjusted configuration macros, similar to `` in Mbed TLS. Generally, you should include a feature-specific header file rather than `build_info.h`. + +TF-PSA-Crypto exposes its version through ``, similar to `` in Mbed TLS. + +### Removal of `check_config.h` + +The header `mbedtls/check_config.h` is no longer present. Including it from user configuration files was already obsolete in Mbed TLS 3.x, since it enforces properties the configuration as adjusted by `mbedtls/build_info.h`, not properties that the user configuration is expected to meet. From 93145552cd291e72b7e715d67ee073cee8c914cc Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 9 Sep 2025 18:54:52 +0100 Subject: [PATCH 1051/1548] Restored changelog entries This commit restores all changelog entries between the mbedtls-3.6.0 tag and the mbedtls-4.0.0-beta tag. git diff ce4683e..09dc57d --name-status -- ChangeLog.d Signed-off-by: Minos Galanakis --- ChangeLog.d/9126.txt | 5 ++++ ChangeLog.d/9302.txt | 6 +++++ ChangeLog.d/9684.txt | 2 ++ ChangeLog.d/9685.txt | 2 ++ ChangeLog.d/9690.txt | 8 ++++++ ChangeLog.d/9874.txt | 5 ++++ ChangeLog.d/9892.txt | 4 +++ ChangeLog.d/9956.txt | 6 +++++ ChangeLog.d/9964.txt | 25 +++++++++++++++++++ ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt | 4 +++ ChangeLog.d/add-psa-iop-generate-key.txt | 3 +++ ChangeLog.d/add-psa-iop-key-agreement.txt | 4 +++ ChangeLog.d/add-psa-key-agreement.txt | 3 +++ ChangeLog.d/add-tls-exporter.txt | 6 +++++ ChangeLog.d/asn1-missing-guard-in-rsa.txt | 3 +++ ChangeLog.d/check-config.txt | 9 +++++++ ChangeLog.d/configuration-split.txt | 16 ++++++++++++ ChangeLog.d/dynamic-keystore.txt | 10 ++++++++ ChangeLog.d/ecdsa-conversion-overflow.txt | 6 +++++ ChangeLog.d/error-unification.txt | 11 ++++++++ ChangeLog.d/fix-aesni-asm-clobbers.txt | 5 ++++ .../fix-clang-psa-build-without-dhm.txt | 3 +++ ...ion-when-memcpy-is-function-like-macro.txt | 2 ++ ChangeLog.d/fix-compilation-with-djgpp.txt | 2 ++ ...concurrently-loading-non-existent-keys.txt | 4 +++ ChangeLog.d/fix-driver-schema-check.txt | 3 +++ ChangeLog.d/fix-legacy-compression-issue.txt | 6 +++++ .../fix-msvc-version-guard-format-zu.txt | 5 ++++ ChangeLog.d/fix-psa-cmac.txt | 4 +++ ...nation_warning_messages_for_GNU_SOURCE.txt | 5 ++++ .../fix-rsa-performance-regression.txt | 3 +++ .../fix-secure-element-key-creation.txt | 5 ++++ ChangeLog.d/fix-server-mode-only-build.txt | 3 +++ .../fix-string-to-names-memory-management.txt | 18 +++++++++++++ .../fix-string-to-names-store-named-data.txt | 8 ++++++ ChangeLog.d/fix-test-suite-pk-warnings.txt | 3 +++ .../fix_reporting_of_key_usage_issues.txt | 11 ++++++++ ChangeLog.d/fix_ubsan_mp_aead_gcm.txt | 3 +++ ...tls_psa_ecp_generate_key-no_public_key.txt | 3 +++ ChangeLog.d/mbedtls_psa_register_se_key.txt | 3 +++ ...sa_rsa_load_representation-memory_leak.txt | 3 +++ ChangeLog.d/mbedtls_ssl_set_hostname.txt | 16 ++++++++++++ ChangeLog.d/oid.txt | 8 ++++++ ChangeLog.d/pk-norsa-warning.txt | 2 ++ ChangeLog.d/psa-always-on.txt | 10 ++++++++ ChangeLog.d/psa-crypto-config-always-on.txt | 7 ++++++ ...decrypt-ccm_star-iv_length_enforcement.txt | 3 +++ ChangeLog.d/psa_generate_key_custom.txt | 9 +++++++ ChangeLog.d/psa_util-bits-0.txt | 3 +++ .../psa_util_in_builds_without_psa.txt | 5 ++++ ChangeLog.d/removal-of-rng.txt | 5 ++++ ChangeLog.d/remove-compat-2.x.txt | 2 ++ ChangeLog.d/remove-crypto-alt-interface.txt | 5 ++++ ChangeLog.d/remove-via-padlock-support.txt | 3 +++ ChangeLog.d/remove_RSA_key_exchange.txt | 2 ++ .../replace-close-with-mbedtls_net_close.txt | 4 +++ ChangeLog.d/repo-split.txt | 5 ++++ ChangeLog.d/rm-ssl-conf-curves.txt | 4 +++ ...ring-conversions-out-of-the-oid-module.txt | 4 +++ ChangeLog.d/tls-hs-defrag-in.txt | 7 ++++++ ChangeLog.d/tls-key-exchange-rsa.txt | 2 ++ ChangeLog.d/tls12-check-finished-calc.txt | 6 +++++ ChangeLog.d/tls13-cert-regressions.txt | 18 +++++++++++++ .../tls13-middlebox-compat-disabled.txt | 4 +++ ChangeLog.d/tls13-without-tickets.txt | 3 +++ .../unterminated-string-initialization.txt | 3 +++ 66 files changed, 380 insertions(+) create mode 100644 ChangeLog.d/9126.txt create mode 100644 ChangeLog.d/9302.txt create mode 100644 ChangeLog.d/9684.txt create mode 100644 ChangeLog.d/9685.txt create mode 100644 ChangeLog.d/9690.txt create mode 100644 ChangeLog.d/9874.txt create mode 100644 ChangeLog.d/9892.txt create mode 100644 ChangeLog.d/9956.txt create mode 100644 ChangeLog.d/9964.txt create mode 100644 ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt create mode 100644 ChangeLog.d/add-psa-iop-generate-key.txt create mode 100644 ChangeLog.d/add-psa-iop-key-agreement.txt create mode 100644 ChangeLog.d/add-psa-key-agreement.txt create mode 100644 ChangeLog.d/add-tls-exporter.txt create mode 100644 ChangeLog.d/asn1-missing-guard-in-rsa.txt create mode 100644 ChangeLog.d/check-config.txt create mode 100644 ChangeLog.d/configuration-split.txt create mode 100644 ChangeLog.d/dynamic-keystore.txt create mode 100644 ChangeLog.d/ecdsa-conversion-overflow.txt create mode 100644 ChangeLog.d/error-unification.txt create mode 100644 ChangeLog.d/fix-aesni-asm-clobbers.txt create mode 100644 ChangeLog.d/fix-clang-psa-build-without-dhm.txt create mode 100644 ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt create mode 100644 ChangeLog.d/fix-compilation-with-djgpp.txt create mode 100644 ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt create mode 100644 ChangeLog.d/fix-driver-schema-check.txt create mode 100644 ChangeLog.d/fix-legacy-compression-issue.txt create mode 100644 ChangeLog.d/fix-msvc-version-guard-format-zu.txt create mode 100644 ChangeLog.d/fix-psa-cmac.txt create mode 100644 ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt create mode 100644 ChangeLog.d/fix-rsa-performance-regression.txt create mode 100644 ChangeLog.d/fix-secure-element-key-creation.txt create mode 100644 ChangeLog.d/fix-server-mode-only-build.txt create mode 100644 ChangeLog.d/fix-string-to-names-memory-management.txt create mode 100644 ChangeLog.d/fix-string-to-names-store-named-data.txt create mode 100644 ChangeLog.d/fix-test-suite-pk-warnings.txt create mode 100644 ChangeLog.d/fix_reporting_of_key_usage_issues.txt create mode 100644 ChangeLog.d/fix_ubsan_mp_aead_gcm.txt create mode 100644 ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt create mode 100644 ChangeLog.d/mbedtls_psa_register_se_key.txt create mode 100644 ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt create mode 100644 ChangeLog.d/mbedtls_ssl_set_hostname.txt create mode 100644 ChangeLog.d/oid.txt create mode 100644 ChangeLog.d/pk-norsa-warning.txt create mode 100644 ChangeLog.d/psa-always-on.txt create mode 100644 ChangeLog.d/psa-crypto-config-always-on.txt create mode 100644 ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt create mode 100644 ChangeLog.d/psa_generate_key_custom.txt create mode 100644 ChangeLog.d/psa_util-bits-0.txt create mode 100644 ChangeLog.d/psa_util_in_builds_without_psa.txt create mode 100644 ChangeLog.d/removal-of-rng.txt create mode 100644 ChangeLog.d/remove-compat-2.x.txt create mode 100644 ChangeLog.d/remove-crypto-alt-interface.txt create mode 100644 ChangeLog.d/remove-via-padlock-support.txt create mode 100644 ChangeLog.d/remove_RSA_key_exchange.txt create mode 100644 ChangeLog.d/replace-close-with-mbedtls_net_close.txt create mode 100644 ChangeLog.d/repo-split.txt create mode 100644 ChangeLog.d/rm-ssl-conf-curves.txt create mode 100644 ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt create mode 100644 ChangeLog.d/tls-hs-defrag-in.txt create mode 100644 ChangeLog.d/tls-key-exchange-rsa.txt create mode 100644 ChangeLog.d/tls12-check-finished-calc.txt create mode 100644 ChangeLog.d/tls13-cert-regressions.txt create mode 100644 ChangeLog.d/tls13-middlebox-compat-disabled.txt create mode 100644 ChangeLog.d/tls13-without-tickets.txt create mode 100644 ChangeLog.d/unterminated-string-initialization.txt diff --git a/ChangeLog.d/9126.txt b/ChangeLog.d/9126.txt new file mode 100644 index 0000000000..22939df86f --- /dev/null +++ b/ChangeLog.d/9126.txt @@ -0,0 +1,5 @@ +Default behavior changes + * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT && + !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the + corresponding PSA mechanism is enabled, since the server provides the + crypto. Fixes #9126. diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/9302.txt new file mode 100644 index 0000000000..d61ba19632 --- /dev/null +++ b/ChangeLog.d/9302.txt @@ -0,0 +1,6 @@ +Features + * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which + uses static storage for keys, enabling malloc-less use of key slots. + The size of each buffer is given by the option + MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the + largest PSA key enabled in the build. diff --git a/ChangeLog.d/9684.txt b/ChangeLog.d/9684.txt new file mode 100644 index 0000000000..115ded87a0 --- /dev/null +++ b/ChangeLog.d/9684.txt @@ -0,0 +1,2 @@ +Removals + * Remove support for the DHE-PSK key exchange in TLS 1.2. diff --git a/ChangeLog.d/9685.txt b/ChangeLog.d/9685.txt new file mode 100644 index 0000000000..9820aff759 --- /dev/null +++ b/ChangeLog.d/9685.txt @@ -0,0 +1,2 @@ +Removals + * Remove support for the DHE-RSA key exchange in TLS 1.2. diff --git a/ChangeLog.d/9690.txt b/ChangeLog.d/9690.txt new file mode 100644 index 0000000000..d00eb16bc9 --- /dev/null +++ b/ChangeLog.d/9690.txt @@ -0,0 +1,8 @@ +Security + * Fix a buffer underrun in mbedtls_pk_write_key_der() when + called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled, + and the output buffer is smaller than the actual output. + Fix a related buffer underrun in mbedtls_pk_write_key_pem() + when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled + and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key. + CVE-2024-49195 diff --git a/ChangeLog.d/9874.txt b/ChangeLog.d/9874.txt new file mode 100644 index 0000000000..a4d2e032ee --- /dev/null +++ b/ChangeLog.d/9874.txt @@ -0,0 +1,5 @@ +API changes + * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. + Instead of taking a mbedtls_cipher_type_t as an argument, this function + now takes 3 new arguments: a PSA algorithm, key type and key size, to + specify the AEAD for ticket protection. diff --git a/ChangeLog.d/9892.txt b/ChangeLog.d/9892.txt new file mode 100644 index 0000000000..01d21b6e5f --- /dev/null +++ b/ChangeLog.d/9892.txt @@ -0,0 +1,4 @@ +Removals + * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was + already deprecated and superseeded by + mbedtls_x509write_crt_set_serial_raw(). diff --git a/ChangeLog.d/9956.txt b/ChangeLog.d/9956.txt new file mode 100644 index 0000000000..cea4af1ec6 --- /dev/null +++ b/ChangeLog.d/9956.txt @@ -0,0 +1,6 @@ +Removals + * Following the removal of DHM module (#9972 and TF-PSA-Crypto#175) the + following SSL functions are removed: + - mbedtls_ssl_conf_dh_param_bin + - mbedtls_ssl_conf_dh_param_ctx + - mbedtls_ssl_conf_dhm_min_bitlen diff --git a/ChangeLog.d/9964.txt b/ChangeLog.d/9964.txt new file mode 100644 index 0000000000..ca0cc4b48d --- /dev/null +++ b/ChangeLog.d/9964.txt @@ -0,0 +1,25 @@ +Removals + * Removal of the following sample programs: + pkey/rsa_genkey.c + pkey/pk_decrypt.c + pkey/dh_genprime.c + pkey/rsa_verify.c + pkey/mpi_demo.c + pkey/rsa_decrypt.c + pkey/key_app.c + pkey/dh_server.c + pkey/ecdh_curve25519.c + pkey/pk_encrypt.c + pkey/rsa_sign.c + pkey/key_app_writer.c + pkey/dh_client.c + pkey/ecdsa.c + pkey/rsa_encrypt.c + wince_main.c + aes/crypt_and_hash.c + random/gen_random_ctr_drbg.c + random/gen_entropy.c + hash/md_hmac_demo.c + hash/hello.c + hash/generic_sum.c + cipher/cipher_aead_demo.c diff --git a/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt b/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt new file mode 100644 index 0000000000..079cd741dc --- /dev/null +++ b/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt @@ -0,0 +1,4 @@ +Security + * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does + not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when + MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. diff --git a/ChangeLog.d/add-psa-iop-generate-key.txt b/ChangeLog.d/add-psa-iop-generate-key.txt new file mode 100644 index 0000000000..0f586ee197 --- /dev/null +++ b/ChangeLog.d/add-psa-iop-generate-key.txt @@ -0,0 +1,3 @@ +Features + * Add an interruptible version of generate key to the PSA interface. + See psa_generate_key_iop_setup() and related functions. diff --git a/ChangeLog.d/add-psa-iop-key-agreement.txt b/ChangeLog.d/add-psa-iop-key-agreement.txt new file mode 100644 index 0000000000..92dfde1843 --- /dev/null +++ b/ChangeLog.d/add-psa-iop-key-agreement.txt @@ -0,0 +1,4 @@ +Features + * Add an interruptible version of key agreement to the PSA interface. + See psa_key_agreement_iop_setup() and related functions. + diff --git a/ChangeLog.d/add-psa-key-agreement.txt b/ChangeLog.d/add-psa-key-agreement.txt new file mode 100644 index 0000000000..771e6e2602 --- /dev/null +++ b/ChangeLog.d/add-psa-key-agreement.txt @@ -0,0 +1,3 @@ +Features + * Add a new psa_key_agreement() PSA API to perform key agreement and return + an identifier for the newly created key. diff --git a/ChangeLog.d/add-tls-exporter.txt b/ChangeLog.d/add-tls-exporter.txt new file mode 100644 index 0000000000..1aea653e09 --- /dev/null +++ b/ChangeLog.d/add-tls-exporter.txt @@ -0,0 +1,6 @@ +Features + * Add the function mbedtls_ssl_export_keying_material() which allows the + client and server to extract additional shared symmetric keys from an SSL + session, according to the TLS-Exporter specification in RFC 8446 and 5705. + This requires MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to be defined in + mbedtls_config.h. diff --git a/ChangeLog.d/asn1-missing-guard-in-rsa.txt b/ChangeLog.d/asn1-missing-guard-in-rsa.txt new file mode 100644 index 0000000000..bb5b470881 --- /dev/null +++ b/ChangeLog.d/asn1-missing-guard-in-rsa.txt @@ -0,0 +1,3 @@ +Bugfix + * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled + as soon as MBEDTLS_RSA_C is enabled. Fixes #9041. diff --git a/ChangeLog.d/check-config.txt b/ChangeLog.d/check-config.txt new file mode 100644 index 0000000000..8570a11757 --- /dev/null +++ b/ChangeLog.d/check-config.txt @@ -0,0 +1,9 @@ +Changes + * Warn if mbedtls/check_config.h is included manually, as this can + lead to spurious errors. Error if a *adjust*.h header is included + manually, as this can lead to silently inconsistent configurations, + potentially resulting in buffer overflows. + When migrating from Mbed TLS 2.x, if you had a custom config.h that + included check_config.h, remove this inclusion from the Mbed TLS 3.x + configuration file (renamed to mbedtls_config.h). This change was made + in Mbed TLS 3.0, but was not announced in a changelog entry at the time. diff --git a/ChangeLog.d/configuration-split.txt b/ChangeLog.d/configuration-split.txt new file mode 100644 index 0000000000..f4d9bc63ac --- /dev/null +++ b/ChangeLog.d/configuration-split.txt @@ -0,0 +1,16 @@ +Changes + * Cryptography and platform configuration options have been migrated + from the Mbed TLS library configuration file mbedtls_config.h to + crypto_config.h that will become the TF-PSA-Crypto configuration file, + see config-split.md for more information. The reference and test custom + configuration files respectively in configs/ and tests/configs/ have + been updated accordingly. + To migrate custom Mbed TLS configurations where + MBEDTLS_PSA_CRYPTO_CONFIG is disabled, you should first adapt them + to the PSA configuration scheme based on PSA_WANT_XXX symbols + (see psa-conditional-inclusion-c.md for more information). + To migrate custom Mbed TLS configurations where + MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you should migrate the + cryptographic and platform configuration options from mbedtls_config.h + to crypto_config.h (see config-split.md for more information and configs/ + for examples). diff --git a/ChangeLog.d/dynamic-keystore.txt b/ChangeLog.d/dynamic-keystore.txt new file mode 100644 index 0000000000..c6aac3c991 --- /dev/null +++ b/ChangeLog.d/dynamic-keystore.txt @@ -0,0 +1,10 @@ +Features + * When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled, + the number of volatile PSA keys is virtually unlimited, at the expense + of increased code size. This option is off by default, but enabled in + the default mbedtls_config.h. Fixes #9216. + +Bugfix + * Fix interference between PSA volatile keys and built-in keys + when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and + MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096. diff --git a/ChangeLog.d/ecdsa-conversion-overflow.txt b/ChangeLog.d/ecdsa-conversion-overflow.txt new file mode 100644 index 0000000000..83b7f2f88b --- /dev/null +++ b/ChangeLog.d/ecdsa-conversion-overflow.txt @@ -0,0 +1,6 @@ +Security + * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and + mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the + largest supported curve. In some configurations with PSA disabled, + all values of bits are affected. This never happens in internal library + calls, but can affect applications that call these functions directly. diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt new file mode 100644 index 0000000000..bcf5ba1f3d --- /dev/null +++ b/ChangeLog.d/error-unification.txt @@ -0,0 +1,11 @@ +API changes + * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx() + functions can now return PSA_ERROR_xxx values. + There is no longer a distinction between "low-level" and "high-level" + Mbed TLS error codes. + This will not affect most applications since the error values are + between -32767 and -1 as before. + +Removals + * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(), + since these concepts no longer exists. There is just mbedtls_strerror(). diff --git a/ChangeLog.d/fix-aesni-asm-clobbers.txt b/ChangeLog.d/fix-aesni-asm-clobbers.txt new file mode 100644 index 0000000000..538f0c5115 --- /dev/null +++ b/ChangeLog.d/fix-aesni-asm-clobbers.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix missing constraints on the AES-NI inline assembly which is used on + GCC-like compilers when building AES for generic x86_64 targets. This + may have resulted in incorrect code with some compilers, depending on + optimizations. Fixes #9819. diff --git a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt new file mode 100644 index 0000000000..7ae1c68a40 --- /dev/null +++ b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled + but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188. diff --git a/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt b/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt new file mode 100644 index 0000000000..11e7d25392 --- /dev/null +++ b/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix compilation error when memcpy() is a function-like macros. Fixes #8994. diff --git a/ChangeLog.d/fix-compilation-with-djgpp.txt b/ChangeLog.d/fix-compilation-with-djgpp.txt new file mode 100644 index 0000000000..5b79fb69de --- /dev/null +++ b/ChangeLog.d/fix-compilation-with-djgpp.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix compilation on MS-DOS DJGPP. Fixes #9813. diff --git a/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt b/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt new file mode 100644 index 0000000000..8a406a12e8 --- /dev/null +++ b/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix rare concurrent access bug where attempting to operate on a + non-existent key while concurrently creating a new key could potentially + corrupt the key store. diff --git a/ChangeLog.d/fix-driver-schema-check.txt b/ChangeLog.d/fix-driver-schema-check.txt new file mode 100644 index 0000000000..9b6d8acd6e --- /dev/null +++ b/ChangeLog.d/fix-driver-schema-check.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix invalid JSON schemas for driver descriptions used by + generate_driver_wrappers.py. diff --git a/ChangeLog.d/fix-legacy-compression-issue.txt b/ChangeLog.d/fix-legacy-compression-issue.txt new file mode 100644 index 0000000000..2549af8733 --- /dev/null +++ b/ChangeLog.d/fix-legacy-compression-issue.txt @@ -0,0 +1,6 @@ +Bugfix + * Fixes an issue where some TLS 1.2 clients could not connect to an + Mbed TLS 3.6.0 server, due to incorrect handling of + legacy_compression_methods in the ClientHello. + fixes #8995, #9243. + diff --git a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt new file mode 100644 index 0000000000..eefda618ca --- /dev/null +++ b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that + occurred whenever SSL debugging was enabled on a copy of Mbed TLS built + with Visual Studio 2013 or MinGW. + Fixes #10017. diff --git a/ChangeLog.d/fix-psa-cmac.txt b/ChangeLog.d/fix-psa-cmac.txt new file mode 100644 index 0000000000..e3c8aecc2d --- /dev/null +++ b/ChangeLog.d/fix-psa-cmac.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in + CMAC is enabled, but no built-in unauthenticated cipher is enabled. + Fixes #9209. diff --git a/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt b/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt new file mode 100644 index 0000000000..b5c26505c2 --- /dev/null +++ b/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix issue of redefinition warning messages for _GNU_SOURCE in + entropy_poll.c and sha_256.c. There was a build warning during + building for linux platform. + Resolves #9026 diff --git a/ChangeLog.d/fix-rsa-performance-regression.txt b/ChangeLog.d/fix-rsa-performance-regression.txt new file mode 100644 index 0000000000..603612a314 --- /dev/null +++ b/ChangeLog.d/fix-rsa-performance-regression.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix unintended performance regression when using short RSA public keys. + Fixes #9232. diff --git a/ChangeLog.d/fix-secure-element-key-creation.txt b/ChangeLog.d/fix-secure-element-key-creation.txt new file mode 100644 index 0000000000..23a46c068d --- /dev/null +++ b/ChangeLog.d/fix-secure-element-key-creation.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix error handling when creating a key in a dynamic secure element + (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition, + the creation could return PSA_SUCCESS but using or destroying the key + would not work. Fixes #8537. diff --git a/ChangeLog.d/fix-server-mode-only-build.txt b/ChangeLog.d/fix-server-mode-only-build.txt new file mode 100644 index 0000000000..d1d8341f79 --- /dev/null +++ b/ChangeLog.d/fix-server-mode-only-build.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but + MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186. diff --git a/ChangeLog.d/fix-string-to-names-memory-management.txt b/ChangeLog.d/fix-string-to-names-memory-management.txt new file mode 100644 index 0000000000..87bc59694f --- /dev/null +++ b/ChangeLog.d/fix-string-to-names-memory-management.txt @@ -0,0 +1,18 @@ +Security + * Fix possible use-after-free or double-free in code calling + mbedtls_x509_string_to_names(). This was caused by the function calling + mbedtls_asn1_free_named_data_list() on its head argument, while the + documentation did no suggest it did, making it likely for callers relying + on the documented behaviour to still hold pointers to memory blocks after + they were free()d, resulting in high risk of use-after-free or double-free, + with consequences ranging up to arbitrary code execution. + In particular, the two sample programs x509/cert_write and x509/cert_req + were affected (use-after-free if the san string contains more than one DN). + Code that does not call mbedtls_string_to_names() directly is not affected. + Found by Linh Le and Ngan Nguyen from Calif. + +Changes + * The function mbedtls_x509_string_to_names() now requires its head argument + to point to NULL on entry. This makes it likely that existing risky uses of + this function (see the entry in the Security section) will be detected and + fixed. diff --git a/ChangeLog.d/fix-string-to-names-store-named-data.txt b/ChangeLog.d/fix-string-to-names-store-named-data.txt new file mode 100644 index 0000000000..e517cbb72a --- /dev/null +++ b/ChangeLog.d/fix-string-to-names-store-named-data.txt @@ -0,0 +1,8 @@ +Security + * Fix a bug in mbedtls_x509_string_to_names() and the + mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions, + where some inputs would cause an inconsistent state to be reached, causing + a NULL dereference either in the function itself, or in subsequent + users of the output structure, such as mbedtls_x509_write_names(). This + only affects applications that create (as opposed to consume) X.509 + certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif. diff --git a/ChangeLog.d/fix-test-suite-pk-warnings.txt b/ChangeLog.d/fix-test-suite-pk-warnings.txt new file mode 100644 index 0000000000..26042193cc --- /dev/null +++ b/ChangeLog.d/fix-test-suite-pk-warnings.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled. + Fixes #9029. diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt new file mode 100644 index 0000000000..b81fb426a7 --- /dev/null +++ b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt @@ -0,0 +1,11 @@ +Security + * With TLS 1.3, when a server enables optional authentication of the + client, if the client-provided certificate does not have appropriate values + in keyUsage or extKeyUsage extensions, then the return value of + mbedtls_ssl_get_verify_result() would incorrectly have the + MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits + clear. As a result, an attacker that had a certificate valid for uses other + than TLS client authentication could be able to use it for TLS client + authentication anyway. Only TLS 1.3 servers were affected, and only with + optional authentication (required would abort the handshake with a fatal + alert). diff --git a/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt b/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt new file mode 100644 index 0000000000..e4726a45d7 --- /dev/null +++ b/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix undefined behaviour (incrementing a NULL pointer by zero length) when + passing in zero length additional data to multipart AEAD. diff --git a/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt b/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt new file mode 100644 index 0000000000..69c00e1a77 --- /dev/null +++ b/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt @@ -0,0 +1,3 @@ +Changes + * Improve performance of PSA key generation with ECC keys: it no longer + computes the public key (which was immediately discarded). Fixes #9732. diff --git a/ChangeLog.d/mbedtls_psa_register_se_key.txt b/ChangeLog.d/mbedtls_psa_register_se_key.txt new file mode 100644 index 0000000000..2fc2751ac0 --- /dev/null +++ b/ChangeLog.d/mbedtls_psa_register_se_key.txt @@ -0,0 +1,3 @@ +Bugfix + * Document and enforce the limitation of mbedtls_psa_register_se_key() + to persistent keys. Resolves #9253. diff --git a/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt b/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt new file mode 100644 index 0000000000..dba25af611 --- /dev/null +++ b/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix a memory leak that could occur when failing to process an RSA + key through some PSA functions due to low memory conditions. diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt new file mode 100644 index 0000000000..250a5baafa --- /dev/null +++ b/ChangeLog.d/mbedtls_ssl_set_hostname.txt @@ -0,0 +1,16 @@ +Default behavior changes + * In TLS clients, if mbedtls_ssl_set_hostname() has not been called, + mbedtls_ssl_handshake() now fails with + MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + if certificate-based authentication of the server is attempted. + This is because authenticating a server without knowing what name + to expect is usually insecure. + +Security + * Note that TLS clients should generally call mbedtls_ssl_set_hostname() + if they use certificate authentication (i.e. not pre-shared keys). + Otherwise, in many scenarios, the server could be impersonated. + The library will now prevent the handshake and return + MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + if mbedtls_ssl_set_hostname() has not been called. + Reported by Daniel Stenberg. diff --git a/ChangeLog.d/oid.txt b/ChangeLog.d/oid.txt new file mode 100644 index 0000000000..53828d85b1 --- /dev/null +++ b/ChangeLog.d/oid.txt @@ -0,0 +1,8 @@ +Removals + * The library no longer offers interfaces to look up values by OID + or OID by enum values. + The header now only defines functions to convert + between binary and dotted string OID representations, and macros + for OID strings that are relevant to X.509. + The compilation option MBEDTLS_OID_C no longer + exists. OID tables are included in the build automatically as needed. diff --git a/ChangeLog.d/pk-norsa-warning.txt b/ChangeLog.d/pk-norsa-warning.txt new file mode 100644 index 0000000000..d00aa8a870 --- /dev/null +++ b/ChangeLog.d/pk-norsa-warning.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled. diff --git a/ChangeLog.d/psa-always-on.txt b/ChangeLog.d/psa-always-on.txt new file mode 100644 index 0000000000..45f4d9b101 --- /dev/null +++ b/ChangeLog.d/psa-always-on.txt @@ -0,0 +1,10 @@ +Default behavior changes + * The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem + to perform cryptographic operations, with a few exceptions documented + in docs/architecture/psa-migration/psa-limitations.md. This + corresponds to the behavior of Mbed TLS 3.x when + MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO + is now always enabled. + * psa_crypto_init() must be called before performing any cryptographic + operation, including indirect requests such as parsing a key or + certificate or starting a TLS handshake. diff --git a/ChangeLog.d/psa-crypto-config-always-on.txt b/ChangeLog.d/psa-crypto-config-always-on.txt new file mode 100644 index 0000000000..d255f8c3c1 --- /dev/null +++ b/ChangeLog.d/psa-crypto-config-always-on.txt @@ -0,0 +1,7 @@ +Default behavior changes + * The `PSA_WANT_XXX` symbols as defined in + tf-psa-crypto/include/psa/crypto_config.h are now always used in the + configuration of the cryptographic mechanisms exposed by the PSA API. + This corresponds to the configuration behavior of Mbed TLS 3.x when + MBEDTLS_PSA_CRYPTO_CONFIG is enabled. In effect, MBEDTLS_PSA_CRYPTO_CONFIG + is now always enabled and the configuration option has been removed. diff --git a/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt b/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt new file mode 100644 index 0000000000..39e03b93ba --- /dev/null +++ b/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes + long. Credit to Cryptofuzz. Fixes #9314. diff --git a/ChangeLog.d/psa_generate_key_custom.txt b/ChangeLog.d/psa_generate_key_custom.txt new file mode 100644 index 0000000000..3fc1bd7d1f --- /dev/null +++ b/ChangeLog.d/psa_generate_key_custom.txt @@ -0,0 +1,9 @@ +API changes + * The experimental functions psa_generate_key_ext() and + psa_key_derivation_output_key_ext() have been replaced by + psa_generate_key_custom() and psa_key_derivation_output_key_custom(). + They have almost exactly the same interface, but the variable-length + data is passed in a separate parameter instead of a flexible array + member. This resolves a build failure under C++ compilers that do not + support flexible array members (a C99 feature not adopted by C++). + Fixes #9020. diff --git a/ChangeLog.d/psa_util-bits-0.txt b/ChangeLog.d/psa_util-bits-0.txt new file mode 100644 index 0000000000..9aa70ad978 --- /dev/null +++ b/ChangeLog.d/psa_util-bits-0.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix undefined behavior in some cases when mbedtls_psa_raw_to_der() or + mbedtls_psa_der_to_raw() is called with bits=0. diff --git a/ChangeLog.d/psa_util_in_builds_without_psa.txt b/ChangeLog.d/psa_util_in_builds_without_psa.txt new file mode 100644 index 0000000000..7c0866dd30 --- /dev/null +++ b/ChangeLog.d/psa_util_in_builds_without_psa.txt @@ -0,0 +1,5 @@ +Bugfix + * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled, + some code was defining 0-size arrays, resulting in compilation errors. + Fixed by disabling the offending code in configurations without PSA + Crypto, where it never worked. Fixes #9311. diff --git a/ChangeLog.d/removal-of-rng.txt b/ChangeLog.d/removal-of-rng.txt new file mode 100644 index 0000000000..a8a19f4ee3 --- /dev/null +++ b/ChangeLog.d/removal-of-rng.txt @@ -0,0 +1,5 @@ +API changes + * All API functions now use the PSA random generator psa_get_random() + internally. As a consequence, functions no longer take RNG parameters. + Please refer to the migration guide at : + tf-psa-crypto/docs/4.0-migration-guide.md. diff --git a/ChangeLog.d/remove-compat-2.x.txt b/ChangeLog.d/remove-compat-2.x.txt new file mode 100644 index 0000000000..37f012c217 --- /dev/null +++ b/ChangeLog.d/remove-compat-2.x.txt @@ -0,0 +1,2 @@ +Removals + * Remove compat-2-x.h header from mbedtls. diff --git a/ChangeLog.d/remove-crypto-alt-interface.txt b/ChangeLog.d/remove-crypto-alt-interface.txt new file mode 100644 index 0000000000..f9ab4c221c --- /dev/null +++ b/ChangeLog.d/remove-crypto-alt-interface.txt @@ -0,0 +1,5 @@ +Removals + * Drop support for crypto alt interface. Removes MBEDTLS_XXX_ALT options + at the module and function level for crypto mechanisms only. The remaining + alt interfaces for platform, threading and timing are unchanged. + Fixes #8149. diff --git a/ChangeLog.d/remove-via-padlock-support.txt b/ChangeLog.d/remove-via-padlock-support.txt new file mode 100644 index 0000000000..a3f4b96573 --- /dev/null +++ b/ChangeLog.d/remove-via-padlock-support.txt @@ -0,0 +1,3 @@ +Removals + * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C. + Fixes #5903. diff --git a/ChangeLog.d/remove_RSA_key_exchange.txt b/ChangeLog.d/remove_RSA_key_exchange.txt new file mode 100644 index 0000000000..f9baaf1701 --- /dev/null +++ b/ChangeLog.d/remove_RSA_key_exchange.txt @@ -0,0 +1,2 @@ +Removals + * Remove support for the RSA key exchange in TLS 1.2. diff --git a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt b/ChangeLog.d/replace-close-with-mbedtls_net_close.txt new file mode 100644 index 0000000000..213cf55b40 --- /dev/null +++ b/ChangeLog.d/replace-close-with-mbedtls_net_close.txt @@ -0,0 +1,4 @@ +Bugfix + * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind' + and 'mbedtls_net_connect' to prevent possible double close fd + problems. Fixes #9711. diff --git a/ChangeLog.d/repo-split.txt b/ChangeLog.d/repo-split.txt new file mode 100644 index 0000000000..f03b5ed7fe --- /dev/null +++ b/ChangeLog.d/repo-split.txt @@ -0,0 +1,5 @@ +Changes + * Move the crypto part of the library (content of tf-psa-crypto directory) + from the Mbed TLS to the TF-PSA-Crypto repository. The crypto code and + tests development will now occur in TF-PSA-Crypto, which Mbed TLS + references as a Git submodule. diff --git a/ChangeLog.d/rm-ssl-conf-curves.txt b/ChangeLog.d/rm-ssl-conf-curves.txt new file mode 100644 index 0000000000..4b29adc4c9 --- /dev/null +++ b/ChangeLog.d/rm-ssl-conf-curves.txt @@ -0,0 +1,4 @@ +Removals + * Remove the function mbedtls_ssl_conf_curves() which had been deprecated + in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1. + diff --git a/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt b/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt new file mode 100644 index 0000000000..938e9eccb6 --- /dev/null +++ b/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt @@ -0,0 +1,4 @@ +Changes + * Functions regarding numeric string conversions for OIDs have been moved + from the OID module and now reside in X.509 module. This helps to reduce + the code size as these functions are not commonly used outside of X.509. diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt new file mode 100644 index 0000000000..6bab02a029 --- /dev/null +++ b/ChangeLog.d/tls-hs-defrag-in.txt @@ -0,0 +1,7 @@ +Bugfix + * Support re-assembly of fragmented handshake messages in TLS (both + 1.2 and 1.3). The lack of support was causing handshake failures with + some servers, especially with TLS 1.3 in practice. There are a few + limitations, notably a fragmented ClientHello is only supported when + TLS 1.3 support is enabled. See the documentation of + mbedtls_ssl_handshake() for details. diff --git a/ChangeLog.d/tls-key-exchange-rsa.txt b/ChangeLog.d/tls-key-exchange-rsa.txt new file mode 100644 index 0000000000..4df6b3e303 --- /dev/null +++ b/ChangeLog.d/tls-key-exchange-rsa.txt @@ -0,0 +1,2 @@ +Removals + * Remove support for the RSA-PSK key exchange in TLS 1.2. diff --git a/ChangeLog.d/tls12-check-finished-calc.txt b/ChangeLog.d/tls12-check-finished-calc.txt new file mode 100644 index 0000000000..cd52d32ffd --- /dev/null +++ b/ChangeLog.d/tls12-check-finished-calc.txt @@ -0,0 +1,6 @@ +Security + * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed + or there was a cryptographic hardware failure when calculating the + Finished message, it could be calculated incorrectly. This would break + the security guarantees of the TLS handshake. + CVE-2025-27810 diff --git a/ChangeLog.d/tls13-cert-regressions.txt b/ChangeLog.d/tls13-cert-regressions.txt new file mode 100644 index 0000000000..8dd8a327d6 --- /dev/null +++ b/ChangeLog.d/tls13-cert-regressions.txt @@ -0,0 +1,18 @@ +Bugfix + * Fixed a regression introduced in 3.6.0 where the CA callback set with + mbedtls_ssl_conf_ca_cb() would stop working when connections were + upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS + 1.3. + * Fixed a regression introduced in 3.6.0 where clients that relied on + optional/none authentication mode, by calling mbedtls_ssl_conf_authmode() + with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop + working when connections were upgraded to TLS 1.3. Fixed by adding + support for optional/none with TLS 1.3 as well. Note that the TLS 1.3 + standard makes server authentication mandatory; users are advised not to + use authmode none, and to carefully check the results when using optional + mode. + * Fixed a regression introduced in 3.6.0 where context-specific certificate + verify callbacks, set with mbedtls_ssl_set_verify() as opposed to + mbedtls_ssl_conf_verify(), would stop working when connections were + upgraded to TLS 1.3. Fixed by adding support for context-specific verify + callback in TLS 1.3. diff --git a/ChangeLog.d/tls13-middlebox-compat-disabled.txt b/ChangeLog.d/tls13-middlebox-compat-disabled.txt new file mode 100644 index 0000000000..f5331bc063 --- /dev/null +++ b/ChangeLog.d/tls13-middlebox-compat-disabled.txt @@ -0,0 +1,4 @@ +Bugfix + * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with + peers that have middlebox compatibility enabled, as long as no + problematic middlebox is in the way. Fixes #9551. diff --git a/ChangeLog.d/tls13-without-tickets.txt b/ChangeLog.d/tls13-without-tickets.txt new file mode 100644 index 0000000000..8ceef21ee5 --- /dev/null +++ b/ChangeLog.d/tls13-without-tickets.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix TLS 1.3 client build and runtime when support for session tickets is + disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395. diff --git a/ChangeLog.d/unterminated-string-initialization.txt b/ChangeLog.d/unterminated-string-initialization.txt new file mode 100644 index 0000000000..75a72cae6b --- /dev/null +++ b/ChangeLog.d/unterminated-string-initialization.txt @@ -0,0 +1,3 @@ +Bugfix + * Silence spurious -Wunterminated-string-initialization warnings introduced + by GCC 15. Fixes #9944. From 120914be2249e46f4013b395602d6867459f8b09 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 11 Sep 2025 22:48:18 +0100 Subject: [PATCH 1052/1548] Removed entries already in tf-psa-crypto Clog ripgrep was used to check against the tf-psa-crypto.v1.0.0-beta Changelog. rg --multiline -F -f {changelog_to_check}.txt -o ../tf-psa-crypto-ChangeLog Signed-off-by: Minos Galanakis --- ChangeLog.d/oid.txt | 8 -------- ChangeLog.d/removal-of-rng.txt | 5 ----- ChangeLog.d/unterminated-string-initialization.txt | 3 --- 3 files changed, 16 deletions(-) delete mode 100644 ChangeLog.d/oid.txt delete mode 100644 ChangeLog.d/removal-of-rng.txt delete mode 100644 ChangeLog.d/unterminated-string-initialization.txt diff --git a/ChangeLog.d/oid.txt b/ChangeLog.d/oid.txt deleted file mode 100644 index 53828d85b1..0000000000 --- a/ChangeLog.d/oid.txt +++ /dev/null @@ -1,8 +0,0 @@ -Removals - * The library no longer offers interfaces to look up values by OID - or OID by enum values. - The header now only defines functions to convert - between binary and dotted string OID representations, and macros - for OID strings that are relevant to X.509. - The compilation option MBEDTLS_OID_C no longer - exists. OID tables are included in the build automatically as needed. diff --git a/ChangeLog.d/removal-of-rng.txt b/ChangeLog.d/removal-of-rng.txt deleted file mode 100644 index a8a19f4ee3..0000000000 --- a/ChangeLog.d/removal-of-rng.txt +++ /dev/null @@ -1,5 +0,0 @@ -API changes - * All API functions now use the PSA random generator psa_get_random() - internally. As a consequence, functions no longer take RNG parameters. - Please refer to the migration guide at : - tf-psa-crypto/docs/4.0-migration-guide.md. diff --git a/ChangeLog.d/unterminated-string-initialization.txt b/ChangeLog.d/unterminated-string-initialization.txt deleted file mode 100644 index 75a72cae6b..0000000000 --- a/ChangeLog.d/unterminated-string-initialization.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Silence spurious -Wunterminated-string-initialization warnings introduced - by GCC 15. Fixes #9944. From 5bb46ef737cd2daf2f113964c189edda422a082d Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 10 Sep 2025 10:36:24 +0100 Subject: [PATCH 1053/1548] Moved TLS related changelogs Signed-off-by: Minos Galanakis --- ChangeLog.d/{ => tls}/9684.txt | 0 ChangeLog.d/{ => tls}/9685.txt | 0 ChangeLog.d/{ => tls}/9956.txt | 0 ChangeLog.d/{ => tls}/fix-legacy-compression-issue.txt | 0 ChangeLog.d/{ => tls}/fix_reporting_of_key_usage_issues.txt | 0 ChangeLog.d/{ => tls}/remove_RSA_key_exchange.txt | 0 ChangeLog.d/{ => tls}/tls-hs-defrag-in.txt | 0 ChangeLog.d/{ => tls}/tls-key-exchange-rsa.txt | 0 ChangeLog.d/{ => tls}/tls12-check-finished-calc.txt | 0 ChangeLog.d/{ => tls}/tls13-cert-regressions.txt | 0 ChangeLog.d/{ => tls}/tls13-without-tickets.txt | 0 11 files changed, 0 insertions(+), 0 deletions(-) rename ChangeLog.d/{ => tls}/9684.txt (100%) rename ChangeLog.d/{ => tls}/9685.txt (100%) rename ChangeLog.d/{ => tls}/9956.txt (100%) rename ChangeLog.d/{ => tls}/fix-legacy-compression-issue.txt (100%) rename ChangeLog.d/{ => tls}/fix_reporting_of_key_usage_issues.txt (100%) rename ChangeLog.d/{ => tls}/remove_RSA_key_exchange.txt (100%) rename ChangeLog.d/{ => tls}/tls-hs-defrag-in.txt (100%) rename ChangeLog.d/{ => tls}/tls-key-exchange-rsa.txt (100%) rename ChangeLog.d/{ => tls}/tls12-check-finished-calc.txt (100%) rename ChangeLog.d/{ => tls}/tls13-cert-regressions.txt (100%) rename ChangeLog.d/{ => tls}/tls13-without-tickets.txt (100%) diff --git a/ChangeLog.d/9684.txt b/ChangeLog.d/tls/9684.txt similarity index 100% rename from ChangeLog.d/9684.txt rename to ChangeLog.d/tls/9684.txt diff --git a/ChangeLog.d/9685.txt b/ChangeLog.d/tls/9685.txt similarity index 100% rename from ChangeLog.d/9685.txt rename to ChangeLog.d/tls/9685.txt diff --git a/ChangeLog.d/9956.txt b/ChangeLog.d/tls/9956.txt similarity index 100% rename from ChangeLog.d/9956.txt rename to ChangeLog.d/tls/9956.txt diff --git a/ChangeLog.d/fix-legacy-compression-issue.txt b/ChangeLog.d/tls/fix-legacy-compression-issue.txt similarity index 100% rename from ChangeLog.d/fix-legacy-compression-issue.txt rename to ChangeLog.d/tls/fix-legacy-compression-issue.txt diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/tls/fix_reporting_of_key_usage_issues.txt similarity index 100% rename from ChangeLog.d/fix_reporting_of_key_usage_issues.txt rename to ChangeLog.d/tls/fix_reporting_of_key_usage_issues.txt diff --git a/ChangeLog.d/remove_RSA_key_exchange.txt b/ChangeLog.d/tls/remove_RSA_key_exchange.txt similarity index 100% rename from ChangeLog.d/remove_RSA_key_exchange.txt rename to ChangeLog.d/tls/remove_RSA_key_exchange.txt diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls/tls-hs-defrag-in.txt similarity index 100% rename from ChangeLog.d/tls-hs-defrag-in.txt rename to ChangeLog.d/tls/tls-hs-defrag-in.txt diff --git a/ChangeLog.d/tls-key-exchange-rsa.txt b/ChangeLog.d/tls/tls-key-exchange-rsa.txt similarity index 100% rename from ChangeLog.d/tls-key-exchange-rsa.txt rename to ChangeLog.d/tls/tls-key-exchange-rsa.txt diff --git a/ChangeLog.d/tls12-check-finished-calc.txt b/ChangeLog.d/tls/tls12-check-finished-calc.txt similarity index 100% rename from ChangeLog.d/tls12-check-finished-calc.txt rename to ChangeLog.d/tls/tls12-check-finished-calc.txt diff --git a/ChangeLog.d/tls13-cert-regressions.txt b/ChangeLog.d/tls/tls13-cert-regressions.txt similarity index 100% rename from ChangeLog.d/tls13-cert-regressions.txt rename to ChangeLog.d/tls/tls13-cert-regressions.txt diff --git a/ChangeLog.d/tls13-without-tickets.txt b/ChangeLog.d/tls/tls13-without-tickets.txt similarity index 100% rename from ChangeLog.d/tls13-without-tickets.txt rename to ChangeLog.d/tls/tls13-without-tickets.txt From f47c86561d6d8e3150760c39f68e1e231b567d85 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 10 Sep 2025 10:39:24 +0100 Subject: [PATCH 1054/1548] Moved x509 related changelogs Signed-off-by: Minos Galanakis --- ChangeLog.d/{ => x509}/9892.txt | 0 ChangeLog.d/{ => x509}/fix-string-to-names-memory-management.txt | 0 ChangeLog.d/{ => x509}/fix-string-to-names-store-named-data.txt | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename ChangeLog.d/{ => x509}/9892.txt (100%) rename ChangeLog.d/{ => x509}/fix-string-to-names-memory-management.txt (100%) rename ChangeLog.d/{ => x509}/fix-string-to-names-store-named-data.txt (100%) diff --git a/ChangeLog.d/9892.txt b/ChangeLog.d/x509/9892.txt similarity index 100% rename from ChangeLog.d/9892.txt rename to ChangeLog.d/x509/9892.txt diff --git a/ChangeLog.d/fix-string-to-names-memory-management.txt b/ChangeLog.d/x509/fix-string-to-names-memory-management.txt similarity index 100% rename from ChangeLog.d/fix-string-to-names-memory-management.txt rename to ChangeLog.d/x509/fix-string-to-names-memory-management.txt diff --git a/ChangeLog.d/fix-string-to-names-store-named-data.txt b/ChangeLog.d/x509/fix-string-to-names-store-named-data.txt similarity index 100% rename from ChangeLog.d/fix-string-to-names-store-named-data.txt rename to ChangeLog.d/x509/fix-string-to-names-store-named-data.txt From a439ac57d113fc400bd2371fe97b7c05e5802793 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 10 Sep 2025 10:41:29 +0100 Subject: [PATCH 1055/1548] moved psa changelogs Signed-off-by: Minos Galanakis --- ChangeLog.d/{ => psa}/9126.txt | 0 ChangeLog.d/{ => psa}/9302.txt | 0 ChangeLog.d/{ => psa}/9690.txt | 0 ChangeLog.d/{ => psa}/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt | 0 ChangeLog.d/{ => psa}/add-psa-iop-generate-key.txt | 0 ChangeLog.d/{ => psa}/add-psa-iop-key-agreement.txt | 0 ChangeLog.d/{ => psa}/add-psa-key-agreement.txt | 0 ChangeLog.d/{ => psa}/configuration-split.txt | 0 ChangeLog.d/{ => psa}/dynamic-keystore.txt | 0 ChangeLog.d/{ => psa}/ecdsa-conversion-overflow.txt | 0 ChangeLog.d/{ => psa}/fix-aesni-asm-clobbers.txt | 0 ChangeLog.d/{ => psa}/fix-clang-psa-build-without-dhm.txt | 0 ChangeLog.d/{ => psa}/fix-psa-cmac.txt | 0 .../fix-redefination_warning_messages_for_GNU_SOURCE.txt | 0 ChangeLog.d/{ => psa}/fix-rsa-performance-regression.txt | 0 ChangeLog.d/{ => psa}/fix-secure-element-key-creation.txt | 0 ChangeLog.d/{ => psa}/fix-test-suite-pk-warnings.txt | 0 ChangeLog.d/{ => psa}/fix_ubsan_mp_aead_gcm.txt | 0 .../{ => psa}/mbedtls_psa_ecp_generate_key-no_public_key.txt | 0 ChangeLog.d/{ => psa}/mbedtls_psa_register_se_key.txt | 0 .../{ => psa}/mbedtls_psa_rsa_load_representation-memory_leak.txt | 0 ChangeLog.d/{ => psa}/pk-norsa-warning.txt | 0 ChangeLog.d/{ => psa}/psa-always-on.txt | 0 ChangeLog.d/{ => psa}/psa-crypto-config-always-on.txt | 0 .../psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt | 0 ChangeLog.d/{ => psa}/psa_generate_key_custom.txt | 0 ChangeLog.d/{ => psa}/psa_util_in_builds_without_psa.txt | 0 ChangeLog.d/{ => psa}/remove-crypto-alt-interface.txt | 0 ChangeLog.d/{ => psa}/remove-via-padlock-support.txt | 0 29 files changed, 0 insertions(+), 0 deletions(-) rename ChangeLog.d/{ => psa}/9126.txt (100%) rename ChangeLog.d/{ => psa}/9302.txt (100%) rename ChangeLog.d/{ => psa}/9690.txt (100%) rename ChangeLog.d/{ => psa}/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt (100%) rename ChangeLog.d/{ => psa}/add-psa-iop-generate-key.txt (100%) rename ChangeLog.d/{ => psa}/add-psa-iop-key-agreement.txt (100%) rename ChangeLog.d/{ => psa}/add-psa-key-agreement.txt (100%) rename ChangeLog.d/{ => psa}/configuration-split.txt (100%) rename ChangeLog.d/{ => psa}/dynamic-keystore.txt (100%) rename ChangeLog.d/{ => psa}/ecdsa-conversion-overflow.txt (100%) rename ChangeLog.d/{ => psa}/fix-aesni-asm-clobbers.txt (100%) rename ChangeLog.d/{ => psa}/fix-clang-psa-build-without-dhm.txt (100%) rename ChangeLog.d/{ => psa}/fix-psa-cmac.txt (100%) rename ChangeLog.d/{ => psa}/fix-redefination_warning_messages_for_GNU_SOURCE.txt (100%) rename ChangeLog.d/{ => psa}/fix-rsa-performance-regression.txt (100%) rename ChangeLog.d/{ => psa}/fix-secure-element-key-creation.txt (100%) rename ChangeLog.d/{ => psa}/fix-test-suite-pk-warnings.txt (100%) rename ChangeLog.d/{ => psa}/fix_ubsan_mp_aead_gcm.txt (100%) rename ChangeLog.d/{ => psa}/mbedtls_psa_ecp_generate_key-no_public_key.txt (100%) rename ChangeLog.d/{ => psa}/mbedtls_psa_register_se_key.txt (100%) rename ChangeLog.d/{ => psa}/mbedtls_psa_rsa_load_representation-memory_leak.txt (100%) rename ChangeLog.d/{ => psa}/pk-norsa-warning.txt (100%) rename ChangeLog.d/{ => psa}/psa-always-on.txt (100%) rename ChangeLog.d/{ => psa}/psa-crypto-config-always-on.txt (100%) rename ChangeLog.d/{ => psa}/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt (100%) rename ChangeLog.d/{ => psa}/psa_generate_key_custom.txt (100%) rename ChangeLog.d/{ => psa}/psa_util_in_builds_without_psa.txt (100%) rename ChangeLog.d/{ => psa}/remove-crypto-alt-interface.txt (100%) rename ChangeLog.d/{ => psa}/remove-via-padlock-support.txt (100%) diff --git a/ChangeLog.d/9126.txt b/ChangeLog.d/psa/9126.txt similarity index 100% rename from ChangeLog.d/9126.txt rename to ChangeLog.d/psa/9126.txt diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/psa/9302.txt similarity index 100% rename from ChangeLog.d/9302.txt rename to ChangeLog.d/psa/9302.txt diff --git a/ChangeLog.d/9690.txt b/ChangeLog.d/psa/9690.txt similarity index 100% rename from ChangeLog.d/9690.txt rename to ChangeLog.d/psa/9690.txt diff --git a/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt b/ChangeLog.d/psa/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt similarity index 100% rename from ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt rename to ChangeLog.d/psa/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt diff --git a/ChangeLog.d/add-psa-iop-generate-key.txt b/ChangeLog.d/psa/add-psa-iop-generate-key.txt similarity index 100% rename from ChangeLog.d/add-psa-iop-generate-key.txt rename to ChangeLog.d/psa/add-psa-iop-generate-key.txt diff --git a/ChangeLog.d/add-psa-iop-key-agreement.txt b/ChangeLog.d/psa/add-psa-iop-key-agreement.txt similarity index 100% rename from ChangeLog.d/add-psa-iop-key-agreement.txt rename to ChangeLog.d/psa/add-psa-iop-key-agreement.txt diff --git a/ChangeLog.d/add-psa-key-agreement.txt b/ChangeLog.d/psa/add-psa-key-agreement.txt similarity index 100% rename from ChangeLog.d/add-psa-key-agreement.txt rename to ChangeLog.d/psa/add-psa-key-agreement.txt diff --git a/ChangeLog.d/configuration-split.txt b/ChangeLog.d/psa/configuration-split.txt similarity index 100% rename from ChangeLog.d/configuration-split.txt rename to ChangeLog.d/psa/configuration-split.txt diff --git a/ChangeLog.d/dynamic-keystore.txt b/ChangeLog.d/psa/dynamic-keystore.txt similarity index 100% rename from ChangeLog.d/dynamic-keystore.txt rename to ChangeLog.d/psa/dynamic-keystore.txt diff --git a/ChangeLog.d/ecdsa-conversion-overflow.txt b/ChangeLog.d/psa/ecdsa-conversion-overflow.txt similarity index 100% rename from ChangeLog.d/ecdsa-conversion-overflow.txt rename to ChangeLog.d/psa/ecdsa-conversion-overflow.txt diff --git a/ChangeLog.d/fix-aesni-asm-clobbers.txt b/ChangeLog.d/psa/fix-aesni-asm-clobbers.txt similarity index 100% rename from ChangeLog.d/fix-aesni-asm-clobbers.txt rename to ChangeLog.d/psa/fix-aesni-asm-clobbers.txt diff --git a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt b/ChangeLog.d/psa/fix-clang-psa-build-without-dhm.txt similarity index 100% rename from ChangeLog.d/fix-clang-psa-build-without-dhm.txt rename to ChangeLog.d/psa/fix-clang-psa-build-without-dhm.txt diff --git a/ChangeLog.d/fix-psa-cmac.txt b/ChangeLog.d/psa/fix-psa-cmac.txt similarity index 100% rename from ChangeLog.d/fix-psa-cmac.txt rename to ChangeLog.d/psa/fix-psa-cmac.txt diff --git a/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt b/ChangeLog.d/psa/fix-redefination_warning_messages_for_GNU_SOURCE.txt similarity index 100% rename from ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt rename to ChangeLog.d/psa/fix-redefination_warning_messages_for_GNU_SOURCE.txt diff --git a/ChangeLog.d/fix-rsa-performance-regression.txt b/ChangeLog.d/psa/fix-rsa-performance-regression.txt similarity index 100% rename from ChangeLog.d/fix-rsa-performance-regression.txt rename to ChangeLog.d/psa/fix-rsa-performance-regression.txt diff --git a/ChangeLog.d/fix-secure-element-key-creation.txt b/ChangeLog.d/psa/fix-secure-element-key-creation.txt similarity index 100% rename from ChangeLog.d/fix-secure-element-key-creation.txt rename to ChangeLog.d/psa/fix-secure-element-key-creation.txt diff --git a/ChangeLog.d/fix-test-suite-pk-warnings.txt b/ChangeLog.d/psa/fix-test-suite-pk-warnings.txt similarity index 100% rename from ChangeLog.d/fix-test-suite-pk-warnings.txt rename to ChangeLog.d/psa/fix-test-suite-pk-warnings.txt diff --git a/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt b/ChangeLog.d/psa/fix_ubsan_mp_aead_gcm.txt similarity index 100% rename from ChangeLog.d/fix_ubsan_mp_aead_gcm.txt rename to ChangeLog.d/psa/fix_ubsan_mp_aead_gcm.txt diff --git a/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt b/ChangeLog.d/psa/mbedtls_psa_ecp_generate_key-no_public_key.txt similarity index 100% rename from ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt rename to ChangeLog.d/psa/mbedtls_psa_ecp_generate_key-no_public_key.txt diff --git a/ChangeLog.d/mbedtls_psa_register_se_key.txt b/ChangeLog.d/psa/mbedtls_psa_register_se_key.txt similarity index 100% rename from ChangeLog.d/mbedtls_psa_register_se_key.txt rename to ChangeLog.d/psa/mbedtls_psa_register_se_key.txt diff --git a/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt b/ChangeLog.d/psa/mbedtls_psa_rsa_load_representation-memory_leak.txt similarity index 100% rename from ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt rename to ChangeLog.d/psa/mbedtls_psa_rsa_load_representation-memory_leak.txt diff --git a/ChangeLog.d/pk-norsa-warning.txt b/ChangeLog.d/psa/pk-norsa-warning.txt similarity index 100% rename from ChangeLog.d/pk-norsa-warning.txt rename to ChangeLog.d/psa/pk-norsa-warning.txt diff --git a/ChangeLog.d/psa-always-on.txt b/ChangeLog.d/psa/psa-always-on.txt similarity index 100% rename from ChangeLog.d/psa-always-on.txt rename to ChangeLog.d/psa/psa-always-on.txt diff --git a/ChangeLog.d/psa-crypto-config-always-on.txt b/ChangeLog.d/psa/psa-crypto-config-always-on.txt similarity index 100% rename from ChangeLog.d/psa-crypto-config-always-on.txt rename to ChangeLog.d/psa/psa-crypto-config-always-on.txt diff --git a/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt b/ChangeLog.d/psa/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt similarity index 100% rename from ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt rename to ChangeLog.d/psa/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt diff --git a/ChangeLog.d/psa_generate_key_custom.txt b/ChangeLog.d/psa/psa_generate_key_custom.txt similarity index 100% rename from ChangeLog.d/psa_generate_key_custom.txt rename to ChangeLog.d/psa/psa_generate_key_custom.txt diff --git a/ChangeLog.d/psa_util_in_builds_without_psa.txt b/ChangeLog.d/psa/psa_util_in_builds_without_psa.txt similarity index 100% rename from ChangeLog.d/psa_util_in_builds_without_psa.txt rename to ChangeLog.d/psa/psa_util_in_builds_without_psa.txt diff --git a/ChangeLog.d/remove-crypto-alt-interface.txt b/ChangeLog.d/psa/remove-crypto-alt-interface.txt similarity index 100% rename from ChangeLog.d/remove-crypto-alt-interface.txt rename to ChangeLog.d/psa/remove-crypto-alt-interface.txt diff --git a/ChangeLog.d/remove-via-padlock-support.txt b/ChangeLog.d/psa/remove-via-padlock-support.txt similarity index 100% rename from ChangeLog.d/remove-via-padlock-support.txt rename to ChangeLog.d/psa/remove-via-padlock-support.txt From 582cb04c6cf5ea34c6831be370029bbbc703a306 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 25 Sep 2025 14:50:33 +0100 Subject: [PATCH 1056/1548] Changelog: Moved fix-clang-psa-build-without-dhm to MbedTLS Signed-off-by: Minos Galanakis --- ChangeLog.d/{psa => }/fix-clang-psa-build-without-dhm.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ChangeLog.d/{psa => }/fix-clang-psa-build-without-dhm.txt (100%) diff --git a/ChangeLog.d/psa/fix-clang-psa-build-without-dhm.txt b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt similarity index 100% rename from ChangeLog.d/psa/fix-clang-psa-build-without-dhm.txt rename to ChangeLog.d/fix-clang-psa-build-without-dhm.txt From 92a2154ed2323456af7abbf2f641d1ef5175d971 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 25 Sep 2025 15:11:52 +0100 Subject: [PATCH 1057/1548] Changelog: Split changelogs for both libraries Signed-off-by: Minos Galanakis --- ChangeLog.d/fix-asn1-store-named-data.txt | 8 ++++++++ ChangeLog.d/psa/psa-always-on.txt | 3 ++- 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/fix-asn1-store-named-data.txt diff --git a/ChangeLog.d/fix-asn1-store-named-data.txt b/ChangeLog.d/fix-asn1-store-named-data.txt new file mode 100644 index 0000000000..7a040bd43b --- /dev/null +++ b/ChangeLog.d/fix-asn1-store-named-data.txt @@ -0,0 +1,8 @@ +Security + * Fix a bug in tf-psa-crypto's mbedtls_asn1_store_named_data() where it + would sometimes leave an item in the output list in an inconsistent + state with val.p == NULL but val.len > 0. Affected functions used in X.509 + would then dereference a NULL pointer. Applications that do not + call this function (directly, or indirectly through X.509 writing) are not + affected. Found by Linh Le and Ngan Nguyen from Calif. + diff --git a/ChangeLog.d/psa/psa-always-on.txt b/ChangeLog.d/psa/psa-always-on.txt index 45f4d9b101..6607e9fe40 100644 --- a/ChangeLog.d/psa/psa-always-on.txt +++ b/ChangeLog.d/psa/psa-always-on.txt @@ -1,5 +1,5 @@ Default behavior changes - * The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem + * The X.509 and TLS modules now always use the PSA subsystem to perform cryptographic operations, with a few exceptions documented in docs/architecture/psa-migration/psa-limitations.md. This corresponds to the behavior of Mbed TLS 3.x when @@ -8,3 +8,4 @@ Default behavior changes * psa_crypto_init() must be called before performing any cryptographic operation, including indirect requests such as parsing a key or certificate or starting a TLS handshake. + From 4b0923f65344132d12a6d6f5c162816f6159285d Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 25 Sep 2025 15:38:14 +0100 Subject: [PATCH 1058/1548] Changelog: Brought forward changelog changes from #4716308 Signed-off-by: Minos Galanakis --- ChangeLog.d/9964.txt | 3 ++- ChangeLog.d/error-unification.txt | 3 ++- ChangeLog.d/x509/9892.txt | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/9964.txt b/ChangeLog.d/9964.txt index ca0cc4b48d..0b28ea990a 100644 --- a/ChangeLog.d/9964.txt +++ b/ChangeLog.d/9964.txt @@ -1,5 +1,5 @@ Removals - * Removal of the following sample programs: + * Sample programs for the legacy crypto API have been removed. pkey/rsa_genkey.c pkey/pk_decrypt.c pkey/dh_genprime.c @@ -23,3 +23,4 @@ Removals hash/hello.c hash/generic_sum.c cipher/cipher_aead_demo.c + diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt index bcf5ba1f3d..1f8e8af1df 100644 --- a/ChangeLog.d/error-unification.txt +++ b/ChangeLog.d/error-unification.txt @@ -7,5 +7,6 @@ API changes between -32767 and -1 as before. Removals - * Remove mbedtls_low_level_sterr() and mbedtls_high_level_strerr(), + * Remove mbedtls_low_level_strerr() and mbedtls_high_level_strerr(), since these concepts no longer exists. There is just mbedtls_strerror(). + diff --git a/ChangeLog.d/x509/9892.txt b/ChangeLog.d/x509/9892.txt index 01d21b6e5f..962bdad823 100644 --- a/ChangeLog.d/x509/9892.txt +++ b/ChangeLog.d/x509/9892.txt @@ -1,4 +1,5 @@ Removals * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was - already deprecated and superseeded by + already deprecated and superseded by mbedtls_x509write_crt_set_serial_raw(). + From 1789bbdde876a7b0a9f76d7bf8618ac375ec5c7a Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 25 Sep 2025 15:47:55 +0100 Subject: [PATCH 1059/1548] Changelog: Moved entries to tf-psa-psa Signed-off-by: Minos Galanakis --- ChangeLog.d/{ => psa}/asn1-missing-guard-in-rsa.txt | 0 .../{ => psa}/fix-concurrently-loading-non-existent-keys.txt | 0 ChangeLog.d/{ => psa}/fix-driver-schema-check.txt | 0 ChangeLog.d/{ => psa}/psa_util-bits-0.txt | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename ChangeLog.d/{ => psa}/asn1-missing-guard-in-rsa.txt (100%) rename ChangeLog.d/{ => psa}/fix-concurrently-loading-non-existent-keys.txt (100%) rename ChangeLog.d/{ => psa}/fix-driver-schema-check.txt (100%) rename ChangeLog.d/{ => psa}/psa_util-bits-0.txt (100%) diff --git a/ChangeLog.d/asn1-missing-guard-in-rsa.txt b/ChangeLog.d/psa/asn1-missing-guard-in-rsa.txt similarity index 100% rename from ChangeLog.d/asn1-missing-guard-in-rsa.txt rename to ChangeLog.d/psa/asn1-missing-guard-in-rsa.txt diff --git a/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt b/ChangeLog.d/psa/fix-concurrently-loading-non-existent-keys.txt similarity index 100% rename from ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt rename to ChangeLog.d/psa/fix-concurrently-loading-non-existent-keys.txt diff --git a/ChangeLog.d/fix-driver-schema-check.txt b/ChangeLog.d/psa/fix-driver-schema-check.txt similarity index 100% rename from ChangeLog.d/fix-driver-schema-check.txt rename to ChangeLog.d/psa/fix-driver-schema-check.txt diff --git a/ChangeLog.d/psa_util-bits-0.txt b/ChangeLog.d/psa/psa_util-bits-0.txt similarity index 100% rename from ChangeLog.d/psa_util-bits-0.txt rename to ChangeLog.d/psa/psa_util-bits-0.txt From 514375e8c1b239eb57f331113d75a6c6f467b144 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 25 Sep 2025 15:49:33 +0100 Subject: [PATCH 1060/1548] Changelog: Brought entries from tf-psa-crypto Signed-off-by: Minos Galanakis --- ChangeLog.d/removal-of-rng.txt | 6 ++++++ ChangeLog.d/unterminated-string-initialization.txt | 3 +++ 2 files changed, 9 insertions(+) create mode 100644 ChangeLog.d/removal-of-rng.txt create mode 100644 ChangeLog.d/unterminated-string-initialization.txt diff --git a/ChangeLog.d/removal-of-rng.txt b/ChangeLog.d/removal-of-rng.txt new file mode 100644 index 0000000000..7ecb29ffb7 --- /dev/null +++ b/ChangeLog.d/removal-of-rng.txt @@ -0,0 +1,6 @@ +API changes + * All API functions now use the PSA random generator psa_generate_random() + internally. As a consequence, functions no longer take RNG parameters. + Please refer to the migration guide at : + docs/4.0-migration-guide.md. + diff --git a/ChangeLog.d/unterminated-string-initialization.txt b/ChangeLog.d/unterminated-string-initialization.txt new file mode 100644 index 0000000000..75a72cae6b --- /dev/null +++ b/ChangeLog.d/unterminated-string-initialization.txt @@ -0,0 +1,3 @@ +Bugfix + * Silence spurious -Wunterminated-string-initialization warnings introduced + by GCC 15. Fixes #9944. From 9b1db5da781ed6c000e363cade48cb2a86ddf78d Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 25 Sep 2025 16:38:14 +0100 Subject: [PATCH 1061/1548] Moved entries back to Changelog.d Signed-off-by: Minos Galanakis --- ChangeLog.d/{tls => }/9684.txt | 0 ChangeLog.d/{tls => }/9685.txt | 0 ChangeLog.d/{x509 => }/9892.txt | 0 ChangeLog.d/{tls => }/9956.txt | 0 ChangeLog.d/{tls => }/fix-legacy-compression-issue.txt | 0 ChangeLog.d/{x509 => }/fix-string-to-names-memory-management.txt | 0 ChangeLog.d/{x509 => }/fix-string-to-names-store-named-data.txt | 0 ChangeLog.d/{tls => }/fix_reporting_of_key_usage_issues.txt | 0 ChangeLog.d/{psa => }/psa-always-on.txt | 0 ChangeLog.d/{tls => }/remove_RSA_key_exchange.txt | 0 ChangeLog.d/{tls => }/tls-hs-defrag-in.txt | 0 ChangeLog.d/{tls => }/tls-key-exchange-rsa.txt | 0 ChangeLog.d/{tls => }/tls12-check-finished-calc.txt | 0 ChangeLog.d/{tls => }/tls13-cert-regressions.txt | 0 ChangeLog.d/{tls => }/tls13-without-tickets.txt | 0 15 files changed, 0 insertions(+), 0 deletions(-) rename ChangeLog.d/{tls => }/9684.txt (100%) rename ChangeLog.d/{tls => }/9685.txt (100%) rename ChangeLog.d/{x509 => }/9892.txt (100%) rename ChangeLog.d/{tls => }/9956.txt (100%) rename ChangeLog.d/{tls => }/fix-legacy-compression-issue.txt (100%) rename ChangeLog.d/{x509 => }/fix-string-to-names-memory-management.txt (100%) rename ChangeLog.d/{x509 => }/fix-string-to-names-store-named-data.txt (100%) rename ChangeLog.d/{tls => }/fix_reporting_of_key_usage_issues.txt (100%) rename ChangeLog.d/{psa => }/psa-always-on.txt (100%) rename ChangeLog.d/{tls => }/remove_RSA_key_exchange.txt (100%) rename ChangeLog.d/{tls => }/tls-hs-defrag-in.txt (100%) rename ChangeLog.d/{tls => }/tls-key-exchange-rsa.txt (100%) rename ChangeLog.d/{tls => }/tls12-check-finished-calc.txt (100%) rename ChangeLog.d/{tls => }/tls13-cert-regressions.txt (100%) rename ChangeLog.d/{tls => }/tls13-without-tickets.txt (100%) diff --git a/ChangeLog.d/tls/9684.txt b/ChangeLog.d/9684.txt similarity index 100% rename from ChangeLog.d/tls/9684.txt rename to ChangeLog.d/9684.txt diff --git a/ChangeLog.d/tls/9685.txt b/ChangeLog.d/9685.txt similarity index 100% rename from ChangeLog.d/tls/9685.txt rename to ChangeLog.d/9685.txt diff --git a/ChangeLog.d/x509/9892.txt b/ChangeLog.d/9892.txt similarity index 100% rename from ChangeLog.d/x509/9892.txt rename to ChangeLog.d/9892.txt diff --git a/ChangeLog.d/tls/9956.txt b/ChangeLog.d/9956.txt similarity index 100% rename from ChangeLog.d/tls/9956.txt rename to ChangeLog.d/9956.txt diff --git a/ChangeLog.d/tls/fix-legacy-compression-issue.txt b/ChangeLog.d/fix-legacy-compression-issue.txt similarity index 100% rename from ChangeLog.d/tls/fix-legacy-compression-issue.txt rename to ChangeLog.d/fix-legacy-compression-issue.txt diff --git a/ChangeLog.d/x509/fix-string-to-names-memory-management.txt b/ChangeLog.d/fix-string-to-names-memory-management.txt similarity index 100% rename from ChangeLog.d/x509/fix-string-to-names-memory-management.txt rename to ChangeLog.d/fix-string-to-names-memory-management.txt diff --git a/ChangeLog.d/x509/fix-string-to-names-store-named-data.txt b/ChangeLog.d/fix-string-to-names-store-named-data.txt similarity index 100% rename from ChangeLog.d/x509/fix-string-to-names-store-named-data.txt rename to ChangeLog.d/fix-string-to-names-store-named-data.txt diff --git a/ChangeLog.d/tls/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt similarity index 100% rename from ChangeLog.d/tls/fix_reporting_of_key_usage_issues.txt rename to ChangeLog.d/fix_reporting_of_key_usage_issues.txt diff --git a/ChangeLog.d/psa/psa-always-on.txt b/ChangeLog.d/psa-always-on.txt similarity index 100% rename from ChangeLog.d/psa/psa-always-on.txt rename to ChangeLog.d/psa-always-on.txt diff --git a/ChangeLog.d/tls/remove_RSA_key_exchange.txt b/ChangeLog.d/remove_RSA_key_exchange.txt similarity index 100% rename from ChangeLog.d/tls/remove_RSA_key_exchange.txt rename to ChangeLog.d/remove_RSA_key_exchange.txt diff --git a/ChangeLog.d/tls/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt similarity index 100% rename from ChangeLog.d/tls/tls-hs-defrag-in.txt rename to ChangeLog.d/tls-hs-defrag-in.txt diff --git a/ChangeLog.d/tls/tls-key-exchange-rsa.txt b/ChangeLog.d/tls-key-exchange-rsa.txt similarity index 100% rename from ChangeLog.d/tls/tls-key-exchange-rsa.txt rename to ChangeLog.d/tls-key-exchange-rsa.txt diff --git a/ChangeLog.d/tls/tls12-check-finished-calc.txt b/ChangeLog.d/tls12-check-finished-calc.txt similarity index 100% rename from ChangeLog.d/tls/tls12-check-finished-calc.txt rename to ChangeLog.d/tls12-check-finished-calc.txt diff --git a/ChangeLog.d/tls/tls13-cert-regressions.txt b/ChangeLog.d/tls13-cert-regressions.txt similarity index 100% rename from ChangeLog.d/tls/tls13-cert-regressions.txt rename to ChangeLog.d/tls13-cert-regressions.txt diff --git a/ChangeLog.d/tls/tls13-without-tickets.txt b/ChangeLog.d/tls13-without-tickets.txt similarity index 100% rename from ChangeLog.d/tls/tls13-without-tickets.txt rename to ChangeLog.d/tls13-without-tickets.txt From 48bfaa9353beaeee0b9f9844f7870a1f913289b5 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 26 Sep 2025 10:37:00 +0100 Subject: [PATCH 1062/1548] Changelog: Removed psa migrated entries Signed-off-by: Minos Galanakis --- ChangeLog.d/psa/9126.txt | 5 ----- ChangeLog.d/psa/9302.txt | 6 ------ ChangeLog.d/psa/9690.txt | 8 -------- .../psa/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt | 4 ---- ChangeLog.d/psa/add-psa-iop-generate-key.txt | 3 --- ChangeLog.d/psa/add-psa-iop-key-agreement.txt | 4 ---- ChangeLog.d/psa/add-psa-key-agreement.txt | 3 --- ChangeLog.d/psa/asn1-missing-guard-in-rsa.txt | 3 --- ChangeLog.d/psa/configuration-split.txt | 16 ---------------- ChangeLog.d/psa/dynamic-keystore.txt | 10 ---------- ChangeLog.d/psa/ecdsa-conversion-overflow.txt | 6 ------ ChangeLog.d/psa/fix-aesni-asm-clobbers.txt | 5 ----- ...ix-concurrently-loading-non-existent-keys.txt | 4 ---- ChangeLog.d/psa/fix-driver-schema-check.txt | 3 --- ChangeLog.d/psa/fix-psa-cmac.txt | 4 ---- ...efination_warning_messages_for_GNU_SOURCE.txt | 5 ----- .../psa/fix-rsa-performance-regression.txt | 3 --- .../psa/fix-secure-element-key-creation.txt | 5 ----- ChangeLog.d/psa/fix-test-suite-pk-warnings.txt | 3 --- ChangeLog.d/psa/fix_ubsan_mp_aead_gcm.txt | 3 --- ...bedtls_psa_ecp_generate_key-no_public_key.txt | 3 --- ChangeLog.d/psa/mbedtls_psa_register_se_key.txt | 3 --- ...s_psa_rsa_load_representation-memory_leak.txt | 3 --- ChangeLog.d/psa/pk-norsa-warning.txt | 2 -- ChangeLog.d/psa/psa-crypto-config-always-on.txt | 7 ------- ...er_decrypt-ccm_star-iv_length_enforcement.txt | 3 --- ChangeLog.d/psa/psa_generate_key_custom.txt | 9 --------- ChangeLog.d/psa/psa_util-bits-0.txt | 3 --- .../psa/psa_util_in_builds_without_psa.txt | 5 ----- ChangeLog.d/psa/remove-crypto-alt-interface.txt | 5 ----- ChangeLog.d/psa/remove-via-padlock-support.txt | 3 --- 31 files changed, 149 deletions(-) delete mode 100644 ChangeLog.d/psa/9126.txt delete mode 100644 ChangeLog.d/psa/9302.txt delete mode 100644 ChangeLog.d/psa/9690.txt delete mode 100644 ChangeLog.d/psa/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt delete mode 100644 ChangeLog.d/psa/add-psa-iop-generate-key.txt delete mode 100644 ChangeLog.d/psa/add-psa-iop-key-agreement.txt delete mode 100644 ChangeLog.d/psa/add-psa-key-agreement.txt delete mode 100644 ChangeLog.d/psa/asn1-missing-guard-in-rsa.txt delete mode 100644 ChangeLog.d/psa/configuration-split.txt delete mode 100644 ChangeLog.d/psa/dynamic-keystore.txt delete mode 100644 ChangeLog.d/psa/ecdsa-conversion-overflow.txt delete mode 100644 ChangeLog.d/psa/fix-aesni-asm-clobbers.txt delete mode 100644 ChangeLog.d/psa/fix-concurrently-loading-non-existent-keys.txt delete mode 100644 ChangeLog.d/psa/fix-driver-schema-check.txt delete mode 100644 ChangeLog.d/psa/fix-psa-cmac.txt delete mode 100644 ChangeLog.d/psa/fix-redefination_warning_messages_for_GNU_SOURCE.txt delete mode 100644 ChangeLog.d/psa/fix-rsa-performance-regression.txt delete mode 100644 ChangeLog.d/psa/fix-secure-element-key-creation.txt delete mode 100644 ChangeLog.d/psa/fix-test-suite-pk-warnings.txt delete mode 100644 ChangeLog.d/psa/fix_ubsan_mp_aead_gcm.txt delete mode 100644 ChangeLog.d/psa/mbedtls_psa_ecp_generate_key-no_public_key.txt delete mode 100644 ChangeLog.d/psa/mbedtls_psa_register_se_key.txt delete mode 100644 ChangeLog.d/psa/mbedtls_psa_rsa_load_representation-memory_leak.txt delete mode 100644 ChangeLog.d/psa/pk-norsa-warning.txt delete mode 100644 ChangeLog.d/psa/psa-crypto-config-always-on.txt delete mode 100644 ChangeLog.d/psa/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt delete mode 100644 ChangeLog.d/psa/psa_generate_key_custom.txt delete mode 100644 ChangeLog.d/psa/psa_util-bits-0.txt delete mode 100644 ChangeLog.d/psa/psa_util_in_builds_without_psa.txt delete mode 100644 ChangeLog.d/psa/remove-crypto-alt-interface.txt delete mode 100644 ChangeLog.d/psa/remove-via-padlock-support.txt diff --git a/ChangeLog.d/psa/9126.txt b/ChangeLog.d/psa/9126.txt deleted file mode 100644 index 22939df86f..0000000000 --- a/ChangeLog.d/psa/9126.txt +++ /dev/null @@ -1,5 +0,0 @@ -Default behavior changes - * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT && - !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the - corresponding PSA mechanism is enabled, since the server provides the - crypto. Fixes #9126. diff --git a/ChangeLog.d/psa/9302.txt b/ChangeLog.d/psa/9302.txt deleted file mode 100644 index d61ba19632..0000000000 --- a/ChangeLog.d/psa/9302.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which - uses static storage for keys, enabling malloc-less use of key slots. - The size of each buffer is given by the option - MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the - largest PSA key enabled in the build. diff --git a/ChangeLog.d/psa/9690.txt b/ChangeLog.d/psa/9690.txt deleted file mode 100644 index d00eb16bc9..0000000000 --- a/ChangeLog.d/psa/9690.txt +++ /dev/null @@ -1,8 +0,0 @@ -Security - * Fix a buffer underrun in mbedtls_pk_write_key_der() when - called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled, - and the output buffer is smaller than the actual output. - Fix a related buffer underrun in mbedtls_pk_write_key_pem() - when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled - and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key. - CVE-2024-49195 diff --git a/ChangeLog.d/psa/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt b/ChangeLog.d/psa/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt deleted file mode 100644 index 079cd741dc..0000000000 --- a/ChangeLog.d/psa/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt +++ /dev/null @@ -1,4 +0,0 @@ -Security - * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does - not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when - MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. diff --git a/ChangeLog.d/psa/add-psa-iop-generate-key.txt b/ChangeLog.d/psa/add-psa-iop-generate-key.txt deleted file mode 100644 index 0f586ee197..0000000000 --- a/ChangeLog.d/psa/add-psa-iop-generate-key.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add an interruptible version of generate key to the PSA interface. - See psa_generate_key_iop_setup() and related functions. diff --git a/ChangeLog.d/psa/add-psa-iop-key-agreement.txt b/ChangeLog.d/psa/add-psa-iop-key-agreement.txt deleted file mode 100644 index 92dfde1843..0000000000 --- a/ChangeLog.d/psa/add-psa-iop-key-agreement.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * Add an interruptible version of key agreement to the PSA interface. - See psa_key_agreement_iop_setup() and related functions. - diff --git a/ChangeLog.d/psa/add-psa-key-agreement.txt b/ChangeLog.d/psa/add-psa-key-agreement.txt deleted file mode 100644 index 771e6e2602..0000000000 --- a/ChangeLog.d/psa/add-psa-key-agreement.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * Add a new psa_key_agreement() PSA API to perform key agreement and return - an identifier for the newly created key. diff --git a/ChangeLog.d/psa/asn1-missing-guard-in-rsa.txt b/ChangeLog.d/psa/asn1-missing-guard-in-rsa.txt deleted file mode 100644 index bb5b470881..0000000000 --- a/ChangeLog.d/psa/asn1-missing-guard-in-rsa.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled - as soon as MBEDTLS_RSA_C is enabled. Fixes #9041. diff --git a/ChangeLog.d/psa/configuration-split.txt b/ChangeLog.d/psa/configuration-split.txt deleted file mode 100644 index f4d9bc63ac..0000000000 --- a/ChangeLog.d/psa/configuration-split.txt +++ /dev/null @@ -1,16 +0,0 @@ -Changes - * Cryptography and platform configuration options have been migrated - from the Mbed TLS library configuration file mbedtls_config.h to - crypto_config.h that will become the TF-PSA-Crypto configuration file, - see config-split.md for more information. The reference and test custom - configuration files respectively in configs/ and tests/configs/ have - been updated accordingly. - To migrate custom Mbed TLS configurations where - MBEDTLS_PSA_CRYPTO_CONFIG is disabled, you should first adapt them - to the PSA configuration scheme based on PSA_WANT_XXX symbols - (see psa-conditional-inclusion-c.md for more information). - To migrate custom Mbed TLS configurations where - MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you should migrate the - cryptographic and platform configuration options from mbedtls_config.h - to crypto_config.h (see config-split.md for more information and configs/ - for examples). diff --git a/ChangeLog.d/psa/dynamic-keystore.txt b/ChangeLog.d/psa/dynamic-keystore.txt deleted file mode 100644 index c6aac3c991..0000000000 --- a/ChangeLog.d/psa/dynamic-keystore.txt +++ /dev/null @@ -1,10 +0,0 @@ -Features - * When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled, - the number of volatile PSA keys is virtually unlimited, at the expense - of increased code size. This option is off by default, but enabled in - the default mbedtls_config.h. Fixes #9216. - -Bugfix - * Fix interference between PSA volatile keys and built-in keys - when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and - MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096. diff --git a/ChangeLog.d/psa/ecdsa-conversion-overflow.txt b/ChangeLog.d/psa/ecdsa-conversion-overflow.txt deleted file mode 100644 index 83b7f2f88b..0000000000 --- a/ChangeLog.d/psa/ecdsa-conversion-overflow.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and - mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the - largest supported curve. In some configurations with PSA disabled, - all values of bits are affected. This never happens in internal library - calls, but can affect applications that call these functions directly. diff --git a/ChangeLog.d/psa/fix-aesni-asm-clobbers.txt b/ChangeLog.d/psa/fix-aesni-asm-clobbers.txt deleted file mode 100644 index 538f0c5115..0000000000 --- a/ChangeLog.d/psa/fix-aesni-asm-clobbers.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix missing constraints on the AES-NI inline assembly which is used on - GCC-like compilers when building AES for generic x86_64 targets. This - may have resulted in incorrect code with some compilers, depending on - optimizations. Fixes #9819. diff --git a/ChangeLog.d/psa/fix-concurrently-loading-non-existent-keys.txt b/ChangeLog.d/psa/fix-concurrently-loading-non-existent-keys.txt deleted file mode 100644 index 8a406a12e8..0000000000 --- a/ChangeLog.d/psa/fix-concurrently-loading-non-existent-keys.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix rare concurrent access bug where attempting to operate on a - non-existent key while concurrently creating a new key could potentially - corrupt the key store. diff --git a/ChangeLog.d/psa/fix-driver-schema-check.txt b/ChangeLog.d/psa/fix-driver-schema-check.txt deleted file mode 100644 index 9b6d8acd6e..0000000000 --- a/ChangeLog.d/psa/fix-driver-schema-check.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix invalid JSON schemas for driver descriptions used by - generate_driver_wrappers.py. diff --git a/ChangeLog.d/psa/fix-psa-cmac.txt b/ChangeLog.d/psa/fix-psa-cmac.txt deleted file mode 100644 index e3c8aecc2d..0000000000 --- a/ChangeLog.d/psa/fix-psa-cmac.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in - CMAC is enabled, but no built-in unauthenticated cipher is enabled. - Fixes #9209. diff --git a/ChangeLog.d/psa/fix-redefination_warning_messages_for_GNU_SOURCE.txt b/ChangeLog.d/psa/fix-redefination_warning_messages_for_GNU_SOURCE.txt deleted file mode 100644 index b5c26505c2..0000000000 --- a/ChangeLog.d/psa/fix-redefination_warning_messages_for_GNU_SOURCE.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix issue of redefinition warning messages for _GNU_SOURCE in - entropy_poll.c and sha_256.c. There was a build warning during - building for linux platform. - Resolves #9026 diff --git a/ChangeLog.d/psa/fix-rsa-performance-regression.txt b/ChangeLog.d/psa/fix-rsa-performance-regression.txt deleted file mode 100644 index 603612a314..0000000000 --- a/ChangeLog.d/psa/fix-rsa-performance-regression.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix unintended performance regression when using short RSA public keys. - Fixes #9232. diff --git a/ChangeLog.d/psa/fix-secure-element-key-creation.txt b/ChangeLog.d/psa/fix-secure-element-key-creation.txt deleted file mode 100644 index 23a46c068d..0000000000 --- a/ChangeLog.d/psa/fix-secure-element-key-creation.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix error handling when creating a key in a dynamic secure element - (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition, - the creation could return PSA_SUCCESS but using or destroying the key - would not work. Fixes #8537. diff --git a/ChangeLog.d/psa/fix-test-suite-pk-warnings.txt b/ChangeLog.d/psa/fix-test-suite-pk-warnings.txt deleted file mode 100644 index 26042193cc..0000000000 --- a/ChangeLog.d/psa/fix-test-suite-pk-warnings.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled. - Fixes #9029. diff --git a/ChangeLog.d/psa/fix_ubsan_mp_aead_gcm.txt b/ChangeLog.d/psa/fix_ubsan_mp_aead_gcm.txt deleted file mode 100644 index e4726a45d7..0000000000 --- a/ChangeLog.d/psa/fix_ubsan_mp_aead_gcm.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix undefined behaviour (incrementing a NULL pointer by zero length) when - passing in zero length additional data to multipart AEAD. diff --git a/ChangeLog.d/psa/mbedtls_psa_ecp_generate_key-no_public_key.txt b/ChangeLog.d/psa/mbedtls_psa_ecp_generate_key-no_public_key.txt deleted file mode 100644 index 69c00e1a77..0000000000 --- a/ChangeLog.d/psa/mbedtls_psa_ecp_generate_key-no_public_key.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Improve performance of PSA key generation with ECC keys: it no longer - computes the public key (which was immediately discarded). Fixes #9732. diff --git a/ChangeLog.d/psa/mbedtls_psa_register_se_key.txt b/ChangeLog.d/psa/mbedtls_psa_register_se_key.txt deleted file mode 100644 index 2fc2751ac0..0000000000 --- a/ChangeLog.d/psa/mbedtls_psa_register_se_key.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Document and enforce the limitation of mbedtls_psa_register_se_key() - to persistent keys. Resolves #9253. diff --git a/ChangeLog.d/psa/mbedtls_psa_rsa_load_representation-memory_leak.txt b/ChangeLog.d/psa/mbedtls_psa_rsa_load_representation-memory_leak.txt deleted file mode 100644 index dba25af611..0000000000 --- a/ChangeLog.d/psa/mbedtls_psa_rsa_load_representation-memory_leak.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a memory leak that could occur when failing to process an RSA - key through some PSA functions due to low memory conditions. diff --git a/ChangeLog.d/psa/pk-norsa-warning.txt b/ChangeLog.d/psa/pk-norsa-warning.txt deleted file mode 100644 index d00aa8a870..0000000000 --- a/ChangeLog.d/psa/pk-norsa-warning.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled. diff --git a/ChangeLog.d/psa/psa-crypto-config-always-on.txt b/ChangeLog.d/psa/psa-crypto-config-always-on.txt deleted file mode 100644 index d255f8c3c1..0000000000 --- a/ChangeLog.d/psa/psa-crypto-config-always-on.txt +++ /dev/null @@ -1,7 +0,0 @@ -Default behavior changes - * The `PSA_WANT_XXX` symbols as defined in - tf-psa-crypto/include/psa/crypto_config.h are now always used in the - configuration of the cryptographic mechanisms exposed by the PSA API. - This corresponds to the configuration behavior of Mbed TLS 3.x when - MBEDTLS_PSA_CRYPTO_CONFIG is enabled. In effect, MBEDTLS_PSA_CRYPTO_CONFIG - is now always enabled and the configuration option has been removed. diff --git a/ChangeLog.d/psa/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt b/ChangeLog.d/psa/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt deleted file mode 100644 index 39e03b93ba..0000000000 --- a/ChangeLog.d/psa/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes - long. Credit to Cryptofuzz. Fixes #9314. diff --git a/ChangeLog.d/psa/psa_generate_key_custom.txt b/ChangeLog.d/psa/psa_generate_key_custom.txt deleted file mode 100644 index 3fc1bd7d1f..0000000000 --- a/ChangeLog.d/psa/psa_generate_key_custom.txt +++ /dev/null @@ -1,9 +0,0 @@ -API changes - * The experimental functions psa_generate_key_ext() and - psa_key_derivation_output_key_ext() have been replaced by - psa_generate_key_custom() and psa_key_derivation_output_key_custom(). - They have almost exactly the same interface, but the variable-length - data is passed in a separate parameter instead of a flexible array - member. This resolves a build failure under C++ compilers that do not - support flexible array members (a C99 feature not adopted by C++). - Fixes #9020. diff --git a/ChangeLog.d/psa/psa_util-bits-0.txt b/ChangeLog.d/psa/psa_util-bits-0.txt deleted file mode 100644 index 9aa70ad978..0000000000 --- a/ChangeLog.d/psa/psa_util-bits-0.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix undefined behavior in some cases when mbedtls_psa_raw_to_der() or - mbedtls_psa_der_to_raw() is called with bits=0. diff --git a/ChangeLog.d/psa/psa_util_in_builds_without_psa.txt b/ChangeLog.d/psa/psa_util_in_builds_without_psa.txt deleted file mode 100644 index 7c0866dd30..0000000000 --- a/ChangeLog.d/psa/psa_util_in_builds_without_psa.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled, - some code was defining 0-size arrays, resulting in compilation errors. - Fixed by disabling the offending code in configurations without PSA - Crypto, where it never worked. Fixes #9311. diff --git a/ChangeLog.d/psa/remove-crypto-alt-interface.txt b/ChangeLog.d/psa/remove-crypto-alt-interface.txt deleted file mode 100644 index f9ab4c221c..0000000000 --- a/ChangeLog.d/psa/remove-crypto-alt-interface.txt +++ /dev/null @@ -1,5 +0,0 @@ -Removals - * Drop support for crypto alt interface. Removes MBEDTLS_XXX_ALT options - at the module and function level for crypto mechanisms only. The remaining - alt interfaces for platform, threading and timing are unchanged. - Fixes #8149. diff --git a/ChangeLog.d/psa/remove-via-padlock-support.txt b/ChangeLog.d/psa/remove-via-padlock-support.txt deleted file mode 100644 index a3f4b96573..0000000000 --- a/ChangeLog.d/psa/remove-via-padlock-support.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C. - Fixes #5903. From 98dfcd4908f66a058716bf687f2959d779412c66 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 26 Sep 2025 16:30:36 +0100 Subject: [PATCH 1063/1548] Add missing include of stdio.h This is required in util.h in PSASIM as it uses fprintf. Previously stdio was inadvertantly included via psa/crypto_struct.h (of all places). Signed-off-by: David Horstmann --- tests/psa-client-server/psasim/include/util.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/psa-client-server/psasim/include/util.h b/tests/psa-client-server/psasim/include/util.h index 5eb8238c5c..dfc9a32379 100644 --- a/tests/psa-client-server/psasim/include/util.h +++ b/tests/psa-client-server/psasim/include/util.h @@ -7,6 +7,8 @@ #include "service.h" +#include + #define PRINT(fmt, ...) \ fprintf(stdout, fmt "\n", ##__VA_ARGS__) From ce9f08a11bafb4a594b1e72978bfc87771409cb2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Sep 2025 19:21:15 +0200 Subject: [PATCH 1064/1548] More removals found in changelog entries Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/configuration.md | 10 ++++++++++ docs/4.0-migration-guide/feature-removals.md | 10 ++++++++++ 2 files changed, 20 insertions(+) diff --git a/docs/4.0-migration-guide/configuration.md b/docs/4.0-migration-guide/configuration.md index 0065de4542..c8e54f657b 100644 --- a/docs/4.0-migration-guide/configuration.md +++ b/docs/4.0-migration-guide/configuration.md @@ -32,3 +32,13 @@ TF-PSA-Crypto exposes its version through ``, similar t ### Removal of `check_config.h` The header `mbedtls/check_config.h` is no longer present. Including it from user configuration files was already obsolete in Mbed TLS 3.x, since it enforces properties the configuration as adjusted by `mbedtls/build_info.h`, not properties that the user configuration is expected to meet. + +### Changes to TLS options + +#### Enabling null cipher suites + +The option to enable null cipher suites in TLS 1.2 has been renamed from `MBEDTLS_CIPHER_NULL_CIPHER` to `MBEDTLS_SSL_NULL_CIPHERSUITES`. It remains disabled in the default configuration. + +#### Removal of backward compatibility options + +The option `MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT` has been removed. Only the version standardized in RFC 9146 is supported now. diff --git a/docs/4.0-migration-guide/feature-removals.md b/docs/4.0-migration-guide/feature-removals.md index 8b2c4d0b8f..b958f864fc 100644 --- a/docs/4.0-migration-guide/feature-removals.md +++ b/docs/4.0-migration-guide/feature-removals.md @@ -140,3 +140,13 @@ mbedtls_ssl_conf_dh_param_bin() mbedtls_ssl_conf_dh_param_ctx() mbedtls_ssl_conf_dhm_min_bitlen() ``` + +### Removal of elliptic curves + +Following their removal from the crypto library, elliptic curves of less than 250 bits (secp192r1, secp192k1, secp224r1, secp224k1) are no longer supported in certificates and in TLS. + +### Removal of deprecated functions + +The deprecated functions `mbedtls_ssl_conf_min_version()` and `mbedtls_ssl_conf_max_version()`, and the associated constants `MBEDTLS_SSL_MAJOR_VERSION_3`, `MBEDTLS_SSL_MINOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_4` have been removed. Use `mbedtls_ssl_conf_min_tls_version()` and `mbedtls_ssl_conf_max_tls_version()` with `MBEDTLS_SSL_VERSION_TLS1_2` or `MBEDTLS_SSL_VERSION_TLS1_3` instead. + +The deprecated function `mbedtls_ssl_conf_sig_hashes()` has been removed. Use `mbedtls_ssl_conf_sig_algs()` instead. From 0f2a4f3d1fcbcf0f298d4ae6c78c8f9fb423a17e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 26 Sep 2025 20:10:04 +0200 Subject: [PATCH 1065/1548] Prevent unnecessary submodule fetches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/abi_check.py | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index c526f15ef6..dfe7f9ef15 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -204,11 +204,24 @@ def _update_git_submodules(self, git_worktree_path, version): stderr=subprocess.STDOUT ) self.log.debug(submodule_output.decode("utf-8")) - update_output = subprocess.check_output( - [self.git_command, "submodule", "update", "--init", '--recursive'], - cwd=git_worktree_path, - stderr=subprocess.STDOUT - ) + + try: + # Try to update the submodules using local commits + # (Git will sometimes insist on fetching the remote without --no-fetch if the submodules are shallow clones) + update_output = subprocess.check_output( + [self.git_command, "submodule", "update", "--init", '--recursive', '--no-fetch'], + cwd=git_worktree_path, + stderr=subprocess.STDOUT + ) + except subprocess.CalledProcessError as err: + self.log.debug(err.stdout.decode("utf-8")) + + # Checkout with --no-fetch failed, falling back to fetching from origin + update_output = subprocess.check_output( + [self.git_command, "submodule", "update", "--init", '--recursive'], + cwd=git_worktree_path, + stderr=subprocess.STDOUT + ) self.log.debug(update_output.decode("utf-8")) if not (os.path.exists(os.path.join(git_worktree_path, "crypto")) and version.crypto_revision): From 9364208e330c195fb1fff659155ba4024ead4973 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 29 Sep 2025 10:39:23 +0100 Subject: [PATCH 1066/1548] Changelogs: Fixed aligment issues Signed-off-by: Minos Galanakis --- ChangeLog.d/9964.txt | 2 +- ChangeLog.d/fix-dependency-on-generated-files.txt | 4 ++-- ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog.d/9964.txt b/ChangeLog.d/9964.txt index 0b28ea990a..189b4c1d0e 100644 --- a/ChangeLog.d/9964.txt +++ b/ChangeLog.d/9964.txt @@ -1,5 +1,5 @@ Removals - * Sample programs for the legacy crypto API have been removed. + * Sample programs for the legacy crypto API have been removed. pkey/rsa_genkey.c pkey/pk_decrypt.c pkey/dh_genprime.c diff --git a/ChangeLog.d/fix-dependency-on-generated-files.txt b/ChangeLog.d/fix-dependency-on-generated-files.txt index b3e7e4e16b..540cf0ded2 100644 --- a/ChangeLog.d/fix-dependency-on-generated-files.txt +++ b/ChangeLog.d/fix-dependency-on-generated-files.txt @@ -1,3 +1,3 @@ Bugfix - * Fix potential CMake parallel build failure when building both the static - and shared libraries. + * Fix potential CMake parallel build failure when building both the static + and shared libraries. diff --git a/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt b/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt index e04f45a488..e7ac54684c 100644 --- a/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt +++ b/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt @@ -1,3 +1,3 @@ API changes - * Change the serial argument of the mbedtls_x509write_crt_set_serial_raw - function to a const to align with the rest of the API. + * Change the serial argument of the mbedtls_x509write_crt_set_serial_raw + function to a const to align with the rest of the API. From 9114d4ae0cadf6a6b0794f99fea80965b23d7755 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 29 Sep 2025 11:49:40 +0200 Subject: [PATCH 1067/1548] all.sh: prepare component for hiding small curves MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/components-configuration-crypto.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index c9c6a13e43..0551e6a404 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -100,6 +100,7 @@ component_test_psa_crypto_without_heap() { # tests in 'test_suite_psa_crypto_op_fail' that would never be executed. scripts/config.py set PSA_WANT_ECC_SECP_K1_192 scripts/config.py set PSA_WANT_ECC_SECP_R1_192 + scripts/config.py set TF_PSA_CRYPTO_ALLOW_REMOVED_MECHANISMS || true # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H). PSA_SYM_LIST=$(./scripts/config.py get-all-enabled PSA_WANT) From cc3f987c4f66ebceba518d40b0e0f92c86de23f8 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 29 Sep 2025 10:58:51 +0100 Subject: [PATCH 1068/1548] Changelogs: Added CVEs Signed-off-by: Minos Galanakis --- ChangeLog.d/fix-string-to-names-memory-management.txt | 1 + ChangeLog.d/fix-string-to-names-store-named-data.txt | 2 ++ ChangeLog.d/fix_reporting_of_key_usage_issues.txt | 1 + ChangeLog.d/mbedtls_ssl_set_hostname.txt | 2 ++ 4 files changed, 6 insertions(+) diff --git a/ChangeLog.d/fix-string-to-names-memory-management.txt b/ChangeLog.d/fix-string-to-names-memory-management.txt index 87bc59694f..6b744a74fb 100644 --- a/ChangeLog.d/fix-string-to-names-memory-management.txt +++ b/ChangeLog.d/fix-string-to-names-memory-management.txt @@ -10,6 +10,7 @@ Security were affected (use-after-free if the san string contains more than one DN). Code that does not call mbedtls_string_to_names() directly is not affected. Found by Linh Le and Ngan Nguyen from Calif. + CVE-2025-47917 Changes * The function mbedtls_x509_string_to_names() now requires its head argument diff --git a/ChangeLog.d/fix-string-to-names-store-named-data.txt b/ChangeLog.d/fix-string-to-names-store-named-data.txt index e517cbb72a..b088468612 100644 --- a/ChangeLog.d/fix-string-to-names-store-named-data.txt +++ b/ChangeLog.d/fix-string-to-names-store-named-data.txt @@ -6,3 +6,5 @@ Security users of the output structure, such as mbedtls_x509_write_names(). This only affects applications that create (as opposed to consume) X.509 certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif. + CVE-2025-48965 + diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt index b81fb426a7..506f2bdf0e 100644 --- a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt +++ b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt @@ -9,3 +9,4 @@ Security authentication anyway. Only TLS 1.3 servers were affected, and only with optional authentication (required would abort the handshake with a fatal alert). + CVE-2024-45159 diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt index 250a5baafa..05f375dcb3 100644 --- a/ChangeLog.d/mbedtls_ssl_set_hostname.txt +++ b/ChangeLog.d/mbedtls_ssl_set_hostname.txt @@ -14,3 +14,5 @@ Security MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME if mbedtls_ssl_set_hostname() has not been called. Reported by Daniel Stenberg. + CVE-2025-27809 + From 30f42edd43d5d259b7e99e9b0fd137da50b9d171 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 29 Sep 2025 11:38:10 +0100 Subject: [PATCH 1069/1548] Changelog: Reworded fix-clang-psa-build-without-dhm Signed-off-by: Minos Galanakis --- ChangeLog.d/fix-clang-psa-build-without-dhm.txt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt index 7ae1c68a40..543f4dbf1b 100644 --- a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt +++ b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt @@ -1,3 +1,5 @@ Bugfix - * Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled - but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188. + * Fix Clang compilation error when finite-field Diffie-Hellman is disabled. + Reported by Michael Schuster in #9188. + + From 8120169554dbbdb662f1626fba65fd0f55d12306 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 29 Sep 2025 11:38:39 +0100 Subject: [PATCH 1070/1548] Changelog: Removed check-config.txt Signed-off-by: Minos Galanakis --- ChangeLog.d/check-config.txt | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 ChangeLog.d/check-config.txt diff --git a/ChangeLog.d/check-config.txt b/ChangeLog.d/check-config.txt deleted file mode 100644 index 8570a11757..0000000000 --- a/ChangeLog.d/check-config.txt +++ /dev/null @@ -1,9 +0,0 @@ -Changes - * Warn if mbedtls/check_config.h is included manually, as this can - lead to spurious errors. Error if a *adjust*.h header is included - manually, as this can lead to silently inconsistent configurations, - potentially resulting in buffer overflows. - When migrating from Mbed TLS 2.x, if you had a custom config.h that - included check_config.h, remove this inclusion from the Mbed TLS 3.x - configuration file (renamed to mbedtls_config.h). This change was made - in Mbed TLS 3.0, but was not announced in a changelog entry at the time. From 55e4bf8acd75eb0d570b9652d6aaa3c8e7f04ee6 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 29 Sep 2025 11:42:30 +0100 Subject: [PATCH 1071/1548] Changelog: Introduced oid.txt Signed-off-by: Minos Galanakis --- ChangeLog.d/oid.txt | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ChangeLog.d/oid.txt diff --git a/ChangeLog.d/oid.txt b/ChangeLog.d/oid.txt new file mode 100644 index 0000000000..53828d85b1 --- /dev/null +++ b/ChangeLog.d/oid.txt @@ -0,0 +1,8 @@ +Removals + * The library no longer offers interfaces to look up values by OID + or OID by enum values. + The header now only defines functions to convert + between binary and dotted string OID representations, and macros + for OID strings that are relevant to X.509. + The compilation option MBEDTLS_OID_C no longer + exists. OID tables are included in the build automatically as needed. From 9defedb833210957506c4171e92a6b292d0caa71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Mon, 29 Sep 2025 14:24:25 +0200 Subject: [PATCH 1072/1548] Fix comment too long for pylint MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/abi_check.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index dfe7f9ef15..4fe7f54fc0 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -207,7 +207,8 @@ def _update_git_submodules(self, git_worktree_path, version): try: # Try to update the submodules using local commits - # (Git will sometimes insist on fetching the remote without --no-fetch if the submodules are shallow clones) + # (Git will sometimes insist on fetching the remote without --no-fetch + # if the submodules are shallow clones) update_output = subprocess.check_output( [self.git_command, "submodule", "update", "--init", '--recursive', '--no-fetch'], cwd=git_worktree_path, From 7e8e438fce7a9b5ece2b483b973d8e0d9e7d9817 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 26 Sep 2025 15:25:43 +0100 Subject: [PATCH 1073/1548] Replace cases of time_t with mbedtls_time_t Signed-off-by: Ben Taylor --- library/ssl_tls.c | 2 +- programs/ssl/ssl_context_info.c | 2 +- programs/test/udp_proxy.c | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 37e4259e55..75c59a96ad 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3178,7 +3178,7 @@ static int ssl_tls12_session_load(mbedtls_ssl_session *session, start = MBEDTLS_GET_UINT64_BE(p, 0); p += 8; - session->start = (time_t) start; + session->start = (mbedtls_time_t) start; #endif /* MBEDTLS_HAVE_TIME */ /* diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 7bcd50fe65..46875ec414 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -277,7 +277,7 @@ static void print_time(const uint64_t *time) { #if defined(MBEDTLS_HAVE_TIME) char buf[20]; - struct tm *t = gmtime((time_t *) time); + struct tm *t = gmtime((mbedtls_time_t *) time); static const char format[] = "%Y-%m-%d %H:%M:%S"; if (NULL != t) { strftime(buf, sizeof(buf), format, t); diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 1c52990a8e..efa003da0d 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -25,7 +25,6 @@ #if defined(MBEDTLS_HAVE_TIME) #include #define mbedtls_time time -#define mbedtls_time_t time_t #endif #define mbedtls_printf printf #define mbedtls_calloc calloc From 6efe52473ca719f273c9b2db97344bc2b0d6edd1 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 29 Sep 2025 07:53:36 +0100 Subject: [PATCH 1074/1548] revert change to gmtime arguments int ssl_context_info.c Signed-off-by: Ben Taylor --- programs/ssl/ssl_context_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 46875ec414..7bcd50fe65 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -277,7 +277,7 @@ static void print_time(const uint64_t *time) { #if defined(MBEDTLS_HAVE_TIME) char buf[20]; - struct tm *t = gmtime((mbedtls_time_t *) time); + struct tm *t = gmtime((time_t *) time); static const char format[] = "%Y-%m-%d %H:%M:%S"; if (NULL != t) { strftime(buf, sizeof(buf), format, t); From b11d5bc949671ebb79e1caf7a898c3009448eb44 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 29 Sep 2025 13:59:26 +0100 Subject: [PATCH 1075/1548] Add ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/replace_time_t.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/replace_time_t.txt diff --git a/ChangeLog.d/replace_time_t.txt b/ChangeLog.d/replace_time_t.txt new file mode 100644 index 0000000000..53b63cfd43 --- /dev/null +++ b/ChangeLog.d/replace_time_t.txt @@ -0,0 +1,3 @@ +Bugfix + * Replace occurances of time_t with + mbedtls_time_t. From c797a35acd88ed89eb6079903a08cf224c6f9cb9 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 29 Sep 2025 14:18:20 +0100 Subject: [PATCH 1076/1548] Improve ChangeLog entry Signed-off-by: Ben Taylor --- ChangeLog.d/replace_time_t.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/replace_time_t.txt b/ChangeLog.d/replace_time_t.txt index 53b63cfd43..ec0282a9f2 100644 --- a/ChangeLog.d/replace_time_t.txt +++ b/ChangeLog.d/replace_time_t.txt @@ -1,3 +1,4 @@ Bugfix - * Replace occurances of time_t with - mbedtls_time_t. + * Fix a build error or incorrect TLS session + lifetime on platforms where mbedtls_time_t + is not time_t. Fixes #10236. From 2c2e24338b4d51de3677719ff0ea03396c1e7f28 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Sep 2025 15:47:23 +0200 Subject: [PATCH 1077/1548] There's no reason to discourage including */build_info.h directly Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/4.0-migration-guide/configuration.md b/docs/4.0-migration-guide/configuration.md index c8e54f657b..144f7bbe15 100644 --- a/docs/4.0-migration-guide/configuration.md +++ b/docs/4.0-migration-guide/configuration.md @@ -25,7 +25,7 @@ Note that many options related to cryptography have changed; see the TF-PSA-Cryp ### Split of `build_info.h` and `version.h` -TF-PSA-Crypto has a header file `` which includes the configuration file and provides the adjusted configuration macros, similar to `` in Mbed TLS. Generally, you should include a feature-specific header file rather than `build_info.h`. +The header file ``, which includes the configuration file and provides the adjusted configuration macros, now has an similar file `` in TF-PSA-Crypto. The Mbed TLS header includes the TF-PSA-Crypto header, so including `` remains sufficient to obtain information about the crypto configuration. TF-PSA-Crypto exposes its version through ``, similar to `` in Mbed TLS. From e27c35c6a622bdbe1cfff66bc51b074220b12152 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Sep 2025 15:48:58 +0200 Subject: [PATCH 1078/1548] Copyediting Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/4.0-migration-guide/configuration.md b/docs/4.0-migration-guide/configuration.md index 144f7bbe15..25bddf44f9 100644 --- a/docs/4.0-migration-guide/configuration.md +++ b/docs/4.0-migration-guide/configuration.md @@ -8,7 +8,7 @@ All configuration options that are relevant to TF-PSA-Crypto must now be configu * otherwise ``; * additionally `TF_PSA_CRYPTO_USER_CONFIG_FILE`, if set. -Configuration options that are relevant to X.509 or TLS should still be set in the Mbed TLS configuration file (`MBEDTLS_CONFIG_FILE` or ``, and `MBEDTLS_USER_CONFIG_FILE` is set). However, you can define all options in the crypto configuration, and Mbed TLS will pick them up. +Configuration options that are relevant to X.509 or TLS should still be set in the Mbed TLS configuration file (`MBEDTLS_CONFIG_FILE` or ``, plus `MBEDTLS_USER_CONFIG_FILE` if it is set). However, you can define all options in the crypto configuration, and Mbed TLS will pick them up. Generally speaking, the options that must be configured in TF-PSA-Crypto are: From c8e4fd3f1a637608501f4422da992b2892a7d216 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 22 Sep 2025 14:09:40 +0100 Subject: [PATCH 1079/1548] Initial removal of DES from mbedtls Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 15 +-------------- tests/scripts/depends.py | 4 ---- tests/scripts/set_psa_test_dependencies.py | 1 - 3 files changed, 1 insertion(+), 19 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 0551e6a404..f5a0afc82c 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -90,9 +90,6 @@ component_test_psa_crypto_without_heap() { # is disabled below. scripts/config.py unset-all "^PSA_WANT_KEY_TYPE_RSA_" scripts/config.py unset-all "^PSA_WANT_ALG_RSA_" - # DES requires built-in support for key generation (parity check) so it - # cannot be accelerated - scripts/config.py unset PSA_WANT_KEY_TYPE_DES # EC-JPAKE use calloc/free in PSA core scripts/config.py unset PSA_WANT_ALG_JPAKE # Enable p192[k|r]1 curves which are disabled by default in tf-psa-crypto. @@ -330,7 +327,6 @@ component_test_full_no_cipher () { scripts/config.py unset PSA_WANT_ALG_OFB scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 scripts/config.py unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py unset PSA_WANT_KEY_TYPE_DES # The following modules directly depends on CIPHER_C scripts/config.py unset MBEDTLS_NIST_KW_C @@ -1709,10 +1705,6 @@ component_test_psa_crypto_config_accel_cipher_aead_cmac () { common_psa_crypto_config_accel_cipher_aead_cmac - # Disable DES, if it still exists. - # This can be removed once we remove DES from the library. - scripts/config.py unset PSA_WANT_KEY_TYPE_DES - # Build # ----- @@ -1749,11 +1741,8 @@ component_test_psa_crypto_config_reference_cipher_aead_cmac () { msg "build: full config with non-accelerated cipher inc. AEAD and CMAC" common_psa_crypto_config_accel_cipher_aead_cmac - # Disable DES, if it still exists. - # This can be removed once we remove DES from the library. - scripts/config.py unset PSA_WANT_KEY_TYPE_DES - $MAKE_COMMAND + make msg "test: full config with non-accelerated cipher inc. AEAD and CMAC" $MAKE_COMMAND test @@ -2016,7 +2005,6 @@ component_build_aes_variations () { scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py unset PSA_WANT_KEY_TYPE_DES build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ "MBEDTLS_AES_ROM_TABLES" \ @@ -2230,7 +2218,6 @@ config_block_cipher_no_decrypt () { scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py unset PSA_WANT_KEY_TYPE_DES } component_test_block_cipher_no_decrypt_aesni () { diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 10d7028df0..bf401e0675 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -324,10 +324,6 @@ def test(self, options): '-PSA_WANT_ALG_CCM', '-PSA_WANT_ALG_GCM', '-PSA_WANT_ALG_ECB_NO_PADDING'], - 'PSA_WANT_KEY_TYPE_DES': ['-PSA_WANT_ALG_CCM', - '-PSA_WANT_ALG_GCM', - '-MBEDTLS_SSL_TICKET_C', - '-MBEDTLS_SSL_CONTEXT_SERIALIZATION'], } def handle_exclusive_groups(config_settings, symbol): """For every symbol tested in an exclusive group check if there are other diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py index 0be8ac5e4e..37152112be 100755 --- a/tests/scripts/set_psa_test_dependencies.py +++ b/tests/scripts/set_psa_test_dependencies.py @@ -53,7 +53,6 @@ 'MBEDTLS_CHACHAPOLY_C', 'MBEDTLS_CMAC_C', 'MBEDTLS_CTR_DRBG_C', - 'MBEDTLS_DES_C', 'MBEDTLS_ECDH_C', 'MBEDTLS_ECDSA_C', 'MBEDTLS_ECJPAKE_C', From 4936b17737031c38436cfcf9358e223f8a61c75c Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 25 Sep 2025 11:08:25 +0100 Subject: [PATCH 1080/1548] Add ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-des.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/remove-des.txt diff --git a/ChangeLog.d/remove-des.txt b/ChangeLog.d/remove-des.txt new file mode 100644 index 0000000000..e9be9c031f --- /dev/null +++ b/ChangeLog.d/remove-des.txt @@ -0,0 +1,3 @@ +Removals + * Remove DES and 3DES and all it's references + as it is not longer allowed by NIST. From c32f591bb10e89b4bcd805736e70cf7e8b2bf2f1 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 26 Sep 2025 11:19:02 +0100 Subject: [PATCH 1081/1548] Improved ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-des.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ChangeLog.d/remove-des.txt b/ChangeLog.d/remove-des.txt index e9be9c031f..0c83ec1107 100644 --- a/ChangeLog.d/remove-des.txt +++ b/ChangeLog.d/remove-des.txt @@ -1,3 +1,2 @@ Removals - * Remove DES and 3DES and all it's references - as it is not longer allowed by NIST. + * Removed DES (including 3DES) From c4dee5cf6215f27c8f3fcd983bf465cc33c1f980 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 29 Sep 2025 11:33:29 +0100 Subject: [PATCH 1082/1548] Remove ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-des.txt | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 ChangeLog.d/remove-des.txt diff --git a/ChangeLog.d/remove-des.txt b/ChangeLog.d/remove-des.txt deleted file mode 100644 index 0c83ec1107..0000000000 --- a/ChangeLog.d/remove-des.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Removed DES (including 3DES) From 1317d7f14d97d0b163c9a9f28cd992779abdd20f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 29 Sep 2025 11:35:55 +0100 Subject: [PATCH 1083/1548] Remove spurious make command Signed-off-by: Ben Taylor --- tests/scripts/components-configuration-crypto.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index f5a0afc82c..c330ccd814 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1742,7 +1742,6 @@ component_test_psa_crypto_config_reference_cipher_aead_cmac () { common_psa_crypto_config_accel_cipher_aead_cmac $MAKE_COMMAND - make msg "test: full config with non-accelerated cipher inc. AEAD and CMAC" $MAKE_COMMAND test From 6c4df1a2cc1820a117d722f6bf18b847defa9270 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 30 Sep 2025 08:17:38 +0100 Subject: [PATCH 1084/1548] Update tf-psa-crypto submodule Signed-off-by: Ben Taylor --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 9a43f3fe86..092a54c678 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 9a43f3fe868ef6da5a312a3da076b9595e02a75e +Subproject commit 092a54c67864d06a93ac7e8bfe90b01b3e2ec2e5 From db39c0fe0a315b8e5174ca297a33d9c7cc09ef56 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 30 Sep 2025 10:14:41 +0100 Subject: [PATCH 1085/1548] Update framework modules Signed-off-by: Ben Taylor --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 0bfaf0ed97..ab4d9cee6d 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 0bfaf0ed9721b3858e8982698c618ee748b21a7d +Subproject commit ab4d9cee6d63c0ddcdc150144ff2e1f2db914381 From 28d1d61d72721ae0128184a39b3edf21bf7af8c0 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 30 Sep 2025 10:42:05 +0200 Subject: [PATCH 1086/1548] Update BRANCHES.md Signed-off-by: Ronald Cron --- BRANCHES.md | 26 +++----------------------- 1 file changed, 3 insertions(+), 23 deletions(-) diff --git a/BRANCHES.md b/BRANCHES.md index 806629721c..5945f95d9c 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -6,9 +6,8 @@ At any point in time, we have a number of maintained branches, currently consist this always contains the latest release, including all publicly available security fixes. - The [`development`](https://github.com/Mbed-TLS/mbedtls/tree/development) branch: - this is where the next major version of Mbed TLS (version 4.0) is being - prepared. It has API changes that make it incompatible with Mbed TLS 3.x, - as well as all the new features and bug fixes and security fixes. + this is where the next minor version of Mbed TLS 4 is prepared. It contains + new features, bug fixes, and security fixes. - One or more long-time support (LTS) branches: these only get bug fixes and security fixes. Currently, the supported LTS branches are: - [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6). @@ -19,7 +18,7 @@ These branches will not receive any changes or updates. We use [Semantic Versioning](https://semver.org/). In particular, we maintain API compatibility in the `main` branch across minor version changes (e.g. -the API of 3.(x+1) is backward compatible with 3.x). We only break API +the API of 4.(x+1) is backward compatible with 4.x). We only break API compatibility on major version changes (e.g. from 3.x to 4.0). We also maintain ABI compatibility within LTS branches; see the next section for details. @@ -66,25 +65,6 @@ crypto that was found to be weak) may need to be changed. In case security comes in conflict with backwards compatibility, we will put security first, but always attempt to provide a compatibility option. -## Backward compatibility for the key store - -We maintain backward compatibility with previous versions of the -PSA Crypto persistent storage since Mbed TLS 2.25.0, provided that the -storage backend (PSA ITS implementation) is configured in a compatible way. -We intend to maintain this backward compatibility throughout a major version -of Mbed TLS (for example, all Mbed TLS 3.y versions will be able to read -keys written under any Mbed TLS 3.x with x <= y). - -Mbed TLS 3.x can also read keys written by Mbed TLS 2.25.0 through 2.28.x -LTS, but future major version upgrades (for example from 2.28.x/3.x to 4.y) -may require the use of an upgrade tool. - -Note that this guarantee does not currently fully extend to drivers, which -are an experimental feature. We intend to maintain compatibility with the -basic use of drivers from Mbed TLS 2.28.0 onwards, even if driver APIs -change. However, for more experimental parts of the driver interface, such -as the use of driver state, we do not yet guarantee backward compatibility. - ## Long-time support branches For the LTS branches, additionally we try very hard to also maintain ABI From 94f102c06cf8e7b6b13ff882d287940537148c54 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 30 Sep 2025 12:19:29 +0200 Subject: [PATCH 1087/1548] Update SECURITY.md Signed-off-by: Ronald Cron --- SECURITY.md | 37 ------------------------------------- 1 file changed, 37 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 4682f7aacc..4e7bb14316 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -37,10 +37,6 @@ being implemented. (For example Mbed TLS alone won't guarantee that the messages will arrive without delay, as the TLS protocol doesn't guarantee that either.) -**Warning!** Block ciphers do not yet achieve full protection against attackers -who can measure the timing of packets with sufficient precision. For details -and workarounds see the [Block Ciphers](#block-ciphers) section. - ### Local attacks In this section, we consider an attacker who can run software on the same @@ -69,9 +65,6 @@ physical side channels as well. Remote and physical timing attacks are covered in the [Remote attacks](remote-attacks) and [Physical attacks](physical-attacks) sections respectively. -**Warning!** Block ciphers do not yet achieve full protection. For -details and workarounds see the [Block Ciphers](#block-ciphers) section. - #### Local non-timing side channels The attacker code running on the platform has access to some sensor capable of @@ -115,36 +108,6 @@ protection against a class of attacks outside of the above described threat model. Neither does it mean that the failure of such a countermeasure is considered a vulnerability. -#### Block ciphers - -Currently there are four block ciphers in Mbed TLS: AES, CAMELLIA, ARIA and -DES. The pure software implementation in Mbed TLS implementation uses lookup -tables, which are vulnerable to timing attacks. - -These timing attacks can be physical, local or depending on network latency -even a remote. The attacks can result in key recovery. - -**Workarounds:** - -- Turn on hardware acceleration for AES. This is supported only on selected - architectures and currently only available for AES. See configuration options - `MBEDTLS_AESCE_C`, `MBEDTLS_AESNI_C` for details. -- Add a secure alternative implementation (typically hardware acceleration) for - the vulnerable cipher. See the [Alternative Implementations -Guide](docs/architecture/alternative-implementations.md) for more information. -- Use cryptographic mechanisms that are not based on block ciphers. In - particular, for authenticated encryption, use ChaCha20/Poly1305 instead of - block cipher modes. For random generation, use HMAC\_DRBG instead of CTR\_DRBG. - -#### Everest - -The HACL* implementation of X25519 taken from the Everest project only protects -against remote timing attacks. (See their [Security -Policy](https://github.com/hacl-star/hacl-star/blob/main/SECURITY.md).) - -The Everest variant is only used when `MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED` -configuration option is defined. This option is off by default. - #### Formatting of X.509 certificates and certificate signing requests When parsing X.509 certificates and certificate signing requests (CSRs), From dc0036b4cd73f96838f088651243f83ec9a3ac16 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 1 Oct 2025 16:54:42 +0100 Subject: [PATCH 1088/1548] Updated framework pointer Signed-off-by: Minos Galanakis --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index ab4d9cee6d..d80c4f9ec3 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit ab4d9cee6d63c0ddcdc150144ff2e1f2db914381 +Subproject commit d80c4f9ec3a01c001778658023f82e40fdb51d40 From 0552033183b168980492169f493908cdfd572be2 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 1 Oct 2025 16:54:51 +0100 Subject: [PATCH 1089/1548] Updated tf-psa-crypto pointer Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 092a54c678..cf4c26de94 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 092a54c67864d06a93ac7e8bfe90b01b3e2ec2e5 +Subproject commit cf4c26de948e8bfe6566dd8b78299df4b627127d From d196cbd3e529faffe10bee2f0a8e74aac9da24df Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 30 Sep 2025 09:58:08 +0200 Subject: [PATCH 1090/1548] README.md: The crypto code is provided by TF-PSA-Crypto Signed-off-by: Ronald Cron --- README.md | 46 +++------------------------------------------- 1 file changed, 3 insertions(+), 43 deletions(-) diff --git a/README.md b/README.md index 7326a3ebe5..449926c738 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,8 @@ README for Mbed TLS =================== -Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems. - -Mbed TLS includes a reference implementation of the [PSA Cryptography API](#psa-cryptography-api). This is currently a preview for evaluation purposes only. +Mbed TLS is a C library that implements X.509 certificate manipulation and the TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems. +Mbed TLS includes the [TF-PSA-Crypto repository](https://github.com/Mbed-TLS/TF-PSA-Crypto) that provides an implementation of the [PSA Cryptography API](https://arm-software.github.io/psa-api). Configuration ------------- @@ -19,8 +18,6 @@ Documentation The main Mbed TLS documentation is available via [ReadTheDocs](https://mbed-tls.readthedocs.io/). -Documentation for the PSA Cryptography API is available [on GitHub](https://arm-software.github.io/psa-api/crypto/). - To generate a local copy of the library documentation in HTML format, tailored to your compile-time configuration: 1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed. @@ -43,7 +40,7 @@ You need the following tools to build the library: * CMake 3.10.2 or later. * A build system that CMake supports. * A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, IAR 8 and Visual Studio 2017. More recent versions should work. Slightly older versions may work. -* Python 3.8 to generate the test code. Python is also needed to integrate PSA drivers and to build the development branch (see next section). +* Python 3.8 to generate the test code. Python is also needed to build the development branch (see next section). * Perl to run the tests, and to generate some source files in the development branch. * Doxygen 1.8.11 or later (if building the documentation; slightly older versions should work). @@ -236,48 +233,11 @@ Mbed TLS is mostly written in portable C99; however, it has a few platform requi - Mixed-endian platforms are not supported. - SIZE_MAX must be at least as big as INT_MAX and UINT_MAX. -PSA cryptography API --------------------- - -### PSA API - -Arm's [Platform Security Architecture (PSA)](https://developer.arm.com/architectures/security-architectures/platform-security-architecture) is a holistic set of threat models, security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level. - -The [PSA cryptography API](https://arm-software.github.io/psa-api/crypto/) provides access to a set of cryptographic primitives. It has a dual purpose. First, it can be used in a PSA-compliant platform to build services, such as secure boot, secure storage and secure communication. Second, it can also be used independently of other PSA components on any platform. - -The design goals of the PSA cryptography API include: - -* The API distinguishes caller memory from internal memory, which allows the library to be implemented in an isolated space for additional security. Library calls can be implemented as direct function calls if isolation is not desired, and as remote procedure calls if isolation is desired. -* The structure of internal data is hidden to the application, which allows substituting alternative implementations at build time or run time, for example, in order to take advantage of hardware accelerators. -* All access to the keys happens through key identifiers, which allows support for external cryptoprocessors that is transparent to applications. -* The interface to algorithms is generic, favoring algorithm agility. -* The interface is designed to be easy to use and hard to accidentally misuse. - -Arm welcomes feedback on the design of the API. If you think something could be improved, please open an issue on our Github repository. Alternatively, if you prefer to provide your feedback privately, please email us at [`mbed-crypto@arm.com`](mailto:mbed-crypto@arm.com). All feedback received by email is treated confidentially. - -### PSA implementation in Mbed TLS - -Mbed TLS includes a reference implementation of the PSA Cryptography API. -However, it does not aim to implement the whole specification; in particular it does not implement all the algorithms. - -### PSA drivers - -Mbed TLS supports drivers for cryptographic accelerators, secure elements and random generators. This is work in progress. Please note that the driver interfaces are not fully stable yet and may change without notice. We intend to preserve backward compatibility for application code (using the PSA Crypto API), but the code of the drivers may have to change in future minor releases of Mbed TLS. - -Please see the [PSA driver example and guide](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-driver-example-and-guide.md) for information on writing a driver. - License ------- Unless specifically indicated otherwise in a file, Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. See the [LICENSE](LICENSE) file for the full text of these licenses, and [the 'License and Copyright' section in the contributing guidelines](CONTRIBUTING.md#License-and-Copyright) for more information. -### Third-party code included in Mbed TLS - -This project contains code from other projects. This code is located within the `tf-psa-crypto/drivers/` directory. The original license text is included within project subdirectories, where it differs from the normal Mbed TLS license, and/or in source files. The projects are listed below: - -* `drivers/everest/`: Files stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license. -* `drivers/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is distributed in Mbed TLS under a dual Apache-2.0 OR GPL-2.0-or-later license with permission from the author. - Contributing ------------ From eef87b348f2e84e7d62734376781245192a738a6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 30 Sep 2025 13:06:32 +0200 Subject: [PATCH 1091/1548] README.md: Microsoft Visual Studio is not directly supported anymore Signed-off-by: Ronald Cron --- README.md | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/README.md b/README.md index 449926c738..0e35fe9aa8 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ The source code of Mbed TLS includes some files that are automatically generated The following tools are required: -* Perl, for some library source files and for Visual Studio build files. +* Perl, for some library source files. * Python 3.8 and some Python packages, for some library source files, sample programs and test data. To install the necessary packages, run: ``` python3 -m pip install --user -r scripts/basic.requirements.txt @@ -185,14 +185,6 @@ Mbed TLS supports being built as a CMake subproject. One can use `add_subdirectory()` from a parent CMake project to include Mbed TLS as a subproject. -### Microsoft Visual Studio - -The build files for Microsoft Visual Studio are generated for Visual Studio 2017. - -The solution file `mbedTLS.sln` contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need Python and perl environments as well. However, the selftest program in `programs/test/` is still available. - -In the development branch of Mbed TLS, the Visual Studio solution files need to be generated first as described in [“Generated source files in the development branch”](#generated-source-files-in-the-development-branch). - Example programs ---------------- From 0f2ef4a896dff5f2d53affbc3b083032e8326cac Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 30 Sep 2025 18:30:32 +0200 Subject: [PATCH 1092/1548] README.md: Update Configuration section Signed-off-by: Ronald Cron --- README.md | 7 ++++--- configs/README.txt | 34 ++++++++++++++++++---------------- 2 files changed, 22 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 0e35fe9aa8..171323c7d0 100644 --- a/README.md +++ b/README.md @@ -6,12 +6,13 @@ Mbed TLS includes the [TF-PSA-Crypto repository](https://github.com/Mbed-TLS/TF- Configuration ------------- +Configuration options related to X.509 and TLS are available in `include/mbedtls/mbedtls_config.h`, while cryptography and platform options are located in the TF-PSA-Crypto configuration file `tf-psa-crypto/include/psa/crypto_config.h`. -Mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/mbedtls_config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Python 3 script `scripts/config.py` (use `--help` for usage instructions). +With the default platform options, Mbed TLS should build out of the box on most systems. -Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS`. +These configuration files can be edited manually, or programmatically using the Python 3 script scripts/config.py (run with --help for usage instructions). -We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt` +We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`. Documentation ------------- diff --git a/configs/README.txt b/configs/README.txt index 86496db013..9e471344ef 100644 --- a/configs/README.txt +++ b/configs/README.txt @@ -1,24 +1,26 @@ This directory contains example configuration files. -The examples are generally focused on a particular usage case (eg, support for -a restricted number of ciphersuites) and aim at minimizing resource usage for -this target. They can be used as a basis for custom configurations. +The examples are generally focused on a particular use case (eg, support for +a restricted set of ciphersuites) and aim to minimize resource usage for +the target. They can be used as a basis for custom configurations. -These files are complete replacements for the default mbedtls_config.h. To use one of -them, you can pick one of the following methods: +These files come in pairs and are complete replacements for the default +mbedtls_config.h and crypto_config.h. The two files of a pair share the same or +very similar name, with the crypto file prefixed by "crypto-". Note +that some of the cryptography configuration files may be located in +tf-psa-crypto/configs. -1. Replace the default file include/mbedtls/mbedtls_config.h with the chosen one. +To use one of these pairs, you can pick one of the following methods: -2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly. - For example, using make: +1. Replace the default files include/mbedtls/mbedtls_config.h and + tf-psa-crypto/include/psa/crypto_config.h with the chosen ones. - CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE=''" make +2. Use the MBEDTLS_CONFIG_FILE and TF_PSA_CRYPTO_CONFIG_FILE options of the + CMake build system: - Or, using cmake: + cmake -DMBEDTLS_CONFIG_FILE="path-to-your-mbedtls-config-file" \ + -DTF_PSA_CRYPTO_CONFIG_FILE="path-to-your-tf-psa-crypto-config-file" . + make - find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} + - CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE=''" cmake . - make - -Note that the second method also works if you want to keep your custom -configuration file outside the Mbed TLS tree. +The second method also works if you want to keep your custom configuration +files outside the Mbed TLS tree. From 200b89bb87849192b96d1c4d3e631489c83eb370 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 1 Oct 2025 10:05:34 +0200 Subject: [PATCH 1093/1548] README.md: Update/Fix documentation section Signed-off-by: Ronald Cron --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 171323c7d0..1e07fd8018 100644 --- a/README.md +++ b/README.md @@ -22,9 +22,8 @@ The main Mbed TLS documentation is available via [ReadTheDocs](https://mbed-tls. To generate a local copy of the library documentation in HTML format, tailored to your compile-time configuration: 1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed. -1. Run `mkdir /path/to/build_dir && cd /path/to/build_dir` -1. Run `cmake /path/to/mbedtls/source` -1. Run `make apidoc` +1. Run `cmake -B /path/to/build_dir /path/to/mbedtls/source` +1. Run `cmake --build /path/to/build_dir --target mbedtls-apidoc` 1. Browse `apidoc/index.html` or `apidoc/modules.html`. For other sources of documentation, see the [SUPPORT](SUPPORT.md) document. From 7cf78b4c2cacddf77f76e5e612e22ee24be7c94f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 1 Oct 2025 10:28:17 +0200 Subject: [PATCH 1094/1548] README.md: Update build sections Signed-off-by: Ronald Cron --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1e07fd8018..9ba6ae36ac 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ For other sources of documentation, see the [SUPPORT](SUPPORT.md) document. Compiling --------- -We use CMake to configure and drive our build process. Three libraries are built: libtfpsacrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libtfpsacrypto, and libmbedx509 depends on libtfpsacrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -ltfpsacrypto`. +We use CMake to configure and drive our build process. Three libraries are built: `libtfpsacrypto`, `libmbedx509`, and `libmbedtls`. Note that `libmbedtls` depends on `libmbedx509` and `libtfpsacrypto`, and `libmbedx509` depends on `libtfpsacrypto`. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -ltfpsacrypto`. The cryptographic library `libtfpsacrypto` is also provided under its legacy name, `libmbedcrypto`. ### Tool versions @@ -106,9 +106,11 @@ There are many different build types available with CMake. Most of them are avai - `Coverage`. This generates code coverage information in addition to debug information. - `ASan`. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.) - `ASanDbg`. Same as ASan but slower, with debug information and better stack traces. -- `MemSan`. This instruments the code with MemorySanitizer to check for uninitialised memory reads. Experimental, needs recent clang on Linux/x86\_64. +- `MemSan`. This instruments the code with MemorySanitizer to check for uninitialised memory reads. - `MemSanDbg`. Same as MemSan but slower, with debug information, better stack traces and origin tracking. - `Check`. This activates the compiler warnings that depend on optimization and treats all warnings as errors. +- `TSan`. This instruments the code with ThreadSanitizer to detect data races and other threading-related concurrency issues at runtime. +- `TSanDbg`. Same as TSan but slower, with debug information, better stack traces and origin tracking. Switching build types in CMake is simple. For debug mode, enter at the command line: From 4ccdaf1cd5d3c5426b6d58b921edfbd000a0a5cc Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 1 Oct 2025 12:40:27 +0200 Subject: [PATCH 1095/1548] README.md: Update minimum version of tools Signed-off-by: Ronald Cron --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9ba6ae36ac..ddf2dbf6bc 100644 --- a/README.md +++ b/README.md @@ -35,14 +35,14 @@ We use CMake to configure and drive our build process. Three libraries are built ### Tool versions -You need the following tools to build the library: +You need the following tools to build the library from the main branch with the provided CMake files. Mbed TLS minimum tool version requirements are set based on the versions shipped in the latest or penultimate (depending on the release cadence) long-term support releases of major Linux distributions, namely at time of writing: Ubuntu 22.04, RHEL 9, and SLES 15 SP4. -* CMake 3.10.2 or later. +* CMake 3.20.4 or later. * A build system that CMake supports. * A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, IAR 8 and Visual Studio 2017. More recent versions should work. Slightly older versions may work. * Python 3.8 to generate the test code. Python is also needed to build the development branch (see next section). * Perl to run the tests, and to generate some source files in the development branch. -* Doxygen 1.8.11 or later (if building the documentation; slightly older versions should work). +* Doxygen 1.8.14 or later (if building the documentation; slightly older versions should work). ### Git usage @@ -55,7 +55,7 @@ The source code of Mbed TLS includes some files that are automatically generated The following tools are required: * Perl, for some library source files. -* Python 3.8 and some Python packages, for some library source files, sample programs and test data. To install the necessary packages, run: +* Python 3 and some Python packages, for some library source files, sample programs and test data. To install the necessary packages, run: ``` python3 -m pip install --user -r scripts/basic.requirements.txt ``` From e2d4684ec401e27e5679c139846c641c2322e236 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 1 Oct 2025 13:04:49 +0200 Subject: [PATCH 1096/1548] README.md: Update tests section Signed-off-by: Ronald Cron --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index ddf2dbf6bc..1c6bc42885 100644 --- a/README.md +++ b/README.md @@ -202,7 +202,6 @@ For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, ad - `tests/ssl-opt.sh` runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations. - `tests/compat.sh` tests interoperability of every ciphersuite with other implementations. -- `tests/scripts/test-ref-configs.pl` test builds in various reduced configurations. - `tests/scripts/depends.py` test builds in configurations with a single curve, key exchange, hash, cipher, or pkalg on. - `tests/scripts/all.sh` runs a combination of the above tests, plus some more, with various build options (such as ASan, full `mbedtls_config.h`, etc). From c9d79ff0d493d5c33b68d641da0ecf3460d34566 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 2 Oct 2025 19:14:14 +0200 Subject: [PATCH 1097/1548] README.md: Various small improvements Signed-off-by: Ronald Cron --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 1c6bc42885..d745b24bef 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Configuration options related to X.509 and TLS are available in `include/mbedtls With the default platform options, Mbed TLS should build out of the box on most systems. -These configuration files can be edited manually, or programmatically using the Python 3 script scripts/config.py (run with --help for usage instructions). +These configuration files can be edited manually, or programmatically using the Python 3 script `scripts/config.py` (run with --help for usage instructions). We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`. @@ -38,7 +38,7 @@ We use CMake to configure and drive our build process. Three libraries are built You need the following tools to build the library from the main branch with the provided CMake files. Mbed TLS minimum tool version requirements are set based on the versions shipped in the latest or penultimate (depending on the release cadence) long-term support releases of major Linux distributions, namely at time of writing: Ubuntu 22.04, RHEL 9, and SLES 15 SP4. * CMake 3.20.4 or later. -* A build system that CMake supports. +* A build system like Make or Ninja for which CMake can generate build files. * A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, IAR 8 and Visual Studio 2017. More recent versions should work. Slightly older versions may work. * Python 3.8 to generate the test code. Python is also needed to build the development branch (see next section). * Perl to run the tests, and to generate some source files in the development branch. @@ -138,7 +138,7 @@ showing them as modified). In order to do so, from the Mbed TLS source directory, use: cmake . - make + cmake --build . If you want to change `CC` or `CFLAGS` afterwards, you will need to remove the CMake cache. This can be done with the following command using GNU find: @@ -148,10 +148,10 @@ CMake cache. This can be done with the following command using GNU find: You can now make the desired change: CC=your_cc cmake . - make + cmake --build . Regarding variables, also note that if you set CFLAGS when invoking cmake, -your value of CFLAGS doesn't override the content provided by cmake (depending +your value of CFLAGS doesn't override the content provided by CMake (depending on the build mode as seen above), it's merely prepended to it. #### Consuming Mbed TLS @@ -196,13 +196,13 @@ Please note that the goal of these sample programs is to demonstrate specific fe Tests ----- -Mbed TLS includes an elaborate test suite in `tests/` that initially requires Python to generate the tests files (e.g. `test\_suite\_ssl.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_ssl.function`) and a `data file` (e.g. `suites/test\_suite\_ssl.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function. +Mbed TLS includes an elaborate test suite in `tests/` that initially requires Python to generate the tests files (e.g. `test_suite_ssl.c`). These files are generated from a `function file` (e.g. `suites/test_suite_ssl.function`) and a `data file` (e.g. `suites/test_suite_ssl.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function. For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available: - `tests/ssl-opt.sh` runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations. - `tests/compat.sh` tests interoperability of every ciphersuite with other implementations. -- `tests/scripts/depends.py` test builds in configurations with a single curve, key exchange, hash, cipher, or pkalg on. +- `tests/scripts/depends.py` tests builds in configurations with a single curve, key exchange, hash, cipher, or pkalg on. - `tests/scripts/all.sh` runs a combination of the above tests, plus some more, with various build options (such as ASan, full `mbedtls_config.h`, etc). Instead of manually installing the required versions of all tools required for testing, it is possible to use the Docker images from our CI systems, as explained in [our testing infrastructure repository](https://github.com/Mbed-TLS/mbedtls-test/blob/main/README.md#quick-start). From c9998d399b7f8814994721e516107a5733d97741 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 3 Oct 2025 10:03:20 +0200 Subject: [PATCH 1098/1548] README.md: Fix/Update the "Git usage" section Signed-off-by: Ronald Cron --- README.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d745b24bef..33ad4ac23d 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,15 @@ You need the following tools to build the library from the main branch with the ### Git usage -The `development` branch and the `mbedtls-3.6` long-term support branch of Mbed TLS use a [Git submodule](https://git-scm.com/book/en/v2/Git-Tools-Submodules#_cloning_submodules) ([framework](https://github.com/Mbed-TLS/mbedtls-framework)). This is not needed to merely compile the library at a release tag. This is not needed to consume a release archive (zip or tar). +The supported branches (see [`BRANCHES.md`](BRANCHES.md)) use [Git submodules](https://git-scm.com/book/en/v2/Git-Tools-Submodules#_cloning_submodules). They contain two submodules: the [framework](https://github.com/Mbed-TLS/mbedtls-framework) submodule and the [tf-psa-crypto](https://github.com/Mbed-TLS/TF-PSA-Crypto) submodule, except for the 3.6 LTS branch, which contains only the framework submodule. Release tags also use Git submodules. + +After cloning or checking out a branch or tag, run: + ``` + git submodule update --init --recursive + ``` + to initialize and update the submodules before building. + +However, the official source release tarballs (e.g. [mbedtls-4.0.0-beta.tar.bz2](https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-4.0.0-beta/mbedtls-4.0.0-beta.tar.bz2)) include the contents of the submodules. ### Generated source files in the development branch From 74a4984eacfd40e2d026359b0dcb29ed38b1b486 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 3 Oct 2025 11:13:44 +0200 Subject: [PATCH 1099/1548] README.md: Fix/Improve CMake section Signed-off-by: Ronald Cron --- README.md | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 33ad4ac23d..40e9e579c3 100644 --- a/README.md +++ b/README.md @@ -95,14 +95,10 @@ In order to run the tests, enter: ctest -The test suites need Python to be built and Perl to be executed. If you don't have one of these installed, you'll want to disable the test suites with: +The test suites need Python to be built. If you don't have Python installed, you'll want to disable the test suites with: cmake -DENABLE_TESTING=Off /path/to/mbedtls_source -If you disabled the test suites, but kept the programs enabled, you can still run a much smaller set of tests with: - - programs/test/selftest - To configure CMake for building shared libraries, use: cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On /path/to/mbedtls_source @@ -137,7 +133,7 @@ for example: CC=your_cc cmake /path/to/mbedtls_source If you already invoked cmake and want to change those settings, you need to -remove the build directory and create it again. +invoke the configuration phase of CMake again with the new settings. Note that it is possible to build in-place; this will however overwrite the legacy Makefiles still used for testing purposes (see @@ -164,17 +160,23 @@ on the build mode as seen above), it's merely prepended to it. #### Consuming Mbed TLS -Mbed TLS provides a package config file for consumption as a dependency in other -CMake projects. You can include Mbed TLS's CMake targets yourself with: +Mbed TLS provides a CMake package configuration file for consumption as a +dependency in other CMake projects. You can load its CMake targets with: + + find_package(MbedTLS REQUIRED) + +You can help CMake find the package: - find_package(MbedTLS) +- By setting the variable `MbedTLS_DIR` to `${YOUR_MBEDTLS_BUILD_DIR}/cmake`, + as shown in `programs/test/cmake_package/CMakeLists.txt`, or +- By adding the Mbed TLS installation prefix to `CMAKE_PREFIX_PATH`, + as shown in `programs/test/cmake_package_install/CMakeLists.txt`. -If prompted, set `MbedTLS_DIR` to `${YOUR_MBEDTLS_INSTALL_DIR}/cmake`. This -creates the following targets: +After a successful `find_package(MbedTLS)`, the following imported targets are available: -- `MbedTLS::tfpsacrypto` (Crypto library) -- `MbedTLS::mbedtls` (TLS library) -- `MbedTLS::mbedx509` (X509 library) +- `MbedTLS::tfpsacrypto`, the crypto library +- `MbedTLS::mbedtls`, the TLS library +- `MbedTLS::mbedx509`, the X.509 library You can then use these directly through `target_link_libraries()`: From e943bd73ac83dc5ac472d42203d5f7df8aacac9a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 5 Oct 2025 16:46:20 +0200 Subject: [PATCH 1100/1548] configs/README.txt: Improve example with MBEDTLS/TF_PSA_CRYPTO_CONFIG_FILE Signed-off-by: Ronald Cron --- configs/README.txt | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/configs/README.txt b/configs/README.txt index 9e471344ef..38348dda0e 100644 --- a/configs/README.txt +++ b/configs/README.txt @@ -15,12 +15,14 @@ To use one of these pairs, you can pick one of the following methods: 1. Replace the default files include/mbedtls/mbedtls_config.h and tf-psa-crypto/include/psa/crypto_config.h with the chosen ones. -2. Use the MBEDTLS_CONFIG_FILE and TF_PSA_CRYPTO_CONFIG_FILE options of the - CMake build system: +2. Use the MBEDTLS_CONFIG_FILE and TF_PSA_CRYPTO_CONFIG_FILE CMake options. For + example, to build out-of-tree with the config-ccm-psk-tls1_2.h and + crypto-config-ccm-psk-tls1_2.h configuration pair: - cmake -DMBEDTLS_CONFIG_FILE="path-to-your-mbedtls-config-file" \ - -DTF_PSA_CRYPTO_CONFIG_FILE="path-to-your-tf-psa-crypto-config-file" . - make + cmake -DMBEDTLS_CONFIG_FILE="configs/config-ccm-psk-tls1_2.h" \ + -DTF_PSA_CRYPTO_CONFIG_FILE="configs/crypto-config-ccm-psk-tls1_2.h" + -B build-psktls12 . + cmake --build build-psktls12 The second method also works if you want to keep your custom configuration files outside the Mbed TLS tree. From 8267196b8bb77df0da538ec32ae657fdd9164924 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 5 Oct 2025 16:58:41 +0200 Subject: [PATCH 1101/1548] README.md: Add mention to topics.html for Doxygen documentation Signed-off-by: Ronald Cron --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 40e9e579c3..3f905c1322 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,9 @@ To generate a local copy of the library documentation in HTML format, tailored t 1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed. 1. Run `cmake -B /path/to/build_dir /path/to/mbedtls/source` 1. Run `cmake --build /path/to/build_dir --target mbedtls-apidoc` -1. Browse `apidoc/index.html` or `apidoc/modules.html`. +1. Open one of the main generated HTML files: + * `apidoc/index.html` + * `apidoc/modules.html` or `apidoc/topics.html` For other sources of documentation, see the [SUPPORT](SUPPORT.md) document. From b906301e10b7e4df40077526658aa808d2a8c19a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 5 Oct 2025 16:47:45 +0200 Subject: [PATCH 1102/1548] Various minor improvements Signed-off-by: Ronald Cron --- BRANCHES.md | 2 +- README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/BRANCHES.md b/BRANCHES.md index 5945f95d9c..c781704977 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -6,7 +6,7 @@ At any point in time, we have a number of maintained branches, currently consist this always contains the latest release, including all publicly available security fixes. - The [`development`](https://github.com/Mbed-TLS/mbedtls/tree/development) branch: - this is where the next minor version of Mbed TLS 4 is prepared. It contains + this is where the next minor version of Mbed TLS 4.x is prepared. It contains new features, bug fixes, and security fixes. - One or more long-time support (LTS) branches: these only get bug fixes and security fixes. Currently, the supported LTS branches are: diff --git a/README.md b/README.md index 3f905c1322..4b1188e3b3 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Configuration options related to X.509 and TLS are available in `include/mbedtls With the default platform options, Mbed TLS should build out of the box on most systems. -These configuration files can be edited manually, or programmatically using the Python 3 script `scripts/config.py` (run with --help for usage instructions). +These configuration files can be edited manually, or programmatically using the Python script `scripts/config.py` (run with --help for usage instructions). We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`. @@ -41,8 +41,8 @@ You need the following tools to build the library from the main branch with the * CMake 3.20.4 or later. * A build system like Make or Ninja for which CMake can generate build files. -* A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, IAR 8 and Visual Studio 2017. More recent versions should work. Slightly older versions may work. -* Python 3.8 to generate the test code. Python is also needed to build the development branch (see next section). +* A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, IAR 8, and Visual Studio 2017 Compiler. More recent versions should work. Slightly older versions may work. +* Python 3.8 or later to generate the test code. Python is also needed to build the development branch (see next section). * Perl to run the tests, and to generate some source files in the development branch. * Doxygen 1.8.14 or later (if building the documentation; slightly older versions should work). @@ -69,7 +69,7 @@ The following tools are required: ``` python3 -m pip install --user -r scripts/basic.requirements.txt ``` - Depending on your Python installation, you may need to invoke `python` instead of `python3`. To install the packages system-wide, omit the `--user` option. + Depending on your Python installation, you may need to invoke `python` instead of `python3`. To install the packages system-wide or in a virtual environment, omit the `--user` option. * A C compiler for the host platform, for some test data. The scripts that generate the configuration-independent files will look for a host C compiler in the following places (in order of preference): From 864c31a1f8042b858d0e427548fbe83dbe57959e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 5 Oct 2025 17:28:11 +0200 Subject: [PATCH 1103/1548] README.md: IAR not currently used in our testing Signed-off-by: Ronald Cron --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4b1188e3b3..0638cd8385 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ You need the following tools to build the library from the main branch with the * CMake 3.20.4 or later. * A build system like Make or Ninja for which CMake can generate build files. -* A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, IAR 8, and Visual Studio 2017 Compiler. More recent versions should work. Slightly older versions may work. +* A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, and Visual Studio 2017 Compiler. More recent versions should work. Slightly older versions may work. * Python 3.8 or later to generate the test code. Python is also needed to build the development branch (see next section). * Perl to run the tests, and to generate some source files in the development branch. * Doxygen 1.8.14 or later (if building the documentation; slightly older versions should work). From 63180eb1323834d43d32880a171bfb1c9d6efd78 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 5 Oct 2025 17:41:01 +0200 Subject: [PATCH 1104/1548] README.md: Adjust CMake minimum version Adjust CMake minimum version to 3.20.2. That is the version in CentOS which is the rolling-delivery upstream of RHEL 9. Signed-off-by: Ronald Cron --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0638cd8385..69f2dcb26e 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ We use CMake to configure and drive our build process. Three libraries are built You need the following tools to build the library from the main branch with the provided CMake files. Mbed TLS minimum tool version requirements are set based on the versions shipped in the latest or penultimate (depending on the release cadence) long-term support releases of major Linux distributions, namely at time of writing: Ubuntu 22.04, RHEL 9, and SLES 15 SP4. -* CMake 3.20.4 or later. +* CMake 3.20.2 or later. * A build system like Make or Ninja for which CMake can generate build files. * A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, Arm Compiler 6, and Visual Studio 2017 Compiler. More recent versions should work. Slightly older versions may work. * Python 3.8 or later to generate the test code. Python is also needed to build the development branch (see next section). From 91b8310e54129c60b2d7fcbc7cc6f8776a76b04a Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 7 Oct 2025 08:19:44 +0100 Subject: [PATCH 1105/1548] Remove internal deprecated items Signed-off-by: Ben Taylor --- library/ssl_misc.h | 42 ---------------------- library/ssl_tls.c | 3 -- tests/suites/test_suite_x509write.function | 18 ---------- 3 files changed, 63 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 5b852bdd19..0df7f96360 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -775,11 +775,6 @@ struct mbedtls_ssl_handshake_params { uint16_t received_sig_algs[MBEDTLS_RECEIVED_SIG_ALGS_SIZE]; #endif -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - const uint16_t *group_list; - const uint16_t *sig_algs; -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED) psa_key_type_t xxdh_psa_type; size_t xxdh_psa_bits; @@ -2306,12 +2301,6 @@ static inline const void *mbedtls_ssl_get_sig_algs( { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - if (ssl->handshake != NULL && - ssl->handshake->sig_algs != NULL) { - return ssl->handshake->sig_algs; - } -#endif return ssl->conf->sig_algs; #else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ @@ -2576,37 +2565,6 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type psa_key_type_t *key_type, size_t *key_size); -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/** - * \brief Convert given PSA status to mbedtls error code. - * - * \param status [in] given PSA status - * - * \return corresponding mbedtls error code - */ -static inline MBEDTLS_DEPRECATED int psa_ssl_status_to_mbedtls(psa_status_t status) -{ - switch (status) { - case PSA_SUCCESS: - return 0; - case PSA_ERROR_INSUFFICIENT_MEMORY: - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - case PSA_ERROR_NOT_SUPPORTED: - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - case PSA_ERROR_INVALID_SIGNATURE: - return MBEDTLS_ERR_SSL_INVALID_MAC; - case PSA_ERROR_INVALID_ARGUMENT: - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - case PSA_ERROR_BAD_STATE: - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - case PSA_ERROR_BUFFER_TOO_SMALL: - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - default: - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } -} -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) typedef enum { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 75c59a96ad..833af9f973 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4368,9 +4368,6 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) } #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - handshake->sig_algs = NULL; -#endif /* MBEDTLS_DEPRECATED_REMOVED */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (ssl->handshake->certificate_request_context) { mbedtls_free((void *) handshake->certificate_request_context); diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 40677f2338..760ff5fe03 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -318,9 +318,6 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, unsigned char check_buf[5000]; unsigned char *p, *end; unsigned char tag, sz; -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - mbedtls_mpi serial_mpi; -#endif int ret, before_tag, after_tag; size_t olen = 0, pem_len = 0, buf_index = 0; int der_len = -1; @@ -373,9 +370,6 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, } memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - mbedtls_mpi_init(&serial_mpi); -#endif mbedtls_pk_init(&subject_key); mbedtls_pk_init(&issuer_key); @@ -561,9 +555,6 @@ exit: mbedtls_pk_free(&issuer_key_alt); mbedtls_pk_free(&subject_key); mbedtls_pk_free(&issuer_key); -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - mbedtls_mpi_free(&serial_mpi); -#endif psa_destroy_key(key_id); MD_OR_USE_PSA_DONE(); } @@ -575,11 +566,6 @@ void x509_set_serial_check() mbedtls_x509write_cert ctx; uint8_t invalid_serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN + 1]; -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - mbedtls_mpi serial_mpi; - mbedtls_mpi_init(&serial_mpi); -#endif - USE_PSA_INIT(); memset(invalid_serial, 0x01, sizeof(invalid_serial)); @@ -588,11 +574,7 @@ void x509_set_serial_check() MBEDTLS_ERR_X509_BAD_INPUT_DATA); exit: -#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) - mbedtls_mpi_free(&serial_mpi); -#else ; -#endif USE_PSA_DONE(); } /* END_CASE */ From 9228e4a794076dc92e8ce212bd5f40a0db65de99 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 5 Oct 2025 16:25:43 +0200 Subject: [PATCH 1106/1548] Add repo-split migration guide Also a section about the CMake being now the only build system. Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 101 +++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 docs/4.0-migration-guide/repo-split.md diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md new file mode 100644 index 0000000000..4e8da82e3d --- /dev/null +++ b/docs/4.0-migration-guide/repo-split.md @@ -0,0 +1,101 @@ +## CMake as the only build system +CMake is now the only supported build system for Mbed TLS. +Support for the legacy GNU Make and Microsoft Visual Studio project-based build systems has been removed. + +The GNU Make build system is still used internally for testing, but it will be removed once all test components have been migrated to CMake. +The previous .sln/.vcxproj files are no longer distributed or generated. + +Builds must now be configured and executed through CMake. See `Compiling` section in README.md for initial build instructions. +If you develop in Microsoft Visual Studio, you could either generate a Visual Studio solution using a CMake generator, or open the CMake project directly in Visual Studio. + +## Repository split +In Mbed TLS 4.0, the project was split into two repositories: +- [Mbed TLS](https://github.com/Mbed-TLS/mbedtls): provides TLS and X.509 functionality. +- [TF-PSA-Crypto](https://github.com/Mbed-TLS/TF-PSA-Crypto): provides the standalone cryptography library, implementing the PSA Cryptography API. +Mbed TLS consumes TF-PSA-Crypto as a submodule. +You should stay with Mbed TLS if you use TLS or X.509 functionality. You still have direct access to the PSA Cryptography API through the `tf-psa-crypto` submodule. + +### File and directory relocations + +The following table summarizes the file and directory relocations resulting from the repository split between Mbed TLS and TF-PSA-Crypto. +These changes reflect the move of cryptographic, cryptographic-adjacent, and platform components from Mbed TLS into the new TF-PSA-Crypto repository. + +| Original location | New location(s) | Notes | +|--------------------------------------|--------------------------------------------------------------------------------------|-------| +| `library/` | `tf-psa-crypto/core/`
`tf-psa-crypto/drivers/builtin/src/` | Contains cryptographic, cryptographic-adjacent (e.g., ASN.1, Base64), and platform C modules and headers. | +| `include/mbedtls/` | `tf-psa-crypto/include/mbedtls/`
`tf-psa-crypto/drivers/builtin/include/private/` | Public headers moved to `include/mbedtls`; now internal headers moved to `include/private`. | +| `include/psa/` | `tf-psa-crypto/include/` | All PSA headers consolidated here. | +| `3rdparty/everest/`
`3rdparty/p256-m/` | `tf-psa-crypto/drivers/` | Third-party crypto driver implementations. | + +If you use your own build system to build Mbed TLS libraries, you will need to adapt to the new tree. + +### Configuration file split +Cryptography and platform configuration options have been moved from `mbedtls_config.h` to `crypto_config.h`, which is now mandatory. See [Compile-time configuration](#compile-time-confiuration). + +### Impact on some usages of the library + +#### Checking out a branch or a tag +After checking out a branch or tag of the Mbed TLS repository, you must now recursively update the submodules, as TF-PSA-Crypto contains itself a nested submodule: +``` +git submodule update --init --recursive +``` + +#### Linking directly to a built library +The Mbed TLS CMake build system still provides the cryptography libraries under their legacy name, `libmbedcrypto.`, so you can continue linking against them. +The cryptography libraries are also now provided as `libtfpsacrypto.` like in the TF-PSA-Crypto repository. + +#### Linking through a CMake target of the cryptography library +The base name of the CMake cryptography library target has been changed from `mbedcrypto` to `tfpsacrypto`. +If no target prefix is specified through the MBEDTLS_TARGET_PREFIX option, the associated CMake target is thus now `tfpsacrypto`. + +The same renaming applies to the cryptography library targets declared as part of the Mbed TLS CMake package. +When no global target prefix is defined, use `MbedTLS::tfpsacrypto` instead of `MbedTLS::mbedcrypto`. + +As an example, the following CMake code: +``` +find_package(MbedTLS REQUIRED) +target_link_libraries(myapp PRIVATE MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::mbedcrypto) + +``` +would be updated to something like +``` +find_package(MbedTLS REQUIRED) +target_link_libraries(myapp PRIVATE MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto) +``` + +For more information, see the CMake section of `README.md`. +You can also refer to the following example programs demonstrating how to consume Mbed TLS via CMake: +* `programs/test/cmake_subproject` +* `programs/test/cmake_package` +* `programs/test/cmake_package_install`. + +#### Using Mbed TLS Crypto pkg-config file +The Mbed TLS CMake build system still provides the pkg-config file mbedcrypto.pc, so you can continue using it. Internally, it now references the `tfpsacrypto` library. +A new pkg-config file, `tfpsacrypto.pc`, is also provided. +Both `mbedcrypto.pc` and `tfpsacrypto.pc` are functionally equivalent, providing the same compiler and linker flags. + +### Audience-Specific Notes + +#### Application Developers using a distribution package +You should stay with Mbed TLS if you use TLS or X.509 functionality. +- See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: + - Linking against the cryptography library or CMake targets. + - Use the updated `pkg-config` files (`mbedcrypto.pc` / `tfpsacrypto.pc`). + +### Developer or package maintainers +If you build or distribute Mbed TLS: +- The build system is now CMake only, Makefiles and Visual Studio projects are removed. +- You may need to adapt packaging scripts to handle the TF-PSA-Crypto submodule. +- You should update submodules recursively after checkout. +- Review [File and directory relocations](#file-and-directory-relocations) for updated paths. +- See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: + - Linking against the cryptography library or CMake targets. + - Use the updated `pkg-config` files (`mbedcrypto.pc` / `tfpsacrypto.pc`). +- Configuration note: cryptography and platform options are now in `crypto_config.h` (see [Configuration file split](#configuration-file-split)). + +### Platform Integrators +If you integrate Mbed TLS with a platform or hardware drivers: +- TF-PSA-Crypto is now a submodule, update integration scripts to initialize submodules recursively. +- The PSA driver wrapper is now generated in TF-PSA-Crypto. +- Platform-specific configuration are now handled in `crypto_config.h`. +- See [Repository split](#repository-split) for how platform components moved to TF-PSA-Crypto. From a5e1b6d32859bb1bb983b3f7b0f493d225b94afc Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 8 Oct 2025 09:10:54 +0200 Subject: [PATCH 1107/1548] Rework "CMake as the only build system" section Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index 4e8da82e3d..880d1f4746 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -1,11 +1,10 @@ ## CMake as the only build system -CMake is now the only supported build system for Mbed TLS. -Support for the legacy GNU Make and Microsoft Visual Studio project-based build systems has been removed. +Mbed TLS now uses CMake exclusively to configure and drive its build process. +Support for the GNU Make and Microsoft Visual Studio project-based build systems has been removed. -The GNU Make build system is still used internally for testing, but it will be removed once all test components have been migrated to CMake. -The previous .sln/.vcxproj files are no longer distributed or generated. +The previous `.sln` and `.vcxproj` files are no longer distributed or generated. -Builds must now be configured and executed through CMake. See `Compiling` section in README.md for initial build instructions. +See the `Compiling` section in README.md for instructions on building the Mbed TLS libraries and tests with CMake. If you develop in Microsoft Visual Studio, you could either generate a Visual Studio solution using a CMake generator, or open the CMake project directly in Visual Studio. ## Repository split From c7646249bb6d452636b5cc3365cfe7d307517ce9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 8 Oct 2025 09:59:01 +0200 Subject: [PATCH 1108/1548] Various small changes Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index 880d1f4746..6be9396cc7 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -12,7 +12,7 @@ In Mbed TLS 4.0, the project was split into two repositories: - [Mbed TLS](https://github.com/Mbed-TLS/mbedtls): provides TLS and X.509 functionality. - [TF-PSA-Crypto](https://github.com/Mbed-TLS/TF-PSA-Crypto): provides the standalone cryptography library, implementing the PSA Cryptography API. Mbed TLS consumes TF-PSA-Crypto as a submodule. -You should stay with Mbed TLS if you use TLS or X.509 functionality. You still have direct access to the PSA Cryptography API through the `tf-psa-crypto` submodule. +You should stay with Mbed TLS if you use TLS or X.509 functionality. You still have direct access to the cryptography library. ### File and directory relocations @@ -70,13 +70,12 @@ You can also refer to the following example programs demonstrating how to consum #### Using Mbed TLS Crypto pkg-config file The Mbed TLS CMake build system still provides the pkg-config file mbedcrypto.pc, so you can continue using it. Internally, it now references the `tfpsacrypto` library. -A new pkg-config file, `tfpsacrypto.pc`, is also provided. +A new pkg-config file, `tfpsacrypto.pc`, is also provided. Both `mbedcrypto.pc` and `tfpsacrypto.pc` are functionally equivalent, providing the same compiler and linker flags. ### Audience-Specific Notes #### Application Developers using a distribution package -You should stay with Mbed TLS if you use TLS or X.509 functionality. - See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: - Linking against the cryptography library or CMake targets. - Use the updated `pkg-config` files (`mbedcrypto.pc` / `tfpsacrypto.pc`). From d3f02cddd469bf4b73802408216bf730d2e926ed Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 8 Oct 2025 09:52:59 +0200 Subject: [PATCH 1109/1548] Improve file and directory relocation table Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index 6be9396cc7..76443beff9 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -19,14 +19,14 @@ You should stay with Mbed TLS if you use TLS or X.509 functionality. You still h The following table summarizes the file and directory relocations resulting from the repository split between Mbed TLS and TF-PSA-Crypto. These changes reflect the move of cryptographic, cryptographic-adjacent, and platform components from Mbed TLS into the new TF-PSA-Crypto repository. -| Original location | New location(s) | Notes | -|--------------------------------------|--------------------------------------------------------------------------------------|-------| -| `library/` | `tf-psa-crypto/core/`
`tf-psa-crypto/drivers/builtin/src/` | Contains cryptographic, cryptographic-adjacent (e.g., ASN.1, Base64), and platform C modules and headers. | -| `include/mbedtls/` | `tf-psa-crypto/include/mbedtls/`
`tf-psa-crypto/drivers/builtin/include/private/` | Public headers moved to `include/mbedtls`; now internal headers moved to `include/private`. | -| `include/psa/` | `tf-psa-crypto/include/` | All PSA headers consolidated here. | -| `3rdparty/everest/`
`3rdparty/p256-m/` | `tf-psa-crypto/drivers/` | Third-party crypto driver implementations. | - -If you use your own build system to build Mbed TLS libraries, you will need to adapt to the new tree. +| Original location | New location(s) | Notes | +|-----------------------------------------|--------------------------------------------------------------------------------------|-------| +| `library/*` (\*) | `tf-psa-crypto/core/`
`tf-psa-crypto/drivers/builtin/src/` | Contains cryptographic, cryptographic-adjacent (e.g., ASN.1, Base64), and platform C modules and headers. | +| `include/mbedtls/*` (\*) | `tf-psa-crypto/include/mbedtls/`
`tf-psa-crypto/drivers/builtin/include/private/` | Public headers moved to `include/mbedtls`; now internal headers moved to `include/private`. | +| `include/psa` | `tf-psa-crypto/include/psa` | All PSA headers consolidated here. | +| `3rdparty/everest`
`3rdparty/p256-m` | `tf-psa-crypto/drivers/everest`
`tf-psa-crypto/drivers/p256-m` | Third-party crypto driver implementations. | + +(\*) The `library` and `include/mbedtls` directories still exist in Mbed TLS, but not contain only TLS and X.509 components. ### Configuration file split Cryptography and platform configuration options have been moved from `mbedtls_config.h` to `crypto_config.h`, which is now mandatory. See [Compile-time configuration](#compile-time-confiuration). From 79a2631a1128f2fcef5db6b2be8eebaa7feb8ab9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 8 Oct 2025 11:29:52 +0200 Subject: [PATCH 1110/1548] Expand "Configuration file split" section Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index 76443beff9..c7d0b0c3b4 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -29,7 +29,23 @@ These changes reflect the move of cryptographic, cryptographic-adjacent, and pla (\*) The `library` and `include/mbedtls` directories still exist in Mbed TLS, but not contain only TLS and X.509 components. ### Configuration file split -Cryptography and platform configuration options have been moved from `mbedtls_config.h` to `crypto_config.h`, which is now mandatory. See [Compile-time configuration](#compile-time-confiuration). +Cryptography and platform configuration options have been moved from `include/mbedtls/mbedtls_config.h` to `tf-psa-crypto/include/psa/crypto_config.h`, which is now mandatory. +See [Compile-time configuration](#compile-time-configuration). + +The header `include/mbedtls/mbedtls_config.h` still exists and now contains only the TLS and X.509 configuration options. + +If you use the Python script `scripts/config.py` to adjust your configuration, you do not need to modify your scripts to specify which configuration file to edit, the script automatically updates the correct file. + +There has been significant changes in the configuration options, primarily affecting cryptography. + +#### Cryptography configuration +- See [psa-transition.md](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-transition.md#compile-time-configuration). +- See also the following sections in the TF-PSA-Crypto 1.0 migration guide: + - *PSA as the Only Cryptography API* and its sub-section *Impact on the Library Configuration* + - *Random Number Generation Configuration* + +#### TLS configuration +For details about TLS-related changes, see [Changes to TLS options](#changes-to-tls-options). ### Impact on some usages of the library From 5d069c99891ac4ec3713219b84f93a60e727debd Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 8 Oct 2025 12:08:55 +0200 Subject: [PATCH 1111/1548] Add Make to CMake migration section Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 48 ++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index c7d0b0c3b4..466c9a0124 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -7,6 +7,54 @@ The previous `.sln` and `.vcxproj` files are no longer distributed or generated. See the `Compiling` section in README.md for instructions on building the Mbed TLS libraries and tests with CMake. If you develop in Microsoft Visual Studio, you could either generate a Visual Studio solution using a CMake generator, or open the CMake project directly in Visual Studio. +### Translating Make commands to CMake + +With the removal of GNU Make support, all build, test, and installation operations must now be performed using CMake. +This section provides a quick reference for translating common `make` commands into their CMake equivalents. + +#### Basic build workflow + +Run `cmake -S . -B build` once before building to configure the build and generate native build files (e.g., Makefiles) in the `build` directory. +This sets up an out-of-tree build, which is recommended. + +| Make command | CMake equivalent | Description | +|----------------|------------------------------------------------|--------------------------------------------------------------------| +| `make` | `cmake --build build` | Build the libraries, programs, and tests in the `build` directory. | +| `make test` | `ctest --test-dir build` | Run the tests produced by the previous build. | +| `make clean` | `cmake --build build --target clean` | Remove build artifacts produced by the previous build. | +| `make install` | `cmake --install build --prefix build/install` | Install the built libraries, headers, and tests to `build/install`. | + +#### Building specific targets + +Unless otherwise specified, the CMake command in the table below should be preceded by a `cmake -S . -B build` call to configure the build and generate build files in the `build` directory. + +| Make command | CMake equivalent | Description | +|-----------------|---------------------------------------------------------------------|---------------------------| +| `make lib` | `cmake --build build --target lib` | Build only the libraries. | +| `make tests` | `cmake -S . -B build -DENABLE_PROGRAMS=Off && cmake --build build` | Build test suites. | +| `make programs` | `cmake --build build --target programs` | Build example programs. | +| `make apidoc` | `cmake --build build --target mbedtls-apidoc` | Build documentation. | + +Target names may differ slightly; use `cmake --build build --target help` to list all available CMake targets. + +There is no CMake equivalent for `make generated_files` or `make neat`. +Generated files are automatically created in the build tree with `cmake --build build` and removed with `cmake --build build --target clean`. +If you need to build the generated files in the source tree without involving CMake, you can call `framework/scripts/make_generated_files.py`. + +There is no CMake equivalent for `make uninstall`. +To remove an installation, simply delete the directory specified as the installation prefix. + +#### Common build options + +| Make usage | CMake usage | Description | +|----------------------------|-------------------------------------------------------|----------------------| +| `make DEBUG=1` | `cmake -S . -B build -DCMAKE_BUILD_TYPE=Debug` | Build in debug mode. | +| `make SHARED=1` | `cmake -S . -B build -DUSE_SHARED_MBEDTLS_LIBRARY=On` | Also build shared libraries. | +| `make GEN_FILES=""` | `cmake -S . -B build -DGEN_FILES=OFF` | Skip generating files (not a strict equivalent). | +| `make DESTDIR=install_dir` | `cmake --install build --prefix install_dir` | Specify installation path. | +| `make CC=clang` | `cmake -S . -B build -DCMAKE_C_COMPILER=clang` | Set the compiler. | +| `make CFLAGS='-O2 -Wall'` | `cmake -S . -B build -DCMAKE_C_FLAGS="-O2 -Wall"` | Set compiler flags. | + ## Repository split In Mbed TLS 4.0, the project was split into two repositories: - [Mbed TLS](https://github.com/Mbed-TLS/mbedtls): provides TLS and X.509 functionality. From 25b1a0245491451865734322543d2e1d703fc91c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 8 Oct 2025 17:15:30 +0200 Subject: [PATCH 1112/1548] Rework "Impact on some usages of the library" section Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 54 +++++++++++++++++++------- 1 file changed, 39 insertions(+), 15 deletions(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index 466c9a0124..4f51f7b676 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -104,38 +104,62 @@ git submodule update --init --recursive ``` #### Linking directly to a built library + The Mbed TLS CMake build system still provides the cryptography libraries under their legacy name, `libmbedcrypto.`, so you can continue linking against them. -The cryptography libraries are also now provided as `libtfpsacrypto.` like in the TF-PSA-Crypto repository. +These libraries are still located in the `library` directory within the build tree. + +The cryptography libraries are also now provided as `libtfpsacrypto.`, consistent with the naming used in the TF-PSA-Crypto repository. + +You may need to update include paths to the public header files, see [File and Directory Relocations](#file-and-directory-relocations) for details. + +#### Using Mbed TLS as a CMake subproject -#### Linking through a CMake target of the cryptography library The base name of the CMake cryptography library target has been changed from `mbedcrypto` to `tfpsacrypto`. -If no target prefix is specified through the MBEDTLS_TARGET_PREFIX option, the associated CMake target is thus now `tfpsacrypto`. +If no target prefix is specified through the `MBEDTLS_TARGET_PREFIX` option, the associated CMake target is now `tfpsacrypto`, and you will need to update it in your CMake scripts. + +You can refer to the following example demonstrating how to consume Mbed TLS as a CMake subproject: +- `programs/test/cmake_subproject` + +#### Using Mbed TLS as a CMake package The same renaming applies to the cryptography library targets declared as part of the Mbed TLS CMake package. When no global target prefix is defined, use `MbedTLS::tfpsacrypto` instead of `MbedTLS::mbedcrypto`. -As an example, the following CMake code: +For example, the following CMake code: ``` find_package(MbedTLS REQUIRED) target_link_libraries(myapp PRIVATE MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::mbedcrypto) - ``` -would be updated to something like +should be updated to: ``` find_package(MbedTLS REQUIRED) target_link_libraries(myapp PRIVATE MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto) ``` +You can also refer to the following example programs demonstrating how to consume Mbed TLS as a CMake package: +- programs/test/cmake_package +- programs/test/cmake_package_install + +#### Using the Mbed TLS Crypto pkg-config file + +The Mbed TLS CMake build system still provides the pkg-config file mbedcrypto.pc, so you can continue using it. +Internally, it now references the tfpsacrypto library. + +A new pkg-config file, tfpsacrypto.pc, is also provided. +Both mbedcrypto.pc and tfpsacrypto.pc are functionally equivalent, providing the same compiler and linker flags. + +#### Using Mbed TLS as an installed library + +The Mbed TLS CMake build system still installs the cryptography libraries under their legacy name, `libmbedcrypto.`, so you can continue linking against them. +The cryptography library is also now provided as `libtfpsacrypto.`. + +Regarding the headers, the main change is the relocation of some headers to private directories. +These headers are installed primarily to satisfy compiler dependencies. +Others remain for historical reasons and may be cleaned up in later versions of the library. -For more information, see the CMake section of `README.md`. -You can also refer to the following example programs demonstrating how to consume Mbed TLS via CMake: -* `programs/test/cmake_subproject` -* `programs/test/cmake_package` -* `programs/test/cmake_package_install`. +We strongly recommend not relying on the declarations in these headers, as they may be removed or modified without notice. +See the section Private Declarations in the TF-PSA-Crypto 1.0 migration guide for more information. -#### Using Mbed TLS Crypto pkg-config file -The Mbed TLS CMake build system still provides the pkg-config file mbedcrypto.pc, so you can continue using it. Internally, it now references the `tfpsacrypto` library. -A new pkg-config file, `tfpsacrypto.pc`, is also provided. -Both `mbedcrypto.pc` and `tfpsacrypto.pc` are functionally equivalent, providing the same compiler and linker flags. +Finally, note the new include/tf-psa-crypto directory, which contains the TF-PSA-Crypto version and build-time configuration headers. ### Audience-Specific Notes From de8bb9628dfc4b468de5d692f6df29558e055c4d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 9 Oct 2025 10:45:36 +0200 Subject: [PATCH 1113/1548] Change footnote indication Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index 4f51f7b676..ca4403b5a2 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -69,12 +69,12 @@ These changes reflect the move of cryptographic, cryptographic-adjacent, and pla | Original location | New location(s) | Notes | |-----------------------------------------|--------------------------------------------------------------------------------------|-------| -| `library/*` (\*) | `tf-psa-crypto/core/`
`tf-psa-crypto/drivers/builtin/src/` | Contains cryptographic, cryptographic-adjacent (e.g., ASN.1, Base64), and platform C modules and headers. | -| `include/mbedtls/*` (\*) | `tf-psa-crypto/include/mbedtls/`
`tf-psa-crypto/drivers/builtin/include/private/` | Public headers moved to `include/mbedtls`; now internal headers moved to `include/private`. | +| `library/*` () | `tf-psa-crypto/core/`
`tf-psa-crypto/drivers/builtin/src/` | Contains cryptographic, cryptographic-adjacent (e.g., ASN.1, Base64), and platform C modules and headers. | +| `include/mbedtls/*` () | `tf-psa-crypto/include/mbedtls/`
`tf-psa-crypto/drivers/builtin/include/private/` | Public headers moved to `include/mbedtls`; now internal headers moved to `include/private`. | | `include/psa` | `tf-psa-crypto/include/psa` | All PSA headers consolidated here. | | `3rdparty/everest`
`3rdparty/p256-m` | `tf-psa-crypto/drivers/everest`
`tf-psa-crypto/drivers/p256-m` | Third-party crypto driver implementations. | -(\*) The `library` and `include/mbedtls` directories still exist in Mbed TLS, but not contain only TLS and X.509 components. +() The `library` and `include/mbedtls` directories still exist in Mbed TLS, but not contain only TLS and X.509 components. ### Configuration file split Cryptography and platform configuration options have been moved from `include/mbedtls/mbedtls_config.h` to `tf-psa-crypto/include/psa/crypto_config.h`, which is now mandatory. From f37dbf67cb68964fd1ca2fa726ca8e555a0198b9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 9 Oct 2025 11:00:38 +0200 Subject: [PATCH 1114/1548] Add missing typesettings Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index ca4403b5a2..98c646258b 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -136,16 +136,16 @@ find_package(MbedTLS REQUIRED) target_link_libraries(myapp PRIVATE MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto) ``` You can also refer to the following example programs demonstrating how to consume Mbed TLS as a CMake package: -- programs/test/cmake_package -- programs/test/cmake_package_install +- `programs/test/cmake_package` +- `programs/test/cmake_package_install` #### Using the Mbed TLS Crypto pkg-config file The Mbed TLS CMake build system still provides the pkg-config file mbedcrypto.pc, so you can continue using it. Internally, it now references the tfpsacrypto library. -A new pkg-config file, tfpsacrypto.pc, is also provided. -Both mbedcrypto.pc and tfpsacrypto.pc are functionally equivalent, providing the same compiler and linker flags. +A new pkg-config file, `tfpsacrypto.pc`, is also provided. +Both `mbedcrypto.pc` and `tfpsacrypto.pc` are functionally equivalent, providing the same compiler and linker flags. #### Using Mbed TLS as an installed library @@ -159,7 +159,7 @@ Others remain for historical reasons and may be cleaned up in later versions of We strongly recommend not relying on the declarations in these headers, as they may be removed or modified without notice. See the section Private Declarations in the TF-PSA-Crypto 1.0 migration guide for more information. -Finally, note the new include/tf-psa-crypto directory, which contains the TF-PSA-Crypto version and build-time configuration headers. +Finally, note the new `include/tf-psa-crypto` directory, which contains the TF-PSA-Crypto version and build-time configuration headers. ### Audience-Specific Notes From 15557d0d0370a819a703fe860c92b33fef3acfb4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 9 Oct 2025 11:05:25 +0200 Subject: [PATCH 1115/1548] Various improvements Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index 98c646258b..7f966ac0d4 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -41,8 +41,7 @@ There is no CMake equivalent for `make generated_files` or `make neat`. Generated files are automatically created in the build tree with `cmake --build build` and removed with `cmake --build build --target clean`. If you need to build the generated files in the source tree without involving CMake, you can call `framework/scripts/make_generated_files.py`. -There is no CMake equivalent for `make uninstall`. -To remove an installation, simply delete the directory specified as the installation prefix. +There is currently no equivalent for `make uninstall` in the Mbed TLS CMake build system. #### Common build options @@ -74,7 +73,7 @@ These changes reflect the move of cryptographic, cryptographic-adjacent, and pla | `include/psa` | `tf-psa-crypto/include/psa` | All PSA headers consolidated here. | | `3rdparty/everest`
`3rdparty/p256-m` | `tf-psa-crypto/drivers/everest`
`tf-psa-crypto/drivers/p256-m` | Third-party crypto driver implementations. | -() The `library` and `include/mbedtls` directories still exist in Mbed TLS, but not contain only TLS and X.509 components. +() The `library` and `include/mbedtls` directories still exist in Mbed TLS, but now contain only TLS and X.509 components. ### Configuration file split Cryptography and platform configuration options have been moved from `include/mbedtls/mbedtls_config.h` to `tf-psa-crypto/include/psa/crypto_config.h`, which is now mandatory. @@ -152,7 +151,7 @@ Both `mbedcrypto.pc` and `tfpsacrypto.pc` are functionally equivalent, providing The Mbed TLS CMake build system still installs the cryptography libraries under their legacy name, `libmbedcrypto.`, so you can continue linking against them. The cryptography library is also now provided as `libtfpsacrypto.`. -Regarding the headers, the main change is the relocation of some headers to private directories. +Regarding the headers, the main change is the relocation of some headers to subdirectories called `private`. These headers are installed primarily to satisfy compiler dependencies. Others remain for historical reasons and may be cleaned up in later versions of the library. From dca3b381fa222e53dbe0be3c5ddfce371f018f3b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 9 Oct 2025 17:21:23 +0200 Subject: [PATCH 1116/1548] Various improvements Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index 7f966ac0d4..e18fbf1ae3 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -45,6 +45,9 @@ There is currently no equivalent for `make uninstall` in the Mbed TLS CMake buil #### Common build options +The following table illustrates the approximate CMake equivalents of common make commands. +Most CMake examples show only the configuration step, others (like installation) correspond to different stages of the build process. + | Make usage | CMake usage | Description | |----------------------------|-------------------------------------------------------|----------------------| | `make DEBUG=1` | `cmake -S . -B build -DCMAKE_BUILD_TYPE=Debug` | Build in debug mode. | @@ -83,7 +86,7 @@ The header `include/mbedtls/mbedtls_config.h` still exists and now contains only If you use the Python script `scripts/config.py` to adjust your configuration, you do not need to modify your scripts to specify which configuration file to edit, the script automatically updates the correct file. -There has been significant changes in the configuration options, primarily affecting cryptography. +There have been significant changes in the configuration options, primarily affecting cryptography. #### Cryptography configuration - See [psa-transition.md](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-transition.md#compile-time-configuration). @@ -165,7 +168,8 @@ Finally, note the new `include/tf-psa-crypto` directory, which contains the TF-P #### Application Developers using a distribution package - See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: - Linking against the cryptography library or CMake targets. - - Use the updated `pkg-config` files (`mbedcrypto.pc` / `tfpsacrypto.pc`). + - Using the Mbed TLS Crypto pkg-config file. + - Using Mbed TLS as an installed library ### Developer or package maintainers If you build or distribute Mbed TLS: @@ -175,7 +179,8 @@ If you build or distribute Mbed TLS: - Review [File and directory relocations](#file-and-directory-relocations) for updated paths. - See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: - Linking against the cryptography library or CMake targets. - - Use the updated `pkg-config` files (`mbedcrypto.pc` / `tfpsacrypto.pc`). + - Using the Mbed TLS Crypto pkg-config file (`mbedcrypto.pc` or `tfpsacrypto.pc`). + - Using Mbed TLS as an installed library - Configuration note: cryptography and platform options are now in `crypto_config.h` (see [Configuration file split](#configuration-file-split)). ### Platform Integrators From 7c39b6055e6e87fea4e7f02f39f1fc2d50ed0913 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 9 Oct 2025 18:07:59 +0200 Subject: [PATCH 1117/1548] Improve sections "Using Mbed TLS as a CMake subproject/package" Signed-off-by: Ronald Cron --- docs/4.0-migration-guide/repo-split.md | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md index e18fbf1ae3..5ad741855b 100644 --- a/docs/4.0-migration-guide/repo-split.md +++ b/docs/4.0-migration-guide/repo-split.md @@ -116,26 +116,35 @@ You may need to update include paths to the public header files, see [File and D #### Using Mbed TLS as a CMake subproject -The base name of the CMake cryptography library target has been changed from `mbedcrypto` to `tfpsacrypto`. -If no target prefix is specified through the `MBEDTLS_TARGET_PREFIX` option, the associated CMake target is now `tfpsacrypto`, and you will need to update it in your CMake scripts. +The base name of the libraries are now `tfpsacrypto` (formely `mbedcrypto`), `mbedx509` and `mbedtls`. +As before, these base names are also the names of CMake targets to build each library. +If your CMake scripts reference a cryptography library target, you need to update its name accordingly. + +For example, the following CMake code: +``` +target_link_libraries(mytarget PRIVATE mbedcrypto) +``` +should be updated to: +``` +target_link_libraries(mytarget PRIVATE tfpsacrypto) +``` You can refer to the following example demonstrating how to consume Mbed TLS as a CMake subproject: - `programs/test/cmake_subproject` #### Using Mbed TLS as a CMake package -The same renaming applies to the cryptography library targets declared as part of the Mbed TLS CMake package. -When no global target prefix is defined, use `MbedTLS::tfpsacrypto` instead of `MbedTLS::mbedcrypto`. +The same renaming applies to the cryptography library targets declared as part of the Mbed TLS CMake package, use `MbedTLS::tfpsacrypto` instead of `MbedTLS::mbedcrypto`. For example, the following CMake code: ``` find_package(MbedTLS REQUIRED) -target_link_libraries(myapp PRIVATE MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::mbedcrypto) +target_link_libraries(myapp PRIVATE MbedTLS::mbedcrypto) ``` should be updated to: ``` find_package(MbedTLS REQUIRED) -target_link_libraries(myapp PRIVATE MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto) +target_link_libraries(myapp PRIVATE MbedTLS::tfpsacrypto) ``` You can also refer to the following example programs demonstrating how to consume Mbed TLS as a CMake package: - `programs/test/cmake_package` From 9fc5910bdc8d027f33ae80d2fddbd93f7a688c1b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Oct 2025 15:48:06 +0200 Subject: [PATCH 1118/1548] Remove 3.0 migration guide Migrating from 2.x to 3.0 is no longer relevant: some of the advice wouldn't work with 4.0. We don't really need a migration guide from 3.x any longer since 2.x is no longer officially supported. Signed-off-by: Gilles Peskine --- docs/3.0-migration-guide.md | 1039 ----------------------------------- 1 file changed, 1039 deletions(-) delete mode 100644 docs/3.0-migration-guide.md diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md deleted file mode 100644 index e927667b7e..0000000000 --- a/docs/3.0-migration-guide.md +++ /dev/null @@ -1,1039 +0,0 @@ -# Migrating from Mbed TLS 2.x to Mbed TLS 3.0 - -This guide details the steps required to migrate from Mbed TLS version 2.x to -Mbed TLS version 3.0 or greater. Unlike normal releases, Mbed TLS 3.0 breaks -compatibility with previous versions, so users (and alt implementers) might -need to change their own code in order to make it work with Mbed TLS 3.0. - -Here's the list of breaking changes; each entry should help you answer these -two questions: (1) am I affected? (2) if yes, what's my migration path? - -The changes are detailed below, and include: - -- Removal of many insecure or obsolete features -- Tidying up of configuration options (including removing some less useful options). -- Changing function signatures, e.g. adding return codes, adding extra parameters, or making some arguments const. -- Removal of functions, macros, and types previously marked as deprecated. - -Much of the information needed to determine a migration path can be found in the Mbed TLS 2.x documentation. - - -## Accessing the Mbed TLS 2.x documentation - -For features previously marked as deprecated, Mbed TLS 2.x documentation may -explain how to upgrade, and should be referred to when migrating code. Where a -migration path is not provided in prior documentation, changes made and the -upgrade steps required will be explained later in this guide. - -It's best to use the latest version of Mbed TLS 2.x for this purpose, which is the 2.28 LTS release. -So to generate the documentation, checkout the `mbedtls-2.28` branch and follow -the instructions in the [Documentation section of the README](https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-2.28/README.md#documentation). -Then browse `apidoc/deprecated.html` for guidance on upgrading deprecated code. - -For some deprecated functions, 2.x documentation will suggest using a variant -suffixed with `_ret`. In Mbed TLS 3.x, this change may not be required, as most -of these variants have been renamed without the suffix. The section -[Rename mbedtls_*_ret...](#rename-mbedtls__ret-cryptography-functions-whose-deprecated-variants-have-been-removed) -has further detail on which functions this applies to. - - -## General changes - -### Introduce a level of indirection and versioning in the config files - -`config.h` was split into `build_info.h` and `mbedtls_config.h`. - -* In code, use `#include `. Don't include `mbedtls/config.h` and don't refer to `MBEDTLS_CONFIG_FILE`. -* In build tools, edit `mbedtls_config.h`, or edit `MBEDTLS_CONFIG_FILE` as before. -* If you had a tool that parsed the library version from `include/mbedtls/version.h`, this has moved to `include/mbedtls/build_info.h`. From C code, both headers now define the `MBEDTLS_VERSION_xxx` macros. - -Also, if you have a custom configuration file: - -* Don't include `check_config.h` or `config_psa.h` anymore. -* Don't define `MBEDTLS_CONFIG_H` anymore. - -A config file version symbol, `MBEDTLS_CONFIG_VERSION` was introduced. -Defining it to a particular value will ensure that Mbed TLS interprets -the config file in a way that's compatible with the config file format -used by the Mbed TLS release whose `MBEDTLS_VERSION_NUMBER` has the same -value. -The only value supported by Mbed TLS 3.0.0 is `0x03000000`. - -### Most structure fields are now private - -Direct access to fields of structures (`struct` types) declared in public headers is no longer supported. In Mbed TLS 3, the layout of structures is not considered part of the stable API, and minor versions (3.1, 3.2, etc.) may add, remove, rename, reorder or change the type of structure fields. - -There is a small number of exceptions where some fields are guaranteed to remain stable throughout the lifetime of Mbed TLS 3.x. These fields are explicitly documented as public. Please note that even if all the fields of a structure are public, future versions may add new fields. Also, as before, some public fields should be considered read-only, since modifying them may make the structure inconsistent; check the documentation in each case. - -Attempting to access a private field directly will result in a compilation error. - -If you were accessing structure fields directly, and these fields are not documented as public, you need to change your code. If an accessor (getter/setter) function exists, use that. Direct accessor functions are usually called `mbedtls__{get,set}_` or `mbedtls___{get,set}_`. Accessor functions that change the format may use different verbs, for example `read`/`write` for functions that import/export data from/to a text or byte string. - -If no accessor function exists, please open an [enhancement request against Mbed TLS](https://github.com/Mbed-TLS/mbedtls/issues/new?template=feature_request.md) and describe your use case. The Mbed TLS development team is aware that some useful accessor functions are missing in the 3.0 release, and we expect to add them to the first minor release(s) (3.1, etc.). - -As a last resort, you can access the field `foo` of a structure `bar` by writing `bar.MBEDTLS_PRIVATE(foo)`. Note that you do so at your own risk, since such code is likely to break in a future minor version of Mbed TLS. In the Mbed TLS 3.6 LTS this will tend to be safer than in a normal minor release because LTS versions try to maintain ABI stability. - -### Move part of timing module out of the library - -The change affects users who use any of the following functions: -`mbedtls_timing_self_test()`, `mbedtls_hardclock_poll()`, -`mbedtls_timing_hardclock()` and `mbedtls_set_alarm()`. - -If you were relying on these functions, you'll now need to change to using your -platform's corresponding functions directly. - -### Deprecated net.h file was removed - -The file `include/mbedtls/net.h` was removed because its only function was to -include `mbedtls/net_sockets.h` which now should be included directly. - -### Remove `MBEDTLS_CHECK_PARAMS` option - -This change does not affect users who use the default configuration; it only -affects users who enabled that option. - -The option `MBEDTLS_CHECK_PARAMS` (disabled by default) enabled certain kinds -of “parameter validation”. It covered two kinds of validations: - -- In some functions that require a valid pointer, “parameter validation” checks -that the pointer is non-null. With the feature disabled, a null pointer is not -treated differently from any other invalid pointer, and typically leads to a -runtime crash. 90% of the uses of the feature are of this kind. -- In some functions that take an enum-like argument, “parameter validation” -checks that the value is a valid one. With the feature disabled, an invalid -value causes a silent default to one of the valid values. - -The default reaction to a failed check was to call a function -`mbedtls_param_failed()` which the application had to provide. If this function -returned, its caller returned an error `MBEDTLS_ERR_xxx_BAD_INPUT_DATA`. - -This feature was only used in some classic (non-PSA) cryptography modules. It was -not used in X.509, TLS or in PSA crypto, and it was not implemented in all -classic crypto modules. - -This feature has been removed. The library no longer checks for NULL pointers; -checks for enum-like arguments will be kept or re-introduced on a case-by-case -basis, but their presence will no longer be dependent on a compile-time option. - -Validation of enum-like values is somewhat useful, but not extremely important, -because the parameters concerned are usually constants in applications. - -For more information see issue #4313. - -### Remove the `MBEDTLS_TEST_NULL_ENTROPY` configuration option - -This does not affect users who use the default `mbedtls_config.h`, as this option was -already off by default. - -If you were using the `MBEDTLS_TEST_NULL_ENTROPY` option and your platform -doesn't have any entropy source, you should use `MBEDTLS_ENTROPY_NV_SEED` -and make sure your device is provisioned with a strong random seed. -Alternatively, for testing purposes only, you can create and register a fake -entropy function. - -### Remove the HAVEGE module - -This doesn't affect people using the default configuration as it was already -disabled by default. - -This only affects users who called the HAVEGE modules directly (not -recommended), or users who used it through the entropy module but had it as the -only source of entropy. If you're in that case, please declare OS or hardware -RNG interfaces with `mbedtls_entropy_add_source()` and/or use an entropy seed -file created securely during device provisioning. See - for more -information. - -### Remove helpers for the transition from Mbed TLS 1.3 to Mbed TLS 2.0 - -This only affects people who've been using Mbed TLS since before version 2.0 -and still relied on `compat-1.3.h` in their code. - -Please use the new names directly in your code; `scripts/rename.pl` (from any -of the 2.x releases — no longer included in 3.0) might help you do that. - - -## Low-level crypto - -Please also refer to the section [High-level crypto](#high-level-crypto) for -changes that could sit in either category. - -### Deprecated functions were removed from bignum - -The function `mbedtls_mpi_is_prime()` was removed. Please use -`mbedtls_mpi_is_prime_ext()` instead which additionally allows specifying the -number of Miller-Rabin rounds. - -### Deprecated functions were removed from DRBGs - -The functions `mbedtls_ctr_drbg_update_ret()` and `mbedtls_hmac_drbg_update_ret()` -were renamed to replace the corresponding functions without `_ret` appended. Please call -the name without `_ret` appended and check the return value. - -### Deprecated hex-encoded primes were removed from DHM - -The macros `MBEDTLS_DHM_RFC5114_MODP_2048_P`, `MBEDTLS_DHM_RFC5114_MODP_2048_G`, -`MBEDTLS_DHM_RFC3526_MODP_2048_P`, `MBEDTLS_DHM_RFC3526_MODP_2048_G`, -`MBEDTLS_DHM_RFC3526_MODP_3072_P`, `MBEDTLS_DHM_RFC3526_MODP_3072_G`, -`MBEDTLS_DHM_RFC3526_MODP_4096_P `and `MBEDTLS_DHM_RFC3526_MODP_4096_G` were -removed. The primes from RFC 5114 are deprecated because their derivation is not -documented and therefore their usage constitutes a security risk; they are fully -removed from the library. Please use parameters from RFC 3526 (still in the -library, only in binary form) or RFC 7919 (also available in the library) or -other trusted sources instead. - -### Deprecated functions were removed from hashing modules - -Modules: MD5, SHA1, SHA256, SHA512, MD. - -- The functions `mbedtls_xxx_starts_ret()`, `mbedtls_xxx_update_ret()`, - `mbedtls_xxx_finish_ret()` and `mbedtls_xxx_ret()` were renamed to replace - the corresponding functions without `_ret` appended. Please call the name without `_ret` appended and check the return value. -- The function `mbedtls_md_init_ctx()` was removed; please use - `mbedtls_md_setup()` instead. -- The functions `mbedtls_xxx_process()` were removed. You normally don't need - to call that from application code. However if you do (or if you want to - provide your own version of that function), please use - `mbedtls_internal_xxx_process()` instead, and check the return value. - -### Change `MBEDTLS_ECP_FIXED_POINT_OPTIM` behavior - -The option `MBEDTLS_ECP_FIXED_POINT_OPTIM` now increases code size and it does -not increase peak RAM usage anymore. - -If you are limited by code size, you can define `MBEDTLS_ECP_FIXED_POINT_OPTIM` -to `0` in your config file. The impact depends on the number and size of -enabled curves. For example, for P-256 the difference is 1KB; see the documentation -of this option for details. - -### Separated `MBEDTLS_SHA224_C` and `MBEDTLS_SHA256_C` - -This does not affect users who use the default `mbedtls_config.h`. `MBEDTLS_SHA256_C` -was enabled by default. Now both `MBEDTLS_SHA256_C` and `MBEDTLS_SHA224_C` are -enabled. - -If you were using custom config file with `MBEDTLS_SHA256_C` enabled, then -you will need to add `#define MBEDTLS_SHA224_C` option to your config. -Current version of the library does not support enabling `MBEDTLS_SHA256_C` -without `MBEDTLS_SHA224_C`. - -### Replaced `MBEDTLS_SHA512_NO_SHA384` with `MBEDTLS_SHA384_C` - -This does not affect users who use the default `mbedtls_config.h`. -`MBEDTLS_SHA512_NO_SHA384` was disabled by default, now `MBEDTLS_SHA384_C` is -enabled by default. - -If you were using a config file with both `MBEDTLS_SHA512_C` and -MBEDTLS_SHA512_NO_SHA384, then just remove the `MBEDTLS_SHA512_NO_SHA384`. -If you were using a config file with `MBEDTLS_SHA512_C` and without -`MBEDTLS_SHA512_NO_SHA384` and you need the SHA-384 algorithm, then add -`#define MBEDTLS_SHA384_C` to your config file. - -### GCM multipart interface: application changes - -The GCM module now supports arbitrary chunked input in the multipart interface. -This changes the interface for applications using the GCM module directly for multipart operations. -Applications using one-shot GCM or using GCM via the `mbedtls_cipher_xxx` or `psa_aead_xxx` interfaces do not require any changes. - -* `mbedtls_gcm_starts()` now only sets the mode and the nonce (IV). Call the new function `mbedtls_gcm_update_ad()` to pass the associated data. -* `mbedtls_gcm_update()` now takes an extra parameter to indicate the actual output length. In Mbed TLS 2.x, applications had to pass inputs consisting of whole 16-byte blocks except for the last block (this limitation has been lifted). In this case: - * As long as the input remains block-aligned, the output length is exactly the input length, as before. - * If the length of the last input is not a multiple of 16, alternative implementations may return the last partial block in the call to `mbedtls_gcm_finish()` instead of returning it in the last call to `mbedtls_gcm_update()`. -* `mbedtls_gcm_finish()` now takes an extra output buffer for the last partial block. This is needed for alternative implementations that can only process a whole block at a time. - -### GCM interface changes: impact for alternative implementations - -The GCM multipart interface has changed as described in [“GCM multipart interface: application changes”](#gcm-multipart-interface-application-changes). The consequences for an alternative implementation of GCM (`MBEDTLS_GCM_ALT`) are as follows: - -* `mbedtls_gcm_starts()` now only sets the mode and the nonce (IV). The new function `mbedtls_gcm_update_ad()` receives the associated data. It may be called multiple times. -* `mbedtls_gcm_update()` now allows arbitrary-length inputs, takes an extra parameter to indicate the actual output length. Alternative implementations may choose between two modes: - * Always return the partial output immediately, even if it does not consist of a whole number of blocks. - * Buffer the data for the last partial block, to be returned in the next call to `mbedtls_gcm_update()` or `mbedtls_gcm_finish()`. -* `mbedtls_gcm_finish()` now takes an extra output buffer for the last partial block if needed. - -### The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed - -This doesn't affect users of the default configuration; it only affects people -who were explicitly setting this option. - -This was a trade-off between code size and countermeasures; it is no longer -relevant as the countermeasure is now always on at no cost in code size. - -### SHA-512 and SHA-256 output type change - -The output parameter of `mbedtls_sha256_finish()`, `mbedtls_sha256()`, `mbedtls_sha512_finish()`, `mbedtls_sha512()` now has a pointer type rather than array type. This makes no difference in terms of C semantics, but removes spurious warnings in some compilers when outputting a SHA-384 hash into a 48-byte buffer or a SHA-224 hash into a 28-byte buffer. - -This makes no difference to a vast majority of applications. If your code takes a pointer to one of these functions, you may need to change the type of the pointer. - -Alternative implementations of the SHA256 and SHA512 modules must adjust their functions' prototype accordingly. - -### Deprecated error codes for hardware failures were removed - -- The macros `MBEDTLS_ERR_xxx_FEATURE_UNAVAILABLE` from various crypto modules - were removed; `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` is now used - instead. -- The macro `MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION` was removed; - `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` is now used instead. -- The macros `MBEDTLS_ERR_xxx_HW_ACCEL_FAILED` from various crypto modules - were removed; `MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED` is now used instead. - -### Deprecated error codes for invalid input data were removed - -- The macros `MBEDTLS_ERR_xxx_INVALID_KEY_LENGTH` from ARIA and Camellia - modules were removed; `MBEDTLS_ERR_xxx_BAD_INPUT_DATA` is now used instead. - -### Remove the mode parameter from RSA functions - -This affects all users who use the RSA encrypt, decrypt, sign and -verify APIs. - -The RSA module no longer supports private-key operations with the public key or -vice versa. As a consequence, RSA operation functions no longer have a mode -parameter. If you were calling RSA operations with the normal mode (public key -for verification or encryption, private key for signature or decryption), remove -the `MBEDTLS_RSA_PUBLIC` or `MBEDTLS_RSA_PRIVATE` argument. If you were calling -RSA operations with the wrong mode, which rarely makes sense from a security -perspective, this is no longer supported. - -### Deprecated functions were removed from AES - -The functions `mbedtls_aes_encrypt()` and `mbedtls_aes_decrypt()` were -removed. - -If you're simply using the AES module, you should be calling the higher-level -functions `mbedtls_aes_crypt_xxx()`. - -If you're providing an alternative implementation using -`MBEDTLS_AES_ENCRYPT_ALT` or `MBEDTLS_AES_DECRYPT_ALT`, you should be -replacing the removed functions with `mbedtls_internal_aes_encrypt()` and -`mbedtls_internal_aes_decrypt()` respectively. - -### Deprecated functions were removed from ECDSA - -The functions `mbedtls_ecdsa_write_signature_det()` and -`mbedtls_ecdsa_sign_det()` were removed. They were superseded by -`mbedtls_ecdsa_write_signature()` and `mbedtls_ecdsa_sign_det_ext()` -respectively. - -### Rename `mbedtls_*_ret()` cryptography functions whose deprecated variants have been removed - -This change affects users who were using the `mbedtls_*_ret()` cryptography -functions. - -Those functions were created based on now-deprecated functions according to a -requirement that a function needs to return a value. This change brings back the -original names of those functions. The renamed functions are: - -| name before this change | after the change | -|--------------------------------|----------------------------| -| `mbedtls_ctr_drbg_update_ret` | `mbedtls_ctr_drbg_update` | -| `mbedtls_hmac_drbg_update_ret` | `mbedtls_hmac_drbg_update` | -| `mbedtls_md5_starts_ret` | `mbedtls_md5_starts` | -| `mbedtls_md5_update_ret` | `mbedtls_md5_update` | -| `mbedtls_md5_finish_ret` | `mbedtls_md5_finish` | -| `mbedtls_md5_ret` | `mbedtls_md5` | -| `mbedtls_ripemd160_starts_ret` | `mbedtls_ripemd160_starts` | -| `mbedtls_ripemd160_update_ret` | `mbedtls_ripemd160_update` | -| `mbedtls_ripemd160_finish_ret` | `mbedtls_ripemd160_finish` | -| `mbedtls_ripemd160_ret` | `mbedtls_ripemd160` | -| `mbedtls_sha1_starts_ret` | `mbedtls_sha1_starts` | -| `mbedtls_sha1_update_ret` | `mbedtls_sha1_update` | -| `mbedtls_sha1_finish_ret` | `mbedtls_sha1_finish` | -| `mbedtls_sha1_ret` | `mbedtls_sha1` | -| `mbedtls_sha256_starts_ret` | `mbedtls_sha256_starts` | -| `mbedtls_sha256_update_ret` | `mbedtls_sha256_update` | -| `mbedtls_sha256_finish_ret` | `mbedtls_sha256_finish` | -| `mbedtls_sha256_ret` | `mbedtls_sha256` | -| `mbedtls_sha512_starts_ret` | `mbedtls_sha512_starts` | -| `mbedtls_sha512_update_ret` | `mbedtls_sha512_update` | -| `mbedtls_sha512_finish_ret` | `mbedtls_sha512_finish` | -| `mbedtls_sha512_ret` | `mbedtls_sha512` | - -To migrate to this change the user can keep the `*_ret` names in their code -and include the `compat_2.x.h` header file which holds macros with proper -renaming or to rename those functions in their code according to the list from -mentioned header file. - -### Remove the RNG parameter from RSA verify functions - -RSA verification functions also no longer take random generator arguments (this -was only needed when using a private key). This affects all applications using -the RSA verify functions. - -### Remove the padding parameters from `mbedtls_rsa_init()` - -This affects all users who use the RSA encrypt, decrypt, sign and -verify APIs. - -The function `mbedtls_rsa_init()` no longer supports selecting the PKCS#1 v2.1 -encoding and its hash. It just selects the PKCS#1 v1.5 encoding by default. If -you were using the PKCS#1 v2.1 encoding you now need, subsequently to the call -to `mbedtls_rsa_init()`, to call `mbedtls_rsa_set_padding()` to set it. - -To choose the padding type when initializing a context, instead of - -```C - mbedtls_rsa_init(ctx, padding, hash_id); -``` - -use - -```C - mbedtls_rsa_init(ctx); - mbedtls_rsa_set_padding(ctx, padding, hash_id); -``` - -To use PKCS#1 v1.5 padding, instead of - -```C - mbedtls_rsa_init(ctx, MBEDTLS_RSA_PKCS_V15, ); -``` - -just use - -```C - mbedtls_rsa_init(ctx); -``` - - -## High-level crypto - -Please also refer to the section [Low-level crypto](#low-level-crypto) for -changes that could sit in either category. - -### Calling `mbedtls_cipher_finish()` is mandatory for all multi-part operations - -This only affects people who use the cipher module to perform AEAD operations -using the multi-part API. - -Previously, the documentation didn't state explicitly if it was OK to call -`mbedtls_cipher_check_tag()` or `mbedtls_cipher_write_tag()` directly after -the last call to `mbedtls_cipher_update()` — that is, without calling -`mbedtls_cipher_finish()` in-between. If your code was missing that call, -please add it and be prepared to get as much as 15 bytes of output. - -Currently the output is always 0 bytes, but it may be more when alternative -implementations of the underlying primitives are in use, or with future -versions of the library. - -### Remove MD2, MD4, RC4, Blowfish and XTEA algorithms - -This change affects users of the MD2, MD4, RC4, Blowfish and XTEA algorithms. - -They are already niche or obsolete and most of them are weak or broken. For -those reasons possible users should consider switching to modern and safe -alternatives to be found in the literature. - -### Deprecated functions were removed from cipher - -The functions `mbedtls_cipher_auth_encrypt()` and -`mbedtls_cipher_auth_decrypt()` were removed. They were superseded by -`mbedtls_cipher_auth_encrypt_ext()` and `mbedtls_cipher_auth_decrypt_ext()` -respectively which additionally support key wrapping algorithms such as -NIST_KW. - -### Extra parameter for the output buffer size - -The following functions now take an extra parameter indicating the size of the output buffer: - -* `mbedtls_ecdsa_write_signature()`, `mbedtls_ecdsa_write_signature_restartable()` -* `mbedtls_pk_sign()`, `mbedtls_pk_sign_restartable()` - -The requirements for the output buffer have not changed, but passing a buffer that is too small now reliably causes the functions to return an error, rather than overflowing the buffer. - -### Signature functions now require the hash length to match the expected value - -This affects users of the PK API as well as users of the low-level API in the RSA module. Users of the PSA API or of the ECDSA module are unaffected. - -All the functions in the RSA module that accept a `hashlen` parameter used to -ignore it unless the `md_alg` parameter was `MBEDTLS_MD_NONE`, indicating raw -data was signed. The `hashlen` parameter is now always the size that is read -from the `hash` input buffer. This length must be equal to the output size of -the hash algorithm used when signing a hash. (The requirements when signing -raw data are unchanged.) This affects the following functions: - -* `mbedtls_rsa_pkcs1_sign`, `mbedtls_rsa_pkcs1_verify` -* `mbedtls_rsa_rsassa_pkcs1_v15_sign`, `mbedtls_rsa_rsassa_pkcs1_v15_verify` -* `mbedtls_rsa_rsassa_pss_sign`, `mbedtls_rsa_rsassa_pss_verify` -* `mbedtls_rsa_rsassa_pss_sign_ext`, `mbedtls_rsa_rsassa_pss_verify_ext` - -The signature functions in the PK module no longer accept 0 as the `hash_len` parameter. The `hash_len` parameter is now always the size that is read from the `hash` input buffer. This affects the following functions: - -* `mbedtls_pk_sign`, `mbedtls_pk_verify` -* `mbedtls_pk_sign_restartable`, `mbedtls_pk_verify_restartable` -* `mbedtls_pk_verify_ext` - -The migration path is to pass the correct value to those functions. - -### Some function parameters were made const - -Various functions in the PK and ASN.1 modules had a `const` qualifier added to -some of their parameters. - -This normally doesn't affect your code, unless you use pointers to reference -those functions. In this case, you'll need to update the type of your pointers -in order to match the new signature. - -### The RNG parameter is now mandatory for all functions that accept one - -This change affects all users who called a function accepting a `f_rng` -parameter with `NULL` as the value of this argument; this is no longer -supported. - -The changed functions are: the X.509 CRT and CSR writing functions; the PK and -RSA sign and decrypt functions; `mbedtls_rsa_private()`; the functions in DHM -and ECDH that compute the shared secret; the scalar multiplication functions in -ECP. - -You now need to pass a properly seeded, cryptographically secure RNG to all -functions that accept a `f_rng` parameter. It is of course still possible to -pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a -context. - -Alternative implementations of a module (enabled with the `MBEDTLS_module_ALT` -configuration options) may have their own internal and are free to ignore the -`f_rng` argument but must allow users to pass one anyway. - -### Some functions gained an RNG parameter - -This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`, -`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and -`mbedtls_pk_parse_keyfile()`. - -You now need to pass a properly seeded, cryptographically secure RNG when -calling these functions. It is used for blinding, a countermeasure against -side-channel attacks. - - -## PSA - -### Deprecated names for PSA constants and types were removed - -Some constants and types that were present in beta versions of the PSA Crypto -API were removed from version 1.0 of specification. Please switch to the new -names provided by the 1.0 specification instead. - - -## Changes that only affect alternative implementations - -### Internal / alt-focused headers were moved to a private location - -This shouldn't affect users who took care not to include headers that -were documented as internal, despite being in the public include directory. - -If you're providing alt implementations of ECP or RSA, you'll need to add our -`library` directory to your include path when building your alt -implementations, and note that `ecp_internal.h` and `rsa_internal.h` have been -renamed to `ecp_internal_alt.h` and `rsa_alt_helpers.h` respectively. - -If you're a library user and used to rely on having access to a structure or -function that's now in a private header, please reach out on the mailing list -and explain your need; we'll consider adding a new API in a future version. - -### CCM interface changes: impact for alternative implementations - -The CCM interface has changed with the addition of support for -multi-part operations. Five new API functions have been defined: - `mbedtls_ccm_starts()`, `mbedtls_ccm_set_lengths()`, - `mbedtls_ccm_update_ad()`, `mbedtls_ccm_update()` and `mbedtls_ccm_finish()`. -Alternative implementations of CCM (`MBEDTLS_CCM_ALT`) have now to -implement those additional five API functions. - - -## X.509 - -### Remove the certs module from the library - -This should not affect production use of the library, as the certificates and -keys included there were never suitable for production use. - -However it might affect you if you relied on them for testing purposes. In -that case, please embed your own test certificates in your test code; now that -`certs.c` is out of the library there is no longer any stability guaranteed -and it may change in incompatible ways at any time. - -### Change the API to allow adding critical extensions to CSRs - -This affects applications that call the `mbedtls_x509write_csr_set_extension` -function. - -The API is changed to include the parameter `critical` which enables marking an -extension included in a CSR as critical. To get the previous behavior pass 0. - -### Remove the config option `MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION` - -This change does not affect users of the default configuration; it only affects -users who enable this option. - -The X.509 standard says that implementations must reject critical extensions that -they don't recognize, and this is what Mbed TLS does by default. This option -allowed to continue parsing those certificates but didn't provide a convenient -way to handle those extensions. - -The migration path from that option is to use the -`mbedtls_x509_crt_parse_der_with_ext_cb()` function which is functionally -equivalent to `mbedtls_x509_crt_parse_der()`, and/or -`mbedtls_x509_crt_parse_der_nocopy()` but it calls the callback with every -unsupported certificate extension and additionally the "certificate policies" -extension if it contains any unsupported certificate policies. - -### Remove `MBEDTLS_X509_CHECK_*_KEY_USAGE` options from `mbedtls_config.h` - -This change affects users who have chosen the configuration options to disable the -library's verification of the `keyUsage` and `extendedKeyUsage` fields of X.509 -certificates. - -The `MBEDTLS_X509_CHECK_KEY_USAGE` and `MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE` -configuration options are removed and the X.509 code now behaves as if they were -always enabled. It is consequently not possible anymore to disable at compile -time the verification of the `keyUsage` and `extendedKeyUsage` fields of X.509 -certificates. - -The verification of the `keyUsage` and `extendedKeyUsage` fields is important, -disabling it can cause security issues and it is thus not recommended. If the -verification is for some reason undesirable, it can still be disabled by means -of the verification callback function passed to `mbedtls_x509_crt_verify()` (see -the documentation of this function for more information). - -### Remove the `MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3` option - -This change does not affect users who were using the default configuration, as -this option was already disabled by default. Also, it does not affect users who -are working with current V3 X.509 certificates. - -Extensions were added in V3 of the X.509 specification, so pre-V3 certificates -containing extensions were never compliant. Mbed TLS now rejects them with a -parsing error in all configurations, as it did previously in the default -configuration. - -If you are working with the pre-V3 certificates you need to switch to the -current ones. - -### Strengthen default algorithm selection for X.509 - -This is described in the section [Strengthen default algorithm selection for X.509 and TLS](#strengthen-default-algorithm-selection-for-x.509-and-tls). - -### Remove wrapper for libpkcs11-helper - -This doesn't affect people using the default configuration as it was already -disabled by default. - -If you used to rely on this module in order to store your private keys -securely, please have a look at the key management facilities provided by the -PSA crypto API. If you have a use case that's not covered yet by this API, -please reach out on the mailing list. - - -## SSL - -### Remove support for TLS 1.0, 1.1 and DTLS 1.0 - -This change affects users of the TLS 1.0, 1.1 and DTLS 1.0 protocols. - -These versions have been deprecated by RFC 8996. -Keeping them in the library creates opportunities for misconfiguration -and possibly downgrade attacks. More generally, more code means a larger attack -surface, even if the code is supposedly not used. - -The migration path is to adopt the latest versions of the protocol. - -As a consequence of removing TLS 1.0, support for CBC record splitting was -also removed, as it was a work-around for a weakness in this particular -version. There is no migration path since the feature is no longer relevant. - -As a consequence of currently supporting only one version of (D)TLS (and in the -future 1.3 which will have a different version negotiation mechanism), support -for fallback SCSV (RFC 7507) was also removed. There is no migration path as -it's no longer useful with TLS 1.2 and later. - -As a consequence of currently supporting only one version of (D)TLS (and in the -future 1.3 which will have a different concept of ciphersuites), support for -configuring ciphersuites separately for each version via -`mbedtls_ssl_conf_ciphersuites_for_version()` was removed. Use -`mbedtls_ssl_conf_ciphersuites()` to configure ciphersuites to use with (D)TLS -1.2; in the future a different API will be added for (D)TLS 1.3. - -### Remove support for SSL 3.0 - -This doesn't affect people using the default configuration as it was already -disabled by default. - -This only affects TLS users who explicitly enabled `MBEDTLS_SSL_PROTO_SSL3` -and relied on that version in order to communicate with peers that are not up -to date. If one of your peers is in that case, please try contacting them and -encouraging them to upgrade their software. - -### Remove support for parsing SSLv2 ClientHello - -This doesn't affect people using the default configuration as it was already -disabled by default. - -This only affects TLS servers that have clients who send an SSLv2 ClientHello. -These days clients are very unlikely to do that. If you have a client that -does, please try contacting them and encouraging them to upgrade their -software. - -### Remove support for truncated HMAC - -This affects users of truncated HMAC, that is, users who called -`mbedtls_ssl_conf_truncated_hmac( ..., MBEDTLS_SSL_TRUNC_HMAC_ENABLED)`, -regardless of whether the standard version was used or compatibility version -(`MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT`). - -The recommended migration path for people who want minimal overhead is to use a -CCM-8 ciphersuite. - -### Remove support for TLS record-level compression - -This doesn't affect people using the default configuration as it was already -disabled by default. - -This only affects TLS users who enabled `MBEDTLS_ZLIB_SUPPORT`. This will not -cause any failures however if you used to enable TLS record-level compression -you may find that your bandwidth usage increases without compression. There's -no general solution to this problem; application protocols might have their -own compression mechanisms and are in a better position than the TLS stack to -avoid variants of the CRIME and BREACH attacks. - -### Remove support for TLS RC4-based ciphersuites - -This does not affect people who used the default `mbedtls_config.h` and the default -list of ciphersuites, as RC4-based ciphersuites were already not negotiated in -that case. - -Please switch to any of the modern, recommended ciphersuites (based on -AES-GCM, AES-CCM or ChachaPoly for example) and if your peer doesn't support -any, encourage them to upgrade their software. - -### Remove support for TLS single-DES ciphersuites - -This doesn't affect people using the default configuration as it was already -disabled by default. - -Please switch to any of the modern, recommended ciphersuites (based on -AES-GCM, AES-CCM or ChachaPoly for example) and if your peer doesn't support -any, encourage them to upgrade their software. - -### Remove support for TLS record-level hardware acceleration - -This doesn't affect people using the default configuration as it was already -disabled by default. - -This feature had been broken for a while so we doubt anyone still used it. -However if you did, please reach out on the mailing list and let us know about -your use case. - -### Remove config option `MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME` - -This doesn't affect people using the default configuration. - -This option has not had any effect for a long time. Please use the `lifetime` -parameter of `mbedtls_ssl_ticket_setup()` instead. - -### Combine the `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and `MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` options - -This change affects users who modified the default `mbedtls_config.h` padding granularity -settings, i.e. enabled at least one of the options. - -The `mbedtls_config.h` options `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and -`MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` were combined into one option because -they used exactly the same padding mechanism and hence their respective padding -granularities can be used in exactly the same way. This change simplifies the -code maintenance. - -The new single option `MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY` can be used -for both DTLS-CID and TLS 1.3. - -### TLS now favors faster curves over larger curves - -The default preference order for curves in TLS now favors resource usage (performance and memory consumption) over size. The exact order is unspecified and may change, but generally you can expect 256-bit curves to be preferred over larger curves. - -If you prefer a different order, call `mbedtls_ssl_conf_groups()` when configuring a TLS connection. - -### SSL key export interface change - -This affects users of the SSL key export APIs: -``` - mbedtls_ssl_conf_export_keys_cb() - mbedtls_ssl_conf_export_keys_ext_cb() -``` - -Those APIs have been removed and replaced by the new API -`mbedtls_ssl_set_export_keys_cb()`. This API differs from -the previous key export API in the following ways: - -- It is no longer bound to an SSL configuration, but to an - SSL context. This allows users to more easily identify the - connection an exported key belongs to. -- It no longer exports raw keys and IV. -- A secret type parameter has been added to identify which key - is being exported. For TLS 1.2, only the master secret is - exported, but upcoming TLS 1.3 support will add other kinds of keys. -- The callback now specifies a void return type, rather than - returning an error code. It is the responsibility of the application - to handle failures in the key export callback, for example by - shutting down the TLS connection. - -For users which do not rely on raw keys and IV, adjusting to the new -callback type should be straightforward — see the example programs -`programs/ssl/ssl_client2` and `programs/ssl/ssl_server2` for callbacks -for NSSKeylog, EAP-TLS and DTLS-SRTP. - -Users which require access to the raw keys used to secure application -traffic may derive those by hand based on the master secret and the -handshake transcript hashes which can be obtained from the raw data -on the wire. Such users are also encouraged to reach out to the -Mbed TLS team on the mailing list, to let the team know about their -use case. - -### Remove MaximumFragmentLength (MFL) query API - -This affects users which use the MFL query APIs -`mbedtls_ssl_get_{input,output}_max_frag_len()` to -infer upper bounds on the plaintext size of incoming and -outgoing record. - -Users should switch to `mbedtls_ssl_get_max_{in,out}_record_payload()` -instead, which also provides such upper bounds but takes more factors -than just the MFL configuration into account. - -### Relaxed semantics for PSK configuration - -This affects users which call the PSK configuration APIs -`mbedtls_ssl_conf_psk()` and `mbedtls_ssl_conf_psk_opaque()` -multiple times on the same SSL configuration. - -In Mbed TLS 2.x, users would observe later calls overwriting -the effect of earlier calls, with the prevailing PSK being -the one that has been configured last. In Mbed TLS 3.0, -calling `mbedtls_ssl_conf_psk[_opaque]()` multiple times -will return an error, leaving the first PSK intact. - -To achieve equivalent functionality when migrating to Mbed TLS 3.0, -users calling `mbedtls_ssl_conf_psk[_opaque]()` multiple times should -remove all but the last call, so that only one call to _either_ -`mbedtls_ssl_conf_psk()` _or_ `mbedtls_ssl_conf_psk_opaque()` -remains. - -### Remove the configuration to enable weak ciphersuites in SSL / TLS - -This does not affect users who use the default `mbedtls_config.h`, as this option was -already off by default. - -If you were using a weak cipher, please switch to any of the modern, -recommended ciphersuites (based on AES-GCM, AES-CCM or ChachaPoly for example) -and if your peer doesn't support any, encourage them to upgrade their software. - -If you were using a ciphersuite without encryption, you just have to -enable `MBEDTLS_CIPHER_NULL_CIPHER` now. - -### Remove the `MBEDTLS_SSL_MAX_CONTENT_LEN` configuration option - -This affects users who use the `MBEDTLS_SSL_MAX_CONTENT_LEN` option to -set the maximum length of incoming and outgoing plaintext fragments, -which can save memory by reducing the size of the TLS I/O buffers. - -This option is replaced by the more fine-grained options -`MBEDTLS_SSL_IN_CONTENT_LEN` and `MBEDTLS_SSL_OUT_CONTENT_LEN` that set -the maximum incoming and outgoing plaintext fragment lengths, respectively. - -### Remove the SSL API `mbedtls_ssl_get_session_pointer()` - -This affects two classes of users: - -1. Users who manually inspect parts of the current session through - direct structure field access. - -2. Users of session resumption who query the current session - via `mbedtls_ssl_get_session_pointer()` prior to saving or exporting - it via `mbedtls_ssl_session_copy()` or `mbedtls_ssl_session_save()`, - respectively. - -Migration paths: - -1. Mbed TLS 3.0 does not offer a migration path for the use case 1: Like many - other Mbed TLS structures, the structure of `mbedtls_ssl_session` is no - longer part of the public API in Mbed TLS 3.0, and direct structure field - access is no longer supported. Please see the [section on private structure fields](#most-structure-fields-are-now-private) for more details. - -2. Users should replace calls to `mbedtls_ssl_get_session_pointer()` by - calls to `mbedtls_ssl_get_session()` as demonstrated in the example - program `programs/ssl/ssl_client2.c`. - -### Remove `MBEDTLS_SSL_DTLS_BADMAC_LIMIT` option - -This change does not affect users who used the default `mbedtls_config.h`, as the option -`MBEDTLS_SSL_DTLS_BADMAC_LIMIT` was already on by default. - -This option was a trade-off between functionality and code size: it allowed -users who didn't need that feature to avoid paying the cost in code size, by -disabling it. - -This option is no longer present, but its functionality is now always enabled. - -### Deprecated functions were removed from SSL - -The function `mbedtls_ssl_conf_dh_param()` was removed. Please use -`mbedtls_ssl_conf_dh_param_bin()` or `mbedtls_ssl_conf_dh_param_ctx()` instead. - -The function `mbedtls_ssl_get_max_frag_len()` was removed. Please use -`mbedtls_ssl_get_max_out_record_payload()` and -`mbedtls_ssl_get_max_in_record_payload()` -instead. - -### Remove `MBEDTLS_SSL_RECORD_CHECKING` option and enable its action by default - -This change does not affect users who use the default `mbedtls_config.h`, as the -option `MBEDTLS_SSL_RECORD_CHECKING` was already on by default. - -This option was added only to control compilation of one function, - `mbedtls_ssl_check_record()`, which is only useful in some specific cases, so it -was made optional to allow users who don't need it to save some code space. -However, the same effect can be achieved by using link-time garbage collection. - -Users who changed the default setting of the option need to change the config/ -build system to remove that change. - -### Session Cache API Change - -This affects users who use `mbedtls_ssl_conf_session_cache()` -to configure a custom session cache implementation different -from the one Mbed TLS implements in `library/ssl_cache.c`. - -Those users will need to modify the API of their session cache -implementation to that of a key-value store with keys being -session IDs and values being instances of `mbedtls_ssl_session`: - -```C -typedef int mbedtls_ssl_cache_get_t( void *data, - unsigned char const *session_id, - size_t session_id_len, - mbedtls_ssl_session *session ); -typedef int mbedtls_ssl_cache_set_t( void *data, - unsigned char const *session_id, - size_t session_id_len, - const mbedtls_ssl_session *session ); -``` - -Since the structure of `mbedtls_ssl_session` is no longer public from 3.0 -onwards, portable session cache implementations must not access fields of -`mbedtls_ssl_session`. See the corresponding migration guide. Users that -find themselves unable to migrate their session cache functionality without -accessing fields of `mbedtls_ssl_session` should describe their use case -on the Mbed TLS mailing list. - -### Changes in the SSL error code space - -This affects users manually checking for the following error codes: - -- `MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED` -- `MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH` -- `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` -- `MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN` -- `MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE` -- `MBEDTLS_ERR_SSL_BAD_HS_XXX` - -Migration paths: -- `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` has been removed, and - `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` is returned instead if the user's own certificate - is too large to fit into the output buffers. - - Users should check for `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` instead, and potentially - compare the size of their own certificate against the configured size of the output buffer to - understand if the error is due to an overly large certificate. - -- `MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN` and `MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE` have been - replaced by `MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE`. - -- All codes of the form `MBEDTLS_ERR_SSL_BAD_HS_XXX` have been replaced by various alternatives, which give more information about the type of error raised. - - Users should check for the newly introduced generic error codes - - * `MBEDTLS_ERR_SSL_DECODE_ERROR` - * `MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER`, - * `MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE` - * `MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION` - * `MBEDTLS_ERR_SSL_BAD_CERTIFICATE` - * `MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME` - * `MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION` - * `MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL` - - and the pre-existing generic error codes - - * `MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE` - * `MBEDTLS_ERR_SSL_INTERNAL_ERROR` - - instead. - -### Modified semantics of `mbedtls_ssl_{get,set}_session()` - -This affects users who call `mbedtls_ssl_get_session()` or -`mbedtls_ssl_set_session()` multiple times on the same SSL context -representing an established TLS 1.2 connection. -Those users will now observe the second call to fail with -`MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE`. - -Migration path: -- Exporting the same TLS 1.2 connection multiple times via - `mbedtls_ssl_get_session()` leads to multiple copies of - the same session. This use of `mbedtls_ssl_get_session()` - is discouraged, and the following should be considered: - * If the various session copies are later loaded into - fresh SSL contexts via `mbedtls_ssl_set_session()`, - export via `mbedtls_ssl_get_session()` only once and - load the same session into different contexts via - `mbedtls_ssl_set_session()`. Since `mbedtls_ssl_set_session()` - makes a copy of the session that's being loaded, this - is functionally equivalent. - * If the various session copies are later serialized - via `mbedtls_ssl_session_save()`, export and serialize - the session only once via `mbedtls_ssl_get_session()` and - `mbedtls_ssl_session_save()` and make copies of the raw - data instead. -- Calling `mbedtls_ssl_set_session()` multiple times in Mbed TLS 2.x - is not useful since subsequent calls overwrite the effect of previous - calls. Applications achieve equivalent functional behavior by - issuing only the very last call to `mbedtls_ssl_set_session()`. - -### Turn `MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE` configuration option into a runtime option - -This change affects users who were enabling `MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE` -option in the `mbedtls_config.h` - -This option has been removed and a new function with similar functionality has -been introduced into the SSL API. - -This new function `mbedtls_ssl_conf_preference_order()` can be used to -change the preferred order of ciphersuites on the server to those used on the client, -e.g.: `mbedtls_ssl_conf_preference_order(ssl_config, MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)` -has the same effect as enabling the removed option. The default state is to use -the server order of suites. - -### Strengthen default algorithm selection for X.509 and TLS - -The default X.509 verification profile (`mbedtls_x509_crt_profile_default`) and the default curve and hash selection in TLS have changed. They are now aligned, except that the X.509 profile only lists curves that support signature verification. - -Hashes and curves weaker than 255 bits (security strength less than 128 bits) are no longer accepted by default. The following hashes have been removed: SHA-1 (formerly only accepted for key exchanges but not for certificate signatures), SHA-224 (weaker hashes were already not accepted). The following curves have been removed: secp192r1, secp224r1, secp192k1, secp224k1. - -The compile-time options `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES` and `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE` are no longer available. - -The curve secp256k1 has also been removed from the default X.509 and TLS profiles. [RFC 8422](https://datatracker.ietf.org/doc/html/rfc8422#section-5.1.1) deprecates it in TLS, and it is very rarely used, although it is not known to be weak at the time of writing. - -If you still need to accept certificates signed with algorithms that have been removed from the default profile, call `mbedtls_x509_crt_verify_with_profile` instead of `mbedtls_x509_crt_verify` and pass a profile that allows the curves and hashes you want. For example, to allow SHA-224: -```C -mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default; -my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ); -``` - -If you still need to allow hashes and curves in TLS that have been removed from the default configuration, call `mbedtls_ssl_conf_sig_hashes()` and `mbedtls_ssl_conf_groups()` with the desired lists. - -### Remove 3DES ciphersuites - -This change does not affect users using default settings for 3DES in `mbedtls_config.h` -because the 3DES ciphersuites were disabled by that. - -3DES has weaknesses/limitations and there are better alternatives, and more and -more standard bodies are recommending against its use in TLS. - -The migration path here is to chose from the alternatives recommended in the -literature, such as AES. From e79923c65de283ddf4a871b2d1f8f346ebdf3a39 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Oct 2025 15:50:20 +0200 Subject: [PATCH 1119/1548] Consolidate migration guide chapters into a single file Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide.md | 599 ++++++++++++++++++ docs/4.0-migration-guide/configuration.md | 44 -- .../deprecated-removals.md | 14 - docs/4.0-migration-guide/error-codes.md | 37 -- docs/4.0-migration-guide/feature-removals.md | 152 ----- .../function-prototype-changes.md | 89 --- docs/4.0-migration-guide/oid.md | 7 - docs/4.0-migration-guide/private-decls.md | 33 - docs/4.0-migration-guide/psa-only.md | 23 - docs/4.0-migration-guide/repo-split.md | 200 ------ 10 files changed, 599 insertions(+), 599 deletions(-) create mode 100644 docs/4.0-migration-guide.md delete mode 100644 docs/4.0-migration-guide/configuration.md delete mode 100644 docs/4.0-migration-guide/deprecated-removals.md delete mode 100644 docs/4.0-migration-guide/error-codes.md delete mode 100644 docs/4.0-migration-guide/feature-removals.md delete mode 100644 docs/4.0-migration-guide/function-prototype-changes.md delete mode 100644 docs/4.0-migration-guide/oid.md delete mode 100644 docs/4.0-migration-guide/private-decls.md delete mode 100644 docs/4.0-migration-guide/psa-only.md delete mode 100644 docs/4.0-migration-guide/repo-split.md diff --git a/docs/4.0-migration-guide.md b/docs/4.0-migration-guide.md new file mode 100644 index 0000000000..83ec90ca92 --- /dev/null +++ b/docs/4.0-migration-guide.md @@ -0,0 +1,599 @@ +## CMake as the only build system +Mbed TLS now uses CMake exclusively to configure and drive its build process. +Support for the GNU Make and Microsoft Visual Studio project-based build systems has been removed. + +The previous `.sln` and `.vcxproj` files are no longer distributed or generated. + +See the `Compiling` section in README.md for instructions on building the Mbed TLS libraries and tests with CMake. +If you develop in Microsoft Visual Studio, you could either generate a Visual Studio solution using a CMake generator, or open the CMake project directly in Visual Studio. + +### Translating Make commands to CMake + +With the removal of GNU Make support, all build, test, and installation operations must now be performed using CMake. +This section provides a quick reference for translating common `make` commands into their CMake equivalents. + +#### Basic build workflow + +Run `cmake -S . -B build` once before building to configure the build and generate native build files (e.g., Makefiles) in the `build` directory. +This sets up an out-of-tree build, which is recommended. + +| Make command | CMake equivalent | Description | +|----------------|------------------------------------------------|--------------------------------------------------------------------| +| `make` | `cmake --build build` | Build the libraries, programs, and tests in the `build` directory. | +| `make test` | `ctest --test-dir build` | Run the tests produced by the previous build. | +| `make clean` | `cmake --build build --target clean` | Remove build artifacts produced by the previous build. | +| `make install` | `cmake --install build --prefix build/install` | Install the built libraries, headers, and tests to `build/install`. | + +#### Building specific targets + +Unless otherwise specified, the CMake command in the table below should be preceded by a `cmake -S . -B build` call to configure the build and generate build files in the `build` directory. + +| Make command | CMake equivalent | Description | +|-----------------|---------------------------------------------------------------------|---------------------------| +| `make lib` | `cmake --build build --target lib` | Build only the libraries. | +| `make tests` | `cmake -S . -B build -DENABLE_PROGRAMS=Off && cmake --build build` | Build test suites. | +| `make programs` | `cmake --build build --target programs` | Build example programs. | +| `make apidoc` | `cmake --build build --target mbedtls-apidoc` | Build documentation. | + +Target names may differ slightly; use `cmake --build build --target help` to list all available CMake targets. + +There is no CMake equivalent for `make generated_files` or `make neat`. +Generated files are automatically created in the build tree with `cmake --build build` and removed with `cmake --build build --target clean`. +If you need to build the generated files in the source tree without involving CMake, you can call `framework/scripts/make_generated_files.py`. + +There is currently no equivalent for `make uninstall` in the Mbed TLS CMake build system. + +#### Common build options + +The following table illustrates the approximate CMake equivalents of common make commands. +Most CMake examples show only the configuration step, others (like installation) correspond to different stages of the build process. + +| Make usage | CMake usage | Description | +|----------------------------|-------------------------------------------------------|----------------------| +| `make DEBUG=1` | `cmake -S . -B build -DCMAKE_BUILD_TYPE=Debug` | Build in debug mode. | +| `make SHARED=1` | `cmake -S . -B build -DUSE_SHARED_MBEDTLS_LIBRARY=On` | Also build shared libraries. | +| `make GEN_FILES=""` | `cmake -S . -B build -DGEN_FILES=OFF` | Skip generating files (not a strict equivalent). | +| `make DESTDIR=install_dir` | `cmake --install build --prefix install_dir` | Specify installation path. | +| `make CC=clang` | `cmake -S . -B build -DCMAKE_C_COMPILER=clang` | Set the compiler. | +| `make CFLAGS='-O2 -Wall'` | `cmake -S . -B build -DCMAKE_C_FLAGS="-O2 -Wall"` | Set compiler flags. | + +## Repository split +In Mbed TLS 4.0, the project was split into two repositories: +- [Mbed TLS](https://github.com/Mbed-TLS/mbedtls): provides TLS and X.509 functionality. +- [TF-PSA-Crypto](https://github.com/Mbed-TLS/TF-PSA-Crypto): provides the standalone cryptography library, implementing the PSA Cryptography API. +Mbed TLS consumes TF-PSA-Crypto as a submodule. +You should stay with Mbed TLS if you use TLS or X.509 functionality. You still have direct access to the cryptography library. + +### File and directory relocations + +The following table summarizes the file and directory relocations resulting from the repository split between Mbed TLS and TF-PSA-Crypto. +These changes reflect the move of cryptographic, cryptographic-adjacent, and platform components from Mbed TLS into the new TF-PSA-Crypto repository. + +| Original location | New location(s) | Notes | +|-----------------------------------------|--------------------------------------------------------------------------------------|-------| +| `library/*` () | `tf-psa-crypto/core/`
`tf-psa-crypto/drivers/builtin/src/` | Contains cryptographic, cryptographic-adjacent (e.g., ASN.1, Base64), and platform C modules and headers. | +| `include/mbedtls/*` () | `tf-psa-crypto/include/mbedtls/`
`tf-psa-crypto/drivers/builtin/include/private/` | Public headers moved to `include/mbedtls`; now internal headers moved to `include/private`. | +| `include/psa` | `tf-psa-crypto/include/psa` | All PSA headers consolidated here. | +| `3rdparty/everest`
`3rdparty/p256-m` | `tf-psa-crypto/drivers/everest`
`tf-psa-crypto/drivers/p256-m` | Third-party crypto driver implementations. | + +() The `library` and `include/mbedtls` directories still exist in Mbed TLS, but now contain only TLS and X.509 components. + +### Configuration file split +Cryptography and platform configuration options have been moved from `include/mbedtls/mbedtls_config.h` to `tf-psa-crypto/include/psa/crypto_config.h`, which is now mandatory. +See [Compile-time configuration](#compile-time-configuration). + +The header `include/mbedtls/mbedtls_config.h` still exists and now contains only the TLS and X.509 configuration options. + +If you use the Python script `scripts/config.py` to adjust your configuration, you do not need to modify your scripts to specify which configuration file to edit, the script automatically updates the correct file. + +There have been significant changes in the configuration options, primarily affecting cryptography. + +#### Cryptography configuration +- See [psa-transition.md](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-transition.md#compile-time-configuration). +- See also the following sections in the TF-PSA-Crypto 1.0 migration guide: + - *PSA as the Only Cryptography API* and its sub-section *Impact on the Library Configuration* + - *Random Number Generation Configuration* + +#### TLS configuration +For details about TLS-related changes, see [Changes to TLS options](#changes-to-tls-options). + +### Impact on some usages of the library + +#### Checking out a branch or a tag +After checking out a branch or tag of the Mbed TLS repository, you must now recursively update the submodules, as TF-PSA-Crypto contains itself a nested submodule: +``` +git submodule update --init --recursive +``` + +#### Linking directly to a built library + +The Mbed TLS CMake build system still provides the cryptography libraries under their legacy name, `libmbedcrypto.`, so you can continue linking against them. +These libraries are still located in the `library` directory within the build tree. + +The cryptography libraries are also now provided as `libtfpsacrypto.`, consistent with the naming used in the TF-PSA-Crypto repository. + +You may need to update include paths to the public header files, see [File and Directory Relocations](#file-and-directory-relocations) for details. + +#### Using Mbed TLS as a CMake subproject + +The base name of the libraries are now `tfpsacrypto` (formely `mbedcrypto`), `mbedx509` and `mbedtls`. +As before, these base names are also the names of CMake targets to build each library. +If your CMake scripts reference a cryptography library target, you need to update its name accordingly. + +For example, the following CMake code: +``` +target_link_libraries(mytarget PRIVATE mbedcrypto) +``` +should be updated to: +``` +target_link_libraries(mytarget PRIVATE tfpsacrypto) +``` + +You can refer to the following example demonstrating how to consume Mbed TLS as a CMake subproject: +- `programs/test/cmake_subproject` + +#### Using Mbed TLS as a CMake package + +The same renaming applies to the cryptography library targets declared as part of the Mbed TLS CMake package, use `MbedTLS::tfpsacrypto` instead of `MbedTLS::mbedcrypto`. + +For example, the following CMake code: +``` +find_package(MbedTLS REQUIRED) +target_link_libraries(myapp PRIVATE MbedTLS::mbedcrypto) +``` +should be updated to: +``` +find_package(MbedTLS REQUIRED) +target_link_libraries(myapp PRIVATE MbedTLS::tfpsacrypto) +``` +You can also refer to the following example programs demonstrating how to consume Mbed TLS as a CMake package: +- `programs/test/cmake_package` +- `programs/test/cmake_package_install` + +#### Using the Mbed TLS Crypto pkg-config file + +The Mbed TLS CMake build system still provides the pkg-config file mbedcrypto.pc, so you can continue using it. +Internally, it now references the tfpsacrypto library. + +A new pkg-config file, `tfpsacrypto.pc`, is also provided. +Both `mbedcrypto.pc` and `tfpsacrypto.pc` are functionally equivalent, providing the same compiler and linker flags. + +#### Using Mbed TLS as an installed library + +The Mbed TLS CMake build system still installs the cryptography libraries under their legacy name, `libmbedcrypto.`, so you can continue linking against them. +The cryptography library is also now provided as `libtfpsacrypto.`. + +Regarding the headers, the main change is the relocation of some headers to subdirectories called `private`. +These headers are installed primarily to satisfy compiler dependencies. +Others remain for historical reasons and may be cleaned up in later versions of the library. + +We strongly recommend not relying on the declarations in these headers, as they may be removed or modified without notice. +See the section Private Declarations in the TF-PSA-Crypto 1.0 migration guide for more information. + +Finally, note the new `include/tf-psa-crypto` directory, which contains the TF-PSA-Crypto version and build-time configuration headers. + +### Audience-Specific Notes + +#### Application Developers using a distribution package +- See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: + - Linking against the cryptography library or CMake targets. + - Using the Mbed TLS Crypto pkg-config file. + - Using Mbed TLS as an installed library + +### Developer or package maintainers +If you build or distribute Mbed TLS: +- The build system is now CMake only, Makefiles and Visual Studio projects are removed. +- You may need to adapt packaging scripts to handle the TF-PSA-Crypto submodule. +- You should update submodules recursively after checkout. +- Review [File and directory relocations](#file-and-directory-relocations) for updated paths. +- See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: + - Linking against the cryptography library or CMake targets. + - Using the Mbed TLS Crypto pkg-config file (`mbedcrypto.pc` or `tfpsacrypto.pc`). + - Using Mbed TLS as an installed library +- Configuration note: cryptography and platform options are now in `crypto_config.h` (see [Configuration file split](#configuration-file-split)). + +### Platform Integrators +If you integrate Mbed TLS with a platform or hardware drivers: +- TF-PSA-Crypto is now a submodule, update integration scripts to initialize submodules recursively. +- The PSA driver wrapper is now generated in TF-PSA-Crypto. +- Platform-specific configuration are now handled in `crypto_config.h`. +- See [Repository split](#repository-split) for how platform components moved to TF-PSA-Crypto. +## Compile-time configuration + +### Configuration file split + +All configuration options that are relevant to TF-PSA-Crypto must now be configured in one of its configuration files, namely: + +* `TF_PSA_CRYPTO_CONFIG_FILE`, if set on the preprocessor command line; +* otherwise ``; +* additionally `TF_PSA_CRYPTO_USER_CONFIG_FILE`, if set. + +Configuration options that are relevant to X.509 or TLS should still be set in the Mbed TLS configuration file (`MBEDTLS_CONFIG_FILE` or ``, plus `MBEDTLS_USER_CONFIG_FILE` if it is set). However, you can define all options in the crypto configuration, and Mbed TLS will pick them up. + +Generally speaking, the options that must be configured in TF-PSA-Crypto are: + +* options related to platform settings; +* options related to the choice of cryptographic mechanisms included in the build; +* options related to the inner workings of cryptographic mechanisms, such as size/memory/performance compromises; +* options related to crypto-adjacent features, such as ASN.1 and Base64. + +See `include/psa/crypto_config.h` in TF-PSA-Crypto and `include/mbedtls/mbedtls_config.h` in Mbed TLS for details. + +Notably, `` is no longer limited to `PSA_WANT_xxx` options. + +Note that many options related to cryptography have changed; see the TF-PSA-Crypto migration guide for details. + +### Split of `build_info.h` and `version.h` + +The header file ``, which includes the configuration file and provides the adjusted configuration macros, now has an similar file `` in TF-PSA-Crypto. The Mbed TLS header includes the TF-PSA-Crypto header, so including `` remains sufficient to obtain information about the crypto configuration. + +TF-PSA-Crypto exposes its version through ``, similar to `` in Mbed TLS. + +### Removal of `check_config.h` + +The header `mbedtls/check_config.h` is no longer present. Including it from user configuration files was already obsolete in Mbed TLS 3.x, since it enforces properties the configuration as adjusted by `mbedtls/build_info.h`, not properties that the user configuration is expected to meet. + +### Changes to TLS options + +#### Enabling null cipher suites + +The option to enable null cipher suites in TLS 1.2 has been renamed from `MBEDTLS_CIPHER_NULL_CIPHER` to `MBEDTLS_SSL_NULL_CIPHERSUITES`. It remains disabled in the default configuration. + +#### Removal of backward compatibility options + +The option `MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT` has been removed. Only the version standardized in RFC 9146 is supported now. +## PSA as the only cryptography API + +The PSA API is now the only API for cryptographic primitives. + +### Impact on application code + +The X.509, PKCS7 and SSL modules always use PSA for cryptography, with a few exceptions documented in the [PSA limitations](../architecture/psa-migration/psa-limitations.md) document. (These limitations are mostly transparent unless you want to leverage PSA accelerator drivers.) This corresponds to the behavior of Mbed TLS 3.x when `MBEDTLS_USE_PSA_CRYPTO` is enabled. In effect, `MBEDTLS_USE_PSA_CRYPTO` is now always enabled. + +`psa_crypto_init()` must be called before performing any cryptographic operation, including indirect requests such as parsing a key or certificate or starting a TLS handshake. + +A few functions take different parameters to migrate them to the PSA API. See “[Function prototype changes](#function-prototype-changes)”. + +### No random generator instantiation + +Formerly, applications using TLS, asymmetric cryptography operations involving a private key, or other features needing random numbers, needed to provide a random generator, generally by instantiating an entropy context (`mbedtls_entropy_context`) and a DRBG context (`mbedtls_ctr_drbg_context` or `mbedtls_hmac_drbg_context`). This is no longer necessary, or possible. All features that require a random generator (RNG) now use the one provided by the PSA subsystem. + +Instead, applications that use random generators or keys (even public keys) need to call `psa_crypto_init()` before any cryptographic operation or key management operation. + +See also [function prototype changes](#function-prototype-changes), many of which are related to the move from RNG callbacks to a global RNG. + +### Impact on the library configuration + +Mbed TLS follows the configuration of TF-PSA-Crypto with respect to cryptographic mechanisms. They are now based on `PSA_WANT_xxx` macros instead of legacy configuration macros such as `MBEDTLS_RSA_C`, `MBEDTLS_PKCS1_V15`, etc. The configuration of X.509 and TLS is not directly affected by the configuration. However, applications and middleware that rely on these configuration symbols to know which cryptographic mechanisms to support will need to migrate to `PSA_WANT_xxx` macros. For more information, consult the PSA transition guide in TF-PSA-Crypto. +## Private declarations + +Since Mbed TLS 3.0, some things that are declared in a public header are not part of the stable application programming interface (API), but instead are considered private. Private elements may be removed or may have their semantics changed in a future minor release without notice. + +### Understanding private declarations in public headers + +In Mbed TLS 4.x, private elements in header files include: + +* Anything appearing in a header file whose path contains `/private` (unless re-exported and documented in another non-private header). +* Structure and union fields declared with `MBEDTLS_PRIVATE(field_name)` in the source code, and appearing as `private_field_name` in the rendered documentation. (This was already the case since Mbed TLS 3.0.) +* Any preprocessor macro that is not documented with a Doxygen comment. + In the source code, Doxygen comments start with `/**` or `/*!`. If a macro only has a comment above that starts with `/*`, the macro is considered private. + In the rendered documentation, private macros appear with only an automatically rendered parameter list, value and location, but no custom text. +* Any declaration that is guarded by the preprocessor macro `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS`. + +### Usage of private declarations + +Some private declarations are present in public headers for technical reasons, because they need to be visible to the compiler. Others are present for historical reasons and may be cleaned up in later versions of the library. We strongly recommend against relying on these declarations, since they may be removed or may have their semantics changed without notice. + +Note that Mbed TLS 4.0 still relies on some private interfaces of TF-PSA-Crypto 1.0. We expect to remove this reliance gradually in future minor releases. + +Sample programs have not been fully updated yet and some of them might still +use APIs that are no longer public. You can recognize them by the fact that they +define the macro `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS` (or +`MBEDTLS_ALLOW_PRIVATE_ACCESS`) at the very top (before including headers). When +you see one of these two macros in a sample program, be aware it has not been +updated and parts of it do not demonstrate current practice. + +We strongly recommend against defining `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS` or +`MBEDTLS_ALLOW_PRIVATE_ACCESS` in your own application. If you do so, your code +may not compile or work with future minor releases. If there's something you +want to do that you feel can only be achieved by using one of these two macros, +please reach out on github or the mailing list. +## Error codes + +### Unified error code space + +The convention still applies that functions return 0 for success and a negative value between -32767 and -1 on error. PSA functions (`psa_xxx()` or `mbedtls_psa_xxx()`) still return a `PSA_ERROR_xxx` error codes. Non-PSA functions (`mbedtls_xxx()` excluding `mbedtls_psa_xxx()`) can return either `PSA_ERROR_xxx` or `MBEDTLS_ERR_xxx` error codes. + +There may be cases where an `MBEDTLS_ERR_xxx` constant has the same numerical value as a `PSA_ERROR_xxx`. In such cases, they have the same meaning: they are different names for the same error condition. + +### Simplified legacy error codes + +All values returned by a function to indicate an error now have a defined constant named `MBEDTLS_ERR_xxx` or `PSA_ERROR_xxx`. Functions no longer return the sum of a “low-level” and a “high-level” error code. + +Generally, functions that used to return the sum of two error codes now return the low-level code. However, as before, the exact error code returned in a given scenario can change without notice unless the condition is specifically described in the function's documentation and no other condition is applicable. + +As a consequence, the functions `mbedtls_low_level_strerr()` and `mbedtls_high_level_strerr()` no longer exist. + +### Removed error code names + +Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface. + +| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) | +|-----------------------------------------|---------------------------------| +| `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` | +| `MBEDTLS_ERR_ERROR_GENERIC_ERROR` | `PSA_ERROR_GENERIC_ERROR` | +| `MBEDTLS_ERR_NET_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | +| `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | +| `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | +| `MBEDTLS_ERR_PKCS7_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | +| `MBEDTLS_ERR_PKCS7_VERIFY_FAIL` | `PSA_ERROR_INVALID_SIGNATURE` | +| `MBEDTLS_ERR_SSL_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_SSL_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | +| `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | +| `MBEDTLS_ERR_X509_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | +| `MBEDTLS_ERR_X509_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | + +See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules. +## Removal of deprecated functions + +### Removal of deprecated X.509 functions + +The deprecated function `mbedtls_x509write_crt_set_serial()` has been removed. The function was superseded by `mbedtls_x509write_crt_set_serial_raw()`. + +### Removal of deprecated SSL functions + +The deprecated function `mbedtls_ssl_conf_curves()` has been removed. +The function was superseded by `mbedtls_ssl_conf_groups()`. + +### Removal of `compat-2.x.h` + +The header `compat-2.x.h`, containing some definitions for backward compatibility with Mbed TLS 2.x, has been removed. +## Removed features + +### Removal of obsolete key exchanges methods in (D)TLS 1.2 + +Mbed TLS 4.0 no longer supports key exchange methods that rely on finite-field Diffie-Hellman (DHE) in TLS 1.2 and DTLS 1.2. (Only ephemeral Diffie-Hellman was ever supported, Mbed TLS 3.x already did not support static Diffie-Hellman.) Finite-field Diffie-Hellman remains supported in TLS 1.3. + +Mbed TLS 4.0 no longer supports key exchange methods that rely on RSA decryption (without forward secrecy). RSA signatures remain supported. This affects TLS 1.2 and DTLS 1.2 (TLS 1.3 does not have key exchanges using RSA decryption). + +That is, the following key exchange types are no longer supported: + +* RSA-PSK; +* RSA (i.e. cipher suites using only RSA decryption: cipher suites using RSA signatures remain supported); +* DHE-PSK (except in TLS 1.3); +* DHE-RSA (except in TLS 1.3). +* static ECDH (ECDH-RSA and ECDH-ECDSA, as opposed to ephemeral ECDH (ECDHE) which remains supported). + +The full list of removed cipher suites is: + +``` +TLS-DHE-PSK-WITH-AES-128-CBC-SHA +TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 +TLS-DHE-PSK-WITH-AES-128-CCM +TLS-DHE-PSK-WITH-AES-128-CCM-8 +TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 +TLS-DHE-PSK-WITH-AES-256-CBC-SHA +TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 +TLS-DHE-PSK-WITH-AES-256-CCM +TLS-DHE-PSK-WITH-AES-256-CCM-8 +TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 +TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 +TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 +TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 +TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 +TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 +TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 +TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 +TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 +TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 +TLS-DHE-PSK-WITH-NULL-SHA +TLS-DHE-PSK-WITH-NULL-SHA256 +TLS-DHE-PSK-WITH-NULL-SHA384 +TLS-DHE-RSA-WITH-AES-128-CBC-SHA +TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 +TLS-DHE-RSA-WITH-AES-128-CCM +TLS-DHE-RSA-WITH-AES-128-CCM-8 +TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 +TLS-DHE-RSA-WITH-AES-256-CBC-SHA +TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 +TLS-DHE-RSA-WITH-AES-256-CCM +TLS-DHE-RSA-WITH-AES-256-CCM-8 +TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 +TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 +TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 +TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 +TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 +TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA +TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 +TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 +TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA +TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 +TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 +TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 +TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA +TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 +TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 +TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA +TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 +TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 +TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 +TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 +TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 +TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 +TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 +TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 +TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 +TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 +TLS-ECDH-ECDSA-WITH-NULL-SHA +TLS-ECDH-RSA-WITH-AES-128-CBC-SHA +TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256 +TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256 +TLS-ECDH-RSA-WITH-AES-256-CBC-SHA +TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384 +TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384 +TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256 +TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256 +TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384 +TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384 +TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256 +TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256 +TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384 +TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384 +TLS-ECDH-RSA-WITH-NULL-SHA +TLS-RSA-PSK-WITH-AES-128-CBC-SHA +TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 +TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 +TLS-RSA-PSK-WITH-AES-256-CBC-SHA +TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 +TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 +TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 +TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 +TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 +TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 +TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 +TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 +TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 +TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 +TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 +TLS-RSA-PSK-WITH-NULL-SHA +TLS-RSA-PSK-WITH-NULL-SHA256 +TLS-RSA-PSK-WITH-NULL-SHA384 +TLS-RSA-WITH-AES-128-CBC-SHA +TLS-RSA-WITH-AES-128-CBC-SHA256 +TLS-RSA-WITH-AES-128-CCM +TLS-RSA-WITH-AES-128-CCM-8 +TLS-RSA-WITH-AES-128-GCM-SHA256 +TLS-RSA-WITH-AES-256-CBC-SHA +TLS-RSA-WITH-AES-256-CBC-SHA256 +TLS-RSA-WITH-AES-256-CCM +TLS-RSA-WITH-AES-256-CCM-8 +TLS-RSA-WITH-AES-256-GCM-SHA384 +TLS-RSA-WITH-ARIA-128-CBC-SHA256 +TLS-RSA-WITH-ARIA-128-GCM-SHA256 +TLS-RSA-WITH-ARIA-256-CBC-SHA384 +TLS-RSA-WITH-ARIA-256-GCM-SHA384 +TLS-RSA-WITH-CAMELLIA-128-CBC-SHA +TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 +TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 +TLS-RSA-WITH-CAMELLIA-256-CBC-SHA +TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 +TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 +TLS-RSA-WITH-NULL-MD5 +TLS-RSA-WITH-NULL-SHA +TLS-RSA-WITH-NULL-SHA256 +``` + +As a consequence of the removal of support for DHE in (D)TLS 1.2, the following functions are no longer useful and have been removed: + +``` +mbedtls_ssl_conf_dh_param_bin() +mbedtls_ssl_conf_dh_param_ctx() +mbedtls_ssl_conf_dhm_min_bitlen() +``` + +### Removal of elliptic curves + +Following their removal from the crypto library, elliptic curves of less than 250 bits (secp192r1, secp192k1, secp224r1, secp224k1) are no longer supported in certificates and in TLS. + +### Removal of deprecated functions + +The deprecated functions `mbedtls_ssl_conf_min_version()` and `mbedtls_ssl_conf_max_version()`, and the associated constants `MBEDTLS_SSL_MAJOR_VERSION_3`, `MBEDTLS_SSL_MINOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_4` have been removed. Use `mbedtls_ssl_conf_min_tls_version()` and `mbedtls_ssl_conf_max_tls_version()` with `MBEDTLS_SSL_VERSION_TLS1_2` or `MBEDTLS_SSL_VERSION_TLS1_3` instead. + +The deprecated function `mbedtls_ssl_conf_sig_hashes()` has been removed. Use `mbedtls_ssl_conf_sig_algs()` instead. +## Function prototype changes + +A number of existing functions now take a different list of arguments, mostly to migrate them to the PSA API. + +### Public functions no longer take a RNG callback + +Functions that need randomness no longer take an RNG callback in the form of `f_rng, p_rng` arguments. Instead, they use the PSA Crypto random generator (accessible as `psa_generate_random()`). All software using the X.509 or SSL modules must call `psa_crypto_init()` before calling any of the functions listed here. + +### RNG removal in X.509 + +The following function prototypes have been changed in `mbedtls/x509_crt.h`: + +```c +int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); + +int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); +``` + +to + +```c +int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); + +int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); +``` + +The following function prototypes have been changed in `mbedtls/x509_csr.h`: +```c +int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); + +int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); +``` + +to + +```c +int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); + +int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); +``` + +### RNG removal in SSL + +The following function prototype has been changed in `mbedtls/ssl_cookie.h`: + +```c +int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); +``` + +to + +```c +int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx); +``` + +### Removal of `mbedtls_ssl_conf_rng` + +`mbedtls_ssl_conf_rng()` has been removed from the library. Its sole purpose was to configure the RNG used for TLS, but now the PSA Crypto random generator is used throughout the library. + +### Changes to mbedtls_ssl_ticket_setup + +In the arguments of the function `mbedtls_ssl_ticket_setup()`, the `mbedtls_cipher_type_t` argument specifying the AEAD mechanism for ticket protection has been replaced by an equivalent PSA description consisting of a key type, a size and an algorithm. Also, the function no longer takes RNG arguments. + +The prototype in `mbedtls/ssl_ticket.h` has changed from + +```c +int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, + mbedtls_f_rng_t *f_rng, void *p_rng, + mbedtls_cipher_type_t cipher, + uint32_t lifetime); +``` + +to + +```c +int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, + psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, + uint32_t lifetime); +``` +## OID module + +The compilation option `MBEDTLS_OID_C` no longer exists. OID tables are included in the build automatically as needed for parsing and writing X.509 data. + +Mbed TLS no longer offers interfaces to look up values by OID or OID by enum values (`mbedtls_oid_get_()` and `mbedtls_oid_get_oid_by_()`). + +The header `` now only provides functions to convert between binary and dotted string OID representations. These functions are now part of `libmbedx509` rather than the crypto library. The function `mbedtls_oid_get_numeric_string()` is guarded by `MBEDTLS_X509_USE_C`, and `mbedtls_oid_from_numeric_string()` by `MBEDTLS_X509_CREATE_C`. The header also still defines macros for OID strings that are relevant to X.509. diff --git a/docs/4.0-migration-guide/configuration.md b/docs/4.0-migration-guide/configuration.md deleted file mode 100644 index 25bddf44f9..0000000000 --- a/docs/4.0-migration-guide/configuration.md +++ /dev/null @@ -1,44 +0,0 @@ -## Compile-time configuration - -### Configuration file split - -All configuration options that are relevant to TF-PSA-Crypto must now be configured in one of its configuration files, namely: - -* `TF_PSA_CRYPTO_CONFIG_FILE`, if set on the preprocessor command line; -* otherwise ``; -* additionally `TF_PSA_CRYPTO_USER_CONFIG_FILE`, if set. - -Configuration options that are relevant to X.509 or TLS should still be set in the Mbed TLS configuration file (`MBEDTLS_CONFIG_FILE` or ``, plus `MBEDTLS_USER_CONFIG_FILE` if it is set). However, you can define all options in the crypto configuration, and Mbed TLS will pick them up. - -Generally speaking, the options that must be configured in TF-PSA-Crypto are: - -* options related to platform settings; -* options related to the choice of cryptographic mechanisms included in the build; -* options related to the inner workings of cryptographic mechanisms, such as size/memory/performance compromises; -* options related to crypto-adjacent features, such as ASN.1 and Base64. - -See `include/psa/crypto_config.h` in TF-PSA-Crypto and `include/mbedtls/mbedtls_config.h` in Mbed TLS for details. - -Notably, `` is no longer limited to `PSA_WANT_xxx` options. - -Note that many options related to cryptography have changed; see the TF-PSA-Crypto migration guide for details. - -### Split of `build_info.h` and `version.h` - -The header file ``, which includes the configuration file and provides the adjusted configuration macros, now has an similar file `` in TF-PSA-Crypto. The Mbed TLS header includes the TF-PSA-Crypto header, so including `` remains sufficient to obtain information about the crypto configuration. - -TF-PSA-Crypto exposes its version through ``, similar to `` in Mbed TLS. - -### Removal of `check_config.h` - -The header `mbedtls/check_config.h` is no longer present. Including it from user configuration files was already obsolete in Mbed TLS 3.x, since it enforces properties the configuration as adjusted by `mbedtls/build_info.h`, not properties that the user configuration is expected to meet. - -### Changes to TLS options - -#### Enabling null cipher suites - -The option to enable null cipher suites in TLS 1.2 has been renamed from `MBEDTLS_CIPHER_NULL_CIPHER` to `MBEDTLS_SSL_NULL_CIPHERSUITES`. It remains disabled in the default configuration. - -#### Removal of backward compatibility options - -The option `MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT` has been removed. Only the version standardized in RFC 9146 is supported now. diff --git a/docs/4.0-migration-guide/deprecated-removals.md b/docs/4.0-migration-guide/deprecated-removals.md deleted file mode 100644 index e74b1adc10..0000000000 --- a/docs/4.0-migration-guide/deprecated-removals.md +++ /dev/null @@ -1,14 +0,0 @@ -## Removal of deprecated functions - -### Removal of deprecated X.509 functions - -The deprecated function `mbedtls_x509write_crt_set_serial()` has been removed. The function was superseded by `mbedtls_x509write_crt_set_serial_raw()`. - -### Removal of deprecated SSL functions - -The deprecated function `mbedtls_ssl_conf_curves()` has been removed. -The function was superseded by `mbedtls_ssl_conf_groups()`. - -### Removal of `compat-2.x.h` - -The header `compat-2.x.h`, containing some definitions for backward compatibility with Mbed TLS 2.x, has been removed. diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md deleted file mode 100644 index a2744679e0..0000000000 --- a/docs/4.0-migration-guide/error-codes.md +++ /dev/null @@ -1,37 +0,0 @@ -## Error codes - -### Unified error code space - -The convention still applies that functions return 0 for success and a negative value between -32767 and -1 on error. PSA functions (`psa_xxx()` or `mbedtls_psa_xxx()`) still return a `PSA_ERROR_xxx` error codes. Non-PSA functions (`mbedtls_xxx()` excluding `mbedtls_psa_xxx()`) can return either `PSA_ERROR_xxx` or `MBEDTLS_ERR_xxx` error codes. - -There may be cases where an `MBEDTLS_ERR_xxx` constant has the same numerical value as a `PSA_ERROR_xxx`. In such cases, they have the same meaning: they are different names for the same error condition. - -### Simplified legacy error codes - -All values returned by a function to indicate an error now have a defined constant named `MBEDTLS_ERR_xxx` or `PSA_ERROR_xxx`. Functions no longer return the sum of a “low-level” and a “high-level” error code. - -Generally, functions that used to return the sum of two error codes now return the low-level code. However, as before, the exact error code returned in a given scenario can change without notice unless the condition is specifically described in the function's documentation and no other condition is applicable. - -As a consequence, the functions `mbedtls_low_level_strerr()` and `mbedtls_high_level_strerr()` no longer exist. - -### Removed error code names - -Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface. - -| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) | -|-----------------------------------------|---------------------------------| -| `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` | -| `MBEDTLS_ERR_ERROR_GENERIC_ERROR` | `PSA_ERROR_GENERIC_ERROR` | -| `MBEDTLS_ERR_NET_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | -| `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | -| `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` | -| `MBEDTLS_ERR_PKCS7_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | -| `MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | -| `MBEDTLS_ERR_PKCS7_VERIFY_FAIL` | `PSA_ERROR_INVALID_SIGNATURE` | -| `MBEDTLS_ERR_SSL_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | -| `MBEDTLS_ERR_SSL_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` | -| `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | -| `MBEDTLS_ERR_X509_ALLOC_FAILED` | `PSA_ERROR_INSUFFICIENT_MEMORY` | -| `MBEDTLS_ERR_X509_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | - -See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules. diff --git a/docs/4.0-migration-guide/feature-removals.md b/docs/4.0-migration-guide/feature-removals.md deleted file mode 100644 index b958f864fc..0000000000 --- a/docs/4.0-migration-guide/feature-removals.md +++ /dev/null @@ -1,152 +0,0 @@ -## Removed features - -### Removal of obsolete key exchanges methods in (D)TLS 1.2 - -Mbed TLS 4.0 no longer supports key exchange methods that rely on finite-field Diffie-Hellman (DHE) in TLS 1.2 and DTLS 1.2. (Only ephemeral Diffie-Hellman was ever supported, Mbed TLS 3.x already did not support static Diffie-Hellman.) Finite-field Diffie-Hellman remains supported in TLS 1.3. - -Mbed TLS 4.0 no longer supports key exchange methods that rely on RSA decryption (without forward secrecy). RSA signatures remain supported. This affects TLS 1.2 and DTLS 1.2 (TLS 1.3 does not have key exchanges using RSA decryption). - -That is, the following key exchange types are no longer supported: - -* RSA-PSK; -* RSA (i.e. cipher suites using only RSA decryption: cipher suites using RSA signatures remain supported); -* DHE-PSK (except in TLS 1.3); -* DHE-RSA (except in TLS 1.3). -* static ECDH (ECDH-RSA and ECDH-ECDSA, as opposed to ephemeral ECDH (ECDHE) which remains supported). - -The full list of removed cipher suites is: - -``` -TLS-DHE-PSK-WITH-AES-128-CBC-SHA -TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 -TLS-DHE-PSK-WITH-AES-128-CCM -TLS-DHE-PSK-WITH-AES-128-CCM-8 -TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 -TLS-DHE-PSK-WITH-AES-256-CBC-SHA -TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 -TLS-DHE-PSK-WITH-AES-256-CCM -TLS-DHE-PSK-WITH-AES-256-CCM-8 -TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 -TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 -TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 -TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 -TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 -TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 -TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 -TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 -TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 -TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 -TLS-DHE-PSK-WITH-NULL-SHA -TLS-DHE-PSK-WITH-NULL-SHA256 -TLS-DHE-PSK-WITH-NULL-SHA384 -TLS-DHE-RSA-WITH-AES-128-CBC-SHA -TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 -TLS-DHE-RSA-WITH-AES-128-CCM -TLS-DHE-RSA-WITH-AES-128-CCM-8 -TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 -TLS-DHE-RSA-WITH-AES-256-CBC-SHA -TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 -TLS-DHE-RSA-WITH-AES-256-CCM -TLS-DHE-RSA-WITH-AES-256-CCM-8 -TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 -TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 -TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 -TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 -TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 -TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA -TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 -TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 -TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA -TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 -TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 -TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 -TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA -TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 -TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 -TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA -TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 -TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 -TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 -TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 -TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 -TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 -TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 -TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 -TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 -TLS-ECDH-ECDSA-WITH-NULL-SHA -TLS-ECDH-RSA-WITH-AES-128-CBC-SHA -TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256 -TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256 -TLS-ECDH-RSA-WITH-AES-256-CBC-SHA -TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384 -TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384 -TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256 -TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256 -TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384 -TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384 -TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256 -TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256 -TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384 -TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384 -TLS-ECDH-RSA-WITH-NULL-SHA -TLS-RSA-PSK-WITH-AES-128-CBC-SHA -TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 -TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 -TLS-RSA-PSK-WITH-AES-256-CBC-SHA -TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 -TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 -TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 -TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 -TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 -TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 -TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 -TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 -TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 -TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 -TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 -TLS-RSA-PSK-WITH-NULL-SHA -TLS-RSA-PSK-WITH-NULL-SHA256 -TLS-RSA-PSK-WITH-NULL-SHA384 -TLS-RSA-WITH-AES-128-CBC-SHA -TLS-RSA-WITH-AES-128-CBC-SHA256 -TLS-RSA-WITH-AES-128-CCM -TLS-RSA-WITH-AES-128-CCM-8 -TLS-RSA-WITH-AES-128-GCM-SHA256 -TLS-RSA-WITH-AES-256-CBC-SHA -TLS-RSA-WITH-AES-256-CBC-SHA256 -TLS-RSA-WITH-AES-256-CCM -TLS-RSA-WITH-AES-256-CCM-8 -TLS-RSA-WITH-AES-256-GCM-SHA384 -TLS-RSA-WITH-ARIA-128-CBC-SHA256 -TLS-RSA-WITH-ARIA-128-GCM-SHA256 -TLS-RSA-WITH-ARIA-256-CBC-SHA384 -TLS-RSA-WITH-ARIA-256-GCM-SHA384 -TLS-RSA-WITH-CAMELLIA-128-CBC-SHA -TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 -TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 -TLS-RSA-WITH-CAMELLIA-256-CBC-SHA -TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 -TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 -TLS-RSA-WITH-NULL-MD5 -TLS-RSA-WITH-NULL-SHA -TLS-RSA-WITH-NULL-SHA256 -``` - -As a consequence of the removal of support for DHE in (D)TLS 1.2, the following functions are no longer useful and have been removed: - -``` -mbedtls_ssl_conf_dh_param_bin() -mbedtls_ssl_conf_dh_param_ctx() -mbedtls_ssl_conf_dhm_min_bitlen() -``` - -### Removal of elliptic curves - -Following their removal from the crypto library, elliptic curves of less than 250 bits (secp192r1, secp192k1, secp224r1, secp224k1) are no longer supported in certificates and in TLS. - -### Removal of deprecated functions - -The deprecated functions `mbedtls_ssl_conf_min_version()` and `mbedtls_ssl_conf_max_version()`, and the associated constants `MBEDTLS_SSL_MAJOR_VERSION_3`, `MBEDTLS_SSL_MINOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_4` have been removed. Use `mbedtls_ssl_conf_min_tls_version()` and `mbedtls_ssl_conf_max_tls_version()` with `MBEDTLS_SSL_VERSION_TLS1_2` or `MBEDTLS_SSL_VERSION_TLS1_3` instead. - -The deprecated function `mbedtls_ssl_conf_sig_hashes()` has been removed. Use `mbedtls_ssl_conf_sig_algs()` instead. diff --git a/docs/4.0-migration-guide/function-prototype-changes.md b/docs/4.0-migration-guide/function-prototype-changes.md deleted file mode 100644 index 52e37c7286..0000000000 --- a/docs/4.0-migration-guide/function-prototype-changes.md +++ /dev/null @@ -1,89 +0,0 @@ -## Function prototype changes - -A number of existing functions now take a different list of arguments, mostly to migrate them to the PSA API. - -### Public functions no longer take a RNG callback - -Functions that need randomness no longer take an RNG callback in the form of `f_rng, p_rng` arguments. Instead, they use the PSA Crypto random generator (accessible as `psa_generate_random()`). All software using the X.509 or SSL modules must call `psa_crypto_init()` before calling any of the functions listed here. - -### RNG removal in X.509 - -The following function prototypes have been changed in `mbedtls/x509_crt.h`: - -```c -int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); - -int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); -``` - -to - -```c -int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); - -int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size); -``` - -The following function prototypes have been changed in `mbedtls/x509_csr.h`: -```c -int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); - -int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); -``` - -to - -```c -int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); - -int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size); -``` - -### RNG removal in SSL - -The following function prototype has been changed in `mbedtls/ssl_cookie.h`: - -```c -int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng); -``` - -to - -```c -int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx); -``` - -### Removal of `mbedtls_ssl_conf_rng` - -`mbedtls_ssl_conf_rng()` has been removed from the library. Its sole purpose was to configure the RNG used for TLS, but now the PSA Crypto random generator is used throughout the library. - -### Changes to mbedtls_ssl_ticket_setup - -In the arguments of the function `mbedtls_ssl_ticket_setup()`, the `mbedtls_cipher_type_t` argument specifying the AEAD mechanism for ticket protection has been replaced by an equivalent PSA description consisting of a key type, a size and an algorithm. Also, the function no longer takes RNG arguments. - -The prototype in `mbedtls/ssl_ticket.h` has changed from - -```c -int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - mbedtls_f_rng_t *f_rng, void *p_rng, - mbedtls_cipher_type_t cipher, - uint32_t lifetime); -``` - -to - -```c -int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, - uint32_t lifetime); -``` diff --git a/docs/4.0-migration-guide/oid.md b/docs/4.0-migration-guide/oid.md deleted file mode 100644 index 875f062155..0000000000 --- a/docs/4.0-migration-guide/oid.md +++ /dev/null @@ -1,7 +0,0 @@ -## OID module - -The compilation option `MBEDTLS_OID_C` no longer exists. OID tables are included in the build automatically as needed for parsing and writing X.509 data. - -Mbed TLS no longer offers interfaces to look up values by OID or OID by enum values (`mbedtls_oid_get_()` and `mbedtls_oid_get_oid_by_()`). - -The header `` now only provides functions to convert between binary and dotted string OID representations. These functions are now part of `libmbedx509` rather than the crypto library. The function `mbedtls_oid_get_numeric_string()` is guarded by `MBEDTLS_X509_USE_C`, and `mbedtls_oid_from_numeric_string()` by `MBEDTLS_X509_CREATE_C`. The header also still defines macros for OID strings that are relevant to X.509. diff --git a/docs/4.0-migration-guide/private-decls.md b/docs/4.0-migration-guide/private-decls.md deleted file mode 100644 index ff974746c5..0000000000 --- a/docs/4.0-migration-guide/private-decls.md +++ /dev/null @@ -1,33 +0,0 @@ -## Private declarations - -Since Mbed TLS 3.0, some things that are declared in a public header are not part of the stable application programming interface (API), but instead are considered private. Private elements may be removed or may have their semantics changed in a future minor release without notice. - -### Understanding private declarations in public headers - -In Mbed TLS 4.x, private elements in header files include: - -* Anything appearing in a header file whose path contains `/private` (unless re-exported and documented in another non-private header). -* Structure and union fields declared with `MBEDTLS_PRIVATE(field_name)` in the source code, and appearing as `private_field_name` in the rendered documentation. (This was already the case since Mbed TLS 3.0.) -* Any preprocessor macro that is not documented with a Doxygen comment. - In the source code, Doxygen comments start with `/**` or `/*!`. If a macro only has a comment above that starts with `/*`, the macro is considered private. - In the rendered documentation, private macros appear with only an automatically rendered parameter list, value and location, but no custom text. -* Any declaration that is guarded by the preprocessor macro `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS`. - -### Usage of private declarations - -Some private declarations are present in public headers for technical reasons, because they need to be visible to the compiler. Others are present for historical reasons and may be cleaned up in later versions of the library. We strongly recommend against relying on these declarations, since they may be removed or may have their semantics changed without notice. - -Note that Mbed TLS 4.0 still relies on some private interfaces of TF-PSA-Crypto 1.0. We expect to remove this reliance gradually in future minor releases. - -Sample programs have not been fully updated yet and some of them might still -use APIs that are no longer public. You can recognize them by the fact that they -define the macro `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS` (or -`MBEDTLS_ALLOW_PRIVATE_ACCESS`) at the very top (before including headers). When -you see one of these two macros in a sample program, be aware it has not been -updated and parts of it do not demonstrate current practice. - -We strongly recommend against defining `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS` or -`MBEDTLS_ALLOW_PRIVATE_ACCESS` in your own application. If you do so, your code -may not compile or work with future minor releases. If there's something you -want to do that you feel can only be achieved by using one of these two macros, -please reach out on github or the mailing list. diff --git a/docs/4.0-migration-guide/psa-only.md b/docs/4.0-migration-guide/psa-only.md deleted file mode 100644 index 7d7bfee193..0000000000 --- a/docs/4.0-migration-guide/psa-only.md +++ /dev/null @@ -1,23 +0,0 @@ -## PSA as the only cryptography API - -The PSA API is now the only API for cryptographic primitives. - -### Impact on application code - -The X.509, PKCS7 and SSL modules always use PSA for cryptography, with a few exceptions documented in the [PSA limitations](../architecture/psa-migration/psa-limitations.md) document. (These limitations are mostly transparent unless you want to leverage PSA accelerator drivers.) This corresponds to the behavior of Mbed TLS 3.x when `MBEDTLS_USE_PSA_CRYPTO` is enabled. In effect, `MBEDTLS_USE_PSA_CRYPTO` is now always enabled. - -`psa_crypto_init()` must be called before performing any cryptographic operation, including indirect requests such as parsing a key or certificate or starting a TLS handshake. - -A few functions take different parameters to migrate them to the PSA API. See “[Function prototype changes](#function-prototype-changes)”. - -### No random generator instantiation - -Formerly, applications using TLS, asymmetric cryptography operations involving a private key, or other features needing random numbers, needed to provide a random generator, generally by instantiating an entropy context (`mbedtls_entropy_context`) and a DRBG context (`mbedtls_ctr_drbg_context` or `mbedtls_hmac_drbg_context`). This is no longer necessary, or possible. All features that require a random generator (RNG) now use the one provided by the PSA subsystem. - -Instead, applications that use random generators or keys (even public keys) need to call `psa_crypto_init()` before any cryptographic operation or key management operation. - -See also [function prototype changes](#function-prototype-changes), many of which are related to the move from RNG callbacks to a global RNG. - -### Impact on the library configuration - -Mbed TLS follows the configuration of TF-PSA-Crypto with respect to cryptographic mechanisms. They are now based on `PSA_WANT_xxx` macros instead of legacy configuration macros such as `MBEDTLS_RSA_C`, `MBEDTLS_PKCS1_V15`, etc. The configuration of X.509 and TLS is not directly affected by the configuration. However, applications and middleware that rely on these configuration symbols to know which cryptographic mechanisms to support will need to migrate to `PSA_WANT_xxx` macros. For more information, consult the PSA transition guide in TF-PSA-Crypto. diff --git a/docs/4.0-migration-guide/repo-split.md b/docs/4.0-migration-guide/repo-split.md deleted file mode 100644 index 5ad741855b..0000000000 --- a/docs/4.0-migration-guide/repo-split.md +++ /dev/null @@ -1,200 +0,0 @@ -## CMake as the only build system -Mbed TLS now uses CMake exclusively to configure and drive its build process. -Support for the GNU Make and Microsoft Visual Studio project-based build systems has been removed. - -The previous `.sln` and `.vcxproj` files are no longer distributed or generated. - -See the `Compiling` section in README.md for instructions on building the Mbed TLS libraries and tests with CMake. -If you develop in Microsoft Visual Studio, you could either generate a Visual Studio solution using a CMake generator, or open the CMake project directly in Visual Studio. - -### Translating Make commands to CMake - -With the removal of GNU Make support, all build, test, and installation operations must now be performed using CMake. -This section provides a quick reference for translating common `make` commands into their CMake equivalents. - -#### Basic build workflow - -Run `cmake -S . -B build` once before building to configure the build and generate native build files (e.g., Makefiles) in the `build` directory. -This sets up an out-of-tree build, which is recommended. - -| Make command | CMake equivalent | Description | -|----------------|------------------------------------------------|--------------------------------------------------------------------| -| `make` | `cmake --build build` | Build the libraries, programs, and tests in the `build` directory. | -| `make test` | `ctest --test-dir build` | Run the tests produced by the previous build. | -| `make clean` | `cmake --build build --target clean` | Remove build artifacts produced by the previous build. | -| `make install` | `cmake --install build --prefix build/install` | Install the built libraries, headers, and tests to `build/install`. | - -#### Building specific targets - -Unless otherwise specified, the CMake command in the table below should be preceded by a `cmake -S . -B build` call to configure the build and generate build files in the `build` directory. - -| Make command | CMake equivalent | Description | -|-----------------|---------------------------------------------------------------------|---------------------------| -| `make lib` | `cmake --build build --target lib` | Build only the libraries. | -| `make tests` | `cmake -S . -B build -DENABLE_PROGRAMS=Off && cmake --build build` | Build test suites. | -| `make programs` | `cmake --build build --target programs` | Build example programs. | -| `make apidoc` | `cmake --build build --target mbedtls-apidoc` | Build documentation. | - -Target names may differ slightly; use `cmake --build build --target help` to list all available CMake targets. - -There is no CMake equivalent for `make generated_files` or `make neat`. -Generated files are automatically created in the build tree with `cmake --build build` and removed with `cmake --build build --target clean`. -If you need to build the generated files in the source tree without involving CMake, you can call `framework/scripts/make_generated_files.py`. - -There is currently no equivalent for `make uninstall` in the Mbed TLS CMake build system. - -#### Common build options - -The following table illustrates the approximate CMake equivalents of common make commands. -Most CMake examples show only the configuration step, others (like installation) correspond to different stages of the build process. - -| Make usage | CMake usage | Description | -|----------------------------|-------------------------------------------------------|----------------------| -| `make DEBUG=1` | `cmake -S . -B build -DCMAKE_BUILD_TYPE=Debug` | Build in debug mode. | -| `make SHARED=1` | `cmake -S . -B build -DUSE_SHARED_MBEDTLS_LIBRARY=On` | Also build shared libraries. | -| `make GEN_FILES=""` | `cmake -S . -B build -DGEN_FILES=OFF` | Skip generating files (not a strict equivalent). | -| `make DESTDIR=install_dir` | `cmake --install build --prefix install_dir` | Specify installation path. | -| `make CC=clang` | `cmake -S . -B build -DCMAKE_C_COMPILER=clang` | Set the compiler. | -| `make CFLAGS='-O2 -Wall'` | `cmake -S . -B build -DCMAKE_C_FLAGS="-O2 -Wall"` | Set compiler flags. | - -## Repository split -In Mbed TLS 4.0, the project was split into two repositories: -- [Mbed TLS](https://github.com/Mbed-TLS/mbedtls): provides TLS and X.509 functionality. -- [TF-PSA-Crypto](https://github.com/Mbed-TLS/TF-PSA-Crypto): provides the standalone cryptography library, implementing the PSA Cryptography API. -Mbed TLS consumes TF-PSA-Crypto as a submodule. -You should stay with Mbed TLS if you use TLS or X.509 functionality. You still have direct access to the cryptography library. - -### File and directory relocations - -The following table summarizes the file and directory relocations resulting from the repository split between Mbed TLS and TF-PSA-Crypto. -These changes reflect the move of cryptographic, cryptographic-adjacent, and platform components from Mbed TLS into the new TF-PSA-Crypto repository. - -| Original location | New location(s) | Notes | -|-----------------------------------------|--------------------------------------------------------------------------------------|-------| -| `library/*` () | `tf-psa-crypto/core/`
`tf-psa-crypto/drivers/builtin/src/` | Contains cryptographic, cryptographic-adjacent (e.g., ASN.1, Base64), and platform C modules and headers. | -| `include/mbedtls/*` () | `tf-psa-crypto/include/mbedtls/`
`tf-psa-crypto/drivers/builtin/include/private/` | Public headers moved to `include/mbedtls`; now internal headers moved to `include/private`. | -| `include/psa` | `tf-psa-crypto/include/psa` | All PSA headers consolidated here. | -| `3rdparty/everest`
`3rdparty/p256-m` | `tf-psa-crypto/drivers/everest`
`tf-psa-crypto/drivers/p256-m` | Third-party crypto driver implementations. | - -() The `library` and `include/mbedtls` directories still exist in Mbed TLS, but now contain only TLS and X.509 components. - -### Configuration file split -Cryptography and platform configuration options have been moved from `include/mbedtls/mbedtls_config.h` to `tf-psa-crypto/include/psa/crypto_config.h`, which is now mandatory. -See [Compile-time configuration](#compile-time-configuration). - -The header `include/mbedtls/mbedtls_config.h` still exists and now contains only the TLS and X.509 configuration options. - -If you use the Python script `scripts/config.py` to adjust your configuration, you do not need to modify your scripts to specify which configuration file to edit, the script automatically updates the correct file. - -There have been significant changes in the configuration options, primarily affecting cryptography. - -#### Cryptography configuration -- See [psa-transition.md](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/psa-transition.md#compile-time-configuration). -- See also the following sections in the TF-PSA-Crypto 1.0 migration guide: - - *PSA as the Only Cryptography API* and its sub-section *Impact on the Library Configuration* - - *Random Number Generation Configuration* - -#### TLS configuration -For details about TLS-related changes, see [Changes to TLS options](#changes-to-tls-options). - -### Impact on some usages of the library - -#### Checking out a branch or a tag -After checking out a branch or tag of the Mbed TLS repository, you must now recursively update the submodules, as TF-PSA-Crypto contains itself a nested submodule: -``` -git submodule update --init --recursive -``` - -#### Linking directly to a built library - -The Mbed TLS CMake build system still provides the cryptography libraries under their legacy name, `libmbedcrypto.`, so you can continue linking against them. -These libraries are still located in the `library` directory within the build tree. - -The cryptography libraries are also now provided as `libtfpsacrypto.`, consistent with the naming used in the TF-PSA-Crypto repository. - -You may need to update include paths to the public header files, see [File and Directory Relocations](#file-and-directory-relocations) for details. - -#### Using Mbed TLS as a CMake subproject - -The base name of the libraries are now `tfpsacrypto` (formely `mbedcrypto`), `mbedx509` and `mbedtls`. -As before, these base names are also the names of CMake targets to build each library. -If your CMake scripts reference a cryptography library target, you need to update its name accordingly. - -For example, the following CMake code: -``` -target_link_libraries(mytarget PRIVATE mbedcrypto) -``` -should be updated to: -``` -target_link_libraries(mytarget PRIVATE tfpsacrypto) -``` - -You can refer to the following example demonstrating how to consume Mbed TLS as a CMake subproject: -- `programs/test/cmake_subproject` - -#### Using Mbed TLS as a CMake package - -The same renaming applies to the cryptography library targets declared as part of the Mbed TLS CMake package, use `MbedTLS::tfpsacrypto` instead of `MbedTLS::mbedcrypto`. - -For example, the following CMake code: -``` -find_package(MbedTLS REQUIRED) -target_link_libraries(myapp PRIVATE MbedTLS::mbedcrypto) -``` -should be updated to: -``` -find_package(MbedTLS REQUIRED) -target_link_libraries(myapp PRIVATE MbedTLS::tfpsacrypto) -``` -You can also refer to the following example programs demonstrating how to consume Mbed TLS as a CMake package: -- `programs/test/cmake_package` -- `programs/test/cmake_package_install` - -#### Using the Mbed TLS Crypto pkg-config file - -The Mbed TLS CMake build system still provides the pkg-config file mbedcrypto.pc, so you can continue using it. -Internally, it now references the tfpsacrypto library. - -A new pkg-config file, `tfpsacrypto.pc`, is also provided. -Both `mbedcrypto.pc` and `tfpsacrypto.pc` are functionally equivalent, providing the same compiler and linker flags. - -#### Using Mbed TLS as an installed library - -The Mbed TLS CMake build system still installs the cryptography libraries under their legacy name, `libmbedcrypto.`, so you can continue linking against them. -The cryptography library is also now provided as `libtfpsacrypto.`. - -Regarding the headers, the main change is the relocation of some headers to subdirectories called `private`. -These headers are installed primarily to satisfy compiler dependencies. -Others remain for historical reasons and may be cleaned up in later versions of the library. - -We strongly recommend not relying on the declarations in these headers, as they may be removed or modified without notice. -See the section Private Declarations in the TF-PSA-Crypto 1.0 migration guide for more information. - -Finally, note the new `include/tf-psa-crypto` directory, which contains the TF-PSA-Crypto version and build-time configuration headers. - -### Audience-Specific Notes - -#### Application Developers using a distribution package -- See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: - - Linking against the cryptography library or CMake targets. - - Using the Mbed TLS Crypto pkg-config file. - - Using Mbed TLS as an installed library - -### Developer or package maintainers -If you build or distribute Mbed TLS: -- The build system is now CMake only, Makefiles and Visual Studio projects are removed. -- You may need to adapt packaging scripts to handle the TF-PSA-Crypto submodule. -- You should update submodules recursively after checkout. -- Review [File and directory relocations](#file-and-directory-relocations) for updated paths. -- See [Impact on usages of the library](#impact-on-some-usages-of-the-library) for the possible impacts on: - - Linking against the cryptography library or CMake targets. - - Using the Mbed TLS Crypto pkg-config file (`mbedcrypto.pc` or `tfpsacrypto.pc`). - - Using Mbed TLS as an installed library -- Configuration note: cryptography and platform options are now in `crypto_config.h` (see [Configuration file split](#configuration-file-split)). - -### Platform Integrators -If you integrate Mbed TLS with a platform or hardware drivers: -- TF-PSA-Crypto is now a submodule, update integration scripts to initialize submodules recursively. -- The PSA driver wrapper is now generated in TF-PSA-Crypto. -- Platform-specific configuration are now handled in `crypto_config.h`. -- See [Repository split](#repository-split) for how platform components moved to TF-PSA-Crypto. From 2c0cb9926a979cfc6e97f33d4eca9a8259e10305 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Oct 2025 15:56:21 +0200 Subject: [PATCH 1120/1548] Add short introduction Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/docs/4.0-migration-guide.md b/docs/4.0-migration-guide.md index 83ec90ca92..040194b478 100644 --- a/docs/4.0-migration-guide.md +++ b/docs/4.0-migration-guide.md @@ -1,3 +1,16 @@ +# Migrating from Mbed TLS 3.x to TF-PSA-Crypto 1.0 + +This guide details the steps required to migrate from Mbed TLS version 2.x to Mbed TLS version 3.0 or greater. Unlike normal releases, Mbed TLS 3.0 breaks compatibility with previous versions, so users, integrators and package maintainers might need to change their own code in order to make it work with Mbed TLS 3.0. + +Here's the list of breaking changes; each entry should help you answer these two questions: (1) am I affected? (2) if yes, what's my migration path? + +- Mbed TLS has been split between two products: TF-PSA-Crypto for cryptography, and Mbed TLS for X.509 and (D)TLS. +- CMake is now the only supported build system. +- The cryptography API is now mostly the PSA API: most legacy cryptography APIs have been removed. This has led to adaptations in some X.509 and TLS APIs, notably because the library always uses the PSA random generator. +- Various deprecated or minor functionality has been removed. + +Please consult the [TF-PSA-Crypto migration guide](../tf-psa-crypto/docs/1.0-migration-guide.md) for all information related to the crytography part of the library. + ## CMake as the only build system Mbed TLS now uses CMake exclusively to configure and drive its build process. Support for the GNU Make and Microsoft Visual Studio project-based build systems has been removed. @@ -248,7 +261,7 @@ The PSA API is now the only API for cryptographic primitives. ### Impact on application code -The X.509, PKCS7 and SSL modules always use PSA for cryptography, with a few exceptions documented in the [PSA limitations](../architecture/psa-migration/psa-limitations.md) document. (These limitations are mostly transparent unless you want to leverage PSA accelerator drivers.) This corresponds to the behavior of Mbed TLS 3.x when `MBEDTLS_USE_PSA_CRYPTO` is enabled. In effect, `MBEDTLS_USE_PSA_CRYPTO` is now always enabled. +The X.509, PKCS7 and SSL modules always use PSA for cryptography, with a few exceptions documented in the [PSA limitations](architecture/psa-migration/psa-limitations.md) document. (These limitations are mostly transparent unless you want to leverage PSA accelerator drivers.) This corresponds to the behavior of Mbed TLS 3.x when `MBEDTLS_USE_PSA_CRYPTO` is enabled. In effect, `MBEDTLS_USE_PSA_CRYPTO` is now always enabled. `psa_crypto_init()` must be called before performing any cryptographic operation, including indirect requests such as parsing a key or certificate or starting a TLS handshake. From 66719098b872da4cb25728cd29ea11410155bbb0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Oct 2025 15:51:17 +0200 Subject: [PATCH 1121/1548] Ensure there is a blank line before headers (markdown portability) Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/4.0-migration-guide.md b/docs/4.0-migration-guide.md index 040194b478..16328ad028 100644 --- a/docs/4.0-migration-guide.md +++ b/docs/4.0-migration-guide.md @@ -211,6 +211,7 @@ If you integrate Mbed TLS with a platform or hardware drivers: - The PSA driver wrapper is now generated in TF-PSA-Crypto. - Platform-specific configuration are now handled in `crypto_config.h`. - See [Repository split](#repository-split) for how platform components moved to TF-PSA-Crypto. + ## Compile-time configuration ### Configuration file split @@ -255,6 +256,7 @@ The option to enable null cipher suites in TLS 1.2 has been renamed from `MBEDTL #### Removal of backward compatibility options The option `MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT` has been removed. Only the version standardized in RFC 9146 is supported now. + ## PSA as the only cryptography API The PSA API is now the only API for cryptographic primitives. @@ -278,6 +280,7 @@ See also [function prototype changes](#function-prototype-changes), many of whic ### Impact on the library configuration Mbed TLS follows the configuration of TF-PSA-Crypto with respect to cryptographic mechanisms. They are now based on `PSA_WANT_xxx` macros instead of legacy configuration macros such as `MBEDTLS_RSA_C`, `MBEDTLS_PKCS1_V15`, etc. The configuration of X.509 and TLS is not directly affected by the configuration. However, applications and middleware that rely on these configuration symbols to know which cryptographic mechanisms to support will need to migrate to `PSA_WANT_xxx` macros. For more information, consult the PSA transition guide in TF-PSA-Crypto. + ## Private declarations Since Mbed TLS 3.0, some things that are declared in a public header are not part of the stable application programming interface (API), but instead are considered private. Private elements may be removed or may have their semantics changed in a future minor release without notice. @@ -311,6 +314,7 @@ We strongly recommend against defining `MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS` or may not compile or work with future minor releases. If there's something you want to do that you feel can only be achieved by using one of these two macros, please reach out on github or the mailing list. + ## Error codes ### Unified error code space @@ -348,6 +352,7 @@ Many legacy error codes have been removed in favor of PSA error codes. Generally | `MBEDTLS_ERR_X509_BUFFER_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL` | See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules. + ## Removal of deprecated functions ### Removal of deprecated X.509 functions @@ -362,6 +367,7 @@ The function was superseded by `mbedtls_ssl_conf_groups()`. ### Removal of `compat-2.x.h` The header `compat-2.x.h`, containing some definitions for backward compatibility with Mbed TLS 2.x, has been removed. + ## Removed features ### Removal of obsolete key exchanges methods in (D)TLS 1.2 @@ -514,6 +520,7 @@ Following their removal from the crypto library, elliptic curves of less than 25 The deprecated functions `mbedtls_ssl_conf_min_version()` and `mbedtls_ssl_conf_max_version()`, and the associated constants `MBEDTLS_SSL_MAJOR_VERSION_3`, `MBEDTLS_SSL_MINOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_4` have been removed. Use `mbedtls_ssl_conf_min_tls_version()` and `mbedtls_ssl_conf_max_tls_version()` with `MBEDTLS_SSL_VERSION_TLS1_2` or `MBEDTLS_SSL_VERSION_TLS1_3` instead. The deprecated function `mbedtls_ssl_conf_sig_hashes()` has been removed. Use `mbedtls_ssl_conf_sig_algs()` instead. + ## Function prototype changes A number of existing functions now take a different list of arguments, mostly to migrate them to the PSA API. @@ -603,6 +610,7 @@ int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime); ``` + ## OID module The compilation option `MBEDTLS_OID_C` no longer exists. OID tables are included in the build automatically as needed for parsing and writing X.509 data. From d83c476f3b9d38890b86b2d3daee1fcf54e851a8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Oct 2025 16:36:42 +0200 Subject: [PATCH 1122/1548] Fix copypasta Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/4.0-migration-guide.md b/docs/4.0-migration-guide.md index 16328ad028..fa7732b8c6 100644 --- a/docs/4.0-migration-guide.md +++ b/docs/4.0-migration-guide.md @@ -1,6 +1,6 @@ # Migrating from Mbed TLS 3.x to TF-PSA-Crypto 1.0 -This guide details the steps required to migrate from Mbed TLS version 2.x to Mbed TLS version 3.0 or greater. Unlike normal releases, Mbed TLS 3.0 breaks compatibility with previous versions, so users, integrators and package maintainers might need to change their own code in order to make it work with Mbed TLS 3.0. +This guide details the steps required to migrate from Mbed TLS version 3.x to Mbed TLS version 4.0 or greater. Unlike normal releases, Mbed TLS 4.0 breaks compatibility with previous versions, so users, integrators and package maintainers might need to change their own code in order to make it work with Mbed TLS 4.0. Here's the list of breaking changes; each entry should help you answer these two questions: (1) am I affected? (2) if yes, what's my migration path? From 75a36bd9cdffc4778d2ef70c3ee44cd4aca973a3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Oct 2025 17:45:33 +0200 Subject: [PATCH 1123/1548] Fix copypasta in title Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/4.0-migration-guide.md b/docs/4.0-migration-guide.md index fa7732b8c6..ec4b8c9b8c 100644 --- a/docs/4.0-migration-guide.md +++ b/docs/4.0-migration-guide.md @@ -1,4 +1,4 @@ -# Migrating from Mbed TLS 3.x to TF-PSA-Crypto 1.0 +# Migrating from Mbed TLS 3.x to Mbed TLS 4.0 This guide details the steps required to migrate from Mbed TLS version 3.x to Mbed TLS version 4.0 or greater. Unlike normal releases, Mbed TLS 4.0 breaks compatibility with previous versions, so users, integrators and package maintainers might need to change their own code in order to make it work with Mbed TLS 4.0. From fa4e9461bd43866939f627ca6c4451df42575020 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Oct 2025 17:54:00 +0200 Subject: [PATCH 1124/1548] Add sentence that was in 3.0 and is in TF-PSA-Crypto 1.0 Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/4.0-migration-guide.md b/docs/4.0-migration-guide.md index ec4b8c9b8c..9b4768a3a1 100644 --- a/docs/4.0-migration-guide.md +++ b/docs/4.0-migration-guide.md @@ -4,6 +4,8 @@ This guide details the steps required to migrate from Mbed TLS version 3.x to Mb Here's the list of breaking changes; each entry should help you answer these two questions: (1) am I affected? (2) if yes, what's my migration path? +The changes are detailed below. Here is a summary of the main points: + - Mbed TLS has been split between two products: TF-PSA-Crypto for cryptography, and Mbed TLS for X.509 and (D)TLS. - CMake is now the only supported build system. - The cryptography API is now mostly the PSA API: most legacy cryptography APIs have been removed. This has led to adaptations in some X.509 and TLS APIs, notably because the library always uses the PSA random generator. From 65c29f07c7931cd97ad23ea7a664b6fed5f7b93c Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sat, 11 Oct 2025 21:44:26 +0100 Subject: [PATCH 1125/1548] Updated framework submodule Signed-off-by: Minos Galanakis --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index d80c4f9ec3..4579964747 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit d80c4f9ec3a01c001778658023f82e40fdb51d40 +Subproject commit 457996474728cb8e968ed21953b72f74d2f536b2 From 0ff335d715540a164c906a58f850f00c79627b51 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 13 Oct 2025 15:17:44 +0100 Subject: [PATCH 1126/1548] Remove uses of mbedtls_pk_verify_new Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 7675f95e37..91f500294f 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1995,7 +1995,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { - ret = mbedtls_pk_verify_new(pk_alg, peer_pk, + ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) pk_alg, peer_pk, md_alg, hash, hashlen, p, sig_len); } else diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index e88c00a564..748efb4815 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -300,13 +300,13 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); - if ((ret = mbedtls_pk_verify_new(sig_alg, + if ((ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) sig_alg, &ssl->session_negotiate->peer_cert->pk, md_alg, verify_hash, verify_hash_len, p, signature_len)) == 0) { return 0; } - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_new", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret); error: /* RFC 8446 section 4.4.3 From 21cd2ddb1e7cd89f01abe9dc426ef2584a1df8bf Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sat, 11 Oct 2025 21:44:44 +0100 Subject: [PATCH 1127/1548] Updated tf psa-crypto submodule Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index cf4c26de94..76920edddc 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit cf4c26de948e8bfe6566dd8b78299df4b627127d +Subproject commit 76920edddcad00ac41b248e12d937b845df7bedb From e5862c04940b07a7c4f871e63715fcce00bf14a3 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sat, 11 Oct 2025 21:52:07 +0100 Subject: [PATCH 1128/1548] Removed Beta Changelog Signed-off-by: Minos Galanakis --- ChangeLog | 325 ------------------------------------------------------ 1 file changed, 325 deletions(-) diff --git a/ChangeLog b/ChangeLog index 912a1786b7..1c48958e39 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,330 +1,5 @@ Mbed TLS ChangeLog (Sorted per branch, date) -= Mbed TLS 4.0.0-beta branch released 2025-07-04 - -API changes - * The experimental functions psa_generate_key_ext() and - psa_key_derivation_output_key_ext() have been replaced by - psa_generate_key_custom() and psa_key_derivation_output_key_custom(). - They have almost exactly the same interface, but the variable-length - data is passed in a separate parameter instead of a flexible array - member. This resolves a build failure under C++ compilers that do not - support flexible array members (a C99 feature not adopted by C++). - Fixes #9020. - * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. - Instead of taking a mbedtls_cipher_type_t as an argument, this function - now takes 3 new arguments: a PSA algorithm, key type and key size, to - specify the AEAD for ticket protection. - * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx() - functions can now return PSA_ERROR_xxx values. - There is no longer a distinction between "low-level" and "high-level" - Mbed TLS error codes. - This will not affect most applications since the error values are - between -32767 and -1 as before. - * All API functions now use the PSA random generator psa_generate_random() - internally. As a consequence, functions no longer take RNG parameters. - Please refer to the migration guide at : - tf-psa-crypto/docs/4.0-migration-guide.md. - -Default behavior changes - * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT && - !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the - corresponding PSA mechanism is enabled, since the server provides the - crypto. Fixes #9126. - * The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem - to perform cryptographic operations, with a few exceptions documented - in docs/architecture/psa-migration/psa-limitations.md. This - corresponds to the behavior of Mbed TLS 3.x when - MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO - is now always enabled. - * psa_crypto_init() must be called before performing any cryptographic - operation, including indirect requests such as parsing a key or - certificate or starting a TLS handshake. - * The `PSA_WANT_XXX` symbols as defined in - tf-psa-crypto/include/psa/crypto_config.h are now always used in the - configuration of the cryptographic mechanisms exposed by the PSA API. - This corresponds to the configuration behavior of Mbed TLS 3.x when - MBEDTLS_PSA_CRYPTO_CONFIG is enabled. In effect, MBEDTLS_PSA_CRYPTO_CONFIG - is now always enabled and the configuration option has been removed. - * In TLS clients, if mbedtls_ssl_set_hostname() has not been called, - mbedtls_ssl_handshake() now fails with - MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME - if certificate-based authentication of the server is attempted. - This is because authenticating a server without knowing what name - to expect is usually insecure. - -Removals - * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C. - Fixes #5903. - * Drop support for crypto alt interface. Removes MBEDTLS_XXX_ALT options - at the module and function level for crypto mechanisms only. The remaining - alt interfaces for platform, threading and timing are unchanged. - Fixes #8149. - * Remove support for the RSA-PSK key exchange in TLS 1.2. - * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was - already deprecated and superseded by - mbedtls_x509write_crt_set_serial_raw(). - * Remove the function mbedtls_ssl_conf_curves() which had been deprecated - in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1. - * Remove support for the DHE-PSK key exchange in TLS 1.2. - * Remove support for the DHE-RSA key exchange in TLS 1.2. - * Following the removal of DHM module (#9972 and TF-PSA-Crypto#175) the - following SSL functions are removed: - - mbedtls_ssl_conf_dh_param_bin - - mbedtls_ssl_conf_dh_param_ctx - - mbedtls_ssl_conf_dhm_min_bitlen - * Remove support for the RSA key exchange in TLS 1.2. - * Remove mbedtls_low_level_strerr() and mbedtls_high_level_strerr(), - since these concepts no longer exists. There is just mbedtls_strerror(). - * Sample programs for the legacy crypto API have been removed. - pkey/rsa_genkey.c - pkey/pk_decrypt.c - pkey/dh_genprime.c - pkey/rsa_verify.c - pkey/mpi_demo.c - pkey/rsa_decrypt.c - pkey/key_app.c - pkey/dh_server.c - pkey/ecdh_curve25519.c - pkey/pk_encrypt.c - pkey/rsa_sign.c - pkey/key_app_writer.c - pkey/dh_client.c - pkey/ecdsa.c - pkey/rsa_encrypt.c - wince_main.c - aes/crypt_and_hash.c - random/gen_random_ctr_drbg.c - random/gen_entropy.c - hash/md_hmac_demo.c - hash/hello.c - hash/generic_sum.c - cipher/cipher_aead_demo.c - * Remove compat-2-x.h header from mbedtls. - * The library no longer offers interfaces to look up values by OID - or OID by enum values. - The header now only defines functions to convert - between binary and dotted string OID representations, and macros - for OID strings that are relevant to X.509. - The compilation option MBEDTLS_OID_C no longer - exists. OID tables are included in the build automatically as needed. - -Features - * When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled, - the number of volatile PSA keys is virtually unlimited, at the expense - of increased code size. This option is off by default, but enabled in - the default mbedtls_config.h. Fixes #9216. - * Add a new psa_key_agreement() PSA API to perform key agreement and return - an identifier for the newly created key. - * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which - uses static storage for keys, enabling malloc-less use of key slots. - The size of each buffer is given by the option - MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the - largest PSA key enabled in the build. - * Add an interruptible version of key agreement to the PSA interface. - See psa_key_agreement_iop_setup() and related functions. - * Add an interruptible version of generate key to the PSA interface. - See psa_generate_key_iop_setup() and related functions. - * Add the function mbedtls_ssl_export_keying_material() which allows the - client and server to extract additional shared symmetric keys from an SSL - session, according to the TLS-Exporter specification in RFC 8446 and 5705. - This requires MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to be defined in - mbedtls_config.h. - -Security - * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does - not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when - MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. - CVE-2024-45157 - * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and - mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the - largest supported curve. In some configurations with PSA disabled, - all values of bits are affected. This never happens in internal library - calls, but can affect applications that call these functions directly. - CVE-2024-45158 - * With TLS 1.3, when a server enables optional authentication of the - client, if the client-provided certificate does not have appropriate values - in keyUsage or extKeyUsage extensions, then the return value of - mbedtls_ssl_get_verify_result() would incorrectly have the - MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits - clear. As a result, an attacker that had a certificate valid for uses other - than TLS client authentication could be able to use it for TLS client - authentication anyway. Only TLS 1.3 servers were affected, and only with - optional authentication (required would abort the handshake with a fatal - alert). - CVE-2024-45159 - * Fix a buffer underrun in mbedtls_pk_write_key_der() when - called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled, - and the output buffer is smaller than the actual output. - Fix a related buffer underrun in mbedtls_pk_write_key_pem() - when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled - and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key. - CVE-2024-49195 - * Note that TLS clients should generally call mbedtls_ssl_set_hostname() - if they use certificate authentication (i.e. not pre-shared keys). - Otherwise, in many scenarios, the server could be impersonated. - The library will now prevent the handshake and return - MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME - if mbedtls_ssl_set_hostname() has not been called. - Reported by Daniel Stenberg. - CVE-2025-27809 - * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed - or there was a cryptographic hardware failure when calculating the - Finished message, it could be calculated incorrectly. This would break - the security guarantees of the TLS handshake. - CVE-2025-27810 - * Fix possible use-after-free or double-free in code calling - mbedtls_x509_string_to_names(). This was caused by the function calling - mbedtls_asn1_free_named_data_list() on its head argument, while the - documentation did no suggest it did, making it likely for callers relying - on the documented behaviour to still hold pointers to memory blocks after - they were free()d, resulting in high risk of use-after-free or double-free, - with consequences ranging up to arbitrary code execution. - In particular, the two sample programs x509/cert_write and x509/cert_req - were affected (use-after-free if the san string contains more than one DN). - Code that does not call mbedtls_string_to_names() directly is not affected. - Found by Linh Le and Ngan Nguyen from Calif. - CVE-2025-47917 - * Fix a bug in mbedtls_x509_string_to_names() and the - mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions, - where some inputs would cause an inconsistent state to be reached, causing - a NULL dereference either in the function itself, or in subsequent - users of the output structure, such as mbedtls_x509_write_names(). This - only affects applications that create (as opposed to consume) X.509 - certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif. - CVE-2025-48965 - -Bugfix - * Fix TLS 1.3 client build and runtime when support for session tickets is - disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395. - * Fix compilation error when memcpy() is a function-like macros. Fixes #8994. - * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled - as soon as MBEDTLS_RSA_C is enabled. Fixes #9041. - * Fix undefined behaviour (incrementing a NULL pointer by zero length) when - passing in zero length additional data to multipart AEAD. - * Fix rare concurrent access bug where attempting to operate on a - non-existent key while concurrently creating a new key could potentially - corrupt the key store. - * Fix error handling when creating a key in a dynamic secure element - (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition, - the creation could return PSA_SUCCESS but using or destroying the key - would not work. Fixes #8537. - * Fix issue of redefinition warning messages for _GNU_SOURCE in - entropy_poll.c and sha_256.c. There was a build warning during - building for linux platform. - Resolves #9026 - * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled. - * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in - CMAC is enabled, but no built-in unauthenticated cipher is enabled. - Fixes #9209. - * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled. - Fixes #9029. - * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes - long. Credit to Cryptofuzz. Fixes #9314. - * Fix interference between PSA volatile keys and built-in keys - when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and - MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096. - * Document and enforce the limitation of mbedtls_psa_register_se_key() - to persistent keys. Resolves #9253. - * Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled - but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188. - * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but - MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186. - * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled, - some code was defining 0-size arrays, resulting in compilation errors. - Fixed by disabling the offending code in configurations without PSA - Crypto, where it never worked. Fixes #9311. - * Fixes an issue where some TLS 1.2 clients could not connect to an - Mbed TLS 3.6.0 server, due to incorrect handling of - legacy_compression_methods in the ClientHello. - fixes #8995, #9243. - * Fix a memory leak that could occur when failing to process an RSA - key through some PSA functions due to low memory conditions. - * Fixed a regression introduced in 3.6.0 where the CA callback set with - mbedtls_ssl_conf_ca_cb() would stop working when connections were - upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS - 1.3. - * Fixed a regression introduced in 3.6.0 where clients that relied on - optional/none authentication mode, by calling mbedtls_ssl_conf_authmode() - with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop - working when connections were upgraded to TLS 1.3. Fixed by adding - support for optional/none with TLS 1.3 as well. Note that the TLS 1.3 - standard makes server authentication mandatory; users are advised not to - use authmode none, and to carefully check the results when using optional - mode. - * Fixed a regression introduced in 3.6.0 where context-specific certificate - verify callbacks, set with mbedtls_ssl_set_verify() as opposed to - mbedtls_ssl_conf_verify(), would stop working when connections were - upgraded to TLS 1.3. Fixed by adding support for context-specific verify - callback in TLS 1.3. - * Fix unintended performance regression when using short RSA public keys. - Fixes #9232. - * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with - peers that have middlebox compatibility enabled, as long as no - problematic middlebox is in the way. Fixes #9551. - * Fix invalid JSON schemas for driver descriptions used by - generate_driver_wrappers.py. - * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind' - and 'mbedtls_net_connect' to prevent possible double close fd - problems. Fixes #9711. - * Fix undefined behavior in some cases when mbedtls_psa_raw_to_der() or - mbedtls_psa_der_to_raw() is called with bits=0. - * Fix compilation on MS-DOS DJGPP. Fixes #9813. - * Fix missing constraints on the AES-NI inline assembly which is used on - GCC-like compilers when building AES for generic x86_64 targets. This - may have resulted in incorrect code with some compilers, depending on - optimizations. Fixes #9819. - * Support re-assembly of fragmented handshake messages in TLS (both - 1.2 and 1.3). The lack of support was causing handshake failures with - some servers, especially with TLS 1.3 in practice. There are a few - limitations, notably a fragmented ClientHello is only supported when - TLS 1.3 support is enabled. See the documentation of - mbedtls_ssl_handshake() for details. - * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that - occurred whenever SSL debugging was enabled on a copy of Mbed TLS built - with Visual Studio 2013 or MinGW. - Fixes #10017. - * Silence spurious -Wunterminated-string-initialization warnings introduced - by GCC 15. Fixes #9944. - -Changes - * Warn if mbedtls/check_config.h is included manually, as this can - lead to spurious errors. Error if a *adjust*.h header is included - manually, as this can lead to silently inconsistent configurations, - potentially resulting in buffer overflows. - When migrating from Mbed TLS 2.x, if you had a custom config.h that - included check_config.h, remove this inclusion from the Mbed TLS 3.x - configuration file (renamed to mbedtls_config.h). This change was made - in Mbed TLS 3.0, but was not announced in a changelog entry at the time. - * Functions regarding numeric string conversions for OIDs have been moved - from the OID module and now reside in X.509 module. This helps to reduce - the code size as these functions are not commonly used outside of X.509. - * Improve performance of PSA key generation with ECC keys: it no longer - computes the public key (which was immediately discarded). Fixes #9732. - * Cryptography and platform configuration options have been migrated - from the Mbed TLS library configuration file mbedtls_config.h to - crypto_config.h that will become the TF-PSA-Crypto configuration file, - see config-split.md for more information. The reference and test custom - configuration files respectively in configs/ and tests/configs/ have - been updated accordingly. - To migrate custom Mbed TLS configurations where - MBEDTLS_PSA_CRYPTO_CONFIG is disabled, you should first adapt them - to the PSA configuration scheme based on PSA_WANT_XXX symbols - (see psa-conditional-inclusion-c.md for more information). - To migrate custom Mbed TLS configurations where - MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you should migrate the - cryptographic and platform configuration options from mbedtls_config.h - to crypto_config.h (see config-split.md for more information and configs/ - for examples). - * Move the crypto part of the library (content of tf-psa-crypto directory) - from the Mbed TLS to the TF-PSA-Crypto repository. The crypto code and - tests development will now occur in TF-PSA-Crypto, which Mbed TLS - references as a Git submodule. - * The function mbedtls_x509_string_to_names() now requires its head argument - to point to NULL on entry. This makes it likely that existing risky uses of - this function (see the entry in the Security section) will be detected and - fixed. - = Mbed TLS 3.6.0 branch released 2024-03-28 API changes From 38181b6d667e579586b775bb7a00f12ee1358699 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sat, 11 Oct 2025 21:53:21 +0100 Subject: [PATCH 1129/1548] Assemble ChangeLog Signed-off-by: Minos Galanakis --- ChangeLog | 256 ++++++++++++++++++ ChangeLog.d/10285.txt | 3 - ChangeLog.d/9684.txt | 2 - ChangeLog.d/9685.txt | 2 - ChangeLog.d/9874.txt | 5 - ChangeLog.d/9892.txt | 5 - ChangeLog.d/9956.txt | 6 - ChangeLog.d/9964.txt | 26 -- ChangeLog.d/add-tls-exporter.txt | 6 - ChangeLog.d/check_config.txt | 5 - ChangeLog.d/error-unification.txt | 12 - ChangeLog.d/fix-asn1-store-named-data.txt | 8 - .../fix-clang-psa-build-without-dhm.txt | 5 - ...ion-when-memcpy-is-function-like-macro.txt | 2 - ChangeLog.d/fix-compilation-with-djgpp.txt | 2 - .../fix-dependency-on-generated-files.txt | 3 - ChangeLog.d/fix-legacy-compression-issue.txt | 6 - .../fix-msvc-version-guard-format-zu.txt | 5 - ChangeLog.d/fix-server-mode-only-build.txt | 3 - .../fix-string-to-names-memory-management.txt | 19 -- .../fix-string-to-names-store-named-data.txt | 10 - .../fix_reporting_of_key_usage_issues.txt | 12 - ChangeLog.d/make-visualc.txt | 2 - ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt | 4 - .../mbedtls_ssl_conf_alpn_protocols.txt | 4 - ChangeLog.d/mbedtls_ssl_set_hostname.txt | 18 -- ChangeLog.d/oid.txt | 8 - ChangeLog.d/psa-always-on.txt | 11 - ChangeLog.d/removal-of-rng.txt | 6 - ChangeLog.d/remove-compat-2.x.txt | 2 - ChangeLog.d/remove-deprecated-items.txt | 11 - ChangeLog.d/remove_RSA_key_exchange.txt | 2 - ChangeLog.d/remove_mbedtls_pk_type.txt | 3 - .../replace-close-with-mbedtls_net_close.txt | 4 - ChangeLog.d/replace_time_t.txt | 4 - ChangeLog.d/repo-split.txt | 5 - ChangeLog.d/rm-ssl-conf-curves.txt | 4 - ChangeLog.d/runtime-version-interface.txt | 9 - ChangeLog.d/secp256k1-removal.txt | 3 - ...ring-conversions-out-of-the-oid-module.txt | 4 - ChangeLog.d/static-ecdh-removal.txt | 3 - ChangeLog.d/tls-hs-defrag-in.txt | 7 - ChangeLog.d/tls-key-exchange-rsa.txt | 2 - ChangeLog.d/tls12-check-finished-calc.txt | 6 - ChangeLog.d/tls13-cert-regressions.txt | 18 -- .../tls13-middlebox-compat-disabled.txt | 4 - ChangeLog.d/tls13-without-tickets.txt | 3 - ChangeLog.d/unify-errors.txt | 7 - .../unterminated-string-initialization.txt | 3 - ...x509write_crt_set_serial_raw-alignment.txt | 3 - 50 files changed, 256 insertions(+), 307 deletions(-) delete mode 100644 ChangeLog.d/10285.txt delete mode 100644 ChangeLog.d/9684.txt delete mode 100644 ChangeLog.d/9685.txt delete mode 100644 ChangeLog.d/9874.txt delete mode 100644 ChangeLog.d/9892.txt delete mode 100644 ChangeLog.d/9956.txt delete mode 100644 ChangeLog.d/9964.txt delete mode 100644 ChangeLog.d/add-tls-exporter.txt delete mode 100644 ChangeLog.d/check_config.txt delete mode 100644 ChangeLog.d/error-unification.txt delete mode 100644 ChangeLog.d/fix-asn1-store-named-data.txt delete mode 100644 ChangeLog.d/fix-clang-psa-build-without-dhm.txt delete mode 100644 ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt delete mode 100644 ChangeLog.d/fix-compilation-with-djgpp.txt delete mode 100644 ChangeLog.d/fix-dependency-on-generated-files.txt delete mode 100644 ChangeLog.d/fix-legacy-compression-issue.txt delete mode 100644 ChangeLog.d/fix-msvc-version-guard-format-zu.txt delete mode 100644 ChangeLog.d/fix-server-mode-only-build.txt delete mode 100644 ChangeLog.d/fix-string-to-names-memory-management.txt delete mode 100644 ChangeLog.d/fix-string-to-names-store-named-data.txt delete mode 100644 ChangeLog.d/fix_reporting_of_key_usage_issues.txt delete mode 100644 ChangeLog.d/make-visualc.txt delete mode 100644 ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt delete mode 100644 ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt delete mode 100644 ChangeLog.d/mbedtls_ssl_set_hostname.txt delete mode 100644 ChangeLog.d/oid.txt delete mode 100644 ChangeLog.d/psa-always-on.txt delete mode 100644 ChangeLog.d/removal-of-rng.txt delete mode 100644 ChangeLog.d/remove-compat-2.x.txt delete mode 100644 ChangeLog.d/remove-deprecated-items.txt delete mode 100644 ChangeLog.d/remove_RSA_key_exchange.txt delete mode 100644 ChangeLog.d/remove_mbedtls_pk_type.txt delete mode 100644 ChangeLog.d/replace-close-with-mbedtls_net_close.txt delete mode 100644 ChangeLog.d/replace_time_t.txt delete mode 100644 ChangeLog.d/repo-split.txt delete mode 100644 ChangeLog.d/rm-ssl-conf-curves.txt delete mode 100644 ChangeLog.d/runtime-version-interface.txt delete mode 100644 ChangeLog.d/secp256k1-removal.txt delete mode 100644 ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt delete mode 100644 ChangeLog.d/static-ecdh-removal.txt delete mode 100644 ChangeLog.d/tls-hs-defrag-in.txt delete mode 100644 ChangeLog.d/tls-key-exchange-rsa.txt delete mode 100644 ChangeLog.d/tls12-check-finished-calc.txt delete mode 100644 ChangeLog.d/tls13-cert-regressions.txt delete mode 100644 ChangeLog.d/tls13-middlebox-compat-disabled.txt delete mode 100644 ChangeLog.d/tls13-without-tickets.txt delete mode 100644 ChangeLog.d/unify-errors.txt delete mode 100644 ChangeLog.d/unterminated-string-initialization.txt delete mode 100644 ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt diff --git a/ChangeLog b/ChangeLog index 1c48958e39..d31ada506f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,261 @@ Mbed TLS ChangeLog (Sorted per branch, date) += Mbed TLS 4.0.0 branch released 2025-10-15 + +API changes + * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. + Instead of taking a mbedtls_cipher_type_t as an argument, this function + now takes 3 new arguments: a PSA algorithm, key type and key size, to + specify the AEAD for ticket protection. + * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx() + functions can now return PSA_ERROR_xxx values. + There is no longer a distinction between "low-level" and "high-level" + Mbed TLS error codes. + This will not affect most applications since the error values are + between -32767 and -1 as before. + * All API functions now use the PSA random generator psa_generate_random() + internally. As a consequence, functions no longer take RNG parameters. + Please refer to the migration guide at : + docs/4.0-migration-guide.md. + * The list passed to mbedtls_ssl_conf_alpn_protocols() is now declared + as having const elements, reflecting the fact that the library will + not modify it + * Change the serial argument of the mbedtls_x509write_crt_set_serial_raw + function to a const to align with the rest of the API. + * Change the signature of the runtime version information methods that took + a char* as an argument to take zero arguments and return a const char* + instead. This aligns us with the interface used in TF PSA Crypto 1.0. + If you need to support linking against both Mbed TLS 3.x and 4.x, please + use the build-time version macros or mbedtls_version_get_number() to + determine the correct signature for mbedtls_version_get_string() and + mbedtls_version_get_string_full() before calling them. + Fixes issue #10308. + * Make the following error codes aliases of their PSA equivalents, where + xxx is a module, e.g. X509 or SSL. + MBEDTLS_ERR_xxx_BAD_INPUT_DATA -> PSA_ERROR_INVALID_ARGUMENT + MBEDTLS_ERR_xxx_ALLOC_FAILED -> PSA_ERROR_INSUFFICIENT_MEMORY + MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL -> PSA_ERROR_BUFFER_TOO_SMALL + MBEDTLS_ERR_PKCS7_VERIFY_FAIL -> PSA_ERROR_INVALID_SIGNATURE + * Add MBEDTLS_SSL_NULL_CIPHERSUITES configuration option. It enables + TLS 1.2 ciphersuites without encryption and is disabled by default. + This new option replaces MBEDTLS_CIPHER_NULL_CIPHER. + +Default behavior changes + * The X.509 and TLS modules now always use the PSA subsystem + to perform cryptographic operations, with a few exceptions documented + in docs/architecture/psa-migration/psa-limitations.md. This + corresponds to the behavior of Mbed TLS 3.x when + MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO + is now always enabled. + * psa_crypto_init() must be called before performing any cryptographic + operation, including indirect requests such as parsing a key or + certificate or starting a TLS handshake. + * In TLS clients, if mbedtls_ssl_set_hostname() has not been called, + mbedtls_ssl_handshake() now fails with + MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + if certificate-based authentication of the server is attempted. + This is because authenticating a server without knowing what name + to expect is usually insecure. + +Removals + * Remove support for the RSA-PSK key exchange in TLS 1.2. + * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was + already deprecated and superseded by + mbedtls_x509write_crt_set_serial_raw(). + * Remove the function mbedtls_ssl_conf_curves() which had been deprecated + in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1. + * Remove support for the DHE-PSK key exchange in TLS 1.2. + * Remove support for the DHE-RSA key exchange in TLS 1.2. + * Following the removal of DHM module (#9972 and TF-PSA-Crypto#175) the + following SSL functions are removed: + - mbedtls_ssl_conf_dh_param_bin + - mbedtls_ssl_conf_dh_param_ctx + - mbedtls_ssl_conf_dhm_min_bitlen + * Remove support for the RSA key exchange in TLS 1.2. + * Remove mbedtls_low_level_strerr() and mbedtls_high_level_strerr(), + since these concepts no longer exists. There is just mbedtls_strerror(). + * Sample programs for the legacy crypto API have been removed. + pkey/rsa_genkey.c + pkey/pk_decrypt.c + pkey/dh_genprime.c + pkey/rsa_verify.c + pkey/mpi_demo.c + pkey/rsa_decrypt.c + pkey/key_app.c + pkey/dh_server.c + pkey/ecdh_curve25519.c + pkey/pk_encrypt.c + pkey/rsa_sign.c + pkey/key_app_writer.c + pkey/dh_client.c + pkey/ecdsa.c + pkey/rsa_encrypt.c + wince_main.c + aes/crypt_and_hash.c + random/gen_random_ctr_drbg.c + random/gen_entropy.c + hash/md_hmac_demo.c + hash/hello.c + hash/generic_sum.c + cipher/cipher_aead_demo.c + * Remove compat-2-x.h header from mbedtls. + * The library no longer offers interfaces to look up values by OID + or OID by enum values. + The header now only defines functions to convert + between binary and dotted string OID representations, and macros + for OID strings that are relevant to X.509. + The compilation option MBEDTLS_OID_C no longer + exists. OID tables are included in the build automatically as needed. + * The header no longer exists. Including it + from a custom config file was no longer needed since Mbed TLS 3.0, + and could lead to spurious errors. The checks that it performed are + now done automatically when building the library. + * Support for secp192k1, secp192r1, secp224k1 and secp224r1 EC curves is + removed from TLS. + * Remove mbedtls_pk_type_t from the public interface and replace it with + mbedtls_pk_sigalg_t. + * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the + standard version (defined in RFC 9146) of DTLS connection ID is supported. + * Remove mbedtls_ssl_conf_min_version(), mbedtls_ssl_conf_max_version(), and + the associated constants MBEDTLS_SSL_MAJOR_VERSION_x and + MBEDTLS_SSL_MINOR_VERSION_y. Use mbedtls_ssl_conf_min_tls_version() and + mbedtls_ssl_conf_max_tls_version() with MBEDTLS_SSL_VERSION_TLS1_y instead. + Note that the new names of the new constants use the TLS protocol versions, + unlike the old constants whose names are based on internal encodings. + * Remove mbedtls_ssl_conf_sig_hashes(). Use mbedtls_ssl_conf_sig_algs() + instead. + * Removed all public key sample programs from the programs/pkey + directory. + * Removed support for TLS 1.2 static ECDH key + exchanges (ECDH-ECDSA and ECDH-RSA). + * Drop support for the GNU Make and Microsoft Visual Studio build systems. + +Features + * Add the function mbedtls_ssl_export_keying_material() which allows the + client and server to extract additional shared symmetric keys from an SSL + session, according to the TLS-Exporter specification in RFC 8446 and 5705. + This requires MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to be defined in + mbedtls_config.h. + +Security + * With TLS 1.3, when a server enables optional authentication of the + client, if the client-provided certificate does not have appropriate values + in keyUsage or extKeyUsage extensions, then the return value of + mbedtls_ssl_get_verify_result() would incorrectly have the + MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits + clear. As a result, an attacker that had a certificate valid for uses other + than TLS client authentication could be able to use it for TLS client + authentication anyway. Only TLS 1.3 servers were affected, and only with + optional authentication (required would abort the handshake with a fatal + alert). + CVE-2024-45159 + * Note that TLS clients should generally call mbedtls_ssl_set_hostname() + if they use certificate authentication (i.e. not pre-shared keys). + Otherwise, in many scenarios, the server could be impersonated. + The library will now prevent the handshake and return + MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME + if mbedtls_ssl_set_hostname() has not been called. + Reported by Daniel Stenberg. + CVE-2025-27809 + * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed + or there was a cryptographic hardware failure when calculating the + Finished message, it could be calculated incorrectly. This would break + the security guarantees of the TLS handshake. + CVE-2025-27810 + * Fix possible use-after-free or double-free in code calling + mbedtls_x509_string_to_names(). This was caused by the function calling + mbedtls_asn1_free_named_data_list() on its head argument, while the + documentation did no suggest it did, making it likely for callers relying + on the documented behaviour to still hold pointers to memory blocks after + they were free()d, resulting in high risk of use-after-free or double-free, + with consequences ranging up to arbitrary code execution. + In particular, the two sample programs x509/cert_write and x509/cert_req + were affected (use-after-free if the san string contains more than one DN). + Code that does not call mbedtls_string_to_names() directly is not affected. + Found by Linh Le and Ngan Nguyen from Calif. + CVE-2025-47917 + * Fix a bug in mbedtls_x509_string_to_names() and the + mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions, + where some inputs would cause an inconsistent state to be reached, causing + a NULL dereference either in the function itself, or in subsequent + users of the output structure, such as mbedtls_x509_write_names(). This + only affects applications that create (as opposed to consume) X.509 + certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif. + CVE-2025-48965 + * Fix a bug in tf-psa-crypto's mbedtls_asn1_store_named_data() where it + would sometimes leave an item in the output list in an inconsistent + state with val.p == NULL but val.len > 0. Affected functions used in X.509 + would then dereference a NULL pointer. Applications that do not + call this function (directly, or indirectly through X.509 writing) are not + affected. Found by Linh Le and Ngan Nguyen from Calif. + +Bugfix + * Fix TLS 1.3 client build and runtime when support for session tickets is + disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395. + * Fix compilation error when memcpy() is a function-like macros. Fixes #8994. + * Fix Clang compilation error when finite-field Diffie-Hellman is disabled. + Reported by Michael Schuster in #9188. + * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but + MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186. + * Fixes an issue where some TLS 1.2 clients could not connect to an + Mbed TLS 3.6.0 server, due to incorrect handling of + legacy_compression_methods in the ClientHello. + fixes #8995, #9243. + * Fixed a regression introduced in 3.6.0 where the CA callback set with + mbedtls_ssl_conf_ca_cb() would stop working when connections were + upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS + 1.3. + * Fixed a regression introduced in 3.6.0 where clients that relied on + optional/none authentication mode, by calling mbedtls_ssl_conf_authmode() + with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop + working when connections were upgraded to TLS 1.3. Fixed by adding + support for optional/none with TLS 1.3 as well. Note that the TLS 1.3 + standard makes server authentication mandatory; users are advised not to + use authmode none, and to carefully check the results when using optional + mode. + * Fixed a regression introduced in 3.6.0 where context-specific certificate + verify callbacks, set with mbedtls_ssl_set_verify() as opposed to + mbedtls_ssl_conf_verify(), would stop working when connections were + upgraded to TLS 1.3. Fixed by adding support for context-specific verify + callback in TLS 1.3. + * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with + peers that have middlebox compatibility enabled, as long as no + problematic middlebox is in the way. Fixes #9551. + * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind' + and 'mbedtls_net_connect' to prevent possible double close fd + problems. Fixes #9711. + * Fix compilation on MS-DOS DJGPP. Fixes #9813. + * Support re-assembly of fragmented handshake messages in TLS (both + 1.2 and 1.3). The lack of support was causing handshake failures with + some servers, especially with TLS 1.3 in practice. There are a few + limitations, notably a fragmented ClientHello is only supported when + TLS 1.3 support is enabled. See the documentation of + mbedtls_ssl_handshake() for details. + * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that + occurred whenever SSL debugging was enabled on a copy of Mbed TLS built + with Visual Studio 2013 or MinGW. + Fixes #10017. + * Silence spurious -Wunterminated-string-initialization warnings introduced + by GCC 15. Fixes #9944. + * Fix potential CMake parallel build failure when building both the static + and shared libraries. + * Fix a build error or incorrect TLS session + lifetime on platforms where mbedtls_time_t + is not time_t. Fixes #10236. + +Changes + * Functions regarding numeric string conversions for OIDs have been moved + from the OID module and now reside in X.509 module. This helps to reduce + the code size as these functions are not commonly used outside of X.509. + * Move the crypto part of the library (content of tf-psa-crypto directory) + from the Mbed TLS to the TF-PSA-Crypto repository. The crypto code and + tests development will now occur in TF-PSA-Crypto, which Mbed TLS + references as a Git submodule. + * The function mbedtls_x509_string_to_names() now requires its head argument + to point to NULL on entry. This makes it likely that existing risky uses of + this function (see the entry in the Security section) will be detected and + fixed. + = Mbed TLS 3.6.0 branch released 2024-03-28 API changes diff --git a/ChangeLog.d/10285.txt b/ChangeLog.d/10285.txt deleted file mode 100644 index 2ac05ab90f..0000000000 --- a/ChangeLog.d/10285.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Removed all public key sample programs from the programs/pkey - directory. diff --git a/ChangeLog.d/9684.txt b/ChangeLog.d/9684.txt deleted file mode 100644 index 115ded87a0..0000000000 --- a/ChangeLog.d/9684.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove support for the DHE-PSK key exchange in TLS 1.2. diff --git a/ChangeLog.d/9685.txt b/ChangeLog.d/9685.txt deleted file mode 100644 index 9820aff759..0000000000 --- a/ChangeLog.d/9685.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove support for the DHE-RSA key exchange in TLS 1.2. diff --git a/ChangeLog.d/9874.txt b/ChangeLog.d/9874.txt deleted file mode 100644 index a4d2e032ee..0000000000 --- a/ChangeLog.d/9874.txt +++ /dev/null @@ -1,5 +0,0 @@ -API changes - * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. - Instead of taking a mbedtls_cipher_type_t as an argument, this function - now takes 3 new arguments: a PSA algorithm, key type and key size, to - specify the AEAD for ticket protection. diff --git a/ChangeLog.d/9892.txt b/ChangeLog.d/9892.txt deleted file mode 100644 index 962bdad823..0000000000 --- a/ChangeLog.d/9892.txt +++ /dev/null @@ -1,5 +0,0 @@ -Removals - * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was - already deprecated and superseded by - mbedtls_x509write_crt_set_serial_raw(). - diff --git a/ChangeLog.d/9956.txt b/ChangeLog.d/9956.txt deleted file mode 100644 index cea4af1ec6..0000000000 --- a/ChangeLog.d/9956.txt +++ /dev/null @@ -1,6 +0,0 @@ -Removals - * Following the removal of DHM module (#9972 and TF-PSA-Crypto#175) the - following SSL functions are removed: - - mbedtls_ssl_conf_dh_param_bin - - mbedtls_ssl_conf_dh_param_ctx - - mbedtls_ssl_conf_dhm_min_bitlen diff --git a/ChangeLog.d/9964.txt b/ChangeLog.d/9964.txt deleted file mode 100644 index 189b4c1d0e..0000000000 --- a/ChangeLog.d/9964.txt +++ /dev/null @@ -1,26 +0,0 @@ -Removals - * Sample programs for the legacy crypto API have been removed. - pkey/rsa_genkey.c - pkey/pk_decrypt.c - pkey/dh_genprime.c - pkey/rsa_verify.c - pkey/mpi_demo.c - pkey/rsa_decrypt.c - pkey/key_app.c - pkey/dh_server.c - pkey/ecdh_curve25519.c - pkey/pk_encrypt.c - pkey/rsa_sign.c - pkey/key_app_writer.c - pkey/dh_client.c - pkey/ecdsa.c - pkey/rsa_encrypt.c - wince_main.c - aes/crypt_and_hash.c - random/gen_random_ctr_drbg.c - random/gen_entropy.c - hash/md_hmac_demo.c - hash/hello.c - hash/generic_sum.c - cipher/cipher_aead_demo.c - diff --git a/ChangeLog.d/add-tls-exporter.txt b/ChangeLog.d/add-tls-exporter.txt deleted file mode 100644 index 1aea653e09..0000000000 --- a/ChangeLog.d/add-tls-exporter.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * Add the function mbedtls_ssl_export_keying_material() which allows the - client and server to extract additional shared symmetric keys from an SSL - session, according to the TLS-Exporter specification in RFC 8446 and 5705. - This requires MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to be defined in - mbedtls_config.h. diff --git a/ChangeLog.d/check_config.txt b/ChangeLog.d/check_config.txt deleted file mode 100644 index f9f44a4b85..0000000000 --- a/ChangeLog.d/check_config.txt +++ /dev/null @@ -1,5 +0,0 @@ -Removals - * The header no longer exists. Including it - from a custom config file was no longer needed since Mbed TLS 3.0, - and could lead to spurious errors. The checks that it performed are - now done automatically when building the library. diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt deleted file mode 100644 index 1f8e8af1df..0000000000 --- a/ChangeLog.d/error-unification.txt +++ /dev/null @@ -1,12 +0,0 @@ -API changes - * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx() - functions can now return PSA_ERROR_xxx values. - There is no longer a distinction between "low-level" and "high-level" - Mbed TLS error codes. - This will not affect most applications since the error values are - between -32767 and -1 as before. - -Removals - * Remove mbedtls_low_level_strerr() and mbedtls_high_level_strerr(), - since these concepts no longer exists. There is just mbedtls_strerror(). - diff --git a/ChangeLog.d/fix-asn1-store-named-data.txt b/ChangeLog.d/fix-asn1-store-named-data.txt deleted file mode 100644 index 7a040bd43b..0000000000 --- a/ChangeLog.d/fix-asn1-store-named-data.txt +++ /dev/null @@ -1,8 +0,0 @@ -Security - * Fix a bug in tf-psa-crypto's mbedtls_asn1_store_named_data() where it - would sometimes leave an item in the output list in an inconsistent - state with val.p == NULL but val.len > 0. Affected functions used in X.509 - would then dereference a NULL pointer. Applications that do not - call this function (directly, or indirectly through X.509 writing) are not - affected. Found by Linh Le and Ngan Nguyen from Calif. - diff --git a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt deleted file mode 100644 index 543f4dbf1b..0000000000 --- a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix Clang compilation error when finite-field Diffie-Hellman is disabled. - Reported by Michael Schuster in #9188. - - diff --git a/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt b/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt deleted file mode 100644 index 11e7d25392..0000000000 --- a/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix compilation error when memcpy() is a function-like macros. Fixes #8994. diff --git a/ChangeLog.d/fix-compilation-with-djgpp.txt b/ChangeLog.d/fix-compilation-with-djgpp.txt deleted file mode 100644 index 5b79fb69de..0000000000 --- a/ChangeLog.d/fix-compilation-with-djgpp.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix compilation on MS-DOS DJGPP. Fixes #9813. diff --git a/ChangeLog.d/fix-dependency-on-generated-files.txt b/ChangeLog.d/fix-dependency-on-generated-files.txt deleted file mode 100644 index 540cf0ded2..0000000000 --- a/ChangeLog.d/fix-dependency-on-generated-files.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix potential CMake parallel build failure when building both the static - and shared libraries. diff --git a/ChangeLog.d/fix-legacy-compression-issue.txt b/ChangeLog.d/fix-legacy-compression-issue.txt deleted file mode 100644 index 2549af8733..0000000000 --- a/ChangeLog.d/fix-legacy-compression-issue.txt +++ /dev/null @@ -1,6 +0,0 @@ -Bugfix - * Fixes an issue where some TLS 1.2 clients could not connect to an - Mbed TLS 3.6.0 server, due to incorrect handling of - legacy_compression_methods in the ClientHello. - fixes #8995, #9243. - diff --git a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt deleted file mode 100644 index eefda618ca..0000000000 --- a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that - occurred whenever SSL debugging was enabled on a copy of Mbed TLS built - with Visual Studio 2013 or MinGW. - Fixes #10017. diff --git a/ChangeLog.d/fix-server-mode-only-build.txt b/ChangeLog.d/fix-server-mode-only-build.txt deleted file mode 100644 index d1d8341f79..0000000000 --- a/ChangeLog.d/fix-server-mode-only-build.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but - MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186. diff --git a/ChangeLog.d/fix-string-to-names-memory-management.txt b/ChangeLog.d/fix-string-to-names-memory-management.txt deleted file mode 100644 index 6b744a74fb..0000000000 --- a/ChangeLog.d/fix-string-to-names-memory-management.txt +++ /dev/null @@ -1,19 +0,0 @@ -Security - * Fix possible use-after-free or double-free in code calling - mbedtls_x509_string_to_names(). This was caused by the function calling - mbedtls_asn1_free_named_data_list() on its head argument, while the - documentation did no suggest it did, making it likely for callers relying - on the documented behaviour to still hold pointers to memory blocks after - they were free()d, resulting in high risk of use-after-free or double-free, - with consequences ranging up to arbitrary code execution. - In particular, the two sample programs x509/cert_write and x509/cert_req - were affected (use-after-free if the san string contains more than one DN). - Code that does not call mbedtls_string_to_names() directly is not affected. - Found by Linh Le and Ngan Nguyen from Calif. - CVE-2025-47917 - -Changes - * The function mbedtls_x509_string_to_names() now requires its head argument - to point to NULL on entry. This makes it likely that existing risky uses of - this function (see the entry in the Security section) will be detected and - fixed. diff --git a/ChangeLog.d/fix-string-to-names-store-named-data.txt b/ChangeLog.d/fix-string-to-names-store-named-data.txt deleted file mode 100644 index b088468612..0000000000 --- a/ChangeLog.d/fix-string-to-names-store-named-data.txt +++ /dev/null @@ -1,10 +0,0 @@ -Security - * Fix a bug in mbedtls_x509_string_to_names() and the - mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions, - where some inputs would cause an inconsistent state to be reached, causing - a NULL dereference either in the function itself, or in subsequent - users of the output structure, such as mbedtls_x509_write_names(). This - only affects applications that create (as opposed to consume) X.509 - certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif. - CVE-2025-48965 - diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt deleted file mode 100644 index 506f2bdf0e..0000000000 --- a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt +++ /dev/null @@ -1,12 +0,0 @@ -Security - * With TLS 1.3, when a server enables optional authentication of the - client, if the client-provided certificate does not have appropriate values - in keyUsage or extKeyUsage extensions, then the return value of - mbedtls_ssl_get_verify_result() would incorrectly have the - MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits - clear. As a result, an attacker that had a certificate valid for uses other - than TLS client authentication could be able to use it for TLS client - authentication anyway. Only TLS 1.3 servers were affected, and only with - optional authentication (required would abort the handshake with a fatal - alert). - CVE-2024-45159 diff --git a/ChangeLog.d/make-visualc.txt b/ChangeLog.d/make-visualc.txt deleted file mode 100644 index 4b195da54e..0000000000 --- a/ChangeLog.d/make-visualc.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Drop support for the GNU Make and Microsoft Visual Studio build systems. diff --git a/ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt b/ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt deleted file mode 100644 index a1312d0cb4..0000000000 --- a/ChangeLog.d/mbedtls-ssl-null-ciphersuites.txt +++ /dev/null @@ -1,4 +0,0 @@ -API changes - * Add MBEDTLS_SSL_NULL_CIPHERSUITES configuration option. It enables - TLS 1.2 ciphersuites without encryption and is disabled by default. - This new option replaces MBEDTLS_CIPHER_NULL_CIPHER. diff --git a/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt b/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt deleted file mode 100644 index 0e396bbeff..0000000000 --- a/ChangeLog.d/mbedtls_ssl_conf_alpn_protocols.txt +++ /dev/null @@ -1,4 +0,0 @@ -API changes - * The list passed to mbedtls_ssl_conf_alpn_protocols() is now declared - as having const elements, reflecting the fact that the library will - not modify it diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt deleted file mode 100644 index 05f375dcb3..0000000000 --- a/ChangeLog.d/mbedtls_ssl_set_hostname.txt +++ /dev/null @@ -1,18 +0,0 @@ -Default behavior changes - * In TLS clients, if mbedtls_ssl_set_hostname() has not been called, - mbedtls_ssl_handshake() now fails with - MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME - if certificate-based authentication of the server is attempted. - This is because authenticating a server without knowing what name - to expect is usually insecure. - -Security - * Note that TLS clients should generally call mbedtls_ssl_set_hostname() - if they use certificate authentication (i.e. not pre-shared keys). - Otherwise, in many scenarios, the server could be impersonated. - The library will now prevent the handshake and return - MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME - if mbedtls_ssl_set_hostname() has not been called. - Reported by Daniel Stenberg. - CVE-2025-27809 - diff --git a/ChangeLog.d/oid.txt b/ChangeLog.d/oid.txt deleted file mode 100644 index 53828d85b1..0000000000 --- a/ChangeLog.d/oid.txt +++ /dev/null @@ -1,8 +0,0 @@ -Removals - * The library no longer offers interfaces to look up values by OID - or OID by enum values. - The header now only defines functions to convert - between binary and dotted string OID representations, and macros - for OID strings that are relevant to X.509. - The compilation option MBEDTLS_OID_C no longer - exists. OID tables are included in the build automatically as needed. diff --git a/ChangeLog.d/psa-always-on.txt b/ChangeLog.d/psa-always-on.txt deleted file mode 100644 index 6607e9fe40..0000000000 --- a/ChangeLog.d/psa-always-on.txt +++ /dev/null @@ -1,11 +0,0 @@ -Default behavior changes - * The X.509 and TLS modules now always use the PSA subsystem - to perform cryptographic operations, with a few exceptions documented - in docs/architecture/psa-migration/psa-limitations.md. This - corresponds to the behavior of Mbed TLS 3.x when - MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO - is now always enabled. - * psa_crypto_init() must be called before performing any cryptographic - operation, including indirect requests such as parsing a key or - certificate or starting a TLS handshake. - diff --git a/ChangeLog.d/removal-of-rng.txt b/ChangeLog.d/removal-of-rng.txt deleted file mode 100644 index 7ecb29ffb7..0000000000 --- a/ChangeLog.d/removal-of-rng.txt +++ /dev/null @@ -1,6 +0,0 @@ -API changes - * All API functions now use the PSA random generator psa_generate_random() - internally. As a consequence, functions no longer take RNG parameters. - Please refer to the migration guide at : - docs/4.0-migration-guide.md. - diff --git a/ChangeLog.d/remove-compat-2.x.txt b/ChangeLog.d/remove-compat-2.x.txt deleted file mode 100644 index 37f012c217..0000000000 --- a/ChangeLog.d/remove-compat-2.x.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove compat-2-x.h header from mbedtls. diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt deleted file mode 100644 index 855265788e..0000000000 --- a/ChangeLog.d/remove-deprecated-items.txt +++ /dev/null @@ -1,11 +0,0 @@ -Removals - * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the - standard version (defined in RFC 9146) of DTLS connection ID is supported. - * Remove mbedtls_ssl_conf_min_version(), mbedtls_ssl_conf_max_version(), and - the associated constants MBEDTLS_SSL_MAJOR_VERSION_x and - MBEDTLS_SSL_MINOR_VERSION_y. Use mbedtls_ssl_conf_min_tls_version() and - mbedtls_ssl_conf_max_tls_version() with MBEDTLS_SSL_VERSION_TLS1_y instead. - Note that the new names of the new constants use the TLS protocol versions, - unlike the old constants whose names are based on internal encodings. - * Remove mbedtls_ssl_conf_sig_hashes(). Use mbedtls_ssl_conf_sig_algs() - instead. diff --git a/ChangeLog.d/remove_RSA_key_exchange.txt b/ChangeLog.d/remove_RSA_key_exchange.txt deleted file mode 100644 index f9baaf1701..0000000000 --- a/ChangeLog.d/remove_RSA_key_exchange.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove support for the RSA key exchange in TLS 1.2. diff --git a/ChangeLog.d/remove_mbedtls_pk_type.txt b/ChangeLog.d/remove_mbedtls_pk_type.txt deleted file mode 100644 index 4b33d1e110..0000000000 --- a/ChangeLog.d/remove_mbedtls_pk_type.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Remove mbedtls_pk_type_t from the public interface and replace it with - mbedtls_pk_sigalg_t. diff --git a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt b/ChangeLog.d/replace-close-with-mbedtls_net_close.txt deleted file mode 100644 index 213cf55b40..0000000000 --- a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind' - and 'mbedtls_net_connect' to prevent possible double close fd - problems. Fixes #9711. diff --git a/ChangeLog.d/replace_time_t.txt b/ChangeLog.d/replace_time_t.txt deleted file mode 100644 index ec0282a9f2..0000000000 --- a/ChangeLog.d/replace_time_t.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix a build error or incorrect TLS session - lifetime on platforms where mbedtls_time_t - is not time_t. Fixes #10236. diff --git a/ChangeLog.d/repo-split.txt b/ChangeLog.d/repo-split.txt deleted file mode 100644 index f03b5ed7fe..0000000000 --- a/ChangeLog.d/repo-split.txt +++ /dev/null @@ -1,5 +0,0 @@ -Changes - * Move the crypto part of the library (content of tf-psa-crypto directory) - from the Mbed TLS to the TF-PSA-Crypto repository. The crypto code and - tests development will now occur in TF-PSA-Crypto, which Mbed TLS - references as a Git submodule. diff --git a/ChangeLog.d/rm-ssl-conf-curves.txt b/ChangeLog.d/rm-ssl-conf-curves.txt deleted file mode 100644 index 4b29adc4c9..0000000000 --- a/ChangeLog.d/rm-ssl-conf-curves.txt +++ /dev/null @@ -1,4 +0,0 @@ -Removals - * Remove the function mbedtls_ssl_conf_curves() which had been deprecated - in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1. - diff --git a/ChangeLog.d/runtime-version-interface.txt b/ChangeLog.d/runtime-version-interface.txt deleted file mode 100644 index 1cf42665ca..0000000000 --- a/ChangeLog.d/runtime-version-interface.txt +++ /dev/null @@ -1,9 +0,0 @@ -API changes - * Change the signature of the runtime version information methods that took - a char* as an argument to take zero arguments and return a const char* - instead. This aligns us with the interface used in TF PSA Crypto 1.0. - If you need to support linking against both Mbed TLS 3.x and 4.x, please - use the build-time version macros or mbedtls_version_get_number() to - determine the correct signature for mbedtls_version_get_string() and - mbedtls_version_get_string_full() before calling them. - Fixes issue #10308. diff --git a/ChangeLog.d/secp256k1-removal.txt b/ChangeLog.d/secp256k1-removal.txt deleted file mode 100644 index 9933b8e7a9..0000000000 --- a/ChangeLog.d/secp256k1-removal.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Support for secp192k1, secp192r1, secp224k1 and secp224r1 EC curves is - removed from TLS. diff --git a/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt b/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt deleted file mode 100644 index 938e9eccb6..0000000000 --- a/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Functions regarding numeric string conversions for OIDs have been moved - from the OID module and now reside in X.509 module. This helps to reduce - the code size as these functions are not commonly used outside of X.509. diff --git a/ChangeLog.d/static-ecdh-removal.txt b/ChangeLog.d/static-ecdh-removal.txt deleted file mode 100644 index 94512a21f9..0000000000 --- a/ChangeLog.d/static-ecdh-removal.txt +++ /dev/null @@ -1,3 +0,0 @@ -Removals - * Removed support for TLS 1.2 static ECDH key - exchanges (ECDH-ECDSA and ECDH-RSA). diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt deleted file mode 100644 index 6bab02a029..0000000000 --- a/ChangeLog.d/tls-hs-defrag-in.txt +++ /dev/null @@ -1,7 +0,0 @@ -Bugfix - * Support re-assembly of fragmented handshake messages in TLS (both - 1.2 and 1.3). The lack of support was causing handshake failures with - some servers, especially with TLS 1.3 in practice. There are a few - limitations, notably a fragmented ClientHello is only supported when - TLS 1.3 support is enabled. See the documentation of - mbedtls_ssl_handshake() for details. diff --git a/ChangeLog.d/tls-key-exchange-rsa.txt b/ChangeLog.d/tls-key-exchange-rsa.txt deleted file mode 100644 index 4df6b3e303..0000000000 --- a/ChangeLog.d/tls-key-exchange-rsa.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove support for the RSA-PSK key exchange in TLS 1.2. diff --git a/ChangeLog.d/tls12-check-finished-calc.txt b/ChangeLog.d/tls12-check-finished-calc.txt deleted file mode 100644 index cd52d32ffd..0000000000 --- a/ChangeLog.d/tls12-check-finished-calc.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed - or there was a cryptographic hardware failure when calculating the - Finished message, it could be calculated incorrectly. This would break - the security guarantees of the TLS handshake. - CVE-2025-27810 diff --git a/ChangeLog.d/tls13-cert-regressions.txt b/ChangeLog.d/tls13-cert-regressions.txt deleted file mode 100644 index 8dd8a327d6..0000000000 --- a/ChangeLog.d/tls13-cert-regressions.txt +++ /dev/null @@ -1,18 +0,0 @@ -Bugfix - * Fixed a regression introduced in 3.6.0 where the CA callback set with - mbedtls_ssl_conf_ca_cb() would stop working when connections were - upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS - 1.3. - * Fixed a regression introduced in 3.6.0 where clients that relied on - optional/none authentication mode, by calling mbedtls_ssl_conf_authmode() - with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop - working when connections were upgraded to TLS 1.3. Fixed by adding - support for optional/none with TLS 1.3 as well. Note that the TLS 1.3 - standard makes server authentication mandatory; users are advised not to - use authmode none, and to carefully check the results when using optional - mode. - * Fixed a regression introduced in 3.6.0 where context-specific certificate - verify callbacks, set with mbedtls_ssl_set_verify() as opposed to - mbedtls_ssl_conf_verify(), would stop working when connections were - upgraded to TLS 1.3. Fixed by adding support for context-specific verify - callback in TLS 1.3. diff --git a/ChangeLog.d/tls13-middlebox-compat-disabled.txt b/ChangeLog.d/tls13-middlebox-compat-disabled.txt deleted file mode 100644 index f5331bc063..0000000000 --- a/ChangeLog.d/tls13-middlebox-compat-disabled.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with - peers that have middlebox compatibility enabled, as long as no - problematic middlebox is in the way. Fixes #9551. diff --git a/ChangeLog.d/tls13-without-tickets.txt b/ChangeLog.d/tls13-without-tickets.txt deleted file mode 100644 index 8ceef21ee5..0000000000 --- a/ChangeLog.d/tls13-without-tickets.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix TLS 1.3 client build and runtime when support for session tickets is - disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395. diff --git a/ChangeLog.d/unify-errors.txt b/ChangeLog.d/unify-errors.txt deleted file mode 100644 index f229f1bc4d..0000000000 --- a/ChangeLog.d/unify-errors.txt +++ /dev/null @@ -1,7 +0,0 @@ -API changes - * Make the following error codes aliases of their PSA equivalents, where - xxx is a module, e.g. X509 or SSL. - MBEDTLS_ERR_xxx_BAD_INPUT_DATA -> PSA_ERROR_INVALID_ARGUMENT - MBEDTLS_ERR_xxx_ALLOC_FAILED -> PSA_ERROR_INSUFFICIENT_MEMORY - MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL -> PSA_ERROR_BUFFER_TOO_SMALL - MBEDTLS_ERR_PKCS7_VERIFY_FAIL -> PSA_ERROR_INVALID_SIGNATURE diff --git a/ChangeLog.d/unterminated-string-initialization.txt b/ChangeLog.d/unterminated-string-initialization.txt deleted file mode 100644 index 75a72cae6b..0000000000 --- a/ChangeLog.d/unterminated-string-initialization.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Silence spurious -Wunterminated-string-initialization warnings introduced - by GCC 15. Fixes #9944. diff --git a/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt b/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt deleted file mode 100644 index e7ac54684c..0000000000 --- a/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt +++ /dev/null @@ -1,3 +0,0 @@ -API changes - * Change the serial argument of the mbedtls_x509write_crt_set_serial_raw - function to a const to align with the rest of the API. From 411461a86e8371d6173ee99ae09ee42eaaa53dae Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Sat, 11 Oct 2025 21:48:56 +0100 Subject: [PATCH 1130/1548] Doc: Removed references to beta version Signed-off-by: Minos Galanakis --- README.md | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 69f2dcb26e..d3fb638802 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ After cloning or checking out a branch or tag, run: ``` to initialize and update the submodules before building. -However, the official source release tarballs (e.g. [mbedtls-4.0.0-beta.tar.bz2](https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-4.0.0-beta/mbedtls-4.0.0-beta.tar.bz2)) include the contents of the submodules. +However, the official source release tarballs (e.g. [mbedtls-4.0.0.tar.bz2](https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-4.0.0/mbedtls-4.0.0.tar.bz2)) include the contents of the submodules. ### Generated source files in the development branch diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index c1d0f36215..4eda5ba2aa 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -10,7 +10,7 @@ */ /** - * @mainpage Mbed TLS v4.0.0-beta API Documentation + * @mainpage Mbed TLS v4.0.0 API Documentation * * This documentation describes the application programming interface (API) * of Mbed TLS. diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 00e64d05c9..80e459cc72 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -1,4 +1,4 @@ -PROJECT_NAME = "Mbed TLS v4.0.0-beta" +PROJECT_NAME = "Mbed TLS v4.0.0" OUTPUT_DIRECTORY = ../apidoc/ FULL_PATH_NAMES = NO OPTIMIZE_OUTPUT_FOR_C = YES From ec4044008d2d069da38288bc76b0fee34ec78646 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 13 Oct 2025 16:50:50 +0100 Subject: [PATCH 1131/1548] ChangeLog: Added CVEs Signed-off-by: Minos Galanakis --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index d31ada506f..4dc0941fee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -188,6 +188,7 @@ Security would then dereference a NULL pointer. Applications that do not call this function (directly, or indirectly through X.509 writing) are not affected. Found by Linh Le and Ngan Nguyen from Calif. + CVE-2025-48965 Bugfix * Fix TLS 1.3 client build and runtime when support for session tickets is From b2878ee402906b8f116420a58604a6ae42075371 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 15 Oct 2025 16:59:12 +0100 Subject: [PATCH 1132/1548] Updated tf-psa-crypto pointer Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 76920edddc..609a7064cb 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 76920edddcad00ac41b248e12d937b845df7bedb +Subproject commit 609a7064cbf8b325fe2579476f69d66ffad9d106 From 58439de2ae3eb02c0107267a7a51e933a13202c0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 Oct 2025 16:36:02 +0200 Subject: [PATCH 1133/1548] Fix documentation link to submodule that doesn't work on GitHub Fixes #10458 Signed-off-by: Gilles Peskine --- docs/4.0-migration-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/4.0-migration-guide.md b/docs/4.0-migration-guide.md index 9b4768a3a1..956609810e 100644 --- a/docs/4.0-migration-guide.md +++ b/docs/4.0-migration-guide.md @@ -11,7 +11,7 @@ The changes are detailed below. Here is a summary of the main points: - The cryptography API is now mostly the PSA API: most legacy cryptography APIs have been removed. This has led to adaptations in some X.509 and TLS APIs, notably because the library always uses the PSA random generator. - Various deprecated or minor functionality has been removed. -Please consult the [TF-PSA-Crypto migration guide](../tf-psa-crypto/docs/1.0-migration-guide.md) for all information related to the crytography part of the library. +Please consult the [TF-PSA-Crypto migration guide](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/docs/1.0-migration-guide.md) for all information related to the crytography part of the library. ## CMake as the only build system Mbed TLS now uses CMake exclusively to configure and drive its build process. From d0881eda4eed7742546af2324aea0520fc230b41 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 20 Oct 2025 15:57:49 +0100 Subject: [PATCH 1134/1548] prepare_release.sh: Added psed helper function Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 3b63ed9e6c..7488f10dd7 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -16,6 +16,20 @@ EOF set -eu +# Portable inline sed. Helper function that will automatically pre-pend +# an empty string as the backup suffix (required by macOS sed). +psed() { + # macOS sed does not offer a version + if sed --version >/dev/null 2>&1; then + sed -i "$@" + # macOS/BSD sed + else + local file="${@: -1}" + local args=("${@:1:$#-1}") + sed -i '' "${args[@]}" "$file" + fi +} + if [ $# -ne 0 ] && [ "$1" = "--help" ]; then print_usage exit @@ -32,25 +46,21 @@ while getopts u OPTLET; do esac done - - #### .gitignore processing #### GITIGNORES=$(find . -name ".gitignore") for GITIGNORE in $GITIGNORES; do if [ -n "$unrelease" ]; then - sed -i '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^#//' $GITIGNORE - sed -i 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' $GITIGNORE - sed -i 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' $GITIGNORE + psed '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^#//' $GITIGNORE + psed 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' $GITIGNORE + psed 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' $GITIGNORE else - sed -i '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/#/' $GITIGNORE - sed -i 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' $GITIGNORE - sed -i 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' $GITIGNORE + psed '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/#/' $GITIGNORE + psed 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' $GITIGNORE + psed 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' $GITIGNORE fi done - - #### Build scripts #### # GEN_FILES defaults on (non-empty) in development, off (empty) in releases @@ -59,7 +69,7 @@ if [ -n "$unrelease" ]; then else r='' fi -sed -i 's/^\(GEN_FILES[ ?:]*=\)\([^#]*\)/\1'"$r/" Makefile */Makefile +psed "s/^\(GEN_FILES[ ?:]*=\)\([^#]*\)/\1$r/" Makefile */Makefile # GEN_FILES defaults on in development, off in releases if [ -n "$unrelease" ]; then @@ -67,4 +77,4 @@ if [ -n "$unrelease" ]; then else r='OFF' fi -sed -i '/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1'"$r/" CMakeLists.txt +psed "/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *\"[^\"]*\" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1$r/" CMakeLists.txt From 1f95b78310ad735988668ea7d1c97ab28f5c6f28 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 20 Oct 2025 16:13:35 +0100 Subject: [PATCH 1135/1548] prepare_release.sh: Limited .gitignore to current project Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 7488f10dd7..9a61568de9 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -47,17 +47,15 @@ while getopts u OPTLET; do done #### .gitignore processing #### - -GITIGNORES=$(find . -name ".gitignore") -for GITIGNORE in $GITIGNORES; do +for GITIGNORE in $(git ls-files -- '*.gitignore'); do if [ -n "$unrelease" ]; then - psed '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^#//' $GITIGNORE - psed 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' $GITIGNORE - psed 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' $GITIGNORE + psed '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^#//' "$GITIGNORE" + psed 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' "$GITIGNORE" + psed 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' "$GITIGNORE" else - psed '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/#/' $GITIGNORE - psed 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' $GITIGNORE - psed 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' $GITIGNORE + psed '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/#/' "$GITIGNORE" + psed 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' "$GITIGNORE" + psed 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' "$GITIGNORE" fi done From d995a21b6a0637975a24bec2bf29b293ce5ff072 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 20 Oct 2025 17:11:28 +0100 Subject: [PATCH 1136/1548] prepare_release.sh: Adjusted logic - Introduced a new -r to explicitely request project modification for release - Changed the default behaviour to print_help when invoked without arguments Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 9a61568de9..40a5f721b6 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -7,6 +7,7 @@ Usage: $0 [OPTION]... Prepare the source tree for a release. Options: + -r Prepare for release -u Prepare for development (undo the release preparation) EOF } @@ -30,15 +31,17 @@ psed() { fi } -if [ $# -ne 0 ] && [ "$1" = "--help" ]; then +if [ $# -eq 0 ] || [ "$1" = "--help" ]; then print_usage exit fi -unrelease= # if non-empty, we're in undo-release mode -while getopts u OPTLET; do +unrelease=0 # if 1 then we are in development mode, + # if 0 then we are in release mode +while getopts ru OPTLET; do case $OPTLET in u) unrelease=1;; + r) unrelease=0;; \?) echo 1>&2 "$0: unknown option: -$OPTLET" echo 1>&2 "Try '$0 --help' for more information." @@ -48,7 +51,7 @@ done #### .gitignore processing #### for GITIGNORE in $(git ls-files -- '*.gitignore'); do - if [ -n "$unrelease" ]; then + if [ "$unrelease" -eq 1 ]; then psed '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^#//' "$GITIGNORE" psed 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' "$GITIGNORE" psed 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' "$GITIGNORE" @@ -62,7 +65,7 @@ done #### Build scripts #### # GEN_FILES defaults on (non-empty) in development, off (empty) in releases -if [ -n "$unrelease" ]; then +if [ "$unrelease" -eq 1 ]; then r=' yes' else r='' @@ -70,7 +73,7 @@ fi psed "s/^\(GEN_FILES[ ?:]*=\)\([^#]*\)/\1$r/" Makefile */Makefile # GEN_FILES defaults on in development, off in releases -if [ -n "$unrelease" ]; then +if [ "$unrelease" -eq 1 ]; then r='ON' else r='OFF' From 0b7966649fd8a03dff67880a06dcdc2200c672fa Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 21 Oct 2025 10:55:27 +0100 Subject: [PATCH 1137/1548] prepare_release.sh:Removed Makefiles modification Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 9 --------- 1 file changed, 9 deletions(-) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 40a5f721b6..800dfe0195 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -63,15 +63,6 @@ for GITIGNORE in $(git ls-files -- '*.gitignore'); do done #### Build scripts #### - -# GEN_FILES defaults on (non-empty) in development, off (empty) in releases -if [ "$unrelease" -eq 1 ]; then - r=' yes' -else - r='' -fi -psed "s/^\(GEN_FILES[ ?:]*=\)\([^#]*\)/\1$r/" Makefile */Makefile - # GEN_FILES defaults on in development, off in releases if [ "$unrelease" -eq 1 ]; then r='ON' From 61fdef52a35a08fd10a774c9add07a1acb7dea2b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 22 Oct 2025 11:17:32 +0100 Subject: [PATCH 1138/1548] prepare_release.sh: Adjusted psed logic. Fixed double quoting in sed. Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 800dfe0195..cc5ceb4023 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -25,9 +25,7 @@ psed() { sed -i "$@" # macOS/BSD sed else - local file="${@: -1}" - local args=("${@:1:$#-1}") - sed -i '' "${args[@]}" "$file" + sed -i '' "$@" fi } @@ -69,4 +67,4 @@ if [ "$unrelease" -eq 1 ]; then else r='OFF' fi -psed "/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *\"[^\"]*\" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1$r/" CMakeLists.txt +psed '/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1'"$r/" CMakeLists.txt \ No newline at end of file From c4d4f6b4a12fe758c777f6d3443dbc118a7d3f02 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 22 Oct 2025 11:48:09 +0100 Subject: [PATCH 1139/1548] prepare_release.sh: Removed -r/-u modes Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 47 ++------------------------------------ 1 file changed, 2 insertions(+), 45 deletions(-) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index cc5ceb4023..ac7c4b7177 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -1,17 +1,4 @@ #!/bin/bash - -print_usage() -{ - cat <&2 "$0: unknown option: -$OPTLET" - echo 1>&2 "Try '$0 --help' for more information." - exit 3;; - esac -done - #### .gitignore processing #### for GITIGNORE in $(git ls-files -- '*.gitignore'); do - if [ "$unrelease" -eq 1 ]; then - psed '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^#//' "$GITIGNORE" - psed 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' "$GITIGNORE" - psed 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' "$GITIGNORE" - else psed '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/#/' "$GITIGNORE" psed 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' "$GITIGNORE" psed 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' "$GITIGNORE" - fi done -#### Build scripts #### -# GEN_FILES defaults on in development, off in releases -if [ "$unrelease" -eq 1 ]; then - r='ON' -else - r='OFF' -fi -psed '/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1'"$r/" CMakeLists.txt \ No newline at end of file +#### Build system #### +psed '/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1'"OFF/" CMakeLists.txt From ffc2606bf26ecca1149b47be0969263adb0d3654 Mon Sep 17 00:00:00 2001 From: Luc Schrijvers Date: Thu, 23 Oct 2025 08:17:08 +0200 Subject: [PATCH 1140/1548] Use GNUInstallDirs CMAKE_INSTALL_INCLUDEDDIR path for headers installation Signed-off-by: Luc Schrijvers --- ChangeLog.d/gnuinstalldirs_include.txt | 3 +++ include/CMakeLists.txt | 4 ++-- library/CMakeLists.txt | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/gnuinstalldirs_include.txt diff --git a/ChangeLog.d/gnuinstalldirs_include.txt b/ChangeLog.d/gnuinstalldirs_include.txt new file mode 100644 index 0000000000..7e0782d1e1 --- /dev/null +++ b/ChangeLog.d/gnuinstalldirs_include.txt @@ -0,0 +1,3 @@ +Bugfix + * CMake now installs headers to `CMAKE_INSTALL_INCLUDEDIR` instead of the + hard-coded `include` directory. diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt index 9ea17af8b8..f76977fbab 100644 --- a/include/CMakeLists.txt +++ b/include/CMakeLists.txt @@ -5,13 +5,13 @@ if(INSTALL_MBEDTLS_HEADERS) file(GLOB headers "mbedtls/*.h") install(FILES ${headers} - DESTINATION include/mbedtls + DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/mbedtls PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) file(GLOB private_headers "mbedtls/private/*.h") install(FILES ${private_headers} - DESTINATION include/mbedtls/private + DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/mbedtls/private PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) endif(INSTALL_MBEDTLS_HEADERS) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 6d8c78807a..5474e2cacf 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -241,7 +241,7 @@ foreach(target IN LISTS target_libraries) PUBLIC $ $ $ - $ + $ PRIVATE ${MBEDTLS_DIR}/library/ ${MBEDTLS_DIR}/tf-psa-crypto/core ${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/src From 94f1628aca013c39100cc7c33ac38cbf880a7263 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 2 Oct 2025 13:29:19 +0100 Subject: [PATCH 1141/1548] Remove dependencies on mbedtls_pk_sign Replace mbedtls_pk_sign with mbedtls_pk_sign_restartable, as mbedtls_pk_sign has now been removed and was origonally a pass through call to mbedtls_pk_sign_restartable. Signed-off-by: Ben Taylor --- library/ssl_tls12_server.c | 4 ++-- library/x509write_crt.c | 4 ++-- library/x509write_csr.c | 4 ++-- programs/ssl/ssl_server2.c | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 07641cb3e8..14b63aadbf 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2880,11 +2880,11 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, * after the call to ssl_prepare_server_key_exchange. * ssl_write_server_key_exchange also takes care of incrementing * ssl->out_msglen. */ - if ((ret = mbedtls_pk_sign(mbedtls_ssl_own_key(ssl), + if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl), md_alg, hash, hashlen, ssl->out_msg + ssl->out_msglen + 2, out_buf_len - ssl->out_msglen - 2, - signature_len)) != 0) { + signature_len, NULL)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); return ret; } diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 663b308d62..e34a4636bb 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -571,8 +571,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, } - if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg, - hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) { + if ((ret = mbedtls_pk_sign_restartable(ctx->issuer_key, ctx->md_alg, + hash, hash_length, sig, sizeof(sig), &sig_len, NULL)) != 0) { return ret; } diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 8e37278f95..a7d0cb513b 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -217,8 +217,8 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, &hash_len) != PSA_SUCCESS) { return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } - if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0, - sig, sig_size, &sig_len)) != 0) { + if ((ret = mbedtls_pk_sign_restartable(ctx->key, ctx->md_alg, hash, 0, + sig, sig_size, &sig_len, NULL)) != 0) { return ret; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 64fd45952f..3db13132d1 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1243,10 +1243,10 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl, switch (ctx->operation_type) { case ASYNC_OP_SIGN: - ret = mbedtls_pk_sign(key_slot->pk, + ret = mbedtls_pk_sign_restartable(key_slot->pk, ctx->md_alg, ctx->input, ctx->input_len, - output, output_size, output_len); + output, output_size, output_len, NULL); break; default: mbedtls_printf( From 279dd4ab5938cb8d2fe565f89685c141e9da6767 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 2 Oct 2025 13:39:33 +0100 Subject: [PATCH 1142/1548] Remove dependencies on mbedtls_pk_verify Replace mbedtls_pk_verify with mbedtls_pk_verify_restartable, as mbedtls_pk_verify has now been removed and was origonally a pass through call to mbedtls_pk_verify_restartable. Signed-off-by: Ben Taylor --- library/pkcs7.c | 4 ++-- library/ssl_tls12_server.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 3481cbdb1b..5810506c34 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -704,9 +704,9 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, * failed to validate'. */ for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) { - ret = mbedtls_pk_verify(&pk_cxt, md_alg, hash, + ret = mbedtls_pk_verify_restartable(&pk_cxt, md_alg, hash, mbedtls_md_get_size(md_info), - signer->sig.p, signer->sig.len); + signer->sig.p, signer->sig.len, NULL); if (ret == 0) { break; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 14b63aadbf..9faf74134e 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3456,9 +3456,9 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) } } - if ((ret = mbedtls_pk_verify(peer_pk, + if ((ret = mbedtls_pk_verify_restartable(peer_pk, md_alg, hash_start, hashlen, - ssl->in_msg + i, sig_len)) != 0) { + ssl->in_msg + i, sig_len, NULL)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); return ret; } From c3e2b375305a9d3f0cc550eca80c9bf856a0823c Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 2 Oct 2025 14:48:16 +0100 Subject: [PATCH 1143/1548] Remove mbedtls_ssl_write_handshake_msg as it now replaced by mbedtls_ssl_write_handshake_msg_ext Signed-off-by: Ben Taylor --- library/ssl_client.c | 2 +- library/ssl_misc.h | 5 ----- library/ssl_msg.c | 2 +- library/ssl_tls.c | 6 +++--- library/ssl_tls12_client.c | 4 ++-- library/ssl_tls12_server.c | 12 ++++++------ 6 files changed, 13 insertions(+), 18 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 307da0fabb..10d4952198 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -943,7 +943,7 @@ int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl) */ mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 0df7f96360..6462917093 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1436,11 +1436,6 @@ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl, int update_checksum, int force_flush); -static inline int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_write_handshake_msg_ext(ssl, 1 /* update checksum */, 1 /* force flush */); -} - /* * Write handshake message tail */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 731cbc8ece..6f7d2b9b9b 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5028,7 +5028,7 @@ int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 833af9f973..6259f2d4db 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4247,7 +4247,7 @@ static int ssl_write_hello_request(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST; - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } @@ -6726,7 +6726,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } @@ -7456,7 +7456,7 @@ int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl) } #endif - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 91f500294f..a05b107f80 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2565,7 +2565,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } @@ -2725,7 +2725,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 9faf74134e..cdbf917f20 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2017,7 +2017,7 @@ static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } @@ -2315,7 +2315,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO; - ret = mbedtls_ssl_write_handshake_msg(ssl); + ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1); MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello")); @@ -2505,7 +2505,7 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST; MBEDTLS_PUT_UINT16_BE(total_dn_size, ssl->out_msg, 4 + ct_len + sa_len); - ret = mbedtls_ssl_write_handshake_msg(ssl); + ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1); MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate request")); @@ -2971,7 +2971,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } @@ -2999,7 +2999,7 @@ static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl) } #endif - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } @@ -3521,7 +3521,7 @@ static int ssl_write_new_session_ticket(mbedtls_ssl_context *ssl) */ ssl->handshake->new_session_ticket = 0; - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } From 5e230932854ee6eb2c9a0590f58b5579842dcf43 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 2 Oct 2025 15:29:51 +0100 Subject: [PATCH 1144/1548] Fix code style issues Signed-off-by: Ben Taylor --- library/pkcs7.c | 4 ++-- library/ssl_tls12_server.c | 12 ++++++------ library/x509write_crt.c | 3 ++- library/x509write_csr.c | 2 +- programs/ssl/ssl_server2.c | 6 +++--- 5 files changed, 14 insertions(+), 13 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 5810506c34..dda15725a6 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -705,8 +705,8 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, */ for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) { ret = mbedtls_pk_verify_restartable(&pk_cxt, md_alg, hash, - mbedtls_md_get_size(md_info), - signer->sig.p, signer->sig.len, NULL); + mbedtls_md_get_size(md_info), + signer->sig.p, signer->sig.len, NULL); if (ret == 0) { break; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index cdbf917f20..a8bd02e539 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2881,10 +2881,10 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, * ssl_write_server_key_exchange also takes care of incrementing * ssl->out_msglen. */ if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl), - md_alg, hash, hashlen, - ssl->out_msg + ssl->out_msglen + 2, - out_buf_len - ssl->out_msglen - 2, - signature_len, NULL)) != 0) { + md_alg, hash, hashlen, + ssl->out_msg + ssl->out_msglen + 2, + out_buf_len - ssl->out_msglen - 2, + signature_len, NULL)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); return ret; } @@ -3457,8 +3457,8 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) } if ((ret = mbedtls_pk_verify_restartable(peer_pk, - md_alg, hash_start, hashlen, - ssl->in_msg + i, sig_len, NULL)) != 0) { + md_alg, hash_start, hashlen, + ssl->in_msg + i, sig_len, NULL)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); return ret; } diff --git a/library/x509write_crt.c b/library/x509write_crt.c index e34a4636bb..d06e5f5232 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -572,7 +572,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, if ((ret = mbedtls_pk_sign_restartable(ctx->issuer_key, ctx->md_alg, - hash, hash_length, sig, sizeof(sig), &sig_len, NULL)) != 0) { + hash, hash_length, sig, sizeof(sig), &sig_len, + NULL)) != 0) { return ret; } diff --git a/library/x509write_csr.c b/library/x509write_csr.c index a7d0cb513b..c50482ddcd 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -218,7 +218,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } if ((ret = mbedtls_pk_sign_restartable(ctx->key, ctx->md_alg, hash, 0, - sig, sig_size, &sig_len, NULL)) != 0) { + sig, sig_size, &sig_len, NULL)) != 0) { return ret; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3db13132d1..de27d6eec8 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1244,9 +1244,9 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl, switch (ctx->operation_type) { case ASYNC_OP_SIGN: ret = mbedtls_pk_sign_restartable(key_slot->pk, - ctx->md_alg, - ctx->input, ctx->input_len, - output, output_size, output_len, NULL); + ctx->md_alg, + ctx->input, ctx->input_len, + output, output_size, output_len, NULL); break; default: mbedtls_printf( From cef9d2d31f83ee90bf6c2891fa8d52ebd75adc38 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 13 Oct 2025 11:29:27 +0100 Subject: [PATCH 1145/1548] Revert change to mbedtls_pk_{sign,verify}_restartable and replace with ext version Signed-off-by: Ben Taylor --- library/pkcs7.c | 6 +++--- library/ssl_tls12_server.c | 16 ++++++++-------- library/x509write_crt.c | 5 ++--- programs/ssl/ssl_server2.c | 8 ++++---- 4 files changed, 17 insertions(+), 18 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index dda15725a6..ba4529d3e9 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -704,9 +704,9 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, * failed to validate'. */ for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) { - ret = mbedtls_pk_verify_restartable(&pk_cxt, md_alg, hash, - mbedtls_md_get_size(md_info), - signer->sig.p, signer->sig.len, NULL); + ret = mbedtls_pk_verify_ext(MBEDTLS_PK_SIGALG_RSA_PKCS1V15, &pk_cxt, md_alg, hash, + mbedtls_md_get_size(md_info), + signer->sig.p, signer->sig.len); if (ret == 0) { break; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index a8bd02e539..8f3b5d2492 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2880,11 +2880,11 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, * after the call to ssl_prepare_server_key_exchange. * ssl_write_server_key_exchange also takes care of incrementing * ssl->out_msglen. */ - if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl), - md_alg, hash, hashlen, - ssl->out_msg + ssl->out_msglen + 2, - out_buf_len - ssl->out_msglen - 2, - signature_len, NULL)) != 0) { + if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) sig_alg, mbedtls_ssl_own_key(ssl), + md_alg, hash, hashlen, + ssl->out_msg + ssl->out_msglen + 2, + out_buf_len - ssl->out_msglen - 2, + signature_len)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); return ret; } @@ -3456,9 +3456,9 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) } } - if ((ret = mbedtls_pk_verify_restartable(peer_pk, - md_alg, hash_start, hashlen, - ssl->in_msg + i, sig_len, NULL)) != 0) { + if ((ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) pk_alg, peer_pk, + md_alg, hash_start, hashlen, + ssl->in_msg + i, sig_len)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); return ret; } diff --git a/library/x509write_crt.c b/library/x509write_crt.c index d06e5f5232..ba2387e046 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -571,9 +571,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, } - if ((ret = mbedtls_pk_sign_restartable(ctx->issuer_key, ctx->md_alg, - hash, hash_length, sig, sizeof(sig), &sig_len, - NULL)) != 0) { + if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) pk_alg, ctx->issuer_key, ctx->md_alg, + hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) { return ret; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index de27d6eec8..64fd45952f 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1243,10 +1243,10 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl, switch (ctx->operation_type) { case ASYNC_OP_SIGN: - ret = mbedtls_pk_sign_restartable(key_slot->pk, - ctx->md_alg, - ctx->input, ctx->input_len, - output, output_size, output_len, NULL); + ret = mbedtls_pk_sign(key_slot->pk, + ctx->md_alg, + ctx->input, ctx->input_len, + output, output_size, output_len); break; default: mbedtls_printf( From 2c056721d152f11a485aa2ff20933c7ce79cd2f8 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 13 Oct 2025 11:43:54 +0100 Subject: [PATCH 1146/1548] Tidy up debug of non ext functions Signed-off-by: Ben Taylor --- library/ssl_client.c | 2 +- library/ssl_msg.c | 2 +- library/ssl_tls.c | 6 +++--- library/ssl_tls12_client.c | 8 ++++---- library/ssl_tls12_server.c | 12 ++++++------ 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 10d4952198..6fe6dd8fe6 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -944,7 +944,7 @@ int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 6f7d2b9b9b..0cb2f00c12 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5029,7 +5029,7 @@ int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6259f2d4db..8a35a5753e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4248,7 +4248,7 @@ static int ssl_write_hello_request(mbedtls_ssl_context *ssl) ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST; if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } @@ -6727,7 +6727,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } @@ -7457,7 +7457,7 @@ int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl) #endif if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index a05b107f80..a8800904f7 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2014,7 +2014,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR); } - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; @@ -2566,7 +2566,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } @@ -2708,7 +2708,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) out_buf_len - 6 - offset, &n, rs_ctx)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign_ext", ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; @@ -2726,7 +2726,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 8f3b5d2492..34971dfab2 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2018,7 +2018,7 @@ static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT); if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } @@ -2885,7 +2885,7 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, ssl->out_msg + ssl->out_msglen + 2, out_buf_len - ssl->out_msglen - 2, signature_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign_ext", ret); return ret; } } @@ -2972,7 +2972,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } @@ -3000,7 +3000,7 @@ static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl) #endif if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } @@ -3459,7 +3459,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) if ((ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) pk_alg, peer_pk, md_alg, hash_start, hashlen, ssl->in_msg + i, sig_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret); return ret; } @@ -3522,7 +3522,7 @@ static int ssl_write_new_session_ticket(mbedtls_ssl_context *ssl) ssl->handshake->new_session_ticket = 0; if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg_ext", ret); return ret; } From 1b32994bef6e7e8b43aa190d183256a1bab9de4d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 13 Oct 2025 12:00:21 +0100 Subject: [PATCH 1147/1548] Fix style issues Signed-off-by: Ben Taylor --- library/pkcs7.c | 4 ++-- library/ssl_tls12_server.c | 12 ++++++------ library/x509write_crt.c | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index ba4529d3e9..10d008a923 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -705,8 +705,8 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, */ for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) { ret = mbedtls_pk_verify_ext(MBEDTLS_PK_SIGALG_RSA_PKCS1V15, &pk_cxt, md_alg, hash, - mbedtls_md_get_size(md_info), - signer->sig.p, signer->sig.len); + mbedtls_md_get_size(md_info), + signer->sig.p, signer->sig.len); if (ret == 0) { break; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 34971dfab2..3511016080 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2881,10 +2881,10 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, * ssl_write_server_key_exchange also takes care of incrementing * ssl->out_msglen. */ if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) sig_alg, mbedtls_ssl_own_key(ssl), - md_alg, hash, hashlen, - ssl->out_msg + ssl->out_msglen + 2, - out_buf_len - ssl->out_msglen - 2, - signature_len)) != 0) { + md_alg, hash, hashlen, + ssl->out_msg + ssl->out_msglen + 2, + out_buf_len - ssl->out_msglen - 2, + signature_len)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign_ext", ret); return ret; } @@ -3457,8 +3457,8 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) } if ((ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) pk_alg, peer_pk, - md_alg, hash_start, hashlen, - ssl->in_msg + i, sig_len)) != 0) { + md_alg, hash_start, hashlen, + ssl->in_msg + i, sig_len)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret); return ret; } diff --git a/library/x509write_crt.c b/library/x509write_crt.c index ba2387e046..6399527f82 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -572,7 +572,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) pk_alg, ctx->issuer_key, ctx->md_alg, - hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) { + hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) { return ret; } From b190c1bb0b9ddbe69c58f86f6316231219b2af5c Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 21 Oct 2025 08:32:33 +0100 Subject: [PATCH 1148/1548] Replace change to restartable with ext Signed-off-by: Ben Taylor --- library/x509write_csr.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index c50482ddcd..5755a42b49 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -217,10 +217,6 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, &hash_len) != PSA_SUCCESS) { return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } - if ((ret = mbedtls_pk_sign_restartable(ctx->key, ctx->md_alg, hash, 0, - sig, sig_size, &sig_len, NULL)) != 0) { - return ret; - } if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_RSA)) { pk_alg = MBEDTLS_PK_RSA; @@ -230,6 +226,11 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, return MBEDTLS_ERR_X509_INVALID_ALG; } + if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) pk_alg, ctx->key, ctx->md_alg, hash, 0, + sig, sig_size, &sig_len)) != 0) { + return ret; + } + if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg((mbedtls_pk_sigalg_t) pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len)) != 0) { return ret; From 10d471a14dd324ff0abb2f34916d6c8c8aa76cf6 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 21 Oct 2025 08:36:02 +0100 Subject: [PATCH 1149/1548] Correct debug return Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index a8800904f7..140e00555b 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2014,7 +2014,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR); } - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_restartable", ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; From 4b4ca812e51940df8dd5d58b15ba48f0c774e330 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 21 Oct 2025 08:37:41 +0100 Subject: [PATCH 1150/1548] Corrected debug return Signed-off-by: Ben Taylor --- library/ssl_tls12_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 140e00555b..165ef760ac 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2708,7 +2708,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) out_buf_len - 6 - offset, &n, rs_ctx)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign_ext", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign_restartable", ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; From a2de40a1009552adece510fcd22916ab9ed3ff59 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 21 Oct 2025 10:42:09 +0100 Subject: [PATCH 1151/1548] Change the return type of mbedtls_ssl_get_ciphersuite_sig_pk_alg to mbedtls_pk_sigalg_t Signed-off-by: Ben Taylor --- library/ssl_ciphersuites.c | 16 ++++++++-------- library/ssl_ciphersuites_internal.h | 4 ++-- library/ssl_misc.h | 2 +- library/ssl_tls.c | 7 +++---- library/ssl_tls12_server.c | 12 ++++++------ 5 files changed, 20 insertions(+), 21 deletions(-) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index d61932cb95..2809a1424a 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -902,17 +902,17 @@ size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersui } #if defined(MBEDTLS_PK_C) -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info) +mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - return MBEDTLS_PK_RSA; + return MBEDTLS_PK_SIGALG_RSA_PKCS1V15; case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return MBEDTLS_PK_ECDSA; + return MBEDTLS_PK_SIGALG_ECDSA; default: - return MBEDTLS_PK_NONE; + return MBEDTLS_PK_SIGALG_NONE; } } @@ -943,17 +943,17 @@ psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_c } } -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info) +mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info) { switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - return MBEDTLS_PK_RSA; + return MBEDTLS_PK_SIGALG_RSA_PKCS1V15; case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return MBEDTLS_PK_ECDSA; + return MBEDTLS_PK_SIGALG_ECDSA; default: - return MBEDTLS_PK_NONE; + return MBEDTLS_PK_SIGALG_NONE; } } diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index 524e419f47..9a9b42b998 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -16,10 +16,10 @@ #endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #if defined(MBEDTLS_PK_C) -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); +mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info); psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info); -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info); +mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info); #endif /* MBEDTLS_PK_C */ int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 6462917093..cf3791e900 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1510,7 +1510,7 @@ static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk( #if defined(MBEDTLS_PK_C) unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk); -unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type); +unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type); mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig); #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8a35a5753e..9c6f236ded 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5619,13 +5619,12 @@ unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk) return MBEDTLS_SSL_SIG_ANON; } -unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type) +unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type) { switch (type) { - case MBEDTLS_PK_RSA: + case MBEDTLS_PK_SIGALG_RSA_PKCS1V15: return MBEDTLS_SSL_SIG_RSA; - case MBEDTLS_PK_ECDSA: - case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_SIGALG_ECDSA: return MBEDTLS_SSL_SIG_ECDSA; default: return MBEDTLS_SSL_SIG_ANON; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 3511016080..6f88d31e3e 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -760,7 +760,7 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, const mbedtls_ssl_ciphersuite_t *suite_info; #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - mbedtls_pk_type_t sig_type; + mbedtls_pk_sigalg_t sig_type; #endif suite_info = mbedtls_ssl_ciphersuite_from_id(suite_id); @@ -829,7 +829,7 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, /* If the ciphersuite requires signing, check whether * a suitable hash algorithm is present. */ sig_type = mbedtls_ssl_get_ciphersuite_sig_alg(suite_info); - if (sig_type != MBEDTLS_PK_NONE && + if (sig_type != MBEDTLS_PK_SIGALG_NONE && mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( ssl, mbedtls_ssl_sig_from_pk_alg(sig_type)) == MBEDTLS_SSL_HASH_NONE) { MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: no suitable hash algorithm " @@ -1608,8 +1608,8 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) /* Debugging-only output for testsuite */ #if defined(MBEDTLS_DEBUG_C) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg(ciphersuite_info); - if (sig_alg != MBEDTLS_PK_NONE) { + mbedtls_pk_sigalg_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg(ciphersuite_info); + if (sig_alg != MBEDTLS_PK_SIGALG_NONE) { unsigned int sig_hash = mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( ssl, mbedtls_ssl_sig_from_pk_alg(sig_alg)); MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext: %u", @@ -2788,7 +2788,7 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, * to choose appropriate hash. */ - mbedtls_pk_type_t sig_alg = + mbedtls_pk_sigalg_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info); unsigned char sig_hash = @@ -2799,7 +2799,7 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, /* For TLS 1.2, obey signature-hash-algorithm extension * (RFC 5246, Sec. 7.4.1.4.1). */ - if (sig_alg == MBEDTLS_PK_NONE || md_alg == MBEDTLS_MD_NONE) { + if (sig_alg == MBEDTLS_PK_SIGALG_NONE || md_alg == MBEDTLS_MD_NONE) { MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); /* (... because we choose a cipher suite * only if there is a matching hash.) */ From bc076f9f76f4a2cef01d92b242a2cc2111fd91ca Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 21 Oct 2025 10:49:47 +0100 Subject: [PATCH 1152/1548] fix style isses Signed-off-by: Ben Taylor --- library/x509write_csr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 5755a42b49..e7f547f03b 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -227,7 +227,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, } if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) pk_alg, ctx->key, ctx->md_alg, hash, 0, - sig, sig_size, &sig_len)) != 0) { + sig, sig_size, &sig_len)) != 0) { return ret; } From a5384bdf09707de55756ebfd33de5427b11e9054 Mon Sep 17 00:00:00 2001 From: Jan Spannberger Date: Tue, 28 Oct 2025 15:13:08 +0100 Subject: [PATCH 1153/1548] add cast to fix IAR compiler errors IAR throws a warning "mixed ENUM with other type" Signed-off-by: Jan Spannberger --- ChangeLog.d/iar-6.5fs.txt | 3 +++ library/ssl_misc.h | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/iar-6.5fs.txt diff --git a/ChangeLog.d/iar-6.5fs.txt b/ChangeLog.d/iar-6.5fs.txt new file mode 100644 index 0000000000..63e903b9c3 --- /dev/null +++ b/ChangeLog.d/iar-6.5fs.txt @@ -0,0 +1,3 @@ +Changes + * Add casts to some Enums to remove compiler errors thrown by IAR 6.5. + Removes Warning "mixed ENUM with other type". diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 0df7f96360..f78ebed2b9 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1315,14 +1315,14 @@ static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl, mbedtls_ssl_states state) { MBEDTLS_SSL_DEBUG_MSG(3, ("handshake state: %d (%s) -> %d (%s)", - ssl->state, mbedtls_ssl_states_str(ssl->state), + ssl->state, mbedtls_ssl_states_str((mbedtls_ssl_states)ssl->state), (int) state, mbedtls_ssl_states_str(state))); ssl->state = (int) state; } static inline void mbedtls_ssl_handshake_increment_state(mbedtls_ssl_context *ssl) { - mbedtls_ssl_handshake_set_state(ssl, ssl->state + 1); + mbedtls_ssl_handshake_set_state(ssl, (mbedtls_ssl_states)(ssl->state + 1)); } MBEDTLS_CHECK_RETURN_CRITICAL From 574aae2146636d6f7dc7d54e845a5a97f14418a5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 29 Oct 2025 12:26:53 +0100 Subject: [PATCH 1154/1548] Fix duplication of product version in CMakeLists.txt The CMake package version definition had its own line with a copy of the version number since 2.27.0. Until recently, `bump_version.sh` updated both copies, and that was still the case when we bumped the version to 4.0.0 (7ba04a298cc648255b820d9b5ad184528a6ea5ca). However, since then, we changed the format of the product version definition (879cba1a67d01317422870ff736057ca2d23247f), and after that, `bump_version.sh` would only have updated the product version, not the CMake package version. TF-PSA-Crypto 1.0.0 has the same problem, and there we did ship with an outdated CMake package version: https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/553 Signed-off-by: Gilles Peskine --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 659fd50885..728adc8bbe 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -522,7 +522,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) write_basic_package_version_file( "cmake/MbedTLSConfigVersion.cmake" COMPATIBILITY SameMajorVersion - VERSION 4.0.0) + VERSION "${MBEDTLS_VERSION}") install( FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake" From 64e7d4b64b4cf2316c84227e8c39df269704cc3f Mon Sep 17 00:00:00 2001 From: Jan Wille Date: Wed, 29 Oct 2025 15:49:10 +0100 Subject: [PATCH 1155/1548] format: apply suggestions (add spaces) Signed-off-by: Jan Wille --- library/ssl_misc.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index f78ebed2b9..06e38dee30 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1315,14 +1315,14 @@ static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl, mbedtls_ssl_states state) { MBEDTLS_SSL_DEBUG_MSG(3, ("handshake state: %d (%s) -> %d (%s)", - ssl->state, mbedtls_ssl_states_str((mbedtls_ssl_states)ssl->state), + ssl->state, mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state), (int) state, mbedtls_ssl_states_str(state))); ssl->state = (int) state; } static inline void mbedtls_ssl_handshake_increment_state(mbedtls_ssl_context *ssl) { - mbedtls_ssl_handshake_set_state(ssl, (mbedtls_ssl_states)(ssl->state + 1)); + mbedtls_ssl_handshake_set_state(ssl, (mbedtls_ssl_states) (ssl->state + 1)); } MBEDTLS_CHECK_RETURN_CRITICAL From 958d9d97a47ec5ff4f45ce9f8f8d22b7a10aa978 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 29 Oct 2025 11:20:25 +0000 Subject: [PATCH 1156/1548] prepare_release.sh: Added documentation Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index ac7c4b7177..6685899d5c 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -2,6 +2,14 @@ # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# prepare_release.sh — Prepare the source tree for a release. +# +# This script switches the repo into “release” mode: +# - Updates all tracked `.gitignore` files to stop +# ignoring the automatically-generated files. +# - Sets the CMake option `GEN_FILES` to OFF to explicitely disable +# recreating the automatically-generated files. + set -eu # Portable inline sed. Helper function that will automatically pre-pend From bdb1dcbdb6153d6c2e4f5d90d4bc384425d5413e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 29 Oct 2025 11:21:23 +0000 Subject: [PATCH 1157/1548] prepare_release.sh: simplified regex Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 6685899d5c..16b0351983 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -32,4 +32,4 @@ for GITIGNORE in $(git ls-files -- '*.gitignore'); do done #### Build system #### -psed '/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1'"OFF/" CMakeLists.txt +psed '/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1OFF/' CMakeLists.txt tf-psa-crypto/CMakeLists.txt From a2cba40df64847f68fe9276734dba3220df7d7bc Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 30 Oct 2025 10:00:07 +0000 Subject: [PATCH 1158/1548] prepare_release.sh: modify submodule files recursively Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 16b0351983..657d1380d4 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -9,6 +9,8 @@ # ignoring the automatically-generated files. # - Sets the CMake option `GEN_FILES` to OFF to explicitely disable # recreating the automatically-generated files. +#. - The script will recursively update the tf-psa-crypto files too. + set -eu @@ -25,7 +27,7 @@ psed() { } #### .gitignore processing #### -for GITIGNORE in $(git ls-files -- '*.gitignore'); do +for GITIGNORE in $(git ls-files --recurse-submodules -- '*.gitignore'); do psed '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/#/' "$GITIGNORE" psed 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' "$GITIGNORE" psed 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' "$GITIGNORE" From 4565d5d4e613ed412d2a2235c2c4d2fa84ef69bd Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 30 Oct 2025 13:37:09 +0000 Subject: [PATCH 1159/1548] Change the call to mbedtls_pk_verify_ext in pkcs7 to have a variable input cert->sig_pk Signed-off-by: Ben Taylor --- library/pkcs7.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 10d008a923..2cc7812bf0 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -704,7 +704,7 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, * failed to validate'. */ for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) { - ret = mbedtls_pk_verify_ext(MBEDTLS_PK_SIGALG_RSA_PKCS1V15, &pk_cxt, md_alg, hash, + ret = mbedtls_pk_verify_ext(cert->sig_pk, &pk_cxt, md_alg, hash, mbedtls_md_get_size(md_info), signer->sig.p, signer->sig.len); From 0035cfb1f05b7a90fc786169349cc1eccc61f6f1 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 30 Oct 2025 13:42:30 +0000 Subject: [PATCH 1160/1548] Removed unnecessary cast in mbedtls_pk_sign_ext Signed-off-by: Ben Taylor --- library/ssl_tls12_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 6f88d31e3e..0dffb91064 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2880,7 +2880,7 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, * after the call to ssl_prepare_server_key_exchange. * ssl_write_server_key_exchange also takes care of incrementing * ssl->out_msglen. */ - if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) sig_alg, mbedtls_ssl_own_key(ssl), + if ((ret = mbedtls_pk_sign_ext(sig_alg, mbedtls_ssl_own_key(ssl), md_alg, hash, hashlen, ssl->out_msg + ssl->out_msglen + 2, out_buf_len - ssl->out_msglen - 2, From 5f037c7fb3e71ec7e6160cc329e362bc42ca9018 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 30 Oct 2025 14:59:24 +0000 Subject: [PATCH 1161/1548] Rename mbedtls_ssl_pk_alg_from_sig to mbedtls_ssl_pk_alg_from_sig_pk_alg and update to use mbedtls_pk_sigalg_t Signed-off-by: Ben Taylor --- library/ssl_misc.h | 14 +++++++------- library/ssl_tls.c | 8 ++++---- library/ssl_tls12_client.c | 8 ++++---- library/ssl_tls12_server.c | 10 +++++----- library/ssl_tls13_generic.c | 6 +++--- 5 files changed, 23 insertions(+), 23 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index cf3791e900..41b3cd0e3e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1511,7 +1511,7 @@ static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk( #if defined(MBEDTLS_PK_C) unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk); unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type); -mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig); +mbedtls_pk_sigalg_t mbedtls_ssl_pk_alg_from_sig_pk_alg(unsigned char sig); #endif mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash); @@ -2410,12 +2410,12 @@ static inline int mbedtls_ssl_sig_alg_is_offered(const mbedtls_ssl_context *ssl, } static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( - uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg) + uint16_t sig_alg, mbedtls_pk_sigalg_t *pk_type, mbedtls_md_type_t *md_alg) { - *pk_type = mbedtls_ssl_pk_alg_from_sig(sig_alg & 0xff); + *pk_type = mbedtls_ssl_pk_alg_from_sig_pk_alg(sig_alg & 0xff); *md_alg = mbedtls_ssl_md_alg_from_hash((sig_alg >> 8) & 0xff); - if (*pk_type != MBEDTLS_PK_NONE && *md_alg != MBEDTLS_MD_NONE) { + if (*pk_type != MBEDTLS_PK_SIGALG_NONE && *md_alg != MBEDTLS_MD_NONE) { return 0; } @@ -2424,19 +2424,19 @@ static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( #if defined(PSA_WANT_ALG_SHA_256) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: *md_alg = MBEDTLS_MD_SHA256; - *pk_type = MBEDTLS_PK_RSASSA_PSS; + *pk_type = MBEDTLS_PK_SIGALG_RSA_PSS; break; #endif /* PSA_WANT_ALG_SHA_256 */ #if defined(PSA_WANT_ALG_SHA_384) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: *md_alg = MBEDTLS_MD_SHA384; - *pk_type = MBEDTLS_PK_RSASSA_PSS; + *pk_type = MBEDTLS_PK_SIGALG_RSA_PSS; break; #endif /* PSA_WANT_ALG_SHA_384 */ #if defined(PSA_WANT_ALG_SHA_512) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: *md_alg = MBEDTLS_MD_SHA512; - *pk_type = MBEDTLS_PK_RSASSA_PSS; + *pk_type = MBEDTLS_PK_SIGALG_RSA_PSS; break; #endif /* PSA_WANT_ALG_SHA_512 */ #endif /* PSA_WANT_ALG_RSA_PSS */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9c6f236ded..07e5824858 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5631,19 +5631,19 @@ unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type) } } -mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig) +mbedtls_pk_sigalg_t mbedtls_ssl_pk_alg_from_sig_pk_alg(unsigned char sig) { switch (sig) { #if defined(MBEDTLS_RSA_C) case MBEDTLS_SSL_SIG_RSA: - return MBEDTLS_PK_RSA; + return MBEDTLS_PK_SIGALG_RSA_PKCS1V15; #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) case MBEDTLS_SSL_SIG_ECDSA: - return MBEDTLS_PK_ECDSA; + return MBEDTLS_PK_SIGALG_ECDSA; #endif default: - return MBEDTLS_PK_NONE; + return MBEDTLS_PK_SIGALG_NONE; } } #endif /* MBEDTLS_PK_C && diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 165ef760ac..482fd46182 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1884,7 +1884,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) unsigned char hash[MBEDTLS_MD_MAX_SIZE]; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; - mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; + mbedtls_pk_sigalg_t pk_alg = MBEDTLS_PK_SIGALG_NONE; unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); size_t params_len = (size_t) (p - params); void *rs_ctx = NULL; @@ -1922,7 +1922,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) } p += 2; - if (!mbedtls_pk_can_do(peer_pk, pk_alg)) { + if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( @@ -1978,7 +1978,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) /* * Verify signature */ - if (!mbedtls_pk_can_do(peer_pk, pk_alg)) { + if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, @@ -1994,7 +1994,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) #endif #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { + if (pk_alg == MBEDTLS_PK_SIGALG_RSA_PSS) { ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) pk_alg, peer_pk, md_alg, hash, hashlen, p, sig_len); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 0dffb91064..09d872bfbb 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3324,7 +3324,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) unsigned char hash[48]; unsigned char *hash_start = hash; size_t hashlen; - mbedtls_pk_type_t pk_alg; + mbedtls_pk_sigalg_t pk_alg; mbedtls_md_type_t md_alg; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; @@ -3416,8 +3416,8 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) /* * Signature */ - if ((pk_alg = mbedtls_ssl_pk_alg_from_sig(ssl->in_msg[i])) - == MBEDTLS_PK_NONE) { + if ((pk_alg = mbedtls_ssl_pk_alg_from_sig_pk_alg(ssl->in_msg[i])) + == MBEDTLS_PK_SIGALG_NONE) { MBEDTLS_SSL_DEBUG_MSG(1, ("peer not adhering to requested sig_alg" " for verify message")); return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; @@ -3426,7 +3426,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) /* * Check the certificate's key type matches the signature alg */ - if (!mbedtls_pk_can_do(peer_pk, pk_alg)) { + if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) { MBEDTLS_SSL_DEBUG_MSG(1, ("sig_alg doesn't match cert key")); return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } @@ -3456,7 +3456,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) } } - if ((ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) pk_alg, peer_pk, + if ((ret = mbedtls_pk_verify_ext(pk_alg, peer_pk, md_alg, hash_start, hashlen, ssl->in_msg + i, sig_len)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 748efb4815..6aabf4e58e 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -221,7 +221,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, const unsigned char *p = buf; uint16_t algorithm; size_t signature_len; - mbedtls_pk_type_t sig_alg; + mbedtls_pk_sigalg_t sig_alg; mbedtls_md_type_t md_alg; psa_algorithm_t hash_alg = PSA_ALG_NONE; unsigned char verify_hash[PSA_HASH_MAX_SIZE]; @@ -277,7 +277,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, /* * Check the certificate's key type matches the signature alg */ - if (!mbedtls_pk_can_do(&ssl->session_negotiate->peer_cert->pk, sig_alg)) { + if (!mbedtls_pk_can_do(&ssl->session_negotiate->peer_cert->pk, (mbedtls_pk_type_t) sig_alg)) { MBEDTLS_SSL_DEBUG_MSG(1, ("signature algorithm doesn't match cert key")); goto error; } @@ -927,7 +927,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, for (; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE; + mbedtls_pk_sigalg_t pk_type = MBEDTLS_PK_SIGALG_NONE; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; psa_algorithm_t psa_algorithm = PSA_ALG_NONE; unsigned char verify_hash[PSA_HASH_MAX_SIZE]; From 00b04a6590d078d2e3cef1837dbf6b36fc5ec9a8 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 30 Oct 2025 15:11:09 +0000 Subject: [PATCH 1162/1548] Update mbedtls_pk_sign_ext in x509write_crt.c to use mbedtls_pk_sigalg_t directly and remove casts Signed-off-by: Ben Taylor --- library/x509write_crt.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 6399527f82..e4cdd5064b 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -396,7 +396,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; - mbedtls_pk_type_t pk_alg; + mbedtls_pk_sigalg_t pk_alg; int write_sig_null_par; /* @@ -409,9 +409,9 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, /* There's no direct way of extracting a signature algorithm * (represented as an element of mbedtls_pk_type_t) from a PK instance. */ if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_RSA)) { - pk_alg = MBEDTLS_PK_RSA; + pk_alg = MBEDTLS_PK_SIGALG_RSA_PKCS1V15; } else if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_ECDSA)) { - pk_alg = MBEDTLS_PK_ECDSA; + pk_alg = MBEDTLS_PK_SIGALG_ECDSA; } else { return MBEDTLS_ERR_X509_INVALID_ALG; } @@ -489,7 +489,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, /* * Signature ::= AlgorithmIdentifier */ - if (pk_alg == MBEDTLS_PK_ECDSA) { + if (pk_alg == MBEDTLS_PK_SIGALG_ECDSA) { /* * The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature * algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and @@ -571,7 +571,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, } - if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) pk_alg, ctx->issuer_key, ctx->md_alg, + if ((ret = mbedtls_pk_sign_ext(pk_alg, ctx->issuer_key, ctx->md_alg, hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) { return ret; } @@ -588,7 +588,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c, sig_oid, sig_oid_len, sig, sig_len, - (mbedtls_pk_sigalg_t) pk_alg)); + pk_alg)); /* * Memory layout after this step: From f21e63c6d026364537b21046daf3b5eef7040ea1 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 30 Oct 2025 15:29:02 +0000 Subject: [PATCH 1163/1548] Update pk_alg to use mbedtls_pk_sigalg_t and remove casts in library/x509write_csr.c Signed-off-by: Ben Taylor --- library/x509write_csr.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index e7f547f03b..0fac775106 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -142,7 +142,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, unsigned char hash[MBEDTLS_MD_MAX_SIZE]; size_t pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; - mbedtls_pk_type_t pk_alg; + mbedtls_pk_sigalg_t pk_alg; size_t hash_len; psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(ctx->md_alg); @@ -219,19 +219,19 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, } if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_RSA)) { - pk_alg = MBEDTLS_PK_RSA; + pk_alg = MBEDTLS_PK_SIGALG_RSA_PKCS1V15; } else if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_ECDSA)) { - pk_alg = MBEDTLS_PK_ECDSA; + pk_alg = MBEDTLS_PK_SIGALG_ECDSA; } else { return MBEDTLS_ERR_X509_INVALID_ALG; } - if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) pk_alg, ctx->key, ctx->md_alg, hash, 0, + if ((ret = mbedtls_pk_sign_ext(pk_alg, ctx->key, ctx->md_alg, hash, 0, sig, sig_size, &sig_len)) != 0) { return ret; } - if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg((mbedtls_pk_sigalg_t) pk_alg, ctx->md_alg, + if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len)) != 0) { return ret; } @@ -250,7 +250,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, c2 = buf + size; MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len, - sig, sig_len, (mbedtls_pk_sigalg_t) pk_alg)); + sig, sig_len, pk_alg)); /* * Compact the space between the CSR data and signature by moving the From b76c38334a4f13eb92b74047683ee29e5a053685 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 31 Oct 2025 07:55:02 +0000 Subject: [PATCH 1164/1548] Update name of mbedtls_ssl_pk_alg_from_sig_pk_alg to mbedtls_ssl_pk_sig_alg_from_sig Signed-off-by: Ben Taylor --- library/ssl_misc.h | 4 ++-- library/ssl_tls.c | 2 +- library/ssl_tls12_server.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 41b3cd0e3e..60c5dea35e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1511,7 +1511,7 @@ static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk( #if defined(MBEDTLS_PK_C) unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk); unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type); -mbedtls_pk_sigalg_t mbedtls_ssl_pk_alg_from_sig_pk_alg(unsigned char sig); +mbedtls_pk_sigalg_t mbedtls_ssl_pk_sig_alg_from_sig(unsigned char sig); #endif mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash); @@ -2412,7 +2412,7 @@ static inline int mbedtls_ssl_sig_alg_is_offered(const mbedtls_ssl_context *ssl, static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( uint16_t sig_alg, mbedtls_pk_sigalg_t *pk_type, mbedtls_md_type_t *md_alg) { - *pk_type = mbedtls_ssl_pk_alg_from_sig_pk_alg(sig_alg & 0xff); + *pk_type = mbedtls_ssl_pk_sig_alg_from_sig(sig_alg & 0xff); *md_alg = mbedtls_ssl_md_alg_from_hash((sig_alg >> 8) & 0xff); if (*pk_type != MBEDTLS_PK_SIGALG_NONE && *md_alg != MBEDTLS_MD_NONE) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 07e5824858..550f79de29 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5631,7 +5631,7 @@ unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type) } } -mbedtls_pk_sigalg_t mbedtls_ssl_pk_alg_from_sig_pk_alg(unsigned char sig) +mbedtls_pk_sigalg_t mbedtls_ssl_pk_sig_alg_from_sig(unsigned char sig) { switch (sig) { #if defined(MBEDTLS_RSA_C) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 09d872bfbb..0856dcfdd2 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3416,7 +3416,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) /* * Signature */ - if ((pk_alg = mbedtls_ssl_pk_alg_from_sig_pk_alg(ssl->in_msg[i])) + if ((pk_alg = mbedtls_ssl_pk_sig_alg_from_sig(ssl->in_msg[i])) == MBEDTLS_PK_SIGALG_NONE) { MBEDTLS_SSL_DEBUG_MSG(1, ("peer not adhering to requested sig_alg" " for verify message")); From 42074c193fc2bca0a15039b3d0949518c49f1a08 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 31 Oct 2025 08:38:53 +0000 Subject: [PATCH 1165/1548] Rename mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg to mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg Signed-off-by: Ben Taylor --- library/ssl_misc.h | 2 +- library/ssl_tls12_client.c | 2 +- library/ssl_tls13_generic.c | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 60c5dea35e..237475ff1b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2409,7 +2409,7 @@ static inline int mbedtls_ssl_sig_alg_is_offered(const mbedtls_ssl_context *ssl, return 0; } -static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( +static inline int mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg( uint16_t sig_alg, mbedtls_pk_sigalg_t *pk_type, mbedtls_md_type_t *md_alg) { *pk_type = mbedtls_ssl_pk_sig_alg_from_sig(sig_alg & 0xff); diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 482fd46182..35ae891c1d 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1908,7 +1908,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) */ MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); sig_alg = MBEDTLS_GET_UINT16_BE(p, 0); - if (mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( + if (mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg( sig_alg, &pk_alg, &md_alg) != 0 && !mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg) && !mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg)) { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 6aabf4e58e..f8aca908c4 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -261,7 +261,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, goto error; } - if (mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( + if (mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg( algorithm, &sig_alg, &md_alg) != 0) { goto error; } @@ -945,7 +945,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, continue; } - if (mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( + if (mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg( *sig_alg, &pk_type, &md_alg) != 0) { return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } From 284481f7ca080b553cabfb23abf2d6455ee850ad Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 14 Oct 2025 11:44:13 +0100 Subject: [PATCH 1166/1548] Remove lcov.sh as this will be moved to the framework Signed-off-by: Ben Taylor --- scripts/lcov.sh | 96 ------------------------------------------------- 1 file changed, 96 deletions(-) delete mode 100755 scripts/lcov.sh diff --git a/scripts/lcov.sh b/scripts/lcov.sh deleted file mode 100755 index 60fce6cbc2..0000000000 --- a/scripts/lcov.sh +++ /dev/null @@ -1,96 +0,0 @@ -#!/bin/sh - -help () { - cat <&1; exit 120;; - esac -done -shift $((OPTIND - 1)) - -"$main" "$@" From 9b4f222f4f4d54ad2bf1a558f1aa73ecc39fb2a2 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 17 Oct 2025 08:47:52 +0100 Subject: [PATCH 1167/1548] Update lcov.sh paths in make files Signed-off-by: Ben Taylor --- CMakeLists.txt | 4 ++-- scripts/legacy.make | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 659fd50885..c59bc7f96c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -489,9 +489,9 @@ if(ENABLE_TESTING) # 2. Run the relevant tests for the part of the code you're interested in. # For the reference coverage measurement, see # tests/scripts/basic-build-test.sh - # 3. Run scripts/lcov.sh to generate an HTML report. + # 3. Run framework/scripts/lcov.sh to generate an HTML report. ADD_CUSTOM_TARGET(lcov - COMMAND scripts/lcov.sh + COMMAND framework/scripts/lcov.sh ) ADD_CUSTOM_TARGET(memcheck diff --git a/scripts/legacy.make b/scripts/legacy.make index 9c8585cd86..b22b8ef8bf 100644 --- a/scripts/legacy.make +++ b/scripts/legacy.make @@ -154,9 +154,9 @@ ifndef WINDOWS # 2. Run the relevant tests for the part of the code you're interested in. # For the reference coverage measurement, see # tests/scripts/basic-build-test.sh -# 3. Run scripts/lcov.sh to generate an HTML report. +# 3. Run framework/scripts/lcov.sh to generate an HTML report. lcov: - scripts/lcov.sh + framework/scripts/lcov.sh apidoc: mkdir -p apidoc From 82a48d42fff027b85cf623cad0ba1e1aa0864358 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 21 Oct 2025 11:17:14 +0100 Subject: [PATCH 1168/1548] Update lcov.sh patch to use CMake variable Signed-off-by: Ben Taylor --- CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index c59bc7f96c..49206c12ea 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -489,9 +489,9 @@ if(ENABLE_TESTING) # 2. Run the relevant tests for the part of the code you're interested in. # For the reference coverage measurement, see # tests/scripts/basic-build-test.sh - # 3. Run framework/scripts/lcov.sh to generate an HTML report. + # 3. Run ${MBEDTLS_FRAMEWORK_DIR}/scripts/lcov.sh to generate an HTML report. ADD_CUSTOM_TARGET(lcov - COMMAND framework/scripts/lcov.sh + COMMAND ${MBEDTLS_FRAMEWORK_DIR}/scripts/lcov.sh ) ADD_CUSTOM_TARGET(memcheck From 76899ea606fd4e9a07a9c5c27588cd1fdb9e5ae6 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 24 Oct 2025 11:00:01 +0100 Subject: [PATCH 1169/1548] Update framework module Signed-off-by: Ben Taylor --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 4579964747..875ec308e7 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 457996474728cb8e968ed21953b72f74d2f536b2 +Subproject commit 875ec308e7ff34610075507b7216172ce8eb0785 From 4b8d9d41ee70d522d837e04f106890407ff5c468 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 31 Oct 2025 14:41:31 +0000 Subject: [PATCH 1170/1548] Update tf-psa-crypto submodule to include new framework Signed-off-by: Ben Taylor --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 609a7064cb..0a7317cc51 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 609a7064cbf8b325fe2579476f69d66ffad9d106 +Subproject commit 0a7317cc517bcb8a2505e43f52da6cbc40b7134b From a35e332bbb7c7690d172c61c3943890372b103af Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 3 Nov 2025 10:25:15 +0100 Subject: [PATCH 1171/1548] library: debug: remove temporary fixes for RSA key handling Since crypto#308 has been merged: - replace MBEDTLS_PK_USE_PSA_RSA_DATA with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY - remove "no-check-names" Signed-off-by: Valerio Setti --- library/debug.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/library/debug.c b/library/debug.c index 94b1c2778f..362c07981c 100644 --- a/library/debug.c +++ b/library/debug.c @@ -220,8 +220,7 @@ void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) -/* no-check-names will be removed in mbedtls#10229. */ -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) static void mbedtls_debug_print_integer(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const unsigned char *buf, size_t bitlen) @@ -257,8 +256,7 @@ static void mbedtls_debug_print_integer(const mbedtls_ssl_context *ssl, int leve debug_send_line(ssl, level, file, line, str); } } -/* no-check-names will be removed in mbedtls#10229. */ -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY || MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level, @@ -292,8 +290,7 @@ static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ -/* no-check-names will be removed in mbedtls#10229. */ -#if defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names +#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) static size_t debug_count_valid_bits(unsigned char **buf, size_t len) { size_t i, bits; @@ -389,8 +386,7 @@ static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int leve mbedtls_snprintf(str, sizeof(str), "%s.E", text); mbedtls_debug_print_integer(ssl, level, file, line, str, start_cur, bits); } -/* no-check-names will be removed in mbedtls#10229. */ -#endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names +#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, const char *file, int line, @@ -421,12 +417,11 @@ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value); } else #endif /* MBEDTLS_RSA_C */ -/* no-check-names will be removed in mbedtls#10229. */ -#if defined(MBEDTLS_PK_USE_PSA_RSA_DATA) //no-check-names - if (items[i].type == MBEDTLS_PK_DEBUG_PSA_RSA) { //no-check-names +#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) + if (items[i].type == MBEDTLS_PK_DEBUG_PSA_RSA) { mbedtls_debug_print_psa_rsa(ssl, level, file, line, name, items[i].value); } else -#endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ //no-check-names +#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) if (items[i].type == MBEDTLS_PK_DEBUG_PSA_EC) { mbedtls_debug_print_psa_ec(ssl, level, file, line, name, items[i].value); From 910bf4bbc6b5134338077eedb65a7ac071e33bb3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 3 Nov 2025 10:27:24 +0100 Subject: [PATCH 1172/1548] tests: suite_x509parse: remove temporary fixes Removes the temporary fixes that were introduced in order to allow crypto#308 to be merged. Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.function | 8 -------- 1 file changed, 8 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index ccd85378b8..e892ab9a9e 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1133,14 +1133,6 @@ void x509parse_crt(data_t *buf, char *result_str, int result) int result_back_comp = result; int res; -#if !defined(MBEDTLS_PK_USE_PSA_RSA_DATA) - /* Support for mbedtls#10213 before psa#308. Once psa#308 will be - * merged this dirty fix can be removed. */ - if (result == MBEDTLS_ERR_PK_INVALID_PUBKEY) { - result_back_comp = MBEDTLS_ERR_ASN1_UNEXPECTED_TAG; - } -#endif /* MBEDTLS_PK_USE_PSA_RSA_DATA */ - mbedtls_x509_crt_init(&crt); USE_PSA_INIT(); From 666fa2da3d6a857dcf82702c836a226dcb81b527 Mon Sep 17 00:00:00 2001 From: Juha-Pekka Kesonen Date: Wed, 5 Nov 2025 14:08:46 +0200 Subject: [PATCH 1173/1548] ssl_msg.c: change log level for record checking Signed-off-by: Juha-Pekka --- library/ssl_msg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 0cb2f00c12..e1198fa627 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -221,7 +221,7 @@ int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl, size_t buflen) { int ret = 0; - MBEDTLS_SSL_DEBUG_MSG(1, ("=> mbedtls_ssl_check_record")); + MBEDTLS_SSL_DEBUG_MSG(3, ("=> mbedtls_ssl_check_record")); MBEDTLS_SSL_DEBUG_BUF(3, "record buffer", buf, buflen); /* We don't support record checking in TLS because @@ -263,7 +263,7 @@ int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl, ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; } - MBEDTLS_SSL_DEBUG_MSG(1, ("<= mbedtls_ssl_check_record")); + MBEDTLS_SSL_DEBUG_MSG(3, ("<= mbedtls_ssl_check_record")); return ret; } From 5f4cbcd33688389baa7dad238dd8b85633f2d611 Mon Sep 17 00:00:00 2001 From: Juha-Pekka Kesonen Date: Wed, 5 Nov 2025 14:10:52 +0200 Subject: [PATCH 1174/1548] ssl_tls12: change log level for ECDH computation Signed-off-by: Juha-Pekka --- library/ssl_tls12_client.c | 4 ++-- library/ssl_tls12_server.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 35ae891c1d..4024c0014b 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2304,7 +2304,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) header_len = 4; - MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation.")); + MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based ECDH computation.")); /* * Generate EC private key for ECDHE exchange. @@ -2412,7 +2412,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) header_len += ssl->conf->psk_identity_len; - MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation.")); + MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based ECDH computation.")); /* * Generate EC private key for ECDHE exchange. diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 0856dcfdd2..6b37a954d4 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2683,7 +2683,7 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, psa_key_type_t key_type = PSA_KEY_TYPE_NONE; size_t ec_bits = 0; - MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation.")); + MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based ECDH computation.")); /* Convert EC's TLS ID to PSA key type. */ if (mbedtls_ssl_get_psa_curve_info_from_tls_id(*curr_tls_id, From 1f2f6fc9cbcd8e330b3befff32e5feab20b523a8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 6 Nov 2025 23:48:36 +0100 Subject: [PATCH 1175/1548] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 875ec308e7..9232f41572 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 875ec308e7ff34610075507b7216172ce8eb0785 +Subproject commit 9232f4157207829d45f8689c50951e2e84c1a83b From 28f745515e4edb65ef2d2abad29bf13a107ea4d8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 14 Nov 2025 15:06:58 +0100 Subject: [PATCH 1176/1548] Changelog entry for fix #10502 Signed-off-by: Gilles Peskine --- ChangeLog.d/config_checks_generator-fix-windows-path.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/config_checks_generator-fix-windows-path.txt diff --git a/ChangeLog.d/config_checks_generator-fix-windows-path.txt b/ChangeLog.d/config_checks_generator-fix-windows-path.txt new file mode 100644 index 0000000000..e5726cf77b --- /dev/null +++ b/ChangeLog.d/config_checks_generator-fix-windows-path.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix CMake failure on Windows because of a native directory separator. + Fixes #10502. From 6116d8feea490f091a47828bf051411fcc34d711 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Nov 2025 10:28:52 +0100 Subject: [PATCH 1177/1548] Update framework with fix of Mbed-TLS/mbedtls#10502 Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 9232f41572..6c9076eef1 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 9232f4157207829d45f8689c50951e2e84c1a83b +Subproject commit 6c9076eef1aaba371550ebc1145aed7227154b99 From caf73f885afef1e4eff3ff6d2323b62f050d7eea Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 20 Nov 2025 13:01:18 +0100 Subject: [PATCH 1178/1548] library: check_config: remove references to secp192 curves Support for these curves is being removed from tf-psa-crypto, so we need to remove all the references also in this repo. Signed-off-by: Valerio Setti --- library/mbedtls_check_config.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/mbedtls_check_config.h b/library/mbedtls_check_config.h index 3107c11077..855e4e3674 100644 --- a/library/mbedtls_check_config.h +++ b/library/mbedtls_check_config.h @@ -42,9 +42,7 @@ defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) || \ defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) || \ defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \ - defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) || \ defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) From 65ec4cc771e9461b4d79a45cb9bb8a54d645ff1c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 20 Nov 2025 13:16:59 +0100 Subject: [PATCH 1179/1548] tests: scripts: make enabling of secp192 curves fault tolerant in test_psa_crypto_without_heap This is temporary but still required in order to have this commit merged before the crypto#570, where these curves are really removed. These lines will be removed in a follow-up PR once crypto#570 is merged. Signed-off-by: Valerio Setti --- tests/scripts/components-configuration-crypto.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 637dbd0fd9..6ac6d17c6f 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -92,11 +92,13 @@ component_test_psa_crypto_without_heap() { scripts/config.py unset-all "^PSA_WANT_ALG_RSA_" # EC-JPAKE use calloc/free in PSA core scripts/config.py unset PSA_WANT_ALG_JPAKE - # Enable p192[k|r]1 curves which are disabled by default in tf-psa-crypto. - # This is required to get the proper test coverage otherwise there are - # tests in 'test_suite_psa_crypto_op_fail' that would never be executed. - scripts/config.py set PSA_WANT_ECC_SECP_K1_192 - scripts/config.py set PSA_WANT_ECC_SECP_R1_192 + # Curves p192[k|r]1 were disabled by default in TF-PSA-Crypto 1.0 so they + # were enabled here in order to get full test coverage. Support for these + # curves has completely been removed, but due to interdependency between + # CIs (mbedtls vs tf-psa-crypto) we still need to keep these lines here for + # a while. They will be removed in #10518 + scripts/config.py set PSA_WANT_ECC_SECP_K1_192 || true + scripts/config.py set PSA_WANT_ECC_SECP_R1_192 || true scripts/config.py set TF_PSA_CRYPTO_ALLOW_REMOVED_MECHANISMS || true # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H). From 5ae6c62247343d4c60618b374101cba42a645a1a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Nov 2025 14:38:22 +0100 Subject: [PATCH 1180/1548] tests: x509parse: transition tests based on secp192 curves to secp256 After some analysis search it was determined that previous test data seem not to belong to the "framework/data_files" certificate files. Therefore new test data has been generated from scratch. The improvement compared to the previous situation is that comments has been added on top of each test in order to explain how to recreate new test data. Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.data | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 14e7afa740..e90f6b96fb 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -2391,13 +2391,25 @@ X509 CRT ASN1 (ECDSA signature, RSA key) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_ECDSA x509parse_crt:"3081e630819e020103300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343631385a170d3233303730383039343631385a300f310d300b0603550403130454657374304c300d06092a864886f70d0101010500033b003038023100e8f546061d3b49bc2f6b7524b7ea4d73a8d5293ee8c64d9407b70b5d16baebc32b8205591eab4e1eb57e9241883701250203010001300906072a8648ce3d0401033800303502186e18209afbed14a0d9a796efcad68891e3ccd5f75815c833021900e92b4fd460b1994693243b9ffad54729de865381bda41d25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0 +# This was generated as follows: +# 1. generate EC key -> openssl ecparam -name secp256r1 -genkey -noout -out secp256.key +# 2. generate CSR -> openssl req -new -key secp256.key -out secp256.csr -subj "/CN=Test/" +# 3. generate CRT -> openssl x509 -req -in secp256.csr -sha1 -signkey secp256.key -days 3650 -set_serial 0xf41534662ec7e912 -out secp256.crt -outform DER +# 4. get generated DER content -> xxd -ps secp256.crt X509 CRT ASN1 (ECDSA signature, EC key) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ALG_SHA_1 -x509parse_crt:"3081eb3081a3020900f41534662ec7e912300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343031395a170d3233303730383039343031395a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d030101033200042137969fabd4e370624a0e1a33e379cab950cce00ef8c3c3e2adaeb7271c8f07659d65d3d777dcf21614363ae4b6e617300906072a8648ce3d04010338003035021858cc0f957946fe6a303d92885a456aa74c743c7b708cbd37021900fe293cac21af352d16b82eb8ea54e9410b3abaadd9f05dd6":"cert. version \: 1\nserial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:40\:19\nexpires on \: 2023-07-08 09\:40\:19\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n":0 - +depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1 +x509parse_crt:"3082010b3081b3020900f41534662ec7e912300906072a8648ce3d0401300f310d300b06035504030c0454657374301e170d3235313132373132313634305a170d3335313132353132313634305a300f310d300b06035504030c04546573743059301306072a8648ce3d020106082a8648ce3d0301070342000478553e5f2e2a8575809988ccff53367a2b239599cb062d1c3047dd3dc60f839c7c6e81b7ee69b84d75628e5ec2e36318c55f0ac92abd9e365b26f70467750f42300906072a8648ce3d0401034800304502202ca181fa577a3e0250587b756a68b9e63ff7fcb59d72ed1941d5c732444346c8022100ad7d2effe0488257e6bd0a408ebd1e81a0627ccbf7f87b9fe14358bba69603d7":"cert. version \: 1\nserial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2025-11-27 12\:16\:40\nexpires on \: 2035-11-25 12\:16\:40\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n":0 + +# This was generated as follows: +# 1. generate EC key -> openssl ecparam -name secp256r1 -genkey -noout -out secp256.key +# 2. generate CSR -> openssl req -new -key secp256.key -out secp256.csr -subj "/CN=Test/" +# 3. generate RSA key -> openssl genrsa -out rsa_1024.key 1024 +# 4. generate RSA CA cert -> openssl req -new -x509 -key rsa_1024.key -sha1 -days 3650 -subj="/CN=Test/" -out ca_rsa_1024.crt +# 5. generate final CRT -> openssl x509 -req -in secp256.csr -CA ca_rsa_1024.crt -CAkey rsa_1024.key -days 3650 -sha1 -set_serial 4 -out secp256-rsa.crt -outform DER +# 4. get generated DER content -> xxd -ps secp256-rsa.crt X509 CRT ASN1 (RSA signature, EC key) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -x509parse_crt:"3081e430819f020104300d06092a864886f70d0101050500300f310d300b0603550403130454657374301e170d3133303731303135303233375a170d3233303730383135303233375a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d03010103320004e962551a325b21b50cf6b990e33d4318fd16677130726357a196e3efe7107bcb6bdc6d9db2a4df7c964acfe81798433d300d06092a864886f70d01010505000331001a6c18cd1e457474b2d3912743f44b571341a7859a0122774a8e19a671680878936949f904c9255bdd6fffdb33a7e6d8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 +depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C +x509parse_crt:"308201453081af020104300d06092a864886f70d0101050500300f310d300b06035504030c0454657374301e170d3235313132373133333235325a170d3335313132353133333235325a300f310d300b06035504030c04546573743059301306072a8648ce3d020106082a8648ce3d0301070342000478553e5f2e2a8575809988ccff53367a2b239599cb062d1c3047dd3dc60f839c7c6e81b7ee69b84d75628e5ec2e36318c55f0ac92abd9e365b26f70467750f42300d06092a864886f70d010105050003818100973b30950c1504ede8597b266acf65aaa159e3e598c8e4fea7708558b41b049fb75fd679116e6e482241e7912830929aaf8bb47b14435a167103696aaa675c147e496d1bc5f3cf5340481fbd4af24a66d61e97b5022a35f2d0f8ad98410a9fa371d28862aafb27df47f39888770d515b0d0e24fa3d6987b1cc3e8c12db1f4ba3":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2025-11-27 13\:32\:52\nexpires on \: 2035-11-25 13\:32\:52\nsigned using \: RSA with SHA1\nEC key size \: 256 bits\n":0 X509 CRT ASN1 (Unsupported critical extension) depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 From 59c9ebfaae6010e019037792739885c2fb050fcb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 1 Dec 2025 09:59:54 +0100 Subject: [PATCH 1181/1548] ssl: rm useless private includes in public headers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/ssl.h | 7 ------- include/mbedtls/ssl_ciphersuites.h | 1 - 2 files changed, 8 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 02e527cdf5..6c86c57345 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -14,9 +14,6 @@ #include "mbedtls/build_info.h" -#include "mbedtls/private/bignum.h" -#include "mbedtls/private/ecp.h" - #include "mbedtls/ssl_ciphersuites.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -26,10 +23,6 @@ #include "mbedtls/md.h" -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) -#include "mbedtls/private/ecdh.h" -#endif - #if defined(MBEDTLS_HAVE_TIME) #include "mbedtls/platform_time.h" #endif diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index dfd369416b..9af1e5a668 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -14,7 +14,6 @@ #include "mbedtls/build_info.h" #include "mbedtls/pk.h" -#include "mbedtls/private/cipher.h" #include "mbedtls/md.h" #ifdef __cplusplus From 53c511578a7eb6c305f9895009873a95a95a8c0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 1 Dec 2025 10:03:20 +0100 Subject: [PATCH 1182/1548] x509: rm useless private include in public header MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/x509_crt.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 3352e3824a..9e607ad29a 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -15,7 +15,6 @@ #include "mbedtls/x509.h" #include "mbedtls/x509_crl.h" -#include "mbedtls/private/bignum.h" /** * \addtogroup x509_module From 4b663abecc3e62e68482750f11e25317544cfc91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 1 Dec 2025 10:16:52 +0100 Subject: [PATCH 1183/1548] ssl: rm useless private includes in internal headers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_ciphersuites_internal.h | 3 --- library/ssl_misc.h | 24 +----------------------- 2 files changed, 1 insertion(+), 26 deletions(-) diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index 9a9b42b998..864e6bf6b7 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -11,9 +11,6 @@ #define MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H #include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #if defined(MBEDTLS_PK_C) mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 083a5adc31..9f9ed0bf70 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -19,35 +19,13 @@ #include "mbedtls/debug.h" #include "debug_internal.h" -#include "mbedtls/private/cipher.h" - #include "psa/crypto.h" -#include "psa_util_internal.h" +#include "psa_util_internal.h" // XXX: internal crypto header extern const mbedtls_error_pair_t psa_to_ssl_errors[7]; -#if defined(PSA_WANT_ALG_MD5) -#include "mbedtls/private/md5.h" -#endif - -#if defined(PSA_WANT_ALG_SHA_1) -#include "mbedtls/private/sha1.h" -#endif - -#if defined(PSA_WANT_ALG_SHA_256) -#include "mbedtls/private/sha256.h" -#endif - -#if defined(PSA_WANT_ALG_SHA_512) -#include "mbedtls/private/sha512.h" -#endif - #include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "ssl_ciphersuites_internal.h" #include "x509_internal.h" -#include "pk_internal.h" /* Shorthand for restartable ECC */ #if defined(MBEDTLS_ECP_RESTARTABLE) && \ From c53c43c2961ccbf172a041b9f51ddfeb26b3e9e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 1 Dec 2025 10:20:53 +0100 Subject: [PATCH 1184/1548] x509: rm useless private includes in internal headers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/x509_internal.h | 6 ++---- library/x509_oid.h | 3 --- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/library/x509_internal.h b/library/x509_internal.h index 5505b9778c..9bad6a2ad8 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -16,11 +16,9 @@ #include "mbedtls/x509.h" #include "mbedtls/asn1.h" -#include "pk_internal.h" -#if defined(MBEDTLS_RSA_C) -#include "mbedtls/private/rsa.h" -#endif +// XXX: internal crypto header - used for mbedtls_pk_load_file() +#include "pk_internal.h" int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur); diff --git a/library/x509_oid.h b/library/x509_oid.h index 0752953aac..5721d8586c 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -13,9 +13,6 @@ #include "mbedtls/asn1.h" #include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "mbedtls/x509.h" #include From eab6d3276bd6fd07be3f1f4084514e30eb6172d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 1 Dec 2025 10:26:28 +0100 Subject: [PATCH 1185/1548] ssl: rm useless private include in C file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls12_server.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 6b37a954d4..1917af3ab4 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -32,10 +32,6 @@ static int local_err_translation(psa_status_t status) #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #endif -#if defined(MBEDTLS_ECP_C) -#include "mbedtls/private/ecp.h" -#endif - #if defined(MBEDTLS_HAVE_TIME) #include "mbedtls/platform_time.h" #endif From 411282d126afbb30856e010d0de599cb51736146 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 1 Dec 2025 11:05:39 +0100 Subject: [PATCH 1186/1548] x509: rm useless private include in C file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/x509_crt.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index e6b9252859..e18dbe777e 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -35,9 +35,7 @@ #endif #include "psa/crypto.h" -#include "psa_util_internal.h" #include "mbedtls/psa_util.h" -#include "pk_internal.h" #include "mbedtls/platform.h" From d6551eaaa61f0411507c95c95896565418888dcc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 1 Dec 2025 10:30:09 +0100 Subject: [PATCH 1187/1548] Add comment about internal crypto include MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Besides using an internal crypto header, error.h is arguably the wrong place: this file's docstring says it's about "Error to string translation", quite unrelated to the things we use from error_common.h. This is not surprising given the history, but no longer makes sense today. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/error.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index ee3d093c93..21707b1ca3 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -11,6 +11,10 @@ #define MBEDTLS_ERROR_H #include "mbedtls/build_info.h" +// XXX: internal crypto include, used for: +// - MBEDTLS_ERROR_ADD +// - MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED +// - possibly others (the above are just the first build errors) #include "mbedtls/private/error_common.h" #include From 3e6455d50ec0ee2fe9970e6a135c530fec3c9d5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Dec 2025 12:00:34 +0100 Subject: [PATCH 1188/1548] Remove useless includes of psa_util_internal MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Those in SSL modules were redundant because it's already included from ssl_misc.h. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_msg.c | 1 - library/ssl_tls.c | 1 - library/ssl_tls12_client.c | 1 - library/ssl_tls13_generic.c | 1 - library/x509write_crt.c | 1 - library/x509write_csr.c | 1 - 6 files changed, 6 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index e1198fa627..4430db993e 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -26,7 +26,6 @@ #include -#include "psa_util_internal.h" #include "psa/crypto.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 550f79de29..ea5924c3c1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -30,7 +30,6 @@ #include "mbedtls/psa_util.h" #include "md_psa.h" -#include "psa_util_internal.h" #include "psa/crypto.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 4024c0014b..c4f75b63de 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -17,7 +17,6 @@ #include "mbedtls/error.h" #include "mbedtls/constant_time.h" -#include "psa_util_internal.h" #include "psa/crypto.h" #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) /* Define a local translating function to save code size by not using too many diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index f8aca908c4..c7d3d48561 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -24,7 +24,6 @@ #include "ssl_debug_helpers.h" #include "psa/crypto.h" -#include "psa_util_internal.h" #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) /* Define a local translating function to save code size by not using too many diff --git a/library/x509write_crt.c b/library/x509write_crt.c index e4cdd5064b..399c923097 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -32,7 +32,6 @@ #endif /* MBEDTLS_PEM_WRITE_C */ #include "psa/crypto.h" -#include "psa_util_internal.h" #include "mbedtls/psa_util.h" void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 0fac775106..8a81f7ee56 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -22,7 +22,6 @@ #include "mbedtls/platform_util.h" #include "psa/crypto.h" -#include "psa_util_internal.h" #include "mbedtls/psa_util.h" #include From ea5718721f4a3647b22523d05c93c1d3eacbcd08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Dec 2025 12:06:39 +0100 Subject: [PATCH 1189/1548] Remove two more useless internal includes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls12_server.c | 1 - library/x509write.c | 1 - 2 files changed, 2 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 1917af3ab4..1f4ac3ea79 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -15,7 +15,6 @@ #include "debug_internal.h" #include "mbedtls/error.h" #include "mbedtls/platform_util.h" -#include "constant_time_internal.h" #include "mbedtls/constant_time.h" #include diff --git a/library/x509write.c b/library/x509write.c index 0906a5a9d1..c038bdfcda 100644 --- a/library/x509write.c +++ b/library/x509write.c @@ -24,7 +24,6 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#include "md_psa.h" #define CHECK_OVERFLOW_ADD(a, b) \ do \ From 5341c8687773252ac3fd841ddd8c78ad4e1ecc9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Dec 2025 12:35:20 +0100 Subject: [PATCH 1190/1548] Add comments for remaining internal includes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/error.h | 8 +++----- library/ssl_misc.h | 2 +- library/ssl_msg.c | 2 +- library/ssl_tls.c | 2 +- library/x509_internal.h | 3 +-- 5 files changed, 7 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 21707b1ca3..738440398c 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -11,11 +11,9 @@ #define MBEDTLS_ERROR_H #include "mbedtls/build_info.h" -// XXX: internal crypto include, used for: -// - MBEDTLS_ERROR_ADD -// - MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -// - possibly others (the above are just the first build errors) -#include "mbedtls/private/error_common.h" +#include "mbedtls/private/error_common.h" // for MBEDTLS_ERROR_ADD + see below +// MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED +// MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED #include diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 9f9ed0bf70..f8c03dfa2f 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -20,7 +20,7 @@ #include "debug_internal.h" #include "psa/crypto.h" -#include "psa_util_internal.h" // XXX: internal crypto header +#include "psa_util_internal.h" // for mbedtls_error_pair_t, psa_status_to_mbedtls extern const mbedtls_error_pair_t psa_to_ssl_errors[7]; #include "mbedtls/pk.h" diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 4430db993e..d4b915aa74 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -21,7 +21,7 @@ #include "mbedtls/error.h" #include "mbedtls/platform_util.h" #include "mbedtls/version.h" -#include "constant_time_internal.h" +#include "constant_time_internal.h" // for internal mbedtls_ct_xxx functions #include "mbedtls/constant_time.h" #include diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ea5924c3c1..36c6bf9586 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -29,7 +29,7 @@ #include #include "mbedtls/psa_util.h" -#include "md_psa.h" +#include "md_psa.h" // for mbedtls_md_error_from_psa() #include "psa/crypto.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/library/x509_internal.h b/library/x509_internal.h index 9bad6a2ad8..ea3aeb6351 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -17,8 +17,7 @@ #include "mbedtls/x509.h" #include "mbedtls/asn1.h" -// XXX: internal crypto header - used for mbedtls_pk_load_file() -#include "pk_internal.h" +#include "pk_internal.h" // for a lot of things, including in SSL int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur); From 725e3f1daa5d2d494fe553761dabbeeb0b9ee64e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 28 Nov 2025 09:50:20 +0100 Subject: [PATCH 1191/1548] tests: x509parse: replace certificates using secp192 with those using secp256 This replacement is either: - "server5-rsa-signed.crt": if a generic secp256r1 EC key is enough, i.e. any EC key is fine as it's not secp192 since this support is being removed from TF-PSA-Crypto. - "server11-rsa-signed.crt": if an EC key which does not belong to "suite-b" is required. For this case "secp256r1" wouldn't be good, so we use a "secp256k1" key. Signed-off-by: Valerio Setti --- tests/suites/test_suite_x509parse.data | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index e90f6b96fb..0ca27a9d68 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -179,8 +179,8 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_S x509_cert_info:"../framework/data_files/parse_input/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information EC signed by RSA -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C -x509_cert_info:"../framework/data_files/parse_input/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n" +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +x509_cert_info:"../framework/data_files/parse_input/server5-rsa-signed.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2025-12-01 10\:15\:30\nexpires on \: 2035-12-01 10\:15\:30\nsigned using \: RSA with SHA-256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 CRT information Bitstring in subject name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 @@ -752,8 +752,8 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V1 x509_verify:"../framework/data_files/cert_example_multi_nocn.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH + MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #32 (Valid, EC cert, RSA CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_192:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server3.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 +x509_verify:"../framework/data_files/server5-rsa-signed.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #33 (Valid, RSA cert, EC CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ECC_SECP_R1_384 @@ -1000,8 +1000,8 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PS x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all" X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_192:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 -x509_verify:"../framework/data_files/server3.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL" +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_K1_256:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 +x509_verify:"../framework/data_files/server11-rsa-signed.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL" X509 CRT verification #94 (Suite B invalid, RSA cert, EC CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PKCS1_V15:PSA_WANT_ECC_SECP_R1_384 @@ -2674,8 +2674,8 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_2 mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert92.crt":"../framework/data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch":0 X509 CRT verify chain #12 (suiteb profile, RSA root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ALG_SHA_1 -mbedtls_x509_crt_verify_chain:"../framework/data_files/server3.crt":"../framework/data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0 +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_K1_256:PSA_WANT_ALG_SHA_1 +mbedtls_x509_crt_verify_chain:"../framework/data_files/server11-rsa-signed.crt":"../framework/data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0 X509 CRT verify chain #13 (RSA only profile, EC root) depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384 From 35d90d15c79f7a83676e6780cd3c0e918afdc4c9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 28 Nov 2025 11:03:57 +0100 Subject: [PATCH 1192/1548] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 6c9076eef1..f58263d00f 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 6c9076eef1aaba371550ebc1145aed7227154b99 +Subproject commit f58263d00f287993d7ba4aeaef825385459fd02d From d36ed4a84d5c627d2781af4a52a22c9de687c04b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 1 Dec 2025 18:01:46 +0100 Subject: [PATCH 1193/1548] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 0a7317cc51..cb9d0ed648 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 0a7317cc517bcb8a2505e43f52da6cbc40b7134b +Subproject commit cb9d0ed64831da3e7b85ea8741a57fdc27c010e6 From 024c3aeb9e2654562788bc07e1ca21cd93a0cb43 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Nov 2025 12:51:52 +0100 Subject: [PATCH 1194/1548] library: ssl: remove duplicate check in ssl_parse_server_key_exchange() The check being removed is already done few lines above so there is no need to repeat it twice. Signed-off-by: Valerio Setti --- library/ssl_tls12_client.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index c4f75b63de..131efbe248 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1977,14 +1977,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) /* * Verify signature */ - if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if (ssl->handshake->ecrs_enabled) { From 92926ff4dce7b2b5e037d4ea5ade1f1f5d431f41 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Nov 2025 12:55:52 +0100 Subject: [PATCH 1195/1548] library: common: add helper to get PSA algorithm from PK sigalg Add a simple helper to convert from PK sigalg to PSA algorithm. This is handy when calling mbedtls_pk_can_do_psa() knowing the PK sigalg and the used MD type. This is being added in a separate file because it's meant to be consumed by both ssl and x509 modules. It was not added to tf-psa-crypto because this is only needed on the mbedtls repo and doing so reduce interdependencies between the repos. Signed-off-by: Valerio Setti --- library/mbedtls_utils.h | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 library/mbedtls_utils.h diff --git a/library/mbedtls_utils.h b/library/mbedtls_utils.h new file mode 100644 index 0000000000..948b391061 --- /dev/null +++ b/library/mbedtls_utils.h @@ -0,0 +1,23 @@ +#include "mbedtls/pk.h" +#include "psa/crypto.h" + +#ifndef MBEDTLS_UTILS_H +#define MBEDTLS_UTILS_H + +/* Return the PSA algorithm associated to the given combination of "sigalg" and "hash_alg". */ +static inline int mbedtls_psa_alg_from_pk_sigalg(mbedtls_pk_sigalg_t sigalg, + psa_algorithm_t hash_alg) +{ + switch (sigalg) { + case MBEDTLS_PK_SIGALG_RSA_PKCS1V15: + return PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg); + case MBEDTLS_PK_SIGALG_RSA_PSS: + return PSA_ALG_RSA_PSS(hash_alg); + case MBEDTLS_PK_SIGALG_ECDSA: + return MBEDTLS_PK_ALG_ECDSA(hash_alg); + default: + return MBEDTLS_PK_SIGALG_NONE; + } +} + +#endif /* MBEDTLS_UTILS_H */ From 81a5a0914ca711606fbe74ec5818f29e3aee4bf2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Nov 2025 12:55:04 +0100 Subject: [PATCH 1196/1548] library: ssl: replace mbedtls_pk_can_do() with mbedtls_pk_can_do_psa() Signed-off-by: Valerio Setti --- library/ssl_tls12_client.c | 7 ++++++- library/ssl_tls12_server.c | 5 ++++- library/ssl_tls13_generic.c | 5 ++++- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 131efbe248..ebcc0d56bb 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -16,6 +16,7 @@ #include "debug_internal.h" #include "mbedtls/error.h" #include "mbedtls/constant_time.h" +#include "mbedtls_utils.h" #include "psa/crypto.h" #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) @@ -1883,6 +1884,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) unsigned char hash[MBEDTLS_MD_MAX_SIZE]; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; + psa_algorithm_t psa_hash_alg; mbedtls_pk_sigalg_t pk_alg = MBEDTLS_PK_SIGALG_NONE; unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); size_t params_len = (size_t) (p - params); @@ -1921,7 +1923,10 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) } p += 2; - if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) { + psa_hash_alg = mbedtls_md_psa_alg_from_type(md_alg); + if (!mbedtls_pk_can_do_psa(peer_pk, + mbedtls_psa_alg_from_pk_sigalg(pk_alg, psa_hash_alg), + PSA_KEY_USAGE_VERIFY_HASH)) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 1f4ac3ea79..c02aeeaa08 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -16,6 +16,7 @@ #include "mbedtls/error.h" #include "mbedtls/platform_util.h" #include "mbedtls/constant_time.h" +#include "mbedtls_utils.h" #include @@ -3421,7 +3422,9 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) /* * Check the certificate's key type matches the signature alg */ - if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) { + if (!mbedtls_pk_can_do_psa(peer_pk, + mbedtls_psa_alg_from_pk_sigalg(pk_alg, PSA_ALG_ANY_HASH), + PSA_KEY_USAGE_VERIFY_HASH)) { MBEDTLS_SSL_DEBUG_MSG(1, ("sig_alg doesn't match cert key")); return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index c7d3d48561..078daea352 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -18,6 +18,7 @@ #include "mbedtls/constant_time.h" #include "psa/crypto.h" #include "mbedtls/psa_util.h" +#include "mbedtls_utils.h" #include "ssl_tls13_invasive.h" #include "ssl_tls13_keys.h" @@ -276,7 +277,9 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, /* * Check the certificate's key type matches the signature alg */ - if (!mbedtls_pk_can_do(&ssl->session_negotiate->peer_cert->pk, (mbedtls_pk_type_t) sig_alg)) { + if (!mbedtls_pk_can_do_psa(&ssl->session_negotiate->peer_cert->pk, + mbedtls_psa_alg_from_pk_sigalg(sig_alg, hash_alg), + PSA_KEY_USAGE_VERIFY_HASH)) { MBEDTLS_SSL_DEBUG_MSG(1, ("signature algorithm doesn't match cert key")); goto error; } From 9d1fa1a8d8b4a3e09163eb568220678dc4256f70 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Nov 2025 13:05:03 +0100 Subject: [PATCH 1197/1548] library: x509: change order of checks in x509_crt_check_signature() Checking that parent PK type is OK is definitely faster than computing an hash, so invert the checks. Signed-off-by: Valerio Setti --- library/x509_crt.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index e18dbe777e..ae9cc22538 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2108,6 +2108,11 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md); psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + /* Skip expensive computation on obvious mismatch */ + if (!mbedtls_pk_can_do(&parent->pk, (mbedtls_pk_type_t) child->sig_pk)) { + return -1; + } + status = psa_hash_compute(hash_alg, child->tbs.p, child->tbs.len, @@ -2118,11 +2123,6 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } - /* Skip expensive computation on obvious mismatch */ - if (!mbedtls_pk_can_do(&parent->pk, (mbedtls_pk_type_t) child->sig_pk)) { - return -1; - } - #if defined(MBEDTLS_ECP_RESTARTABLE) if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_SIGALG_ECDSA) { return mbedtls_pk_verify_restartable(&parent->pk, From 1de094fb321f793fa398951598c682969e00326f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Nov 2025 14:44:59 +0100 Subject: [PATCH 1198/1548] library: x509: replace mbedtls_pk_can_do() with mbedtls_pk_can_do_psa() Signed-off-by: Valerio Setti --- library/x509_crt.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index ae9cc22538..61dca746a3 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -43,6 +43,8 @@ #include "mbedtls/threading.h" #endif +#include "mbedtls_utils.h" + #if defined(MBEDTLS_HAVE_TIME) #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #ifndef WIN32_LEAN_AND_MEAN @@ -2109,7 +2111,9 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; /* Skip expensive computation on obvious mismatch */ - if (!mbedtls_pk_can_do(&parent->pk, (mbedtls_pk_type_t) child->sig_pk)) { + if (!mbedtls_pk_can_do_psa(&parent->pk, + mbedtls_psa_alg_from_pk_sigalg(child->sig_pk, hash_alg), + PSA_KEY_USAGE_VERIFY_HASH)) { return -1; } From 902467d62f999c14aada0a8e1375527ecd948f81 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Dec 2025 09:33:33 +0100 Subject: [PATCH 1199/1548] ssl: replace usage of mbedtls_pk_can_do() with mbedtls_pk_get_key_type() Signed-off-by: Valerio Setti --- library/ssl_tls.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 36c6bf9586..f873566d5c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5605,13 +5605,15 @@ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf) */ unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk) { + psa_key_type_t key_type = mbedtls_pk_get_key_type(pk); + #if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_can_do(pk, MBEDTLS_PK_RSA)) { + if (PSA_KEY_TYPE_IS_RSA(key_type)) { return MBEDTLS_SSL_SIG_RSA; } #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) - if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA)) { + if (PSA_KEY_TYPE_IS_ECC(key_type)) { return MBEDTLS_SSL_SIG_ECDSA; } #endif From 9eb5b2a14681afd493227e01ec20df7eebf2ebdf Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Dec 2025 09:40:28 +0100 Subject: [PATCH 1200/1548] x509: replace usage of mbedtls_pk_can_do() with mbedtls_pk_get_key_type() Signed-off-by: Valerio Setti --- library/x509write_crt.c | 5 +++-- library/x509write_csr.c | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 399c923097..8c77f10c34 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -392,6 +392,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char hash[MBEDTLS_MD_MAX_SIZE]; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_algorithm_t psa_algorithm; + psa_key_type_t key_type = mbedtls_pk_get_key_type(ctx->issuer_key); size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; @@ -407,9 +408,9 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, /* There's no direct way of extracting a signature algorithm * (represented as an element of mbedtls_pk_type_t) from a PK instance. */ - if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_RSA)) { + if (PSA_KEY_TYPE_IS_RSA(key_type)) { pk_alg = MBEDTLS_PK_SIGALG_RSA_PKCS1V15; - } else if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_ECDSA)) { + } else if (PSA_KEY_TYPE_IS_ECC(key_type)) { pk_alg = MBEDTLS_PK_SIGALG_ECDSA; } else { return MBEDTLS_ERR_X509_INVALID_ALG; diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 8a81f7ee56..22651032b1 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -144,6 +144,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, mbedtls_pk_sigalg_t pk_alg; size_t hash_len; psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(ctx->md_alg); + psa_key_type_t key_type = mbedtls_pk_get_key_type(ctx->key); /* Write the CSR backwards starting from the end of buf */ c = buf + size; @@ -217,9 +218,9 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } - if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_RSA)) { + if (PSA_KEY_TYPE_IS_RSA(key_type)) { pk_alg = MBEDTLS_PK_SIGALG_RSA_PKCS1V15; - } else if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_ECDSA)) { + } else if (PSA_KEY_TYPE_IS_ECC(key_type)) { pk_alg = MBEDTLS_PK_SIGALG_ECDSA; } else { return MBEDTLS_ERR_X509_INVALID_ALG; From 8b364c74365ebe79490ffa011ee19b2a2e4e1a78 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 25 Sep 2023 14:31:43 +0800 Subject: [PATCH 1201/1548] Fix the commands to build library In `scripts/common.make`, used by `tests/Makefile` and `programs/Makefile`, we have the following rules to build the library: ``` $(MBEDLIBS): $(MAKE) -C ../library ``` $(MBEDLIBS) contains three library files but the command is for all the 3 files instead of single target generation. This would cause a race when doing parallel build. This commit fixes command so that the recipe could generate a single library file. Fix https://github.com/Mbed-TLS/mbedtls/issues/8229 Signed-off-by: Pengyu Lv Signed-off-by: Gilles Peskine --- scripts/common.make | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/common.make b/scripts/common.make index b3d028ff62..c0e7b1d966 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -140,7 +140,7 @@ endif default: all $(MBEDLIBS): - $(MAKE) -C $(MBEDTLS_PATH)/library + $(MAKE) -C $(MBEDTLS_PATH)/library $(@F) neat: clean ifndef WINDOWS From d86c4ae1d282b0fe594719dd4742bd93ba1c6a98 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 25 Sep 2023 14:55:59 +0800 Subject: [PATCH 1202/1548] Fix dependencies in programs/Makefile Make fuzz depend on MBEDLIBS to avoid multiple instances for generation the library files. Signed-off-by: Pengyu Lv --- programs/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/Makefile b/programs/Makefile index 6c9d4d7342..47745de052 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -101,7 +101,7 @@ SSL_OPT_APPS += test/query_compile_time_config test/udp_proxy ssl-opt: $(patsubst %,%$(EXEXT),$(SSL_OPT_APPS)) .PHONY: ssl-opt -fuzz: ${MBEDTLS_TEST_OBJS} +fuzz: ${MBEDLIBS} ${MBEDTLS_TEST_OBJS} $(MAKE) -C fuzz ${MBEDTLS_TEST_OBJS}: From 1c479f88d0e7993b52fded35379699caf7e931b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 4 Dec 2025 11:24:20 +0100 Subject: [PATCH 1203/1548] Avoid references to ecdh.o MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We're going to remove ecdh.c soon, so use another way of testing whether builtin ECDH is included in the build. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/components-configuration-crypto.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 6ac6d17c6f..cff24a34ce 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -616,7 +616,7 @@ component_test_psa_crypto_config_accel_ecdh () { helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o + not grep mbedtls_psa_key_agreement_ecdh ${BUILTIN_SRC_PATH}/psa_crypto_ecp.o # Run the tests # ------------- @@ -748,7 +748,7 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { helper_libtestdriver1_make_main "$loc_accel_list" # ECP should be re-enabled but not the others - not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o + not grep mbedtls_psa_key_agreement_ecdh ${BUILTIN_SRC_PATH}/psa_crypto_ecp.o not grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o not grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o grep mbedtls_ecp ${BUILTIN_SRC_PATH}/ecp.o @@ -837,7 +837,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { ASAN_CFLAGS="$ASAN_CFLAGS -O0" helper_libtestdriver1_make_main "$loc_accel_list" # We expect ECDH to be re-enabled for the missing curves - grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o + grep mbedtls_psa_key_agreement_ecdh ${BUILTIN_SRC_PATH}/psa_crypto_ecp.o # We expect ECP to be re-enabled, however the parts specific to the # families of curves that are accelerated should be ommited. # - functions with mxz in the name are specific to Montgomery curves @@ -930,7 +930,7 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () { # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o + not grep mbedtls_psa_key_agreement_ecdh ${BUILTIN_SRC_PATH}/psa_crypto_ecp.o not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o not grep mbedtls_ecp_mul ${BUILTIN_SRC_PATH}/ecp.o @@ -1025,7 +1025,7 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o + not grep mbedtls_psa_key_agreement_ecdh ${BUILTIN_SRC_PATH}/psa_crypto_ecp.o not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o # Also ensure that ECP module was not re-enabled not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o @@ -1171,7 +1171,7 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o + not grep mbedtls_psa_key_agreement_ecdh ${BUILTIN_SRC_PATH}/psa_crypto_ecp.o not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o # Also ensure that ECP, RSA or BIGNUM modules were not re-enabled not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o @@ -1277,7 +1277,7 @@ component_test_tfm_config_p256m_driver_accel_ec () { # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_ecdh_ ${BUILTIN_SRC_PATH}/ecdh.o + not grep mbedtls_psa_key_agreement_ecdh ${BUILTIN_SRC_PATH}/psa_crypto_ecp.o not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o # Also ensure that ECP, RSA or BIGNUM modules were not re-enabled not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o From d8f0b37d1ab7c07fe2e5617982800318d5c64b96 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 5 Dec 2025 15:57:39 +0100 Subject: [PATCH 1204/1548] ssl: replace remaining occurrence of pk_can_do with pk_get_key_type Signed-off-by: Valerio Setti --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f873566d5c..be071defac 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8782,7 +8782,7 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 && - mbedtls_pk_can_do(&chain->pk, MBEDTLS_PK_ECKEY)) { + PSA_KEY_TYPE_IS_ECC(mbedtls_pk_get_type(&chain->pk))) { if (mbedtls_ssl_check_curve(ssl, mbedtls_pk_get_ec_group_id(&chain->pk)) != 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (EC key curve)")); ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY; From 5ad2bfa6c8ea5b0c7adb80c6aa80aeb567811a08 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Dec 2025 16:15:48 +0100 Subject: [PATCH 1205/1548] library: ssl: adjust return type of mbedtls_psa_alg_from_pk_sigalg() The correct return type should have been "psa_algorithm_t" since the beginning because this is what the function really returns and this is what the returned value is then used for in the calling functions. Change also the returned value in the default case from MBEDTLS_PK_SIGALG_NONE to PSA_ALG_NONE in order to return the same type as in other cases of the switch case. Signed-off-by: Valerio Setti --- library/mbedtls_utils.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/mbedtls_utils.h b/library/mbedtls_utils.h index 948b391061..67f74786b3 100644 --- a/library/mbedtls_utils.h +++ b/library/mbedtls_utils.h @@ -5,8 +5,8 @@ #define MBEDTLS_UTILS_H /* Return the PSA algorithm associated to the given combination of "sigalg" and "hash_alg". */ -static inline int mbedtls_psa_alg_from_pk_sigalg(mbedtls_pk_sigalg_t sigalg, - psa_algorithm_t hash_alg) +static inline psa_algorithm_t mbedtls_psa_alg_from_pk_sigalg(mbedtls_pk_sigalg_t sigalg, + psa_algorithm_t hash_alg) { switch (sigalg) { case MBEDTLS_PK_SIGALG_RSA_PKCS1V15: @@ -16,7 +16,7 @@ static inline int mbedtls_psa_alg_from_pk_sigalg(mbedtls_pk_sigalg_t sigalg, case MBEDTLS_PK_SIGALG_ECDSA: return MBEDTLS_PK_ALG_ECDSA(hash_alg); default: - return MBEDTLS_PK_SIGALG_NONE; + return PSA_ALG_NONE; } } From c0ac4a69336a1a8ae43a727bc45089940c40fa5e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Dec 2025 16:18:11 +0100 Subject: [PATCH 1206/1548] library: ssl: specify hash algorithm when checking signature in ssl_parse_certificate_verify Since the hash algorithm is known, this can be used when calling "mbedtls_pk_can_do_psa()" to get a more accurate answer. Signed-off-by: Valerio Setti --- library/ssl_tls12_server.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index c02aeeaa08..ec4446c1b4 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3325,6 +3325,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; mbedtls_pk_context *peer_pk; + psa_algorithm_t psa_sig_alg; MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate verify")); @@ -3422,9 +3423,8 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) /* * Check the certificate's key type matches the signature alg */ - if (!mbedtls_pk_can_do_psa(peer_pk, - mbedtls_psa_alg_from_pk_sigalg(pk_alg, PSA_ALG_ANY_HASH), - PSA_KEY_USAGE_VERIFY_HASH)) { + psa_sig_alg = mbedtls_psa_alg_from_pk_sigalg(pk_alg, mbedtls_md_psa_alg_from_type(md_alg)); + if (!mbedtls_pk_can_do_psa(peer_pk, psa_sig_alg, PSA_KEY_USAGE_VERIFY_HASH)) { MBEDTLS_SSL_DEBUG_MSG(1, ("sig_alg doesn't match cert key")); return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } From d58985461192866894f9e15be41928682bdd7104 Mon Sep 17 00:00:00 2001 From: Nico Geyso Date: Tue, 18 Nov 2025 10:33:36 +0100 Subject: [PATCH 1207/1548] mbedtls_ssl_get_alert(): getter for fatal alerts Even though the TLS RFCs do not mandate libraries to expose *Error Alerts* (as defined in RFC8446 6.2 for TLS 1.3 and in RFC5246 7.2.2 for TLS 1.2) to the user, there are use cases when it is handy to get the actual last received fatal error instead of a generic one. For instance this enables the user to differ between received fatal errors in case `mbedtls_ssl_handshake()`, `mbedtls_ssl_handshake_step()` or `mbedtls_ssl_read()` returned `MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE`. This changesets stores the last incoming fatal alert in `mbedtls_ssl_context` and provides `mbedtls_ssl_get_alert()` as a getter for retrieving it. Another option would be to provide a callback mechanisms for all kinds of alerts (not only fatals) but for simplicity I discarded this option. Signed-off-by: Nico Geyso --- ChangeLog.d/alert-getter.txt | 6 ++++ include/mbedtls/ssl.h | 23 +++++++++++++++ library/ssl_msg.c | 10 +++++++ library/ssl_tls.c | 2 ++ tests/suites/test_suite_ssl.data | 3 ++ tests/suites/test_suite_ssl.function | 42 ++++++++++++++++++++++++++++ 6 files changed, 86 insertions(+) create mode 100644 ChangeLog.d/alert-getter.txt diff --git a/ChangeLog.d/alert-getter.txt b/ChangeLog.d/alert-getter.txt new file mode 100644 index 0000000000..2b6afd225d --- /dev/null +++ b/ChangeLog.d/alert-getter.txt @@ -0,0 +1,6 @@ +Features + * Add the function mbedtls_ssl_get_alert() which returns the + last received fatal error alert type for a more generic + MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE return value from + mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step() or + mbedtls_ssl_read(). diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 6c86c57345..33d9fcf844 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1715,6 +1715,13 @@ struct mbedtls_ssl_context { int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message on next call to record layer? */ + unsigned char MBEDTLS_PRIVATE(in_alert_recv); /*!< Determines if a fatal alert has + been received. Values: + - \c 0 , no fatal alert received. + - \c 1 , a fatal alert has been received */ + unsigned char MBEDTLS_PRIVATE(in_alert_type); /*!< Type of fatal alert if in_alert_recv + != 0 */ + /* The following three variables indicate if and, if yes, * what kind of alert is pending to be sent. */ @@ -4911,6 +4918,22 @@ int mbedtls_ssl_write(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl, unsigned char level, unsigned char message); + +/** + * \brief Get the received fatal alert + * + * \param ssl SSL context + * + * \return The alert description type (MBEDTLS_SSL_ALERT_MSG_*) if a fatal + * alert has been received or MBEDTLS_ERR_SSL_BAD_INPUT_DATA + * + * \note This function can be used in case mbedtls_ssl_handshake(), + * mbedtls_ssl_handshake_step() or mbedtls_ssl_read() returned + * MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE to get the actual alert + * description type. + */ +int mbedtls_ssl_get_alert(mbedtls_ssl_context *ssl); + /** * \brief Notify the peer that the connection is being closed * diff --git a/library/ssl_msg.c b/library/ssl_msg.c index d4b915aa74..70b69436c4 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -4931,6 +4931,8 @@ int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl) if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL) { MBEDTLS_SSL_DEBUG_MSG(1, ("is a fatal alert message (msg %d)", ssl->in_msg[1])); + ssl->in_alert_recv = 1; + ssl->in_alert_type = ssl->in_msg[1]; return MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE; } @@ -5015,6 +5017,14 @@ int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl, return 0; } +int mbedtls_ssl_get_alert(mbedtls_ssl_context *ssl) +{ + if (ssl == NULL || ssl->in_alert_recv != 1) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + return ssl->in_alert_type; +} + int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index be071defac..f19f249cb0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1296,6 +1296,8 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, memset(ssl->in_buf, 0, in_buf_len); } + ssl->in_alert_recv = 0; + ssl->send_alert = 0; /* Reset outgoing message writing */ diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index fa61b0f435..b05de38509 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3364,3 +3364,6 @@ ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:24:250:10 TLS 1.3 Keying Material Exporter: Handshake not done depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_3:1:MBEDTLS_SSL_SERVER_CERTIFICATE + +TLS fatal alert getter +ssl_get_alert_after_fatal diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 5b6500898e..f3f3c1976a 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5936,3 +5936,45 @@ exit: MD_OR_USE_PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +void ssl_get_alert_after_fatal(void) +{ + mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; + + /* prepapre ssl context to test on*/ + mbedtls_ssl_init(&ssl); + mbedtls_ssl_config_init(&conf); + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT), 0); + + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); + MD_OR_USE_PSA_INIT(); + TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); + + /* No alert has been received yet */ + TEST_ASSERT(mbedtls_ssl_get_alert(&ssl) == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + + // prepare input message buffer with fatal alert + ssl.in_msglen = 2; + ssl.in_msgtype = MBEDTLS_SSL_MSG_ALERT; + ssl.in_msg[0] = MBEDTLS_SSL_ALERT_LEVEL_FATAL; + ssl.in_msg[1] = MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE; + + /* import prepared fatal alert and test getter */ + TEST_ASSERT(mbedtls_ssl_handle_message_type(&ssl) == MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE ); + TEST_ASSERT(mbedtls_ssl_get_alert(&ssl) == MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + + /* Reset the session and check that no alert is present*/ + mbedtls_ssl_session_reset_msg_layer( &ssl, 0 ); + TEST_ASSERT(mbedtls_ssl_get_alert(&ssl) == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + +exit: + mbedtls_ssl_free(&ssl); + mbedtls_ssl_config_free(&conf); + USE_PSA_DONE(); +} +/* END_CASE */ From 0841ceadf7fbd2639cc05a036607a7fb5e858d27 Mon Sep 17 00:00:00 2001 From: Nico Geyso Date: Wed, 19 Nov 2025 18:17:46 +0100 Subject: [PATCH 1208/1548] test ssl_get_alert_after_fatal - remove mbedtls_ssl_conf_rng Signed-off-by: Nico Geyso --- tests/suites/test_suite_ssl.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index f3f3c1976a..1a0d091b28 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5946,13 +5946,13 @@ void ssl_get_alert_after_fatal(void) /* prepapre ssl context to test on*/ mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); + MD_OR_USE_PSA_INIT(); + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - MD_OR_USE_PSA_INIT(); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); /* No alert has been received yet */ From f9a734f2b7de9a8e2fd39e76191a7d7a49262131 Mon Sep 17 00:00:00 2001 From: Nico Geyso Date: Wed, 19 Nov 2025 19:10:11 +0100 Subject: [PATCH 1209/1548] Fix C code style issues Signed-off-by: Nico Geyso --- include/mbedtls/ssl.h | 4 ++-- tests/suites/test_suite_ssl.function | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 33d9fcf844..2eb8d85dc9 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1717,8 +1717,8 @@ struct mbedtls_ssl_context { unsigned char MBEDTLS_PRIVATE(in_alert_recv); /*!< Determines if a fatal alert has been received. Values: - - \c 0 , no fatal alert received. - - \c 1 , a fatal alert has been received */ + - \c 0 , no fatal alert received. + - \c 1 , a fatal alert has been received */ unsigned char MBEDTLS_PRIVATE(in_alert_type); /*!< Type of fatal alert if in_alert_recv != 0 */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 1a0d091b28..d4eeb760f8 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5965,11 +5965,11 @@ void ssl_get_alert_after_fatal(void) ssl.in_msg[1] = MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE; /* import prepared fatal alert and test getter */ - TEST_ASSERT(mbedtls_ssl_handle_message_type(&ssl) == MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE ); + TEST_ASSERT(mbedtls_ssl_handle_message_type(&ssl) == MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE); TEST_ASSERT(mbedtls_ssl_get_alert(&ssl) == MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); /* Reset the session and check that no alert is present*/ - mbedtls_ssl_session_reset_msg_layer( &ssl, 0 ); + mbedtls_ssl_session_reset_msg_layer( &ssl, 0); TEST_ASSERT(mbedtls_ssl_get_alert(&ssl) == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); exit: From 13200ab116bb98669a43ccba2b98df0f29c5a28b Mon Sep 17 00:00:00 2001 From: Nico Geyso Date: Wed, 19 Nov 2025 23:09:11 +0100 Subject: [PATCH 1210/1548] Fix more C code style issues Signed-off-by: Nico Geyso --- include/mbedtls/ssl.h | 4 ++-- tests/suites/test_suite_ssl.function | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2eb8d85dc9..655143c106 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1716,11 +1716,11 @@ struct mbedtls_ssl_context { on next call to record layer? */ unsigned char MBEDTLS_PRIVATE(in_alert_recv); /*!< Determines if a fatal alert has - been received. Values: + been received. Values: - \c 0 , no fatal alert received. - \c 1 , a fatal alert has been received */ unsigned char MBEDTLS_PRIVATE(in_alert_type); /*!< Type of fatal alert if in_alert_recv - != 0 */ + != 0 */ /* The following three variables indicate if and, if yes, * what kind of alert is pending to be sent. diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index d4eeb760f8..d4ff7fea57 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5969,7 +5969,7 @@ void ssl_get_alert_after_fatal(void) TEST_ASSERT(mbedtls_ssl_get_alert(&ssl) == MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); /* Reset the session and check that no alert is present*/ - mbedtls_ssl_session_reset_msg_layer( &ssl, 0); + mbedtls_ssl_session_reset_msg_layer(&ssl, 0); TEST_ASSERT(mbedtls_ssl_get_alert(&ssl) == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); exit: From 33bd8f8f7f56aed78605863f481a6b0034d8cad9 Mon Sep 17 00:00:00 2001 From: Nico Geyso Date: Wed, 10 Dec 2025 19:41:03 +0100 Subject: [PATCH 1211/1548] ssl - reset alert type for session reset reset indicator (in_alert_recv) and type (in_alert_type) in mbedtls_ssl_session_reset_msg_layer Signed-off-by: Nico Geyso --- library/ssl_tls.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f19f249cb0..23ec7b40c7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1297,6 +1297,7 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, } ssl->in_alert_recv = 0; + ssl->in_alert_type = 0; ssl->send_alert = 0; From 6140cfb438fedc88a791f176b7d17b28a6db5e65 Mon Sep 17 00:00:00 2001 From: Nico Geyso Date: Wed, 10 Dec 2025 23:01:49 +0100 Subject: [PATCH 1212/1548] tests/ssl_get_alert_after_fatal - add invalid param case Signed-off-by: Nico Geyso --- tests/suites/test_suite_ssl.function | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index d4ff7fea57..79881b9834 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5955,6 +5955,9 @@ void ssl_get_alert_after_fatal(void) TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); + /* Invalid ssl context */ + TEST_ASSERT(mbedtls_ssl_get_alert(NULL) == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + /* No alert has been received yet */ TEST_ASSERT(mbedtls_ssl_get_alert(&ssl) == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); From a7337251f79268b760b686d488ce7ed9f2ffe025 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 11 Dec 2025 17:37:06 +0100 Subject: [PATCH 1213/1548] tests: remove temporary fix for secp192 curves in test_psa_crypto_without_heap secp192 curves are no more supported in tf-psa-crypto and also all the temporary fixes has been removed. This one can be removed as well. Signed-off-by: Valerio Setti --- tests/scripts/components-configuration-crypto.sh | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index cff24a34ce..a03dce152c 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -92,13 +92,6 @@ component_test_psa_crypto_without_heap() { scripts/config.py unset-all "^PSA_WANT_ALG_RSA_" # EC-JPAKE use calloc/free in PSA core scripts/config.py unset PSA_WANT_ALG_JPAKE - # Curves p192[k|r]1 were disabled by default in TF-PSA-Crypto 1.0 so they - # were enabled here in order to get full test coverage. Support for these - # curves has completely been removed, but due to interdependency between - # CIs (mbedtls vs tf-psa-crypto) we still need to keep these lines here for - # a while. They will be removed in #10518 - scripts/config.py set PSA_WANT_ECC_SECP_K1_192 || true - scripts/config.py set PSA_WANT_ECC_SECP_R1_192 || true scripts/config.py set TF_PSA_CRYPTO_ALLOW_REMOVED_MECHANISMS || true # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H). From 3b74e0ee60443adb9d12ecafb104e96689bce17a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 11 Dec 2025 21:17:35 +0100 Subject: [PATCH 1214/1548] tf-psa-crypto: update reference Signed-off-by: Valerio Setti --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index cb9d0ed648..85af1a8fdc 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit cb9d0ed64831da3e7b85ea8741a57fdc27c010e6 +Subproject commit 85af1a8fdc7b1caa85d99380c1607c3ec11bf87d From a7fd88ae74cebd4b318bd47ca62d0cfcf9f09c5f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 11 Dec 2025 22:54:39 +0100 Subject: [PATCH 1215/1548] framework: update reference Signed-off-by: Valerio Setti --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index f58263d00f..5ef7e74c53 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit f58263d00f287993d7ba4aeaef825385459fd02d +Subproject commit 5ef7e74c537193912a31e1e03b56261116578896 From 23aad2cdad20c597f2ab0d1b2c3923309a2284fc Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 23 Dec 2025 16:11:49 +0000 Subject: [PATCH 1216/1548] Replace references of mbedtls_ecp_set_max_ops with psa_interruptible_set_max_ops as it is now internal Signed-off-by: Ben Taylor --- include/mbedtls/ssl.h | 6 +++--- include/mbedtls/x509_crt.h | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 6c86c57345..4fb4584362 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4591,7 +4591,7 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * mbedtls_ssl_conf_async_private_cb()) - in this case you * must call this function again when the operation is ready. * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic - * operation is in progress (see mbedtls_ecp_set_max_ops()) - + * operation is in progress (see psa_interruptible_set_max_ops()) - * in this case you must call this function again to complete * the handshake when you're done attending other tasks. * \return #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use @@ -4762,7 +4762,7 @@ int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl); * mbedtls_ssl_conf_async_private_cb()) - in this case you * must call this function again when the operation is ready. * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic - * operation is in progress (see mbedtls_ecp_set_max_ops()) - + * operation is in progress (see psa_interruptible_set_max_ops()) - * in this case you must call this function again to complete * the handshake when you're done attending other tasks. * \return #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server @@ -4847,7 +4847,7 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len); * mbedtls_ssl_conf_async_private_cb()) - in this case you * must call this function again when the operation is ready. * \return #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic - * operation is in progress (see mbedtls_ecp_set_max_ops()) - + * operation is in progress (see psa_interruptible_set_max_ops()) - * in this case you must call this function again to complete * the handshake when you're done attending other tasks. * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 9e607ad29a..8ee7c464af 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -714,7 +714,7 @@ int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, * * \note Performs the same job as \c mbedtls_crt_verify_with_profile() * but can return early and restart according to the limit - * set with \c mbedtls_ecp_set_max_ops() to reduce blocking. + * set with \c psa_interruptible_set_max_ops() to reduce blocking. * * \param crt The certificate chain to be verified. * \param trust_ca The list of trusted CAs. @@ -733,7 +733,7 @@ int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, * * \return See \c mbedtls_crt_verify_with_profile(), or * \return #PSA_OPERATION_INCOMPLETE if maximum number of - * operations was reached: see \c mbedtls_ecp_set_max_ops(). + * operations was reached: see \c psa_interruptible_set_max_ops(). */ int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, From 27c22840b433e3f07243d8e1d30853eaacc7df88 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 24 Dec 2025 08:20:09 +0000 Subject: [PATCH 1217/1548] Re-instate failure when disabling non-existing option Signed-off-by: Ben Taylor --- tests/scripts/depends.py | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index bf401e0675..a9d1d09507 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -109,12 +109,6 @@ def set_config_option_value(conf, option, colors, value: Union[bool, str]): value can be either True/False (set/unset config option), or a string, which will make a symbol defined with a certain value.""" if not option_exists(conf, option): - if value is False: - log_line( - f'Warning, disabling {option} that does not exist in {conf.filename}', - color=colors.cyan - ) - return True log_line('Symbol {} was not found in {}'.format(option, conf.filename), color=colors.red) return False From 262d9cab424718624e5326686edfb48647c9bf3c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Dec 2025 12:33:13 +0100 Subject: [PATCH 1218/1548] Update framework with config_macros.py Signed-off-by: Gilles Peskine --- framework | 2 +- tf-psa-crypto | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/framework b/framework index 5ef7e74c53..77f707a557 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 5ef7e74c537193912a31e1e03b56261116578896 +Subproject commit 77f707a5576c5bdd1ff9463c7b25d2488497f57e diff --git a/tf-psa-crypto b/tf-psa-crypto index 85af1a8fdc..ae74d3276a 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 85af1a8fdc7b1caa85d99380c1607c3ec11bf87d +Subproject commit ae74d3276a75c2419ee51621150006bd8fd3883c From 35821e7c77ef00c3b9f53dc09844ba6ef7fd98f3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Dec 2025 12:44:59 +0100 Subject: [PATCH 1219/1548] Switch from config_history to config_macros Switch from the `config_history` module to the new module `config_macros`. No behavior change. Signed-off-by: Gilles Peskine --- scripts/generate_config_checks.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/scripts/generate_config_checks.py b/scripts/generate_config_checks.py index bae93c3662..bf8889f32b 100755 --- a/scripts/generate_config_checks.py +++ b/scripts/generate_config_checks.py @@ -8,7 +8,7 @@ import framework_scripts_path # pylint: disable=unused-import from mbedtls_framework.config_checks_generator import * \ #pylint: disable=wildcard-import,unused-wildcard-import -from mbedtls_framework import config_history +from mbedtls_framework import config_macros class CryptoInternal(SubprojectInternal): SUBPROJECT = 'TF-PSA-Crypto' @@ -23,17 +23,17 @@ class CryptoOption(SubprojectOption): def checkers_for_removed_options() -> Iterator[Checker]: """Discover removed options. Yield corresponding checkers.""" - history = config_history.ConfigHistory() - old_public = history.options('mbedtls', '3.6') - new_public = history.options('mbedtls', '4.0') - crypto_public = history.options('tfpsacrypto', '1.0') - crypto_internal = history.internal('tfpsacrypto', '1.0') + previous_major = config_macros.History('mbedtls', '3.6') + this_major = config_macros.History('mbedtls', '4.0') + old_public = previous_major.options() + new_public = this_major.options() + crypto = config_macros.History('tfpsacrypto', '1.0') for option in sorted(old_public - new_public): if option in ALWAYS_ENABLED_SINCE_4_0: continue - if option in crypto_public: + if option in crypto.options(): yield CryptoOption(option) - elif option in crypto_internal: + elif option in crypto.internal(): yield CryptoInternal(option) else: yield Removed(option, 'Mbed TLS 4.0') From 30323afa6ccfe8b8bf6e92a6b28efb7dcdafdf36 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Dec 2025 13:44:22 +0100 Subject: [PATCH 1220/1548] Read current data rather than data about 4.0 It doesn't matter how a macro was used in a previous minor version of the library. What matters is current information about options and internal symbols, and information about past versions from which a macro may have been removed. The output is mostly the same, but: * Macros that were options in 3.6, became internal in 4.0 and have now been completely removed are now shown as removed, not internal. * Macros that were options in 3.6, were completely removed in 4.0, and are now back but internal, are now shown as internal, not removed. * Macros that were options in 3.6, were removed in 4.0 and are back to being options are no longer rejected. * Macros that were options in 3.6, were removed in 4.0 and are back to being internal derived macros in TF-PSA-Crypto are no longer rejected. Signed-off-by: Gilles Peskine --- scripts/generate_config_checks.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/generate_config_checks.py b/scripts/generate_config_checks.py index bf8889f32b..2e9faa6714 100755 --- a/scripts/generate_config_checks.py +++ b/scripts/generate_config_checks.py @@ -24,10 +24,10 @@ class CryptoOption(SubprojectOption): def checkers_for_removed_options() -> Iterator[Checker]: """Discover removed options. Yield corresponding checkers.""" previous_major = config_macros.History('mbedtls', '3.6') - this_major = config_macros.History('mbedtls', '4.0') + current = config_macros.Current() + crypto = config_macros.Current('tf-psa-crypto') old_public = previous_major.options() - new_public = this_major.options() - crypto = config_macros.History('tfpsacrypto', '1.0') + new_public = current.options() for option in sorted(old_public - new_public): if option in ALWAYS_ENABLED_SINCE_4_0: continue From 1de879c6dd089ef5a8df4d88fc590e52c41e74fd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Dec 2025 13:50:23 +0100 Subject: [PATCH 1221/1548] Also reject internal macros that weren't options in 3.6 Signed-off-by: Gilles Peskine --- scripts/generate_config_checks.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/generate_config_checks.py b/scripts/generate_config_checks.py index 2e9faa6714..0f55936c8c 100755 --- a/scripts/generate_config_checks.py +++ b/scripts/generate_config_checks.py @@ -37,6 +37,9 @@ def checkers_for_removed_options() -> Iterator[Checker]: yield CryptoInternal(option) else: yield Removed(option, 'Mbed TLS 4.0') + for option in (current.internal() - new_public - old_public - + crypto.options() - crypto.internal()): + yield Internal(option) def all_checkers() -> Iterator[Checker]: """Yield all checkers.""" From 0e2eb22145fceef8347d9f7d769df7972ff73225 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 30 Dec 2025 15:34:05 +0100 Subject: [PATCH 1222/1548] New script to check or update config-options-current.txt This script may be generalized to check other files that need lists of current options. But for now, the script just checks `scripts/data_files/config-options-current.txt`. This script is identical to the file in crypto. If the file grows to support multiple targets, we'll probably want to split it, with a generic part in the framework and a project-specific part (probably little more than the list of targets) in each project. But for now the file is too simple to split. Signed-off-by: Gilles Peskine --- tests/scripts/check_option_lists.py | 42 +++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100755 tests/scripts/check_option_lists.py diff --git a/tests/scripts/check_option_lists.py b/tests/scripts/check_option_lists.py new file mode 100755 index 0000000000..dcf5c3a74d --- /dev/null +++ b/tests/scripts/check_option_lists.py @@ -0,0 +1,42 @@ +#!/usr/bin/env python3 + +""" +Check that files with lists of config options are up-to-date, or update them. + +This script checks the following file: +scripts/data_files/config-options-current.txt +""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +import argparse +import sys + +import scripts_path # pylint: disable=unused-import +from mbedtls_framework import config_macros + + +def main(): + parser = argparse.ArgumentParser(description=__doc__) + # For now this script only acts on one target file. + # If we check/update more files, we should add a way to select which + # file(s) to operate on. + parser.add_argument('--always-update', '-U', + action='store_true', + help=('Update target files unconditionally ' + '(overrides --update)')) + parser.add_argument('--update', '-u', + action='store_true', + help='Update target files if needed') + args = parser.parse_args() + data = config_macros.Current(shadow_missing_ok=True) + if args.update or args.always_update: + data.update_shadow_file(args.always_update) + else: + up_to_date = True + up_to_date &= data.compare_shadow_file_verbosely() + sys.exit(0 if up_to_date else 1) + +if __name__ == "__main__": + main() From 43784b54cd3c977351abebe7528b0672ae931272 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 30 Dec 2025 15:49:43 +0100 Subject: [PATCH 1223/1548] Create the config option list shadow file ``` tests/scripts/check_option_lists.py -u ``` Signed-off-by: Gilles Peskine --- scripts/data_files/config-options-current.txt | 79 +++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 scripts/data_files/config-options-current.txt diff --git a/scripts/data_files/config-options-current.txt b/scripts/data_files/config-options-current.txt new file mode 100644 index 0000000000..81b233804c --- /dev/null +++ b/scripts/data_files/config-options-current.txt @@ -0,0 +1,79 @@ +MBEDTLS_CONFIG_FILE +MBEDTLS_CONFIG_VERSION +MBEDTLS_DEBUG_C +MBEDTLS_ERROR_C +MBEDTLS_ERROR_STRERROR_DUMMY +MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +MBEDTLS_NET_C +MBEDTLS_PKCS7_C +MBEDTLS_PSK_MAX_LEN +MBEDTLS_SSL_ALL_ALERT_MESSAGES +MBEDTLS_SSL_ALPN +MBEDTLS_SSL_ASYNC_PRIVATE +MBEDTLS_SSL_CACHE_C +MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES +MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT +MBEDTLS_SSL_CID_IN_LEN_MAX +MBEDTLS_SSL_CID_OUT_LEN_MAX +MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY +MBEDTLS_SSL_CIPHERSUITES +MBEDTLS_SSL_CLI_C +MBEDTLS_SSL_CONTEXT_SERIALIZATION +MBEDTLS_SSL_COOKIE_C +MBEDTLS_SSL_COOKIE_TIMEOUT +MBEDTLS_SSL_DEBUG_ALL +MBEDTLS_SSL_DTLS_ANTI_REPLAY +MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +MBEDTLS_SSL_DTLS_CONNECTION_ID +MBEDTLS_SSL_DTLS_HELLO_VERIFY +MBEDTLS_SSL_DTLS_MAX_BUFFERING +MBEDTLS_SSL_DTLS_SRTP +MBEDTLS_SSL_EARLY_DATA +MBEDTLS_SSL_ENCRYPT_THEN_MAC +MBEDTLS_SSL_EXTENDED_MASTER_SECRET +MBEDTLS_SSL_IN_CONTENT_LEN +MBEDTLS_SSL_KEEP_PEER_CERTIFICATE +MBEDTLS_SSL_KEYING_MATERIAL_EXPORT +MBEDTLS_SSL_MAX_EARLY_DATA_SIZE +MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +MBEDTLS_SSL_NULL_CIPHERSUITES +MBEDTLS_SSL_OUT_CONTENT_LEN +MBEDTLS_SSL_PROTO_DTLS +MBEDTLS_SSL_PROTO_TLS1_2 +MBEDTLS_SSL_PROTO_TLS1_3 +MBEDTLS_SSL_RECORD_SIZE_LIMIT +MBEDTLS_SSL_RENEGOTIATION +MBEDTLS_SSL_SERVER_NAME_INDICATION +MBEDTLS_SSL_SESSION_TICKETS +MBEDTLS_SSL_SRV_C +MBEDTLS_SSL_TICKET_C +MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS +MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE +MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH +MBEDTLS_SSL_TLS_C +MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH +MBEDTLS_TIMING_ALT +MBEDTLS_TIMING_C +MBEDTLS_USER_CONFIG_FILE +MBEDTLS_VERSION_C +MBEDTLS_VERSION_FEATURES +MBEDTLS_X509_CREATE_C +MBEDTLS_X509_CRL_PARSE_C +MBEDTLS_X509_CRT_PARSE_C +MBEDTLS_X509_CRT_WRITE_C +MBEDTLS_X509_CSR_PARSE_C +MBEDTLS_X509_CSR_WRITE_C +MBEDTLS_X509_MAX_FILE_PATH_LEN +MBEDTLS_X509_MAX_INTERMEDIATE_CA +MBEDTLS_X509_REMOVE_INFO +MBEDTLS_X509_RSASSA_PSS_SUPPORT +MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +MBEDTLS_X509_USE_C From 93ef003cdc2b5bdeea803dff471a2a6189beba49 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 30 Dec 2025 15:52:43 +0100 Subject: [PATCH 1224/1548] Check that the config option list shadow file is up to date Test that `scripts/data_files/config-options-current.txt` is up-to-date. This file needs to change every time we add or remove a config option. Signed-off-by: Gilles Peskine --- tests/scripts/components-basic-checks.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index e791ad065c..199396df30 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -46,6 +46,9 @@ component_check_generated_files () { # This component ends with the generated files present in the source tree. # This is necessary for subsequent components! + + msg "Check committed generated files" + tests/scripts/check_option_lists.py } component_check_doxy_blocks () { From b6c30c36393e0981436cd80e55a649baeb9862b4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 2 Jan 2026 22:23:28 +0100 Subject: [PATCH 1225/1548] Print a useful message when the file is out of date Don't print the differences: interested users can just run `git diff` (or save the old file and run `comm`). Signed-off-by: Gilles Peskine --- tests/scripts/check_option_lists.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/scripts/check_option_lists.py b/tests/scripts/check_option_lists.py index dcf5c3a74d..7ce55c1da9 100755 --- a/tests/scripts/check_option_lists.py +++ b/tests/scripts/check_option_lists.py @@ -35,7 +35,11 @@ def main(): data.update_shadow_file(args.always_update) else: up_to_date = True - up_to_date &= data.compare_shadow_file_verbosely() + if not data.is_shadow_file_up_to_date(): + print(f'{data.shadow_file_path()} is out of date') + print(f'After adding or removing a conifg option, you need to run') + print(f'{sys.argv[0]} and commit the result.') + up_to_date = False sys.exit(0 if up_to_date else 1) if __name__ == "__main__": From 168c6ec50ce8e606a7dc8d421189e59ab610c991 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 5 Jan 2026 09:45:07 +0100 Subject: [PATCH 1226/1548] Improve out-of-date message Signed-off-by: Gilles Peskine --- tests/scripts/check_option_lists.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/check_option_lists.py b/tests/scripts/check_option_lists.py index 7ce55c1da9..c9b643bb6d 100755 --- a/tests/scripts/check_option_lists.py +++ b/tests/scripts/check_option_lists.py @@ -37,8 +37,8 @@ def main(): up_to_date = True if not data.is_shadow_file_up_to_date(): print(f'{data.shadow_file_path()} is out of date') - print(f'After adding or removing a conifg option, you need to run') - print(f'{sys.argv[0]} and commit the result.') + print(f'After adding or removing a config option, you need to run') + print(f'{sys.argv[0]} -u and commit the result.') up_to_date = False sys.exit(0 if up_to_date else 1) From d0f6b5476d3f01b0a2947be99a7e1742c6078b2d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 6 Jan 2026 17:04:52 +0100 Subject: [PATCH 1227/1548] Don't call SHA3 selftest when SHA3 is accelerated `mbedtls_sha3_self_test` only exists in the built-in implementation. The SHA3 self-test won't run until the tf-psa-crypto submodule moves past https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/618 Signed-off-by: Gilles Peskine --- programs/test/selftest.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 0e906ab4a3..04d35cd8ed 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -289,10 +289,7 @@ const selftest_t selftests[] = #if defined(MBEDTLS_SHA512_C) { "sha512", mbedtls_sha512_self_test }, #endif -#if defined(PSA_WANT_ALG_SHA3_224) || \ - defined(PSA_WANT_ALG_SHA3_256) || \ - defined(PSA_WANT_ALG_SHA3_384) || \ - defined(PSA_WANT_ALG_SHA3_512) +#if defined(MBEDTLS_SHA3_C) { "sha3", mbedtls_sha3_self_test }, #endif #if defined(MBEDTLS_AES_C) From 40b11f59df91ba23b7916d1c56dd4d63cbe6ed77 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 6 Jan 2026 17:07:17 +0100 Subject: [PATCH 1228/1548] Remove component_test_sha3_variations TF-PSA-Crypto is getting a component with similar coverage in https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/618 Signed-off-by: Gilles Peskine --- .../components-configuration-crypto.sh | 31 ------------------- 1 file changed, 31 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index a03dce152c..d1ce15e40a 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2007,37 +2007,6 @@ component_build_aes_variations () { "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" } -component_test_sha3_variations () { - msg "sha3 loop unroll variations" - - # define minimal config sufficient to test SHA3 - cat > include/mbedtls/mbedtls_config.h << END -END - - cat > tf-psa-crypto/include/psa/crypto_config.h << END - #define PSA_WANT_ALG_SHA_256 1 - #define PSA_WANT_ALG_SHA3_224 1 - #define PSA_WANT_ALG_SHA3_256 1 - #define PSA_WANT_ALG_SHA3_384 1 - #define PSA_WANT_ALG_SHA3_512 1 - #define PSA_WANT_KEY_TYPE_AES 1 - #define MBEDTLS_PSA_CRYPTO_C - #define MBEDTLS_CTR_DRBG_C - #define MBEDTLS_PSA_BUILTIN_GET_ENTROPY - #define MBEDTLS_SELF_TEST -END - - msg "all loops unrolled" - $MAKE_COMMAND clean - make -C tests ../tf-psa-crypto/tests/test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=1 -DMBEDTLS_SHA3_PI_UNROLL=1 -DMBEDTLS_SHA3_CHI_UNROLL=1 -DMBEDTLS_SHA3_RHO_UNROLL=1" - ./tf-psa-crypto/tests/test_suite_shax - - msg "all loops rolled up" - $MAKE_COMMAND clean - make -C tests ../tf-psa-crypto/tests/test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=0 -DMBEDTLS_SHA3_PI_UNROLL=0 -DMBEDTLS_SHA3_CHI_UNROLL=0 -DMBEDTLS_SHA3_RHO_UNROLL=0" - ./tf-psa-crypto/tests/test_suite_shax -} - support_build_aes_aesce_armcc () { support_build_armcc } From 4185efafe4d4634e7ee1fb012ce1389f950c2fbf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 Jan 2026 10:28:40 +0100 Subject: [PATCH 1229/1548] Fix non-determinism when generating mbedtls_config_check_user.h Signed-off-by: Gilles Peskine --- scripts/generate_config_checks.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/generate_config_checks.py b/scripts/generate_config_checks.py index 0f55936c8c..ece67e6e75 100755 --- a/scripts/generate_config_checks.py +++ b/scripts/generate_config_checks.py @@ -37,8 +37,8 @@ def checkers_for_removed_options() -> Iterator[Checker]: yield CryptoInternal(option) else: yield Removed(option, 'Mbed TLS 4.0') - for option in (current.internal() - new_public - old_public - - crypto.options() - crypto.internal()): + for option in sorted(current.internal() - new_public - old_public - + crypto.options() - crypto.internal()): yield Internal(option) def all_checkers() -> Iterator[Checker]: From a1502f54f5c15e7ae00793001b7e56813af624ef Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 10 Dec 2025 18:19:36 +0100 Subject: [PATCH 1230/1548] Drop the ability to build the library without the framework We put that in 3.6.0 because we wanted to minimize changes in a minor release, and in particular we wanted users to be able to build the library if they were checking out a release tag without checking out submodules recursively. That was possible because 3.6.x release tags contain the generated files. Since 4.0.0, it's completely impossible to build Mbed TLS without the `tf-psa-crypto` submodule. So there's no point in trying to allow a build without the `framework` submodule. In the libtestdriver1 build, where we copy part of the framework, copy the framework makefile as well, which is what we use to check for the presence of the framework (even though the framework makefile doesn't do anything useful after all). Signed-off-by: Gilles Peskine --- library/Makefile | 16 +++++++--------- tests/Makefile | 2 +- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/library/Makefile b/library/Makefile index 9085ab481c..6d43b85e18 100644 --- a/library/Makefile +++ b/library/Makefile @@ -24,19 +24,17 @@ GENERATED_FILES += \ $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_final.h \ $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_user.h -ifneq ($(GENERATED_FILES),$(wildcard $(GENERATED_FILES))) - ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make)) - # Use the define keyword to get a multi-line message. - # GNU make appends ". Stop.", so tweak the ending of our message accordingly. - define error_message +ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make)) + # Use the define keyword to get a multi-line message. + # GNU make appends ". Stop.", so tweak the ending of our message accordingly. + define error_message $(MBEDTLS_PATH)/framework/exported.make not found. Run `git submodule update --init` to fetch the submodule contents. This is a fatal error - endef - $(error $(error_message)) - endif - include $(MBEDTLS_PATH)/framework/exported.make + endef + $(error $(error_message)) endif +include $(MBEDTLS_PATH)/framework/exported.make # Also see "include/mbedtls/mbedtls_config.h" diff --git a/tests/Makefile b/tests/Makefile index a52bc32f57..782ebc1200 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -334,7 +334,7 @@ libtestdriver1.a: mkdir ./libtestdriver1/tf-psa-crypto/drivers/p256-m touch ./libtestdriver1/tf-psa-crypto/drivers/everest/Makefile.inc touch ./libtestdriver1/tf-psa-crypto/drivers/p256-m/Makefile.inc - cp -Rf ../framework/scripts ./libtestdriver1/framework + cp -Rf ../framework/scripts ../framework/exported.make ./libtestdriver1/framework cp -Rf ../library ./libtestdriver1 cp -Rf ../include ./libtestdriver1 cp -Rf ../scripts ./libtestdriver1 From d13d041ed090bec4324687c4c154b2e66f7d0429 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 10 Dec 2025 18:23:21 +0100 Subject: [PATCH 1231/1548] Check for the framework submodule before anything else If we don't have submodules, we can't do anything. Signed-off-by: Gilles Peskine --- library/Makefile | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/library/Makefile b/library/Makefile index 6d43b85e18..c0d37fdb8d 100644 --- a/library/Makefile +++ b/library/Makefile @@ -2,6 +2,18 @@ ifndef MBEDTLS_PATH MBEDTLS_PATH := .. endif +ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make)) + # Use the define keyword to get a multi-line message. + # GNU make appends ". Stop.", so tweak the ending of our message accordingly. + define error_message +$(MBEDTLS_PATH)/framework/exported.make not found. +Run `git submodule update --init` to fetch the submodule contents. +This is a fatal error + endef + $(error $(error_message)) +endif +include $(MBEDTLS_PATH)/framework/exported.make + TF_PSA_CRYPTO_CORE_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/core TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src @@ -24,18 +36,6 @@ GENERATED_FILES += \ $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_final.h \ $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_user.h -ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make)) - # Use the define keyword to get a multi-line message. - # GNU make appends ". Stop.", so tweak the ending of our message accordingly. - define error_message -$(MBEDTLS_PATH)/framework/exported.make not found. -Run `git submodule update --init` to fetch the submodule contents. -This is a fatal error - endef - $(error $(error_message)) -endif -include $(MBEDTLS_PATH)/framework/exported.make - # Also see "include/mbedtls/mbedtls_config.h" CFLAGS ?= -O2 From 3884bf3d89eda2dd99d309845cd245b131ddeaf1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 Dec 2025 14:31:33 +0100 Subject: [PATCH 1232/1548] Remove a XySSL-era comment that has run its course Signed-off-by: Gilles Peskine --- library/Makefile | 2 -- scripts/common.make | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/library/Makefile b/library/Makefile index c0d37fdb8d..1c05e1691f 100644 --- a/library/Makefile +++ b/library/Makefile @@ -36,8 +36,6 @@ GENERATED_FILES += \ $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_final.h \ $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_user.h -# Also see "include/mbedtls/mbedtls_config.h" - CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= diff --git a/scripts/common.make b/scripts/common.make index c0e7b1d966..63be983cd4 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -1,5 +1,3 @@ -# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS - ifndef MBEDTLS_PATH MBEDTLS_PATH := .. endif @@ -23,6 +21,8 @@ WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -std=c++11 -pedantic LDFLAGS ?= +# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS + LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include \ -I$(MBEDTLS_PATH)/framework/tests/include \ -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tf-psa-crypto/include \ From f79f4014b67fc07fb8610c75fa6df3ac025834fd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 15 Dec 2025 19:26:25 +0100 Subject: [PATCH 1233/1548] Fix missing dependencies of test_certs.h Signed-off-by: Gilles Peskine --- tests/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Makefile b/tests/Makefile index 782ebc1200..5c956149e0 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -185,7 +185,7 @@ all: $(BINARIES) $(CRYPTO_BINARIES) mbedtls_test: $(MBEDTLS_TEST_OBJS) include/test/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \ - $($(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies) + $(shell $(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies) echo " Gen $@" $(PYTHON) ../framework/scripts/generate_test_cert_macros.py --output $@ From d78060bda6bb2ef2e1948bd6377204898dab2264 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 Dec 2025 14:43:57 +0100 Subject: [PATCH 1234/1548] Get a clean run from make --warn-undefined-variables Except in psasim, which I am not touching at this time. Signed-off-by: Gilles Peskine --- scripts/common.make | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/scripts/common.make b/scripts/common.make index 63be983cd4..5350d87efc 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -95,6 +95,16 @@ $(strip $(shell )) endef +# Ensure that `THREADING` is always defined. This lets us get a clean run +# with `make --warn-undefined-variables` without making the conditionals +# below more complex than they already are. At this stage, if `$(THREADING)` +# is empty, it means we don't know yet whether the threading implementation +# requires extra `LDFLAGS`. Once we've done the analysis, if `$(THREADING)` +# is empty, it will mean that no extra `LDFLAGS` are required, either +# because threading is disabled or because the threading implementation +# doesn't require any extra `LDFLAGS`. +THREADING ?= + ifdef WINDOWS_BUILD DLEXT=dll EXEXT=.exe @@ -107,7 +117,7 @@ else # Not building for Windows DLEXT ?= so EXEXT= SHARED_SUFFIX= - ifndef THREADING + ifeq ($(THREADING),) # Auto-detect configurations with pthread. # If the call to remove_enabled_options returns "control", the symbols # are confirmed set and we link with pthread. @@ -123,6 +133,8 @@ else # Not building for Windows endif endif +PERL ?= perl + ifdef WINDOWS PYTHON ?= python else From a47cc276572371386d64378521f89a3860ee8c16 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 12 Dec 2025 19:38:09 +0100 Subject: [PATCH 1235/1548] Fix mixup in dependencies for generated config checks Signed-off-by: Gilles Peskine --- library/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/Makefile b/library/Makefile index 1c05e1691f..807e3f1adb 100644 --- a/library/Makefile +++ b/library/Makefile @@ -336,7 +336,7 @@ $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o:$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_dr GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) ../scripts/generate_config_checks.py --list .) $(GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \ - $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ + ../scripts/generate_config_checks.py \ ../framework/scripts/mbedtls_framework/config_checks_generator.py $(GENERATED_CONFIG_CHECK_FILES): echo " Gen $(GENERATED_CONFIG_CHECK_FILES)" @@ -348,7 +348,7 @@ TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) \ $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ --list $(TF_PSA_CRYPTO_CORE_PATH)) $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \ - ../scripts/generate_config_checks.py \ + $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ ../framework/scripts/mbedtls_framework/config_checks_generator.py $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): echo " Gen $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES)" From 7bef731f0b709f3b9858bf6210fab79c0b675c23 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 10 Dec 2025 18:16:03 +0100 Subject: [PATCH 1236/1548] Create a TF-PSA-Crypto make helper for Mbed TLS Currently, Mbed TLS can be built with make, and we rely on this in many `all.sh` components. Mbed TLS knows how to build TF-PSA-Crypto, but this changes from time to time, and it's hard to do the necessary changes in both repositories at the same time. Create a file that Mbed TLS can consume to find out some information needed to build TF-PSA-Crypto, such as the locations of various files. Create this file in Mbed TLS. Once we have finished moving code to it, the file will move to TF-PSA-Crypto. Signed-off-by: Gilles Peskine --- library/Makefile | 2 ++ scripts/common.make | 2 ++ scripts/crypto-common.make | 25 +++++++++++++++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 scripts/crypto-common.make diff --git a/library/Makefile b/library/Makefile index 807e3f1adb..8195e2423a 100644 --- a/library/Makefile +++ b/library/Makefile @@ -14,6 +14,8 @@ This is a fatal error endif include $(MBEDTLS_PATH)/framework/exported.make +include $(MBEDTLS_PATH)/scripts/crypto-common.make + TF_PSA_CRYPTO_CORE_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/core TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src diff --git a/scripts/common.make b/scripts/common.make index 5350d87efc..9be3b2db53 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -16,6 +16,8 @@ This is a fatal error endif include $(MBEDTLS_PATH)/framework/exported.make +include $(MBEDTLS_PATH)/scripts/crypto-common.make + CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -std=c++11 -pedantic diff --git a/scripts/crypto-common.make b/scripts/crypto-common.make new file mode 100644 index 0000000000..5a79bc482b --- /dev/null +++ b/scripts/crypto-common.make @@ -0,0 +1,25 @@ +# Helper code for the make build system in Mbed TLS: define some variables +# providing information such as file paths. +# This file is only meant to exist for a short transition period. +# It may change or be removed without notice. +# Do not use it if you are not Mbed TLS! + +# Assume that this makefile is located in a first-level subdirectory of the +# Mbed TLS root, and is accessed directly (not via VPATH or such). +# If this is not the case, TF_PSA_CRYPTO_PATH or MBEDTLS_PATH must be defined +# before including this file. +ifneq ($(origin TF_PSA_CRYPTO_PATH), undefined) + # TF_PSA_CRYPTO_PATH was defined before including this file, good. +else ifneq ($(origin MBEDTLS_PATH), undefined) + TF_PSA_CRYPTO_PATH := $(MBEDTLS_PATH)/tf-psa-crypto +else + # $(dir $(lastword $(MAKEFILE_LIST))) is the path to this file, possibly + # a relative path, with a trailing slash. Strip off another directory + # from that. + TF_PSA_CRYPTO_PATH := $(patsubst %/,%,$(dir $(patsubst %/,%,$(dir $(lastword $(MAKEFILE_LIST))))))/tf-psa-crypto +endif + +ifeq (,$(wildcard $(TF_PSA_CRYPTO_PATH)/core/psa_crypto.c)) + $(error $$(TF_PSA_CRYPTO_PATH)/core/psa_crypto.c not found) +endif + From 46568f3c6ec367d0757bc9bbc6a7dea1304a8dec Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 11 Dec 2025 21:06:21 +0100 Subject: [PATCH 1237/1548] Move some crypto core and drivers variable definitions to crypto-common.make No behavior change. Signed-off-by: Gilles Peskine --- library/Makefile | 18 +++++++----------- scripts/common.make | 5 ----- scripts/crypto-common.make | 9 +++++++++ 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/library/Makefile b/library/Makefile index 8195e2423a..fc0cffb5c7 100644 --- a/library/Makefile +++ b/library/Makefile @@ -16,9 +16,6 @@ include $(MBEDTLS_PATH)/framework/exported.make include $(MBEDTLS_PATH)/scripts/crypto-common.make -TF_PSA_CRYPTO_CORE_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/core -TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src - # List the generated files without running a script, so that this # works with no tooling dependencies when GEN_FILES is disabled. GENERATED_FILES := \ @@ -46,10 +43,14 @@ LDFLAGS ?= # ../tf-psa-crypto/drivers/builtin/include for public headers and ., # ../tf-psa-crypto/core and ../tf-psa-crypto/drivers/builtin/src for # private headers. -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../tf-psa-crypto/core \ +LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. \ + -I../tf-psa-crypto/core \ -I../tf-psa-crypto/drivers/builtin/src \ - -I../include -I../tf-psa-crypto/include \ - -I../tf-psa-crypto/drivers/builtin/include -D_FILE_OFFSET_BITS=64 + -I../include \ + -I../tf-psa-crypto/include \ + -I../tf-psa-crypto/drivers/builtin/include \ + $(THIRDPARTY_INCLUDES) \ + -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = ifdef DEBUG @@ -123,11 +124,6 @@ OBJS_CRYPTO = $(patsubst %.c, %.o,$(wildcard $(TF_PSA_CRYPTO_CORE_PATH)/*.c $(TF GENERATED_OBJS_CRYPTO = $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o OBJS_CRYPTO := $(filter-out $(GENERATED_OBJS_CRYPTO),$(OBJS_CRYPTO)) OBJS_CRYPTO += $(GENERATED_OBJS_CRYPTO) - -THIRDPARTY_DIR := $(MBEDTLS_PATH)/tf-psa-crypto/drivers -include $(MBEDTLS_PATH)/tf-psa-crypto/drivers/everest/Makefile.inc -include $(MBEDTLS_PATH)/tf-psa-crypto/drivers/p256-m/Makefile.inc -LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS) OBJS_X509= \ diff --git a/scripts/common.make b/scripts/common.make index 9be3b2db53..f3754e587c 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -47,11 +47,6 @@ LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ -lmbedcrypto$(SHARED_SUFFIX) endif -THIRDPARTY_DIR = $(MBEDTLS_PATH)/tf-psa-crypto/drivers -include $(THIRDPARTY_DIR)/everest/Makefile.inc -include $(THIRDPARTY_DIR)/p256-m/Makefile.inc -LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) - ifdef PSASIM MBEDLIBS=$(PSASIM_PATH)/client_libs/libmbedcrypto.a \ $(PSASIM_PATH)/client_libs/libmbedx509.a \ diff --git a/scripts/crypto-common.make b/scripts/crypto-common.make index 5a79bc482b..315f14df10 100644 --- a/scripts/crypto-common.make +++ b/scripts/crypto-common.make @@ -23,3 +23,12 @@ ifeq (,$(wildcard $(TF_PSA_CRYPTO_PATH)/core/psa_crypto.c)) $(error $$(TF_PSA_CRYPTO_PATH)/core/psa_crypto.c not found) endif +TF_PSA_CRYPTO_CORE_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/core +TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src + +# Gather information about crypto drivers that are separate from the main +# "builtin" driver (historically located in /3rdparty in Mbed TLS 2.x/3.x). +THIRDPARTY_DIR := $(TF_PSA_CRYPTO_PATH)/drivers +THIRDPARTY_INCLUDES = +include $(TF_PSA_CRYPTO_PATH)/drivers/everest/Makefile.inc +include $(TF_PSA_CRYPTO_PATH)/drivers/p256-m/Makefile.inc From e3e4da61a8df430c1d1a6d43f7ecaf7893291e45 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 12 Dec 2025 19:29:45 +0100 Subject: [PATCH 1238/1548] Use intermediate variables for TF-PSA-Crypto's contribution to LOCAL_CFLAGS Define these intermediate variables in the crypto helper file. No behavior change except possibly an inconsequential reordering of compiler options. Signed-off-by: Gilles Peskine --- library/Makefile | 13 ++++--------- scripts/common.make | 4 ++-- scripts/crypto-common.make | 13 +++++++++++++ tests/Makefile | 3 ++- 4 files changed, 21 insertions(+), 12 deletions(-) diff --git a/library/Makefile b/library/Makefile index fc0cffb5c7..ce18353950 100644 --- a/library/Makefile +++ b/library/Makefile @@ -39,17 +39,12 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= -# Include ../include, ../tf-psa-crypto/include and -# ../tf-psa-crypto/drivers/builtin/include for public headers and ., -# ../tf-psa-crypto/core and ../tf-psa-crypto/drivers/builtin/src for -# private headers. +# For the time being, Mbed TLS uses non-public interfaces of TF-PSA-Crypto, +# so we include both public and internal headers. LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. \ - -I../tf-psa-crypto/core \ - -I../tf-psa-crypto/drivers/builtin/src \ + $(TF_PSA_CRYPTO_LIBRARY_PRIVATE_INCLUDE) \ -I../include \ - -I../tf-psa-crypto/include \ - -I../tf-psa-crypto/drivers/builtin/include \ - $(THIRDPARTY_INCLUDES) \ + $(TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE) \ -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = diff --git a/scripts/common.make b/scripts/common.make index f3754e587c..67ad341522 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -27,8 +27,8 @@ LDFLAGS ?= LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include \ -I$(MBEDTLS_PATH)/framework/tests/include \ - -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tf-psa-crypto/include \ - -I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/include \ + -I$(MBEDTLS_PATH)/include \ + $(TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE) \ -D_FILE_OFFSET_BITS=64 LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) $(LOCAL_CFLAGS) diff --git a/scripts/crypto-common.make b/scripts/crypto-common.make index 315f14df10..8d00bd8bed 100644 --- a/scripts/crypto-common.make +++ b/scripts/crypto-common.make @@ -32,3 +32,16 @@ THIRDPARTY_DIR := $(TF_PSA_CRYPTO_PATH)/drivers THIRDPARTY_INCLUDES = include $(TF_PSA_CRYPTO_PATH)/drivers/everest/Makefile.inc include $(TF_PSA_CRYPTO_PATH)/drivers/p256-m/Makefile.inc + +# Directories with headers of public interfaces of TF-PSA-Crypto +TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE = \ + -I$(TF_PSA_CRYPTO_PATH)/include \ + -I$(TF_PSA_CRYPTO_PATH)/drivers/builtin/include \ + $(THIRDPARTY_INCLUDES) + +# Directories with headers of internal interfaces of TF-PSA-Crypto +# (currently consumed by Mbed TLS, eventually not so when we've finished +# cleaning up) +TF_PSA_CRYPTO_LIBRARY_PRIVATE_INCLUDE = \ + -I$(TF_PSA_CRYPTO_PATH)/core \ + -I$(TF_PSA_CRYPTO_PATH)/drivers/builtin/src diff --git a/tests/Makefile b/tests/Makefile index 5c956149e0..7ebc10b6d0 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -5,7 +5,8 @@ include ../scripts/common.make TEST_FLAGS ?= $(if $(filter-out 0 OFF Off off NO No no FALSE False false N n,$(CTEST_OUTPUT_ON_FAILURE)),-v,) # Also include private headers, for the sake of invasive tests. -LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/library -I$(MBEDTLS_PATH)/tf-psa-crypto/core -I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src +LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/library +LOCAL_CFLAGS += $(TF_PSA_CRYPTO_LIBRARY_PRIVATE_INCLUDE) # Enable definition of various functions used throughout the testsuite # (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless From 260713499839bd1696c18704804482dc6a40483c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 18 Dec 2025 14:57:15 +0100 Subject: [PATCH 1239/1548] Move configurable variables to the top Define variables that are meant to be possibly overridden on the make command line (or in a parent makefile) at the top. In particular, define them before including the crypto and framework makefiles, so these makefiles can use the default values if there's no parent setting. Also move some internal variables earlier or later, so that a subsequent refactoring step can have things in the right order in the mbedtls per-directory makefile: 1. Define variables consumed by the per-directory crypto makefile. 2. Include the per-directory crypto makefile. 3. Use variables defined by the per-directory crypto makefile. Signed-off-by: Gilles Peskine --- library/Makefile | 98 ++++++++++++++++++++++----------------------- scripts/common.make | 26 ++++++------ 2 files changed, 62 insertions(+), 62 deletions(-) diff --git a/library/Makefile b/library/Makefile index ce18353950..3ee40fb71c 100644 --- a/library/Makefile +++ b/library/Makefile @@ -1,3 +1,25 @@ +CFLAGS ?= -O2 +WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral +LDFLAGS ?= + +# MicroBlaze specific options: +# CFLAGS += -mno-xl-soft-mul -mxl-barrel-shift + +# To compile on Plan9: +# CFLAGS += -D_BSD_EXTENSION + +PERL ?= perl + +ifdef WINDOWS +PYTHON ?= python +else +PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) +endif + +# Set AR_DASH= (empty string) to use an ar implementation that does not accept +# the - prefix for command line options (e.g. llvm-ar) +AR_DASH ?= - + ifndef MBEDTLS_PATH MBEDTLS_PATH := .. endif @@ -16,29 +38,6 @@ include $(MBEDTLS_PATH)/framework/exported.make include $(MBEDTLS_PATH)/scripts/crypto-common.make -# List the generated files without running a script, so that this -# works with no tooling dependencies when GEN_FILES is disabled. -GENERATED_FILES := \ - mbedtls_config_check_before.h \ - mbedtls_config_check_final.h \ - mbedtls_config_check_user.h \ - error.c \ - version_features.c \ - ssl_debug_helpers_generated.c - -# Also list the generated files from crypto that are needed in the build, -# because we don't have the list in a consumable form. -GENERATED_FILES += \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c \ - $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_before.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_final.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_user.h - -CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -LDFLAGS ?= - # For the time being, Mbed TLS uses non-public interfaces of TF-PSA-Crypto, # so we include both public and internal headers. LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. \ @@ -52,20 +51,6 @@ ifdef DEBUG LOCAL_CFLAGS += -g3 endif -# MicroBlaze specific options: -# CFLAGS += -mno-xl-soft-mul -mxl-barrel-shift - -# To compile on Plan9: -# CFLAGS += -D_BSD_EXTENSION - -PERL ?= perl - -ifdef WINDOWS -PYTHON ?= python -else -PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) -endif - # if were running on Windows build for Windows ifdef WINDOWS WINDOWS_BUILD=1 @@ -91,10 +76,6 @@ SOEXT_TLS?=so.21 SOEXT_X509?=so.8 SOEXT_CRYPTO?=so.16 -# Set AR_DASH= (empty string) to use an ar implementation that does not accept -# the - prefix for command line options (e.g. llvm-ar) -AR_DASH ?= - - ARFLAGS = $(AR_DASH)src ifdef APPLE_BUILD ifneq ($(APPLE_BUILD),0) @@ -115,6 +96,14 @@ DLEXT = dylib endif endif +# See root Makefile +GEN_FILES ?= yes +ifdef GEN_FILES +gen_file_dep = +else +gen_file_dep = | +endif + OBJS_CRYPTO = $(patsubst %.c, %.o,$(wildcard $(TF_PSA_CRYPTO_CORE_PATH)/*.c $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/*.c)) GENERATED_OBJS_CRYPTO = $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o OBJS_CRYPTO := $(filter-out $(GENERATED_OBJS_CRYPTO),$(OBJS_CRYPTO)) @@ -279,17 +268,28 @@ libmbedcrypto.dll: $(OBJS_CRYPTO) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -S -o $@ -c $< +# List the generated files without running a script, so that this +# works with no tooling dependencies when GEN_FILES is disabled. +GENERATED_FILES := \ + mbedtls_config_check_before.h \ + mbedtls_config_check_final.h \ + mbedtls_config_check_user.h \ + error.c \ + version_features.c \ + ssl_debug_helpers_generated.c + +# Also list the generated files from crypto that are needed in the build, +# because we don't have the list in a consumable form. +GENERATED_FILES += \ + $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ + $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c \ + $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_before.h \ + $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_final.h \ + $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_user.h + .PHONY: generated_files generated_files: $(GENERATED_FILES) -# See root Makefile -GEN_FILES ?= yes -ifdef GEN_FILES -gen_file_dep = -else -gen_file_dep = | -endif - error.c: $(gen_file_dep) ../scripts/generate_errors.pl error.c: $(gen_file_dep) ../scripts/data_files/error.fmt error.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h)) diff --git a/scripts/common.make b/scripts/common.make index 67ad341522..dc9e148ee3 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -1,3 +1,16 @@ +CFLAGS ?= -O2 +WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral +WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -std=c++11 -pedantic +LDFLAGS ?= + +PERL ?= perl + +ifdef WINDOWS +PYTHON ?= python +else +PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) +endif + ifndef MBEDTLS_PATH MBEDTLS_PATH := .. endif @@ -18,11 +31,6 @@ include $(MBEDTLS_PATH)/framework/exported.make include $(MBEDTLS_PATH)/scripts/crypto-common.make -CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -std=c++11 -pedantic -LDFLAGS ?= - # To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include \ @@ -130,14 +138,6 @@ else # Not building for Windows endif endif -PERL ?= perl - -ifdef WINDOWS -PYTHON ?= python -else -PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) -endif - # See root Makefile GEN_FILES ?= yes ifdef GEN_FILES From c00bd2a6fb8bd1070b70174bb1b664cec3c79b0e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 Dec 2025 21:11:44 +0100 Subject: [PATCH 1240/1548] THREADING autodetection: only check the crypto config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When running the preprocessor to determine whether pthread is enabled, only use TF-PSA-Crypto include paths. Don't use the rest of `LOCAL_CFLAGS`, including Mbed TLS include paths, which aren't really useful here. This will simplify later refactorings, because it simplifies a dependency chain [crypto paths] → `LOCAL_CFLAGS` → `THREADING` → `LOCAL_LDFLAGS` into just [crypto paths] → `THREADING` → `LOCAL_LDFLAGS`. Signed-off-by: Gilles Peskine --- scripts/common.make | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/scripts/common.make b/scripts/common.make index dc9e148ee3..ee120a8ae8 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -79,23 +79,23 @@ ifdef WINDOWS WINDOWS_BUILD=1 endif -## Usage: $(call remove_enabled_options,PREPROCESSOR_INPUT) +## Usage: $(call remove_enabled_options_crypto,PREPROCESSOR_INPUT) ## Remove the preprocessor symbols that are set in the current configuration ## from PREPROCESSOR_INPUT. Also normalize whitespace. ## Example: -## $(call remove_enabled_options,MBEDTLS_FOO MBEDTLS_BAR) +## $(call remove_enabled_options_crypto,MBEDTLS_FOO MBEDTLS_BAR) ## This expands to an empty string "" if MBEDTLS_FOO and MBEDTLS_BAR are both -## enabled, to "MBEDTLS_FOO" if MBEDTLS_BAR is enabled but MBEDTLS_FOO is -## disabled, etc. +## enabled in the TF-PSA-Crypto configuration, to "MBEDTLS_FOO" if +## MBEDTLS_BAR is enabled but MBEDTLS_FOO is disabled, etc. ## ## This only works with a Unix-like shell environment (Bourne/POSIX-style shell ## and standard commands) and a Unix-like compiler (supporting -E). In ## other environments, the output is likely to be empty. -define remove_enabled_options +define remove_enabled_options_crypto $(strip $(shell exec 2>/dev/null; - { echo '#include '; echo $(1); } | - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -E - | + { echo '#include '; echo $(1); } | + $(CC) $(TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE) $(CFLAGS) -E - | tail -n 1 )) endef @@ -117,21 +117,24 @@ ifdef WINDOWS_BUILD ifdef SHARED SHARED_SUFFIX=.$(DLEXT) endif - else # Not building for Windows DLEXT ?= so EXEXT= SHARED_SUFFIX= +endif + +ifndef WINDOWS_BUILD ifeq ($(THREADING),) # Auto-detect configurations with pthread. # If the call to remove_enabled_options returns "control", the symbols # are confirmed set and we link with pthread. # If the auto-detection fails, the result of the call is empty and # we keep THREADING undefined. - ifeq (control,$(call remove_enabled_options,control MBEDTLS_THREADING_C MBEDTLS_THREADING_PTHREAD)) + ifeq (control,$(call remove_enabled_options_crypto,control MBEDTLS_THREADING_C MBEDTLS_THREADING_PTHREAD)) THREADING := pthread endif endif + #$(info THREADING = $(THREADING)) ifeq ($(THREADING),pthread) LOCAL_LDFLAGS += -lpthread From ef25955786a81535c4479fe661ee58f7345136cf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 17 Dec 2025 14:55:42 +0100 Subject: [PATCH 1241/1548] Move THREADING autodetection to crypto-common.make Note that `THREADING` detection must be done after `TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE` is defined. Otherwise it won't detect whether pthread is needed, and will never link with `-lpthread`. Signed-off-by: Gilles Peskine --- scripts/common.make | 49 -------------------------------------- scripts/crypto-common.make | 49 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 49 deletions(-) diff --git a/scripts/common.make b/scripts/common.make index ee120a8ae8..e88506b308 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -79,37 +79,6 @@ ifdef WINDOWS WINDOWS_BUILD=1 endif -## Usage: $(call remove_enabled_options_crypto,PREPROCESSOR_INPUT) -## Remove the preprocessor symbols that are set in the current configuration -## from PREPROCESSOR_INPUT. Also normalize whitespace. -## Example: -## $(call remove_enabled_options_crypto,MBEDTLS_FOO MBEDTLS_BAR) -## This expands to an empty string "" if MBEDTLS_FOO and MBEDTLS_BAR are both -## enabled in the TF-PSA-Crypto configuration, to "MBEDTLS_FOO" if -## MBEDTLS_BAR is enabled but MBEDTLS_FOO is disabled, etc. -## -## This only works with a Unix-like shell environment (Bourne/POSIX-style shell -## and standard commands) and a Unix-like compiler (supporting -E). In -## other environments, the output is likely to be empty. -define remove_enabled_options_crypto -$(strip $(shell - exec 2>/dev/null; - { echo '#include '; echo $(1); } | - $(CC) $(TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE) $(CFLAGS) -E - | - tail -n 1 -)) -endef - -# Ensure that `THREADING` is always defined. This lets us get a clean run -# with `make --warn-undefined-variables` without making the conditionals -# below more complex than they already are. At this stage, if `$(THREADING)` -# is empty, it means we don't know yet whether the threading implementation -# requires extra `LDFLAGS`. Once we've done the analysis, if `$(THREADING)` -# is empty, it will mean that no extra `LDFLAGS` are required, either -# because threading is disabled or because the threading implementation -# doesn't require any extra `LDFLAGS`. -THREADING ?= - ifdef WINDOWS_BUILD DLEXT=dll EXEXT=.exe @@ -123,24 +92,6 @@ else # Not building for Windows SHARED_SUFFIX= endif -ifndef WINDOWS_BUILD - ifeq ($(THREADING),) - # Auto-detect configurations with pthread. - # If the call to remove_enabled_options returns "control", the symbols - # are confirmed set and we link with pthread. - # If the auto-detection fails, the result of the call is empty and - # we keep THREADING undefined. - ifeq (control,$(call remove_enabled_options_crypto,control MBEDTLS_THREADING_C MBEDTLS_THREADING_PTHREAD)) - THREADING := pthread - endif - endif - #$(info THREADING = $(THREADING)) - - ifeq ($(THREADING),pthread) - LOCAL_LDFLAGS += -lpthread - endif -endif - # See root Makefile GEN_FILES ?= yes ifdef GEN_FILES diff --git a/scripts/crypto-common.make b/scripts/crypto-common.make index 8d00bd8bed..85da8d802a 100644 --- a/scripts/crypto-common.make +++ b/scripts/crypto-common.make @@ -45,3 +45,52 @@ TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE = \ TF_PSA_CRYPTO_LIBRARY_PRIVATE_INCLUDE = \ -I$(TF_PSA_CRYPTO_PATH)/core \ -I$(TF_PSA_CRYPTO_PATH)/drivers/builtin/src + +## Usage: $(call remove_enabled_options_crypto,PREPROCESSOR_INPUT) +## Remove the preprocessor symbols that are set in the current configuration +## from PREPROCESSOR_INPUT. Also normalize whitespace. +## Example: +## $(call remove_enabled_options_crypto,MBEDTLS_FOO MBEDTLS_BAR) +## This expands to an empty string "" if MBEDTLS_FOO and MBEDTLS_BAR are both +## enabled in the TF-PSA-Crypto configuration, to "MBEDTLS_FOO" if +## MBEDTLS_BAR is enabled but MBEDTLS_FOO is disabled, etc. +## +## This only works with a Unix-like shell environment (Bourne/POSIX-style shell +## and standard commands) and a Unix-like compiler (supporting -E). In +## other environments, the output is likely to be empty. +define remove_enabled_options_crypto +$(strip $(shell + exec 2>/dev/null; + { echo '#include '; echo $(1); } | + $(CC) $(TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE) $(CFLAGS) -E - | + tail -n 1 +)) +endef + +# Ensure that `THREADING` is always defined. This lets us get a clean run +# with `make --warn-undefined-variables` without making the conditionals +# below more complex than they already are. At this stage, if `$(THREADING)` +# is empty, it means we don't know yet whether the threading implementation +# requires extra `LDFLAGS`. Once we've done the analysis, if `$(THREADING)` +# is empty, it will mean that no extra `LDFLAGS` are required, either +# because threading is disabled or because the threading implementation +# doesn't require any extra `LDFLAGS`. +THREADING ?= + +ifndef WINDOWS_BUILD + ifeq ($(THREADING),) + # Auto-detect configurations with pthread. + # If the call to remove_enabled_options returns "control", the symbols + # are confirmed set and we link with pthread. + # If the auto-detection fails, the result of the call is empty and + # we keep THREADING undefined. + ifeq (control,$(call remove_enabled_options_crypto,control MBEDTLS_THREADING_C MBEDTLS_THREADING_PTHREAD)) + THREADING := pthread + endif + endif + #$(info THREADING = $(THREADING)) + + ifeq ($(THREADING),pthread) + LOCAL_LDFLAGS += -lpthread + endif +endif From d9c6a411c69168e17402c616c58caf22c0a4b003 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 12 Dec 2025 19:56:26 +0100 Subject: [PATCH 1242/1548] Introduce intermediate variables for various TF-PSA-Crypto lists Use separate variables for the crypto part of lists of generated C files, generated objects, sample programs and test data files. No behavior change. Signed-off-by: Gilles Peskine Signed-off-by: Gilles Peskine --- library/Makefile | 33 ++++++++++++++++++--------------- programs/Makefile | 25 +++++++++++++++++-------- tests/Makefile | 28 +++++++++++++++++----------- 3 files changed, 52 insertions(+), 34 deletions(-) diff --git a/library/Makefile b/library/Makefile index 3ee40fb71c..4c2e21dab5 100644 --- a/library/Makefile +++ b/library/Makefile @@ -104,11 +104,13 @@ else gen_file_dep = | endif -OBJS_CRYPTO = $(patsubst %.c, %.o,$(wildcard $(TF_PSA_CRYPTO_CORE_PATH)/*.c $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/*.c)) -GENERATED_OBJS_CRYPTO = $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o -OBJS_CRYPTO := $(filter-out $(GENERATED_OBJS_CRYPTO),$(OBJS_CRYPTO)) -OBJS_CRYPTO += $(GENERATED_OBJS_CRYPTO) -OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS) +TF_PSA_CRYPTO_LIBRARY_OBJS := $(patsubst %.c, %.o,$(wildcard $(TF_PSA_CRYPTO_CORE_PATH)/*.c $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/*.c)) +TF_PSA_CRYPTO_LIBRARY_GENERATED_OBJS = $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o +TF_PSA_CRYPTO_LIBRARY_OBJS := $(filter-out $(TF_PSA_CRYPTO_LIBRARY_GENERATED_OBJS),$(TF_PSA_CRYPTO_LIBRARY_OBJS)) +TF_PSA_CRYPTO_LIBRARY_OBJS += $(TF_PSA_CRYPTO_LIBRARY_GENERATED_OBJS) +TF_PSA_CRYPTO_LIBRARY_OBJS+=$(THIRDPARTY_CRYPTO_OBJECTS) + +OBJS_CRYPTO = $(TF_PSA_CRYPTO_LIBRARY_OBJS) OBJS_X509= \ mbedtls_config.o \ @@ -268,6 +270,15 @@ libmbedcrypto.dll: $(OBJS_CRYPTO) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -S -o $@ -c $< +# List the generated files from crypto that are needed in the build, +# because we don't have the list in a consumable form. +TF_PSA_CRYPTO_LIBRARY_GENERATED_FILES := \ + $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ + $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c \ + $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_before.h \ + $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_final.h \ + $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_user.h + # List the generated files without running a script, so that this # works with no tooling dependencies when GEN_FILES is disabled. GENERATED_FILES := \ @@ -276,16 +287,8 @@ GENERATED_FILES := \ mbedtls_config_check_user.h \ error.c \ version_features.c \ - ssl_debug_helpers_generated.c - -# Also list the generated files from crypto that are needed in the build, -# because we don't have the list in a consumable form. -GENERATED_FILES += \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c \ - $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_before.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_final.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_user.h + ssl_debug_helpers_generated.c \ + $(TF_PSA_CRYPTO_LIBRARY_GENERATED_FILES) .PHONY: generated_files generated_files: $(GENERATED_FILES) diff --git a/programs/Makefile b/programs/Makefile index 47745de052..e6bbf70a02 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -27,6 +27,16 @@ endif LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs +TF_PSA_CRYPTO_APPS := \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/aead_demo \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/crypto_examples \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/hmac_demo \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/key_ladder_demo \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/psa_constant_names \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/psa_hash \ + $(TF_PSA_CRYPTO_PATH)/programs/test/which_aes \ +# End of APPS + ## The following assignment is the list of base names of applications that ## will be built on Windows. Extra Linux/Unix/POSIX-only applications can ## be declared by appending with `APPS += ...` afterwards. @@ -36,13 +46,7 @@ LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs ## Note: Variables cannot be used to define an apps path. This cannot be ## substituted by the script generate_visualc_files.pl. APPS = \ - ../tf-psa-crypto/programs/psa/aead_demo \ - ../tf-psa-crypto/programs/psa/crypto_examples \ - ../tf-psa-crypto/programs/psa/hmac_demo \ - ../tf-psa-crypto/programs/psa/key_ladder_demo \ - ../tf-psa-crypto/programs/psa/psa_constant_names \ - ../tf-psa-crypto/programs/psa/psa_hash \ - ../tf-psa-crypto/programs/test/which_aes \ + $(TF_PSA_CRYPTO_APPS) \ ssl/dtls_client \ ssl/dtls_server \ ssl/mini_client \ @@ -107,8 +111,13 @@ fuzz: ${MBEDLIBS} ${MBEDTLS_TEST_OBJS} ${MBEDTLS_TEST_OBJS}: $(MAKE) -C ../tests mbedtls_test +TF_PSA_CRYPTO_PROGRAMS_GENERATED_FILES := \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/psa_constant_names_generated.c + .PHONY: generated_files -GENERATED_FILES = ../tf-psa-crypto/programs/psa/psa_constant_names_generated.c test/query_config.c +GENERATED_FILES := \ + test/query_config.c \ + $(TF_PSA_CRYPTO_PROGRAMS_GENERATED_FILES) generated_files: $(GENERATED_FILES) ../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/scripts/generate_psa_constants.py diff --git a/tests/Makefile b/tests/Makefile index 7ebc10b6d0..8e8dcf6177 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -24,7 +24,7 @@ GENERATED_BIGNUM_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ ifeq ($(GENERATED_BIGNUM_DATA_FILES),FAILED) $(error "$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list" failed) endif -GENERATED_CRYPTO_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES) +TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES) GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(patsubst tests/%,%,$(shell \ $(PYTHON) ../framework/scripts/generate_config_tests.py --list || \ @@ -44,7 +44,7 @@ endif GENERATED_CONFIG_DATA_FILES := $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) $(GENERATED_PSA_CONFIG_DATA_FILES) GENERATED_DATA_FILES += $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) -GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_CONFIG_DATA_FILES) +TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_PSA_CONFIG_DATA_FILES) GENERATED_ECP_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ $(PYTHON) ../framework/scripts/generate_ecp_tests.py --list || \ @@ -53,7 +53,7 @@ GENERATED_ECP_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ ifeq ($(GENERATED_ECP_DATA_FILES),FAILED) $(error "$(PYTHON) ../framework/scripts/generate_ecp_tests.py --list" failed) endif -GENERATED_CRYPTO_DATA_FILES += $(GENERATED_ECP_DATA_FILES) +TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_ECP_DATA_FILES) GENERATED_PSA_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ $(PYTHON) ../framework/scripts/generate_psa_tests.py --list || \ @@ -62,12 +62,18 @@ GENERATED_PSA_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ ifeq ($(GENERATED_PSA_DATA_FILES),FAILED) $(error "$(PYTHON) ../framework/scripts/generate_psa_tests.py --list" failed) endif -GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_DATA_FILES) +TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_PSA_DATA_FILES) -GENERATED_FILES = $(GENERATED_DATA_FILES) $(GENERATED_CRYPTO_DATA_FILES) -GENERATED_FILES += include/test/test_keys.h \ - ../tf-psa-crypto/tests/include/test/test_keys.h \ - include/test/test_certs.h +TF_PSA_CRYPTO_TESTS_GENERATED_C_FILES = \ + ../tf-psa-crypto/tests/include/test/test_keys.h +GENERATED_C_FILES = \ + include/test/test_keys.h include/test/test_certs.h + +GENERATED_FILES = \ + $(GENERATED_DATA_FILES) \ + $(TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES) \ + $(GENERATED_C_FILES) \ + $(TF_PSA_CRYPTO_TESTS_GENERATED_C_FILES) # Generated files needed to (fully) run ssl-opt.sh .PHONY: ssl-opt @@ -163,15 +169,15 @@ generated_psa_test_data: # Application name is same as .data file's base name and can be # constructed by stripping path 'suites/' and extension .data. DATA_FILES = $(filter-out $(GENERATED_DATA_FILES), $(wildcard suites/test_suite_*.data)) -CRYPTO_DATA_FILES = $(filter-out $(GENERATED_CRYPTO_DATA_FILES), $(wildcard ../tf-psa-crypto/tests/suites/test_suite_*.data)) +TF_PSA_CRYPTO_TESTS_DATA_FILES = $(filter-out $(TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES), $(wildcard $(TF_PSA_CRYPTO_PATH)/tests/suites/test_suite_*.data)) # Make sure that generated data files are included even if they don't # exist yet when the makefile is parsed. DATA_FILES += $(GENERATED_DATA_FILES) -CRYPTO_DATA_FILES += $(GENERATED_CRYPTO_DATA_FILES) +TF_PSA_CRYPTO_TESTS_DATA_FILES += $(TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES) APPS = $(basename $(subst suites/,,$(DATA_FILES))) -CRYPTO_APPS = $(basename $(subst suites/,,$(CRYPTO_DATA_FILES))) +CRYPTO_APPS = $(basename $(subst suites/,,$(TF_PSA_CRYPTO_TESTS_DATA_FILES))) # Construct executable name by adding OS specific suffix $(EXEXT). BINARIES := $(addsuffix $(EXEXT),$(APPS)) From 8ac7168799d07e01a5ca1a87899ff73345639790 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 18 Dec 2025 15:18:03 +0100 Subject: [PATCH 1243/1548] Move crypto-specific code from library/Makefile to a new file The new file is in Mbed TLS for now. Once we have finished moving code to it, it will move to TF-PSA-Crypto. What got moved: * List of object files from crypto * List of generated .c files in crypto * Rules to build generated .c files in crypto Signed-off-by: Gilles Peskine --- library/Makefile | 41 ++------------------------------- library/crypto-library.make | 45 +++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 39 deletions(-) create mode 100644 library/crypto-library.make diff --git a/library/Makefile b/library/Makefile index 4c2e21dab5..17155c80ad 100644 --- a/library/Makefile +++ b/library/Makefile @@ -104,12 +104,6 @@ else gen_file_dep = | endif -TF_PSA_CRYPTO_LIBRARY_OBJS := $(patsubst %.c, %.o,$(wildcard $(TF_PSA_CRYPTO_CORE_PATH)/*.c $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/*.c)) -TF_PSA_CRYPTO_LIBRARY_GENERATED_OBJS = $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o -TF_PSA_CRYPTO_LIBRARY_OBJS := $(filter-out $(TF_PSA_CRYPTO_LIBRARY_GENERATED_OBJS),$(TF_PSA_CRYPTO_LIBRARY_OBJS)) -TF_PSA_CRYPTO_LIBRARY_OBJS += $(TF_PSA_CRYPTO_LIBRARY_GENERATED_OBJS) -TF_PSA_CRYPTO_LIBRARY_OBJS+=$(THIRDPARTY_CRYPTO_OBJECTS) - OBJS_CRYPTO = $(TF_PSA_CRYPTO_LIBRARY_OBJS) OBJS_X509= \ @@ -161,6 +155,8 @@ else all: shared static endif +include crypto-library.make + static: libmbedcrypto.a libmbedx509.a libmbedtls.a cd ../tests && echo "This is a seedfile that contains 64 bytes (65 on Windows)......" > seedfile cd ../tf-psa-crypto/tests && echo "This is a seedfile that contains 64 bytes (65 on Windows)......" > seedfile @@ -270,15 +266,6 @@ libmbedcrypto.dll: $(OBJS_CRYPTO) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -S -o $@ -c $< -# List the generated files from crypto that are needed in the build, -# because we don't have the list in a consumable form. -TF_PSA_CRYPTO_LIBRARY_GENERATED_FILES := \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c \ - $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_before.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_final.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_user.h - # List the generated files without running a script, so that this # works with no tooling dependencies when GEN_FILES is disabled. GENERATED_FILES := \ @@ -318,18 +305,6 @@ version_features.c: echo " Gen $@" $(PERL) ../scripts/generate_features.pl -GENERATED_WRAPPER_FILES = \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c -$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/generate_driver_wrappers.py -$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja -$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja -$(GENERATED_WRAPPER_FILES): - echo " Gen $(GENERATED_WRAPPER_FILES)" - $(PYTHON) ../tf-psa-crypto/scripts/generate_driver_wrappers.py $(TF_PSA_CRYPTO_CORE_PATH) - -$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o:$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h - GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) ../scripts/generate_config_checks.py --list .) $(GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \ ../scripts/generate_config_checks.py \ @@ -340,18 +315,6 @@ $(GENERATED_CONFIG_CHECK_FILES): mbedtls_config.o: $(GENERATED_CONFIG_CHECK_FILES) -TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) \ - $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ - --list $(TF_PSA_CRYPTO_CORE_PATH)) -$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \ - $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ - ../framework/scripts/mbedtls_framework/config_checks_generator.py -$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): - echo " Gen $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES)" - $(PYTHON) $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py - -$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config.o: $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES) - clean: ifndef WINDOWS rm -f *.o *.s libmbed* diff --git a/library/crypto-library.make b/library/crypto-library.make new file mode 100644 index 0000000000..2e521ef448 --- /dev/null +++ b/library/crypto-library.make @@ -0,0 +1,45 @@ +# Helper code for library/Makefile in Mbed TLS. +# This file is only meant to be included by library/Makefile in Mbed TLS and +# is unlikely to work in another context. + +TF_PSA_CRYPTO_CORE_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/core +TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src + +# List the generated files from crypto that are needed in the build, +# because we don't have the list in a consumable form. +TF_PSA_CRYPTO_LIBRARY_GENERATED_FILES := \ + $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ + $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c \ + $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_before.h \ + $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_final.h \ + $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_user.h + +GENERATED_WRAPPER_FILES = \ + $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ + $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c +$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/generate_driver_wrappers.py +$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja +$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja +$(GENERATED_WRAPPER_FILES): + echo " Gen $(GENERATED_WRAPPER_FILES)" + $(PYTHON) ../tf-psa-crypto/scripts/generate_driver_wrappers.py $(TF_PSA_CRYPTO_CORE_PATH) + +$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o:$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h + +TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) \ + $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ + --list $(TF_PSA_CRYPTO_CORE_PATH)) +$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \ + $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ + ../framework/scripts/mbedtls_framework/config_checks_generator.py +$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): + echo " Gen $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES)" + $(PYTHON) $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py + +$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config.o: $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES) + +TF_PSA_CRYPTO_LIBRARY_OBJS := $(patsubst %.c, %.o,$(wildcard $(TF_PSA_CRYPTO_CORE_PATH)/*.c $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/*.c)) +TF_PSA_CRYPTO_LIBRARY_GENERATED_OBJS = $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o +TF_PSA_CRYPTO_LIBRARY_OBJS := $(filter-out $(TF_PSA_CRYPTO_LIBRARY_GENERATED_OBJS),$(TF_PSA_CRYPTO_LIBRARY_OBJS)) +TF_PSA_CRYPTO_LIBRARY_OBJS += $(TF_PSA_CRYPTO_LIBRARY_GENERATED_OBJS) +TF_PSA_CRYPTO_LIBRARY_OBJS+=$(THIRDPARTY_CRYPTO_OBJECTS) From cffc11878fae93a8ec66ab6de9d57c9d972a74f4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 18 Dec 2025 15:56:40 +0100 Subject: [PATCH 1244/1548] Move crypto-specific code from programs/Makefile to a new file The new file is in Mbed TLS for now. Once we have finished moving code to it, it will move to TF-PSA-Crypto. What got moved: * List of generated .c files in crypto * Rules to build generated .c files in crypto * List of apps in crypto * Rules to build apps in crypto Signed-off-by: Gilles Peskine --- programs/Makefile | 55 ++++------------------------------- programs/crypto-programs.make | 52 +++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 49 deletions(-) create mode 100644 programs/crypto-programs.make diff --git a/programs/Makefile b/programs/Makefile index e6bbf70a02..b1aee9c57a 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -25,17 +25,13 @@ else BUILD_DLOPEN = endif -LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs +# Declare the default rule early, since it must come first, in particular +# before including crypto-programs.make. +default: all -TF_PSA_CRYPTO_APPS := \ - $(TF_PSA_CRYPTO_PATH)/programs/psa/aead_demo \ - $(TF_PSA_CRYPTO_PATH)/programs/psa/crypto_examples \ - $(TF_PSA_CRYPTO_PATH)/programs/psa/hmac_demo \ - $(TF_PSA_CRYPTO_PATH)/programs/psa/key_ladder_demo \ - $(TF_PSA_CRYPTO_PATH)/programs/psa/psa_constant_names \ - $(TF_PSA_CRYPTO_PATH)/programs/psa/psa_hash \ - $(TF_PSA_CRYPTO_PATH)/programs/test/which_aes \ -# End of APPS +include crypto-programs.make + +LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs ## The following assignment is the list of base names of applications that ## will be built on Windows. Extra Linux/Unix/POSIX-only applications can @@ -111,23 +107,12 @@ fuzz: ${MBEDLIBS} ${MBEDTLS_TEST_OBJS} ${MBEDTLS_TEST_OBJS}: $(MAKE) -C ../tests mbedtls_test -TF_PSA_CRYPTO_PROGRAMS_GENERATED_FILES := \ - $(TF_PSA_CRYPTO_PATH)/programs/psa/psa_constant_names_generated.c - .PHONY: generated_files GENERATED_FILES := \ test/query_config.c \ $(TF_PSA_CRYPTO_PROGRAMS_GENERATED_FILES) generated_files: $(GENERATED_FILES) -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/scripts/generate_psa_constants.py -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_values.h -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_extra.h -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: - echo " Gen $@" - cd ../tf-psa-crypto; $(PYTHON) ./scripts/generate_psa_constants.py - test/query_config.c: $(gen_file_dep) ../scripts/generate_query_config.pl ## The generated file only depends on the options that are present in mbedtls_config.h, ## not on which options are set. To avoid regenerating this file all the time @@ -140,34 +125,6 @@ test/query_config.c: echo " Gen $@" $(PERL) ../scripts/generate_query_config.pl -../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP) - echo " CC psa/aead_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/crypto_examples$(EXEXT): ../tf-psa-crypto/programs/psa/crypto_examples.c $(DEP) - echo " CC psa/crypto_examples.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/crypto_examples.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/hmac_demo$(EXEXT): ../tf-psa-crypto/programs/psa/hmac_demo.c $(DEP) - echo " CC psa/hmac_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/key_ladder_demo$(EXEXT): ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(DEP) - echo " CC psa/key_ladder_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/psa_constant_names$(EXEXT): ../tf-psa-crypto/programs/psa/psa_constant_names.c ../tf-psa-crypto/programs/psa/psa_constant_names_generated.c $(DEP) - echo " CC psa/psa_constant_names.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/psa_hash$(EXEXT): ../tf-psa-crypto/programs/psa/psa_hash.c $(DEP) - echo " CC psa/psa_hash.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/test/which_aes$(EXEXT): ../tf-psa-crypto/programs/test/which_aes.c $(DEP) - echo " CC test/which_aes.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/test/which_aes.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - ssl/dtls_client$(EXEXT): ssl/dtls_client.c $(DEP) echo " CC ssl/dtls_client.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/programs/crypto-programs.make b/programs/crypto-programs.make new file mode 100644 index 0000000000..37a759ca7d --- /dev/null +++ b/programs/crypto-programs.make @@ -0,0 +1,52 @@ +# Helper code for programs/Makefile in Mbed TLS. +# This file is only meant to be included by programs/Makefile in Mbed TLS and +# is unlikely to work in another context. + +TF_PSA_CRYPTO_PROGRAMS_GENERATED_FILES := \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/psa_constant_names_generated.c + +../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/scripts/generate_psa_constants.py +../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_values.h +../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_extra.h +../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data +../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: + echo " Gen $@" + cd ../tf-psa-crypto; $(PYTHON) ./scripts/generate_psa_constants.py + +TF_PSA_CRYPTO_APPS := \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/aead_demo \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/crypto_examples \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/hmac_demo \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/key_ladder_demo \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/psa_constant_names \ + $(TF_PSA_CRYPTO_PATH)/programs/psa/psa_hash \ + $(TF_PSA_CRYPTO_PATH)/programs/test/which_aes \ +# End of APPS + +../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP) + echo " CC psa/aead_demo.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + +../tf-psa-crypto/programs/psa/crypto_examples$(EXEXT): ../tf-psa-crypto/programs/psa/crypto_examples.c $(DEP) + echo " CC psa/crypto_examples.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/crypto_examples.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + +../tf-psa-crypto/programs/psa/hmac_demo$(EXEXT): ../tf-psa-crypto/programs/psa/hmac_demo.c $(DEP) + echo " CC psa/hmac_demo.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + +../tf-psa-crypto/programs/psa/key_ladder_demo$(EXEXT): ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(DEP) + echo " CC psa/key_ladder_demo.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + +../tf-psa-crypto/programs/psa/psa_constant_names$(EXEXT): ../tf-psa-crypto/programs/psa/psa_constant_names.c ../tf-psa-crypto/programs/psa/psa_constant_names_generated.c $(DEP) + echo " CC psa/psa_constant_names.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + +../tf-psa-crypto/programs/psa/psa_hash$(EXEXT): ../tf-psa-crypto/programs/psa/psa_hash.c $(DEP) + echo " CC psa/psa_hash.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + +../tf-psa-crypto/programs/test/which_aes$(EXEXT): ../tf-psa-crypto/programs/test/which_aes.c $(DEP) + echo " CC test/which_aes.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/test/which_aes.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ From 49d698588b0455c52f23fc2718a7dcd113e3a555 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 18 Dec 2025 16:05:11 +0100 Subject: [PATCH 1245/1548] Move crypto-specific code from tests/Makefile to a new file The new file is in Mbed TLS for now. Once we have finished moving code to it, it will move to TF-PSA-Crypto. What got moved: * List of generated .data files in crypto * Rules to generate .data files in crypto * List of test suites in crypto * List of generated .h files in crypto * Rules to generate .h in crypto What didn't get moved: * Rules to generate the crypto part of `$(GENERATED_CONFIG_DATA_FILES)`, because they are currently mixed with the rule for the mbedtls part. This will be done in a subsequent commit. * Rules to generate .c files from .function files, and to compile the resulting .c files. At least for now, we let Mbed TLS decide how to do that on its own. Signed-off-by: Gilles Peskine --- tests/Makefile | 103 +++------------------------------------ tests/crypto-tests.make | 104 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 110 insertions(+), 97 deletions(-) create mode 100644 tests/crypto-tests.make diff --git a/tests/Makefile b/tests/Makefile index 8e8dcf6177..d3b488e661 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -4,6 +4,12 @@ include ../scripts/common.make # Set this to -v to see the details of failing test cases TEST_FLAGS ?= $(if $(filter-out 0 OFF Off off NO No no FALSE False false N n,$(CTEST_OUTPUT_ON_FAILURE)),-v,) +# Declare the default rule early, since it must come first, in particular +# before including crypto-programs.make. +default: all + +include crypto-tests.make + # Also include private headers, for the sake of invasive tests. LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/library LOCAL_CFLAGS += $(TF_PSA_CRYPTO_LIBRARY_PRIVATE_INCLUDE) @@ -17,15 +23,6 @@ ifdef RECORD_PSA_STATUS_COVERAGE_LOG LOCAL_CFLAGS += -Werror -DRECORD_PSA_STATUS_COVERAGE_LOG endif -GENERATED_BIGNUM_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../framework/scripts/generate_bignum_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_BIGNUM_DATA_FILES),FAILED) -$(error "$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list" failed) -endif -TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES) - GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(patsubst tests/%,%,$(shell \ $(PYTHON) ../framework/scripts/generate_config_tests.py --list || \ echo FAILED \ @@ -34,38 +31,10 @@ ifeq ($(GENERATED_MBEDTLS_CONFIG_DATA_FILES),FAILED) $(error "$(PYTHON) ../framework/scripts/generate_config_tests.py --list" failed) endif -GENERATED_PSA_CONFIG_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_PSA_CONFIG_DATA_FILES),FAILED) -$(error "$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list" failed) -endif - GENERATED_CONFIG_DATA_FILES := $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) $(GENERATED_PSA_CONFIG_DATA_FILES) GENERATED_DATA_FILES += $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_PSA_CONFIG_DATA_FILES) -GENERATED_ECP_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../framework/scripts/generate_ecp_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_ECP_DATA_FILES),FAILED) -$(error "$(PYTHON) ../framework/scripts/generate_ecp_tests.py --list" failed) -endif -TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_ECP_DATA_FILES) - -GENERATED_PSA_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../framework/scripts/generate_psa_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_PSA_DATA_FILES),FAILED) -$(error "$(PYTHON) ../framework/scripts/generate_psa_tests.py --list" failed) -endif -TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_PSA_DATA_FILES) - -TF_PSA_CRYPTO_TESTS_GENERATED_C_FILES = \ - ../tf-psa-crypto/tests/include/test/test_keys.h GENERATED_C_FILES = \ include/test/test_keys.h include/test/test_certs.h @@ -94,25 +63,6 @@ ssl-opt: opt-testcases/tls13-compat.sh .PHONY: generated_files generated_files: $(GENERATED_FILES) -# generate_bignum_tests.py and generate_psa_tests.py spend more time analyzing -# inputs than generating outputs. Its inputs are the same no matter which files -# are being generated. -# It's rare not to want all the outputs. So always generate all of its outputs. -# Use an intermediate phony dependency so that parallel builds don't run -# a separate instance of the recipe for each output file. -$(GENERATED_BIGNUM_DATA_FILES): $(gen_file_dep) generated_bignum_test_data -generated_bignum_test_data: ../framework/scripts/generate_bignum_tests.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_core.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod_raw.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_case.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py -generated_bignum_test_data: - echo " Gen $(GENERATED_BIGNUM_DATA_FILES)" - $(PYTHON) ../framework/scripts/generate_bignum_tests.py --directory ../tf-psa-crypto/tests/suites -.SECONDARY: generated_bignum_test_data - # We deliberately omit the configuration files (mbedtls_config.h, # crypto_config.h) from the depenency list because during development # and on the CI, we often edit those in a way that doesn't change the @@ -130,51 +80,14 @@ generated_config_test_data: cd ../tf-psa-crypto && $(PYTHON) ./framework/scripts/generate_config_tests.py .SECONDARY: generated_config_test_data -$(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data -generated_ecp_test_data: ../framework/scripts/generate_ecp_tests.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/ecp.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_case.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py -generated_ecp_test_data: - echo " Gen $(GENERATED_ECP_DATA_FILES)" - $(PYTHON) ../framework/scripts/generate_ecp_tests.py --directory ../tf-psa-crypto/tests/suites -.SECONDARY: generated_ecp_test_data - -$(GENERATED_PSA_DATA_FILES): $(gen_file_dep) generated_psa_test_data -generated_psa_test_data: ../framework/scripts/generate_psa_tests.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_data_tests.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_knowledge.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/macro_collector.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_information.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_storage.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_test_case.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_case.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py -## The generated file only depends on the options that are present in -## crypto_config.h, not on which options are set. To avoid regenerating this -## file all the time when switching between configurations, don't declare -## crypto_config.h as a dependency. Remove this file from your working tree -## if you've just added or removed an option in crypto_config.h. -#generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_config.h -generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_values.h -generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_extra.h -generated_psa_test_data: ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data -generated_psa_test_data: - echo " Gen $(GENERATED_PSA_DATA_FILES) ..." - $(PYTHON) ../framework/scripts/generate_psa_tests.py --directory ../tf-psa-crypto/tests/suites -.SECONDARY: generated_psa_test_data - # A test application is built for each suites/test_suite_*.data file. # Application name is same as .data file's base name and can be # constructed by stripping path 'suites/' and extension .data. DATA_FILES = $(filter-out $(GENERATED_DATA_FILES), $(wildcard suites/test_suite_*.data)) -TF_PSA_CRYPTO_TESTS_DATA_FILES = $(filter-out $(TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES), $(wildcard $(TF_PSA_CRYPTO_PATH)/tests/suites/test_suite_*.data)) # Make sure that generated data files are included even if they don't # exist yet when the makefile is parsed. DATA_FILES += $(GENERATED_DATA_FILES) -TF_PSA_CRYPTO_TESTS_DATA_FILES += $(TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES) APPS = $(basename $(subst suites/,,$(DATA_FILES))) CRYPTO_APPS = $(basename $(subst suites/,,$(TF_PSA_CRYPTO_TESTS_DATA_FILES))) @@ -200,10 +113,6 @@ include/test/test_keys.h: ../framework/scripts/generate_test_keys.py echo " Gen $@" $(PYTHON) ../framework/scripts/generate_test_keys.py --output $@ -../tf-psa-crypto/tests/include/test/test_keys.h: ../tf-psa-crypto/framework/scripts/generate_test_keys.py - echo " Gen $@" - $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_test_keys.py --output $@ - TEST_OBJS_DEPS = $(wildcard include/test/*.h include/test/*/*.h) ifdef RECORD_PSA_STATUS_COVERAGE_LOG # Explicitly depend on this header because on a clean copy of the source tree, diff --git a/tests/crypto-tests.make b/tests/crypto-tests.make new file mode 100644 index 0000000000..f603a8e0c4 --- /dev/null +++ b/tests/crypto-tests.make @@ -0,0 +1,104 @@ +# Helper code for tests/Makefile in Mbed TLS. +# This file is only meant to be included by tests/Makefile in Mbed TLS and +# is unlikely to work in another context. + +GENERATED_BIGNUM_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ + $(PYTHON) ../framework/scripts/generate_bignum_tests.py --list || \ + echo FAILED \ +)) +ifeq ($(GENERATED_BIGNUM_DATA_FILES),FAILED) +$(error "$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list" failed) +endif +TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES) + +# generate_bignum_tests.py and generate_psa_tests.py spend more time analyzing +# inputs than generating outputs. Its inputs are the same no matter which files +# are being generated. +# It's rare not to want all the outputs. So always generate all of its outputs. +# Use an intermediate phony dependency so that parallel builds don't run +# a separate instance of the recipe for each output file. +$(GENERATED_BIGNUM_DATA_FILES): $(gen_file_dep) generated_bignum_test_data +generated_bignum_test_data: ../framework/scripts/generate_bignum_tests.py +generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py +generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_core.py +generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod_raw.py +generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod.py +generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_case.py +generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py +generated_bignum_test_data: + echo " Gen $(GENERATED_BIGNUM_DATA_FILES)" + $(PYTHON) ../framework/scripts/generate_bignum_tests.py --directory ../tf-psa-crypto/tests/suites +.SECONDARY: generated_bignum_test_data + +GENERATED_PSA_CONFIG_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ + $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list || \ + echo FAILED \ +)) +ifeq ($(GENERATED_PSA_CONFIG_DATA_FILES),FAILED) +$(error "$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list" failed) +endif + +GENERATED_ECP_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ + $(PYTHON) ../framework/scripts/generate_ecp_tests.py --list || \ + echo FAILED \ +)) +ifeq ($(GENERATED_ECP_DATA_FILES),FAILED) +$(error "$(PYTHON) ../framework/scripts/generate_ecp_tests.py --list" failed) +endif +TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_ECP_DATA_FILES) + +$(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data +generated_ecp_test_data: ../framework/scripts/generate_ecp_tests.py +generated_ecp_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py +generated_ecp_test_data: ../framework/scripts/mbedtls_framework/ecp.py +generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_case.py +generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py +generated_ecp_test_data: + echo " Gen $(GENERATED_ECP_DATA_FILES)" + $(PYTHON) ../framework/scripts/generate_ecp_tests.py --directory ../tf-psa-crypto/tests/suites +.SECONDARY: generated_ecp_test_data + +GENERATED_PSA_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ + $(PYTHON) ../framework/scripts/generate_psa_tests.py --list || \ + echo FAILED \ +)) +ifeq ($(GENERATED_PSA_DATA_FILES),FAILED) +$(error "$(PYTHON) ../framework/scripts/generate_psa_tests.py --list" failed) +endif +TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_PSA_DATA_FILES) + +$(GENERATED_PSA_DATA_FILES): $(gen_file_dep) generated_psa_test_data +generated_psa_test_data: ../framework/scripts/generate_psa_tests.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_data_tests.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_knowledge.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/macro_collector.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_information.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_storage.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_test_case.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_case.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py +## The generated file only depends on the options that are present in +## crypto_config.h, not on which options are set. To avoid regenerating this +## file all the time when switching between configurations, don't declare +## crypto_config.h as a dependency. Remove this file from your working tree +## if you've just added or removed an option in crypto_config.h. +#generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_config.h +generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_values.h +generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_extra.h +generated_psa_test_data: ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data +generated_psa_test_data: + echo " Gen $(GENERATED_PSA_DATA_FILES) ..." + $(PYTHON) ../framework/scripts/generate_psa_tests.py --directory ../tf-psa-crypto/tests/suites +.SECONDARY: generated_psa_test_data + +TF_PSA_CRYPTO_TESTS_DATA_FILES = $(filter-out $(TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES), $(wildcard $(TF_PSA_CRYPTO_PATH)/tests/suites/test_suite_*.data)) +# Make sure that generated data files are included even if they don't +# exist yet when the makefile is parsed. +TF_PSA_CRYPTO_TESTS_DATA_FILES += $(TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES) + +../tf-psa-crypto/tests/include/test/test_keys.h: ../tf-psa-crypto/framework/scripts/generate_test_keys.py + echo " Gen $@" + $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_test_keys.py --output $@ + +TF_PSA_CRYPTO_TESTS_GENERATED_C_FILES = \ + ../tf-psa-crypto/tests/include/test/test_keys.h From 8a528cfed5aebf7927051338f4f03b40866ef143 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 18 Dec 2025 16:40:32 +0100 Subject: [PATCH 1246/1548] Split the rules to generate config tests Have crypto handle the crypto part and tls handle the tls part. Signed-off-by: Gilles Peskine --- tests/Makefile | 8 ++------ tests/crypto-tests.make | 21 +++++++++++++++++++-- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index d3b488e661..2a7040279f 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -30,10 +30,7 @@ GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(patsubst tests/%,%,$(shell \ ifeq ($(GENERATED_MBEDTLS_CONFIG_DATA_FILES),FAILED) $(error "$(PYTHON) ../framework/scripts/generate_config_tests.py --list" failed) endif - -GENERATED_CONFIG_DATA_FILES := $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) $(GENERATED_PSA_CONFIG_DATA_FILES) GENERATED_DATA_FILES += $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) -TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_PSA_CONFIG_DATA_FILES) GENERATED_C_FILES = \ include/test/test_keys.h include/test/test_certs.h @@ -69,15 +66,14 @@ generated_files: $(GENERATED_FILES) # output, to comment out certain options, or even to remove certain # lines which do affect the output negatively (it will miss the # corresponding test cases). -$(GENERATED_CONFIG_DATA_FILES): $(gen_file_dep) generated_config_test_data +$(GENERATED_MBEDTLS_CONFIG_DATA_FILES): $(gen_file_dep) generated_config_test_data generated_config_test_data: ../framework/scripts/generate_config_tests.py generated_config_test_data: ../scripts/config.py generated_config_test_data: ../framework/scripts/mbedtls_framework/test_case.py generated_config_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py generated_config_test_data: - echo " Gen $(GENERATED_CONFIG_DATA_FILES)" + echo " Gen $(GENERATED_MBEDTLS_CONFIG_DATA_FILES)" $(PYTHON) ../framework/scripts/generate_config_tests.py - cd ../tf-psa-crypto && $(PYTHON) ./framework/scripts/generate_config_tests.py .SECONDARY: generated_config_test_data # A test application is built for each suites/test_suite_*.data file. diff --git a/tests/crypto-tests.make b/tests/crypto-tests.make index f603a8e0c4..fbfc12dbd2 100644 --- a/tests/crypto-tests.make +++ b/tests/crypto-tests.make @@ -30,13 +30,30 @@ generated_bignum_test_data: $(PYTHON) ../framework/scripts/generate_bignum_tests.py --directory ../tf-psa-crypto/tests/suites .SECONDARY: generated_bignum_test_data -GENERATED_PSA_CONFIG_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ +GENERATED_CRYPTO_CONFIG_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list || \ echo FAILED \ )) -ifeq ($(GENERATED_PSA_CONFIG_DATA_FILES),FAILED) +ifeq ($(GENERATED_CRYPTO_CONFIG_DATA_FILES),FAILED) $(error "$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list" failed) endif +TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_CRYPTO_CONFIG_DATA_FILES) + +# We deliberately omit the configuration files (mbedtls_config.h, +# crypto_config.h) from the depenency list because during development +# and on the CI, we often edit those in a way that doesn't change the +# output, to comment out certain options, or even to remove certain +# lines which do affect the output negatively (it will miss the +# corresponding test cases). +$(GENERATED_CRYPTO_CONFIG_DATA_FILES): $(gen_file_dep) generated_crypto_config_test_data +generated_crypto_config_test_data: ../framework/scripts/generate_config_tests.py +generated_crypto_config_test_data: ../scripts/config.py +generated_crypto_config_test_data: ../framework/scripts/mbedtls_framework/test_case.py +generated_crypto_config_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py +generated_crypto_config_test_data: + echo " Gen $(GENERATED_CRYPTO_CONFIG_DATA_FILES)" + cd ../tf-psa-crypto && $(PYTHON) ./framework/scripts/generate_config_tests.py +.SECONDARY: generated_crypto_config_test_data GENERATED_ECP_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ $(PYTHON) ../framework/scripts/generate_ecp_tests.py --list || \ From 562677945bf12b8073c8677b3bfb83a0de8cb889 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 18 Dec 2025 20:23:45 +0100 Subject: [PATCH 1247/1548] Use intermediate variable for TF-PSA-Crypto's contribution to LOCAL_LDFLAGS Fix a bug whereby `crypto-common.make` was appending to `LOCAL_LDFLAGS` before `common.make` set the initial value. This broke the build with pthread enabled: `THREADING` was correctly getting autodetected, but the addition of `-lpthread` to `LOCAL_LDFLAGS` didn't work. Signed-off-by: Gilles Peskine --- scripts/common.make | 6 ++++-- scripts/crypto-common.make | 5 ++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/scripts/common.make b/scripts/common.make index e88506b308..18dd29d2ed 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -46,13 +46,15 @@ LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ -lpsaclient \ -lmbedtls$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \ - -lmbedcrypto$(SHARED_SUFFIX) + -lmbedcrypto$(SHARED_SUFFIX) \ + $(TF_PSA_CRYPTO_EXTRA_LDFLAGS) else LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ -L$(MBEDTLS_PATH)/library \ -lmbedtls$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \ - -lmbedcrypto$(SHARED_SUFFIX) + -lmbedcrypto$(SHARED_SUFFIX) \ + $(TF_PSA_CRYPTO_EXTRA_LDFLAGS) endif ifdef PSASIM diff --git a/scripts/crypto-common.make b/scripts/crypto-common.make index 85da8d802a..c944cc528b 100644 --- a/scripts/crypto-common.make +++ b/scripts/crypto-common.make @@ -46,6 +46,9 @@ TF_PSA_CRYPTO_LIBRARY_PRIVATE_INCLUDE = \ -I$(TF_PSA_CRYPTO_PATH)/core \ -I$(TF_PSA_CRYPTO_PATH)/drivers/builtin/src +# Extra linker flags required by the crypto library or the platform +TF_PSA_CRYPTO_EXTRA_LDFLAGS = + ## Usage: $(call remove_enabled_options_crypto,PREPROCESSOR_INPUT) ## Remove the preprocessor symbols that are set in the current configuration ## from PREPROCESSOR_INPUT. Also normalize whitespace. @@ -91,6 +94,6 @@ ifndef WINDOWS_BUILD #$(info THREADING = $(THREADING)) ifeq ($(THREADING),pthread) - LOCAL_LDFLAGS += -lpthread + TF_PSA_CRYPTO_EXTRA_LDFLAGS += -lpthread endif endif From b988dd8f359bfd7803bc5f6903b3e8811c14201f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 Jan 2026 10:53:26 +0100 Subject: [PATCH 1248/1548] Remove accidentally duplicated definitions "Move crypto-specific code from library/Makefile to a new file" accidentally copied two lines instead of moving them. Remove the copy that's now in `crypto-library.make`, since the variables are defined earlier in `crypto-common.make`. The variables aren't actually used in `crypto-common.make`, but they could be (arguably should be used to define `TF_PSA_CRYPTO_LIBRARY_PRIVATE_INCLUDE`). Signed-off-by: Gilles Peskine --- library/crypto-library.make | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/crypto-library.make b/library/crypto-library.make index 2e521ef448..826b118ca2 100644 --- a/library/crypto-library.make +++ b/library/crypto-library.make @@ -2,9 +2,6 @@ # This file is only meant to be included by library/Makefile in Mbed TLS and # is unlikely to work in another context. -TF_PSA_CRYPTO_CORE_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/core -TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src - # List the generated files from crypto that are needed in the build, # because we don't have the list in a consumable form. TF_PSA_CRYPTO_LIBRARY_GENERATED_FILES := \ From dd255696a554e476b41200ed16e805d4bc0ca798 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 Jan 2026 11:07:01 +0100 Subject: [PATCH 1249/1548] Make use of some intermediate variables Signed-off-by: Gilles Peskine --- scripts/crypto-common.make | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/crypto-common.make b/scripts/crypto-common.make index c944cc528b..c5c24e2b09 100644 --- a/scripts/crypto-common.make +++ b/scripts/crypto-common.make @@ -23,8 +23,8 @@ ifeq (,$(wildcard $(TF_PSA_CRYPTO_PATH)/core/psa_crypto.c)) $(error $$(TF_PSA_CRYPTO_PATH)/core/psa_crypto.c not found) endif -TF_PSA_CRYPTO_CORE_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/core -TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/src +TF_PSA_CRYPTO_CORE_PATH = $(TF_PSA_CRYPTO_PATH)/core +TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(TF_PSA_CRYPTO_PATH)/drivers/builtin/src # Gather information about crypto drivers that are separate from the main # "builtin" driver (historically located in /3rdparty in Mbed TLS 2.x/3.x). @@ -43,8 +43,8 @@ TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE = \ # (currently consumed by Mbed TLS, eventually not so when we've finished # cleaning up) TF_PSA_CRYPTO_LIBRARY_PRIVATE_INCLUDE = \ - -I$(TF_PSA_CRYPTO_PATH)/core \ - -I$(TF_PSA_CRYPTO_PATH)/drivers/builtin/src + -I$(TF_PSA_CRYPTO_CORE_PATH) \ + -I$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH) # Extra linker flags required by the crypto library or the platform TF_PSA_CRYPTO_EXTRA_LDFLAGS = From 68b0ad1512828f7aeb8fb2c0498cee3d46453df7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 Jan 2026 16:19:48 +0100 Subject: [PATCH 1250/1548] Adapt to the split of test_suite_shax Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index d5843f867e..42464a845e 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -230,7 +230,8 @@ class DriverVSReference_hash(outcome_analysis.DriverVSReference): REFERENCE = 'test_psa_crypto_config_reference_hash_use_psa' DRIVER = 'test_psa_crypto_config_accel_hash_use_psa' IGNORED_SUITES = [ - 'shax', 'mdx', # the software implementations that are being excluded + # the software implementations that are being excluded + 'mdx', 'sha1', 'sha256', 'sha3', 'sha512', 'shax', 'md.psa', # purposefully depends on whether drivers are present 'psa_crypto_low_hash.generated', # testing the builtins ] @@ -252,7 +253,7 @@ class DriverVSReference_hmac(outcome_analysis.DriverVSReference): IGNORED_SUITES = [ # These suites require legacy hash support, which is disabled # in the accelerated component. - 'shax', 'mdx', + 'mdx', 'sha1', 'sha256', 'sha3', 'sha512', 'shax', # This suite tests builtins directly, but these are missing # in the accelerated case. 'psa_crypto_low_hash.generated', From 10eaf68acdbd37a6af4e129d42438cac8c55a09e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 19 Nov 2025 13:09:56 +0100 Subject: [PATCH 1251/1548] library: debug: remove mbedtls_debug_print_mpi() This function is no more used anywhere and can be safely removed. Signed-off-by: Valerio Setti --- library/debug.c | 56 -------------------------- library/debug_internal.h | 20 --------- tests/suites/test_suite_debug.data | 21 ---------- tests/suites/test_suite_debug.function | 39 ------------------ 4 files changed, 136 deletions(-) diff --git a/library/debug.c b/library/debug.c index 362c07981c..49188e9f66 100644 --- a/library/debug.c +++ b/library/debug.c @@ -167,57 +167,6 @@ void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, } } -#if defined(MBEDTLS_BIGNUM_C) -void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_mpi *X) -{ - char str[DEBUG_BUF_SIZE]; - size_t bitlen; - size_t idx = 0; - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - NULL == X || - level > debug_threshold) { - return; - } - - bitlen = mbedtls_mpi_bitlen(X); - - mbedtls_snprintf(str, sizeof(str), "value of '%s' (%u bits) is:\n", - text, (unsigned) bitlen); - debug_send_line(ssl, level, file, line, str); - - if (bitlen == 0) { - str[0] = ' '; str[1] = '0'; str[2] = '0'; - idx = 3; - } else { - int n; - for (n = (int) ((bitlen - 1) / 8); n >= 0; n--) { - size_t limb_offset = n / sizeof(mbedtls_mpi_uint); - size_t offset_in_limb = n % sizeof(mbedtls_mpi_uint); - unsigned char octet = - (X->p[limb_offset] >> (offset_in_limb * 8)) & 0xff; - mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", octet); - idx += 3; - /* Wrap lines after 16 octets that each take 3 columns */ - if (idx >= 3 * 16) { - mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); - debug_send_line(ssl, level, file, line, str); - idx = 0; - } - } - } - - if (idx != 0) { - mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); - debug_send_line(ssl, level, file, line, str); - } -} -#endif /* MBEDTLS_BIGNUM_C */ - #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) @@ -412,11 +361,6 @@ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, mbedtls_snprintf(name, sizeof(name), "%s%s", text, items[i].name); name[sizeof(name) - 1] = '\0'; -#if defined(MBEDTLS_RSA_C) - if (items[i].type == MBEDTLS_PK_DEBUG_MPI) { - mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value); - } else -#endif /* MBEDTLS_RSA_C */ #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) if (items[i].type == MBEDTLS_PK_DEBUG_PSA_RSA) { mbedtls_debug_print_psa_rsa(ssl, level, file, line, name, items[i].value); diff --git a/library/debug_internal.h b/library/debug_internal.h index 79a4c4540c..d09e492094 100644 --- a/library/debug_internal.h +++ b/library/debug_internal.h @@ -71,26 +71,6 @@ void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const unsigned char *buf, size_t len); -#if defined(MBEDTLS_BIGNUM_C) -/** - * \brief Print a MPI variable to the debug output. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text a name or label for the MPI being output. Normally the - * variable name - * \param X the MPI variable - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_mpi *X); -#endif - #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) /** * \brief Print a X.509 certificate structure to the debug output. This diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index 0989e61089..800f0ff63b 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -46,27 +46,6 @@ mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A Debug print buffer #5 mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n" -Debug print mbedtls_mpi: 0 (empty representation) -mbedtls_debug_print_mpi:"":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n" - -Debug print mbedtls_mpi: 0 (non-empty representation) -mbedtls_debug_print_mpi:"00000000000000":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n" - -Debug print mbedtls_mpi #2: 3 bits -mbedtls_debug_print_mpi:"00000000000007":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (3 bits) is\:\nMyFile(0999)\: 07\n" - -Debug print mbedtls_mpi: 49 bits -mbedtls_debug_print_mpi:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n" - -Debug print mbedtls_mpi: 759 bits -mbedtls_debug_print_mpi:"0000000000000000000000000000000000000000000000000000000041379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (759 bits) is\:\nMyFile(0999)\: 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a 14\nMyFile(0999)\: 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90 ff\nMyFile(0999)\: e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c 09\nMyFile(0999)\: 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89 af\nMyFile(0999)\: 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b 52\nMyFile(0999)\: 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n" - -Debug print mbedtls_mpi: 764 bits #1 -mbedtls_debug_print_mpi:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n" - -Debug print mbedtls_mpi: 764 bits #2 -mbedtls_debug_print_mpi:"0000000000000000000000000000000000000000000000000000000941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n" - Debug print certificate #1 (RSA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO mbedtls_debug_print_crt:"../framework/data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 1d37137416..05b0112b93 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -283,42 +283,3 @@ exit: MD_OR_USE_PSA_DONE(); } /* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C:MBEDTLS_BIGNUM_C */ -void mbedtls_debug_print_mpi(char *value, char *file, int line, - char *prefix, char *result_str) -{ - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - struct buffer_data buffer; - mbedtls_mpi val; - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_mpi_init(&val); - MD_OR_USE_PSA_INIT(); - memset(buffer.buf, 0, 2000); - buffer.ptr = buffer.buf; - - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT), - 0); - mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); - - TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); - - TEST_ASSERT(mbedtls_test_read_mpi(&val, value) == 0); - - mbedtls_debug_print_mpi(&ssl, 0, file, line, prefix, &val); - - TEST_ASSERT(strcmp(buffer.buf, result_str) == 0); - -exit: - mbedtls_mpi_free(&val); - mbedtls_ssl_free(&ssl); - mbedtls_ssl_config_free(&conf); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ From c6bf9d8200fdb206bcd21ae199fe93279862b843 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 19 Nov 2025 15:21:18 +0100 Subject: [PATCH 1252/1548] library: debug: use mbedtls_pk_write_pubkey_psa() to write public key Remove usage of mbedtls_pk_debug stuff and related functions (mbedtls_debug_print_psa_rsa(), mbedtls_debug_print_psa_ec(), mbedtls_debug_print_integer() and debug_count_valid_bits()) and use mbedtls_pk_write_pubkey_psa() to get the public key from the PK context. Signed-off-by: Valerio Setti --- library/debug.c | 211 +++--------------------------------------------- 1 file changed, 10 insertions(+), 201 deletions(-) diff --git a/library/debug.c b/library/debug.c index 49188e9f66..3e0ecd545e 100644 --- a/library/debug.c +++ b/library/debug.c @@ -168,211 +168,20 @@ void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, } #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) -static void mbedtls_debug_print_integer(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text, - const unsigned char *buf, size_t bitlen) -{ - char str[DEBUG_BUF_SIZE]; - size_t i, len_bytes = PSA_BITS_TO_BYTES(bitlen), idx = 0; - - mbedtls_snprintf(str + idx, sizeof(str) - idx, "value of '%s' (%u bits) is:\n", - text, (unsigned int) bitlen); - - debug_send_line(ssl, level, file, line, str); - - for (i = 0; i < len_bytes; i++) { - if (i >= 4096) { - break; - } - - if (i % 16 == 0) { - if (i > 0) { - mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); - debug_send_line(ssl, level, file, line, str); - - idx = 0; - } - } - - idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", - (unsigned int) buf[i]); - } - - if (len_bytes > 0) { - mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); - debug_send_line(ssl, level, file, line, str); - } -} -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_pk_context *pk) -{ - char str[DEBUG_BUF_SIZE]; - const uint8_t *coord_start; - size_t coord_len; - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - level > debug_threshold) { - return; - } - - /* For the description of pk->pk_raw content please refer to the description - * psa_export_public_key() function. */ - coord_len = (pk->pub_raw_len - 1)/2; - - /* X coordinate */ - coord_start = pk->pub_raw + 1; - mbedtls_snprintf(str, sizeof(str), "%s(X)", text); - mbedtls_debug_print_integer(ssl, level, file, line, str, coord_start, coord_len * 8); - - /* Y coordinate */ - coord_start = coord_start + coord_len; - mbedtls_snprintf(str, sizeof(str), "%s(Y)", text); - mbedtls_debug_print_integer(ssl, level, file, line, str, coord_start, coord_len * 8); -} -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - -#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) -static size_t debug_count_valid_bits(unsigned char **buf, size_t len) -{ - size_t i, bits; - - /* Ignore initial null bytes (if any). */ - while ((len > 0) && (**buf == 0x00)) { - (*buf)++; - len--; - } - - if (len == 0) { - return 0; - } - - bits = len * 8; - - /* Ignore initial null bits (if any). */ - for (i = 7; i > 0; i--) { - if ((**buf & (0x1 << i)) != 0) { - break; - } - bits--; - } - - return bits; -} - -static void mbedtls_debug_print_psa_rsa(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_pk_context *pk) -{ - char str[DEBUG_BUF_SIZE]; - /* no-check-names will be removed in mbedtls#10229. */ - unsigned char key_der[MBEDTLS_PK_MAX_RSA_PUBKEY_RAW_LEN]; //no-check-names - unsigned char *start_cur; - unsigned char *end_cur; - size_t len, bits; - int ret; - - if (NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - level > debug_threshold) { - return; - } - - if (pk->pub_raw_len > sizeof(key_der)) { - snprintf(str, sizeof(str), - "RSA public key too large: %" MBEDTLS_PRINTF_SIZET " > %" MBEDTLS_PRINTF_SIZET, - pk->pub_raw_len, sizeof(key_der)); - debug_send_line(ssl, level, file, line, str); - return; - } - - memcpy(key_der, pk->pub_raw, pk->pub_raw_len); - start_cur = key_der; - end_cur = key_der + pk->pub_raw_len; - - /* This integer parsing solution should be replaced with mbedtls_asn1_get_integer(). - * See #10238. */ - ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len, - MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED); - if (ret != 0) { - return; - } - - ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len, MBEDTLS_ASN1_INTEGER); - if (ret != 0) { - return; - } - - bits = debug_count_valid_bits(&start_cur, len); - if (bits == 0) { - return; - } - len = PSA_BITS_TO_BYTES(bits); - - mbedtls_snprintf(str, sizeof(str), "%s.N", text); - mbedtls_debug_print_integer(ssl, level, file, line, str, start_cur, bits); - - start_cur += len; - - ret = mbedtls_asn1_get_tag(&start_cur, end_cur, &len, MBEDTLS_ASN1_INTEGER); - if (ret != 0) { - return; - } - - bits = debug_count_valid_bits(&start_cur, len); - if (bits == 0) { - return; - } - - mbedtls_snprintf(str, sizeof(str), "%s.E", text); - mbedtls_debug_print_integer(ssl, level, file, line, str, start_cur, bits); -} -#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ - static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const mbedtls_pk_context *pk) { - size_t i; - mbedtls_pk_debug_item items[MBEDTLS_PK_DEBUG_MAX_ITEMS]; - char name[16]; - - memset(items, 0, sizeof(items)); - - if (mbedtls_pk_debug(pk, items) != 0) { - debug_send_line(ssl, level, file, line, - "invalid PK context\n"); - return; - } - - for (i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++) { - if (items[i].type == MBEDTLS_PK_DEBUG_NONE) { - return; - } + unsigned char buf[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; + size_t buf_len; + int ret; - mbedtls_snprintf(name, sizeof(name), "%s%s", text, items[i].name); - name[sizeof(name) - 1] = '\0'; - -#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) - if (items[i].type == MBEDTLS_PK_DEBUG_PSA_RSA) { - mbedtls_debug_print_psa_rsa(ssl, level, file, line, name, items[i].value); - } else -#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) - if (items[i].type == MBEDTLS_PK_DEBUG_PSA_EC) { - mbedtls_debug_print_psa_ec(ssl, level, file, line, name, items[i].value); - } else -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - { debug_send_line(ssl, level, file, line, - "should not happen\n"); } + ret = mbedtls_pk_write_pubkey_psa(pk, buf, sizeof(buf), &buf_len); + if (ret == 0) { + mbedtls_debug_print_buf(ssl, level, file, line, text, buf, buf_len); + } else { + mbedtls_debug_print_msg(ssl, level, file, line, + "failed to export public key from PK context"); } } @@ -424,7 +233,7 @@ void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt); debug_print_line_by_line(ssl, level, file, line, buf); - debug_print_pk(ssl, level, file, line, "crt->", &crt->pk); + debug_print_pk(ssl, level, file, line, "crt->PK", &crt->pk); crt = crt->next; } From f1cb45289bbc10c6543e7c18bb2d0d2eb56a97ab Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 19 Nov 2025 18:20:07 +0100 Subject: [PATCH 1253/1548] library: debug: improve mbedtls_debug_print_buf() Move single line printing to a separate function named mbedtls_debug_print_buf_one_line(). This accepts one extra parameter 'add_text' to tell if the final text chars are to be printed at the end of the line or not. Add also mbedtls_debug_print_buf_ext() as a generalized version of mbedtls_debug_print_buf() by adding the extra 'add_text' param. debug_print_pk() will now use mbedtls_debug_print_buf_ext() in order not to print chars while dumping the buffer. Signed-off-by: Valerio Setti --- library/debug.c | 92 ++++++++++++++++++++++++++++--------------------- 1 file changed, 52 insertions(+), 40 deletions(-) diff --git a/library/debug.c b/library/debug.c index 3e0ecd545e..561ce5128f 100644 --- a/library/debug.c +++ b/library/debug.c @@ -112,14 +112,41 @@ void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level, debug_send_line(ssl, level, file, line, str); } -void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text, - const unsigned char *buf, size_t len) +#define MBEDTLS_DEBUG_PRINT_BUF_NO_TEXT 0 +#define MBEDTLS_DEBUG_PRINT_BUF_ADD_TEXT 1 + +static void mbedtls_debug_print_buf_one_line(char *out_buf, size_t out_size, + const unsigned char *in_buf, size_t in_size, + int add_text) { - char str[DEBUG_BUF_SIZE]; - char txt[17]; + char txt[17] = { 0 }; size_t i, idx = 0; + for (i = 0; i < 16; i++) { + if (i < in_size) { + idx += mbedtls_snprintf(out_buf + idx, out_size - idx, " %02x", + (unsigned int) in_buf[i]); + txt[i] = (in_buf[i] > 31 && in_buf[i] < 127) ? in_buf[i] : '.'; + } else { + /* Just add spaces until the end of the line */ + idx += mbedtls_snprintf(out_buf + idx, out_size - idx, " "); + } + } + + if (add_text) { + idx += mbedtls_snprintf(out_buf + idx, out_size - idx, " %s", txt); + } + mbedtls_snprintf(out_buf + idx, out_size - idx, "\n"); +} + +static void mbedtls_debug_print_buf_ext(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, const char *text, + const unsigned char *buf, size_t len, + int add_text) +{ + char str[DEBUG_BUF_SIZE] = { 0 }; + size_t curr_offset = 0, idx = 0, chunk_len; + if (NULL == ssl || NULL == ssl->conf || NULL == ssl->conf->f_dbg || @@ -127,46 +154,30 @@ void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, return; } - mbedtls_snprintf(str + idx, sizeof(str) - idx, "dumping '%s' (%u bytes)\n", - text, (unsigned int) len); - + mbedtls_snprintf(str, sizeof(str), "dumping '%s' (%zu bytes)\n", text, len); debug_send_line(ssl, level, file, line, str); - memset(txt, 0, sizeof(txt)); - for (i = 0; i < len; i++) { - if (i >= 4096) { - break; - } - - if (i % 16 == 0) { - if (i > 0) { - mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt); - debug_send_line(ssl, level, file, line, str); - - idx = 0; - memset(txt, 0, sizeof(txt)); - } - - idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, "%04x: ", - (unsigned int) i); - - } - - idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", - (unsigned int) buf[i]); - txt[i % 16] = (buf[i] > 31 && buf[i] < 127) ? buf[i] : '.'; - } - - if (len > 0) { - for (/* i = i */; i % 16 != 0; i++) { - idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " "); - } - - mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt); + while (len > 0) { + memset(str, 0, sizeof(str)); + idx = mbedtls_snprintf(str, sizeof(str), "%04zx: ", curr_offset); + chunk_len = (len >= 16) ? 16 : len; + mbedtls_debug_print_buf_one_line(str + idx, sizeof(str) - idx, + &buf[curr_offset], chunk_len, + add_text); debug_send_line(ssl, level, file, line, str); + curr_offset += 16; + len -= chunk_len; } } +void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, const char *text, + const unsigned char *buf, size_t len) +{ + mbedtls_debug_print_buf_ext(ssl, level, file, line, text, buf, len, + MBEDTLS_DEBUG_PRINT_BUF_ADD_TEXT); +} + #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, const char *file, int line, @@ -178,7 +189,8 @@ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, ret = mbedtls_pk_write_pubkey_psa(pk, buf, sizeof(buf), &buf_len); if (ret == 0) { - mbedtls_debug_print_buf(ssl, level, file, line, text, buf, buf_len); + mbedtls_debug_print_buf_ext(ssl, level, file, line, text, buf, buf_len, + MBEDTLS_DEBUG_PRINT_BUF_NO_TEXT); } else { mbedtls_debug_print_msg(ssl, level, file, line, "failed to export public key from PK context"); From 3c419c1ca36042bf5c630b3e253ba87d8a78112b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 19 Nov 2025 18:22:33 +0100 Subject: [PATCH 1254/1548] tests: scripts: adjust CRT dump test data Adjust dumping format of public keys following recent updates to mbedtls_debug_print_crt() and debug_print_pk() Signed-off-by: Valerio Setti --- tests/suites/test_suite_debug.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index 800f0ff63b..0e2163be9f 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -48,8 +48,8 @@ mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A Debug print certificate #1 (RSA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO -mbedtls_debug_print_crt:"../framework/data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n" +mbedtls_debug_print_crt:"../framework/data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: dumping 'crt->PK' (270 bytes)\nMyFile(0999)\: 0000\: 30 82 01 0a 02 82 01 01 00 a9 02 1f 3d 40 6a d5\nMyFile(0999)\: 0010\: 55 53 8b fd 36 ee 82 65 2e 15 61 5e 89 bf b8 e8\nMyFile(0999)\: 0020\: 45 90 db ee 88 16 52 d3 f1 43 50 47 96 12 59 64\nMyFile(0999)\: 0030\: 87 6b fd 2b e0 46 f9 73 be dd cf 92 e1 91 5b ed\nMyFile(0999)\: 0040\: 66 a0 6f 89 29 79 45 80 d0 83 6a d5 41 43 77 5f\nMyFile(0999)\: 0050\: 39 7c 09 04 47 82 b0 57 39 70 ed a3 ec 15 19 1e\nMyFile(0999)\: 0060\: a8 33 08 47 c1 05 42 a9 fd 4c c3 b4 df dd 06 1f\nMyFile(0999)\: 0070\: 4d 10 51 40 67 73 13 0f 40 f8 6d 81 25 5f 0a b1\nMyFile(0999)\: 0080\: 53 c6 30 7e 15 39 ac f9 5a ee 7f 92 9e a6 05 5b\nMyFile(0999)\: 0090\: e7 13 97 85 b5 23 92 d9 d4 24 06 d5 09 25 89 75\nMyFile(0999)\: 00a0\: 07 dd a6 1a 8f 3f 09 19 be ad 65 2c 64 eb 95 9b\nMyFile(0999)\: 00b0\: dc fe 41 5e 17 a6 da 6c 5b 69 cc 02 ba 14 2c 16\nMyFile(0999)\: 00c0\: 24 9c 4a dc cd d0 f7 52 67 73 f1 2d a0 23 fd 7e\nMyFile(0999)\: 00d0\: f4 31 ca 2d 70 ca 89 0b 04 db 2e a6 4f 70 6e 9e\nMyFile(0999)\: 00e0\: ce bd 58 89 e2 53 59 9e 6e 5a 92 65 e2 88 3f 0c\nMyFile(0999)\: 00f0\: 94 19 a3 dd e5 e8 9d 95 13 ed 29 db ab 70 12 dc\nMyFile(0999)\: 0100\: 5a ca 6b 17 ab 52 82 54 b1 02 03 01 00 01 \n" Debug print certificate #2 (EC) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_debug_print_crt:"../framework/data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n" +mbedtls_debug_print_crt:"../framework/data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: dumping 'crt->PK' (97 bytes)\nMyFile(0999)\: 0000\: 04 c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29\nMyFile(0999)\: 0010\: 43 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91\nMyFile(0999)\: 0020\: 95 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c\nMyFile(0999)\: 0030\: 2d 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e\nMyFile(0999)\: 0040\: 58 b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7\nMyFile(0999)\: 0050\: 47 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33\nMyFile(0999)\: 0060\: 1e \n" From af62bae5c1308be93cc2550f541ec132c5bae756 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Dec 2025 09:41:41 +0100 Subject: [PATCH 1255/1548] library: debug: add PK_WRITE_C guard to mbedtls_debug_print_crt() In tf-psa-crypto "mbedtls_pk_write_pubkey_psa()" is only available when MBEDTLS_PK_WRITE_C is defined. Therefore we need to add this guard also in mbedtls to "debug_print_pk" (and indirectly to "mbedtls_debug_print_crt") and the corresponding tests using it. Signed-off-by: Valerio Setti --- library/debug.c | 5 +++-- tests/suites/test_suite_debug.function | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/library/debug.c b/library/debug.c index 561ce5128f..8ac4b0ba54 100644 --- a/library/debug.c +++ b/library/debug.c @@ -178,7 +178,8 @@ void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, MBEDTLS_DEBUG_PRINT_BUF_ADD_TEXT); } -#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) && \ + defined(MBEDTLS_PK_WRITE_C) static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const mbedtls_pk_context *pk) @@ -250,6 +251,6 @@ void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, crt = crt->next; } } -#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_REMOVE_INFO */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_REMOVE_INFO && MBEDTLS_PK_WRITE_C */ #endif /* MBEDTLS_DEBUG_C */ diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 05b0112b93..5ec21015fc 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -245,7 +245,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_PK_WRITE_C */ void mbedtls_debug_print_crt(char *crt_file, char *file, int line, char *prefix, char *result_str) { From d040eb823e6a3faad30762927f899fa934225b28 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Dec 2025 14:43:28 +0100 Subject: [PATCH 1256/1548] include: debug: fix guards for MBEDTLS_SSL_DEBUG_CRT Guards for "mbedtls_debug_print_crt()" were updated in previous commit, but those changes were not applied to MBEDTLS_SSL_DEBUG_CRT therefore causing build failures in the CI. This commit fixes the problem. Signed-off-by: Valerio Setti --- include/mbedtls/debug.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index bdfc597e0c..ecab1023f9 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -28,14 +28,13 @@ #define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) \ mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len) -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if !defined(MBEDTLS_X509_REMOVE_INFO) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) && \ + defined(MBEDTLS_PK_WRITE_C) #define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \ mbedtls_debug_print_crt(ssl, level, __FILE__, __LINE__, text, crt) #else #define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0) -#endif /* MBEDTLS_X509_REMOVE_INFO */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_INFO && MBEDTLS_PK_WRITE_C */ #else /* MBEDTLS_DEBUG_C */ From 2af638a1770c1348d8bc255ca015033553c7328d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 Dec 2025 14:56:59 +0100 Subject: [PATCH 1257/1548] library: debug: fix print format in mbedtls_debug_print_buf_ext() %zu creates problem in MinGW testing. Use MBEDTLS_PRINTF_SIZET intead. Signed-off-by: Valerio Setti --- include/mbedtls/debug.h | 2 ++ library/debug.c | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index ecab1023f9..e11f373831 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -89,10 +89,12 @@ #if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) #include #define MBEDTLS_PRINTF_SIZET PRIuPTR + #define MBEDTLS_PRINTF_SIZET_HEX PRIxPTR #define MBEDTLS_PRINTF_LONGLONG "I64d" #else \ /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */ #define MBEDTLS_PRINTF_SIZET "zu" + #define MBEDTLS_PRINTF_SIZET_HEX "zx" #define MBEDTLS_PRINTF_LONGLONG "lld" #endif \ /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */ diff --git a/library/debug.c b/library/debug.c index 8ac4b0ba54..0721d60a14 100644 --- a/library/debug.c +++ b/library/debug.c @@ -154,12 +154,13 @@ static void mbedtls_debug_print_buf_ext(const mbedtls_ssl_context *ssl, int leve return; } - mbedtls_snprintf(str, sizeof(str), "dumping '%s' (%zu bytes)\n", text, len); + mbedtls_snprintf(str, sizeof(str), "dumping '%s' (%" MBEDTLS_PRINTF_SIZET " bytes)\n", + text, len); debug_send_line(ssl, level, file, line, str); while (len > 0) { memset(str, 0, sizeof(str)); - idx = mbedtls_snprintf(str, sizeof(str), "%04zx: ", curr_offset); + idx = mbedtls_snprintf(str, sizeof(str), "%04" MBEDTLS_PRINTF_SIZET_HEX ": ", curr_offset); chunk_len = (len >= 16) ? 16 : len; mbedtls_debug_print_buf_one_line(str + idx, sizeof(str) - idx, &buf[curr_offset], chunk_len, From ebbaca0a992365c88869df67247a3519b0709b2b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 7 Jan 2026 18:04:43 +0100 Subject: [PATCH 1258/1548] library: debug: adjust guards for "mbedtls_debug_print_crt" Keep MBEDTLS_PK_WRITE_C as guard only for "debug_print_pk" but let "mbedtls_debug_print_crt" to work also when MBEDTLS_PK_WRITE_C is disabled. In this case the only public key won't be printed, but the rest of the certificate will be. This commit also updates test coverage by duplicating test cases: now there will be one case for when MBEDTLS_PK_WRITE_C is enabled and another one for !MBEDTLS_PK_WRITE_C. Signed-off-by: Valerio Setti --- include/mbedtls/debug.h | 5 ++--- library/debug.c | 10 +++++++--- tests/suites/test_suite_debug.data | 14 ++++++++++++-- tests/suites/test_suite_debug.function | 2 +- 4 files changed, 22 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index e11f373831..87ea6c3150 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -28,13 +28,12 @@ #define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) \ mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len) -#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) && \ - defined(MBEDTLS_PK_WRITE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) #define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \ mbedtls_debug_print_crt(ssl, level, __FILE__, __LINE__, text, crt) #else #define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0) -#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_INFO && MBEDTLS_PK_WRITE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_INFO */ #else /* MBEDTLS_DEBUG_C */ diff --git a/library/debug.c b/library/debug.c index 0721d60a14..e622ac9ed4 100644 --- a/library/debug.c +++ b/library/debug.c @@ -179,8 +179,9 @@ void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, MBEDTLS_DEBUG_PRINT_BUF_ADD_TEXT); } -#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) && \ - defined(MBEDTLS_PK_WRITE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) + +#if defined(MBEDTLS_PK_WRITE_C) static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const mbedtls_pk_context *pk) @@ -198,6 +199,7 @@ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, "failed to export public key from PK context"); } } +#endif /* MBEDTLS_PK_WRITE_C */ static void debug_print_line_by_line(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text) @@ -247,11 +249,13 @@ void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt); debug_print_line_by_line(ssl, level, file, line, buf); +#if defined(MBEDTLS_PK_WRITE_C) debug_print_pk(ssl, level, file, line, "crt->PK", &crt->pk); +#endif /* MBEDTLS_PK_WRITE_C */ crt = crt->next; } } -#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_REMOVE_INFO && MBEDTLS_PK_WRITE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_REMOVE_INFO */ #endif /* MBEDTLS_DEBUG_C */ diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index 0e2163be9f..3d72056528 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -47,9 +47,19 @@ Debug print buffer #5 mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n" Debug print certificate #1 (RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_PK_WRITE_C mbedtls_debug_print_crt:"../framework/data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: dumping 'crt->PK' (270 bytes)\nMyFile(0999)\: 0000\: 30 82 01 0a 02 82 01 01 00 a9 02 1f 3d 40 6a d5\nMyFile(0999)\: 0010\: 55 53 8b fd 36 ee 82 65 2e 15 61 5e 89 bf b8 e8\nMyFile(0999)\: 0020\: 45 90 db ee 88 16 52 d3 f1 43 50 47 96 12 59 64\nMyFile(0999)\: 0030\: 87 6b fd 2b e0 46 f9 73 be dd cf 92 e1 91 5b ed\nMyFile(0999)\: 0040\: 66 a0 6f 89 29 79 45 80 d0 83 6a d5 41 43 77 5f\nMyFile(0999)\: 0050\: 39 7c 09 04 47 82 b0 57 39 70 ed a3 ec 15 19 1e\nMyFile(0999)\: 0060\: a8 33 08 47 c1 05 42 a9 fd 4c c3 b4 df dd 06 1f\nMyFile(0999)\: 0070\: 4d 10 51 40 67 73 13 0f 40 f8 6d 81 25 5f 0a b1\nMyFile(0999)\: 0080\: 53 c6 30 7e 15 39 ac f9 5a ee 7f 92 9e a6 05 5b\nMyFile(0999)\: 0090\: e7 13 97 85 b5 23 92 d9 d4 24 06 d5 09 25 89 75\nMyFile(0999)\: 00a0\: 07 dd a6 1a 8f 3f 09 19 be ad 65 2c 64 eb 95 9b\nMyFile(0999)\: 00b0\: dc fe 41 5e 17 a6 da 6c 5b 69 cc 02 ba 14 2c 16\nMyFile(0999)\: 00c0\: 24 9c 4a dc cd d0 f7 52 67 73 f1 2d a0 23 fd 7e\nMyFile(0999)\: 00d0\: f4 31 ca 2d 70 ca 89 0b 04 db 2e a6 4f 70 6e 9e\nMyFile(0999)\: 00e0\: ce bd 58 89 e2 53 59 9e 6e 5a 92 65 e2 88 3f 0c\nMyFile(0999)\: 00f0\: 94 19 a3 dd e5 e8 9d 95 13 ed 29 db ab 70 12 dc\nMyFile(0999)\: 0100\: 5a ca 6b 17 ab 52 82 54 b1 02 03 01 00 01 \n" +# Same as above, but with !MBEDTLS_PK_WRITE_C +Debug print certificate #1.1 (RSA) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO:!MBEDTLS_PK_WRITE_C +mbedtls_debug_print_crt:"../framework/data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\n" + Debug print certificate #2 (EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_PK_WRITE_C mbedtls_debug_print_crt:"../framework/data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: dumping 'crt->PK' (97 bytes)\nMyFile(0999)\: 0000\: 04 c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29\nMyFile(0999)\: 0010\: 43 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91\nMyFile(0999)\: 0020\: 95 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c\nMyFile(0999)\: 0030\: 2d 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e\nMyFile(0999)\: 0040\: 58 b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7\nMyFile(0999)\: 0050\: 47 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33\nMyFile(0999)\: 0060\: 1e \n" + +# Same as above, but with !MBEDTLS_PK_WRITE_C +Debug print certificate #2.1 (EC) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO:!MBEDTLS_PK_WRITE_C +mbedtls_debug_print_crt:"../framework/data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\n" diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 5ec21015fc..05b0112b93 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -245,7 +245,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_PK_WRITE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_TLS_C:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void mbedtls_debug_print_crt(char *crt_file, char *file, int line, char *prefix, char *result_str) { From 4d62c59a56c9b7108c0d6df84148a090fdf8412d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 8 Jan 2026 10:26:44 +0100 Subject: [PATCH 1259/1548] tests: scripts: add new component to test with only pkwrite disabled This is similar to the already existing "component_full_no_pkparse_pkwrite". The biggest difference is that this new component starts from "full" config instead of "crypto_full" because we want to test also some TLS modules, in particular "test_suite_debug" where the new function "mbedtls_pk_write_pubkey_psa" has been introduced. Signed-off-by: Valerio Setti --- .../components-configuration-crypto.sh | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index d1ce15e40a..c50dbd07c4 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -276,6 +276,26 @@ component_full_no_pkparse_pkwrite () { $MAKE_COMMAND test } +component_full_no_pkwrite () { + msg "build: full without pkwrite" + + # Using "full" config here instead of "crypto_full" as in "component_full_no_pkparse_pkwrite" + # because here we would like to run "test_suite_debug" test cases. + scripts/config.py full + scripts/config.py unset MBEDTLS_PK_WRITE_C + # Disable modules that depend on PK_WRITE_C + scripts/config.py unset MBEDTLS_X509_CRT_WRITE_C + scripts/config.py unset MBEDTLS_X509_CSR_WRITE_C + + $MAKE_COMMAND CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + + # Ensure that PK_WRITE_C was not re-enabled accidentally (additive config). + not grep mbedtls_pk_write_key_der ${BUILTIN_SRC_PATH}/pkwrite.o + + msg "test: full without pkwrite" + $MAKE_COMMAND test +} + component_test_crypto_full_md_light_only () { msg "build: crypto_full with only the light subset of MD" scripts/config.py crypto_full From 059aac8680aada69bd83c3577057aa9d92e213ae Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 8 Jan 2026 14:25:19 +0100 Subject: [PATCH 1260/1548] tests: scripts: build with cmake in all components using Asan Signed-off-by: Valerio Setti --- .../components-configuration-crypto.sh | 59 ++++++++++++------- 1 file changed, 37 insertions(+), 22 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index c50dbd07c4..11746b0da8 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -234,10 +234,12 @@ component_test_psa_external_rng_no_drbg_use_psa () { scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Requires HMAC_DRBG - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . + make msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" - $MAKE_COMMAND test + make test msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)" tests/ssl-opt.sh -f 'Default\|opaque' @@ -250,10 +252,12 @@ component_test_psa_external_rng_use_psa_crypto () { scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . + make msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" - $MAKE_COMMAND test + make test msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" tests/ssl-opt.sh -f 'Default\|opaque' @@ -266,14 +270,15 @@ component_full_no_pkparse_pkwrite () { scripts/config.py unset MBEDTLS_PK_PARSE_C scripts/config.py unset MBEDTLS_PK_WRITE_C - $MAKE_COMMAND CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . + make # Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config). not grep mbedtls_pk_parse_key ${BUILTIN_SRC_PATH}/pkparse.o not grep mbedtls_pk_write_key_der ${BUILTIN_SRC_PATH}/pkwrite.o msg "test: full without pkparse and pkwrite" - $MAKE_COMMAND test + make test } component_full_no_pkwrite () { @@ -287,13 +292,14 @@ component_full_no_pkwrite () { scripts/config.py unset MBEDTLS_X509_CRT_WRITE_C scripts/config.py unset MBEDTLS_X509_CSR_WRITE_C - $MAKE_COMMAND CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . + make # Ensure that PK_WRITE_C was not re-enabled accidentally (additive config). not grep mbedtls_pk_write_key_der ${BUILTIN_SRC_PATH}/pkwrite.o msg "test: full without pkwrite" - $MAKE_COMMAND test + make test } component_test_crypto_full_md_light_only () { @@ -313,14 +319,15 @@ component_test_crypto_full_md_light_only () { # Note: MD-light is auto-enabled in build_info.h by modules that need it, # which we haven't disabled, so no need to explicitly enable it. - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . + make # Make sure we don't have the HMAC functions, but the hashing functions not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o grep mbedtls_md ${BUILTIN_SRC_PATH}/md.o msg "test: crypto_full with only the light subset of MD" - $MAKE_COMMAND test + make test } component_test_full_no_cipher () { @@ -456,10 +463,11 @@ component_test_everest_curve25519_only () { scripts/config.py unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255 - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . + make msg "test: Everest ECDH context, only Curve25519" # ~ 50s - $MAKE_COMMAND test + make test } component_test_psa_collect_statuses () { @@ -1286,7 +1294,8 @@ component_test_tfm_config_p256m_driver_accel_ec () { common_tfm_config # Build crypto library - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../framework/tests/include/spe" LDFLAGS="$ASAN_CFLAGS" + CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../framework/tests/include/spe" cmake -D CMAKE_BUILD_TYPE:String=Asan . + make # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o @@ -1305,7 +1314,7 @@ component_test_tfm_config_p256m_driver_accel_ec () { # Run the tests msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA" - $MAKE_COMMAND test + make test } # Keep this in sync with component_test_tfm_config_p256m_driver_accel_ec() as @@ -1353,10 +1362,11 @@ build_and_test_psa_want_key_pair_partial () { # crypto_config.h so we just disable the one we don't want. scripts/config.py unset "$disabled_psa_want" - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . + make msg "test: $base_config - ${disabled_psa_want}" - $MAKE_COMMAND test + make test } component_test_psa_ecc_key_pair_no_derive () { @@ -1881,10 +1891,12 @@ component_test_aead_chachapoly_disabled () { msg "build: full minus CHACHAPOLY" scripts/config.py full scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . + make msg "test: full minus CHACHAPOLY" - $MAKE_COMMAND test + make test } component_test_aead_only_ccm () { @@ -1892,10 +1904,12 @@ component_test_aead_only_ccm () { scripts/config.py full scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 scripts/config.py unset PSA_WANT_ALG_GCM - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . + make msg "test: full minus CHACHAPOLY and GCM" - $MAKE_COMMAND test + make test } component_test_ccm_aes_sha256 () { @@ -2345,10 +2359,11 @@ component_test_psa_crypto_drivers () { loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" loc_cflags="${loc_cflags} -I../framework/tests/include" - $MAKE_COMMAND CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + CC=$ASAN_CC CFLAGS="${loc_cflags}" cmake -D CMAKE_BUILD_TYPE:String=Asan . + make msg "test: full + test drivers dispatching to builtins" - $MAKE_COMMAND test + make test } component_build_psa_config_file () { From fca232cb2547cd4a03f44f95db7a81fdc601a727 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 Jan 2026 19:10:21 +0100 Subject: [PATCH 1261/1548] Update tf-psa-crypto with makefile helpers Signed-off-by: Gilles Peskine --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index ae74d3276a..2025c77606 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit ae74d3276a75c2419ee51621150006bd8fd3883c +Subproject commit 2025c776064a418406cb83d66fff06624d0e3734 From e23b6e4dc84ea5baf8e29b71a21ada2383eb1fc5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 18 Dec 2025 22:22:33 +0100 Subject: [PATCH 1262/1548] Use the crypto makefile helpers in tf-psa-crypto Now that the crypto files have been moved to the crypto repository, consume them there. Signed-off-by: Gilles Peskine --- library/Makefile | 4 ++-- programs/Makefile | 2 +- scripts/common.make | 2 +- tests/Makefile | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/Makefile b/library/Makefile index 17155c80ad..ad2854ad3a 100644 --- a/library/Makefile +++ b/library/Makefile @@ -36,7 +36,7 @@ This is a fatal error endif include $(MBEDTLS_PATH)/framework/exported.make -include $(MBEDTLS_PATH)/scripts/crypto-common.make +include $(MBEDTLS_PATH)/tf-psa-crypto/scripts/crypto-common.make # For the time being, Mbed TLS uses non-public interfaces of TF-PSA-Crypto, # so we include both public and internal headers. @@ -155,7 +155,7 @@ else all: shared static endif -include crypto-library.make +include $(TF_PSA_CRYPTO_CORE_PATH)/crypto-library.make static: libmbedcrypto.a libmbedx509.a libmbedtls.a cd ../tests && echo "This is a seedfile that contains 64 bytes (65 on Windows)......" > seedfile diff --git a/programs/Makefile b/programs/Makefile index b1aee9c57a..36679dcb0f 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -29,7 +29,7 @@ endif # before including crypto-programs.make. default: all -include crypto-programs.make +include $(TF_PSA_CRYPTO_PATH)/programs/crypto-programs.make LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs diff --git a/scripts/common.make b/scripts/common.make index 18dd29d2ed..cc63bb7e77 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -29,7 +29,7 @@ This is a fatal error endif include $(MBEDTLS_PATH)/framework/exported.make -include $(MBEDTLS_PATH)/scripts/crypto-common.make +include $(MBEDTLS_PATH)/tf-psa-crypto/scripts/crypto-common.make # To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS diff --git a/tests/Makefile b/tests/Makefile index 2a7040279f..b24c4ef9e2 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -8,7 +8,7 @@ TEST_FLAGS ?= $(if $(filter-out 0 OFF Off off NO No no FALSE False false N n,$(C # before including crypto-programs.make. default: all -include crypto-tests.make +include $(TF_PSA_CRYPTO_PATH)/tests/crypto-tests.make # Also include private headers, for the sake of invasive tests. LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/library From 4ffb2992081b6f67629e0a96cf6246ffd313e1fb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 Jan 2026 19:10:21 +0100 Subject: [PATCH 1263/1548] Remove local copies of makefile helpers Signed-off-by: Gilles Peskine --- library/crypto-library.make | 42 ------------ programs/crypto-programs.make | 52 --------------- scripts/crypto-common.make | 99 ---------------------------- tests/crypto-tests.make | 121 ---------------------------------- 4 files changed, 314 deletions(-) delete mode 100644 library/crypto-library.make delete mode 100644 programs/crypto-programs.make delete mode 100644 scripts/crypto-common.make delete mode 100644 tests/crypto-tests.make diff --git a/library/crypto-library.make b/library/crypto-library.make deleted file mode 100644 index 826b118ca2..0000000000 --- a/library/crypto-library.make +++ /dev/null @@ -1,42 +0,0 @@ -# Helper code for library/Makefile in Mbed TLS. -# This file is only meant to be included by library/Makefile in Mbed TLS and -# is unlikely to work in another context. - -# List the generated files from crypto that are needed in the build, -# because we don't have the list in a consumable form. -TF_PSA_CRYPTO_LIBRARY_GENERATED_FILES := \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c \ - $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_before.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_final.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config_check_user.h - -GENERATED_WRAPPER_FILES = \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h \ - $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.c -$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/generate_driver_wrappers.py -$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja -$(GENERATED_WRAPPER_FILES): ../tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja -$(GENERATED_WRAPPER_FILES): - echo " Gen $(GENERATED_WRAPPER_FILES)" - $(PYTHON) ../tf-psa-crypto/scripts/generate_driver_wrappers.py $(TF_PSA_CRYPTO_CORE_PATH) - -$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o:$(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers.h - -TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES = $(shell $(PYTHON) \ - $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ - --list $(TF_PSA_CRYPTO_CORE_PATH)) -$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): $(gen_file_dep) \ - $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py \ - ../framework/scripts/mbedtls_framework/config_checks_generator.py -$(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES): - echo " Gen $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES)" - $(PYTHON) $(TF_PSA_CRYPTO_CORE_PATH)/../scripts/generate_config_checks.py - -$(TF_PSA_CRYPTO_CORE_PATH)/tf_psa_crypto_config.o: $(TF_PSA_CRYPTO_GENERATED_CONFIG_CHECK_FILES) - -TF_PSA_CRYPTO_LIBRARY_OBJS := $(patsubst %.c, %.o,$(wildcard $(TF_PSA_CRYPTO_CORE_PATH)/*.c $(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH)/*.c)) -TF_PSA_CRYPTO_LIBRARY_GENERATED_OBJS = $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o -TF_PSA_CRYPTO_LIBRARY_OBJS := $(filter-out $(TF_PSA_CRYPTO_LIBRARY_GENERATED_OBJS),$(TF_PSA_CRYPTO_LIBRARY_OBJS)) -TF_PSA_CRYPTO_LIBRARY_OBJS += $(TF_PSA_CRYPTO_LIBRARY_GENERATED_OBJS) -TF_PSA_CRYPTO_LIBRARY_OBJS+=$(THIRDPARTY_CRYPTO_OBJECTS) diff --git a/programs/crypto-programs.make b/programs/crypto-programs.make deleted file mode 100644 index 37a759ca7d..0000000000 --- a/programs/crypto-programs.make +++ /dev/null @@ -1,52 +0,0 @@ -# Helper code for programs/Makefile in Mbed TLS. -# This file is only meant to be included by programs/Makefile in Mbed TLS and -# is unlikely to work in another context. - -TF_PSA_CRYPTO_PROGRAMS_GENERATED_FILES := \ - $(TF_PSA_CRYPTO_PATH)/programs/psa/psa_constant_names_generated.c - -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/scripts/generate_psa_constants.py -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_values.h -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_extra.h -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data -../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: - echo " Gen $@" - cd ../tf-psa-crypto; $(PYTHON) ./scripts/generate_psa_constants.py - -TF_PSA_CRYPTO_APPS := \ - $(TF_PSA_CRYPTO_PATH)/programs/psa/aead_demo \ - $(TF_PSA_CRYPTO_PATH)/programs/psa/crypto_examples \ - $(TF_PSA_CRYPTO_PATH)/programs/psa/hmac_demo \ - $(TF_PSA_CRYPTO_PATH)/programs/psa/key_ladder_demo \ - $(TF_PSA_CRYPTO_PATH)/programs/psa/psa_constant_names \ - $(TF_PSA_CRYPTO_PATH)/programs/psa/psa_hash \ - $(TF_PSA_CRYPTO_PATH)/programs/test/which_aes \ -# End of APPS - -../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP) - echo " CC psa/aead_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/crypto_examples$(EXEXT): ../tf-psa-crypto/programs/psa/crypto_examples.c $(DEP) - echo " CC psa/crypto_examples.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/crypto_examples.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/hmac_demo$(EXEXT): ../tf-psa-crypto/programs/psa/hmac_demo.c $(DEP) - echo " CC psa/hmac_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/key_ladder_demo$(EXEXT): ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(DEP) - echo " CC psa/key_ladder_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/key_ladder_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/psa_constant_names$(EXEXT): ../tf-psa-crypto/programs/psa/psa_constant_names.c ../tf-psa-crypto/programs/psa/psa_constant_names_generated.c $(DEP) - echo " CC psa/psa_constant_names.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/psa/psa_hash$(EXEXT): ../tf-psa-crypto/programs/psa/psa_hash.c $(DEP) - echo " CC psa/psa_hash.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -../tf-psa-crypto/programs/test/which_aes$(EXEXT): ../tf-psa-crypto/programs/test/which_aes.c $(DEP) - echo " CC test/which_aes.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/test/which_aes.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/scripts/crypto-common.make b/scripts/crypto-common.make deleted file mode 100644 index c5c24e2b09..0000000000 --- a/scripts/crypto-common.make +++ /dev/null @@ -1,99 +0,0 @@ -# Helper code for the make build system in Mbed TLS: define some variables -# providing information such as file paths. -# This file is only meant to exist for a short transition period. -# It may change or be removed without notice. -# Do not use it if you are not Mbed TLS! - -# Assume that this makefile is located in a first-level subdirectory of the -# Mbed TLS root, and is accessed directly (not via VPATH or such). -# If this is not the case, TF_PSA_CRYPTO_PATH or MBEDTLS_PATH must be defined -# before including this file. -ifneq ($(origin TF_PSA_CRYPTO_PATH), undefined) - # TF_PSA_CRYPTO_PATH was defined before including this file, good. -else ifneq ($(origin MBEDTLS_PATH), undefined) - TF_PSA_CRYPTO_PATH := $(MBEDTLS_PATH)/tf-psa-crypto -else - # $(dir $(lastword $(MAKEFILE_LIST))) is the path to this file, possibly - # a relative path, with a trailing slash. Strip off another directory - # from that. - TF_PSA_CRYPTO_PATH := $(patsubst %/,%,$(dir $(patsubst %/,%,$(dir $(lastword $(MAKEFILE_LIST))))))/tf-psa-crypto -endif - -ifeq (,$(wildcard $(TF_PSA_CRYPTO_PATH)/core/psa_crypto.c)) - $(error $$(TF_PSA_CRYPTO_PATH)/core/psa_crypto.c not found) -endif - -TF_PSA_CRYPTO_CORE_PATH = $(TF_PSA_CRYPTO_PATH)/core -TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH = $(TF_PSA_CRYPTO_PATH)/drivers/builtin/src - -# Gather information about crypto drivers that are separate from the main -# "builtin" driver (historically located in /3rdparty in Mbed TLS 2.x/3.x). -THIRDPARTY_DIR := $(TF_PSA_CRYPTO_PATH)/drivers -THIRDPARTY_INCLUDES = -include $(TF_PSA_CRYPTO_PATH)/drivers/everest/Makefile.inc -include $(TF_PSA_CRYPTO_PATH)/drivers/p256-m/Makefile.inc - -# Directories with headers of public interfaces of TF-PSA-Crypto -TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE = \ - -I$(TF_PSA_CRYPTO_PATH)/include \ - -I$(TF_PSA_CRYPTO_PATH)/drivers/builtin/include \ - $(THIRDPARTY_INCLUDES) - -# Directories with headers of internal interfaces of TF-PSA-Crypto -# (currently consumed by Mbed TLS, eventually not so when we've finished -# cleaning up) -TF_PSA_CRYPTO_LIBRARY_PRIVATE_INCLUDE = \ - -I$(TF_PSA_CRYPTO_CORE_PATH) \ - -I$(TF_PSA_CRYPTO_DRIVERS_BUILTIN_SRC_PATH) - -# Extra linker flags required by the crypto library or the platform -TF_PSA_CRYPTO_EXTRA_LDFLAGS = - -## Usage: $(call remove_enabled_options_crypto,PREPROCESSOR_INPUT) -## Remove the preprocessor symbols that are set in the current configuration -## from PREPROCESSOR_INPUT. Also normalize whitespace. -## Example: -## $(call remove_enabled_options_crypto,MBEDTLS_FOO MBEDTLS_BAR) -## This expands to an empty string "" if MBEDTLS_FOO and MBEDTLS_BAR are both -## enabled in the TF-PSA-Crypto configuration, to "MBEDTLS_FOO" if -## MBEDTLS_BAR is enabled but MBEDTLS_FOO is disabled, etc. -## -## This only works with a Unix-like shell environment (Bourne/POSIX-style shell -## and standard commands) and a Unix-like compiler (supporting -E). In -## other environments, the output is likely to be empty. -define remove_enabled_options_crypto -$(strip $(shell - exec 2>/dev/null; - { echo '#include '; echo $(1); } | - $(CC) $(TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE) $(CFLAGS) -E - | - tail -n 1 -)) -endef - -# Ensure that `THREADING` is always defined. This lets us get a clean run -# with `make --warn-undefined-variables` without making the conditionals -# below more complex than they already are. At this stage, if `$(THREADING)` -# is empty, it means we don't know yet whether the threading implementation -# requires extra `LDFLAGS`. Once we've done the analysis, if `$(THREADING)` -# is empty, it will mean that no extra `LDFLAGS` are required, either -# because threading is disabled or because the threading implementation -# doesn't require any extra `LDFLAGS`. -THREADING ?= - -ifndef WINDOWS_BUILD - ifeq ($(THREADING),) - # Auto-detect configurations with pthread. - # If the call to remove_enabled_options returns "control", the symbols - # are confirmed set and we link with pthread. - # If the auto-detection fails, the result of the call is empty and - # we keep THREADING undefined. - ifeq (control,$(call remove_enabled_options_crypto,control MBEDTLS_THREADING_C MBEDTLS_THREADING_PTHREAD)) - THREADING := pthread - endif - endif - #$(info THREADING = $(THREADING)) - - ifeq ($(THREADING),pthread) - TF_PSA_CRYPTO_EXTRA_LDFLAGS += -lpthread - endif -endif diff --git a/tests/crypto-tests.make b/tests/crypto-tests.make deleted file mode 100644 index fbfc12dbd2..0000000000 --- a/tests/crypto-tests.make +++ /dev/null @@ -1,121 +0,0 @@ -# Helper code for tests/Makefile in Mbed TLS. -# This file is only meant to be included by tests/Makefile in Mbed TLS and -# is unlikely to work in another context. - -GENERATED_BIGNUM_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../framework/scripts/generate_bignum_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_BIGNUM_DATA_FILES),FAILED) -$(error "$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list" failed) -endif -TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES) - -# generate_bignum_tests.py and generate_psa_tests.py spend more time analyzing -# inputs than generating outputs. Its inputs are the same no matter which files -# are being generated. -# It's rare not to want all the outputs. So always generate all of its outputs. -# Use an intermediate phony dependency so that parallel builds don't run -# a separate instance of the recipe for each output file. -$(GENERATED_BIGNUM_DATA_FILES): $(gen_file_dep) generated_bignum_test_data -generated_bignum_test_data: ../framework/scripts/generate_bignum_tests.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_core.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod_raw.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_case.py -generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py -generated_bignum_test_data: - echo " Gen $(GENERATED_BIGNUM_DATA_FILES)" - $(PYTHON) ../framework/scripts/generate_bignum_tests.py --directory ../tf-psa-crypto/tests/suites -.SECONDARY: generated_bignum_test_data - -GENERATED_CRYPTO_CONFIG_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_CRYPTO_CONFIG_DATA_FILES),FAILED) -$(error "$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list" failed) -endif -TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_CRYPTO_CONFIG_DATA_FILES) - -# We deliberately omit the configuration files (mbedtls_config.h, -# crypto_config.h) from the depenency list because during development -# and on the CI, we often edit those in a way that doesn't change the -# output, to comment out certain options, or even to remove certain -# lines which do affect the output negatively (it will miss the -# corresponding test cases). -$(GENERATED_CRYPTO_CONFIG_DATA_FILES): $(gen_file_dep) generated_crypto_config_test_data -generated_crypto_config_test_data: ../framework/scripts/generate_config_tests.py -generated_crypto_config_test_data: ../scripts/config.py -generated_crypto_config_test_data: ../framework/scripts/mbedtls_framework/test_case.py -generated_crypto_config_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py -generated_crypto_config_test_data: - echo " Gen $(GENERATED_CRYPTO_CONFIG_DATA_FILES)" - cd ../tf-psa-crypto && $(PYTHON) ./framework/scripts/generate_config_tests.py -.SECONDARY: generated_crypto_config_test_data - -GENERATED_ECP_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../framework/scripts/generate_ecp_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_ECP_DATA_FILES),FAILED) -$(error "$(PYTHON) ../framework/scripts/generate_ecp_tests.py --list" failed) -endif -TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_ECP_DATA_FILES) - -$(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data -generated_ecp_test_data: ../framework/scripts/generate_ecp_tests.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/ecp.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_case.py -generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py -generated_ecp_test_data: - echo " Gen $(GENERATED_ECP_DATA_FILES)" - $(PYTHON) ../framework/scripts/generate_ecp_tests.py --directory ../tf-psa-crypto/tests/suites -.SECONDARY: generated_ecp_test_data - -GENERATED_PSA_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \ - $(PYTHON) ../framework/scripts/generate_psa_tests.py --list || \ - echo FAILED \ -)) -ifeq ($(GENERATED_PSA_DATA_FILES),FAILED) -$(error "$(PYTHON) ../framework/scripts/generate_psa_tests.py --list" failed) -endif -TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES += $(GENERATED_PSA_DATA_FILES) - -$(GENERATED_PSA_DATA_FILES): $(gen_file_dep) generated_psa_test_data -generated_psa_test_data: ../framework/scripts/generate_psa_tests.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_data_tests.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_knowledge.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/macro_collector.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_information.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_storage.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_test_case.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_case.py -generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py -## The generated file only depends on the options that are present in -## crypto_config.h, not on which options are set. To avoid regenerating this -## file all the time when switching between configurations, don't declare -## crypto_config.h as a dependency. Remove this file from your working tree -## if you've just added or removed an option in crypto_config.h. -#generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_config.h -generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_values.h -generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_extra.h -generated_psa_test_data: ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data -generated_psa_test_data: - echo " Gen $(GENERATED_PSA_DATA_FILES) ..." - $(PYTHON) ../framework/scripts/generate_psa_tests.py --directory ../tf-psa-crypto/tests/suites -.SECONDARY: generated_psa_test_data - -TF_PSA_CRYPTO_TESTS_DATA_FILES = $(filter-out $(TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES), $(wildcard $(TF_PSA_CRYPTO_PATH)/tests/suites/test_suite_*.data)) -# Make sure that generated data files are included even if they don't -# exist yet when the makefile is parsed. -TF_PSA_CRYPTO_TESTS_DATA_FILES += $(TF_PSA_CRYPTO_TESTS_GENERATED_DATA_FILES) - -../tf-psa-crypto/tests/include/test/test_keys.h: ../tf-psa-crypto/framework/scripts/generate_test_keys.py - echo " Gen $@" - $(PYTHON) ../tf-psa-crypto/framework/scripts/generate_test_keys.py --output $@ - -TF_PSA_CRYPTO_TESTS_GENERATED_C_FILES = \ - ../tf-psa-crypto/tests/include/test/test_keys.h From fdccbbb91ff16f2a667e48f9d7f9b9363adc1e6f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 8 Jan 2026 17:53:56 +0100 Subject: [PATCH 1264/1548] tests: scripts: configuration-crypto: fix paths after switch to CMake Switching to CMake build caused some failures due to the fact that: - binary objects in tf-psa-crypto are not in the same location as before; - header files from "/include" are no more included when building tf-psa-crypto ojects. This commit fixes both problems. Signed-off-by: Valerio Setti --- tests/scripts/components-configuration-crypto.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 11746b0da8..a1bd9b0f8d 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -9,6 +9,8 @@ #### Configuration Testing - Crypto ################################################################ +CMAKE_BUILTIN_BUILD_DIR="tf-psa-crypto/drivers/builtin/CMakeFiles/builtin.dir/src" + component_test_psa_crypto_key_id_encodes_owner () { msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" scripts/config.py full @@ -323,8 +325,8 @@ component_test_crypto_full_md_light_only () { make # Make sure we don't have the HMAC functions, but the hashing functions - not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o - grep mbedtls_md ${BUILTIN_SRC_PATH}/md.o + not grep mbedtls_md_hmac ${CMAKE_BUILTIN_BUILD_DIR}/md.c.o + grep mbedtls_md ${CMAKE_BUILTIN_BUILD_DIR}/md.c.o msg "test: crypto_full with only the light subset of MD" make test @@ -2356,8 +2358,8 @@ component_test_psa_crypto_drivers () { # config_adjust_test_accelerators.h for more information. msg "build: full + test drivers dispatching to builtins" scripts/config.py full - loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" - loc_cflags="${loc_cflags} -I../framework/tests/include" + loc_cflags="-DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" + loc_cflags="${loc_cflags} -I../framework/tests/include -I${MBEDTLS_ROOT_DIR}/include" CC=$ASAN_CC CFLAGS="${loc_cflags}" cmake -D CMAKE_BUILD_TYPE:String=Asan . make From 5aba22b3dfa6439a6144e8e3f355c9ea78bea531 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 9 Jan 2026 22:52:45 +0100 Subject: [PATCH 1265/1548] tests: scripts: configuration-crypto: fix paths for "not grep" A switch has recently been made from make to cmake to build these tests but paths for "not grep" were not properly updated. Signed-off-by: Valerio Setti --- tests/scripts/components-configuration-crypto.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index a1bd9b0f8d..2501a1dcfc 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -276,8 +276,8 @@ component_full_no_pkparse_pkwrite () { make # Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config). - not grep mbedtls_pk_parse_key ${BUILTIN_SRC_PATH}/pkparse.o - not grep mbedtls_pk_write_key_der ${BUILTIN_SRC_PATH}/pkwrite.o + not grep mbedtls_pk_parse_key ${CMAKE_BUILTIN_BUILD_DIR}/pkparse.c.o + not grep mbedtls_pk_write_key_der ${CMAKE_BUILTIN_BUILD_DIR}/pkwrite.c.o msg "test: full without pkparse and pkwrite" make test @@ -298,7 +298,7 @@ component_full_no_pkwrite () { make # Ensure that PK_WRITE_C was not re-enabled accidentally (additive config). - not grep mbedtls_pk_write_key_der ${BUILTIN_SRC_PATH}/pkwrite.o + not grep mbedtls_pk_write_key_der ${CMAKE_BUILTIN_BUILD_DIR}/pkwrite.c.o msg "test: full without pkwrite" make test From 2481daa309da5d51ffeae42ccf7dcd587dda721f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 9 Dec 2025 08:11:28 +0000 Subject: [PATCH 1266/1548] Replace mbedtls_pk_get_name with pk_key_type_to_string Signed-off-by: Ben Taylor --- include/mbedtls/x509.h | 10 ++++++++++ library/x509.c | 17 +++++++++++++++++ library/x509_crt.c | 2 +- library/x509_csr.c | 2 +- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 4 ++-- 6 files changed, 32 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 8b6a1daee5..17890f892b 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -315,6 +315,16 @@ mbedtls_x509_san_list; */ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn); + +/** + * \brief Convert the pk_key_type to a string. + * + * \param[in] pk A mbedtls_pk_context struct containing the pk_key_type to + convert + * \return A pointer to a string containing the pk_key_type. + */ +const char *pk_key_type_to_string(const mbedtls_pk_context *pk); + /** * \brief Convert the certificate DN string \p name into * a linked list of mbedtls_x509_name (equivalent to diff --git a/library/x509.c b/library/x509.c index 1adff8fafc..6b7868dfc7 100644 --- a/library/x509.c +++ b/library/x509.c @@ -122,6 +122,23 @@ int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, return 0; } +/* + * Convert pk_key_type to a string + */ +const char *pk_key_type_to_string(const mbedtls_pk_context *pk) +{ + psa_key_type_t key_type; + + key_type = mbedtls_pk_get_key_type(pk); + if(PSA_KEY_TYPE_IS_RSA(key_type)){ + return "RSA"; + } else if(PSA_KEY_TYPE_IS_ECC(key_type)){ + return "EC"; + } else { + return "NONE"; + } +} + /* * Convert md type to string */ diff --git a/library/x509_crt.c b/library/x509_crt.c index 61dca746a3..d6411c6fe1 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1806,7 +1806,7 @@ int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, /* Key size */ if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, - mbedtls_pk_get_name(&crt->pk))) != 0) { + pk_key_type_to_string(&crt->pk))) != 0) { return ret; } diff --git a/library/x509_csr.c b/library/x509_csr.c index 32a3bb2e78..781d73804b 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -551,7 +551,7 @@ int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, MBEDTLS_X509_SAFE_SNPRINTF; if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, - mbedtls_pk_get_name(&csr->pk))) != 0) { + pk_key_type_to_string(&csr->pk))) != 0) { return ret; } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index b099fded5a..c359d16586 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1770,7 +1770,7 @@ int main(int argc, char *argv[]) mbedtls_printf(" ok (key type: %s)\n", strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ? - mbedtls_pk_get_name(&pkey) : "none"); + pk_key_type_to_string(&pkey) : "none"); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ /* diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 64fd45952f..ec5c0413f9 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2723,8 +2723,8 @@ int main(int argc, char *argv[]) } mbedtls_printf(" ok (key types: %s, %s)\n", - key_cert_init ? mbedtls_pk_get_name(&pkey) : "none", - key_cert_init2 ? mbedtls_pk_get_name(&pkey2) : "none"); + key_cert_init ? pk_key_type_to_string(&pkey) : "none", + key_cert_init2 ? pk_key_type_to_string(&pkey2) : "none"); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(SNI_OPTION) From f9b95cedaa95f8efdb5da5c6a1c8f7dece2c4801 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 9 Dec 2025 08:22:42 +0000 Subject: [PATCH 1267/1548] Fix style issues Signed-off-by: Ben Taylor --- include/mbedtls/x509.h | 2 +- library/x509.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 17890f892b..0fedd3ffa7 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -319,7 +319,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn); /** * \brief Convert the pk_key_type to a string. * - * \param[in] pk A mbedtls_pk_context struct containing the pk_key_type to + * \param[in] pk A mbedtls_pk_context struct containing the pk_key_type to convert * \return A pointer to a string containing the pk_key_type. */ diff --git a/library/x509.c b/library/x509.c index 6b7868dfc7..b55214f076 100644 --- a/library/x509.c +++ b/library/x509.c @@ -130,9 +130,9 @@ const char *pk_key_type_to_string(const mbedtls_pk_context *pk) psa_key_type_t key_type; key_type = mbedtls_pk_get_key_type(pk); - if(PSA_KEY_TYPE_IS_RSA(key_type)){ + if (PSA_KEY_TYPE_IS_RSA(key_type)) { return "RSA"; - } else if(PSA_KEY_TYPE_IS_ECC(key_type)){ + } else if (PSA_KEY_TYPE_IS_ECC(key_type)) { return "EC"; } else { return "NONE"; From 837a3cec4049a8f1e328125f3404188043f9d843 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 9 Dec 2025 14:51:42 +0000 Subject: [PATCH 1268/1548] rename function Signed-off-by: Ben Taylor --- include/mbedtls/x509.h | 2 +- library/x509.c | 2 +- library/x509_crt.c | 2 +- library/x509_csr.c | 2 +- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 4 ++-- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 0fedd3ffa7..fca706f13b 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -323,7 +323,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn); convert * \return A pointer to a string containing the pk_key_type. */ -const char *pk_key_type_to_string(const mbedtls_pk_context *pk); +const char *mbedtls_pk_key_type_to_string(const mbedtls_pk_context *pk); /** * \brief Convert the certificate DN string \p name into diff --git a/library/x509.c b/library/x509.c index b55214f076..6ec1bb13df 100644 --- a/library/x509.c +++ b/library/x509.c @@ -125,7 +125,7 @@ int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, /* * Convert pk_key_type to a string */ -const char *pk_key_type_to_string(const mbedtls_pk_context *pk) +const char *mbedtls_pk_key_type_to_string(const mbedtls_pk_context *pk) { psa_key_type_t key_type; diff --git a/library/x509_crt.c b/library/x509_crt.c index d6411c6fe1..48ebb12bab 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1806,7 +1806,7 @@ int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, /* Key size */ if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, - pk_key_type_to_string(&crt->pk))) != 0) { + mbedtls_pk_key_type_to_string(&crt->pk))) != 0) { return ret; } diff --git a/library/x509_csr.c b/library/x509_csr.c index 781d73804b..94b22372ed 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -551,7 +551,7 @@ int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, MBEDTLS_X509_SAFE_SNPRINTF; if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, - pk_key_type_to_string(&csr->pk))) != 0) { + mbedtls_pk_key_type_to_string(&csr->pk))) != 0) { return ret; } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index c359d16586..b2db36f676 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1770,7 +1770,7 @@ int main(int argc, char *argv[]) mbedtls_printf(" ok (key type: %s)\n", strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ? - pk_key_type_to_string(&pkey) : "none"); + mbedtls_pk_key_type_to_string(&pkey) : "none"); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ /* diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index ec5c0413f9..a44c38c436 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2723,8 +2723,8 @@ int main(int argc, char *argv[]) } mbedtls_printf(" ok (key types: %s, %s)\n", - key_cert_init ? pk_key_type_to_string(&pkey) : "none", - key_cert_init2 ? pk_key_type_to_string(&pkey2) : "none"); + key_cert_init ? mbedtls_pk_key_type_to_string(&pkey) : "none", + key_cert_init2 ? mbedtls_pk_key_type_to_string(&pkey2) : "none"); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(SNI_OPTION) From 81deeb8a5a1da1d2795222113fca717e403263b7 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 11 Dec 2025 10:46:40 +0000 Subject: [PATCH 1269/1548] Update ssl-opt to remove Opaque key types Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 22377b8d04..5d077d7c48 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2365,8 +2365,8 @@ run_test "TLS 1.3 opaque key: no suitable algorithm found" \ "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,none" \ "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ 1 \ - -c "key type: Opaque" \ - -s "key types: Opaque, Opaque" \ + -c "key type: RSA" \ + -s "key types: RSA, EC" \ -c "error" \ -s "no suitable signature algorithm" @@ -2378,8 +2378,8 @@ run_test "TLS 1.3 opaque key: suitable algorithm found" \ "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ 0 \ - -c "key type: Opaque" \ - -s "key types: Opaque, Opaque" \ + -c "key type: RSA" \ + -s "key types: RSA, EC" \ -C "error" \ -S "error" @@ -2391,7 +2391,7 @@ run_test "TLS 1.3 opaque key: first client sig alg not suitable" \ "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pss-sha512,none" \ "$P_CLI debug_level=4 sig_algs=rsa_pss_rsae_sha256,rsa_pss_rsae_sha512" \ 0 \ - -s "key types: Opaque, Opaque" \ + -s "key types: RSA, EC" \ -s "CertificateVerify signature failed with rsa_pss_rsae_sha256" \ -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ -C "error" \ @@ -2405,8 +2405,8 @@ run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \ "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \ 0 \ - -c "key type: Opaque" \ - -s "key types: Opaque, Opaque" \ + -c "key type: RSA" \ + -s "key types: RSA, EC" \ -C "error" \ -S "error" \ From 98e958c91e97a5dde7796052b64ab3abbb9e4197 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 22 Dec 2025 15:31:22 +0000 Subject: [PATCH 1270/1548] Update ssl-opt tests as wrapped keys now expose the underlying type Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5d077d7c48..d183ad1a4f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2266,7 +2266,7 @@ run_test "Opaque key for client authentication: ECDHE-ECDSA" \ "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ 0 \ - -c "key type: Opaque" \ + -c "key type: RSA" \ -c "Ciphersuite is TLS-ECDHE-ECDSA" \ -s "Verifying peer X.509 certificate... ok" \ -s "Ciphersuite is TLS-ECDHE-ECDSA" \ @@ -2284,7 +2284,7 @@ run_test "Opaque key for client authentication: ECDHE-RSA" \ "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 0 \ - -c "key type: Opaque" \ + -c "key type: RSA" \ -c "Ciphersuite is TLS-ECDHE-RSA" \ -s "Verifying peer X.509 certificate... ok" \ -s "Ciphersuite is TLS-ECDHE-RSA" \ @@ -2302,7 +2302,7 @@ run_test "Opaque key for server authentication: ECDHE-ECDSA" \ 0 \ -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-ECDSA" \ - -s "key types: Opaque, none" \ + -s "key types: EC, none" \ -s "Ciphersuite is TLS-ECDHE-ECDSA" \ -S "error" \ -C "error" @@ -2315,7 +2315,7 @@ run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with debug_level=1" \ "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ 1 \ - -s "key types: Opaque, none" \ + -s "key types: EC, none" \ -s "got ciphersuites in common, but none of them usable" \ -s "error" \ -c "error" @@ -2334,7 +2334,7 @@ run_test "Opaque keys for server authentication: EC keys with different algs, -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-ECDSA" \ -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ + -s "key types: EC, EC" \ -s "Ciphersuite is TLS-ECDHE-ECDSA" \ -S "error" \ -C "error" @@ -2352,7 +2352,7 @@ run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-ECDSA" \ -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ + -s "key types: EC, RSA" \ -s "Ciphersuite is TLS-ECDHE-ECDSA" \ -S "error" \ -C "error" @@ -2422,7 +2422,7 @@ run_test "Opaque key for server authentication: ECDHE-RSA" \ 0 \ -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-RSA" \ - -s "key types: Opaque, none" \ + -s "key types: RSA, none" \ -s "Ciphersuite is TLS-ECDHE-RSA" \ -S "error" \ -C "error" @@ -2437,7 +2437,7 @@ run_test "Opaque key for server authentication: ECDHE-RSA, PSS instead of PKC "$P_CLI crt_file=$DATA_FILES_PATH/server2-sha256.crt \ key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \ 1 \ - -s "key types: Opaque, none" \ + -s "key types: RSA, none" \ -s "got ciphersuites in common, but none of them usable" \ -s "error" \ -c "error" @@ -2457,7 +2457,7 @@ run_test "Opaque keys for server authentication: RSA keys with different algs -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-RSA" \ -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ + -s "key types: RSA, RSA" \ -s "Ciphersuite is TLS-ECDHE-RSA" \ -S "error" \ -C "error" @@ -2477,7 +2477,7 @@ run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-RSA" \ -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-RSA" \ -c "CN=Polarssl Test EC CA" \ - -s "key types: Opaque, Opaque" \ + -s "key types: EC, RSA" \ -s "Ciphersuite is TLS-ECDHE-RSA" \ -S "error" \ -C "error" @@ -2495,7 +2495,7 @@ run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \ -c "key type: Opaque" \ -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-ECDSA" \ - -s "key types: Opaque, none" \ + -s "key types: EC, none" \ -s "Verifying peer X.509 certificate... ok" \ -s "Ciphersuite is TLS-ECDHE-ECDSA" \ -S "error" \ @@ -2512,10 +2512,10 @@ run_test "Opaque key for client/server authentication: ECDHE-RSA" \ "$P_CLI force_version=tls12 key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 0 \ - -c "key type: Opaque" \ + -c "key type: EC" \ -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-RSA" \ - -s "key types: Opaque, none" \ + -s "key types: RSA, none" \ -s "Verifying peer X.509 certificate... ok" \ -s "Ciphersuite is TLS-ECDHE-RSA" \ -S "error" \ From f77d7491270797919ba3aa7d265222c3a4f7df8d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 23 Dec 2025 08:25:21 +0000 Subject: [PATCH 1271/1548] Further updates to ssl-opt tests as wrapped keys now expose the underlying type Signed-off-by: Ben Taylor --- tests/ssl-opt.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d183ad1a4f..ab727e6a48 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2266,7 +2266,7 @@ run_test "Opaque key for client authentication: ECDHE-ECDSA" \ "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ 0 \ - -c "key type: RSA" \ + -c "key type: EC" \ -c "Ciphersuite is TLS-ECDHE-ECDSA" \ -s "Verifying peer X.509 certificate... ok" \ -s "Ciphersuite is TLS-ECDHE-ECDSA" \ @@ -2492,7 +2492,7 @@ run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \ "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \ key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \ 0 \ - -c "key type: Opaque" \ + -c "key type: EC" \ -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-ECDSA" \ -s "key types: EC, none" \ @@ -2512,7 +2512,7 @@ run_test "Opaque key for client/server authentication: ECDHE-RSA" \ "$P_CLI force_version=tls12 key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \ key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 0 \ - -c "key type: EC" \ + -c "key type: RSA" \ -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-ECDHE-RSA" \ -s "key types: RSA, none" \ From 085aef59ca1201416e04df71d93ef12dc96f910b Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 2 Jan 2026 09:34:36 +0000 Subject: [PATCH 1272/1548] Change function name from mbedtls_pk_key_type_to_string to mbedtls_x509_pk_type_as_string Signed-off-by: Ben Taylor --- include/mbedtls/x509.h | 4 ++-- library/x509.c | 2 +- library/x509_crt.c | 2 +- library/x509_csr.c | 2 +- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 4 ++-- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index fca706f13b..fb0c314668 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -321,9 +321,9 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn); * * \param[in] pk A mbedtls_pk_context struct containing the pk_key_type to convert - * \return A pointer to a string containing the pk_key_type. + * \return Returns a string describing the key type. */ -const char *mbedtls_pk_key_type_to_string(const mbedtls_pk_context *pk); +const char *mbedtls_x509_pk_type_as_string(const mbedtls_pk_context *pk); /** * \brief Convert the certificate DN string \p name into diff --git a/library/x509.c b/library/x509.c index 6ec1bb13df..67a6baa4c8 100644 --- a/library/x509.c +++ b/library/x509.c @@ -125,7 +125,7 @@ int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, /* * Convert pk_key_type to a string */ -const char *mbedtls_pk_key_type_to_string(const mbedtls_pk_context *pk) +const char *mbedtls_x509_pk_type_as_string(const mbedtls_pk_context *pk) { psa_key_type_t key_type; diff --git a/library/x509_crt.c b/library/x509_crt.c index 48ebb12bab..59c3204467 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1806,7 +1806,7 @@ int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, /* Key size */ if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, - mbedtls_pk_key_type_to_string(&crt->pk))) != 0) { + mbedtls_x509_pk_type_as_string(&crt->pk))) != 0) { return ret; } diff --git a/library/x509_csr.c b/library/x509_csr.c index 94b22372ed..3e8e407b26 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -551,7 +551,7 @@ int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, MBEDTLS_X509_SAFE_SNPRINTF; if ((ret = mbedtls_x509_key_size_helper(key_size_str, MBEDTLS_BEFORE_COLON, - mbedtls_pk_key_type_to_string(&csr->pk))) != 0) { + mbedtls_x509_pk_type_as_string(&csr->pk))) != 0) { return ret; } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index b2db36f676..a7ef41aa15 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1770,7 +1770,7 @@ int main(int argc, char *argv[]) mbedtls_printf(" ok (key type: %s)\n", strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ? - mbedtls_pk_key_type_to_string(&pkey) : "none"); + mbedtls_x509_pk_type_as_string(&pkey) : "none"); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ /* diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a44c38c436..805b4ef1c8 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2723,8 +2723,8 @@ int main(int argc, char *argv[]) } mbedtls_printf(" ok (key types: %s, %s)\n", - key_cert_init ? mbedtls_pk_key_type_to_string(&pkey) : "none", - key_cert_init2 ? mbedtls_pk_key_type_to_string(&pkey2) : "none"); + key_cert_init ? mbedtls_x509_pk_type_as_string(&pkey) : "none", + key_cert_init2 ? mbedtls_x509_pk_type_as_string(&pkey2) : "none"); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(SNI_OPTION) From c23592d7ee51b0ae385200cbdfde7e15aba045d0 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 5 Jan 2026 13:48:10 +0000 Subject: [PATCH 1273/1548] Add improvements to code comments and docs Signed-off-by: Ben Taylor --- include/mbedtls/x509.h | 2 +- library/x509.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index fb0c314668..130c427c4f 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -317,7 +317,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn); /** - * \brief Convert the pk_key_type to a string. + * \brief Return the key's type as a string. * * \param[in] pk A mbedtls_pk_context struct containing the pk_key_type to convert diff --git a/library/x509.c b/library/x509.c index 67a6baa4c8..d7bc5d2dfb 100644 --- a/library/x509.c +++ b/library/x509.c @@ -123,7 +123,7 @@ int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, } /* - * Convert pk_key_type to a string + * Convert the key type to a string */ const char *mbedtls_x509_pk_type_as_string(const mbedtls_pk_context *pk) { From 095fe073c35cadd9b287847268a1ce6ad6478c3f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 12 Jan 2026 08:10:45 +0000 Subject: [PATCH 1274/1548] Update tf-psa-crypto and framework modules to resolve merge conflict and config_macros import error Signed-off-by: Ben Taylor --- framework | 2 +- tf-psa-crypto | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/framework b/framework index 77f707a557..ee399cc257 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 77f707a5576c5bdd1ff9463c7b25d2488497f57e +Subproject commit ee399cc257e84c2c5328d866335053d05b3b169c diff --git a/tf-psa-crypto b/tf-psa-crypto index 2025c77606..f7ad6b6931 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 2025c776064a418406cb83d66fff06624d0e3734 +Subproject commit f7ad6b6931e179c2e40b3d04f3e6d207a7e3c36e From c58c20d4faa35b7c4edd78820831c27947f082f8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 12 Jan 2026 13:29:14 +0100 Subject: [PATCH 1275/1548] tests: scripts: fix grep paths in test_tfm_config_p256m_driver_accel_ec Paths for "not grep" should have been updated when the build system switched from Makefile to CMake. Signed-off-by: Valerio Setti --- tests/scripts/components-configuration-crypto.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 2501a1dcfc..b17507a9ea 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1300,19 +1300,19 @@ component_test_tfm_config_p256m_driver_accel_ec () { make # Make sure any built-in EC alg was not re-enabled by accident (additive config) - not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_psa_key_agreement_ecdh ${BUILTIN_SRC_PATH}/psa_crypto_ecp.o - not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o + not grep mbedtls_ecdsa_ ${CMAKE_BUILTIN_BUILD_DIR}/ecdsa.c.o + not grep mbedtls_psa_key_agreement_ecdh ${CMAKE_BUILTIN_BUILD_DIR}/psa_crypto_ecp.c.o + not grep mbedtls_ecjpake_ ${CMAKE_BUILTIN_BUILD_DIR}/ecjpake.c.o # Also ensure that ECP, RSA or BIGNUM modules were not re-enabled - not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o - not grep mbedtls_rsa_ ${BUILTIN_SRC_PATH}/rsa.o - not grep mbedtls_mpi_ ${BUILTIN_SRC_PATH}/bignum.o + not grep mbedtls_ecp_ ${CMAKE_BUILTIN_BUILD_DIR}/ecp.c.o + not grep mbedtls_rsa_ ${CMAKE_BUILTIN_BUILD_DIR}/rsa.c.o + not grep mbedtls_mpi_ ${CMAKE_BUILTIN_BUILD_DIR}/bignum.c.o # Check that p256m was built grep -q p256_ecdsa_ library/libmbedcrypto.a # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration # files, so we want to ensure that it has not be re-enabled accidentally. - not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o + not grep mbedtls_cipher ${CMAKE_BUILTIN_BUILD_DIR}/cipher.c.o # Run the tests msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA" From d1307a1d40aa18e324f6f7eeafdd2eada1184d7a Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 1 Dec 2025 11:14:17 +0000 Subject: [PATCH 1276/1548] components-configuration-crypto: Migrated simple ASAN components. Migrate all straightfoward components from using $ASAN_CFLAGS to CMAKE_BUILD_TYPE:String=Asan Signed-off-by: Minos Galanakis --- .../components-configuration-crypto.sh | 23 +++++++++++-------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index b17507a9ea..7c0bee9d5a 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -49,7 +49,9 @@ component_test_crypto_with_static_key_slots() { scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC msg "test: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" - $MAKE_COMMAND CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . + cmake --build . + ctest } # check_renamed_symbols HEADER LIB @@ -238,7 +240,7 @@ component_test_psa_external_rng_no_drbg_use_psa () { scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Requires HMAC_DRBG CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make + cmake --build . msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" make test @@ -256,7 +258,7 @@ component_test_psa_external_rng_use_psa_crypto () { scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make + cmake --build . msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" make test @@ -273,7 +275,7 @@ component_full_no_pkparse_pkwrite () { scripts/config.py unset MBEDTLS_PK_WRITE_C CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make + cmake --build . # Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config). not grep mbedtls_pk_parse_key ${CMAKE_BUILTIN_BUILD_DIR}/pkparse.c.o @@ -466,7 +468,7 @@ component_test_everest_curve25519_only () { scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make + cmake --build . msg "test: Everest ECDH context, only Curve25519" # ~ 50s make test @@ -565,10 +567,11 @@ component_test_psa_crypto_config_ffdh_2048_only () { scripts/config.py unset PSA_WANT_DH_RFC7919_6144 scripts/config.py unset PSA_WANT_DH_RFC7919_8192 - $MAKE_COMMAND CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS" + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . + cmake --build . msg "test: full config - only DH 2048" - $MAKE_COMMAND test + make test msg "ssl-opt: full config - only DH 2048" tests/ssl-opt.sh -f "ffdh" @@ -1365,7 +1368,7 @@ build_and_test_psa_want_key_pair_partial () { scripts/config.py unset "$disabled_psa_want" CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make + cmake --build . msg "test: $base_config - ${disabled_psa_want}" make test @@ -1895,7 +1898,7 @@ component_test_aead_chachapoly_disabled () { scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305 CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make + cmake --build . msg "test: full minus CHACHAPOLY" make test @@ -1908,7 +1911,7 @@ component_test_aead_only_ccm () { scripts/config.py unset PSA_WANT_ALG_GCM CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make + cmake --build . msg "test: full minus CHACHAPOLY and GCM" make test From 3baeee8647cacc821640b633178acd527d99c231 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 1 Dec 2025 11:18:17 +0000 Subject: [PATCH 1277/1548] components-configuration-crypto: Migrated test_full_static_keystore to cmake Optimization for size (-Os) is required. Signed-off-by: Minos Galanakis --- tests/scripts/components-configuration-crypto.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 7c0bee9d5a..1ceeb67a15 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2343,10 +2343,10 @@ component_test_full_static_keystore () { msg "build: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC" scripts/config.py full scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC - $MAKE_COMMAND CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" - + CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" cmake -D CMAKE_BUILD_TYPE:String=None . + cmake --build . msg "test: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC" - $MAKE_COMMAND test + make test } component_test_psa_crypto_drivers () { From 279c016d87f13b2bf703dd700ff010947db6f9e6 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 1 Dec 2025 11:25:16 +0000 Subject: [PATCH 1278/1548] components-configuration-crypto: Migrated test_tfm_config_p256m_driver_accel_ec to cmake Compilation flags, and spe include directories have been adjusted Signed-off-by: Minos Galanakis --- tests/scripts/components-configuration-crypto.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 1ceeb67a15..95862ff045 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1299,8 +1299,8 @@ component_test_tfm_config_p256m_driver_accel_ec () { common_tfm_config # Build crypto library - CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../framework/tests/include/spe" cmake -D CMAKE_BUILD_TYPE:String=Asan . - make + CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I$PWD/framework/tests/include/spe" cmake -D CMAKE_BUILD_TYPE:String=Asan . + cmake --build . # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ ${CMAKE_BUILTIN_BUILD_DIR}/ecdsa.c.o From 6db68f929bae044814d281ad45bfafcd67243f6f Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 1 Dec 2025 11:33:31 +0000 Subject: [PATCH 1279/1548] components-configuration-crypto: Migrated straightforwad Release components to cmake - By default all unspecified build-type components should be release - CMAKE_BUILD_TYPE:String=Release enables the following CFLAGS: "-O2 -Werror -Wall -Wextra" Signed-off-by: Minos Galanakis --- .../components-configuration-crypto.sh | 106 +++++++++++------- 1 file changed, 63 insertions(+), 43 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 95862ff045..4a77fede2d 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -141,10 +141,11 @@ component_test_psa_crypto_without_heap() { component_test_no_rsa_key_pair_generation () { msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE - $MAKE_COMMAND + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . msg "test: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" - $MAKE_COMMAND test + make test } component_test_no_pem_no_fs () { @@ -357,13 +358,13 @@ component_test_full_no_cipher () { # The following modules directly depends on CIPHER_C scripts/config.py unset MBEDTLS_NIST_KW_C - $MAKE_COMMAND - + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . # Ensure that CIPHER_C was not re-enabled not grep mbedtls_cipher_init ${BUILTIN_SRC_PATH}/cipher.o msg "test: full no CIPHER" - $MAKE_COMMAND test + make test } component_test_full_no_ccm () { @@ -382,10 +383,11 @@ component_test_full_no_ccm () { # PSA_WANT_ALG_CCM to be re-enabled. scripts/config.py unset PSA_WANT_ALG_CCM - $MAKE_COMMAND + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . msg "test: full no PSA_WANT_ALG_CCM" - $MAKE_COMMAND test + make test } component_test_full_no_ccm_star_no_tag () { @@ -413,13 +415,14 @@ component_test_full_no_ccm_star_no_tag () { scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 - $MAKE_COMMAND + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . # Ensure MBEDTLS_PSA_BUILTIN_CIPHER was not enabled not grep mbedtls_psa_cipher ${PSA_CORE_PATH}/psa_crypto_cipher.o msg "test: full no PSA_WANT_ALG_CCM_STAR_NO_TAG" - $MAKE_COMMAND test + make test } component_test_config_symmetric_only () { @@ -976,10 +979,11 @@ component_test_psa_crypto_config_reference_ecc_ecp_light_only () { config_psa_crypto_config_ecp_light_only 0 - $MAKE_COMMAND + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . msg "test suites: full with non-accelerated EC algs" - $MAKE_COMMAND test + make test msg "ssl-opt: full with non-accelerated EC algs" tests/ssl-opt.sh @@ -1074,10 +1078,11 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { config_psa_crypto_no_ecp_at_all 0 - $MAKE_COMMAND + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . msg "test: full + non accelerated EC algs" - $MAKE_COMMAND test + make test msg "ssl-opt: full + non accelerated EC algs" tests/ssl-opt.sh @@ -1240,10 +1245,11 @@ common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$test_target" - $MAKE_COMMAND + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . msg "test suites: full + non accelerated EC algs + USE_PSA" - $MAKE_COMMAND test + make test msg "ssl-opt: full + non accelerated $accel_text algs + USE_PSA" tests/ssl-opt.sh @@ -1445,12 +1451,13 @@ component_test_psa_crypto_config_reference_rsa_crypto () { # Build # ----- - $MAKE_COMMAND + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . # Run the tests # ------------- msg "test: crypto_full with non-accelerated RSA" - $MAKE_COMMAND test + make test } # This is a temporary test to verify that full RSA support is present even when @@ -1480,10 +1487,11 @@ component_test_new_psa_want_key_pair_symbol () { scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE - $MAKE_COMMAND + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . msg "Test: crypto config - PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" - $MAKE_COMMAND test + make test # Parse only 1 relevant line from the outcome file, i.e. a test which is # performing RSA signature. @@ -1599,10 +1607,11 @@ component_test_psa_crypto_config_reference_hash_use_psa () { config_psa_crypto_hash_use_psa 0 - $MAKE_COMMAND + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . msg "test: full without accelerated hashes" - $MAKE_COMMAND test + make test msg "test: ssl-opt.sh, full without accelerated hashes" tests/ssl-opt.sh @@ -1668,10 +1677,11 @@ component_test_psa_crypto_config_reference_hmac () { config_psa_crypto_hmac_use_psa 0 - $MAKE_COMMAND + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . msg "test: full without accelerated hmac" - $MAKE_COMMAND test + make test } component_test_psa_crypto_config_accel_aead () { @@ -1772,10 +1782,11 @@ component_test_psa_crypto_config_reference_cipher_aead_cmac () { msg "build: full config with non-accelerated cipher inc. AEAD and CMAC" common_psa_crypto_config_accel_cipher_aead_cmac - $MAKE_COMMAND + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . msg "test: full config with non-accelerated cipher inc. AEAD and CMAC" - $MAKE_COMMAND test + make test msg "ssl-opt: full config with non-accelerated cipher inc. AEAD and CMAC" # Exclude password-protected key tests as in test_psa_crypto_config_accel_cipher_aead_cmac. @@ -1886,10 +1897,11 @@ component_test_full_block_cipher_legacy_dispatch () { common_block_cipher_dispatch 0 - $MAKE_COMMAND + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . msg "test: full + legacy dispatch in block_cipher" - $MAKE_COMMAND test + make test } component_test_aead_chachapoly_disabled () { @@ -1924,9 +1936,10 @@ component_test_ccm_aes_sha256 () { echo '#define MBEDTLS_CONFIG_H ' >"$CONFIG_H" cp tf-psa-crypto/configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H" - $MAKE_COMMAND + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . msg "test: CCM + AES + SHA256 configuration" - $MAKE_COMMAND test + make test } # Test that the given .o file builds with all (valid) combinations of the given options. @@ -2083,10 +2096,11 @@ component_test_aes_only_128_bit_keys () { scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 - $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH" - $MAKE_COMMAND test + make test } component_test_no_ctr_drbg_aes_only_128_bit_keys () { @@ -2095,10 +2109,11 @@ component_test_no_ctr_drbg_aes_only_128_bit_keys () { scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 scripts/config.py unset MBEDTLS_CTR_DRBG_C - $MAKE_COMMAND CC=clang CFLAGS='-Werror -Wall -Wextra' + CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C" - $MAKE_COMMAND test + make test } component_test_aes_only_128_bit_keys_have_builtins () { @@ -2108,10 +2123,11 @@ component_test_aes_only_128_bit_keys_have_builtins () { scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AESCE_C - $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" - $MAKE_COMMAND test + make test msg "selftest: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" programs/test/selftest @@ -2123,38 +2139,42 @@ component_test_gcm_largetable () { scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AESCE_C - $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . msg "test: default config - GCM_LARGE_TABLE - AESNI_C - AESCE_C" - $MAKE_COMMAND test + make test } component_test_aes_fewer_tables () { msg "build: default config with AES_FEWER_TABLES enabled" scripts/config.py set MBEDTLS_AES_FEWER_TABLES - $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . msg "test: AES_FEWER_TABLES" - $MAKE_COMMAND test + make test } component_test_aes_rom_tables () { msg "build: default config with AES_ROM_TABLES enabled" scripts/config.py set MBEDTLS_AES_ROM_TABLES - $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . msg "test: AES_ROM_TABLES" - $MAKE_COMMAND test + make test } component_test_aes_fewer_tables_and_rom_tables () { msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" scripts/config.py set MBEDTLS_AES_FEWER_TABLES scripts/config.py set MBEDTLS_AES_ROM_TABLES - $MAKE_COMMAND CFLAGS='-O2 -Werror -Wall -Wextra' + cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" - $MAKE_COMMAND test + make test } # helper for component_test_block_cipher_no_decrypt_aesni() which: From 5e995918703ba53215430ebb8bc4addef111d027 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 1 Dec 2025 11:42:17 +0000 Subject: [PATCH 1280/1548] components-configuration-crypto: Migrated include dir dependant Release components to cmake Moved the following components to CMAKE_BUILD_TYPE:String=Release and adjusted the include paths for cmake: * component_build_psa_crypto_spm * component_test_tfm_config_no_p256m Signed-off-by: Minos Galanakis --- tests/scripts/components-configuration-crypto.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 4a77fede2d..7e5f453774 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -71,7 +71,8 @@ component_build_psa_crypto_spm () { # We can only compile, not link, since our test and sample programs # aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM # is active. - $MAKE_COMMAND CC=gcc CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' lib + CFLAGS="-I$PWD/framework/tests/include/spe" cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . --target lib # Check that if a symbol is renamed by crypto_spe.h, the non-renamed # version is not present. @@ -1339,8 +1340,8 @@ component_test_tfm_config_no_p256m () { scripts/config.py -f "$CRYPTO_CONFIG_H" unset MBEDTLS_PSA_P256M_DRIVER_ENABLED msg "build: TF-M config without p256m" - $MAKE_COMMAND CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests - + CFLAGS="-I$PWD/framework/tests/include/spe" cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . # Check that p256m was not built not grep p256_ecdsa_ library/libmbedcrypto.a @@ -1349,7 +1350,7 @@ component_test_tfm_config_no_p256m () { not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o msg "test: TF-M config without p256m" - $MAKE_COMMAND test + make test } # This is an helper used by: From 1fcca1f255e28149b44aa958902889d8018e1f5e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 1 Dec 2025 11:46:54 +0000 Subject: [PATCH 1281/1548] component-configuration-crypto: Migrated component_test_crypto_full_md_light_only to cmake Use compilation directory for object discovery in out-of-source CMake builds. Signed-off-by: Minos Galanakis --- tests/scripts/components-configuration-crypto.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 7e5f453774..7b87139994 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -323,17 +323,23 @@ component_test_crypto_full_md_light_only () { # Disable things that would auto-enable MD_C scripts/config.py unset MBEDTLS_PKCS5_C + # Note: Creating a directory, ensures cmake will not use a random name to + # place the compilation object files. + mkdir mdtest && cd mdtest + MD_OBJECT_PATH="tf-psa-crypto/drivers/builtin/CMakeFiles/builtin.dir/src" + # Note: MD-light is auto-enabled in build_info.h by modules that need it, # which we haven't disabled, so no need to explicitly enable it. - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . - make + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan ../ + cmake --build . # Make sure we don't have the HMAC functions, but the hashing functions - not grep mbedtls_md_hmac ${CMAKE_BUILTIN_BUILD_DIR}/md.c.o - grep mbedtls_md ${CMAKE_BUILTIN_BUILD_DIR}/md.c.o + not grep mbedtls_md_hmac ${MD_OBJECT_PATH}/md.c.o + grep mbedtls_md ${MD_OBJECT_PATH}/md.c.o msg "test: crypto_full with only the light subset of MD" make test + cd .. && rm -r mdtest } component_test_full_no_cipher () { From 486b6c82525aa1e363bdd056ff224f9469d37e68 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 1 Dec 2025 11:56:31 +0000 Subject: [PATCH 1282/1548] components-configuration-crypto: Migrated components with custom LDFLAGS to cmake Certain testing components require building with a specific subset of LDFLAGS, such as `-O1`. This patch moves them to the default cmake invokation of `cmake .` which is the equivalent of `cmake -D CMAKE_BUILD_TYPE:String=None .` Also remove flags such as `-Werror` which are present in all configs. Improve compilation flag granularity by disabling CMAKE_BUILD_TYPE defaults and asserting test-specific flags manually. Signed-off-by: Minos Galanakis --- tests/scripts/components-configuration-crypto.sh | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 7b87139994..0a10058430 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -525,14 +525,18 @@ component_test_crypto_for_psa_service () { scripts/config.py unset MBEDTLS_PK_C scripts/config.py unset MBEDTLS_PK_PARSE_C scripts/config.py unset MBEDTLS_PK_WRITE_C - $MAKE_COMMAND CFLAGS='-O1 -Werror' all test + CFLAGS="-O1" cmake . + cmake --build . + make test are_empty_libraries library/libmbedx509.* library/libmbedtls.* } component_build_crypto_baremetal () { msg "build: make, crypto only, baremetal config" scripts/config.py crypto_baremetal - $MAKE_COMMAND CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/" + CFLAGS="-O1 -I$PWD/framework/tests/include/baremetal-override/" cmake . + cmake --build . + make test are_empty_libraries library/libmbedx509.* library/libmbedtls.* } @@ -2220,7 +2224,8 @@ helper_block_cipher_no_decrypt_build_test () { msg "build: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" $MAKE_COMMAND clean - $MAKE_COMMAND CFLAGS="-O2 $cflags" LDFLAGS="$ldflags" + CFLAGS="-O2 $cflags" LDFLAGS="$ldflags" cmake . + cmake --build . # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec ${BUILTIN_SRC_PATH}/aes.o @@ -2370,7 +2375,7 @@ component_test_full_static_keystore () { msg "build: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC" scripts/config.py full scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC - CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" cmake -D CMAKE_BUILD_TYPE:String=None . + CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" cmake . cmake --build . msg "test: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC" make test From 8cdccdecd2e471367bfcd047cbb404c421f7f834 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 1 Dec 2025 12:14:59 +0000 Subject: [PATCH 1283/1548] component-configuration-crypto: Migrated build_psa_alt_headers The original make -C tests, contains a perl inliner to generate the alt-headers. Replicated that logic in sed regex. Signed-off-by: Minos Galanakis --- tests/scripts/components-configuration-crypto.sh | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 0a10058430..d8f6a9f3a6 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2427,15 +2427,21 @@ component_build_psa_config_file () { component_build_psa_alt_headers () { msg "build: make with PSA alt headers" # ~20s + PSA_ALT_HDRS="$PWD/framework/tests/include/alt-extra" # Generate alternative versions of the substitutable headers with the # same content except different include guards. - make -C tests ../framework/tests/include/alt-extra/psa/crypto_platform_alt.h ../framework/tests/include/alt-extra/psa/crypto_struct_alt.h + sed -E 's/^(# *(define|ifndef) +[A-Za-z0-9_]+)_H\b/\1_ALT_H/' \ + tf-psa-crypto/include/psa/crypto_platform.h \ + > $PSA_ALT_HDRS/psa/crypto_platform_alt.h + + sed -E 's/^(# *(define|ifndef) +[A-Za-z0-9_]+)_H\b/\1_ALT_H/' \ + tf-psa-crypto/include/psa/crypto_struct.h \ + > $PSA_ALT_HDRS/psa/crypto_struct_alt.h # Build the library and some programs. - # Don't build the fuzzers to avoid having to go through hoops to set - # a correct include path for programs/fuzz/Makefile. - $MAKE_COMMAND CFLAGS="-I ../framework/tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib - make -C programs -o fuzz CFLAGS="-I ../framework/tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" + CFLAGS="-I$PSA_ALT_HDRS -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" cmake -D CMAKE_BUILD_TYPE:String=Release . + cmake --build . --target lib + cmake --build . --target programs # Check that we're getting the alternative include guards and not the # original include guards. From 69545a87af818b7e602d003f95ade2cde8e6af49 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 2 Dec 2025 11:42:40 +0000 Subject: [PATCH 1284/1548] component-configuration-crypto: Added consistent cmake commands. Update the previously modified component to use consistent syntax: * make -> cmake --build . * make test -> ctest Signed-off-by: Minos Galanakis --- .../components-configuration-crypto.sh | 72 +++++++++---------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index d8f6a9f3a6..67e2949eb7 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -146,7 +146,7 @@ component_test_no_rsa_key_pair_generation () { cmake --build . msg "test: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" - make test + ctest } component_test_no_pem_no_fs () { @@ -245,7 +245,7 @@ component_test_psa_external_rng_no_drbg_use_psa () { cmake --build . msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" - make test + ctest msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)" tests/ssl-opt.sh -f 'Default\|opaque' @@ -263,7 +263,7 @@ component_test_psa_external_rng_use_psa_crypto () { cmake --build . msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" - make test + ctest msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" tests/ssl-opt.sh -f 'Default\|opaque' @@ -284,7 +284,7 @@ component_full_no_pkparse_pkwrite () { not grep mbedtls_pk_write_key_der ${CMAKE_BUILTIN_BUILD_DIR}/pkwrite.c.o msg "test: full without pkparse and pkwrite" - make test + ctest } component_full_no_pkwrite () { @@ -338,7 +338,7 @@ component_test_crypto_full_md_light_only () { grep mbedtls_md ${MD_OBJECT_PATH}/md.c.o msg "test: crypto_full with only the light subset of MD" - make test + ctest cd .. && rm -r mdtest } @@ -371,7 +371,7 @@ component_test_full_no_cipher () { not grep mbedtls_cipher_init ${BUILTIN_SRC_PATH}/cipher.o msg "test: full no CIPHER" - make test + ctest } component_test_full_no_ccm () { @@ -394,7 +394,7 @@ component_test_full_no_ccm () { cmake --build . msg "test: full no PSA_WANT_ALG_CCM" - make test + ctest } component_test_full_no_ccm_star_no_tag () { @@ -429,7 +429,7 @@ component_test_full_no_ccm_star_no_tag () { not grep mbedtls_psa_cipher ${PSA_CORE_PATH}/psa_crypto_cipher.o msg "test: full no PSA_WANT_ALG_CCM_STAR_NO_TAG" - make test + ctest } component_test_config_symmetric_only () { @@ -481,7 +481,7 @@ component_test_everest_curve25519_only () { cmake --build . msg "test: Everest ECDH context, only Curve25519" # ~ 50s - make test + ctest } component_test_psa_collect_statuses () { @@ -527,7 +527,7 @@ component_test_crypto_for_psa_service () { scripts/config.py unset MBEDTLS_PK_WRITE_C CFLAGS="-O1" cmake . cmake --build . - make test + ctest are_empty_libraries library/libmbedx509.* library/libmbedtls.* } @@ -536,7 +536,7 @@ component_build_crypto_baremetal () { scripts/config.py crypto_baremetal CFLAGS="-O1 -I$PWD/framework/tests/include/baremetal-override/" cmake . cmake --build . - make test + ctest are_empty_libraries library/libmbedx509.* library/libmbedtls.* } @@ -585,7 +585,7 @@ component_test_psa_crypto_config_ffdh_2048_only () { cmake --build . msg "test: full config - only DH 2048" - make test + ctest msg "ssl-opt: full config - only DH 2048" tests/ssl-opt.sh -f "ffdh" @@ -994,7 +994,7 @@ component_test_psa_crypto_config_reference_ecc_ecp_light_only () { cmake --build . msg "test suites: full with non-accelerated EC algs" - make test + ctest msg "ssl-opt: full with non-accelerated EC algs" tests/ssl-opt.sh @@ -1093,7 +1093,7 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { cmake --build . msg "test: full + non accelerated EC algs" - make test + ctest msg "ssl-opt: full + non accelerated EC algs" tests/ssl-opt.sh @@ -1260,7 +1260,7 @@ common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { cmake --build . msg "test suites: full + non accelerated EC algs + USE_PSA" - make test + ctest msg "ssl-opt: full + non accelerated $accel_text algs + USE_PSA" tests/ssl-opt.sh @@ -1336,7 +1336,7 @@ component_test_tfm_config_p256m_driver_accel_ec () { # Run the tests msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA" - make test + ctest } # Keep this in sync with component_test_tfm_config_p256m_driver_accel_ec() as @@ -1360,7 +1360,7 @@ component_test_tfm_config_no_p256m () { not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o msg "test: TF-M config without p256m" - make test + ctest } # This is an helper used by: @@ -1388,7 +1388,7 @@ build_and_test_psa_want_key_pair_partial () { cmake --build . msg "test: $base_config - ${disabled_psa_want}" - make test + ctest } component_test_psa_ecc_key_pair_no_derive () { @@ -1468,7 +1468,7 @@ component_test_psa_crypto_config_reference_rsa_crypto () { # Run the tests # ------------- msg "test: crypto_full with non-accelerated RSA" - make test + ctest } # This is a temporary test to verify that full RSA support is present even when @@ -1502,7 +1502,7 @@ component_test_new_psa_want_key_pair_symbol () { cmake --build . msg "Test: crypto config - PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC" - make test + ctest # Parse only 1 relevant line from the outcome file, i.e. a test which is # performing RSA signature. @@ -1622,7 +1622,7 @@ component_test_psa_crypto_config_reference_hash_use_psa () { cmake --build . msg "test: full without accelerated hashes" - make test + ctest msg "test: ssl-opt.sh, full without accelerated hashes" tests/ssl-opt.sh @@ -1692,7 +1692,7 @@ component_test_psa_crypto_config_reference_hmac () { cmake --build . msg "test: full without accelerated hmac" - make test + ctest } component_test_psa_crypto_config_accel_aead () { @@ -1797,7 +1797,7 @@ component_test_psa_crypto_config_reference_cipher_aead_cmac () { cmake --build . msg "test: full config with non-accelerated cipher inc. AEAD and CMAC" - make test + ctest msg "ssl-opt: full config with non-accelerated cipher inc. AEAD and CMAC" # Exclude password-protected key tests as in test_psa_crypto_config_accel_cipher_aead_cmac. @@ -1912,7 +1912,7 @@ component_test_full_block_cipher_legacy_dispatch () { cmake --build . msg "test: full + legacy dispatch in block_cipher" - make test + ctest } component_test_aead_chachapoly_disabled () { @@ -1924,7 +1924,7 @@ component_test_aead_chachapoly_disabled () { cmake --build . msg "test: full minus CHACHAPOLY" - make test + ctest } component_test_aead_only_ccm () { @@ -1937,7 +1937,7 @@ component_test_aead_only_ccm () { cmake --build . msg "test: full minus CHACHAPOLY and GCM" - make test + ctest } component_test_ccm_aes_sha256 () { @@ -1950,7 +1950,7 @@ component_test_ccm_aes_sha256 () { cmake -D CMAKE_BUILD_TYPE:String=Release . cmake --build . msg "test: CCM + AES + SHA256 configuration" - make test + ctest } # Test that the given .o file builds with all (valid) combinations of the given options. @@ -2111,7 +2111,7 @@ component_test_aes_only_128_bit_keys () { cmake --build . msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH" - make test + ctest } component_test_no_ctr_drbg_aes_only_128_bit_keys () { @@ -2124,7 +2124,7 @@ component_test_no_ctr_drbg_aes_only_128_bit_keys () { cmake --build . msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C" - make test + ctest } component_test_aes_only_128_bit_keys_have_builtins () { @@ -2138,7 +2138,7 @@ component_test_aes_only_128_bit_keys_have_builtins () { cmake --build . msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" - make test + ctest msg "selftest: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" programs/test/selftest @@ -2154,7 +2154,7 @@ component_test_gcm_largetable () { cmake --build . msg "test: default config - GCM_LARGE_TABLE - AESNI_C - AESCE_C" - make test + ctest } component_test_aes_fewer_tables () { @@ -2164,7 +2164,7 @@ component_test_aes_fewer_tables () { cmake --build . msg "test: AES_FEWER_TABLES" - make test + ctest } component_test_aes_rom_tables () { @@ -2174,7 +2174,7 @@ component_test_aes_rom_tables () { cmake --build . msg "test: AES_ROM_TABLES" - make test + ctest } component_test_aes_fewer_tables_and_rom_tables () { @@ -2185,7 +2185,7 @@ component_test_aes_fewer_tables_and_rom_tables () { cmake --build . msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" - make test + ctest } # helper for component_test_block_cipher_no_decrypt_aesni() which: @@ -2237,7 +2237,7 @@ helper_block_cipher_no_decrypt_build_test () { not grep mbedtls_aesni_inverse_key ${BUILTIN_SRC_PATH}/aesni.o msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" - $MAKE_COMMAND test + ctest msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" programs/test/selftest @@ -2378,7 +2378,7 @@ component_test_full_static_keystore () { CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" cmake . cmake --build . msg "test: full config - MBEDTLS_PSA_KEY_STORE_DYNAMIC" - make test + ctest } component_test_psa_crypto_drivers () { From 67a9123b23f5399f88e58e75341794a217dfbed2 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 15 Dec 2025 14:38:01 +0000 Subject: [PATCH 1285/1548] component-configuration-crypto: Changed location of psa-alt-header build_psa_alt_headers will now generate the headers at ./tests/include/alt-dummy instead of ./framework/tests/include/alt-extra. Signed-off-by: Minos Galanakis --- tests/scripts/components-configuration-crypto.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 67e2949eb7..e742d810c6 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2427,16 +2427,17 @@ component_build_psa_config_file () { component_build_psa_alt_headers () { msg "build: make with PSA alt headers" # ~20s - PSA_ALT_HDRS="$PWD/framework/tests/include/alt-extra" + PSA_ALT_HDRS="$PWD/tests/include/alt-dummy" + mkdir -p "$PSA_ALT_HDRS/psa" # Generate alternative versions of the substitutable headers with the # same content except different include guards. sed -E 's/^(# *(define|ifndef) +[A-Za-z0-9_]+)_H\b/\1_ALT_H/' \ tf-psa-crypto/include/psa/crypto_platform.h \ - > $PSA_ALT_HDRS/psa/crypto_platform_alt.h + > "$PSA_ALT_HDRS/psa/crypto_platform_alt.h" sed -E 's/^(# *(define|ifndef) +[A-Za-z0-9_]+)_H\b/\1_ALT_H/' \ tf-psa-crypto/include/psa/crypto_struct.h \ - > $PSA_ALT_HDRS/psa/crypto_struct_alt.h + > "$PSA_ALT_HDRS/psa/crypto_struct_alt.h" # Build the library and some programs. CFLAGS="-I$PSA_ALT_HDRS -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" cmake -D CMAKE_BUILD_TYPE:String=Release . @@ -2449,6 +2450,9 @@ component_build_psa_alt_headers () { programs/test/query_included_headers | grep -x PSA_CRYPTO_STRUCT_ALT_H programs/test/query_included_headers | not grep -x PSA_CRYPTO_PLATFORM_H programs/test/query_included_headers | not grep -x PSA_CRYPTO_STRUCT_H + + # Explicitly clean up generated alt headers + rm -f "$PSA_ALT_HDRS/psa/crypto_platform_alt.h" "$PSA_ALT_HDRS/psa/crypto_struct_alt.h" } component_test_min_mpi_window_size () { From 0c297de53c29bae1ca853f5a3c709a3531ac71be Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 12 Jan 2026 12:10:06 +0000 Subject: [PATCH 1286/1548] component-configuration-crypto: Changed cleanup order. Adjusted helper_block_cipher_no_decrypt_build_test to cleanup the directory after all the tests have been executed. Signed-off-by: Minos Galanakis --- tests/scripts/components-configuration-crypto.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index e742d810c6..6d165a2bd6 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2223,7 +2223,6 @@ helper_block_cipher_no_decrypt_build_test () { [ -n "$unset_opts" ] && echo "Disabling: $unset_opts" && scripts/config.py unset-all $unset_opts msg "build: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" - $MAKE_COMMAND clean CFLAGS="-O2 $cflags" LDFLAGS="$ldflags" cmake . cmake --build . @@ -2241,6 +2240,7 @@ helper_block_cipher_no_decrypt_build_test () { msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" programs/test/selftest + cmake --build . --target clean } # This is a configuration function used in component_test_block_cipher_no_decrypt_xxx: From 2ad6e5ba6c7e341aa0ca0d5cb4a8be44a074cee1 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 12 Jan 2026 12:18:22 +0000 Subject: [PATCH 1287/1548] component-configuration-crypto: Adjusted test_crypto_full_md_light_only Adjusted component to utilise the CMAKE_BUILTIN_BUILD_DIR Signed-off-by: Minos Galanakis --- tests/scripts/components-configuration-crypto.sh | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 6d165a2bd6..19409e5c29 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -323,23 +323,17 @@ component_test_crypto_full_md_light_only () { # Disable things that would auto-enable MD_C scripts/config.py unset MBEDTLS_PKCS5_C - # Note: Creating a directory, ensures cmake will not use a random name to - # place the compilation object files. - mkdir mdtest && cd mdtest - MD_OBJECT_PATH="tf-psa-crypto/drivers/builtin/CMakeFiles/builtin.dir/src" - # Note: MD-light is auto-enabled in build_info.h by modules that need it, # which we haven't disabled, so no need to explicitly enable it. - CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan ../ + CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . cmake --build . # Make sure we don't have the HMAC functions, but the hashing functions - not grep mbedtls_md_hmac ${MD_OBJECT_PATH}/md.c.o - grep mbedtls_md ${MD_OBJECT_PATH}/md.c.o + not grep mbedtls_md_hmac ${CMAKE_BUILTIN_BUILD_DIR}/md.c.o + grep mbedtls_md ${CMAKE_BUILTIN_BUILD_DIR}/md.c.o msg "test: crypto_full with only the light subset of MD" ctest - cd .. && rm -r mdtest } component_test_full_no_cipher () { From 21fa4896b1a6aec83efa2a01ec4916ebb99b088a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 13 Jan 2026 11:24:14 +0100 Subject: [PATCH 1288/1548] all.sh: fix file paths for "not grep" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/components-configuration-crypto.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index b17507a9ea..4dac83e61e 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -414,7 +414,7 @@ component_test_full_no_ccm_star_no_tag () { $MAKE_COMMAND # Ensure MBEDTLS_PSA_BUILTIN_CIPHER was not enabled - not grep mbedtls_psa_cipher ${PSA_CORE_PATH}/psa_crypto_cipher.o + not grep mbedtls_psa_cipher ${BUILTIN_SRC_PATH}/psa_crypto_cipher.o msg "test: full no PSA_WANT_ALG_CCM_STAR_NO_TAG" $MAKE_COMMAND test @@ -1835,9 +1835,9 @@ component_test_full_block_cipher_psa_dispatch_static_keystore () { # Make sure disabled components were not re-enabled by accident (additive # config) - not grep mbedtls_aes_ library/aes.o - not grep mbedtls_aria_ library/aria.o - not grep mbedtls_camellia_ library/camellia.o + not grep mbedtls_aes_ ${BUILTIN_SRC_PATH}/aes.o + not grep mbedtls_aria_ ${BUILTIN_SRC_PATH}/aria.o + not grep mbedtls_camellia_ ${BUILTIN_SRC_PATH}/camellia.o # Run the tests # ------------- From e2c2dfaab3139c127164d7f58d6765aa27166577 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Mon, 17 Nov 2025 16:53:01 +0100 Subject: [PATCH 1289/1548] Move abi_check.py into the framework MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/abi_check.py | 711 ------------------------------------------- 1 file changed, 711 deletions(-) delete mode 100755 scripts/abi_check.py diff --git a/scripts/abi_check.py b/scripts/abi_check.py deleted file mode 100755 index 4fe7f54fc0..0000000000 --- a/scripts/abi_check.py +++ /dev/null @@ -1,711 +0,0 @@ -#!/usr/bin/env python3 -"""This script compares the interfaces of two versions of Mbed TLS, looking -for backward incompatibilities between two different Git revisions within -an Mbed TLS repository. It must be run from the root of a Git working tree. - -### How the script works ### - -For the source (API) and runtime (ABI) interface compatibility, this script -is a small wrapper around the abi-compliance-checker and abi-dumper tools, -applying them to compare the header and library files. - -For the storage format, this script compares the automatically generated -storage tests and the manual read tests, and complains if there is a -reduction in coverage. A change in test data will be signaled as a -coverage reduction since the old test data is no longer present. A change in -how test data is presented will be signaled as well; this would be a false -positive. - -The results of the API/ABI comparison are either formatted as HTML and stored -at a configurable location, or are given as a brief list of problems. -Returns 0 on success, 1 on non-compliance, and 2 if there is an error -while running the script. - -### How to interpret non-compliance ### - -This script has relatively common false positives. In many scenarios, it only -reports a pass if there is a strict textual match between the old version and -the new version, and it reports problems where there is a sufficient semantic -match but not a textual match. This section lists some common false positives. -This is not an exhaustive list: in the end what matters is whether we are -breaking a backward compatibility goal. - -**API**: the goal is that if an application works with the old version of the -library, it can be recompiled against the new version and will still work. -This is normally validated by comparing the declarations in `include/*/*.h`. -A failure is a declaration that has disappeared or that now has a different -type. - - * It's ok to change or remove macros and functions that are documented as - for internal use only or as experimental. - * It's ok to rename function or macro parameters as long as the semantics - has not changed. - * It's ok to change or remove structure fields that are documented as - private. - * It's ok to add fields to a structure that already had private fields - or was documented as extensible. - -**ABI**: the goal is that if an application was built against the old version -of the library, the same binary will work when linked against the new version. -This is normally validated by comparing the symbols exported by `libmbed*.so`. -A failure is a symbol that is no longer exported by the same library or that -now has a different type. - - * All ABI changes are acceptable if the library version is bumped - (see `scripts/bump_version.sh`). - * ABI changes that concern functions which are declared only inside the - library directory, and not in `include/*/*.h`, are acceptable only if - the function was only ever used inside the same library (libmbedcrypto, - libmbedx509, libmbedtls). As a counter example, if the old version - of libmbedtls calls mbedtls_foo() from libmbedcrypto, and the new version - of libmbedcrypto no longer has a compatible mbedtls_foo(), this does - require a version bump for libmbedcrypto. - -**Storage format**: the goal is to check that persistent keys stored by the -old version can be read by the new version. This is normally validated by -comparing the `*read*` test cases in `test_suite*storage_format*.data`. -A failure is a storage read test case that is no longer present with the same -function name and parameter list. - - * It's ok if the same test data is present, but its presentation has changed, - for example if a test function is renamed or has different parameters. - * It's ok if redundant tests are removed. - -**Generated test coverage**: the goal is to check that automatically -generated tests have as much coverage as before. This is normally validated -by comparing the test cases that are automatically generated by a script. -A failure is a generated test case that is no longer present with the same -function name and parameter list. - - * It's ok if the same test data is present, but its presentation has changed, - for example if a test function is renamed or has different parameters. - * It's ok if redundant tests are removed. - -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import glob -import os -import re -import sys -import traceback -import shutil -import subprocess -import argparse -import logging -import tempfile -import fnmatch -from types import SimpleNamespace - -import xml.etree.ElementTree as ET - -import framework_scripts_path # pylint: disable=unused-import -from mbedtls_framework import build_tree - - -class AbiChecker: - """API and ABI checker.""" - - def __init__(self, old_version, new_version, configuration): - """Instantiate the API/ABI checker. - - old_version: RepoVersion containing details to compare against - new_version: RepoVersion containing details to check - configuration.report_dir: directory for output files - configuration.keep_all_reports: if false, delete old reports - configuration.brief: if true, output shorter report to stdout - configuration.check_abi: if true, compare ABIs - configuration.check_api: if true, compare APIs - configuration.check_storage: if true, compare storage format tests - configuration.skip_file: path to file containing symbols and types to skip - """ - self.repo_path = "." - self.log = None - self.verbose = configuration.verbose - self._setup_logger() - self.report_dir = os.path.abspath(configuration.report_dir) - self.keep_all_reports = configuration.keep_all_reports - self.can_remove_report_dir = not (os.path.exists(self.report_dir) or - self.keep_all_reports) - self.old_version = old_version - self.new_version = new_version - self.skip_file = configuration.skip_file - self.check_abi = configuration.check_abi - self.check_api = configuration.check_api - if self.check_abi != self.check_api: - raise Exception('Checking API without ABI or vice versa is not supported') - self.check_storage_tests = configuration.check_storage - self.brief = configuration.brief - self.git_command = "git" - self.make_command = "make" - - def _setup_logger(self): - self.log = logging.getLogger() - if self.verbose: - self.log.setLevel(logging.DEBUG) - else: - self.log.setLevel(logging.INFO) - self.log.addHandler(logging.StreamHandler()) - - @staticmethod - def check_abi_tools_are_installed(): - for command in ["abi-dumper", "abi-compliance-checker"]: - if not shutil.which(command): - raise Exception("{} not installed, aborting".format(command)) - - def _get_clean_worktree_for_git_revision(self, version): - """Make a separate worktree with version.revision checked out. - Do not modify the current worktree.""" - git_worktree_path = tempfile.mkdtemp() - if version.repository: - self.log.debug( - "Checking out git worktree for revision {} from {}".format( - version.revision, version.repository - ) - ) - fetch_output = subprocess.check_output( - [self.git_command, "fetch", - version.repository, version.revision], - cwd=self.repo_path, - stderr=subprocess.STDOUT - ) - self.log.debug(fetch_output.decode("utf-8")) - worktree_rev = "FETCH_HEAD" - else: - self.log.debug("Checking out git worktree for revision {}".format( - version.revision - )) - worktree_rev = version.revision - worktree_output = subprocess.check_output( - [self.git_command, "worktree", "add", "--detach", - git_worktree_path, worktree_rev], - cwd=self.repo_path, - stderr=subprocess.STDOUT - ) - self.log.debug(worktree_output.decode("utf-8")) - version.commit = subprocess.check_output( - [self.git_command, "rev-parse", "HEAD"], - cwd=git_worktree_path, - stderr=subprocess.STDOUT - ).decode("ascii").rstrip() - self.log.debug("Commit is {}".format(version.commit)) - return git_worktree_path - - def _update_git_submodules(self, git_worktree_path, version): - """If the crypto submodule is present, initialize it. - if version.crypto_revision exists, update it to that revision, - otherwise update it to the default revision""" - submodule_output = subprocess.check_output( - [self.git_command, "submodule", "foreach", "--recursive", - f'git worktree add --detach "{git_worktree_path}/$displaypath" HEAD'], - cwd=self.repo_path, - stderr=subprocess.STDOUT - ) - self.log.debug(submodule_output.decode("utf-8")) - - try: - # Try to update the submodules using local commits - # (Git will sometimes insist on fetching the remote without --no-fetch - # if the submodules are shallow clones) - update_output = subprocess.check_output( - [self.git_command, "submodule", "update", "--init", '--recursive', '--no-fetch'], - cwd=git_worktree_path, - stderr=subprocess.STDOUT - ) - except subprocess.CalledProcessError as err: - self.log.debug(err.stdout.decode("utf-8")) - - # Checkout with --no-fetch failed, falling back to fetching from origin - update_output = subprocess.check_output( - [self.git_command, "submodule", "update", "--init", '--recursive'], - cwd=git_worktree_path, - stderr=subprocess.STDOUT - ) - self.log.debug(update_output.decode("utf-8")) - if not (os.path.exists(os.path.join(git_worktree_path, "crypto")) - and version.crypto_revision): - return - - if version.crypto_repository: - fetch_output = subprocess.check_output( - [self.git_command, "fetch", version.crypto_repository, - version.crypto_revision], - cwd=os.path.join(git_worktree_path, "crypto"), - stderr=subprocess.STDOUT - ) - self.log.debug(fetch_output.decode("utf-8")) - crypto_rev = "FETCH_HEAD" - else: - crypto_rev = version.crypto_revision - - checkout_output = subprocess.check_output( - [self.git_command, "checkout", crypto_rev], - cwd=os.path.join(git_worktree_path, "crypto"), - stderr=subprocess.STDOUT - ) - self.log.debug(checkout_output.decode("utf-8")) - - def _build_shared_libraries(self, git_worktree_path, version): - """Build the shared libraries in the specified worktree.""" - my_environment = os.environ.copy() - my_environment["CFLAGS"] = "-g -Og" - my_environment["SHARED"] = "1" - if os.path.exists(os.path.join(git_worktree_path, "crypto")): - my_environment["USE_CRYPTO_SUBMODULE"] = "1" - - if os.path.exists(os.path.join(git_worktree_path, "scripts", "legacy.make")): - command = [self.make_command, "-f", "scripts/legacy.make", "lib"] - else: - command = [self.make_command, "lib"] - - make_output = subprocess.check_output( - command, - env=my_environment, - cwd=git_worktree_path, - stderr=subprocess.STDOUT - ) - self.log.debug(make_output.decode("utf-8")) - for root, _dirs, files in os.walk(git_worktree_path): - for file in fnmatch.filter(files, "*.so"): - version.modules[os.path.splitext(file)[0]] = ( - os.path.join(root, file) - ) - - @staticmethod - def _pretty_revision(version): - if version.revision == version.commit: - return version.revision - else: - return "{} ({})".format(version.revision, version.commit) - - def _get_abi_dumps_from_shared_libraries(self, version): - """Generate the ABI dumps for the specified git revision. - The shared libraries must have been built and the module paths - present in version.modules.""" - for mbed_module, module_path in version.modules.items(): - output_path = os.path.join( - self.report_dir, "{}-{}-{}.dump".format( - mbed_module, version.revision, version.version - ) - ) - abi_dump_command = [ - "abi-dumper", - module_path, - "-o", output_path, - "-lver", self._pretty_revision(version), - ] - abi_dump_output = subprocess.check_output( - abi_dump_command, - stderr=subprocess.STDOUT - ) - self.log.debug(abi_dump_output.decode("utf-8")) - version.abi_dumps[mbed_module] = output_path - - @staticmethod - def _normalize_storage_test_case_data(line): - """Eliminate cosmetic or irrelevant details in storage format test cases.""" - line = re.sub(r'\s+', r'', line) - return line - - def _read_storage_tests(self, - directory, - filename, - is_generated, - storage_tests): - """Record storage tests from the given file. - - Populate the storage_tests dictionary with test cases read from - filename under directory. - """ - at_paragraph_start = True - description = None - full_path = os.path.join(directory, filename) - with open(full_path) as fd: - for line_number, line in enumerate(fd, 1): - line = line.strip() - if not line: - at_paragraph_start = True - continue - if line.startswith('#'): - continue - if at_paragraph_start: - description = line.strip() - at_paragraph_start = False - continue - if line.startswith('depends_on:'): - continue - # We've reached a test case data line - test_case_data = self._normalize_storage_test_case_data(line) - if not is_generated: - # In manual test data, only look at read tests. - function_name = test_case_data.split(':', 1)[0] - if 'read' not in function_name.split('_'): - continue - metadata = SimpleNamespace( - filename=filename, - line_number=line_number, - description=description - ) - storage_tests[test_case_data] = metadata - - @staticmethod - def _list_generated_test_data_files(git_worktree_path): - """List the generated test data files.""" - generate_psa_tests = 'framework/scripts/generate_psa_tests.py' - if not os.path.isfile(git_worktree_path + '/' + generate_psa_tests): - # The checked-out revision is from before generate_psa_tests.py - # was moved to the framework submodule. Use the old location. - generate_psa_tests = 'tests/scripts/generate_psa_tests.py' - - output = subprocess.check_output( - [generate_psa_tests, '--list'], - cwd=git_worktree_path, - ).decode('ascii') - return [line for line in output.split('\n') if line] - - def _get_storage_format_tests(self, version, git_worktree_path): - """Record the storage format tests for the specified git version. - - The storage format tests are the test suite data files whose name - contains "storage_format". - - The version must be checked out at git_worktree_path. - - This function creates or updates the generated data files. - """ - # Existing test data files. This may be missing some automatically - # generated files if they haven't been generated yet. - if os.path.isdir(os.path.join(git_worktree_path, 'tf-psa-crypto', - 'tests', 'suites')): - storage_data_files = set(glob.glob( - 'tf-psa-crypto/tests/suites/test_suite_*storage_format*.data' - )) - else: - storage_data_files = set(glob.glob( - 'tests/suites/test_suite_*storage_format*.data' - )) - # Discover and (re)generate automatically generated data files. - to_be_generated = set() - for filename in self._list_generated_test_data_files(git_worktree_path): - if 'storage_format' in filename: - storage_data_files.add(filename) - to_be_generated.add(filename) - - generate_psa_tests = 'framework/scripts/generate_psa_tests.py' - if not os.path.isfile(git_worktree_path + '/' + generate_psa_tests): - # The checked-out revision is from before generate_psa_tests.py - # was moved to the framework submodule. Use the old location. - generate_psa_tests = 'tests/scripts/generate_psa_tests.py' - subprocess.check_call( - [generate_psa_tests] + sorted(to_be_generated), - cwd=git_worktree_path, - ) - for test_file in sorted(storage_data_files): - self._read_storage_tests(git_worktree_path, - test_file, - test_file in to_be_generated, - version.storage_tests) - - def _cleanup_worktree(self, git_worktree_path): - """Remove the specified git worktree.""" - shutil.rmtree(git_worktree_path) - submodule_output = subprocess.check_output( - [self.git_command, "submodule", "foreach", "--recursive", - f'git worktree remove "{git_worktree_path}/$displaypath"'], - cwd=self.repo_path, - stderr=subprocess.STDOUT - ) - self.log.debug(submodule_output.decode("utf-8")) - worktree_output = subprocess.check_output( - [self.git_command, "worktree", "remove", git_worktree_path], - cwd=self.repo_path, - stderr=subprocess.STDOUT - ) - self.log.debug(worktree_output.decode("utf-8")) - - def _get_abi_dump_for_ref(self, version): - """Generate the interface information for the specified git revision.""" - git_worktree_path = self._get_clean_worktree_for_git_revision(version) - self._update_git_submodules(git_worktree_path, version) - if self.check_abi: - self._build_shared_libraries(git_worktree_path, version) - self._get_abi_dumps_from_shared_libraries(version) - if self.check_storage_tests: - self._get_storage_format_tests(version, git_worktree_path) - self._cleanup_worktree(git_worktree_path) - - def _remove_children_with_tag(self, parent, tag): - children = parent.getchildren() - for child in children: - if child.tag == tag: - parent.remove(child) - else: - self._remove_children_with_tag(child, tag) - - def _remove_extra_detail_from_report(self, report_root): - for tag in ['test_info', 'test_results', 'problem_summary', - 'added_symbols', 'affected']: - self._remove_children_with_tag(report_root, tag) - - for report in report_root: - for problems in report.getchildren()[:]: - if not problems.getchildren(): - report.remove(problems) - - def _abi_compliance_command(self, mbed_module, output_path): - """Build the command to run to analyze the library mbed_module. - The report will be placed in output_path.""" - abi_compliance_command = [ - "abi-compliance-checker", - "-l", mbed_module, - "-old", self.old_version.abi_dumps[mbed_module], - "-new", self.new_version.abi_dumps[mbed_module], - "-strict", - "-report-path", output_path, - ] - if self.skip_file: - abi_compliance_command += ["-skip-symbols", self.skip_file, - "-skip-types", self.skip_file] - if self.brief: - abi_compliance_command += ["-report-format", "xml", - "-stdout"] - return abi_compliance_command - - def _is_library_compatible(self, mbed_module, compatibility_report): - """Test if the library mbed_module has remained compatible. - Append a message regarding compatibility to compatibility_report.""" - output_path = os.path.join( - self.report_dir, "{}-{}-{}.html".format( - mbed_module, self.old_version.revision, - self.new_version.revision - ) - ) - try: - subprocess.check_output( - self._abi_compliance_command(mbed_module, output_path), - stderr=subprocess.STDOUT - ) - except subprocess.CalledProcessError as err: - if err.returncode != 1: - raise err - if self.brief: - self.log.info( - "Compatibility issues found for {}".format(mbed_module) - ) - report_root = ET.fromstring(err.output.decode("utf-8")) - self._remove_extra_detail_from_report(report_root) - self.log.info(ET.tostring(report_root).decode("utf-8")) - else: - self.can_remove_report_dir = False - compatibility_report.append( - "Compatibility issues found for {}, " - "for details see {}".format(mbed_module, output_path) - ) - return False - compatibility_report.append( - "No compatibility issues for {}".format(mbed_module) - ) - if not (self.keep_all_reports or self.brief): - os.remove(output_path) - return True - - @staticmethod - def _is_storage_format_compatible(old_tests, new_tests, - compatibility_report): - """Check whether all tests present in old_tests are also in new_tests. - - Append a message regarding compatibility to compatibility_report. - """ - missing = frozenset(old_tests.keys()).difference(new_tests.keys()) - for test_data in sorted(missing): - metadata = old_tests[test_data] - compatibility_report.append( - 'Test case from {} line {} "{}" has disappeared: {}'.format( - metadata.filename, metadata.line_number, - metadata.description, test_data - ) - ) - compatibility_report.append( - 'FAIL: {}/{} storage format test cases have changed or disappeared.'.format( - len(missing), len(old_tests) - ) if missing else - 'PASS: All {} storage format test cases are preserved.'.format( - len(old_tests) - ) - ) - compatibility_report.append( - 'Info: number of storage format tests cases: {} -> {}.'.format( - len(old_tests), len(new_tests) - ) - ) - return not missing - - def get_abi_compatibility_report(self): - """Generate a report of the differences between the reference ABI - and the new ABI. ABI dumps from self.old_version and self.new_version - must be available.""" - compatibility_report = ["Checking evolution from {} to {}".format( - self._pretty_revision(self.old_version), - self._pretty_revision(self.new_version) - )] - compliance_return_code = 0 - - if self.check_abi: - shared_modules = list(set(self.old_version.modules.keys()) & - set(self.new_version.modules.keys())) - for mbed_module in shared_modules: - if not self._is_library_compatible(mbed_module, - compatibility_report): - compliance_return_code = 1 - - if self.check_storage_tests: - if not self._is_storage_format_compatible( - self.old_version.storage_tests, - self.new_version.storage_tests, - compatibility_report): - compliance_return_code = 1 - - for version in [self.old_version, self.new_version]: - for mbed_module, mbed_module_dump in version.abi_dumps.items(): - os.remove(mbed_module_dump) - if self.can_remove_report_dir: - os.rmdir(self.report_dir) - self.log.info("\n".join(compatibility_report)) - return compliance_return_code - - def check_for_abi_changes(self): - """Generate a report of ABI differences - between self.old_rev and self.new_rev.""" - build_tree.check_repo_path() - if self.check_api or self.check_abi: - self.check_abi_tools_are_installed() - self._get_abi_dump_for_ref(self.old_version) - self._get_abi_dump_for_ref(self.new_version) - return self.get_abi_compatibility_report() - - -def run_main(): - try: - parser = argparse.ArgumentParser( - description=__doc__ - ) - parser.add_argument( - "-v", "--verbose", action="store_true", - help="set verbosity level", - ) - parser.add_argument( - "-r", "--report-dir", type=str, default="reports", - help="directory where reports are stored, default is reports", - ) - parser.add_argument( - "-k", "--keep-all-reports", action="store_true", - help="keep all reports, even if there are no compatibility issues", - ) - parser.add_argument( - "-o", "--old-rev", type=str, help="revision for old version.", - required=True, - ) - parser.add_argument( - "-or", "--old-repo", type=str, help="repository for old version." - ) - parser.add_argument( - "-oc", "--old-crypto-rev", type=str, - help="revision for old crypto submodule." - ) - parser.add_argument( - "-ocr", "--old-crypto-repo", type=str, - help="repository for old crypto submodule." - ) - parser.add_argument( - "-n", "--new-rev", type=str, help="revision for new version", - required=True, - ) - parser.add_argument( - "-nr", "--new-repo", type=str, help="repository for new version." - ) - parser.add_argument( - "-nc", "--new-crypto-rev", type=str, - help="revision for new crypto version" - ) - parser.add_argument( - "-ncr", "--new-crypto-repo", type=str, - help="repository for new crypto submodule." - ) - parser.add_argument( - "-s", "--skip-file", type=str, - help=("path to file containing symbols and types to skip " - "(typically \"-s identifiers\" after running " - "\"tests/scripts/list-identifiers.sh --internal\")") - ) - parser.add_argument( - "--check-abi", - action='store_true', default=True, - help="Perform ABI comparison (default: yes)" - ) - parser.add_argument("--no-check-abi", action='store_false', dest='check_abi') - parser.add_argument( - "--check-api", - action='store_true', default=True, - help="Perform API comparison (default: yes)" - ) - parser.add_argument("--no-check-api", action='store_false', dest='check_api') - parser.add_argument( - "--check-storage", - action='store_true', default=True, - help="Perform storage tests comparison (default: yes)" - ) - parser.add_argument("--no-check-storage", action='store_false', dest='check_storage') - parser.add_argument( - "-b", "--brief", action="store_true", - help="output only the list of issues to stdout, instead of a full report", - ) - abi_args = parser.parse_args() - if os.path.isfile(abi_args.report_dir): - print("Error: {} is not a directory".format(abi_args.report_dir)) - parser.exit() - old_version = SimpleNamespace( - version="old", - repository=abi_args.old_repo, - revision=abi_args.old_rev, - commit=None, - crypto_repository=abi_args.old_crypto_repo, - crypto_revision=abi_args.old_crypto_rev, - abi_dumps={}, - storage_tests={}, - modules={} - ) - new_version = SimpleNamespace( - version="new", - repository=abi_args.new_repo, - revision=abi_args.new_rev, - commit=None, - crypto_repository=abi_args.new_crypto_repo, - crypto_revision=abi_args.new_crypto_rev, - abi_dumps={}, - storage_tests={}, - modules={} - ) - configuration = SimpleNamespace( - verbose=abi_args.verbose, - report_dir=abi_args.report_dir, - keep_all_reports=abi_args.keep_all_reports, - brief=abi_args.brief, - check_abi=abi_args.check_abi, - check_api=abi_args.check_api, - check_storage=abi_args.check_storage, - skip_file=abi_args.skip_file - ) - abi_check = AbiChecker(old_version, new_version, configuration) - return_code = abi_check.check_for_abi_changes() - sys.exit(return_code) - except Exception: # pylint: disable=broad-except - # Print the backtrace and exit explicitly so as to exit with - # status 2, not 1. - traceback.print_exc() - sys.exit(2) - - -if __name__ == "__main__": - run_main() From 57009f3911a5324ec9ca03f992a1ffa8ef808f50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 22 Oct 2025 00:52:06 +0200 Subject: [PATCH 1290/1548] Add abi_check.py bridge script MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The bulk of the script that was moved to the framework is now a pure python module - bridge scripts like this one will remain in each individual branch, and continue to be the way to invoke the ABI checks. This way we can use the bridge scripts to encode branch-specific information in a more convenient way. Signed-off-by: Bence Szépkúti --- scripts/abi_check.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100755 scripts/abi_check.py diff --git a/scripts/abi_check.py b/scripts/abi_check.py new file mode 100755 index 0000000000..517d40e355 --- /dev/null +++ b/scripts/abi_check.py @@ -0,0 +1,16 @@ +#!/usr/bin/env python3 +"""Bridge script +See framework/scripts/mbedtls_framework/interface_checks.py for detailed documentation. + +This is a convenient place to encode any branch-specific information we might want to add +in the future. +""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +import framework_scripts_path # pylint: disable=unused-import +from mbedtls_framework import interface_checks + +if __name__ == "__main__": + interface_checks.run_main() From 4e2584d68145116567da157540d8f94e8ca3044c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Jan 2026 13:34:32 +0100 Subject: [PATCH 1291/1548] tests: scripts: remove set_psa_test_dependencies.py This script was used in the past, but it has since been replaced with other scripts and nowadays it's no more used anywhere. Signed-off-by: Valerio Setti --- tests/scripts/set_psa_test_dependencies.py | 278 --------------------- 1 file changed, 278 deletions(-) delete mode 100755 tests/scripts/set_psa_test_dependencies.py diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py deleted file mode 100755 index 37152112be..0000000000 --- a/tests/scripts/set_psa_test_dependencies.py +++ /dev/null @@ -1,278 +0,0 @@ -#!/usr/bin/env python3 - -"""Edit test cases to use PSA dependencies instead of classic dependencies. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import os -import re -import sys - -CLASSIC_DEPENDENCIES = frozenset([ - # This list is manually filtered from mbedtls_config.h. - - # Mbed TLS feature support. - # Only features that affect what can be done are listed here. - # Options that control optimizations or alternative implementations - # are omitted. - 'MBEDTLS_CIPHER_MODE_CBC', - 'MBEDTLS_CIPHER_MODE_CFB', - 'MBEDTLS_CIPHER_MODE_CTR', - 'MBEDTLS_CIPHER_MODE_OFB', - 'MBEDTLS_CIPHER_MODE_XTS', - 'MBEDTLS_CIPHER_NULL_CIPHER', - 'MBEDTLS_CIPHER_PADDING_PKCS7', - 'MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS', - 'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN', - 'MBEDTLS_CIPHER_PADDING_ZEROS', - #curve#'MBEDTLS_ECP_DP_SECP256R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP384R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP521R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_SECP256K1_ENABLED', - #curve#'MBEDTLS_ECP_DP_BP256R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_BP384R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_BP512R1_ENABLED', - #curve#'MBEDTLS_ECP_DP_CURVE25519_ENABLED', - #curve#'MBEDTLS_ECP_DP_CURVE448_ENABLED', - 'MBEDTLS_ECDSA_DETERMINISTIC', - #'MBEDTLS_GENPRIME', #needed for RSA key generation - 'MBEDTLS_PKCS1_V15', - 'MBEDTLS_PKCS1_V21', - - # Mbed TLS modules. - # Only modules that provide cryptographic mechanisms are listed here. - # Platform, data formatting, X.509 or TLS modules are omitted. - 'MBEDTLS_AES_C', - 'MBEDTLS_BIGNUM_C', - 'MBEDTLS_CAMELLIA_C', - 'MBEDTLS_ARIA_C', - 'MBEDTLS_CCM_C', - 'MBEDTLS_CHACHA20_C', - 'MBEDTLS_CHACHAPOLY_C', - 'MBEDTLS_CMAC_C', - 'MBEDTLS_CTR_DRBG_C', - 'MBEDTLS_ECDH_C', - 'MBEDTLS_ECDSA_C', - 'MBEDTLS_ECJPAKE_C', - 'MBEDTLS_ECP_C', - 'MBEDTLS_ENTROPY_C', - 'MBEDTLS_GCM_C', - 'MBEDTLS_HKDF_C', - 'MBEDTLS_HMAC_DRBG_C', - 'MBEDTLS_NIST_KW_C', - 'MBEDTLS_MD5_C', - 'MBEDTLS_PKCS5_C', - 'MBEDTLS_PKCS12_C', - 'MBEDTLS_POLY1305_C', - 'MBEDTLS_RIPEMD160_C', - 'MBEDTLS_RSA_C', - 'MBEDTLS_SHA1_C', - 'MBEDTLS_SHA256_C', - 'MBEDTLS_SHA512_C', -]) - -def is_classic_dependency(dep): - """Whether dep is a classic dependency that PSA test cases should not use.""" - if dep.startswith('!'): - dep = dep[1:] - return dep in CLASSIC_DEPENDENCIES - -def is_systematic_dependency(dep): - """Whether dep is a PSA dependency which is determined systematically.""" - if dep.startswith('PSA_WANT_ECC_'): - return False - return dep.startswith('PSA_WANT_') - -WITHOUT_SYSTEMATIC_DEPENDENCIES = frozenset([ - 'PSA_ALG_AEAD_WITH_SHORTENED_TAG', # only a modifier - 'PSA_ALG_ANY_HASH', # only meaningful in policies - 'PSA_ALG_KEY_AGREEMENT', # only a way to combine algorithms - 'PSA_ALG_TRUNCATED_MAC', # only a modifier - 'PSA_KEY_TYPE_NONE', # not a real key type - 'PSA_KEY_TYPE_DERIVE', # always supported, don't list it to reduce noise - 'PSA_KEY_TYPE_RAW_DATA', # always supported, don't list it to reduce noise - 'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', #only a modifier - 'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', #only a modifier -]) - -SPECIAL_SYSTEMATIC_DEPENDENCIES = { - 'PSA_ALG_ECDSA_ANY': frozenset(['PSA_WANT_ALG_ECDSA']), - 'PSA_ALG_RSA_PKCS1V15_SIGN_RAW': frozenset(['PSA_WANT_ALG_RSA_PKCS1V15_SIGN']), -} - -def dependencies_of_symbol(symbol): - """Return the dependencies for a symbol that designates a cryptographic mechanism.""" - if symbol in WITHOUT_SYSTEMATIC_DEPENDENCIES: - return frozenset() - if symbol in SPECIAL_SYSTEMATIC_DEPENDENCIES: - return SPECIAL_SYSTEMATIC_DEPENDENCIES[symbol] - if symbol.startswith('PSA_ALG_CATEGORY_') or \ - symbol.startswith('PSA_KEY_TYPE_CATEGORY_'): - # Categories are used in test data when an unsupported but plausible - # mechanism number needed. They have no associated dependency. - return frozenset() - return {symbol.replace('_', '_WANT_', 1)} - -def systematic_dependencies(file_name, function_name, arguments): - """List the systematically determined dependency for a test case.""" - deps = set() - - # Run key policy negative tests even if the algorithm to attempt performing - # is not supported but in the case where the test is to check an - # incompatibility between a requested algorithm for a cryptographic - # operation and a key policy. In the latter, we want to filter out the - # cases # where PSA_ERROR_NOT_SUPPORTED is returned instead of - # PSA_ERROR_NOT_PERMITTED. - if function_name.endswith('_key_policy') and \ - arguments[-1].startswith('PSA_ERROR_') and \ - arguments[-1] != ('PSA_ERROR_NOT_PERMITTED'): - arguments[-2] = '' - if function_name == 'copy_fail' and \ - arguments[-1].startswith('PSA_ERROR_'): - arguments[-2] = '' - arguments[-3] = '' - - # Storage format tests that only look at how the file is structured and - # don't care about the format of the key material don't depend on any - # cryptographic mechanisms. - if os.path.basename(file_name) == 'test_suite_psa_crypto_persistent_key.data' and \ - function_name in {'format_storage_data_check', - 'parse_storage_data_check'}: - return [] - - for arg in arguments: - for symbol in re.findall(r'PSA_(?:ALG|KEY_TYPE)_\w+', arg): - deps.update(dependencies_of_symbol(symbol)) - return sorted(deps) - -def updated_dependencies(file_name, function_name, arguments, dependencies): - """Rework the list of dependencies into PSA_WANT_xxx. - - Remove classic crypto dependencies such as MBEDTLS_RSA_C, - MBEDTLS_PKCS1_V15, etc. - - Add systematic PSA_WANT_xxx dependencies based on the called function and - its arguments, replacing existing PSA_WANT_xxx dependencies. - """ - automatic = systematic_dependencies(file_name, function_name, arguments) - manual = [dep for dep in dependencies - if not (is_systematic_dependency(dep) or - is_classic_dependency(dep))] - return automatic + manual - -def keep_manual_dependencies(file_name, function_name, arguments): - #pylint: disable=unused-argument - """Declare test functions with unusual dependencies here.""" - # If there are no arguments, we can't do any useful work. Assume that if - # there are dependencies, they are warranted. - if not arguments: - return True - # When PSA_ERROR_NOT_SUPPORTED is expected, usually, at least one of the - # constants mentioned in the test should not be supported. It isn't - # possible to determine which one in a systematic way. So let the programmer - # decide. - if arguments[-1] == 'PSA_ERROR_NOT_SUPPORTED': - return True - return False - -def process_data_stanza(stanza, file_name, test_case_number): - """Update PSA crypto dependencies in one Mbed TLS test case. - - stanza is the test case text (including the description, the dependencies, - the line with the function and arguments, and optionally comments). Return - a new stanza with an updated dependency line, preserving everything else - (description, comments, arguments, etc.). - """ - if not stanza.lstrip('\n'): - # Just blank lines - return stanza - # Expect 2 or 3 non-comment lines: description, optional dependencies, - # function-and-arguments. - content_matches = list(re.finditer(r'^[\t ]*([^\t #].*)$', stanza, re.M)) - if len(content_matches) < 2: - raise Exception('Not enough content lines in paragraph {} in {}' - .format(test_case_number, file_name)) - if len(content_matches) > 3: - raise Exception('Too many content lines in paragraph {} in {}' - .format(test_case_number, file_name)) - arguments = content_matches[-1].group(0).split(':') - function_name = arguments.pop(0) - if keep_manual_dependencies(file_name, function_name, arguments): - return stanza - if len(content_matches) == 2: - # Insert a line for the dependencies. If it turns out that there are - # no dependencies, we'll remove that empty line below. - dependencies_location = content_matches[-1].start() - text_before = stanza[:dependencies_location] - text_after = '\n' + stanza[dependencies_location:] - old_dependencies = [] - dependencies_leader = 'depends_on:' - else: - dependencies_match = content_matches[-2] - text_before = stanza[:dependencies_match.start()] - text_after = stanza[dependencies_match.end():] - old_dependencies = dependencies_match.group(0).split(':') - dependencies_leader = old_dependencies.pop(0) + ':' - if dependencies_leader != 'depends_on:': - raise Exception('Next-to-last line does not start with "depends_on:"' - ' in paragraph {} in {}' - .format(test_case_number, file_name)) - new_dependencies = updated_dependencies(file_name, function_name, arguments, - old_dependencies) - if new_dependencies: - stanza = (text_before + - dependencies_leader + ':'.join(new_dependencies) + - text_after) - else: - # The dependencies have become empty. Remove the depends_on: line. - assert text_after[0] == '\n' - stanza = text_before + text_after[1:] - return stanza - -def process_data_file(file_name, old_content): - """Update PSA crypto dependencies in an Mbed TLS test suite data file. - - Process old_content (the old content of the file) and return the new content. - """ - old_stanzas = old_content.split('\n\n') - new_stanzas = [process_data_stanza(stanza, file_name, n) - for n, stanza in enumerate(old_stanzas, start=1)] - return '\n\n'.join(new_stanzas) - -def update_file(file_name, old_content, new_content): - """Update the given file with the given new content. - - Replace the existing file. The previous version is renamed to *.bak. - Don't modify the file if the content was unchanged. - """ - if new_content == old_content: - return - backup = file_name + '.bak' - tmp = file_name + '.tmp' - with open(tmp, 'w', encoding='utf-8') as new_file: - new_file.write(new_content) - os.replace(file_name, backup) - os.replace(tmp, file_name) - -def process_file(file_name): - """Update PSA crypto dependencies in an Mbed TLS test suite data file. - - Replace the existing file. The previous version is renamed to *.bak. - Don't modify the file if the content was unchanged. - """ - old_content = open(file_name, encoding='utf-8').read() - if file_name.endswith('.data'): - new_content = process_data_file(file_name, old_content) - else: - raise Exception('File type not recognized: {}' - .format(file_name)) - update_file(file_name, old_content, new_content) - -def main(args): - for file_name in args: - process_file(file_name) - -if __name__ == '__main__': - main(sys.argv[1:]) From fe978ac1f3e6cb8bf9abd16fde4ff3932b168a45 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 2 Jan 2026 09:13:28 +0000 Subject: [PATCH 1292/1548] Remove Deprecated Items From Sample Programs Remove the drbg module and entropy functions from the sample programs as these are now handled by their PSA equivalents Signed-off-by: Ben Taylor --- programs/fuzz/fuzz_client.c | 27 +---- programs/fuzz/fuzz_dtlsclient.c | 19 --- programs/fuzz/fuzz_dtlsserver.c | 19 --- programs/fuzz/fuzz_pkcs7.c | 2 - programs/fuzz/fuzz_server.c | 29 +---- programs/fuzz/fuzz_x509crl.c | 2 - programs/fuzz/fuzz_x509crt.c | 2 - programs/fuzz/fuzz_x509csr.c | 2 - programs/ssl/dtls_client.c | 24 +--- programs/ssl/dtls_server.c | 24 +--- programs/ssl/mini_client.c | 23 +--- programs/ssl/ssl_client1.c | 18 --- programs/ssl/ssl_client2.c | 8 +- programs/ssl/ssl_context_info.c | 2 - programs/ssl/ssl_fork_server.c | 44 +------ programs/ssl/ssl_mail_client.c | 24 +--- programs/ssl/ssl_pthread_server.c | 29 +---- programs/ssl/ssl_server.c | 24 +--- programs/ssl/ssl_server2.c | 9 +- programs/ssl/ssl_test_lib.c | 109 ------------------ programs/ssl/ssl_test_lib.h | 27 ----- programs/test/cmake_package/cmake_package.c | 2 - .../cmake_package_install.c | 2 - .../test/cmake_subproject/cmake_subproject.c | 2 - programs/test/dlopen.c | 2 - programs/test/selftest.c | 54 --------- programs/test/udp_proxy.c | 3 - programs/util/pem2der.c | 2 - programs/util/strerror.c | 2 - programs/x509/cert_app.c | 30 +---- programs/x509/cert_req.c | 22 +--- programs/x509/cert_write.c | 22 +--- programs/x509/crl_app.c | 2 - programs/x509/load_roots.c | 2 - programs/x509/req_app.c | 2 - 35 files changed, 37 insertions(+), 579 deletions(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 70eb656487..8c99f2dddd 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -1,8 +1,4 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/ssl.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "test/certs.h" #include "fuzz_common.h" #include @@ -10,9 +6,7 @@ #include -#if defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) +#if defined(MBEDTLS_SSL_CLI_C) static int initialized = 0; #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) static mbedtls_x509_crt cacert; @@ -29,20 +23,16 @@ const char psk_id[] = "Client_identity"; #endif const char *pers = "fuzz_client"; -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* MBEDTLS_SSL_CLI_C */ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -#if defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) +#if defined(MBEDTLS_SSL_CLI_C) int ret; size_t len; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; unsigned char buf[4096]; fuzzBufferOffset_t biomemfuzz; uint16_t options; @@ -75,19 +65,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - goto exit; - } - if (mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, @@ -173,8 +156,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } exit: - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); mbedtls_psa_crypto_free(); @@ -182,7 +163,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) #else (void) Data; (void) Size; -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* MBEDTLS_SSL_CLI_C */ return 0; } diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index c83f314138..508b796e8b 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -1,19 +1,13 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include #include #include #include "fuzz_common.h" #include "mbedtls/ssl.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/timing.h" #include "test/certs.h" #if defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ defined(MBEDTLS_TIMING_C) static int initialized = 0; #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) @@ -30,15 +24,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { #if defined(MBEDTLS_SSL_PROTO_DTLS) && \ defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ defined(MBEDTLS_TIMING_C) int ret; size_t len; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; mbedtls_timing_delay_context timer; unsigned char buf[4096]; fuzzBufferOffset_t biomemfuzz; @@ -58,19 +48,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { goto exit; } - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - goto exit; - } - if (mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_DATAGRAM, @@ -118,8 +101,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } exit: - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); mbedtls_psa_crypto_free(); diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index dd2a8b644b..746810bd7e 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -1,5 +1,3 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include #include #include @@ -7,14 +5,10 @@ #include "mbedtls/ssl.h" #include "test/certs.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/timing.h" #include "mbedtls/ssl_cookie.h" #if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ defined(MBEDTLS_TIMING_C) && \ (defined(PSA_WANT_ALG_SHA_384) || \ defined(PSA_WANT_ALG_SHA_256)) @@ -32,8 +26,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { #if defined(MBEDTLS_SSL_PROTO_DTLS) && \ defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ defined(MBEDTLS_TIMING_C) && \ (defined(PSA_WANT_ALG_SHA_384) || \ defined(PSA_WANT_ALG_SHA_256)) @@ -41,15 +33,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) size_t len; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; mbedtls_timing_delay_context timer; mbedtls_ssl_cookie_ctx cookie_ctx; unsigned char buf[4096]; fuzzBufferOffset_t biomemfuzz; - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_x509_crt_init(&srvcert); mbedtls_pk_init(&pkey); @@ -63,11 +51,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) goto exit; } - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - goto exit; - } - if (initialized == 0) { #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) @@ -156,12 +139,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) exit: mbedtls_ssl_cookie_free(&cookie_ctx); - mbedtls_entropy_free(&entropy); #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_pk_free(&pkey); mbedtls_x509_crt_free(&srvcert); #endif - mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); mbedtls_psa_crypto_free(); diff --git a/programs/fuzz/fuzz_pkcs7.c b/programs/fuzz/fuzz_pkcs7.c index f236190c2c..5764c5f312 100644 --- a/programs/fuzz/fuzz_pkcs7.c +++ b/programs/fuzz/fuzz_pkcs7.c @@ -1,5 +1,3 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include #include "mbedtls/pkcs7.h" #include "fuzz_common.h" diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 3b1054e16a..6aa6236cee 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -1,8 +1,4 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/ssl.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/ssl_ticket.h" #include "test/certs.h" #include "fuzz_common.h" @@ -11,9 +7,7 @@ #include -#if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) +#if defined(MBEDTLS_SSL_SRV_C) const char *pers = "fuzz_server"; static int initialized = 0; #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) @@ -29,20 +23,16 @@ const unsigned char psk[] = { }; const char psk_id[] = "Client_identity"; #endif -#endif // MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C +#endif // MBEDTLS_SSL_SRV_C int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -#if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) +#if defined(MBEDTLS_SSL_SRV_C) int ret; size_t len; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) mbedtls_ssl_ticket_context ticket_ctx; #endif @@ -56,8 +46,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } options = Data[Size - 1]; - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_x509_crt_init(&srvcert); mbedtls_pk_init(&pkey); @@ -72,11 +60,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) goto exit; } - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - return 1; - } - if (initialized == 0) { #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) @@ -193,8 +176,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) mbedtls_ssl_ticket_free(&ticket_ctx); #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_x509_crt_free(&srvcert); @@ -202,10 +183,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_PEM_PARSE_C */ mbedtls_ssl_free(&ssl); mbedtls_psa_crypto_free(); -#else /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#else /* MBEDTLS_SSL_SRV_C */ (void) Data; (void) Size; -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ +#endif /* MBEDTLS_SSL_SRV_C */ return 0; } diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index af50e25f13..00ad0bb454 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -1,5 +1,3 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include #include "mbedtls/x509_crl.h" #include "fuzz_common.h" diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index 709fd200f9..ad071422f9 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -1,5 +1,3 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include #include "mbedtls/x509_crt.h" #include "fuzz_common.h" diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 1c26e6f082..502673a70d 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -1,5 +1,3 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include #include "mbedtls/x509_csr.h" #include "fuzz_common.h" diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index bb1d5af2e3..9044616fd5 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -5,20 +5,16 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \ +#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \ !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) int main(void) { - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or " + mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or " "MBEDTLS_TIMING_C and/or MBEDTLS_SSL_PROTO_DTLS and/or " "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " "not defined.\n"); @@ -31,8 +27,6 @@ int main(void) #include "mbedtls/net_sockets.h" #include "mbedtls/debug.h" #include "mbedtls/ssl.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include "mbedtls/timing.h" #include "test/certs.h" @@ -73,11 +67,8 @@ int main(int argc, char *argv[]) mbedtls_net_context server_fd; uint32_t flags; unsigned char buf[1024]; - const char *pers = "dtls_client"; int retry_left = MAX_RETRY; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt cacert; @@ -97,8 +88,6 @@ int main(int argc, char *argv[]) mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); mbedtls_x509_crt_init(&cacert); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -111,13 +100,6 @@ int main(int argc, char *argv[]) mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - mbedtls_printf(" ok\n"); /* @@ -322,8 +304,6 @@ int main(int argc, char *argv[]) mbedtls_x509_crt_free(&cacert); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_psa_crypto_free(); /* Shell can not handle large exit numbers -> 1 for errors */ diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 479b5430f9..637e45156b 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" @@ -20,15 +18,13 @@ #define BIND_IP "::" #endif -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ +#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \ !defined(MBEDTLS_SSL_COOKIE_C) || \ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) int main(void) { - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " + mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " "MBEDTLS_TIMING_C and/or MBEDTLS_SSL_PROTO_DTLS and/or " "MBEDTLS_SSL_COOKIE_C and/or " "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " @@ -45,8 +41,6 @@ int main(void) #include #include -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_cookie.h" @@ -80,13 +74,10 @@ int main(void) int ret, len; mbedtls_net_context listen_fd, client_fd; unsigned char buf[1024]; - const char *pers = "dtls_server"; unsigned char client_ip[16] = { 0 }; size_t cliip_len; mbedtls_ssl_cookie_ctx cookie_ctx; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt srvcert; @@ -106,8 +97,6 @@ int main(void) #endif mbedtls_x509_crt_init(&srvcert); mbedtls_pk_init(&pkey); - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -127,13 +116,6 @@ int main(void) printf(" . Seeding the random number generator..."); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - printf(" ok\n"); /* @@ -392,8 +374,6 @@ int main(void) #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free(&cache); #endif - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_psa_crypto_free(); /* Shell can not handle large exit numbers -> 1 for errors */ diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 96d41b35ba..6f8db9e4e0 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -6,8 +6,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" @@ -26,14 +24,12 @@ #define UNIX #endif -#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \ +#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \ !defined(UNIX) int main(void) { - mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX " + mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX " "not defined.\n"); mbedtls_exit(0); } @@ -43,8 +39,6 @@ int main(void) #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include #include @@ -129,7 +123,6 @@ const unsigned char ca_cert[] = { enum exit_codes { exit_ok = 0, - ctr_drbg_seed_failed, ssl_config_defaults_failed, ssl_setup_failed, hostname_failed, @@ -150,11 +143,8 @@ int main(void) mbedtls_x509_crt ca; #endif - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; - mbedtls_ctr_drbg_init(&ctr_drbg); /* * 0. Initialize and setup stuff @@ -165,7 +155,6 @@ int main(void) #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_init(&ca); #endif - mbedtls_entropy_init(&entropy); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -173,12 +162,6 @@ int main(void) goto exit; } - if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - ret = ctr_drbg_seed_failed; - goto exit; - } - if (mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, @@ -258,8 +241,6 @@ int main(void) mbedtls_net_free(&server_fd); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_free(&ca); #endif diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index c56ff0702f..2cc47147fa 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" @@ -27,8 +25,6 @@ int main(void) #include "mbedtls/net_sockets.h" #include "mbedtls/debug.h" #include "mbedtls/ssl.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include "test/certs.h" @@ -58,10 +54,7 @@ int main(void) mbedtls_net_context server_fd; uint32_t flags; unsigned char buf[1024]; - const char *pers = "ssl_client1"; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt cacert; @@ -77,8 +70,6 @@ int main(void) mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); mbedtls_x509_crt_init(&cacert); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -91,13 +82,6 @@ int main(void) fflush(stdout); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - mbedtls_printf(" ok\n"); /* @@ -276,8 +260,6 @@ int main(void) mbedtls_x509_crt_free(&cacert); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index a7ef41aa15..15fe49fcfc 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -877,7 +877,7 @@ int main(int argc, char *argv[]) mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); mbedtls_ssl_session_init(&saved_session); - rng_init(&rng); + psa_crypto_init(); #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) mbedtls_x509_crt_init(&cacert); mbedtls_x509_crt_init(&clicert); @@ -3213,13 +3213,7 @@ int main(int argc, char *argv[]) mbedtls_printf("PSA memory leak detected: %s\n", message); } - /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto - * resources are freed by rng_free(). */ -#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); -#endif - - rng_free(&rng); #if defined(MBEDTLS_TEST_HOOKS) if (test_hooks_failure_detected()) { diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 7bcd50fe65..8310bd21f3 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/debug.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index ff1c877ee2..f1f1f748a9 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -5,19 +5,15 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ +#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) int main(void) { - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " + mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " "not defined.\n"); mbedtls_exit(0); @@ -31,8 +27,6 @@ int main(void) } #else -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "test/certs.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" @@ -70,10 +64,7 @@ int main(void) int exit_code = MBEDTLS_EXIT_FAILURE; mbedtls_net_context listen_fd, client_fd; unsigned char buf[1024]; - const char *pers = "ssl_fork_server"; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt srvcert; @@ -83,10 +74,8 @@ int main(void) mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); - mbedtls_entropy_init(&entropy); mbedtls_pk_init(&pkey); mbedtls_x509_crt_init(&srvcert); - mbedtls_ctr_drbg_init(&ctr_drbg); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -103,13 +92,6 @@ int main(void) mbedtls_printf("\n . Initial seeding of the random generator..."); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed! mbedtls_ctr_drbg_seed returned %d\n\n", ret); - goto exit; - } - mbedtls_printf(" ok\n"); /* @@ -218,13 +200,6 @@ int main(void) mbedtls_net_close(&client_fd); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg, - (const unsigned char *) "parent", - 6)) != 0) { - mbedtls_printf(" failed! mbedtls_ctr_drbg_reseed returned %d\n\n", ret); - goto exit; - } - continue; } @@ -238,15 +213,6 @@ int main(void) mbedtls_printf("pid %d: Setting up the SSL data.\n", pid); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg, - (const unsigned char *) "child", - 5)) != 0) { - mbedtls_printf( - "pid %d: SSL setup failed! mbedtls_ctr_drbg_reseed returned %d\n\n", - pid, ret); - goto exit; - } - if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { mbedtls_printf( "pid %d: SSL setup failed! mbedtls_ssl_setup returned %d\n\n", @@ -364,13 +330,11 @@ int main(void) mbedtls_pk_free(&pkey); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && - MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_PARSE_C && + MBEDTLS_RSA_C && MBEDTLS_PEM_PARSE_C && ! _WIN32 */ diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 0c2822cb30..5830a28b3d 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -11,7 +11,6 @@ #define _POSIX_C_SOURCE 200112L #define _XOPEN_SOURCE 600 -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/build_info.h" @@ -21,14 +20,14 @@ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ + !defined(MBEDTLS_X509_CRT_PARSE_C) || \ !defined(MBEDTLS_FS_IO) int main(void) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C " + "and/or MBEDTLS_X509_CRT_PARSE_C " "not defined.\n"); mbedtls_exit(0); } @@ -38,8 +37,6 @@ int main(void) #include "mbedtls/error.h" #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "test/certs.h" #include "mbedtls/x509.h" @@ -334,10 +331,7 @@ int main(int argc, char *argv[]) unsigned char buf[1024]; #endif char hostname[32]; - const char *pers = "ssl_mail_client"; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt cacert; @@ -358,8 +352,6 @@ int main(int argc, char *argv[]) mbedtls_x509_crt_init(&cacert); mbedtls_x509_crt_init(&clicert); mbedtls_pk_init(&pkey); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -456,13 +448,6 @@ int main(int argc, char *argv[]) mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - mbedtls_printf(" ok\n"); /* @@ -800,12 +785,9 @@ int main(int argc, char *argv[]) mbedtls_pk_free(&pkey); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && - MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C ** - MBEDTLS_CTR_DRBG_C */ + MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C */ diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 867926d98c..3c46efe609 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -6,19 +6,15 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ +#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) int main(void) { - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " + mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " "not defined.\n"); mbedtls_exit(0); @@ -38,8 +34,6 @@ int main(void) #include #endif -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/net_sockets.h" @@ -288,10 +282,7 @@ int main(void) { int ret; mbedtls_net_context listen_fd, client_fd; - const char pers[] = "ssl_pthread_server"; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_config conf; mbedtls_x509_crt srvcert; mbedtls_x509_crt cachain; @@ -315,7 +306,6 @@ int main(void) mbedtls_x509_crt_init(&cachain); mbedtls_ssl_config_init(&conf); - mbedtls_ctr_drbg_init(&ctr_drbg); memset(threads, 0, sizeof(threads)); mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); @@ -324,11 +314,6 @@ int main(void) base_info.config = &conf; - /* - * We use only a single entropy source that is used in all the threads. - */ - mbedtls_entropy_init(&entropy); - psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", @@ -342,14 +327,6 @@ int main(void) */ mbedtls_printf(" . Seeding the random number generator..."); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed: mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - mbedtls_printf(" ok\n"); /* @@ -474,8 +451,6 @@ int main(void) #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free(&cache); #endif - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_ssl_config_free(&conf); mbedtls_net_free(&listen_fd); mbedtls_mutex_free(&debug_mutex); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index fd9da18490..9f9cc6d1b6 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -5,19 +5,15 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ +#if !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_SRV_C) || \ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) int main(void) { - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " + mbedtls_printf("MBEDTLS_NET_C and/or MBEDTLS_SSL_SRV_C and/or " "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C " "not defined.\n"); mbedtls_exit(0); @@ -31,8 +27,6 @@ int main(void) #include #endif -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" #include "mbedtls/net_sockets.h" @@ -67,10 +61,7 @@ int main(void) int ret, len; mbedtls_net_context listen_fd, client_fd; unsigned char buf[1024]; - const char *pers = "ssl_server"; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt srvcert; @@ -88,8 +79,6 @@ int main(void) #endif mbedtls_x509_crt_init(&srvcert); mbedtls_pk_init(&pkey); - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -109,13 +98,6 @@ int main(void) mbedtls_printf(" . Seeding the random number generator..."); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - mbedtls_printf(" ok\n"); /* @@ -346,8 +328,6 @@ int main(void) #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_free(&cache); #endif - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_psa_crypto_free(); mbedtls_exit(ret); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 805b4ef1c8..2548f43206 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1631,7 +1631,7 @@ int main(int argc, char *argv[]) mbedtls_net_init(&listen_fd); mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); - rng_init(&rng); + psa_crypto_init(); #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) mbedtls_x509_crt_init(&cacert); mbedtls_x509_crt_init(&srvcert); @@ -4257,14 +4257,7 @@ int main(int argc, char *argv[]) mbedtls_printf("PSA memory leak detected: %s\n", message); } - /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto - * resources are freed by rng_free(). */ -#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) mbedtls_psa_crypto_free(); -#endif - - rng_free(&rng); - mbedtls_free(buf); #if defined(MBEDTLS_TEST_HOOKS) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 9d47e5249a..200558d8a0 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -46,41 +46,6 @@ mbedtls_time_t dummy_constant_time(mbedtls_time_t *time) } #endif -#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) -static int dummy_entropy(void *data, unsigned char *output, size_t len) -{ - size_t i; - int ret; - (void) data; - - ret = mbedtls_entropy_func(data, output, len); - for (i = 0; i < len; i++) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return ret; -} -#endif - -void rng_init(rng_context_t *rng) -{ -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) - (void) rng; - psa_crypto_init(); -#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - -#if defined(MBEDTLS_CTR_DRBG_C) - mbedtls_ctr_drbg_init(&rng->drbg); -#elif defined(MBEDTLS_HMAC_DRBG_C) - mbedtls_hmac_drbg_init(&rng->drbg); -#else -#error "No DRBG available" -#endif - - mbedtls_entropy_init(&rng->entropy); -#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ -} - int rng_seed(rng_context_t *rng, int reproducible, const char *pers) { if (reproducible) { @@ -88,7 +53,6 @@ int rng_seed(rng_context_t *rng, int reproducible, const char *pers) "reproducible mode is not supported.\n"); return -1; } -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) /* The PSA crypto RNG does its own seeding. */ (void) rng; (void) pers; @@ -97,87 +61,14 @@ int rng_seed(rng_context_t *rng, int reproducible, const char *pers) "The PSA RNG does not support reproducible mode.\n"); return -1; } - return 0; -#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - int (*f_entropy)(void *, unsigned char *, size_t) = - (reproducible ? dummy_entropy : mbedtls_entropy_func); - - if (reproducible) { - srand(1); - } - -#if defined(MBEDTLS_CTR_DRBG_C) - int ret = mbedtls_ctr_drbg_seed(&rng->drbg, - f_entropy, &rng->entropy, - (const unsigned char *) pers, - strlen(pers)); -#elif defined(MBEDTLS_HMAC_DRBG_C) -#if defined(PSA_WANT_ALG_SHA_256) - const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256; -#elif defined(PSA_WANT_ALG_SHA_512) - const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA512; -#else -#error "No message digest available for HMAC_DRBG" -#endif - int ret = mbedtls_hmac_drbg_seed(&rng->drbg, - mbedtls_md_info_from_type(md_type), - f_entropy, &rng->entropy, - (const unsigned char *) pers, - strlen(pers)); -#else /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */ -#error "No DRBG available" -#endif /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */ - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", - (unsigned int) -ret); - return ret; - } -#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - return 0; } -void rng_free(rng_context_t *rng) -{ -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) - (void) rng; - /* Deinitialize the PSA crypto subsystem. This deactivates all PSA APIs. - * This is ok because none of our applications try to do any crypto after - * deinitializing the RNG. */ - mbedtls_psa_crypto_free(); -#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - -#if defined(MBEDTLS_CTR_DRBG_C) - mbedtls_ctr_drbg_free(&rng->drbg); -#elif defined(MBEDTLS_HMAC_DRBG_C) - mbedtls_hmac_drbg_free(&rng->drbg); -#else -#error "No DRBG available" -#endif - - mbedtls_entropy_free(&rng->entropy); -#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ -} - int rng_get(void *p_rng, unsigned char *output, size_t output_len) { -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) (void) p_rng; return mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, output, output_len); -#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - rng_context_t *rng = p_rng; - -#if defined(MBEDTLS_CTR_DRBG_C) - return mbedtls_ctr_drbg_random(&rng->drbg, output, output_len); -#elif defined(MBEDTLS_HMAC_DRBG_C) - return mbedtls_hmac_drbg_random(&rng->drbg, output, output_len); -#else -#error "No DRBG available" -#endif - -#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ } int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 6602b1ae21..f5238ff4f6 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -106,32 +106,12 @@ void my_debug(void *ctx, int level, mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); #endif -#define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG - /** A context for random number generation (RNG). */ typedef struct { -#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) unsigned char dummy; -#else /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ - mbedtls_entropy_context entropy; -#if defined(MBEDTLS_CTR_DRBG_C) - mbedtls_ctr_drbg_context drbg; -#elif defined(MBEDTLS_HMAC_DRBG_C) - mbedtls_hmac_drbg_context drbg; -#else -#error "No DRBG available" -#endif -#endif /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ } rng_context_t; -/** Initialize the RNG. - * - * This function only initializes the memory used by the RNG context. - * Before using the RNG, it must be seeded with rng_seed(). - */ -void rng_init(rng_context_t *rng); - /* Seed the random number generator. * * \param rng The RNG context to use. It must have been initialized @@ -148,13 +128,6 @@ void rng_init(rng_context_t *rng); */ int rng_seed(rng_context_t *rng, int reproducible, const char *pers); -/** Deinitialize the RNG. Free any embedded resource. - * - * \param rng The RNG context to deinitialize. It must have been - * initialized with rng_init(). - */ -void rng_free(rng_context_t *rng); - /** Generate random data. * * This function is suitable for use as the \c f_rng argument to Mbed TLS diff --git a/programs/test/cmake_package/cmake_package.c b/programs/test/cmake_package/cmake_package.c index cd050e97bc..5db8005133 100644 --- a/programs/test/cmake_package/cmake_package.c +++ b/programs/test/cmake_package/cmake_package.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/test/cmake_package_install/cmake_package_install.c b/programs/test/cmake_package_install/cmake_package_install.c index a63f7dbb0f..a34e312759 100644 --- a/programs/test/cmake_package_install/cmake_package_install.c +++ b/programs/test/cmake_package_install/cmake_package_install.c @@ -6,8 +6,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c index 69b5d0b819..f34ddd6c3c 100644 --- a/programs/test/cmake_subproject/cmake_subproject.c +++ b/programs/test/cmake_subproject/cmake_subproject.c @@ -6,8 +6,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index 2a67635f0d..0c8828ac82 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 04d35cd8ed..205a0a29a3 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -9,9 +9,6 @@ #include "mbedtls/build_info.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/hmac_drbg.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/private/gcm.h" #include "mbedtls/private/ccm.h" #include "mbedtls/private/cmac.h" @@ -204,48 +201,6 @@ static int run_test_snprintf(void) test_snprintf(5, "123", 3) != 0; } -/* - * Check if a seed file is present, and if not create one for the entropy - * self-test. If this fails, we attempt the test anyway, so no error is passed - * back. - */ -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C) -#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY) -static void dummy_entropy(unsigned char *output, size_t output_size) -{ - srand(1); - for (size_t i = 0; i < output_size; i++) { - output[i] = rand(); - } -} - -static void create_entropy_seed_file(void) -{ - int result; - unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE]; - - /* Attempt to read the entropy seed file. If this fails - attempt to write - * to the file to ensure one is present. */ - result = mbedtls_platform_std_nv_seed_read(seed_value, - MBEDTLS_ENTROPY_BLOCK_SIZE); - if (0 == result) { - return; - } - - dummy_entropy(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE); - mbedtls_platform_std_nv_seed_write(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE); -} -#endif - -static int mbedtls_entropy_self_test_wrapper(int verbose) -{ -#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY) - create_entropy_seed_file(); -#endif - return mbedtls_entropy_self_test(verbose); -} -#endif - #if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) static int mbedtls_memory_buffer_alloc_free_and_self_test(int verbose) @@ -328,21 +283,12 @@ const selftest_t selftests[] = #if defined(MBEDTLS_ARIA_C) { "aria", mbedtls_aria_self_test }, #endif -#if defined(MBEDTLS_CTR_DRBG_C) - { "ctr_drbg", mbedtls_ctr_drbg_self_test }, -#endif -#if defined(MBEDTLS_HMAC_DRBG_C) - { "hmac_drbg", mbedtls_hmac_drbg_self_test }, -#endif #if defined(MBEDTLS_ECP_C) { "ecp", mbedtls_ecp_self_test }, #endif #if defined(MBEDTLS_ECJPAKE_C) { "ecjpake", mbedtls_ecjpake_self_test }, #endif -#if defined(MBEDTLS_ENTROPY_C) - { "entropy", mbedtls_entropy_self_test_wrapper }, -#endif #if defined(MBEDTLS_PKCS5_C) { "pkcs5", mbedtls_pkcs5_self_test }, #endif diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index efa003da0d..81de042a50 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -11,9 +11,6 @@ * example of good general usage. */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index 9515ed43d2..177365b87c 100644 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/util/strerror.c b/programs/util/strerror.c index e20bed6e8f..316f28614b 100644 --- a/programs/util/strerror.c +++ b/programs/util/strerror.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 2f31a8e3ae..9b0c5e367c 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -5,30 +5,26 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ +#if !defined(MBEDTLS_BIGNUM_C) || \ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_X509_REMOVE_INFO) + defined(MBEDTLS_X509_REMOVE_INFO) int main(void) { - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " + mbedtls_printf("MBEDTLS_BIGNUM_C and/or " "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined and/or MBEDTLS_X509_REMOVE_INFO defined.\n"); + "and/or MBEDTLS_X509_REMOVE_INFO defined.\n"); mbedtls_exit(0); } #else -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/x509.h" @@ -123,8 +119,6 @@ int main(int argc, char *argv[]) int exit_code = MBEDTLS_EXIT_FAILURE; mbedtls_net_context server_fd; unsigned char buf[1024]; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt cacert; @@ -133,17 +127,14 @@ int main(int argc, char *argv[]) uint32_t flags; int verify = 0; char *p, *q; - const char *pers = "cert_app"; /* * Set to sane values */ mbedtls_net_init(&server_fd); - mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); mbedtls_x509_crt_init(&cacert); - mbedtls_entropy_init(&entropy); #if defined(MBEDTLS_X509_CRL_PARSE_C) mbedtls_x509_crl_init(&cacrl); #else @@ -336,13 +327,6 @@ int main(int argc, char *argv[]) mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto ssl_exit; - } - mbedtls_printf(" ok\n"); #if defined(MBEDTLS_DEBUG_C) @@ -442,12 +426,10 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_X509_CRL_PARSE_C) mbedtls_x509_crl_free(&cacrl); #endif - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && - MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ + MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO */ diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index c20f08d569..0d7b5a1e6e 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -15,22 +15,18 @@ #if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ !defined(MBEDTLS_PK_PARSE_C) || !defined(PSA_WANT_ALG_SHA_256) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_FS_IO) || \ !defined(MBEDTLS_MD_C) int main(void) { mbedtls_printf("MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_PK_PARSE_C and/or PSA_WANT_ALG_SHA_256 and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C " + "MBEDTLS_PK_PARSE_C and/or PSA_WANT_ALG_SHA_256 " "not defined.\n"); mbedtls_exit(0); } #else #include "mbedtls/x509_csr.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include @@ -146,9 +142,6 @@ int main(int argc, char *argv[]) int i; char *p, *q, *r; mbedtls_x509write_csr req; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "csr example app"; mbedtls_x509_san_list *cur, *prev; #if defined(MBEDTLS_X509_CRT_PARSE_C) uint8_t ip[4] = { 0 }; @@ -158,9 +151,7 @@ int main(int argc, char *argv[]) */ mbedtls_x509write_csr_init(&req); mbedtls_pk_init(&key); - mbedtls_ctr_drbg_init(&ctr_drbg); memset(buf, 0, sizeof(buf)); - mbedtls_entropy_init(&entropy); psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -431,13 +422,6 @@ int main(int argc, char *argv[]) mbedtls_printf(" . Seeding the random number generator..."); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d", ret); - goto exit; - } - mbedtls_printf(" ok\n"); /* @@ -498,8 +482,6 @@ int main(int argc, char *argv[]) mbedtls_x509write_csr_free(&req); mbedtls_pk_free(&key); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_psa_crypto_free(); cur = opt.san_list; @@ -522,4 +504,4 @@ int main(int argc, char *argv[]) mbedtls_exit(exit_code); } #endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */ + MBEDTLS_PEM_WRITE_C */ diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 2ed63f08de..eb090fd051 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -15,14 +15,12 @@ #if !defined(MBEDTLS_X509_CRT_WRITE_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ !defined(MBEDTLS_ERROR_C) || !defined(PSA_WANT_ALG_SHA_256) || \ !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_MD_C) int main(void) { mbedtls_printf("MBEDTLS_X509_CRT_WRITE_C and/or MBEDTLS_X509_CRT_PARSE_C and/or " "MBEDTLS_FS_IO and/or PSA_WANT_ALG_SHA_256 and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " "MBEDTLS_ERROR_C not defined.\n"); mbedtls_exit(0); } @@ -31,8 +29,6 @@ int main(void) #include "mbedtls/x509_crt.h" #include "mbedtls/x509_csr.h" #include "mbedtls/oid.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/error.h" #include "test/helpers.h" @@ -306,9 +302,6 @@ int main(int argc, char *argv[]) unsigned char serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN]; size_t serial_len; mbedtls_asn1_sequence *ext_key_usage; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "crt example app"; mbedtls_x509_san_list *cur, *prev; uint8_t ip[4] = { 0 }; /* @@ -317,8 +310,6 @@ int main(int argc, char *argv[]) mbedtls_x509write_crt_init(&crt); mbedtls_pk_init(&loaded_issuer_key); mbedtls_pk_init(&loaded_subject_key); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); #if defined(MBEDTLS_X509_CSR_PARSE_C) mbedtls_x509_csr_init(&csr); #endif @@ -681,15 +672,6 @@ int main(int argc, char *argv[]) mbedtls_printf(" . Seeding the random number generator..."); fflush(stdout); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n", - ret, buf); - goto exit; - } - mbedtls_printf(" ok\n"); // Parse serial to MPI @@ -1022,12 +1004,10 @@ int main(int argc, char *argv[]) mbedtls_x509write_crt_free(&crt); mbedtls_pk_free(&loaded_subject_key); mbedtls_pk_free(&loaded_issuer_key); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } #endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C && - MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && + MBEDTLS_FS_IO MBEDTLS_ERROR_C && MBEDTLS_PEM_WRITE_C */ diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index bb518adeef..6e20e341f0 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index 34d3508459..0222d0f795 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index b960818a09..e4e432fc9a 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" From eace7ca23f9e2f4b89e658edc9fe512af9247323 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 6 Jan 2026 09:11:22 +0000 Subject: [PATCH 1293/1548] Remove double initialisation of psa Signed-off-by: Ben Taylor --- programs/ssl/ssl_client2.c | 1 - programs/ssl/ssl_server2.c | 1 - 2 files changed, 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 15fe49fcfc..5e9de86eee 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -877,7 +877,6 @@ int main(int argc, char *argv[]) mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); mbedtls_ssl_session_init(&saved_session); - psa_crypto_init(); #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) mbedtls_x509_crt_init(&cacert); mbedtls_x509_crt_init(&clicert); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 2548f43206..14d75a26ee 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1631,7 +1631,6 @@ int main(int argc, char *argv[]) mbedtls_net_init(&listen_fd); mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); - psa_crypto_init(); #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) mbedtls_x509_crt_init(&cacert); mbedtls_x509_crt_init(&srvcert); From 99ec28953532f3f81daaa2c33e751689ae6c58ac Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 6 Jan 2026 13:14:14 +0000 Subject: [PATCH 1294/1548] Remove duplicated reproducable Signed-off-by: Ben Taylor --- programs/ssl/ssl_test_lib.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 200558d8a0..d46b7abd6e 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -48,11 +48,6 @@ mbedtls_time_t dummy_constant_time(mbedtls_time_t *time) int rng_seed(rng_context_t *rng, int reproducible, const char *pers) { - if (reproducible) { - mbedtls_fprintf(stderr, - "reproducible mode is not supported.\n"); - return -1; - } /* The PSA crypto RNG does its own seeding. */ (void) rng; (void) pers; From 79002cc9909a2aecb3c010e06001b1670defd30d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 6 Jan 2026 13:22:18 +0000 Subject: [PATCH 1295/1548] Remove rng_get from sample programs, as it is no longer required Signed-off-by: Ben Taylor --- programs/ssl/ssl_server2.c | 6 +++--- programs/ssl/ssl_test_lib.c | 7 ------- programs/ssl/ssl_test_lib.h | 15 --------------- 3 files changed, 3 insertions(+), 25 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 14d75a26ee..13f728b61f 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2948,8 +2948,8 @@ int main(int argc, char *argv[]) if (opt.ticket_rotate) { unsigned char kbuf[MBEDTLS_SSL_TICKET_MAX_KEY_BYTES]; unsigned char name[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES]; - if ((ret = rng_get(&rng, name, sizeof(name))) != 0 || - (ret = rng_get(&rng, kbuf, sizeof(kbuf))) != 0 || + if ((ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, name, sizeof(name))) != 0 || + (ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, kbuf, sizeof(kbuf))) != 0 || (ret = mbedtls_ssl_ticket_rotate(&ticket_ctx, name, sizeof(name), kbuf, sizeof(kbuf), opt.ticket_timeout)) != 0) { @@ -3081,7 +3081,7 @@ int main(int argc, char *argv[]) ssl_async_keys.inject_error = (opt.async_private_error < 0 ? -opt.async_private_error : opt.async_private_error); - ssl_async_keys.f_rng = rng_get; + ssl_async_keys.f_rng = mbedtls_psa_get_random; ssl_async_keys.p_rng = &rng; mbedtls_ssl_conf_async_private_cb(&conf, sign, diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index d46b7abd6e..c2cd4ef36c 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -59,13 +59,6 @@ int rng_seed(rng_context_t *rng, int reproducible, const char *pers) return 0; } -int rng_get(void *p_rng, unsigned char *output, size_t output_len) -{ - (void) p_rng; - return mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, - output, output_len); -} - int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2) { char *separator; diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index f5238ff4f6..4a5719a549 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -128,21 +128,6 @@ typedef struct { */ int rng_seed(rng_context_t *rng, int reproducible, const char *pers); -/** Generate random data. - * - * This function is suitable for use as the \c f_rng argument to Mbed TLS - * library functions. - * - * \param p_rng The random generator context. This must be a pointer to - * a #rng_context_t structure. - * \param output The buffer to fill. - * \param output_len The length of the buffer in bytes. - * - * \return \c 0 on success. - * \return An Mbed TLS error code on error. - */ -int rng_get(void *p_rng, unsigned char *output, size_t output_len); - /** Parse command-line option: key_opaque_algs * * From 552f31410cb53988772c654616e337fe9578824b Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 6 Jan 2026 13:30:04 +0000 Subject: [PATCH 1296/1548] Re-add the HMAC_DRBG and CTR_DRBG are cryptographic modules as they are still required Signed-off-by: Ben Taylor --- programs/test/selftest.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 205a0a29a3..43dd0ed691 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -9,6 +9,8 @@ #include "mbedtls/build_info.h" +#include "mbedtls/private/hmac_drbg.h" +#include "mbedtls/private/ctr_drbg.h" #include "mbedtls/private/gcm.h" #include "mbedtls/private/ccm.h" #include "mbedtls/private/cmac.h" @@ -283,6 +285,12 @@ const selftest_t selftests[] = #if defined(MBEDTLS_ARIA_C) { "aria", mbedtls_aria_self_test }, #endif +#if defined(MBEDTLS_CTR_DRBG_C) + { "ctr_drbg", mbedtls_ctr_drbg_self_test }, +#endif +#if defined(MBEDTLS_HMAC_DRBG_C) + { "hmac_drbg", mbedtls_hmac_drbg_self_test }, +#endif #if defined(MBEDTLS_ECP_C) { "ecp", mbedtls_ecp_self_test }, #endif From b6cccdf8b55620490b99ae00bcca9762f85adc28 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 12 Jan 2026 08:57:48 +0000 Subject: [PATCH 1297/1548] Replace mbedtls_psa_get_random Replace mbedtls_psa_get_random with psa_generate_random, as this is a backwards compatibility layer that is now longer required Signed-off-by: Ben Taylor --- programs/ssl/ssl_server2.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 13f728b61f..02b44698fc 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2948,8 +2948,8 @@ int main(int argc, char *argv[]) if (opt.ticket_rotate) { unsigned char kbuf[MBEDTLS_SSL_TICKET_MAX_KEY_BYTES]; unsigned char name[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES]; - if ((ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, name, sizeof(name))) != 0 || - (ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, kbuf, sizeof(kbuf))) != 0 || + if ((ret = psa_generate_random(name, sizeof(name))) != 0 || + (ret = psa_generate_random(kbuf, sizeof(kbuf))) != 0 || (ret = mbedtls_ssl_ticket_rotate(&ticket_ctx, name, sizeof(name), kbuf, sizeof(kbuf), opt.ticket_timeout)) != 0) { @@ -3081,7 +3081,7 @@ int main(int argc, char *argv[]) ssl_async_keys.inject_error = (opt.async_private_error < 0 ? -opt.async_private_error : opt.async_private_error); - ssl_async_keys.f_rng = mbedtls_psa_get_random; + ssl_async_keys.f_rng = psa_generate_random; ssl_async_keys.p_rng = &rng; mbedtls_ssl_conf_async_private_cb(&conf, sign, From 767a3655e5a6abe2b260fb71c00bafc0005d346d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 12 Jan 2026 09:21:44 +0000 Subject: [PATCH 1298/1548] Remove f_rng p_rng, as these are no longer used Signed-off-by: Ben Taylor --- programs/ssl/ssl_server2.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 02b44698fc..d12dc2b6e2 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3081,8 +3081,6 @@ int main(int argc, char *argv[]) ssl_async_keys.inject_error = (opt.async_private_error < 0 ? -opt.async_private_error : opt.async_private_error); - ssl_async_keys.f_rng = psa_generate_random; - ssl_async_keys.p_rng = &rng; mbedtls_ssl_conf_async_private_cb(&conf, sign, ssl_async_resume, From 7d71244dc3639fd9be23ca63c9cbd8b16b14002d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 12 Jan 2026 09:24:35 +0000 Subject: [PATCH 1299/1548] Remove rng_context_t, as it is no longer useful Signed-off-by: Ben Taylor --- programs/ssl/ssl_test_lib.h | 6 ------ 1 file changed, 6 deletions(-) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 4a5719a549..29c0e5313d 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -106,12 +106,6 @@ void my_debug(void *ctx, int level, mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); #endif -/** A context for random number generation (RNG). - */ -typedef struct { - unsigned char dummy; -} rng_context_t; - /* Seed the random number generator. * * \param rng The RNG context to use. It must have been initialized From dcf767082560144dfc85426ed15823239c03aaff Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 12 Jan 2026 13:12:47 +0000 Subject: [PATCH 1300/1548] Add further rng removals highlighted by the ci Signed-off-by: Ben Taylor --- programs/ssl/ssl_client2.c | 3 +-- programs/ssl/ssl_server2.c | 5 +---- programs/ssl/ssl_test_lib.c | 3 +-- programs/ssl/ssl_test_lib.h | 2 +- 4 files changed, 4 insertions(+), 9 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 5e9de86eee..cb316706b7 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -818,7 +818,6 @@ int main(int argc, char *argv[]) #endif psa_status_t status; - rng_context_t rng; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_ssl_session saved_session; @@ -1652,7 +1651,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - ret = rng_seed(&rng, opt.reproducible, pers); + ret = rng_seed(opt.reproducible, pers); if (ret != 0) { goto exit; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index d12dc2b6e2..f4de913ed3 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -600,9 +600,6 @@ int main(void) (out_be)[(i) + 7] = (unsigned char) (((in_le) >> 0) & 0xFF); \ } -/* This is global so it can be easily accessed by callback functions */ -rng_context_t rng; - /* * global options */ @@ -2538,7 +2535,7 @@ int main(int argc, char *argv[]) mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - ret = rng_seed(&rng, opt.reproducible, pers); + ret = rng_seed(opt.reproducible, pers); if (ret != 0) { goto exit; } diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index c2cd4ef36c..fbb16b641c 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -46,10 +46,9 @@ mbedtls_time_t dummy_constant_time(mbedtls_time_t *time) } #endif -int rng_seed(rng_context_t *rng, int reproducible, const char *pers) +int rng_seed(int reproducible, const char *pers) { /* The PSA crypto RNG does its own seeding. */ - (void) rng; (void) pers; if (reproducible) { mbedtls_fprintf(stderr, diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 29c0e5313d..4a09ebb92b 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -120,7 +120,7 @@ mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); * * return 0 on success, a negative value on error. */ -int rng_seed(rng_context_t *rng, int reproducible, const char *pers); +int rng_seed(int reproducible, const char *pers); /** Parse command-line option: key_opaque_algs * From b3006920118a4ad954df5da76edeac64705963b4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 14 Jan 2026 13:09:15 +0000 Subject: [PATCH 1301/1548] Remove some headers from ssl_test_lib.h, as they are no longer required Signed-off-by: Ben Taylor --- programs/ssl/ssl_test_lib.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 4a09ebb92b..62da9e92c8 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -45,9 +45,6 @@ #include "mbedtls/net_sockets.h" #include "mbedtls/ssl.h" #include "mbedtls/ssl_ciphersuites.h" -#include "mbedtls/private/entropy.h" -#include "mbedtls/private/ctr_drbg.h" -#include "mbedtls/private/hmac_drbg.h" #include "mbedtls/x509.h" #include "mbedtls/error.h" #include "mbedtls/debug.h" From 842d2d948cf9238f89614c6652941e854dc2e8b1 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 14 Jan 2026 13:18:33 +0000 Subject: [PATCH 1302/1548] Re-add mbedtls_entropy_self_test_wrapper Signed-off-by: Ben Taylor --- programs/test/selftest.c | 49 ++++++++++++++++++++++++++++++++-------- 1 file changed, 40 insertions(+), 9 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 43dd0ed691..5347c6bd2d 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -203,17 +203,45 @@ static int run_test_snprintf(void) test_snprintf(5, "123", 3) != 0; } -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -static int mbedtls_memory_buffer_alloc_free_and_self_test(int verbose) +/* + * Check if a seed file is present, and if not create one for the entropy + * self-test. If this fails, we attempt the test anyway, so no error is passed + * back. + */ +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C) +#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY) +static void dummy_entropy(unsigned char *output, size_t output_size) { - if (verbose != 0) { -#if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_memory_buffer_alloc_status(); -#endif + srand(1); + for (size_t i = 0; i < output_size; i++) { + output[i] = rand(); + } +} + +static void create_entropy_seed_file(void) +{ + int result; + unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE]; + + /* Attempt to read the entropy seed file. If this fails - attempt to write + * to the file to ensure one is present. */ + result = mbedtls_platform_std_nv_seed_read(seed_value, + MBEDTLS_ENTROPY_BLOCK_SIZE); + if (0 == result) { + return; } - mbedtls_memory_buffer_alloc_free(); - return mbedtls_memory_buffer_alloc_self_test(verbose); + + dummy_entropy(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE); + mbedtls_platform_std_nv_seed_write(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE); +} +#endif /* defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C) */ + +static int mbedtls_entropy_self_test_wrapper(int verbose) +{ +#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY) + create_entropy_seed_file(); +#endif /* defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY) */ + return mbedtls_entropy_self_test(verbose); } #endif @@ -297,6 +325,9 @@ const selftest_t selftests[] = #if defined(MBEDTLS_ECJPAKE_C) { "ecjpake", mbedtls_ecjpake_self_test }, #endif +#if defined(MBEDTLS_ENTROPY_C) + { "entropy", mbedtls_entropy_self_test_wrapper }, +#endif #if defined(MBEDTLS_PKCS5_C) { "pkcs5", mbedtls_pkcs5_self_test }, #endif From 4569547e5975c2cbf53a9bb9a84877ec6d513e25 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 15 Jan 2026 07:56:29 +0000 Subject: [PATCH 1303/1548] Add fixes for defines in selftest Signed-off-by: Ben Taylor --- programs/test/selftest.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 5347c6bd2d..20bd7cb203 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -245,6 +245,8 @@ static int mbedtls_entropy_self_test_wrapper(int verbose) } #endif +#if defined(MBEDTLS_SELF_TEST) + typedef struct { const char *name; int (*function)(int); From fe3f378eecc701e5bdd36c6f501c263bfd4ee6a2 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 15 Jan 2026 08:38:06 +0000 Subject: [PATCH 1304/1548] Restore mbedtls_memory_buffer_alloc_free_and_self_test, as it is still required Signed-off-by: Ben Taylor --- programs/test/selftest.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 20bd7cb203..7312edf690 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -247,6 +247,19 @@ static int mbedtls_entropy_self_test_wrapper(int verbose) #if defined(MBEDTLS_SELF_TEST) +#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) +static int mbedtls_memory_buffer_alloc_free_and_self_test(int verbose) +{ + if (verbose != 0) { +#if defined(MBEDTLS_MEMORY_DEBUG) + mbedtls_memory_buffer_alloc_status(); +#endif + } + mbedtls_memory_buffer_alloc_free(); + return mbedtls_memory_buffer_alloc_self_test(verbose); +} +#endif + typedef struct { const char *name; int (*function)(int); From b712065a2eccea28bcf83de75405a97661018ced Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 19 Jan 2026 14:42:11 +0000 Subject: [PATCH 1305/1548] Clarify CRL security guarantees Signed-off-by: Janos Follath --- SECURITY.md | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 4e7bb14316..7e7e244235 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -110,19 +110,20 @@ considered a vulnerability. #### Formatting of X.509 certificates and certificate signing requests -When parsing X.509 certificates and certificate signing requests (CSRs), -Mbed TLS does not check that they are strictly compliant with X.509 and other -relevant standards. In the case of signed certificates, the signing party is -assumed to have performed this validation (and the certificate is trusted to -be correctly formatted as long as the signature is correct). -Similarly, CSRs are implicitly trusted by Mbed TLS to be standards-compliant. - -**Warning!** Mbed TLS must not be used to sign untrusted CSRs unless extra -validation is performed separately to ensure that they are compliant to the -relevant specifications. This makes Mbed TLS on its own unsuitable for use in -a Certificate Authority (CA). +When parsing X.509 certificates, certificate signing requests (CSRs) or +certificate revocation lists (CRLs) Mbed TLS does not check that they are +strictly compliant with X.509 and other relevant standards. In the case of +signed certificates and signed CRLs, the signing party is assumed to have +performed this validation (and the certificate or CRL is trusted to be correctly +formatted as long as the signature is correct). Similarly, CSRs are implicitly +trusted by Mbed TLS to be standards-compliant. + +**Warning!** Mbed TLS must not be used to sign untrusted CSRs or CRLs unless +extra validation is performed separately to ensure that they are compliant to +the relevant specifications. This makes Mbed TLS on its own unsuitable for use +in a Certificate Authority (CA). However, Mbed TLS aims to protect against memory corruption and other -undefined behavior when parsing certificates and CSRs. If a CSR or signed +undefined behavior when parsing certificates, CSRs and CRLs. If a CSR or signed certificate causes undefined behavior when it is parsed by Mbed TLS, that is considered a security vulnerability. From 7a9eceb53cfe635fc7ec65d4ed49fb0a40d98c2d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 19 Jan 2026 14:46:44 +0000 Subject: [PATCH 1306/1548] Clarify purpose and suitability of sample programs Signed-off-by: Janos Follath --- programs/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/programs/README.md b/programs/README.md index b9260bffe9..8c4e960775 100644 --- a/programs/README.md +++ b/programs/README.md @@ -3,6 +3,8 @@ Mbed TLS sample programs This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs. +**Warning!** These programs are not intended for and are not suitable to be used in production. The code needs to be adapted to build a real-world applications. + ### SSL/TLS sample applications * [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response. From a852e727461b5da388bb5b1436c35726fb0528df Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 20 Jan 2026 10:38:16 +0000 Subject: [PATCH 1307/1548] SECURITY.md: make x509 data section more readable Signed-off-by: Janos Follath --- SECURITY.md | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 7e7e244235..98cb59bd1c 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -108,15 +108,18 @@ protection against a class of attacks outside of the above described threat model. Neither does it mean that the failure of such a countermeasure is considered a vulnerability. -#### Formatting of X.509 certificates and certificate signing requests - -When parsing X.509 certificates, certificate signing requests (CSRs) or -certificate revocation lists (CRLs) Mbed TLS does not check that they are -strictly compliant with X.509 and other relevant standards. In the case of -signed certificates and signed CRLs, the signing party is assumed to have -performed this validation (and the certificate or CRL is trusted to be correctly -formatted as long as the signature is correct). Similarly, CSRs are implicitly -trusted by Mbed TLS to be standards-compliant. +#### Formatting of X509 data + +This section discusses limitations in how X.509 objects are processed. This +applies to certificates, certificate signing requests (CSRs) and certificate +revocation lists (CRLs). + +Mbed TLS does not check that they are strictly compliant with X.509 and other +relevant standards. In the case of signed certificates and signed CRLs, the +signing party is assumed to have performed this validation (and the certificate +or CRL is trusted to be correctly formatted as long as the signature is +correct). Similarly, CSRs are implicitly trusted by Mbed TLS to be +standards-compliant. **Warning!** Mbed TLS must not be used to sign untrusted CSRs or CRLs unless extra validation is performed separately to ensure that they are compliant to From 2b9f62a1be2b556e858fa16d0ece648639569e72 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 20 Jan 2026 10:39:40 +0000 Subject: [PATCH 1308/1548] programs/README.md clarify security remark Signed-off-by: Janos Follath --- programs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/README.md b/programs/README.md index 8c4e960775..47a8c9516c 100644 --- a/programs/README.md +++ b/programs/README.md @@ -3,7 +3,7 @@ Mbed TLS sample programs This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs. -**Warning!** These programs are not intended for and are not suitable to be used in production. The code needs to be adapted to build a real-world applications. +We try to ensure that the sample programs are good examples of how to use Mbed TLS but we make no hard guarantees about their security. They should not be used in production unless they have been separately tested and thoroughly audited for security. Note that this means vulnerabilities in the sample programs are out of the scope of our usual security process and will be fixed in public. ### SSL/TLS sample applications From abf6c3a9fb0cc1d01587c6b0f06fe73c4d1f3d06 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 20 Jan 2026 12:27:43 +0100 Subject: [PATCH 1309/1548] CMake: Declare pqcp driver to mbedtls Signed-off-by: Gilles Peskine --- CMakeLists.txt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 640a338b4d..bc122f5167 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -422,6 +422,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE tf-psa-crypto/include PRIVATE tf-psa-crypto/drivers/builtin/include PRIVATE tf-psa-crypto/drivers/everest/include + PRIVATE tf-psa-crypto/drivers/pqcp/include PRIVATE library PRIVATE tf-psa-crypto/core PRIVATE tf-psa-crypto/drivers/builtin/src) @@ -460,7 +461,9 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE library PRIVATE tf-psa-crypto/core PRIVATE tf-psa-crypto/drivers/builtin/src - PRIVATE tf-psa-crypto/drivers/everest/include) + PRIVATE tf-psa-crypto/drivers/everest/include + PRIVATE tf-psa-crypto/drivers/pqcp/include + ) set_config_files_compile_definitions(mbedtls_test_helpers) endif() From 0c8b25a684fa6797da338ff1fdb4786ef972823d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 21 Jan 2026 15:24:03 +0100 Subject: [PATCH 1310/1548] library: ssl: add public function to retrieve the list of supported groups Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 18 ++++++++++++++++++ library/ssl_tls.c | 5 +++++ 2 files changed, 23 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4fb4584362..ec69c83f15 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3660,6 +3660,24 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ +/** + * \brief Return the list of supported groups (curves and finite fields). + * + * \note The returned list is ordered in ascending order of resource + * usage. This follows the same pattern of the default list being + * used when mbedtls_ssl_conf_groups() is not called. + * + * \note The returned list represents supported groups in the current build + * configuration, not the one set by mbedtls_ssl_conf_groups(). + * + * \note The returned list is static so the user doesn't need to worry + * about it being freed. + * + * \return The list made of IANA NamedGroups IDs (MBEDTLS_SSL_IANA_TLS_GROUP_xxx) + * with the last item always being MBEDTLS_SSL_IANA_TLS_GROUP_NONE. + */ +const uint16_t *mbedtls_ssl_get_supported_group_list(void); + /** * \brief Set the allowed groups in order of preference. * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index be071defac..e8ebe7d922 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2360,6 +2360,11 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +const uint16_t *mbedtls_ssl_get_supported_group_list(void) +{ + return ssl_preset_default_groups; +} + /* * Set the allowed groups */ From 1ab51732e2f3456457f31d012e529e1259eca494 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 22 Jan 2026 05:41:00 +0100 Subject: [PATCH 1311/1548] library: ssl: improve documentation of mbedtls_ssl_conf_groups() Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ec69c83f15..b413dfba67 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3703,6 +3703,10 @@ const uint16_t *mbedtls_ssl_get_supported_group_list(void); * keeping with the general principle of favoring the lowest * resource usage. * + * \note The list is not copied internally, only the reference to it + * is saved in \p conf. Do not free \p groups memory for the + * in which \p conf is being used. + * * \param conf SSL configuration * \param groups List of allowed groups ordered by preference, terminated by 0. * Must contain valid IANA NamedGroup IDs (provided via either an integer From 2707100ab7a66ec29183e9b7f7383450379a570c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 21 Jan 2026 15:26:53 +0100 Subject: [PATCH 1312/1548] library: ssl: move location of ssl_preset_default_groups() Signed-off-by: Valerio Setti --- library/ssl_tls.c | 82 +++++++++++++++++++++++------------------------ 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e8ebe7d922..83916dcd3a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2360,6 +2360,47 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +/* The selection should be the same as mbedtls_x509_crt_profile_default in + * x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters: + * curves with a lower resource usage come first. + * See the documentation of mbedtls_ssl_conf_groups() for what we promise + * about this list. + */ +static const uint16_t ssl_preset_default_groups[] = { +#if defined(PSA_WANT_ECC_MONTGOMERY_255) + MBEDTLS_SSL_IANA_TLS_GROUP_X25519, +#endif +#if defined(PSA_WANT_ECC_SECP_R1_256) + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, +#endif +#if defined(PSA_WANT_ECC_SECP_R1_384) + MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, +#endif +#if defined(PSA_WANT_ECC_MONTGOMERY_448) + MBEDTLS_SSL_IANA_TLS_GROUP_X448, +#endif +#if defined(PSA_WANT_ECC_SECP_R1_521) + MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, +#endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) + MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, +#endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) + MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, +#endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) + MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, +#endif +#if defined(PSA_WANT_ALG_FFDH) + MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, + MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, + MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, + MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, + MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, +#endif + MBEDTLS_SSL_IANA_TLS_GROUP_NONE +}; + const uint16_t *mbedtls_ssl_get_supported_group_list(void) { return ssl_preset_default_groups; @@ -5168,47 +5209,6 @@ void mbedtls_ssl_config_init(mbedtls_ssl_config *conf) memset(conf, 0, sizeof(mbedtls_ssl_config)); } -/* The selection should be the same as mbedtls_x509_crt_profile_default in - * x509_crt.c, plus Montgomery curves for ECDHE. Here, the order matters: - * curves with a lower resource usage come first. - * See the documentation of mbedtls_ssl_conf_groups() for what we promise - * about this list. - */ -static const uint16_t ssl_preset_default_groups[] = { -#if defined(PSA_WANT_ECC_MONTGOMERY_255) - MBEDTLS_SSL_IANA_TLS_GROUP_X25519, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_256) - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_384) - MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, -#endif -#if defined(PSA_WANT_ECC_MONTGOMERY_448) - MBEDTLS_SSL_IANA_TLS_GROUP_X448, -#endif -#if defined(PSA_WANT_ECC_SECP_R1_521) - MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) - MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) - MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, -#endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) - MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, -#endif -#if defined(PSA_WANT_ALG_FFDH) - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, - MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, -#endif - MBEDTLS_SSL_IANA_TLS_GROUP_NONE -}; - static const int ssl_preset_suiteb_ciphersuites[] = { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, From 67f30df5a1952a0090d11affaa8c1cb2a6f8ed67 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 21 Jan 2026 15:29:22 +0100 Subject: [PATCH 1313/1548] library: ssl: use correct PSA_WANT for DH groups in ssl_preset_default_groups Use proper PSA_WANT_DH_RFC7919_xxx instead of PSA_WANT_ALG_FFDH. Signed-off-by: Valerio Setti --- library/ssl_tls.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 83916dcd3a..cadb3cbd32 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2391,11 +2391,19 @@ static const uint16_t ssl_preset_default_groups[] = { #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, #endif -#if defined(PSA_WANT_ALG_FFDH) +#if defined(PSA_WANT_DH_RFC7919_2048) MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, +#endif +#if defined(PSA_WANT_DH_RFC7919_3072) MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, +#endif +#if defined(PSA_WANT_DH_RFC7919_4096) MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, +#endif +#if defined(PSA_WANT_DH_RFC7919_6144) MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, +#endif +#if defined(PSA_WANT_DH_RFC7919_8192) MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, #endif MBEDTLS_SSL_IANA_TLS_GROUP_NONE From 335b1b6089cf811dcec4faa01a00ed5634f595f5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 21 Jan 2026 15:31:15 +0100 Subject: [PATCH 1314/1548] library: ssl: add missing secp256k1 to ssl_preset_default_groups Signed-off-by: Valerio Setti --- library/ssl_tls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cadb3cbd32..f3a60669b7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2373,6 +2373,9 @@ static const uint16_t ssl_preset_default_groups[] = { #if defined(PSA_WANT_ECC_SECP_R1_256) MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, #endif +#if defined(PSA_WANT_ECC_SECP_K1_256) + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, +#endif #if defined(PSA_WANT_ECC_SECP_R1_384) MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, #endif From 499e3d13f7811118346be40ce6ccc0ce809b31de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 22 Jan 2026 10:23:03 +0100 Subject: [PATCH 1315/1548] Fix more paths for "not grep" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../scripts/components-configuration-crypto.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 75f0c92ec9..aee412c4a8 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -362,7 +362,7 @@ component_test_full_no_cipher () { cmake -D CMAKE_BUILD_TYPE:String=Release . cmake --build . # Ensure that CIPHER_C was not re-enabled - not grep mbedtls_cipher_init ${BUILTIN_SRC_PATH}/cipher.o + not grep mbedtls_cipher_init ${CMAKE_BUILTIN_BUILD_DIR}/cipher.c.o msg "test: full no CIPHER" ctest @@ -420,7 +420,7 @@ component_test_full_no_ccm_star_no_tag () { cmake --build . # Ensure MBEDTLS_PSA_BUILTIN_CIPHER was not enabled - not grep mbedtls_psa_cipher ${BUILTIN_SRC_PATH}/psa_crypto_cipher.o + not grep mbedtls_psa_cipher ${CMAKE_BUILTIN_BUILD_DIR}/psa_crypto_cipher.c.o msg "test: full no PSA_WANT_ALG_CCM_STAR_NO_TAG" ctest @@ -1351,7 +1351,7 @@ component_test_tfm_config_no_p256m () { # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration # files, so we want to ensure that it has not be re-enabled accidentally. - not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o + not grep mbedtls_cipher ${CMAKE_BUILTIN_BUILD_DIR}/cipher.c.o msg "test: TF-M config without p256m" ctest @@ -2305,14 +2305,14 @@ component_test_block_cipher_no_decrypt_aesce_armcc () { helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra" # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec ${BUILTIN_SRC_PATH}/aes.o - not grep mbedtls_aria_setkey_dec ${BUILTIN_SRC_PATH}/aria.o - not grep mbedtls_camellia_setkey_dec ${BUILTIN_SRC_PATH}/camellia.o + not grep mbedtls_aes_setkey_dec ${CMAKE_BUILTIN_BUILD_DIR}/aes.c.o + not grep mbedtls_aria_setkey_dec ${CMAKE_BUILTIN_BUILD_DIR}/aria.c.o + not grep mbedtls_camellia_setkey_dec ${CMAKE_BUILTIN_BUILD_DIR}/camellia.c.o # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt ${BUILTIN_SRC_PATH}/aes.o + not grep mbedtls_internal_aes_decrypt ${CMAKE_BUILTIN_BUILD_DIR}/aes.c.o # Make sure we don't have mbedtls_aesce_inverse_key and aesce_decrypt_block in AESCE - not grep mbedtls_aesce_inverse_key ${BUILTIN_SRC_PATH}/aesce.o - not grep aesce_decrypt_block ${BUILTIN_SRC_PATH}/aesce.o + not grep mbedtls_aesce_inverse_key ${CMAKE_BUILTIN_BUILD_DIR}/aesce.c.o + not grep aesce_decrypt_block ${CMAKE_BUILTIN_BUILD_DIR}/aesce.c.o } component_test_ctr_drbg_aes_256_sha_512 () { From 8686ad1a9eff5d51b3a0d1062d9758f00a89674b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 21 Jan 2026 16:07:55 +0100 Subject: [PATCH 1316/1548] tests: ssl: add testing for mbedtls_ssl_get_supported_group_list() Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 112 +++++++++++++++++++++++++++ tests/suites/test_suite_ssl.function | 19 +++++ 2 files changed, 131 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index fa61b0f435..f05477fb0d 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3031,6 +3031,118 @@ ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSI Test configuration of EC groups through mbedtls_ssl_conf_groups() conf_group: +Get supported group list: x25519, positive +depends_on:PSA_WANT_ECC_MONTGOMERY_255 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X25519:1 + +Get supported group list: x25519, negative +depends_on:!PSA_WANT_ECC_MONTGOMERY_255 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X25519:0 + +Get supported group list: secp256r1, positive +depends_on:PSA_WANT_ECC_SECP_R1_256 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1:1 + +Get supported group list: secp256r1, negative +depends_on:!PSA_WANT_ECC_SECP_R1_256 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1:0 + +Get supported group list: secp256k1, positive +depends_on:PSA_WANT_ECC_SECP_K1_256 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1:1 + +Get supported group list: secp256k1, negative +depends_on:!PSA_WANT_ECC_SECP_K1_256 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1:0 + +Get supported group list: secp384r1, positive +depends_on:PSA_WANT_ECC_SECP_R1_384 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1:1 + +Get supported group list: secp384r1, negative +depends_on:!PSA_WANT_ECC_SECP_R1_384 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1:0 + +Get supported group list: x448, positive +depends_on:PSA_WANT_ECC_MONTGOMERY_448 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X448:1 + +Get supported group list: x448, negative +depends_on:!PSA_WANT_ECC_MONTGOMERY_448 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X448:0 + +Get supported group list: secp521r1, positive +depends_on:PSA_WANT_ECC_SECP_R1_521 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1:1 + +Get supported group list: secp521r1, negative +depends_on:!PSA_WANT_ECC_SECP_R1_521 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1:0 + +Get supported group list: brainpool256r1, positive +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1:1 + +Get supported group list: brainpool256r1, negative +depends_on:!PSA_WANT_ECC_BRAINPOOL_P_R1_256 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1:0 + +Get supported group list: brainpool384r1, positive +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1:1 + +Get supported group list: brainpool384r1, negative +depends_on:!PSA_WANT_ECC_BRAINPOOL_P_R1_384 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1:0 + +Get supported group list: brainpool512r1, positive +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1:1 + +Get supported group list: brainpool512r1, negative +depends_on:!PSA_WANT_ECC_BRAINPOOL_P_R1_512 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1:0 + +Get supported group list: ffdhe2048, positive +depends_on:PSA_WANT_DH_RFC7919_2048 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:1 + +Get supported group list: ffdhe2048, negative +depends_on:!PSA_WANT_DH_RFC7919_2048 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:0 + +Get supported group list: ffdhe3072, positive +depends_on:PSA_WANT_DH_RFC7919_3072 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:1 + +Get supported group list: ffdhe3072, negative +depends_on:!PSA_WANT_DH_RFC7919_3072 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:0 + +Get supported group list: ffdhe4096, positive +depends_on:PSA_WANT_DH_RFC7919_4096 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:1 + +Get supported group list: ffdhe4096, negative +depends_on:!PSA_WANT_DH_RFC7919_4096 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:0 + +Get supported group list: ffdhe6144, positive +depends_on:PSA_WANT_DH_RFC7919_6144 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:1 + +Get supported group list: ffdhe6144, negative +depends_on:!PSA_WANT_DH_RFC7919_6144 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:0 + +Get supported group list: ffdhe8192, positive +depends_on:PSA_WANT_DH_RFC7919_8192 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:1 + +Get supported group list: ffdhe8192, negative +depends_on:!PSA_WANT_DH_RFC7919_8192 +test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:0 + Version config: valid client TLS 1.2 only depends_on:MBEDTLS_SSL_PROTO_TLS1_2 conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 5b6500898e..7a7771cb73 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3574,6 +3574,25 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void test_mbedtls_ssl_get_supported_group_list(int iana_group_id, int is_available) +{ + const uint16_t *list = mbedtls_ssl_get_supported_group_list(); + int found = 0; + + for (int i = 0; list[i] != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; i++) { + if (list[i] == iana_group_id) { + found = 1; + break; + } + } + + TEST_EQUAL(found, is_available); + +exit:; +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 */ void force_bad_session_id_len() { From 6c5a9f04dfaeb3ab95004859463adb43f147f406 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 22 Jan 2026 16:52:11 +0100 Subject: [PATCH 1317/1548] library: ssl: improve/fix documentation of group related functions Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b413dfba67..c21c1b1ae7 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3674,7 +3674,7 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, * about it being freed. * * \return The list made of IANA NamedGroups IDs (MBEDTLS_SSL_IANA_TLS_GROUP_xxx) - * with the last item always being MBEDTLS_SSL_IANA_TLS_GROUP_NONE. + * and is terminated by #MBEDTLS_SSL_IANA_TLS_GROUP_NONE. */ const uint16_t *mbedtls_ssl_get_supported_group_list(void); @@ -3704,7 +3704,7 @@ const uint16_t *mbedtls_ssl_get_supported_group_list(void); * resource usage. * * \note The list is not copied internally, only the reference to it - * is saved in \p conf. Do not free \p groups memory for the + * is saved in \p conf. Do not free \p groups memory for the time * in which \p conf is being used. * * \param conf SSL configuration From 2aecd2cd5fe0babe94fb971b6191d75c3ceacbf9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 22 Jan 2026 17:13:44 +0100 Subject: [PATCH 1318/1548] library|tests: ssl: remove secp256k1 from default groups Signed-off-by: Valerio Setti --- library/ssl_tls.c | 3 --- tests/suites/test_suite_ssl.data | 8 -------- 2 files changed, 11 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f3a60669b7..cadb3cbd32 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2373,9 +2373,6 @@ static const uint16_t ssl_preset_default_groups[] = { #if defined(PSA_WANT_ECC_SECP_R1_256) MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, #endif -#if defined(PSA_WANT_ECC_SECP_K1_256) - MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, -#endif #if defined(PSA_WANT_ECC_SECP_R1_384) MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, #endif diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index f05477fb0d..6bef4c6518 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3047,14 +3047,6 @@ Get supported group list: secp256r1, negative depends_on:!PSA_WANT_ECC_SECP_R1_256 test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1:0 -Get supported group list: secp256k1, positive -depends_on:PSA_WANT_ECC_SECP_K1_256 -test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1:1 - -Get supported group list: secp256k1, negative -depends_on:!PSA_WANT_ECC_SECP_K1_256 -test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1:0 - Get supported group list: secp384r1, positive depends_on:PSA_WANT_ECC_SECP_R1_384 test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1:1 From 7ca3c602b7f474a12ba9ce9e0c715238682c43ce Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 26 Jan 2026 10:15:12 +0100 Subject: [PATCH 1319/1548] library: ssl: add macro for allocating a TLS-ID <-> group-name table Being a macro allow the table to be instatiated only when/if necessary by the consuming code. Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 25 +++++++++++++++++++++++++ library/ssl_tls.c | 19 ++----------------- 2 files changed, 27 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c21c1b1ae7..b9e725e99e 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3660,6 +3660,31 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ +/** + *\brief Define a TLS-ID <-> group-name table + */ +#define MBEDTLS_TLS_ID_GROUP_NAME_TABLE(table_name) \ + struct { \ + uint16_t tls_id; \ + const char *group_name; \ + } table_name[] = { \ + { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192" }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_NONE, "" } \ + } + /** * \brief Return the list of supported groups (curves and finite fields). * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cadb3cbd32..207a69d7d5 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5850,28 +5850,13 @@ uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id) } #if defined(MBEDTLS_DEBUG_C) -static const struct { - uint16_t tls_id; - const char *name; -} tls_id_curve_name_table[] = -{ - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" }, - { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448" }, - { 0, NULL }, -}; +static MBEDTLS_TLS_ID_GROUP_NAME_TABLE(tls_id_curve_name_table); const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id) { for (int i = 0; tls_id_curve_name_table[i].tls_id != 0; i++) { if (tls_id_curve_name_table[i].tls_id == tls_id) { - return tls_id_curve_name_table[i].name; + return tls_id_curve_name_table[i].group_name; } } From c87adb64f2cb4f4d9e99798da0294e28a97a17bd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 26 Jan 2026 11:09:20 +0100 Subject: [PATCH 1320/1548] tests: ssl: add test for TLS-ID <-> curve-name table Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 60 ++++++++++++++++++++++++++++ tests/suites/test_suite_ssl.function | 21 ++++++++++ 2 files changed, 81 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 6bef4c6518..7732870cba 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3135,6 +3135,66 @@ Get supported group list: ffdhe8192, negative depends_on:!PSA_WANT_DH_RFC7919_8192 test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:0 +TLS ID <-> group name: x25519 +depends_on:PSA_WANT_ECC_MONTGOMERY_255 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_X25519:"x25519" + +TLS ID <-> group name: secp256r1 +depends_on:PSA_WANT_ECC_SECP_R1_256 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1:"secp256r1" + +TLS ID <-> group name: secp256k1 +depends_on:PSA_WANT_ECC_SECP_K1_256 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1:"secp256k1" + +TLS ID <-> group name: secp384r1 +depends_on:PSA_WANT_ECC_SECP_R1_384 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1:"secp384r1" + +TLS ID <-> group name: x448 +depends_on:PSA_WANT_ECC_MONTGOMERY_448 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_X448:"x448" + +TLS ID <-> group name: secp521r1 +depends_on:PSA_WANT_ECC_SECP_R1_521 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1:"secp521r1" + +TLS ID <-> group name: brainpoolP256r1 +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1:"brainpoolP256r1" + +TLS ID <-> group name: brainpoolP384r1 +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1:"brainpoolP384r1" + +TLS ID <-> group name: brainpoolP512r1 +depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1:"brainpoolP512r1" + +TLS ID <-> group name: ffdhe2048 +depends_on:PSA_WANT_DH_RFC7919_2048 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:"ffdhe2048" + +TLS ID <-> group name: ffdhe3072 +depends_on:PSA_WANT_DH_RFC7919_3072 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:"ffdhe3072" + +TLS ID <-> group name: ffdhe4096 +depends_on:PSA_WANT_DH_RFC7919_4096 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:"ffdhe4096" + +TLS ID <-> group name: ffdhe6144 +depends_on:PSA_WANT_DH_RFC7919_6144 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:"ffdhe6144" + +TLS ID <-> group name: ffdhe8192 +depends_on:PSA_WANT_DH_RFC7919_8192 +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:"ffdhe8192" + +TLS ID <-> group name: [NONE] +test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_NONE:"" + + Version config: valid client TLS 1.2 only depends_on:MBEDTLS_SSL_PROTO_TLS1_2 conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 7a7771cb73..33c1d44a37 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3593,6 +3593,27 @@ exit:; } /* END_CASE */ +/* BEGIN_CASE */ +void test_mbedtls_tls_id_group_name_table(int group_id, char *group_name) +{ + MBEDTLS_TLS_ID_GROUP_NAME_TABLE(test_table); + const char *table_name = NULL; + size_t table_name_len = 0; + + for (size_t i = 0; i < ARRAY_LENGTH(test_table); i++) { + if (test_table[i].tls_id == group_id) { + table_name = test_table[i].group_name; + table_name_len = strlen(table_name); + } + } + + TEST_ASSERT(table_name != NULL); + TEST_MEMORY_COMPARE(table_name, table_name_len, group_name, strlen(group_name)); + +exit:; +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 */ void force_bad_session_id_len() { From 15c68993cbdf4eda6bd58191c0fbf56326fb3952 Mon Sep 17 00:00:00 2001 From: ng-gsmk Date: Mon, 26 Jan 2026 13:07:26 +0100 Subject: [PATCH 1321/1548] Apply suggestions from code review Co-authored-by: Ronald Cron Signed-off-by: ng-gsmk --- include/mbedtls/ssl.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 655143c106..e5f1b64285 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1715,11 +1715,11 @@ struct mbedtls_ssl_context { int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message on next call to record layer? */ - unsigned char MBEDTLS_PRIVATE(in_alert_recv); /*!< Determines if a fatal alert has + unsigned char MBEDTLS_PRIVATE(in_fatal_alert_recv); /*!< Determines if a fatal alert has been received. Values: - \c 0 , no fatal alert received. - \c 1 , a fatal alert has been received */ - unsigned char MBEDTLS_PRIVATE(in_alert_type); /*!< Type of fatal alert if in_alert_recv + unsigned char MBEDTLS_PRIVATE(in_fatal_alert_type); /*!< Type of fatal alert if in_alert_recv != 0 */ /* The following three variables indicate if and, if yes, @@ -4920,19 +4920,19 @@ int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl, unsigned char message); /** - * \brief Get the received fatal alert + * \brief Get the last received fatal alert * * \param ssl SSL context * * \return The alert description type (MBEDTLS_SSL_ALERT_MSG_*) if a fatal - * alert has been received or MBEDTLS_ERR_SSL_BAD_INPUT_DATA + * alert has been received, MBEDTLS_ERR_SSL_BAD_INPUT_DATA otherwise. * * \note This function can be used in case mbedtls_ssl_handshake(), * mbedtls_ssl_handshake_step() or mbedtls_ssl_read() returned * MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE to get the actual alert * description type. */ -int mbedtls_ssl_get_alert(mbedtls_ssl_context *ssl); +int mbedtls_ssl_get_fatal_alert(const mbedtls_ssl_context *ssl); /** * \brief Notify the peer that the connection is being closed From 4f83ebedd1a19119a4ea1f776092e51eb25675b6 Mon Sep 17 00:00:00 2001 From: Nico Geyso Date: Mon, 26 Jan 2026 13:15:07 +0100 Subject: [PATCH 1322/1548] Fix outstanding code review issues - adjust function name to mbedtls_ssl_get_fatal_alert - fix missing property name changes for mbedtls_ssl_context Signed-off-by: Nico Geyso --- library/ssl_msg.c | 10 +++++----- library/ssl_tls.c | 4 ++-- tests/suites/test_suite_ssl.function | 8 ++++---- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 70b69436c4..87598366d7 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -4931,8 +4931,8 @@ int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl) if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL) { MBEDTLS_SSL_DEBUG_MSG(1, ("is a fatal alert message (msg %d)", ssl->in_msg[1])); - ssl->in_alert_recv = 1; - ssl->in_alert_type = ssl->in_msg[1]; + ssl->in_fatal_alert_recv = 1; + ssl->in_fatal_alert_type = ssl->in_msg[1]; return MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE; } @@ -5017,12 +5017,12 @@ int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl, return 0; } -int mbedtls_ssl_get_alert(mbedtls_ssl_context *ssl) +int mbedtls_ssl_get_fatal_alert(const mbedtls_ssl_context *ssl) { - if (ssl == NULL || ssl->in_alert_recv != 1) { + if (ssl == NULL || ssl->in_fatal_alert_recv != 1) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - return ssl->in_alert_type; + return ssl->in_fatal_alert_type; } int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 23ec7b40c7..102de743b2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1296,8 +1296,8 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, memset(ssl->in_buf, 0, in_buf_len); } - ssl->in_alert_recv = 0; - ssl->in_alert_type = 0; + ssl->in_fatal_alert_recv = 0; + ssl->in_fatal_alert_type = 0; ssl->send_alert = 0; diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 79881b9834..628a183853 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5956,10 +5956,10 @@ void ssl_get_alert_after_fatal(void) TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); /* Invalid ssl context */ - TEST_ASSERT(mbedtls_ssl_get_alert(NULL) == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_ASSERT(mbedtls_ssl_get_fatal_alert(NULL) == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); /* No alert has been received yet */ - TEST_ASSERT(mbedtls_ssl_get_alert(&ssl) == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_ASSERT(mbedtls_ssl_get_fatal_alert(&ssl) == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); // prepare input message buffer with fatal alert ssl.in_msglen = 2; @@ -5969,11 +5969,11 @@ void ssl_get_alert_after_fatal(void) /* import prepared fatal alert and test getter */ TEST_ASSERT(mbedtls_ssl_handle_message_type(&ssl) == MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE); - TEST_ASSERT(mbedtls_ssl_get_alert(&ssl) == MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + TEST_ASSERT(mbedtls_ssl_get_fatal_alert(&ssl) == MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); /* Reset the session and check that no alert is present*/ mbedtls_ssl_session_reset_msg_layer(&ssl, 0); - TEST_ASSERT(mbedtls_ssl_get_alert(&ssl) == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + TEST_ASSERT(mbedtls_ssl_get_fatal_alert(&ssl) == MBEDTLS_ERR_SSL_BAD_INPUT_DATA); exit: mbedtls_ssl_free(&ssl); From 6afd8367b953a9a42290c5b3014ebe09c1335c24 Mon Sep 17 00:00:00 2001 From: Nico Geyso Date: Mon, 26 Jan 2026 13:22:40 +0100 Subject: [PATCH 1323/1548] remove whitespace in mbedtls_ssl_session_msg_layer to comply with coding style, remove blank new line for alert reset Signed-off-by: Nico Geyso --- library/ssl_tls.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 102de743b2..bc65b0e1d7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1298,7 +1298,6 @@ void mbedtls_ssl_session_reset_msg_layer(mbedtls_ssl_context *ssl, ssl->in_fatal_alert_recv = 0; ssl->in_fatal_alert_type = 0; - ssl->send_alert = 0; /* Reset outgoing message writing */ From 8a3bcb143495760326e4a0b6c3c36349b01b1eca Mon Sep 17 00:00:00 2001 From: Nico Geyso Date: Mon, 26 Jan 2026 14:39:17 +0100 Subject: [PATCH 1324/1548] Fix coding style conventions for mbedtls_ssl_context Signed-off-by: Nico Geyso --- include/mbedtls/ssl.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e5f1b64285..ef8c5d3583 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1716,11 +1716,11 @@ struct mbedtls_ssl_context { on next call to record layer? */ unsigned char MBEDTLS_PRIVATE(in_fatal_alert_recv); /*!< Determines if a fatal alert has - been received. Values: - - \c 0 , no fatal alert received. - - \c 1 , a fatal alert has been received */ + been received. Values: + - \c 0 , no fatal alert received. + - \c 1 , a fatal alert has been received */ unsigned char MBEDTLS_PRIVATE(in_fatal_alert_type); /*!< Type of fatal alert if in_alert_recv - != 0 */ + != 0 */ /* The following three variables indicate if and, if yes, * what kind of alert is pending to be sent. From fb317afa9fd13c228a04a94f017301d18fc031b2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Jan 2026 00:36:17 +0100 Subject: [PATCH 1325/1548] library: ssl: rework macro to define known TLS ID <-> group name list - let the macro be an initializer for the array of known TLS IDs, not a variable declarator; - last item's group name is NULL, not an empty string - change then name of the macro from MBEDTLS_TLS_ID_GROUP_NAME_TABLE to MBEDTLS_SSL_IANA_TLS_GROUPS_INFO - define a new public structure "mbedtls_ssl_iana_tls_group_info_t" to hold each element of the table and that can be used the go over the list from user code. Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 26 ++++++++++++++++++-------- library/ssl_tls.c | 3 ++- tests/suites/test_suite_ssl.function | 12 ++++++++---- 3 files changed, 28 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b9e725e99e..aeb499586f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3660,14 +3660,24 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -/** - *\brief Define a TLS-ID <-> group-name table +/* + * This structure defines the correpondence between IANA's TLS-ID and its + * corresponding group name. + * This is used in macro #MBEDTLS_SSL_IANA_TLS_GROUPS_INFO to define the list + * of known TLS IDs and corresponding group names. + */ +typedef struct { + uint16_t tls_id; + const char *group_name; +} mbedtls_ssl_iana_tls_group_info_t; + +/* + * Initializer for a list of known "TLS ID" <-> "group name". + * Each entry is a structure of type mbedtls_ssl_iana_tls_group_info_t. + * The last entry has 'tls_id = 0' and 'group_name = NULL'. */ -#define MBEDTLS_TLS_ID_GROUP_NAME_TABLE(table_name) \ - struct { \ - uint16_t tls_id; \ - const char *group_name; \ - } table_name[] = { \ +#define MBEDTLS_SSL_IANA_TLS_GROUPS_INFO \ + { \ { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" }, \ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" }, \ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" }, \ @@ -3682,7 +3692,7 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096" }, \ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144" }, \ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_NONE, "" } \ + { MBEDTLS_SSL_IANA_TLS_GROUP_NONE, NULL } \ } /** diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 207a69d7d5..f6199195cb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5850,7 +5850,8 @@ uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id) } #if defined(MBEDTLS_DEBUG_C) -static MBEDTLS_TLS_ID_GROUP_NAME_TABLE(tls_id_curve_name_table); +static +mbedtls_ssl_iana_tls_group_info_t tls_id_curve_name_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO; const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id) { diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 33c1d44a37..40f49a894b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3596,13 +3596,17 @@ exit:; /* BEGIN_CASE */ void test_mbedtls_tls_id_group_name_table(int group_id, char *group_name) { - MBEDTLS_TLS_ID_GROUP_NAME_TABLE(test_table); + mbedtls_ssl_iana_tls_group_info_t test_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO; + mbedtls_ssl_iana_tls_group_info_t *item; const char *table_name = NULL; size_t table_name_len = 0; - for (size_t i = 0; i < ARRAY_LENGTH(test_table); i++) { - if (test_table[i].tls_id == group_id) { - table_name = test_table[i].group_name; + /* Ensure that the list includes at least 1 valid entry. */ + TEST_ASSERT(test_table[0].tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE); + + for (item = &test_table[0]; item->tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; item++) { + if (item->tls_id == group_id) { + table_name = item->group_name; table_name_len = strlen(table_name); } } From bb4f58487602b18cda8713f65b1a27768404834a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Jan 2026 00:44:56 +0100 Subject: [PATCH 1326/1548] tests: ssl: improve test_mbedtls_tls_id_group_name_table() Check provided group_name also against the value returned from mbedtls_ssl_get_curve_name_from_tls_id(). Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.function | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 40f49a894b..9d2e56dd38 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3599,7 +3599,6 @@ void test_mbedtls_tls_id_group_name_table(int group_id, char *group_name) mbedtls_ssl_iana_tls_group_info_t test_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO; mbedtls_ssl_iana_tls_group_info_t *item; const char *table_name = NULL; - size_t table_name_len = 0; /* Ensure that the list includes at least 1 valid entry. */ TEST_ASSERT(test_table[0].tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE); @@ -3607,12 +3606,16 @@ void test_mbedtls_tls_id_group_name_table(int group_id, char *group_name) for (item = &test_table[0]; item->tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; item++) { if (item->tls_id == group_id) { table_name = item->group_name; - table_name_len = strlen(table_name); } } TEST_ASSERT(table_name != NULL); - TEST_MEMORY_COMPARE(table_name, table_name_len, group_name, strlen(group_name)); + TEST_MEMORY_COMPARE(table_name, strlen(table_name), group_name, strlen(group_name)); + +#if defined(MBEDTLS_DEBUG_C) + const char *builtin_table_name = mbedtls_ssl_get_curve_name_from_tls_id(group_id); + TEST_MEMORY_COMPARE(builtin_table_name, strlen(builtin_table_name), group_name, strlen(group_name)); +#endif /* MBEDTLS_DEBUG_C */ exit:; } From 4f1e4fba80d13738b85a60329b9ef4165a64990c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Jan 2026 00:51:35 +0100 Subject: [PATCH 1327/1548] library: ssl: make the list of "TLS ID" <-> "group name" public when possible This is only done when MBEDTLS_DEBUG_C is declared in order not to inflate the library size. Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 8 ++++++++ library/ssl_tls.c | 10 +++++----- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index aeb499586f..225736fce7 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3695,6 +3695,14 @@ typedef struct { { MBEDTLS_SSL_IANA_TLS_GROUP_NONE, NULL } \ } +#if defined(MBEDTLS_DEBUG_C) +/* + * List of known "TLS ID" <-> "group name". + * #MBEDTLS_SSL_IANA_TLS_GROUPS_INFO is used to initialized the list. + */ +extern mbedtls_ssl_iana_tls_group_info_t mbedtls_ssl_iana_tls_group_info[]; +#endif /* MBEDTLS_DEBUG_C */ + /** * \brief Return the list of supported groups (curves and finite fields). * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f6199195cb..5c03917719 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5850,14 +5850,14 @@ uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id) } #if defined(MBEDTLS_DEBUG_C) -static -mbedtls_ssl_iana_tls_group_info_t tls_id_curve_name_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO; +mbedtls_ssl_iana_tls_group_info_t mbedtls_ssl_iana_tls_group_info[] = + MBEDTLS_SSL_IANA_TLS_GROUPS_INFO; const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id) { - for (int i = 0; tls_id_curve_name_table[i].tls_id != 0; i++) { - if (tls_id_curve_name_table[i].tls_id == tls_id) { - return tls_id_curve_name_table[i].group_name; + for (int i = 0; mbedtls_ssl_iana_tls_group_info[i].tls_id != 0; i++) { + if (mbedtls_ssl_iana_tls_group_info[i].tls_id == tls_id) { + return mbedtls_ssl_iana_tls_group_info[i].group_name; } } From cc53b069d91bd41e63bf21396e847284be2e43dc Mon Sep 17 00:00:00 2001 From: Nico Geyso Date: Tue, 27 Jan 2026 10:48:31 +0100 Subject: [PATCH 1328/1548] Improve changelog for alert getter Integrate suggestions by @ronald-cron-arm for changelog for alert getter. Signed-off-by: Nico Geyso --- ChangeLog.d/alert-getter.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog.d/alert-getter.txt b/ChangeLog.d/alert-getter.txt index 2b6afd225d..da90cf31d7 100644 --- a/ChangeLog.d/alert-getter.txt +++ b/ChangeLog.d/alert-getter.txt @@ -1,6 +1,6 @@ Features - * Add the function mbedtls_ssl_get_alert() which returns the - last received fatal error alert type for a more generic - MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE return value from - mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step() or - mbedtls_ssl_read(). + * Add the function mbedtls_ssl_get_fatal_alert(), which returns the type of + the last received fatal alert. This allows callers to retrieve more + detailed information when mbedtls_ssl_handshake(), + mbedtls_ssl_handshake_step(), or mbedtls_ssl_read() returns the generic + MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE error code. From d658f3d41ec6eda187cbf768cce381bacf42481f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Jan 2026 11:42:59 +0100 Subject: [PATCH 1329/1548] tests: ssl: skip testing of MBEDTLS_SSL_IANA_TLS_GROUP_NONE This is already indirectly checked in 'test_mbedtls_tls_id_group_name_table' because it's the last item of the list. Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 4 ---- tests/suites/test_suite_ssl.function | 3 ++- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 7732870cba..231c4b05f3 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3191,10 +3191,6 @@ TLS ID <-> group name: ffdhe8192 depends_on:PSA_WANT_DH_RFC7919_8192 test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:"ffdhe8192" -TLS ID <-> group name: [NONE] -test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_NONE:"" - - Version config: valid client TLS 1.2 only depends_on:MBEDTLS_SSL_PROTO_TLS1_2 conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9d2e56dd38..c63ad65bd2 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3614,7 +3614,8 @@ void test_mbedtls_tls_id_group_name_table(int group_id, char *group_name) #if defined(MBEDTLS_DEBUG_C) const char *builtin_table_name = mbedtls_ssl_get_curve_name_from_tls_id(group_id); - TEST_MEMORY_COMPARE(builtin_table_name, strlen(builtin_table_name), group_name, strlen(group_name)); + TEST_MEMORY_COMPARE(builtin_table_name, strlen(builtin_table_name), group_name, + strlen(group_name)); #endif /* MBEDTLS_DEBUG_C */ exit:; From 097e57874ffb6a499204c420a7cdc178310e7ee0 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 8 Jan 2026 17:16:05 +0000 Subject: [PATCH 1330/1548] Moved tests/psa-client-server to framework. Signed-off-by: Minos Galanakis --- tests/psa-client-server/README.md | 6 - tests/psa-client-server/psasim/.gitignore | 12 - tests/psa-client-server/psasim/Makefile | 81 - tests/psa-client-server/psasim/README.md | 42 - .../psa-client-server/psasim/include/client.h | 75 - .../psa-client-server/psasim/include/common.h | 52 - .../psasim/include/error_ext.h | 19 - tests/psa-client-server/psasim/include/init.h | 15 - .../psasim/include/lifecycle.h | 17 - .../psasim/include/service.h | 253 - tests/psa-client-server/psasim/include/util.h | 33 - tests/psa-client-server/psasim/src/aut_main.c | 71 - .../psasim/src/aut_psa_aead_encrypt.c | 227 - .../psasim/src/aut_psa_aead_encrypt_decrypt.c | 126 - .../src/aut_psa_asymmetric_encrypt_decrypt.c | 81 - .../src/aut_psa_cipher_encrypt_decrypt.c | 84 - .../psasim/src/aut_psa_hash.c | 167 - .../psasim/src/aut_psa_hash_compute.c | 81 - .../psasim/src/aut_psa_hkdf.c | 121 - .../psasim/src/aut_psa_key_agreement.c | 146 - .../psasim/src/aut_psa_mac.c | 162 - .../psasim/src/aut_psa_random.c | 47 - .../psasim/src/aut_psa_sign_verify.c | 93 - tests/psa-client-server/psasim/src/client.c | 23 - .../psasim/src/manifest.json | 29 - .../psasim/src/psa_ff_client.c | 385 - .../psasim/src/psa_ff_server.c | 655 -- .../psasim/src/psa_functions_codes.h | 107 - .../psasim/src/psa_sim_crypto_client.c | 7906 -------------- .../psasim/src/psa_sim_crypto_server.c | 9226 ----------------- .../psasim/src/psa_sim_generate.pl | 1208 --- .../psasim/src/psa_sim_serialise.c | 1765 ---- .../psasim/src/psa_sim_serialise.h | 1432 --- .../psasim/src/psa_sim_serialise.pl | 1048 -- tests/psa-client-server/psasim/src/server.c | 117 - .../psasim/test/kill_servers.sh | 17 - .../psa-client-server/psasim/test/run_test.sh | 24 - .../psasim/test/start_server.sh | 24 - .../psasim/tools/psa_autogen.py | 174 - 39 files changed, 26151 deletions(-) delete mode 100644 tests/psa-client-server/README.md delete mode 100644 tests/psa-client-server/psasim/.gitignore delete mode 100644 tests/psa-client-server/psasim/Makefile delete mode 100644 tests/psa-client-server/psasim/README.md delete mode 100644 tests/psa-client-server/psasim/include/client.h delete mode 100644 tests/psa-client-server/psasim/include/common.h delete mode 100644 tests/psa-client-server/psasim/include/error_ext.h delete mode 100644 tests/psa-client-server/psasim/include/init.h delete mode 100644 tests/psa-client-server/psasim/include/lifecycle.h delete mode 100644 tests/psa-client-server/psasim/include/service.h delete mode 100644 tests/psa-client-server/psasim/include/util.h delete mode 100644 tests/psa-client-server/psasim/src/aut_main.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_hash.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_hash_compute.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_hkdf.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_key_agreement.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_mac.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_random.c delete mode 100644 tests/psa-client-server/psasim/src/aut_psa_sign_verify.c delete mode 100644 tests/psa-client-server/psasim/src/client.c delete mode 100644 tests/psa-client-server/psasim/src/manifest.json delete mode 100644 tests/psa-client-server/psasim/src/psa_ff_client.c delete mode 100644 tests/psa-client-server/psasim/src/psa_ff_server.c delete mode 100644 tests/psa-client-server/psasim/src/psa_functions_codes.h delete mode 100644 tests/psa-client-server/psasim/src/psa_sim_crypto_client.c delete mode 100644 tests/psa-client-server/psasim/src/psa_sim_crypto_server.c delete mode 100755 tests/psa-client-server/psasim/src/psa_sim_generate.pl delete mode 100644 tests/psa-client-server/psasim/src/psa_sim_serialise.c delete mode 100644 tests/psa-client-server/psasim/src/psa_sim_serialise.h delete mode 100755 tests/psa-client-server/psasim/src/psa_sim_serialise.pl delete mode 100644 tests/psa-client-server/psasim/src/server.c delete mode 100755 tests/psa-client-server/psasim/test/kill_servers.sh delete mode 100755 tests/psa-client-server/psasim/test/run_test.sh delete mode 100755 tests/psa-client-server/psasim/test/start_server.sh delete mode 100755 tests/psa-client-server/psasim/tools/psa_autogen.py diff --git a/tests/psa-client-server/README.md b/tests/psa-client-server/README.md deleted file mode 100644 index e6d9c873bc..0000000000 --- a/tests/psa-client-server/README.md +++ /dev/null @@ -1,6 +0,0 @@ -### PSA Crypto Client-Server Testing - -Everything in this directory should currently be considered experimental. We are adding features and extending CI support for it. - -Once stable, of production quality, and being tested by the CI, it will eventually be migrated into -the [MbedTLS framework repository](https://github.com/Mbed-TLS/mbedtls-framework). diff --git a/tests/psa-client-server/psasim/.gitignore b/tests/psa-client-server/psasim/.gitignore deleted file mode 100644 index 4065abf771..0000000000 --- a/tests/psa-client-server/psasim/.gitignore +++ /dev/null @@ -1,12 +0,0 @@ -bin/* -*.o -*.so -test/psa_ff_bootstrap.c -test/psa_manifest/* -test/client -test/partition -cscope.out -*.orig -*.swp -*.DS_Store -*psa_ff_bootstrap_* diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile deleted file mode 100644 index ec6691f422..0000000000 --- a/tests/psa-client-server/psasim/Makefile +++ /dev/null @@ -1,81 +0,0 @@ -CFLAGS += -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L - -ifeq ($(DEBUG),1) -override CFLAGS += -DDEBUG -O0 -g -endif - -CLIENT_LIBS := -Lclient_libs -lpsaclient -lmbedtls -lmbedx509 -lmbedcrypto -SERVER_LIBS := -Lserver_libs -lmbedcrypto - -MBEDTLS_ROOT_PATH = ../../.. -COMMON_INCLUDE := -I./include -I$(MBEDTLS_ROOT_PATH)/include \ - -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include \ - -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include - -GENERATED_H_FILES = include/psa_manifest/manifest.h \ - include/psa_manifest/pid.h \ - include/psa_manifest/sid.h - -LIBPSACLIENT_SRC = src/psa_ff_client.c \ - src/psa_sim_crypto_client.c \ - src/psa_sim_serialise.c -LIBPSACLIENT_OBJS=$(LIBPSACLIENT_SRC:.c=.o) - -PSA_CLIENT_BASE_SRC = $(LIBPSACLIENT_SRC) src/client.c - -PSA_CLIENT_FULL_SRC = $(LIBPSACLIENT_SRC) \ - $(wildcard src/aut_*.c) - -PARTITION_SERVER_BOOTSTRAP = src/psa_ff_bootstrap_TEST_PARTITION.c - -PSA_SERVER_SRC = $(PARTITION_SERVER_BOOTSTRAP) \ - src/psa_ff_server.c \ - src/psa_sim_crypto_server.c \ - src/psa_sim_serialise.c - -.PHONY: all clean client_libs server_libs - -all: - -test/seedfile: - dd if=/dev/urandom of=./test/seedfile bs=64 count=1 - -src/%.o: src/%.c $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(CFLAGS) -c $< $(LDFLAGS) -o $@ - -client_libs/libpsaclient: $(LIBPSACLIENT_OBJS) - mkdir -p client_libs - $(AR) -src client_libs/libpsaclient.a $(LIBPSACLIENT_OBJS) - -test/psa_client_base: $(PSA_CLIENT_BASE_SRC) $(GENERATED_H_FILES) test/seedfile - $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_BASE_SRC) $(CLIENT_LIBS) $(LDFLAGS) -o $@ - -test/psa_client_full: $(PSA_CLIENT_FULL_SRC) $(GENERATED_H_FILES) test/seedfile - $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_FULL_SRC) $(CLIENT_LIBS) $(LDFLAGS) -o $@ - -test/psa_server: $(PSA_SERVER_SRC) $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(SERVER_LIBS) $(LDFLAGS) -o $@ - -$(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): src/manifest.json src/server.c - tools/psa_autogen.py src/manifest.json - -# Build MbedTLS libraries (crypto, x509 and tls) and copy them locally to -# build client/server applications. -# -# Note: these rules assume that mbedtls_config.h is already configured by all.sh. -# If not using all.sh then the user must do it manually. -client_libs: client_libs/libpsaclient -client_libs server_libs: - $(MAKE) -C $(MBEDTLS_ROOT_PATH)/library CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a libmbedx509.a libmbedtls.a - mkdir -p $@ - cp $(MBEDTLS_ROOT_PATH)/library/libmbed*.a $@/ - -clean_server_intermediate_files: - rm -f $(PARTITION_SERVER_BOOTSTRAP) - rm -rf include/psa_manifest - -clean: clean_server_intermediate_files - rm -f test/psa_client_base test/psa_client_full test/psa_server - rm -rf client_libs server_libs - rm -f test/psa_service_* test/psa_notify_* test/*.log - rm -f test/seedfile diff --git a/tests/psa-client-server/psasim/README.md b/tests/psa-client-server/psasim/README.md deleted file mode 100644 index db49ae9473..0000000000 --- a/tests/psa-client-server/psasim/README.md +++ /dev/null @@ -1,42 +0,0 @@ -# psasim - -PSASIM holds necessary C source and header files which allows to test Mbed TLS in a "pure crypto client" scenario, i.e `MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C`. -In practical terms it means that this allow to build PSASIM with Mbed TLS sources and get 2 Linux applications, a client and a server, which are connected through Linux's shared memeory, and in which the client relies on the server to perform all PSA Crypto operations. - -The goal of PSASIM is _not_ to provide a ready-to-use solution for anyone looking to implement the pure crypto client structure (see [Limitations](#limitations) for details), but to provide an example of TF-PSA-Crypto RPC (Remote Procedure Call) implementation using Mbed TLS. -## Limitations - -In the current implementation: - -- Only Linux PC is supported. -- There can be only 1 client connected to 1 server. -- Shared memory is the only communication medium allowed. Others can be implemented (ex: net sockets), but in terms of simulation speed shared memory proved to be the fastest. -- Server is not secure at all: keys and operation structs are stored on the RAM, so they can easily be dumped. - -## Testing - -Please refer to `tests/scripts/components-psasim.sh` for guidance on how to build & test PSASIM: - -- `component_test_psasim()`: builds the server and a couple of test clients which are used to evaluate some basic PSA Crypto API commands. -- `component_test_suite_with_psasim()`: builds the server and _all_ the usual test suites (those found under the `/tests/suites/*` folder) which are used by the CI and runs them. A small subset of test suites (`test_suite_constant_time_hmac`,`test_suite_lmots`,`test_suite_lms`) are being skipped, for CI turnover time optimization. They can be run locally if required. - -## How to update automatically generated files - -A significant portion of the intermediate code of PSASIM is auto-generated using Perl. In particular: - -- `psa_sim_serialise.[c|h]`: - - Generated by `psa_sim_serialise.pl`. - - These files provide the serialisation/deserialisation support that is required to pass functions' parameters between client and server. -- `psa_sim_crypto_[client|server].c` and `psa_functions_codes.h`: - - Generated by `psa_sim_generate.pl`. - - `psa_sim_crypto_[client|server].c` provide interfaces for PSA Crypto APIs on client and server sides, while `psa_functions_codes.h` simply enumerates all PSA Crypto APIs. - -These files need to be regenerated whenever some PSA Crypto API is added/deleted/modified. The procedure is as follows: - -- `psa_sim_serialise.[c|h]`: - - go to `/tests/psa-client-server/psasim/src/` - - run `./psa_sim_serialise.pl h > psa_sim_serialise.h` - - run `./psa_sim_serialise.pl c > psa_sim_serialise.c` -- `psa_sim_crypto_[client|server].c` and `psa_functions_codes.h`: - - go to Mbed TLS' root folder - - run `./tests/psa-client-server/psasim/src/psa_sim_generate.pl` diff --git a/tests/psa-client-server/psasim/include/client.h b/tests/psa-client-server/psasim/include/client.h deleted file mode 100644 index d48498e682..0000000000 --- a/tests/psa-client-server/psasim/include/client.h +++ /dev/null @@ -1,75 +0,0 @@ -/* PSA Firmware Framework client header for psasim. */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef __PSA_CLIENT_H__ -#define __PSA_CLIENT_H__ - -#ifdef __cplusplus -extern "C" { -#endif - -#include -#include - -#include "psa/crypto.h" - -#include "error_ext.h" -/*********************** PSA Client Macros and Types *************************/ - -#define PSA_FRAMEWORK_VERSION (0x0100) - -#define PSA_VERSION_NONE (0) - -/* PSA response types */ -#define PSA_CONNECTION_REFUSED PSA_ERROR_CONNECTION_REFUSED -#define PSA_CONNECTION_BUSY PSA_ERROR_CONNECTION_BUSY -#define PSA_DROP_CONNECTION PSA_ERROR_PROGRAMMER_ERROR - -/* PSA message handles */ -#define PSA_NULL_HANDLE ((psa_handle_t) 0) - -#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t) (handle) > 0) -#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t) (handle)) - -/** - * A read-only input memory region provided to an RoT Service. - */ -typedef struct psa_invec { - const void *base; - size_t len; -} psa_invec; - -/** - * A writable output memory region provided to an RoT Service. - */ -typedef struct psa_outvec { - void *base; - size_t len; -} psa_outvec; - -/*************************** PSA Client API **********************************/ - -uint32_t psa_framework_version(void); - -uint32_t psa_version(uint32_t sid); - -psa_handle_t psa_connect(uint32_t sid, uint32_t version); - -psa_status_t psa_call(psa_handle_t handle, - int32_t type, - const psa_invec *in_vec, - size_t in_len, - psa_outvec *out_vec, - size_t out_len); - -void psa_close(psa_handle_t handle); - -#ifdef __cplusplus -} -#endif - -#endif /* __PSA_CLIENT_H__ */ diff --git a/tests/psa-client-server/psasim/include/common.h b/tests/psa-client-server/psasim/include/common.h deleted file mode 100644 index ee5b5a3789..0000000000 --- a/tests/psa-client-server/psasim/include/common.h +++ /dev/null @@ -1,52 +0,0 @@ -/* Common definitions used for clients and services */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef _COMMON_H_ -#define _COMMON_H_ - -#include -#include - -/* Increasing this might break on some platforms */ -#define MAX_FRAGMENT_SIZE 200 - -#define CONNECT_REQUEST 1 -#define CALL_REQUEST 2 -#define CLOSE_REQUEST 3 -#define VERSION_REQUEST 4 -#define READ_REQUEST 5 -#define READ_RESPONSE 6 -#define WRITE_REQUEST 7 -#define WRITE_RESPONSE 8 -#define SKIP_REQUEST 9 -#define PSA_REPLY 10 - -#define NON_SECURE (1 << 30) - -typedef int32_t psa_handle_t; - -#define PSA_MAX_IOVEC (4u) - -#define PSA_IPC_CALL (0) - -struct message_text { - int qid; - int32_t psa_type; - char buf[MAX_FRAGMENT_SIZE]; -}; - -struct message { - long message_type; - struct message_text message_text; -}; - -typedef struct vector_sizes { - size_t invec_sizes[PSA_MAX_IOVEC]; - size_t outvec_sizes[PSA_MAX_IOVEC]; -} vector_sizes_t; - -#endif /* _COMMON_H_ */ diff --git a/tests/psa-client-server/psasim/include/error_ext.h b/tests/psa-client-server/psasim/include/error_ext.h deleted file mode 100644 index 6c82b8a72f..0000000000 --- a/tests/psa-client-server/psasim/include/error_ext.h +++ /dev/null @@ -1,19 +0,0 @@ -/* PSA status codes used by psasim. */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_ERROR_H -#define PSA_ERROR_H - -#include - -#include "common.h" - -#define PSA_ERROR_PROGRAMMER_ERROR ((psa_status_t) -129) -#define PSA_ERROR_CONNECTION_REFUSED ((psa_status_t) -130) -#define PSA_ERROR_CONNECTION_BUSY ((psa_status_t) -131) - -#endif diff --git a/tests/psa-client-server/psasim/include/init.h b/tests/psa-client-server/psasim/include/init.h deleted file mode 100644 index de95d905c7..0000000000 --- a/tests/psa-client-server/psasim/include/init.h +++ /dev/null @@ -1,15 +0,0 @@ -/* Declarations of internal functions. */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -void raise_signal(psa_signal_t signal); -void __init_psasim(const char **array, - int size, - const int allow_ns_clients_array[32], - const uint32_t versions[32], - const int strict_policy_array[32]); diff --git a/tests/psa-client-server/psasim/include/lifecycle.h b/tests/psa-client-server/psasim/include/lifecycle.h deleted file mode 100644 index 1148397a88..0000000000 --- a/tests/psa-client-server/psasim/include/lifecycle.h +++ /dev/null @@ -1,17 +0,0 @@ -/* PSA lifecycle states used by psasim. */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define PSA_LIFECYCLE_PSA_STATE_MASK (0xff00u) -#define PSA_LIFECYCLE_IMP_STATE_MASK (0x00ffu) -#define PSA_LIFECYCLE_UNKNOWN (0x0000u) -#define PSA_LIFECYCLE_ASSEMBLY_AND_TEST (0x1000u) -#define PSA_LIFECYCLE_PSA_ROT_PROVISIONING (0x2000u) -#define PSA_LIFECYCLE_SECURED (0x3000u) -#define PSA_LIFECYCLE_NON_PSA_ROT_DEBUG (0x4000u) -#define PSA_LIFECYCLE_RECOVERABLE_PSA_ROT_DEBUG (0x5000u) -#define PSA_LIFECYCLE_DECOMMISSIONED (0x6000u) -#define psa_rot_lifecycle_state(void) PSA_LIFECYCLE_UNKNOWN diff --git a/tests/psa-client-server/psasim/include/service.h b/tests/psa-client-server/psasim/include/service.h deleted file mode 100644 index cbcb918cb2..0000000000 --- a/tests/psa-client-server/psasim/include/service.h +++ /dev/null @@ -1,253 +0,0 @@ -/* PSA Firmware Framework service header for psasim. */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef __PSA_SERVICE_H__ -#define __PSA_SERVICE_H__ - -#ifdef __cplusplus -extern "C" { -#endif -#include -#include -#include - -#include "common.h" - -#include "psa/crypto.h" - -/********************** PSA Secure Partition Macros and Types ****************/ - -/* PSA wait timeouts */ -#define PSA_POLL (0x00000000u) -#define PSA_BLOCK (0x80000000u) - -/* A mask value that includes all Secure Partition signals */ -#define PSA_WAIT_ANY (~0u) - -/* Doorbell signal */ -#define PSA_DOORBELL (0x00000008u) - -/* PSA message types */ -#define PSA_IPC_CONNECT (-1) -#define PSA_IPC_DISCONNECT (-2) - -/* Return code from psa_get() */ -#define PSA_ERR_NOMSG (INT32_MIN + 3) - -/* Store a set of one or more Secure Partition signals */ -typedef uint32_t psa_signal_t; - -/** - * Describe a message received by an RoT Service after calling \ref psa_get(). - */ -typedef struct psa_msg_t { - uint32_t type; /* One of the following values: - * \ref PSA_IPC_CONNECT - * \ref PSA_IPC_CALL - * \ref PSA_IPC_DISCONNECT - */ - psa_handle_t handle; /* A reference generated by the SPM to the - * message returned by psa_get(). - */ - int32_t client_id; /* Partition ID of the sender of the message */ - void *rhandle; /* Be useful for binding a connection to some - * application-specific data or function - * pointer within the RoT Service - * implementation. - */ - size_t in_size[PSA_MAX_IOVEC]; /* Provide the size of each client input - * vector in bytes. - */ - size_t out_size[PSA_MAX_IOVEC];/* Provide the size of each client output - * vector in bytes. - */ -} psa_msg_t; - -/************************* PSA Secure Partition API **************************/ - -/** - * \brief Return the Secure Partition interrupt signals that have been asserted - * from a subset of signals provided by the caller. - * - * \param[in] signal_mask A set of signals to query. Signals that are not - * in this set will be ignored. - * \param[in] timeout Specify either blocking \ref PSA_BLOCK or - * polling \ref PSA_POLL operation. - * - * \retval >0 At least one signal is asserted. - * \retval 0 No signals are asserted. This is only seen when - * a polling timeout is used. - */ -psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout); - -/** - * \brief Retrieve the message which corresponds to a given RoT Service signal - * and remove the message from the RoT Service queue. - * - * \param[in] signal The signal value for an asserted RoT Service. - * \param[out] msg Pointer to \ref psa_msg_t object for receiving - * the message. - * - * \retval PSA_SUCCESS Success, *msg will contain the delivered - * message. - * \retval PSA_ERR_NOMSG Message could not be delivered. - * \retval "Does not return" The call is invalid because one or more of the - * following are true: - * \arg signal has more than a single bit set. - * \arg signal does not correspond to an RoT Service. - * \arg The RoT Service signal is not currently - * asserted. - * \arg The msg pointer provided is not a valid memory - * reference. - */ -psa_status_t psa_get(psa_signal_t signal, psa_msg_t *msg); - -/** - * \brief Associate some RoT Service private data with a client connection. - * - * \param[in] msg_handle Handle for the client's message. - * \param[in] rhandle Reverse handle allocated by the RoT Service. - * - * \retval void Success, rhandle will be provided with all - * subsequent messages delivered on this - * connection. - * \retval "Does not return" msg_handle is invalid. - */ -void psa_set_rhandle(psa_handle_t msg_handle, void *rhandle); - -/** - * \brief Read a message parameter or part of a message parameter from a client - * input vector. - * - * \param[in] msg_handle Handle for the client's message. - * \param[in] invec_idx Index of the input vector to read from. Must be - * less than \ref PSA_MAX_IOVEC. - * \param[out] buffer Buffer in the Secure Partition to copy the - * requested data to. - * \param[in] num_bytes Maximum number of bytes to be read from the - * client input vector. - * - * \retval >0 Number of bytes copied. - * \retval 0 There was no remaining data in this input - * vector. - * \retval "Does not return" The call is invalid, one or more of the - * following are true: - * \arg msg_handle is invalid. - * \arg msg_handle does not refer to a - * \ref PSA_IPC_CALL message. - * \arg invec_idx is equal to or greater than - * \ref PSA_MAX_IOVEC. - * \arg the memory reference for buffer is invalid or - * not writable. - */ -size_t psa_read(psa_handle_t msg_handle, uint32_t invec_idx, - void *buffer, size_t num_bytes); - -/** - * \brief Skip over part of a client input vector. - * - * \param[in] msg_handle Handle for the client's message. - * \param[in] invec_idx Index of input vector to skip from. Must be - * less than \ref PSA_MAX_IOVEC. - * \param[in] num_bytes Maximum number of bytes to skip in the client - * input vector. - * - * \retval >0 Number of bytes skipped. - * \retval 0 There was no remaining data in this input - * vector. - * \retval "Does not return" The call is invalid, one or more of the - * following are true: - * \arg msg_handle is invalid. - * \arg msg_handle does not refer to a - * \ref PSA_IPC_CALL message. - * \arg invec_idx is equal to or greater than - * \ref PSA_MAX_IOVEC. - */ -size_t psa_skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes); - -/** - * \brief Write a message response to a client output vector. - * - * \param[in] msg_handle Handle for the client's message. - * \param[out] outvec_idx Index of output vector in message to write to. - * Must be less than \ref PSA_MAX_IOVEC. - * \param[in] buffer Buffer with the data to write. - * \param[in] num_bytes Number of bytes to write to the client output - * vector. - * - * \retval void Success - * \retval "Does not return" The call is invalid, one or more of the - * following are true: - * \arg msg_handle is invalid. - * \arg msg_handle does not refer to a - * \ref PSA_IPC_CALL message. - * \arg outvec_idx is equal to or greater than - * \ref PSA_MAX_IOVEC. - * \arg The memory reference for buffer is invalid. - * \arg The call attempts to write data past the end - * of the client output vector. - */ -void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx, - const void *buffer, size_t num_bytes); - -/** - * \brief Complete handling of a specific message and unblock the client. - * - * \param[in] msg_handle Handle for the client's message. - * \param[in] status Message result value to be reported to the - * client. - * - * \retval void Success. - * \retval "Does not return" The call is invalid, one or more of the - * following are true: - * \arg msg_handle is invalid. - * \arg An invalid status code is specified for the - * type of message. - */ -void psa_reply(psa_handle_t msg_handle, psa_status_t status); - -/** - * \brief Send a PSA_DOORBELL signal to a specific Secure Partition. - * - * \param[in] partition_id Secure Partition ID of the target partition. - * - * \retval void Success. - * \retval "Does not return" partition_id does not correspond to a Secure - * Partition. - */ -void psa_notify(int32_t partition_id); - -/** - * \brief Clear the PSA_DOORBELL signal. - * - * \retval void Success. - * \retval "Does not return" The Secure Partition's doorbell signal is not - * currently asserted. - */ -void psa_clear(void); - -/** - * \brief Inform the SPM that an interrupt has been handled (end of interrupt). - * - * \param[in] irq_signal The interrupt signal that has been processed. - * - * \retval void Success. - * \retval "Does not return" The call is invalid, one or more of the - * following are true: - * \arg irq_signal is not an interrupt signal. - * \arg irq_signal indicates more than one signal. - * \arg irq_signal is not currently asserted. - */ -void psa_eoi(psa_signal_t irq_signal); - -#define psa_panic(X) abort(); - -#ifdef __cplusplus -} -#endif - -#endif /* __PSA_SERVICE_H__ */ diff --git a/tests/psa-client-server/psasim/include/util.h b/tests/psa-client-server/psasim/include/util.h deleted file mode 100644 index dfc9a32379..0000000000 --- a/tests/psa-client-server/psasim/include/util.h +++ /dev/null @@ -1,33 +0,0 @@ -/* Common definitions used for clients and services */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "service.h" - -#include - -#define PRINT(fmt, ...) \ - fprintf(stdout, fmt "\n", ##__VA_ARGS__) - -#if defined(DEBUG) -#define INFO(fmt, ...) \ - fprintf(stdout, "Info (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__) -#else /* !DEBUG */ -#define INFO(...) -#endif /* DEBUG*/ - -#define ERROR(fmt, ...) \ - fprintf(stderr, "Error (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__) - -#define FATAL(fmt, ...) \ - { \ - fprintf(stderr, "Fatal (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__); \ - abort(); \ - } - -#define PROJECT_ID 'M' -#define PATHNAMESIZE 256 -#define TMP_FILE_BASE_PATH "./" diff --git a/tests/psa-client-server/psasim/src/aut_main.c b/tests/psa-client-server/psasim/src/aut_main.c deleted file mode 100644 index ed198790c6..0000000000 --- a/tests/psa-client-server/psasim/src/aut_main.c +++ /dev/null @@ -1,71 +0,0 @@ -/** - * This is the base AUT that exectues all other AUTs meant to test PSA APIs - * through PSASIM. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* First include Mbed TLS headers to get the Mbed TLS configuration and - * platform definitions that we'll use in this program. Also include - * standard C headers for functions we'll use here. */ -#include "mbedtls/build_info.h" - -#include "psa/crypto.h" - -#include -#include -#include - -int psa_hash_compute_main(void); -int psa_hash_main(void); -int psa_aead_encrypt_main(char *cipher_name); -int psa_aead_encrypt_decrypt_main(void); -int psa_cipher_encrypt_decrypt_main(void); -int psa_asymmetric_encrypt_decrypt_main(void); -int psa_random_main(void); -int psa_mac_main(void); -int psa_key_agreement_main(void); -int psa_sign_verify_main(void); -int psa_hkdf_main(void); - -#define TEST_MODULE(main_func) \ - do { \ - char title[128] = { 0 }; \ - char separator[128] = { 0 }; \ - int title_len = snprintf(title, sizeof(title), "=== Test: %s ===", #main_func); \ - memset(separator, '=', title_len); \ - printf("%s\n%s\n%s\n", separator, title, separator); \ - ret = main_func; \ - if (ret != 0) { \ - goto exit; \ - } \ - } while (0) - -int main() -{ - int ret; - - TEST_MODULE(psa_hash_compute_main()); - TEST_MODULE(psa_hash_main()); - - TEST_MODULE(psa_aead_encrypt_main("aes128-gcm")); - TEST_MODULE(psa_aead_encrypt_main("aes256-gcm")); - TEST_MODULE(psa_aead_encrypt_main("aes128-gcm_8")); - TEST_MODULE(psa_aead_encrypt_main("chachapoly")); - TEST_MODULE(psa_aead_encrypt_decrypt_main()); - TEST_MODULE(psa_cipher_encrypt_decrypt_main()); - TEST_MODULE(psa_asymmetric_encrypt_decrypt_main()); - - TEST_MODULE(psa_random_main()); - - TEST_MODULE(psa_mac_main()); - TEST_MODULE(psa_key_agreement_main()); - TEST_MODULE(psa_sign_verify_main()); - TEST_MODULE(psa_hkdf_main()); - -exit: - return (ret != 0) ? 1 : 0; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c deleted file mode 100644 index 64463f57fc..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c +++ /dev/null @@ -1,227 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include "psa/crypto.h" - -#include -#include -#include - -const char usage[] = - "Usage: aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]"; - -/* Dummy data for encryption: IV/nonce, additional data, 2-part message */ -const unsigned char iv1[12] = { 0x00 }; -const unsigned char add_data1[] = { 0x01, 0x02 }; -const unsigned char msg1_part1[] = { 0x03, 0x04 }; -const unsigned char msg1_part2[] = { 0x05, 0x06, 0x07 }; - -/* Dummy data (2nd message) */ -const unsigned char iv2[12] = { 0x10 }; -const unsigned char add_data2[] = { 0x11, 0x12 }; -const unsigned char msg2_part1[] = { 0x13, 0x14 }; -const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 }; - -/* Maximum total size of the messages */ -#define MSG1_SIZE (sizeof(msg1_part1) + sizeof(msg1_part2)) -#define MSG2_SIZE (sizeof(msg2_part1) + sizeof(msg2_part2)) -#define MSG_MAX_SIZE (MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE) - -/* Dummy key material - never do this in production! - * 32-byte is enough to all the key size supported by this program. */ -const unsigned char key_bytes[32] = { 0x2a }; - -/* Print the contents of a buffer in hex */ -void print_buf(const char *title, uint8_t *buf, size_t len) -{ - printf("%s:", title); - for (size_t i = 0; i < len; i++) { - printf(" %02x", buf[i]); - } - printf("\n"); -} - -/* Run a PSA function and bail out if it fails. - * The symbolic name of the error code can be recovered using: - * programs/psa/psa_constant_name status */ -#define PSA_CHECK(expr) \ - do \ - { \ - status = (expr); \ - if (status != PSA_SUCCESS) \ - { \ - printf("Error %d at line %d: %s\n", \ - (int) status, \ - __LINE__, \ - #expr); \ - goto exit; \ - } \ - } \ - while (0) - -/* - * Prepare encryption material: - * - interpret command-line argument - * - set up key - * - outputs: key and algorithm, which together hold all the information - */ -static psa_status_t aead_prepare(const char *info, - psa_key_id_t *key, - psa_algorithm_t *alg) -{ - psa_status_t status; - - /* Convert arg to alg + key_bits + key_type */ - size_t key_bits; - psa_key_type_t key_type; - if (strcmp(info, "aes128-gcm") == 0) { - *alg = PSA_ALG_GCM; - key_bits = 128; - key_type = PSA_KEY_TYPE_AES; - } else if (strcmp(info, "aes256-gcm") == 0) { - *alg = PSA_ALG_GCM; - key_bits = 256; - key_type = PSA_KEY_TYPE_AES; - } else if (strcmp(info, "aes128-gcm_8") == 0) { - *alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 8); - key_bits = 128; - key_type = PSA_KEY_TYPE_AES; - } else if (strcmp(info, "chachapoly") == 0) { - *alg = PSA_ALG_CHACHA20_POLY1305; - key_bits = 256; - key_type = PSA_KEY_TYPE_CHACHA20; - } else { - puts(usage); - return PSA_ERROR_INVALID_ARGUMENT; - } - - /* Prepare key attributes */ - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); - psa_set_key_algorithm(&attributes, *alg); - psa_set_key_type(&attributes, key_type); - psa_set_key_bits(&attributes, key_bits); // optional - - /* Import key */ - PSA_CHECK(psa_import_key(&attributes, key_bytes, key_bits / 8, key)); - -exit: - return status; -} - -/* - * Print out some information. - * - * All of this information was present in the command line argument, but his - * function demonstrates how each piece can be recovered from (key, alg). - */ -static void aead_info(psa_key_id_t key, psa_algorithm_t alg) -{ - psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT; - (void) psa_get_key_attributes(key, &attr); - psa_key_type_t key_type = psa_get_key_type(&attr); - size_t key_bits = psa_get_key_bits(&attr); - psa_algorithm_t base_alg = PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg); - size_t tag_len = PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg); - - const char *type_str = key_type == PSA_KEY_TYPE_AES ? "AES" - : key_type == PSA_KEY_TYPE_CHACHA20 ? "Chacha" - : "???"; - const char *base_str = base_alg == PSA_ALG_GCM ? "GCM" - : base_alg == PSA_ALG_CHACHA20_POLY1305 ? "ChachaPoly" - : "???"; - - printf("%s, %u, %s, %u\n", - type_str, (unsigned) key_bits, base_str, (unsigned) tag_len); -} - -/* - * Encrypt a 2-part message. - */ -static int aead_encrypt(psa_key_id_t key, psa_algorithm_t alg, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *part1, size_t part1_len, - const unsigned char *part2, size_t part2_len) -{ - psa_status_t status; - size_t olen, olen_tag; - unsigned char out[PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(MSG_MAX_SIZE)]; - unsigned char *p = out, *end = out + sizeof(out); - unsigned char tag[PSA_AEAD_TAG_MAX_SIZE]; - - psa_aead_operation_t op = PSA_AEAD_OPERATION_INIT; - PSA_CHECK(psa_aead_encrypt_setup(&op, key, alg)); - - PSA_CHECK(psa_aead_set_nonce(&op, iv, iv_len)); - PSA_CHECK(psa_aead_update_ad(&op, ad, ad_len)); - PSA_CHECK(psa_aead_update(&op, part1, part1_len, p, end - p, &olen)); - p += olen; - PSA_CHECK(psa_aead_update(&op, part2, part2_len, p, end - p, &olen)); - p += olen; - PSA_CHECK(psa_aead_finish(&op, p, end - p, &olen, - tag, sizeof(tag), &olen_tag)); - p += olen; - memcpy(p, tag, olen_tag); - p += olen_tag; - - olen = p - out; - print_buf("out", out, olen); - -exit: - psa_aead_abort(&op); // required on errors, harmless on success - return status; -} - -/* - * AEAD demo: set up key/alg, print out info, encrypt messages. - */ -static psa_status_t aead_demo(const char *info) -{ - psa_status_t status; - - psa_key_id_t key; - psa_algorithm_t alg; - - PSA_CHECK(aead_prepare(info, &key, &alg)); - - aead_info(key, alg); - - PSA_CHECK(aead_encrypt(key, alg, - iv1, sizeof(iv1), add_data1, sizeof(add_data1), - msg1_part1, sizeof(msg1_part1), - msg1_part2, sizeof(msg1_part2))); - PSA_CHECK(aead_encrypt(key, alg, - iv2, sizeof(iv2), add_data2, sizeof(add_data2), - msg2_part1, sizeof(msg2_part1), - msg2_part2, sizeof(msg2_part2))); - -exit: - psa_destroy_key(key); - - return status; -} - -/* - * Main function - */ -int psa_aead_encrypt_main(char *cipher_name) -{ - psa_status_t status = PSA_SUCCESS; - - /* Initialize the PSA crypto library. */ - PSA_CHECK(psa_crypto_init()); - - /* Run the demo */ - PSA_CHECK(aead_demo(cipher_name)); - - /* Deinitialize the PSA crypto library. */ - mbedtls_psa_crypto_free(); - -exit: - return status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c deleted file mode 100644 index 87ef39a9ed..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -/* - * Temporary hack: psasim’s Makefile only does: - * -Itests/psa-client-server/psasim/include - * -I$(MBEDTLS_ROOT_PATH)/include - * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include - * -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include - * None of those cover tf-psa-crypto/core, so we rely on the - * “-I$(MBEDTLS_ROOT_PATH)/include” entry plus a parent-relative - * include "../tf-psa-crypto/core/tf_psa_crypto_common.h" in order to pull in tf_psa_crypto_common.h here, - * which in turn gets MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING (to silence the - * new GCC-15 unterminated-string-initialization warning). - * See GitHub issue #10223 for the proper long-term fix. - * https://github.com/Mbed-TLS/mbedtls/issues/10223 - */ -#include "../tf-psa-crypto/core/tf_psa_crypto_common.h" -#include -#include -#include - -#define BUFFER_SIZE 500 - -static void print_bytestr(const uint8_t *bytes, size_t len) -{ - for (unsigned int idx = 0; idx < len; idx++) { - printf("%02X", bytes[idx]); - } -} - -int psa_aead_encrypt_decrypt_main(void) -{ - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id = 0; - uint8_t encrypt[BUFFER_SIZE] = { 0 }; - uint8_t decrypt[BUFFER_SIZE] = { 0 }; - const uint8_t plaintext[] = "Hello World!"; - /* We need to tell the compiler that we meant to leave out the null character. */ - const uint8_t key_bytes[32] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; - uint8_t nonce[PSA_AEAD_NONCE_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CCM)]; - size_t nonce_length = sizeof(nonce); - size_t ciphertext_length; - size_t plaintext_length; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&attributes, - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_CCM); - psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); - psa_set_key_bits(&attributes, 256); - - status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); - if (status != PSA_SUCCESS) { - printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - status = psa_generate_random(nonce, nonce_length); - if (status != PSA_SUCCESS) { - printf("psa_generate_random failed\n"); - return EXIT_FAILURE; - } - - status = psa_aead_encrypt(key_id, // key - PSA_ALG_CCM, // algorithm - nonce, nonce_length, // nonce - NULL, 0, // additional data - plaintext, sizeof(plaintext), // plaintext - encrypt, sizeof(encrypt), // ciphertext - &ciphertext_length); // length of output - if (status != PSA_SUCCESS) { - printf("psa_aead_encrypt failed\n"); - return EXIT_FAILURE; - } - - printf("AES-CCM encryption:\n"); - printf("- Plaintext: '%s':\n", plaintext); - printf("- Key: "); - print_bytestr(key_bytes, sizeof(key_bytes)); - printf("\n- Nonce: "); - print_bytestr(nonce, nonce_length); - printf("\n- No additional data\n"); - printf("- Ciphertext:\n"); - - for (size_t j = 0; j < ciphertext_length; j++) { - if (j % 8 == 0) { - printf("\n "); - } - printf("%02x ", encrypt[j]); - } - - printf("\n"); - - status = psa_aead_decrypt(key_id, // key - PSA_ALG_CCM, // algorithm - nonce, nonce_length, // nonce - NULL, 0, // additional data - encrypt, ciphertext_length, // ciphertext - decrypt, sizeof(decrypt), // plaintext - &plaintext_length); // length of output - if (status != PSA_SUCCESS) { - printf("psa_aead_decrypt failed\n"); - return EXIT_FAILURE; - } - - if (memcmp(plaintext, decrypt, sizeof(plaintext)) != 0) { - printf("\nEncryption/Decryption failed!\n"); - } else { - printf("\nEncryption/Decryption successful!\n"); - } - - psa_destroy_key(key_id); - mbedtls_psa_crypto_free(); - return 0; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c deleted file mode 100644 index 02d8cf486d..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include -#include -#include - -#define KEY_BITS 4096 -#define BUFFER_SIZE PSA_BITS_TO_BYTES(KEY_BITS) - -static void print_bytestr(const uint8_t *bytes, size_t len) -{ - for (unsigned int idx = 0; idx < len; idx++) { - printf("%02X", bytes[idx]); - } -} - -int psa_asymmetric_encrypt_decrypt_main(void) -{ - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id = 0; - uint8_t original[BUFFER_SIZE/2] = { 0 }; - uint8_t encrypt[BUFFER_SIZE] = { 0 }; - uint8_t decrypt[BUFFER_SIZE] = { 0 }; - size_t encrypted_length; - size_t decrypted_length; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - status = psa_generate_random(original, sizeof(original)); - if (status != PSA_SUCCESS) { - printf("psa_generate_random() failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&attributes, - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT); - psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); - psa_set_key_bits(&attributes, KEY_BITS); - - status = psa_generate_key(&attributes, &key_id); - if (status != PSA_SUCCESS) { - printf("psa_generate_key failed (%d)\n", status); - return EXIT_FAILURE; - } - - status = psa_asymmetric_encrypt(key_id, PSA_ALG_RSA_PKCS1V15_CRYPT, - original, sizeof(original), NULL, 0, - encrypt, sizeof(encrypt), &encrypted_length); - if (status != PSA_SUCCESS) { - printf("psa_asymmetric_encrypt failed (%d)\n", status); - return EXIT_FAILURE; - } - - status = psa_asymmetric_decrypt(key_id, PSA_ALG_RSA_PKCS1V15_CRYPT, - encrypt, encrypted_length, NULL, 0, - decrypt, sizeof(decrypt), &decrypted_length); - if (status != PSA_SUCCESS) { - printf("psa_cipher_decrypt failed (%d)\n", status); - return EXIT_FAILURE; - } - - if (memcmp(original, decrypt, sizeof(original)) != 0) { - printf("\nEncryption/Decryption failed!\n"); - } else { - printf("\nEncryption/Decryption successful!\n"); - } - - psa_destroy_key(key_id); - mbedtls_psa_crypto_free(); - return 0; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c deleted file mode 100644 index 82bdca54dc..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include "../tf-psa-crypto/core/tf_psa_crypto_common.h" -#include -#include -#include - -#define BUFFER_SIZE 4096 - -static void print_bytestr(const uint8_t *bytes, size_t len) -{ - for (unsigned int idx = 0; idx < len; idx++) { - printf("%02X", bytes[idx]); - } -} - -int psa_cipher_encrypt_decrypt_main(void) -{ - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id = 0; - uint8_t original[BUFFER_SIZE] = { 0 }; - uint8_t encrypt[BUFFER_SIZE] = { 0 }; - uint8_t decrypt[BUFFER_SIZE] = { 0 }; - /* We need to tell the compiler that we meant to leave out the null character. */ - const uint8_t key_bytes[32] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; - size_t encrypted_length; - size_t decrypted_length; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - status = psa_generate_random(original, sizeof(original)); - if (status != PSA_SUCCESS) { - printf("psa_generate_random() failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&attributes, - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_ECB_NO_PADDING); - psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); - psa_set_key_bits(&attributes, 256); - - status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); - if (status != PSA_SUCCESS) { - printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - status = psa_cipher_encrypt(key_id, PSA_ALG_ECB_NO_PADDING, - original, sizeof(original), - encrypt, sizeof(encrypt), &encrypted_length); - if (status != PSA_SUCCESS) { - printf("psa_cipher_encrypt failed\n"); - return EXIT_FAILURE; - } - - status = psa_cipher_decrypt(key_id, PSA_ALG_ECB_NO_PADDING, - encrypt, encrypted_length, - decrypt, sizeof(decrypt), &decrypted_length); - if (status != PSA_SUCCESS) { - printf("psa_cipher_decrypt failed\n"); - return EXIT_FAILURE; - } - - if (memcmp(original, decrypt, sizeof(original)) != 0) { - printf("\nEncryption/Decryption failed!\n"); - } else { - printf("\nEncryption/Decryption successful!\n"); - } - - psa_destroy_key(key_id); - mbedtls_psa_crypto_free(); - return 0; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_hash.c b/tests/psa-client-server/psasim/src/aut_psa_hash.c deleted file mode 100644 index b429c0bc58..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_hash.c +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include -#include -#include - -#include "mbedtls/build_info.h" -#include "mbedtls/platform.h" - -#define HASH_ALG PSA_ALG_SHA_256 - -static const uint8_t sample_message[] = "Hello World!"; -/* sample_message is terminated with a null byte which is not part of - * the message itself so we make sure to subtract it in order to get - * the message length. */ -static const size_t sample_message_length = sizeof(sample_message) - 1; - -#define EXPECTED_HASH_VALUE { \ - 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \ - 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \ - 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \ -} - -static const uint8_t expected_hash[] = EXPECTED_HASH_VALUE; -static const size_t expected_hash_len = sizeof(expected_hash); - -int psa_hash_main(void) -{ - psa_status_t status; - uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; - size_t hash_length; - psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; - psa_hash_operation_t cloned_hash_operation = PSA_HASH_OPERATION_INIT; - - mbedtls_printf("PSA Crypto API: SHA-256 example\n\n"); - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - /* Compute hash using multi-part operation */ - status = psa_hash_setup(&hash_operation, HASH_ALG); - if (status == PSA_ERROR_NOT_SUPPORTED) { - mbedtls_printf("unknown hash algorithm supplied\n"); - return EXIT_FAILURE; - } else if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_setup failed\n"); - return EXIT_FAILURE; - } - - status = psa_hash_update(&hash_operation, sample_message, sample_message_length); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_update failed\n"); - goto cleanup; - } - - status = psa_hash_clone(&hash_operation, &cloned_hash_operation); - if (status != PSA_SUCCESS) { - mbedtls_printf("PSA hash clone failed\n"); - goto cleanup; - } - - status = psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_length); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_finish failed\n"); - goto cleanup; - } - - /* Check the result of the operation against the sample */ - if (hash_length != expected_hash_len || - (memcmp(hash, expected_hash, expected_hash_len) != 0)) { - mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n"); - goto cleanup; - } - - status = - psa_hash_verify(&cloned_hash_operation, expected_hash, - expected_hash_len); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_verify failed\n"); - goto cleanup; - } else { - mbedtls_printf("Multi-part hash operation successful!\n"); - } - - /* A bit of white-box testing: ensure that we can abort an operation more - * times than there are operation slots on the simulator server. - */ - for (int i = 0; i < 200; i++) { - /* This should be a no-op */ - status = psa_hash_abort(&hash_operation); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_abort failed\n"); - goto cleanup; - } - } - - /* Compute hash using multi-part operation using the same operation struct */ - status = psa_hash_setup(&hash_operation, HASH_ALG); - if (status == PSA_ERROR_NOT_SUPPORTED) { - mbedtls_printf("unknown hash algorithm supplied\n"); - goto cleanup; - } else if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_setup failed: %d\n", status); - goto cleanup; - } - - status = psa_hash_update(&hash_operation, sample_message, sample_message_length); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_update failed\n"); - goto cleanup; - } - - /* Don't use psa_hash_finish() when going to check against an expected result */ - status = psa_hash_verify(&hash_operation, expected_hash, expected_hash_len); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_verify failed: %d\n", status); - goto cleanup; - } else { - mbedtls_printf("Second multi-part hash operation successful!\n"); - } - - /* Clear local variables prior to one-shot hash demo */ - memset(hash, 0, sizeof(hash)); - hash_length = 0; - - /* Compute hash using one-shot function call */ - status = psa_hash_compute(HASH_ALG, - sample_message, sample_message_length, - hash, sizeof(hash), - &hash_length); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_compute failed\n"); - goto cleanup; - } - - if (hash_length != expected_hash_len || - (memcmp(hash, expected_hash, expected_hash_len) != 0)) { - mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); - goto cleanup; - } - - mbedtls_printf("One-shot hash operation successful!\n\n"); - - /* Print out result */ - mbedtls_printf("The SHA-256( '%s' ) is: ", sample_message); - - for (size_t j = 0; j < expected_hash_len; j++) { - mbedtls_printf("%02x", hash[j]); - } - - mbedtls_printf("\n"); - - mbedtls_psa_crypto_free(); - return EXIT_SUCCESS; - -cleanup: - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c b/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c deleted file mode 100644 index 959e0c38ab..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include -#include -#include - -#include "mbedtls/build_info.h" -#include "mbedtls/platform.h" - -#define HASH_ALG PSA_ALG_SHA_256 - -static const uint8_t sample_message[] = "Hello World!"; -/* sample_message is terminated with a null byte which is not part of - * the message itself so we make sure to subtract it in order to get - * the message length. */ -static const size_t sample_message_length = sizeof(sample_message) - 1; - -#define EXPECTED_HASH_VALUE { \ - 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \ - 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \ - 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \ -} - -static const uint8_t expected_hash[] = EXPECTED_HASH_VALUE; -static const size_t expected_hash_len = sizeof(expected_hash); - -int psa_hash_compute_main(void) -{ - psa_status_t status; - uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; - size_t hash_length; - - mbedtls_printf("PSA Crypto API: SHA-256 example\n\n"); - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - /* Clear local variables prior to one-shot hash demo */ - memset(hash, 0, sizeof(hash)); - hash_length = 0; - - /* Compute hash using one-shot function call */ - status = psa_hash_compute(HASH_ALG, - sample_message, sample_message_length, - hash, sizeof(hash), - &hash_length); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_hash_compute failed\n"); - goto cleanup; - } - - if (hash_length != expected_hash_len || - (memcmp(hash, expected_hash, expected_hash_len) != 0)) { - mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); - goto cleanup; - } - - mbedtls_printf("One-shot hash operation successful!\n\n"); - - /* Print out result */ - mbedtls_printf("The SHA-256( '%s' ) is: ", sample_message); - - for (size_t j = 0; j < expected_hash_len; j++) { - mbedtls_printf("%02x", hash[j]); - } - - mbedtls_printf("\n"); - - mbedtls_psa_crypto_free(); - return EXIT_SUCCESS; - -cleanup: - return EXIT_FAILURE; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_hkdf.c b/tests/psa-client-server/psasim/src/aut_psa_hkdf.c deleted file mode 100644 index 891fdb3f92..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_hkdf.c +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include -#include -#include -#include "mbedtls/build_info.h" - -int psa_hkdf_main(void) -{ - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id = 0; - psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - - /* Example test vector from RFC 5869 */ - - /* Input keying material (IKM) */ - unsigned char ikm[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; - - unsigned char salt[] = - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c }; - - /* Context and application specific information, which can be of zero length */ - unsigned char info[] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 }; - - /* Expected OKM based on the RFC 5869-provided test vector */ - unsigned char expected_okm[] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, - 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, - 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, - 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, - 0x58, 0x65 }; - - /* The output size of the HKDF function depends on the hash function used. - * In our case we use SHA-256, which produces a 32 byte fingerprint. - * Therefore, we allocate a buffer of 32 bytes to hold the output keying - * material (OKM). - */ - unsigned char output[32]; - - psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256); - - printf("PSA Crypto API: HKDF SHA-256 example\n\n"); - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_HKDF(PSA_ALG_SHA_256)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE); - - status = psa_import_key(&attributes, ikm, sizeof(ikm), &key_id); - if (status != PSA_SUCCESS) { - printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - status = psa_key_derivation_setup(&operation, alg); - if (status != PSA_SUCCESS) { - printf("psa_key_derivation_setup failed"); - return EXIT_FAILURE; - } - - status = psa_key_derivation_input_bytes(&operation, PSA_KEY_DERIVATION_INPUT_SALT, - salt, sizeof(salt)); - if (status != PSA_SUCCESS) { - printf("psa_key_derivation_input_bytes (salt) failed"); - return EXIT_FAILURE; - } - - status = psa_key_derivation_input_key(&operation, PSA_KEY_DERIVATION_INPUT_SECRET, - key_id); - if (status != PSA_SUCCESS) { - printf("psa_key_derivation_input_key failed"); - return EXIT_FAILURE; - } - - status = psa_key_derivation_input_bytes(&operation, PSA_KEY_DERIVATION_INPUT_INFO, - info, sizeof(info)); - if (status != PSA_SUCCESS) { - printf("psa_key_derivation_input_bytes (info) failed"); - return EXIT_FAILURE; - } - - status = psa_key_derivation_output_bytes(&operation, output, sizeof(output)); - if (status != PSA_SUCCESS) { - printf("psa_key_derivation_output_bytes failed"); - return EXIT_FAILURE; - } - - status = psa_key_derivation_abort(&operation); - if (status != PSA_SUCCESS) { - printf("psa_key_derivation_abort failed"); - return EXIT_FAILURE; - } - - printf("OKM: \n"); - - for (size_t j = 0; j < sizeof(output); j++) { - if (output[j] != expected_okm[j]) { - printf("\n --- Unexpected outcome!\n"); - return EXIT_FAILURE; - } - - if (j % 8 == 0) { - printf("\n "); - } - printf("%02x ", output[j]); - } - - printf("\n"); - mbedtls_psa_crypto_free(); - return EXIT_SUCCESS; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_key_agreement.c b/tests/psa-client-server/psasim/src/aut_psa_key_agreement.c deleted file mode 100644 index 4a0aab1477..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_key_agreement.c +++ /dev/null @@ -1,146 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - - -#include "psa/crypto.h" -#include -#include -#include -#include "mbedtls/build_info.h" -#include "mbedtls/debug.h" -#include "mbedtls/platform.h" - -#define BUFFER_SIZE 500 - -#define SERVER_PK_VALUE { \ - 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, \ - 0x66, 0x23, 0x2a, 0x50, 0x8f, 0x4a, 0xd2, 0x0e, 0xa1, \ - 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, \ - 0xa0, 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, \ - 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b, 0x24, 0xa5, 0xb9, \ - 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, \ - 0xb6, 0x98, 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, \ - 0xf3, 0x20 \ -} - -#define KEY_BITS 256 - -int psa_key_agreement_main(void) -{ - psa_status_t status; - psa_key_attributes_t client_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_attributes_t server_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t client_key_id = 0; - psa_key_id_t server_key_id = 0; - uint8_t client_pk[BUFFER_SIZE] = { 0 }; - size_t client_pk_len; - size_t key_bits; - psa_key_type_t key_type; - - const uint8_t server_pk[] = SERVER_PK_VALUE; - uint8_t derived_key[BUFFER_SIZE] = { 0 }; - size_t derived_key_len; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&client_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&client_attributes, PSA_ALG_ECDH); - psa_set_key_type(&client_attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); - psa_set_key_bits(&client_attributes, KEY_BITS); - - /* Generate ephemeral key pair */ - status = psa_generate_key(&client_attributes, &client_key_id); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_generate_key failed\n"); - return EXIT_FAILURE; - } - status = psa_export_public_key(client_key_id, - client_pk, sizeof(client_pk), - &client_pk_len); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_export_public_key failed\n"); - return EXIT_FAILURE; - } - - mbedtls_printf("Client Public Key (%" MBEDTLS_PRINTF_SIZET " bytes):\n", client_pk_len); - - for (size_t j = 0; j < client_pk_len; j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", client_pk[j]); - } - mbedtls_printf("\n\n"); - - psa_set_key_usage_flags(&server_attributes, PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT); - psa_set_key_algorithm(&server_attributes, PSA_ALG_ECDSA_ANY); - psa_set_key_type(&server_attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)); - - /* Import server public key */ - status = psa_import_key(&server_attributes, server_pk, sizeof(server_pk), &server_key_id); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - status = psa_get_key_attributes(server_key_id, &check_attributes); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_get_key_attributes failed\n"); - return EXIT_FAILURE; - } - - key_bits = psa_get_key_bits(&check_attributes); - if (key_bits != 256) { - mbedtls_printf("Incompatible key size!\n"); - return EXIT_FAILURE; - } - - key_type = psa_get_key_type(&check_attributes); - if (key_type != PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)) { - mbedtls_printf("Unsupported key type!\n"); - return EXIT_FAILURE; - } - - mbedtls_printf("Server Public Key (%" MBEDTLS_PRINTF_SIZET " bytes):\n", sizeof(server_pk)); - - for (size_t j = 0; j < sizeof(server_pk); j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", server_pk[j]); - } - mbedtls_printf("\n\n"); - - /* Generate ECDHE derived key */ - status = psa_raw_key_agreement(PSA_ALG_ECDH, // algorithm - client_key_id, // client secret key - server_pk, sizeof(server_pk), // server public key - derived_key, sizeof(derived_key), // buffer to store derived key - &derived_key_len); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_raw_key_agreement failed\n"); - return EXIT_FAILURE; - } - - mbedtls_printf("Derived Key (%" MBEDTLS_PRINTF_SIZET " bytes):\n", derived_key_len); - - for (size_t j = 0; j < derived_key_len; j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", derived_key[j]); - } - mbedtls_printf("\n"); - - psa_destroy_key(server_key_id); - psa_destroy_key(client_key_id); - mbedtls_psa_crypto_free(); - return EXIT_SUCCESS; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_mac.c b/tests/psa-client-server/psasim/src/aut_psa_mac.c deleted file mode 100644 index 18b4b571a3..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_mac.c +++ /dev/null @@ -1,162 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/crypto.h" -#include -#include -#include - -#include "mbedtls/build_info.h" - -/* constant-time buffer comparison */ -static inline int safer_memcmp(const void *a, const void *b, size_t n) -{ - size_t i; - volatile const unsigned char *A = (volatile const unsigned char *) a; - volatile const unsigned char *B = (volatile const unsigned char *) b; - volatile unsigned char diff = 0; - - for (i = 0; i < n; i++) { - /* Read volatile data in order before computing diff. - * This avoids IAR compiler warning: - * 'the order of volatile accesses is undefined ..' */ - unsigned char x = A[i], y = B[i]; - diff |= x ^ y; - } - - return diff; -} - - -int psa_mac_main(void) -{ - uint8_t input[] = "Hello World!"; - psa_status_t status; - size_t mac_size_real = 0; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id = 0; - uint8_t mac[PSA_MAC_MAX_SIZE]; - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - const uint8_t key_bytes[16] = "kkkkkkkkkkkkkkkk"; - const uint8_t mbedtls_test_hmac_sha256[] = { - 0xae, 0x72, 0x34, 0x5a, 0x10, 0x36, 0xfb, 0x71, - 0x35, 0x3c, 0x7d, 0x6c, 0x81, 0x98, 0x52, 0x86, - 0x00, 0x4a, 0x43, 0x7c, 0x2d, 0xb3, 0x1a, 0xd8, - 0x67, 0xb1, 0xad, 0x11, 0x4d, 0x18, 0x49, 0x8b - }; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE | - PSA_KEY_USAGE_SIGN_HASH | - PSA_KEY_USAGE_SIGN_MESSAGE); - psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(PSA_ALG_SHA_256)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); - - status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); - if (status != PSA_SUCCESS) { - printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - /* Single-part MAC operation with psa_mac_compute() */ - status = psa_mac_compute(key_id, - PSA_ALG_HMAC(PSA_ALG_SHA_256), - input, - sizeof(input), - mac, - sizeof(mac), - &mac_size_real); - if (status != PSA_SUCCESS) { - printf("psa_mac_compute failed\n"); - return EXIT_FAILURE; - } - - printf("HMAC-SHA-256(%s) with psa_mac_compute():\n", input); - - for (size_t j = 0; j < mac_size_real; j++) { - if (j % 8 == 0) { - printf("\n "); - } - printf("%02x ", mac[j]); - } - - printf("\n"); - - if (safer_memcmp(mac, - mbedtls_test_hmac_sha256, - mac_size_real - ) != 0) { - printf("\nMAC verified incorrectly!\n"); - } else { - printf("\nMAC verified correctly!\n"); - } - - psa_destroy_key(key_id); - - status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); - if (status != PSA_SUCCESS) { - printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - /* Single-part MAC operation with psa_mac_verify() */ - status = psa_mac_verify(key_id, - PSA_ALG_HMAC(PSA_ALG_SHA_256), - input, - sizeof(input), - mbedtls_test_hmac_sha256, - sizeof(mbedtls_test_hmac_sha256)); - if (status != PSA_SUCCESS) { - printf("psa_mac_verify failed\n"); - return EXIT_FAILURE; - } else { - printf("psa_mac_verify passed successfully\n"); - } - - psa_destroy_key(key_id); - - status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); - if (status != PSA_SUCCESS) { - printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - /* Multi-part MAC operation */ - status = psa_mac_sign_setup(&operation, key_id, PSA_ALG_HMAC(PSA_ALG_SHA_256)); - if (status != PSA_SUCCESS) { - printf("psa_mac_sign_setup failed\n"); - return EXIT_FAILURE; - } - - status = psa_mac_update(&operation, input, sizeof(input)); - if (status != PSA_SUCCESS) { - printf("psa_mac_update failed\n"); - return EXIT_FAILURE; - } - - status = psa_mac_sign_finish(&operation, mac, sizeof(mac), &mac_size_real); - if (status != PSA_SUCCESS) { - printf("psa_mac_sign_finish failed\n"); - return EXIT_FAILURE; - } - - if (safer_memcmp(mac, - mbedtls_test_hmac_sha256, - mac_size_real - ) != 0) { - printf("MAC, calculated with multi-part MAC operation, verified incorrectly!\n"); - } else { - printf("MAC, calculated with multi-part MAC operation, verified correctly!\n"); - } - - psa_destroy_key(key_id); - mbedtls_psa_crypto_free(); - return EXIT_SUCCESS; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_random.c b/tests/psa-client-server/psasim/src/aut_psa_random.c deleted file mode 100644 index 203f4d44ba..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_random.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "mbedtls/build_info.h" - -#include -#include -#include -#include - -#include "mbedtls/private/entropy.h" - -#define BUFFER_SIZE 100 - -int psa_random_main(void) -{ - psa_status_t status; - uint8_t output[BUFFER_SIZE] = { 0 }; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - status = psa_generate_random(output, BUFFER_SIZE); - if (status != PSA_SUCCESS) { - printf("psa_generate_random failed\n"); - return EXIT_FAILURE; - } - - printf("Random bytes generated:\n"); - - for (size_t j = 0; j < BUFFER_SIZE; j++) { - if (j % 8 == 0) { - printf("\n "); - } - printf("%02x ", output[j]); - } - - printf("\n"); - - mbedtls_psa_crypto_free(); - return 0; -} diff --git a/tests/psa-client-server/psasim/src/aut_psa_sign_verify.c b/tests/psa-client-server/psasim/src/aut_psa_sign_verify.c deleted file mode 100644 index 98df9e5162..0000000000 --- a/tests/psa-client-server/psasim/src/aut_psa_sign_verify.c +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - - -#include "psa/crypto.h" -#include -#include -#include - -#include "mbedtls/build_info.h" -#include "mbedtls/platform.h" - -#define KEY_BYTES_VALUE { \ - 0x49, 0xc9, 0xa8, 0xc1, 0x8c, 0x4b, 0x88, 0x56, 0x38, 0xc4, 0x31, 0xcf, \ - 0x1d, 0xf1, 0xc9, 0x94, 0x13, 0x16, 0x09, 0xb5, 0x80, 0xd4, 0xfd, 0x43, \ - 0xa0, 0xca, 0xb1, 0x7d, 0xb2, 0xf1, 0x3e, 0xee \ -} - -#define PLAINTEXT_VALUE "Hello World!" - -/* SHA-256(plaintext) */ -#define HASH_VALUE { \ - 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \ - 0xf9, 0x99, 0xde, 0xbf, 0xad, 0x84, 0x41, 0xe2, 0x69, 0xeb, 0x96, 0x0e, \ - 0x20, 0x1f, 0x61, 0xfc, 0x3d, 0xe2, 0x0d, 0x5a \ -} - -int psa_sign_verify_main(void) -{ - psa_status_t status; - psa_key_id_t key_id = 0; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - uint8_t signature[PSA_SIGNATURE_MAX_SIZE] = { 0 }; - size_t signature_length; - const uint8_t key_bytes[] = KEY_BYTES_VALUE; - const uint8_t plaintext[] = PLAINTEXT_VALUE; - const uint8_t hash[] = HASH_VALUE; - - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_crypto_init failed\n"); - return EXIT_FAILURE; - } - - psa_set_key_usage_flags(&attributes, - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH); - psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); - - status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_import_key failed\n"); - return EXIT_FAILURE; - } - - status = psa_sign_hash(key_id, // key handle - PSA_ALG_ECDSA(PSA_ALG_SHA_256), // signature algorithm - hash, sizeof(hash), // hash of the message - signature, sizeof(signature), // signature (as output) - &signature_length); // length of signature output - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_sign_hash failed\n"); - return EXIT_FAILURE; - } - - mbedtls_printf("ECDSA-SHA256 signature of SHA-256('%s'):\n", plaintext); - - for (size_t j = 0; j < signature_length; j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", signature[j]); - } - - mbedtls_printf("\n"); - - status = psa_verify_hash(key_id, // key handle - PSA_ALG_ECDSA(PSA_ALG_SHA_256), // signature algorithm - hash, sizeof(hash), // hash of message - signature, signature_length); // signature - if (status != PSA_SUCCESS) { - mbedtls_printf("psa_verify_hash failed\n"); - return EXIT_FAILURE; - } else { - mbedtls_printf("\nSignature verification successful!\n"); - } - - psa_destroy_key(key_id); - mbedtls_psa_crypto_free(); - return EXIT_SUCCESS; -} diff --git a/tests/psa-client-server/psasim/src/client.c b/tests/psa-client-server/psasim/src/client.c deleted file mode 100644 index 4c63abf5a3..0000000000 --- a/tests/psa-client-server/psasim/src/client.c +++ /dev/null @@ -1,23 +0,0 @@ -/* psasim test client */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* Includes from mbedtls */ -#include "psa/crypto.h" -#include "util.h" - -int main() -{ - /* psa_crypto_init() connects to the server */ - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - ERROR("psa_crypto_init returned %d", status); - return 1; - } - - mbedtls_psa_crypto_free(); - return 0; -} diff --git a/tests/psa-client-server/psasim/src/manifest.json b/tests/psa-client-server/psasim/src/manifest.json deleted file mode 100644 index e67b636c17..0000000000 --- a/tests/psa-client-server/psasim/src/manifest.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "psa_framework_version":1.0, - "name":"TEST_PARTITION", - "type":"PSA-ROT", - "priority":"LOW", - "entry_point":"psa_server_main", - "stack_size":"0x400", - "heap_size":"0x100", - "services":[ - { - "name":"PSA_SID_CRYPTO", - "sid":"0x0000F000", - "signal":"PSA_CRYPTO", - "non_secure_clients": "true", - "minor_version":1, - "minor_policy":"STRICT" - } - ], - "irqs": [ - { - "source": "SIGINT", - "signal": "SIGINT_SIG" - }, - { - "source": "SIGTSTP", - "signal": "SIGSTP_SIG" - } - ] -} diff --git a/tests/psa-client-server/psasim/src/psa_ff_client.c b/tests/psa-client-server/psasim/src/psa_ff_client.c deleted file mode 100644 index 0d6bbf3c92..0000000000 --- a/tests/psa-client-server/psasim/src/psa_ff_client.c +++ /dev/null @@ -1,385 +0,0 @@ -/* PSA firmware framework client API */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "client.h" -#include "common.h" -#include "error_ext.h" -#include "util.h" - -typedef struct internal_handle { - int server_qid; - int client_qid; - int internal_server_qid; - int valid; -} internal_handle_t; - -typedef struct vectors { - const psa_invec *in_vec; - size_t in_len; - psa_outvec *out_vec; - size_t out_len; -} vectors_t; - -/* Note that this implementation is functional and not secure */ -int __psa_ff_client_security_state = NON_SECURE; - -/* Access to this global is not thread safe */ -#define MAX_HANDLES 32 -static internal_handle_t handles[MAX_HANDLES] = { { 0 } }; - -static int get_next_free_handle() -{ - /* Never return handle 0 as it's a special null handle */ - for (int i = 1; i < MAX_HANDLES; i++) { - if (handles[i].valid == 0) { - return i; - } - } - return -1; -} - -static int handle_is_valid(psa_handle_t handle) -{ - if (handle > 0 && handle < MAX_HANDLES) { - if (handles[handle].valid == 1) { - return 1; - } - } - ERROR("ERROR: Invalid handle"); - return 0; -} - -static int get_queue_info(char *path, int *cqid, int *sqid) -{ - key_t server_queue_key; - int rx_qid, server_qid; - - INFO("Attempting to contact a RoT service queue"); - - if ((rx_qid = msgget(IPC_PRIVATE, 0660)) == -1) { - ERROR("msgget: rx_qid"); - return -1; - } - - if ((server_queue_key = ftok(path, PROJECT_ID)) == -1) { - ERROR("ftok"); - return -2; - } - - if ((server_qid = msgget(server_queue_key, 0)) == -1) { - ERROR("msgget: server_qid"); - return -3; - } - - *cqid = rx_qid; - *sqid = server_qid; - - return 0; -} - -static psa_status_t process_response(int rx_qid, vectors_t *vecs, int type, - int *internal_server_qid) -{ - struct message response, request; - psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED; - size_t invec_seek[4] = { 0 }; - size_t data_size; - psa_status_t invec, outvec; /* TODO: Should these be size_t ? */ - - assert(internal_server_qid > 0); - - while (1) { - data_size = 0; - invec = 0; - outvec = 0; - - /* read response from server */ - if (msgrcv(rx_qid, &response, sizeof(struct message_text), 0, 0) == -1) { - ERROR(" msgrcv failed"); - return ret; - } - - /* process return message from server */ - switch (response.message_type) { - case PSA_REPLY: - memcpy(&ret, response.message_text.buf, sizeof(psa_status_t)); - INFO(" Message received from server: %d", ret); - if (type == PSA_IPC_CONNECT && ret > 0) { - *internal_server_qid = ret; - INFO(" ASSSIGNED q ID %d", *internal_server_qid); - ret = PSA_SUCCESS; - } - return ret; - break; - case READ_REQUEST: - /* read data request */ - request.message_type = READ_RESPONSE; - - assert(vecs != 0); - - memcpy(&invec, response.message_text.buf, sizeof(psa_status_t)); - memcpy(&data_size, response.message_text.buf+sizeof(size_t), sizeof(size_t)); - INFO(" Partition asked for %lu bytes from invec %d", data_size, invec); - - /* need to add more checks here */ - assert(invec >= 0 && invec < PSA_MAX_IOVEC); - - if (data_size > MAX_FRAGMENT_SIZE) { - data_size = MAX_FRAGMENT_SIZE; - } - - /* send response */ - INFO(" invec_seek[invec] is %lu", invec_seek[invec]); - INFO(" Reading from offset %p", vecs->in_vec[invec].base + invec_seek[invec]); - memcpy(request.message_text.buf, - (vecs->in_vec[invec].base + invec_seek[invec]), - data_size); - - /* update invec base TODO: check me */ - invec_seek[invec] = invec_seek[invec] + data_size; - - INFO(" Sending message of type %li", request.message_type); - INFO(" with content %s", request.message_text.buf); - - if (msgsnd(*internal_server_qid, &request, - sizeof(int) + sizeof(uint32_t) + data_size, 0) == -1) { - ERROR("Internal error: failed to respond to read request"); - } - break; - case WRITE_REQUEST: - assert(vecs != 0); - - request.message_type = WRITE_RESPONSE; - - memcpy(&outvec, response.message_text.buf, sizeof(psa_status_t)); - memcpy(&data_size, response.message_text.buf + sizeof(size_t), sizeof(size_t)); - INFO(" Partition wants to write %lu bytes to outvec %d", data_size, outvec); - - assert(outvec >= 0 && outvec < PSA_MAX_IOVEC); - - /* copy memory into message and send back amount written */ - size_t sofar = vecs->out_vec[outvec].len; - memcpy(vecs->out_vec[outvec].base + sofar, - response.message_text.buf+(sizeof(size_t)*2), data_size); - INFO(" Data size is %lu", data_size); - vecs->out_vec[outvec].len += data_size; - - INFO(" Sending message of type %li", request.message_type); - - /* send response */ - if (msgsnd(*internal_server_qid, &request, sizeof(int) + data_size, 0) == -1) { - ERROR("Internal error: failed to respond to write request"); - } - break; - case SKIP_REQUEST: - memcpy(&invec, response.message_text.buf, sizeof(psa_status_t)); - memcpy(&data_size, response.message_text.buf+sizeof(size_t), sizeof(size_t)); - INFO(" Partition asked to skip %lu bytes in invec %d", data_size, invec); - assert(invec >= 0 && invec < PSA_MAX_IOVEC); - /* update invec base TODO: check me */ - invec_seek[invec] = invec_seek[invec] + data_size; - break; - - default: - FATAL(" ERROR: unknown internal message type: %ld", - response.message_type); - } - } -} - -static psa_status_t send(int rx_qid, int server_qid, int *internal_server_qid, - int32_t type, uint32_t minor_version, vectors_t *vecs) -{ - psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED; - size_t request_msg_size = (sizeof(int) + sizeof(long)); /* msg type plus queue id */ - struct message request; - request.message_type = 1; /* TODO: change this */ - request.message_text.psa_type = type; - vector_sizes_t vec_sizes; - - /* If the client is non-secure then set the NS bit */ - if (__psa_ff_client_security_state != 0) { - request.message_type |= NON_SECURE; - } - - assert(request.message_type >= 0); - - INFO("SEND: Sending message of type %ld with psa_type %d", request.message_type, type); - INFO(" internal_server_qid = %i", *internal_server_qid); - - request.message_text.qid = rx_qid; - - if (type == PSA_IPC_CONNECT) { - memcpy(request.message_text.buf, &minor_version, sizeof(minor_version)); - request_msg_size = request_msg_size + sizeof(minor_version); - INFO(" Request msg size is %lu", request_msg_size); - } else { - assert(internal_server_qid > 0); - } - - if (vecs != NULL && type >= PSA_IPC_CALL) { - - memset(&vec_sizes, 0, sizeof(vec_sizes)); - - /* Copy invec sizes */ - for (size_t i = 0; i < (vecs->in_len); i++) { - vec_sizes.invec_sizes[i] = vecs->in_vec[i].len; - INFO(" Client sending vector %lu: %lu", i, vec_sizes.invec_sizes[i]); - } - - /* Copy outvec sizes */ - for (size_t i = 0; i < (vecs->out_len); i++) { - vec_sizes.outvec_sizes[i] = vecs->out_vec[i].len; - - /* Reset to 0 since we need to eventually fill in with bytes written */ - vecs->out_vec[i].len = 0; - } - - memcpy(request.message_text.buf, &vec_sizes, sizeof(vec_sizes)); - request_msg_size = request_msg_size + sizeof(vec_sizes); - } - - INFO(" Sending and then waiting"); - - /* send message to server */ - if (msgsnd(server_qid, &request, request_msg_size, 0) == -1) { - ERROR(" msgsnd failed"); - return ret; - } - - return process_response(rx_qid, vecs, type, internal_server_qid); -} - - -uint32_t psa_framework_version(void) -{ - return PSA_FRAMEWORK_VERSION; -} - -psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version) -{ - int idx; - psa_status_t ret; - char pathname[PATHNAMESIZE] = { 0 }; - - idx = get_next_free_handle(); - - /* if there's a free handle available */ - if (idx >= 0) { - snprintf(pathname, PATHNAMESIZE - 1, TMP_FILE_BASE_PATH "psa_service_%u", sid); - INFO("Attempting to contact RoT service at %s", pathname); - - /* if communication is possible */ - if (get_queue_info(pathname, &handles[idx].client_qid, &handles[idx].server_qid) >= 0) { - - ret = send(handles[idx].client_qid, - handles[idx].server_qid, - &handles[idx].internal_server_qid, - PSA_IPC_CONNECT, - minor_version, - NULL); - - /* if connection accepted by RoT service */ - if (ret >= 0) { - handles[idx].valid = 1; - return idx; - } else { - ERROR("Server didn't like you"); - } - } else { - ERROR("Couldn't contact RoT service. Does it exist?"); - - if (__psa_ff_client_security_state == 0) { - ERROR("Invalid SID"); - } - } - } - - INFO("Couldn't obtain a free handle"); - return PSA_ERROR_CONNECTION_REFUSED; -} - -uint32_t psa_version(uint32_t sid) -{ - int idx; - psa_status_t ret; - char pathname[PATHNAMESIZE] = { 0 }; - - idx = get_next_free_handle(); - - if (idx >= 0) { - snprintf(pathname, PATHNAMESIZE, TMP_FILE_BASE_PATH "psa_service_%u", sid); - if (get_queue_info(pathname, &handles[idx].client_qid, &handles[idx].server_qid) >= 0) { - ret = send(handles[idx].client_qid, - handles[idx].server_qid, - &handles[idx].internal_server_qid, - VERSION_REQUEST, - 0, - NULL); - INFO("psa_version: Recieved from server %d", ret); - if (ret > 0) { - return ret; - } - } - } - ERROR("psa_version failed: does the service exist?"); - return PSA_VERSION_NONE; -} - -psa_status_t psa_call(psa_handle_t handle, - int32_t type, - const psa_invec *in_vec, - size_t in_len, - psa_outvec *out_vec, - size_t out_len) -{ - handle_is_valid(handle); - - if ((in_len + out_len) > PSA_MAX_IOVEC) { - ERROR("Too many iovecs: %lu + %lu", in_len, out_len); - } - - vectors_t vecs = { 0 }; - vecs.in_vec = in_vec; - vecs.in_len = in_len; - vecs.out_vec = out_vec; - vecs.out_len = out_len; - - return send(handles[handle].client_qid, - handles[handle].server_qid, - &handles[handle].internal_server_qid, - type, - 0, - &vecs); -} - -void psa_close(psa_handle_t handle) -{ - handle_is_valid(handle); - if (send(handles[handle].client_qid, handles[handle].server_qid, - &handles[handle].internal_server_qid, PSA_IPC_DISCONNECT, 0, NULL)) { - ERROR("ERROR: Couldn't send disconnect msg"); - } else { - if (msgctl(handles[handle].client_qid, IPC_RMID, NULL) != 0) { - ERROR("ERROR: Failed to delete msg queue"); - } - } - INFO("Closing handle %u", handle); - handles[handle].valid = 0; -} diff --git a/tests/psa-client-server/psasim/src/psa_ff_server.c b/tests/psa-client-server/psasim/src/psa_ff_server.c deleted file mode 100644 index 00c5272646..0000000000 --- a/tests/psa-client-server/psasim/src/psa_ff_server.c +++ /dev/null @@ -1,655 +0,0 @@ -/* PSA Firmware Framework service API */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "service.h" -#include "init.h" -#include "error_ext.h" -#include "common.h" -#include "util.h" - -#define MAX_CLIENTS 128 -#define MAX_MESSAGES 32 - -struct connection { - uint32_t client; - void *rhandle; - int client_to_server_q; -}; - -/* Note that this implementation is functional and not secure. */ -int __psa_ff_client_security_state = NON_SECURE; - -static psa_msg_t messages[MAX_MESSAGES]; /* Message slots */ -static uint8_t pending_message[MAX_MESSAGES] = { 0 }; /* Booleans indicating active message slots */ -static uint32_t message_client[MAX_MESSAGES] = { 0 }; /* Each client's response queue */ -static int nsacl[32]; -static int strict_policy[32] = { 0 }; -static uint32_t rot_svc_versions[32]; -static int rot_svc_incoming_queue[32] = { -1 }; -static struct connection connections[MAX_CLIENTS] = { { 0 } }; - -static uint32_t exposed_signals = 0; - -void print_vectors(vector_sizes_t *sizes) -{ - INFO("Printing iovec sizes"); - for (int j = 0; j < PSA_MAX_IOVEC; j++) { - INFO("Invec %d: %lu", j, sizes->invec_sizes[j]); - } - - for (int j = 0; j < PSA_MAX_IOVEC; j++) { - INFO("Outvec %d: %lu", j, sizes->outvec_sizes[j]); - } -} - -int find_connection(uint32_t client) -{ - for (int i = 1; i < MAX_CLIENTS; i++) { - if (client == connections[i].client) { - return i; - } - } - return -1; -} - -void destroy_connection(uint32_t client) -{ - int idx = find_connection(client); - if (idx >= 0) { - connections[idx].client = 0; - connections[idx].rhandle = 0; - INFO("Destroying connection"); - } else { - ERROR("Couldn't destroy connection for %u", client); - } -} - -int find_free_connection() -{ - INFO("Allocating connection"); - return find_connection(0); -} - -static void reply(psa_handle_t msg_handle, psa_status_t status) -{ - pending_message[msg_handle] = 1; - psa_reply(msg_handle, status); - pending_message[msg_handle] = 0; -} - -psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout) -{ - psa_signal_t mask; - struct message msg; - vector_sizes_t sizes; - struct msqid_ds qinfo; - uint32_t requested_version; - ssize_t len; - int idx; - - if (timeout == PSA_POLL) { - INFO("psa_wait: Called in polling mode"); - } - - do { - mask = signal_mask; - - /* Check the status of each queue */ - for (int i = 0; i < 32; i++) { - if (mask & 0x1) { - if (i < 3) { - // do nothing (reserved) - } else if (i == 3) { - // this must be psa doorbell - } else { - /* Check if this signal corresponds to a queue */ - if (rot_svc_incoming_queue[i] >= 0 && (pending_message[i] == 0)) { - - /* AFAIK there is no "peek" method in SysV, so try to get a message */ - len = msgrcv(rot_svc_incoming_queue[i], - &msg, - sizeof(struct message_text), - 0, - IPC_NOWAIT); - if (len > 0) { - - INFO("Storing that QID in message_client[%d]", i); - INFO("The message handle will be %d", i); - - msgctl(rot_svc_incoming_queue[i], IPC_STAT, &qinfo); - messages[i].client_id = qinfo.msg_lspid; /* PID of last msgsnd(2) call */ - message_client[i] = msg.message_text.qid; - idx = find_connection(msg.message_text.qid); - - if (msg.message_type & NON_SECURE) { - /* This is a non-secure message */ - - /* Check if NS client is allowed for this RoT service */ - if (nsacl[i] <= 0) { -#if 0 - INFO( - "Rejecting non-secure client due to manifest security policy"); - reply(i, PSA_ERROR_CONNECTION_REFUSED); - continue; /* Skip to next signal */ -#endif - } - - msg.message_type &= ~(NON_SECURE); /* clear */ - messages[i].client_id = messages[i].client_id * -1; - } - - INFO("Got a message from client ID %d", messages[i].client_id); - INFO("Message type is %lu", msg.message_type); - INFO("PSA message type is %d", msg.message_text.psa_type); - - messages[i].handle = i; - - switch (msg.message_text.psa_type) { - case PSA_IPC_CONNECT: - - if (len >= 16) { - memcpy(&requested_version, msg.message_text.buf, - sizeof(requested_version)); - INFO("Requesting version %u", requested_version); - INFO("Implemented version %u", rot_svc_versions[i]); - /* TODO: need to check whether the policy is strict, - * and if so, then reject the client if the number doesn't match */ - - if (requested_version > rot_svc_versions[i]) { - INFO( - "Rejecting client because requested version that was too high"); - reply(i, PSA_ERROR_CONNECTION_REFUSED); - continue; /* Skip to next signal */ - } - - if (strict_policy[i] == 1 && - (requested_version != rot_svc_versions[i])) { - INFO( - "Rejecting client because enforcing a STRICT version policy"); - reply(i, PSA_ERROR_CONNECTION_REFUSED); - continue; /* Skip to next signal */ - } else { - INFO("Not rejecting client"); - } - } - - messages[i].type = PSA_IPC_CONNECT; - - if (idx < 0) { - idx = find_free_connection(); - } - - if (idx >= 0) { - connections[idx].client = msg.message_text.qid; - } else { - /* We've run out of system wide connections */ - reply(i, PSA_ERROR_CONNECTION_BUSY); - ERROR("Ran out of free connections"); - continue; - } - - break; - case PSA_IPC_DISCONNECT: - messages[i].type = PSA_IPC_DISCONNECT; - break; - case VERSION_REQUEST: - INFO("Got a version request"); - reply(i, rot_svc_versions[i]); - continue; /* Skip to next signal */ - break; - - default: - - /* PSA CALL */ - if (msg.message_text.psa_type >= 0) { - messages[i].type = msg.message_text.psa_type; - memcpy(&sizes, msg.message_text.buf, sizeof(sizes)); - print_vectors(&sizes); - memcpy(&messages[i].in_size, &sizes.invec_sizes, - (sizeof(size_t) * PSA_MAX_IOVEC)); - memcpy(&messages[i].out_size, &sizes.outvec_sizes, - (sizeof(size_t) * PSA_MAX_IOVEC)); - } else { - FATAL("UNKNOWN MESSAGE TYPE RECEIVED %li", - msg.message_type); - } - break; - } - messages[i].handle = i; - - /* Check if the client has a connection */ - if (idx >= 0) { - messages[i].rhandle = connections[idx].rhandle; - } else { - /* Client is begging for a programmer error */ - reply(i, PSA_ERROR_PROGRAMMER_ERROR); - continue; - } - - /* House keeping */ - pending_message[i] = 1; /* set message as pending */ - exposed_signals |= (0x1 << i); /* assert the signal */ - } - } - } - mask = mask >> 1; - } - } - - if ((timeout == PSA_BLOCK) && (exposed_signals > 0)) { - break; - } else { - /* There is no 'select' function in SysV to block on multiple queues, so busy-wait :( */ - } - } while (timeout == PSA_BLOCK); - - /* Assert signals */ - return signal_mask & exposed_signals; -} - -static int signal_to_index(psa_signal_t signal) -{ - int i; - int count = 0; - int ret = -1; - - for (i = 0; i < 32; i++) { - if (signal & 0x1) { - ret = i; - count++; - } - signal = signal >> 1; - } - - if (count > 1) { - ERROR("ERROR: Too many signals"); - return -1; /* Too many signals */ - } - return ret; -} - -static void clear_signal(psa_signal_t signal) -{ - exposed_signals = exposed_signals & ~signal; -} - -void raise_signal(psa_signal_t signal) -{ - exposed_signals |= signal; -} - -psa_status_t psa_get(psa_signal_t signal, psa_msg_t *msg) -{ - int index = signal_to_index(signal); - if (index < 0) { - ERROR("Bad signal"); - } - - clear_signal(signal); - - assert(messages[index].handle != 0); - - if (pending_message[index] == 1) { - INFO("There is a pending message!"); - memcpy(msg, &messages[index], sizeof(struct psa_msg_t)); - assert(msg->handle != 0); - return PSA_SUCCESS; - } else { - INFO("no pending message"); - } - - return PSA_ERROR_DOES_NOT_EXIST; -} - -static inline int is_valid_msg_handle(psa_handle_t h) -{ - if (h > 0 && h < MAX_MESSAGES) { - return 1; - } - ERROR("Not a valid message handle"); - return 0; -} - -static inline int is_call_msg(psa_handle_t h) -{ - assert(messages[h].type >= PSA_IPC_CALL); - return 1; -} - -void psa_set_rhandle(psa_handle_t msg_handle, void *rhandle) -{ - is_valid_msg_handle(msg_handle); - int idx = find_connection(message_client[msg_handle]); - INFO("Setting rhandle to %p", rhandle); - assert(idx >= 0); - connections[idx].rhandle = rhandle; -} - -/* Sends a message from the server to the client. Does not wait for a response */ -static void send_msg(psa_handle_t msg_handle, - int ctrl_msg, - psa_status_t status, - size_t amount, - const void *data, - size_t data_amount) -{ - struct message response; - int flags = 0; - - assert(ctrl_msg > 0); /* According to System V, it must be greater than 0 */ - - response.message_type = ctrl_msg; - if (ctrl_msg == PSA_REPLY) { - memcpy(response.message_text.buf, &status, sizeof(psa_status_t)); - } else if (ctrl_msg == READ_REQUEST || ctrl_msg == WRITE_REQUEST || ctrl_msg == SKIP_REQUEST) { - memcpy(response.message_text.buf, &status, sizeof(psa_status_t)); - memcpy(response.message_text.buf+sizeof(size_t), &amount, sizeof(size_t)); - if (ctrl_msg == WRITE_REQUEST) { - /* TODO: Check if too big */ - memcpy(response.message_text.buf + (sizeof(size_t) * 2), data, data_amount); - } - } - - /* TODO: sizeof doesn't need to be so big here for small responses */ - if (msgsnd(message_client[msg_handle], &response, sizeof(response.message_text), flags) == -1) { - ERROR("Failed to reply"); - } -} - -static size_t skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes) -{ - if (num_bytes < (messages[msg_handle].in_size[invec_idx] - num_bytes)) { - messages[msg_handle].in_size[invec_idx] = messages[msg_handle].in_size[invec_idx] - - num_bytes; - return num_bytes; - } else { - if (num_bytes >= messages[msg_handle].in_size[invec_idx]) { - size_t ret = messages[msg_handle].in_size[invec_idx]; - messages[msg_handle].in_size[invec_idx] = 0; - return ret; - } else { - return num_bytes; - } - } -} - -size_t psa_read(psa_handle_t msg_handle, uint32_t invec_idx, - void *buffer, size_t num_bytes) -{ - size_t sofar = 0; - struct message msg = { 0 }; - int idx; - ssize_t len; - - is_valid_msg_handle(msg_handle); - is_call_msg(msg_handle); - - if (invec_idx >= PSA_MAX_IOVEC) { - ERROR("Invalid iovec number"); - } - - /* If user wants more data than what's available, truncate their request */ - if (num_bytes > messages[msg_handle].in_size[invec_idx]) { - num_bytes = messages[msg_handle].in_size[invec_idx]; - } - - while (sofar < num_bytes) { - INFO("Server: requesting %lu bytes from client", (num_bytes - sofar)); - send_msg(msg_handle, READ_REQUEST, invec_idx, (num_bytes - sofar), NULL, 0); - - idx = find_connection(message_client[msg_handle]); - assert(idx >= 0); - - len = msgrcv(connections[idx].client_to_server_q, &msg, sizeof(struct message_text), 0, 0); - len = (len - offsetof(struct message_text, buf)); - - if (len < 0) { - FATAL("Internal error: failed to dispatch read request to the client"); - } - - if (len > (num_bytes - sofar)) { - if ((num_bytes - sofar) > 0) { - memcpy(buffer+sofar, msg.message_text.buf, (num_bytes - sofar)); - } - } else { - memcpy(buffer + sofar, msg.message_text.buf, len); - } - - INFO("Printing what i got so far: %s", msg.message_text.buf); - - sofar = sofar + len; - } - - /* Update the seek count */ - skip(msg_handle, invec_idx, num_bytes); - INFO("Finished psa_read"); - return sofar; -} - -void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx, - const void *buffer, size_t num_bytes) -{ - size_t sofar = 0; - struct message msg = { 0 }; - int idx; - ssize_t len; - - is_valid_msg_handle(msg_handle); - is_call_msg(msg_handle); - - if (outvec_idx >= PSA_MAX_IOVEC) { - ERROR("Invalid iovec number"); - } - - if (num_bytes > messages[msg_handle].out_size[outvec_idx]) { - ERROR("Program tried to write too much data %lu/%lu", num_bytes, - messages[msg_handle].out_size[outvec_idx]); - } - - while (sofar < num_bytes) { - size_t sending = (num_bytes - sofar); - if (sending > (MAX_FRAGMENT_SIZE - (sizeof(size_t) * 2))) { - sending = MAX_FRAGMENT_SIZE - (sizeof(size_t) * 2); - } - - INFO("Server: sending %lu bytes to client, sofar = %lu", sending, (long) sofar); - - send_msg(msg_handle, WRITE_REQUEST, outvec_idx, sending, buffer + sofar, sending); - - idx = find_connection(message_client[msg_handle]); - assert(idx >= 0); - - len = msgrcv(connections[idx].client_to_server_q, &msg, sizeof(struct message_text), 0, 0); - if (len < 1) { - FATAL("Client didn't give me a full response"); - } - sofar = sofar + sending; - } - - /* Update the seek count */ - messages[msg_handle].out_size[outvec_idx] -= num_bytes; -} - -size_t psa_skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes) -{ - is_valid_msg_handle(msg_handle); - is_call_msg(msg_handle); - - size_t ret = skip(msg_handle, invec_idx, num_bytes); - - /* notify client to skip */ - send_msg(msg_handle, SKIP_REQUEST, invec_idx, num_bytes, NULL, 0); - return ret; -} - -static void destroy_temporary_queue(int myqid) -{ - if (msgctl(myqid, IPC_RMID, NULL) != 0) { - INFO("ERROR: Failed to delete msg queue %d", myqid); - } -} - -static int make_temporary_queue() -{ - int myqid; - if ((myqid = msgget(IPC_PRIVATE, 0660)) == -1) { - INFO("msgget: myqid"); - return -1; - } - return myqid; -} - -/** - * Assumes msg_handle is the index into the message array - */ -void psa_reply(psa_handle_t msg_handle, psa_status_t status) -{ - int idx, q; - is_valid_msg_handle(msg_handle); - - if (pending_message[msg_handle] != 1) { - ERROR("Not a valid message handle"); - } - - if (messages[msg_handle].type == PSA_IPC_CONNECT) { - switch (status) { - case PSA_SUCCESS: - idx = find_connection(message_client[msg_handle]); - q = make_temporary_queue(); - if (q > 0 && idx >= 0) { - connections[idx].client_to_server_q = q; - status = q; - } else { - FATAL("What happened?"); - } - break; - case PSA_ERROR_CONNECTION_REFUSED: - destroy_connection(message_client[msg_handle]); - break; - case PSA_ERROR_CONNECTION_BUSY: - destroy_connection(message_client[msg_handle]); - break; - case PSA_ERROR_PROGRAMMER_ERROR: - destroy_connection(message_client[msg_handle]); - break; - default: - ERROR("Not a valid reply %d", status); - } - } else if (messages[msg_handle].type == PSA_IPC_DISCONNECT) { - idx = find_connection(message_client[msg_handle]); - if (idx >= 0) { - destroy_temporary_queue(connections[idx].client_to_server_q); - } - destroy_connection(message_client[msg_handle]); - } - - send_msg(msg_handle, PSA_REPLY, status, 0, NULL, 0); - - pending_message[msg_handle] = 0; - message_client[msg_handle] = 0; -} - -/* TODO: make sure you only clear interrupt signals, and not others */ -void psa_eoi(psa_signal_t signal) -{ - int index = signal_to_index(signal); - if (index >= 0 && (rot_svc_incoming_queue[index] >= 0)) { - clear_signal(signal); - } else { - ERROR("Tried to EOI a signal that isn't an interrupt"); - } -} - -void psa_notify(int32_t partition_id) -{ - char pathname[PATHNAMESIZE] = { 0 }; - - if (partition_id < 0) { - ERROR("Not a valid secure partition"); - } - - snprintf(pathname, PATHNAMESIZE, "/tmp/psa_notify_%u", partition_id); - INFO("psa_notify: notifying partition %u using %s", - partition_id, pathname); - INFO("psa_notify is unimplemented"); -} - -void psa_clear(void) -{ - clear_signal(PSA_DOORBELL); -} - -void __init_psasim(const char **array, - int size, - const int allow_ns_clients_array[32], - const uint32_t versions[32], - const int strict_policy_array[32]) -{ - static uint8_t library_initialised = 0; - key_t key; - int qid; - FILE *fp; - char doorbell_file[PATHNAMESIZE] = { 0 }; - char queue_path[PATHNAMESIZE]; - snprintf(doorbell_file, PATHNAMESIZE, "psa_notify_%u", getpid()); - - if (library_initialised > 0) { - return; - } else { - library_initialised = 1; - } - - if (size != 32) { - FATAL("Unsupported value. Aborting."); - } - - array[3] = doorbell_file; - - for (int i = 0; i < 32; i++) { - if (strncmp(array[i], "", 1) != 0) { - INFO("Setting up %s", array[i]); - memset(queue_path, 0, sizeof(queue_path)); - snprintf(queue_path, sizeof(queue_path), "%s%s", TMP_FILE_BASE_PATH, array[i]); - - /* Create file if doesn't exist */ - fp = fopen(queue_path, "ab+"); - if (fp) { - fclose(fp); - } - - if ((key = ftok(queue_path, PROJECT_ID)) == -1) { - FATAL("Error finding message queue during initialisation"); - } - - /* TODO: Investigate. Permissions are likely to be too relaxed */ - if ((qid = msgget(key, IPC_CREAT | 0660)) == -1) { - FATAL("Error opening message queue during initialisation"); - } else { - rot_svc_incoming_queue[i] = qid; - } - } - } - - memcpy(nsacl, allow_ns_clients_array, sizeof(int) * 32); - memcpy(strict_policy, strict_policy_array, sizeof(int) * 32); - memcpy(rot_svc_versions, versions, sizeof(uint32_t) * 32); - memset(&connections, 0, sizeof(struct connection) * MAX_CLIENTS); - - __psa_ff_client_security_state = 0; /* Set the client status to SECURE */ -} diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h deleted file mode 100644 index 74746b653b..0000000000 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ /dev/null @@ -1,107 +0,0 @@ -/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef _PSA_FUNCTIONS_CODES_H_ -#define _PSA_FUNCTIONS_CODES_H_ - -enum { - /* Start here to avoid overlap with PSA_IPC_CONNECT, PSA_IPC_DISCONNECT - * and VERSION_REQUEST */ - PSA_CRYPTO_INIT = 100, - PSA_AEAD_ABORT, - PSA_AEAD_DECRYPT, - PSA_AEAD_DECRYPT_SETUP, - PSA_AEAD_ENCRYPT, - PSA_AEAD_ENCRYPT_SETUP, - PSA_AEAD_FINISH, - PSA_AEAD_GENERATE_NONCE, - PSA_AEAD_SET_LENGTHS, - PSA_AEAD_SET_NONCE, - PSA_AEAD_UPDATE, - PSA_AEAD_UPDATE_AD, - PSA_AEAD_VERIFY, - PSA_ASYMMETRIC_DECRYPT, - PSA_ASYMMETRIC_ENCRYPT, - PSA_CAN_DO_HASH, - PSA_CIPHER_ABORT, - PSA_CIPHER_DECRYPT, - PSA_CIPHER_DECRYPT_SETUP, - PSA_CIPHER_ENCRYPT, - PSA_CIPHER_ENCRYPT_SETUP, - PSA_CIPHER_FINISH, - PSA_CIPHER_GENERATE_IV, - PSA_CIPHER_SET_IV, - PSA_CIPHER_UPDATE, - PSA_COPY_KEY, - PSA_DESTROY_KEY, - PSA_EXPORT_KEY, - PSA_EXPORT_PUBLIC_KEY, - PSA_EXPORT_PUBLIC_KEY_IOP_ABORT, - PSA_EXPORT_PUBLIC_KEY_IOP_COMPLETE, - PSA_EXPORT_PUBLIC_KEY_IOP_GET_NUM_OPS, - PSA_EXPORT_PUBLIC_KEY_IOP_SETUP, - PSA_GENERATE_KEY, - PSA_GENERATE_KEY_CUSTOM, - PSA_GENERATE_KEY_IOP_ABORT, - PSA_GENERATE_KEY_IOP_COMPLETE, - PSA_GENERATE_KEY_IOP_GET_NUM_OPS, - PSA_GENERATE_KEY_IOP_SETUP, - PSA_GENERATE_RANDOM, - PSA_GET_KEY_ATTRIBUTES, - PSA_HASH_ABORT, - PSA_HASH_CLONE, - PSA_HASH_COMPARE, - PSA_HASH_COMPUTE, - PSA_HASH_FINISH, - PSA_HASH_SETUP, - PSA_HASH_UPDATE, - PSA_HASH_VERIFY, - PSA_IMPORT_KEY, - PSA_INTERRUPTIBLE_GET_MAX_OPS, - PSA_INTERRUPTIBLE_SET_MAX_OPS, - PSA_KEY_AGREEMENT, - PSA_KEY_AGREEMENT_IOP_ABORT, - PSA_KEY_AGREEMENT_IOP_COMPLETE, - PSA_KEY_AGREEMENT_IOP_GET_NUM_OPS, - PSA_KEY_AGREEMENT_IOP_SETUP, - PSA_KEY_DERIVATION_ABORT, - PSA_KEY_DERIVATION_GET_CAPACITY, - PSA_KEY_DERIVATION_INPUT_BYTES, - PSA_KEY_DERIVATION_INPUT_INTEGER, - PSA_KEY_DERIVATION_INPUT_KEY, - PSA_KEY_DERIVATION_KEY_AGREEMENT, - PSA_KEY_DERIVATION_OUTPUT_BYTES, - PSA_KEY_DERIVATION_OUTPUT_KEY, - PSA_KEY_DERIVATION_OUTPUT_KEY_CUSTOM, - PSA_KEY_DERIVATION_SET_CAPACITY, - PSA_KEY_DERIVATION_SETUP, - PSA_MAC_ABORT, - PSA_MAC_COMPUTE, - PSA_MAC_SIGN_FINISH, - PSA_MAC_SIGN_SETUP, - PSA_MAC_UPDATE, - PSA_MAC_VERIFY, - PSA_MAC_VERIFY_FINISH, - PSA_MAC_VERIFY_SETUP, - PSA_PURGE_KEY, - PSA_RAW_KEY_AGREEMENT, - PSA_RESET_KEY_ATTRIBUTES, - PSA_SIGN_HASH, - PSA_SIGN_HASH_ABORT, - PSA_SIGN_HASH_COMPLETE, - PSA_SIGN_HASH_GET_NUM_OPS, - PSA_SIGN_HASH_START, - PSA_SIGN_MESSAGE, - PSA_VERIFY_HASH, - PSA_VERIFY_HASH_ABORT, - PSA_VERIFY_HASH_COMPLETE, - PSA_VERIFY_HASH_GET_NUM_OPS, - PSA_VERIFY_HASH_START, - PSA_VERIFY_MESSAGE, -}; - -#endif /* _PSA_FUNCTIONS_CODES_H_ */ diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c deleted file mode 100644 index 9051f20535..0000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ /dev/null @@ -1,7906 +0,0 @@ -/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */ - -/* client calls */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -/* Includes from psasim */ -#include -#include -#include "psa_manifest/sid.h" -#include "psa_functions_codes.h" -#include "psa_sim_serialise.h" - -/* Includes from mbedtls */ -#include "mbedtls/version.h" -#include "psa/crypto.h" - -#define CLIENT_PRINT(fmt, ...) \ - INFO("Client: " fmt, ##__VA_ARGS__) - -static psa_handle_t handle = -1; - -#if defined(MBEDTLS_PSA_CRYPTO_C) -#error "Error: MBEDTLS_PSA_CRYPTO_C must be disabled on client build" -#endif - -int psa_crypto_call(int function, - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - // psa_outvec outvecs[1]; - if (handle < 0) { - fprintf(stderr, "NOT CONNECTED\n"); - exit(1); - } - - psa_invec invec; - invec.base = in_params; - invec.len = in_params_len; - - size_t max_receive = 24576; - uint8_t *receive = malloc(max_receive); - if (receive == NULL) { - fprintf(stderr, "FAILED to allocate %u bytes\n", (unsigned) max_receive); - exit(1); - } - - size_t actual_received = 0; - - psa_outvec outvecs[2]; - outvecs[0].base = &actual_received; - outvecs[0].len = sizeof(actual_received); - outvecs[1].base = receive; - outvecs[1].len = max_receive; - - psa_status_t status = psa_call(handle, function, &invec, 1, outvecs, 2); - if (status != PSA_SUCCESS) { - free(receive); - return 0; - } - - *out_params = receive; - *out_params_len = actual_received; - - return 1; // success -} - -psa_status_t psa_crypto_init(void) -{ - const char *mbedtls_version; - uint8_t *result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - mbedtls_version = mbedtls_version_get_string_full(); - CLIENT_PRINT("%s", mbedtls_version); - - CLIENT_PRINT("My PID: %d", getpid()); - - CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_CRYPTO_SID)); - handle = psa_connect(PSA_SID_CRYPTO_SID, 1); - - if (handle < 0) { - CLIENT_PRINT("Couldn't connect %d", handle); - return PSA_ERROR_COMMUNICATION_FAILURE; - } - - int ok = psa_crypto_call(PSA_CRYPTO_INIT, NULL, 0, &result, &result_length); - CLIENT_PRINT("PSA_CRYPTO_INIT returned: %d", ok); - - if (!ok) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); - if (!ok) { - goto fail; - } - -fail: - free(result); - - return status; -} - -void mbedtls_psa_crypto_free(void) -{ - /* Do not try to close a connection that was never started.*/ - if (handle == -1) { - return; - } - - CLIENT_PRINT("Closing handle"); - psa_close(handle); - handle = -1; -} - - -psa_status_t psa_aead_abort( - psa_aead_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_decrypt( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *nonce, size_t nonce_length, - const uint8_t *additional_data, size_t additional_data_length, - const uint8_t *ciphertext, size_t ciphertext_length, - uint8_t *plaintext, size_t plaintext_size, - size_t *plaintext_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(nonce, nonce_length) + - psasim_serialise_buffer_needs(additional_data, additional_data_length) + - psasim_serialise_buffer_needs(ciphertext, ciphertext_length) + - psasim_serialise_buffer_needs(plaintext, plaintext_size) + - psasim_serialise_size_t_needs(*plaintext_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - nonce, nonce_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - additional_data, additional_data_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - ciphertext, ciphertext_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - plaintext, plaintext_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *plaintext_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_DECRYPT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_DECRYPT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - plaintext, plaintext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - plaintext_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_decrypt_setup( - psa_aead_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_DECRYPT_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_DECRYPT_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_encrypt( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *nonce, size_t nonce_length, - const uint8_t *additional_data, size_t additional_data_length, - const uint8_t *plaintext, size_t plaintext_length, - uint8_t *ciphertext, size_t ciphertext_size, - size_t *ciphertext_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(nonce, nonce_length) + - psasim_serialise_buffer_needs(additional_data, additional_data_length) + - psasim_serialise_buffer_needs(plaintext, plaintext_length) + - psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + - psasim_serialise_size_t_needs(*ciphertext_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - nonce, nonce_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - additional_data, additional_data_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - plaintext, plaintext_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - ciphertext, ciphertext_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *ciphertext_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_ENCRYPT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_ENCRYPT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - ciphertext, ciphertext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - ciphertext_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_encrypt_setup( - psa_aead_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_ENCRYPT_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_ENCRYPT_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_finish( - psa_aead_operation_t *operation, - uint8_t *ciphertext, size_t ciphertext_size, - size_t *ciphertext_length, - uint8_t *tag, size_t tag_size, - size_t *tag_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + - psasim_serialise_size_t_needs(*ciphertext_length) + - psasim_serialise_buffer_needs(tag, tag_size) + - psasim_serialise_size_t_needs(*tag_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - ciphertext, ciphertext_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *ciphertext_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - tag, tag_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *tag_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_FINISH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_FINISH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - ciphertext, ciphertext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - ciphertext_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - tag, tag_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - tag_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_generate_nonce( - psa_aead_operation_t *operation, - uint8_t *nonce, size_t nonce_size, - size_t *nonce_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(nonce, nonce_size) + - psasim_serialise_size_t_needs(*nonce_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - nonce, nonce_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *nonce_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_GENERATE_NONCE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_GENERATE_NONCE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - nonce, nonce_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - nonce_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_set_lengths( - psa_aead_operation_t *operation, - size_t ad_length, - size_t plaintext_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_size_t_needs(ad_length) + - psasim_serialise_size_t_needs(plaintext_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - ad_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - plaintext_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_SET_LENGTHS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_SET_LENGTHS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_set_nonce( - psa_aead_operation_t *operation, - const uint8_t *nonce, size_t nonce_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(nonce, nonce_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - nonce, nonce_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_SET_NONCE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_SET_NONCE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_update( - psa_aead_operation_t *operation, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_UPDATE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_UPDATE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_update_ad( - psa_aead_operation_t *operation, - const uint8_t *input, size_t input_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_UPDATE_AD, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_UPDATE_AD server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_aead_verify( - psa_aead_operation_t *operation, - uint8_t *plaintext, size_t plaintext_size, - size_t *plaintext_length, - const uint8_t *tag, size_t tag_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(plaintext, plaintext_size) + - psasim_serialise_size_t_needs(*plaintext_length) + - psasim_serialise_buffer_needs(tag, tag_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_aead_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - plaintext, plaintext_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *plaintext_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - tag, tag_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_AEAD_VERIFY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_AEAD_VERIFY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_aead_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - plaintext, plaintext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - plaintext_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_asymmetric_decrypt( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(salt, salt_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - salt, salt_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_ASYMMETRIC_DECRYPT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_ASYMMETRIC_DECRYPT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_asymmetric_encrypt( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - const uint8_t *salt, size_t salt_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(salt, salt_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - salt, salt_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_ASYMMETRIC_ENCRYPT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_ASYMMETRIC_ENCRYPT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -int psa_can_do_hash( - psa_algorithm_t hash_alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - int value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_algorithm_t_needs(hash_alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - hash_alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CAN_DO_HASH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CAN_DO_HASH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_int( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -psa_status_t psa_cipher_abort( - psa_cipher_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_decrypt( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_DECRYPT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_DECRYPT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_decrypt_setup( - psa_cipher_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_DECRYPT_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_DECRYPT_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_encrypt( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_ENCRYPT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_ENCRYPT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_encrypt_setup( - psa_cipher_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_ENCRYPT_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_ENCRYPT_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_finish( - psa_cipher_operation_t *operation, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_FINISH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_FINISH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_generate_iv( - psa_cipher_operation_t *operation, - uint8_t *iv, size_t iv_size, - size_t *iv_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(iv, iv_size) + - psasim_serialise_size_t_needs(*iv_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - iv, iv_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *iv_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_GENERATE_IV, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_GENERATE_IV server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - iv, iv_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - iv_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_set_iv( - psa_cipher_operation_t *operation, - const uint8_t *iv, size_t iv_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(iv, iv_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - iv, iv_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_SET_IV, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_SET_IV server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_cipher_update( - psa_cipher_operation_t *operation, - const uint8_t *input, size_t input_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_cipher_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_CIPHER_UPDATE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_CIPHER_UPDATE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_cipher_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_copy_key( - mbedtls_svc_key_id_t source_key, - const psa_key_attributes_t *attributes, - mbedtls_svc_key_id_t *target_key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(source_key) + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*target_key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - source_key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *target_key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_COPY_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_COPY_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - target_key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_destroy_key( - mbedtls_svc_key_id_t key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_DESTROY_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_DESTROY_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_export_key( - mbedtls_svc_key_id_t key, - uint8_t *data, size_t data_size, - size_t *data_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_buffer_needs(data, data_size) + - psasim_serialise_size_t_needs(*data_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - data, data_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *data_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_EXPORT_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_EXPORT_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - data, data_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - data_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_export_public_key( - mbedtls_svc_key_id_t key, - uint8_t *data, size_t data_size, - size_t *data_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_buffer_needs(data, data_size) + - psasim_serialise_size_t_needs(*data_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - data, data_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *data_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_EXPORT_PUBLIC_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - data, data_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - data_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_export_public_key_iop_abort( - psa_export_public_key_iop_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_export_public_key_iop_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_export_public_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY_IOP_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_EXPORT_PUBLIC_KEY_IOP_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_export_public_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_export_public_key_iop_complete( - psa_export_public_key_iop_t *operation, - uint8_t *data, size_t data_size, - size_t *data_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_export_public_key_iop_t_needs(*operation) + - psasim_serialise_buffer_needs(data, data_size) + - psasim_serialise_size_t_needs(*data_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_export_public_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - data, data_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *data_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY_IOP_COMPLETE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_EXPORT_PUBLIC_KEY_IOP_COMPLETE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_export_public_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - data, data_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - data_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -uint32_t psa_export_public_key_iop_get_num_ops( - psa_export_public_key_iop_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - uint32_t value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_export_public_key_iop_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - value = 0; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_export_public_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY_IOP_GET_NUM_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_EXPORT_PUBLIC_KEY_IOP_GET_NUM_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_export_public_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -psa_status_t psa_export_public_key_iop_setup( - psa_export_public_key_iop_t *operation, - mbedtls_svc_key_id_t key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_export_public_key_iop_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_export_public_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY_IOP_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_EXPORT_PUBLIC_KEY_IOP_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_export_public_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_generate_key( - const psa_key_attributes_t *attributes, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_generate_key_custom( - const psa_key_attributes_t *attributes, - const psa_custom_key_parameters_t *custom, - const uint8_t *custom_data, size_t custom_data_length, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_psa_custom_key_parameters_t_needs(*custom) + - psasim_serialise_buffer_needs(custom_data, custom_data_length) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_custom_key_parameters_t( - &pos, &remaining, - *custom); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - custom_data, custom_data_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_KEY_CUSTOM, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_KEY_CUSTOM server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_generate_key_iop_abort( - psa_generate_key_iop_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_generate_key_iop_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_generate_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_KEY_IOP_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_KEY_IOP_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_generate_key_iop_complete( - psa_generate_key_iop_t *operation, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_generate_key_iop_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_generate_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_KEY_IOP_COMPLETE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_KEY_IOP_COMPLETE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -uint32_t psa_generate_key_iop_get_num_ops( - psa_generate_key_iop_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - uint32_t value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_generate_key_iop_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - value = 0; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_generate_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_KEY_IOP_GET_NUM_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_KEY_IOP_GET_NUM_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -psa_status_t psa_generate_key_iop_setup( - psa_generate_key_iop_t *operation, - const psa_key_attributes_t *attributes - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_generate_key_iop_t_needs(*operation) + - psasim_serialise_psa_key_attributes_t_needs(*attributes); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_generate_key_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_KEY_IOP_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_KEY_IOP_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_generate_random( - uint8_t *output, size_t output_size - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_buffer_needs(output, output_size); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GENERATE_RANDOM, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GENERATE_RANDOM server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_get_key_attributes( - mbedtls_svc_key_id_t key, - psa_key_attributes_t *attributes - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_key_attributes_t_needs(*attributes); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_GET_KEY_ATTRIBUTES, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_GET_KEY_ATTRIBUTES server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &rpos, &rremain, - attributes); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_abort( - psa_hash_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_hash_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_clone( - const psa_hash_operation_t *source_operation, - psa_hash_operation_t *target_operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*source_operation) + - psasim_serialise_psa_hash_operation_t_needs(*target_operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *source_operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *target_operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_CLONE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_CLONE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_hash_operation_t( - &rpos, &rremain, - target_operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_compare( - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - const uint8_t *hash, size_t hash_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(hash, hash_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_COMPARE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_COMPARE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_compute( - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *hash, size_t hash_size, - size_t *hash_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(hash, hash_size) + - psasim_serialise_size_t_needs(*hash_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *hash_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_COMPUTE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_COMPUTE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - hash, hash_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - hash_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_finish( - psa_hash_operation_t *operation, - uint8_t *hash, size_t hash_size, - size_t *hash_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(hash, hash_size) + - psasim_serialise_size_t_needs(*hash_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *hash_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_FINISH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_FINISH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_hash_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - hash, hash_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - hash_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_setup( - psa_hash_operation_t *operation, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_hash_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_update( - psa_hash_operation_t *operation, - const uint8_t *input, size_t input_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_UPDATE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_UPDATE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_hash_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_hash_verify( - psa_hash_operation_t *operation, - const uint8_t *hash, size_t hash_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(hash, hash_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_hash_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_HASH_VERIFY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_HASH_VERIFY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_hash_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_import_key( - const psa_key_attributes_t *attributes, - const uint8_t *data, size_t data_length, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_buffer_needs(data, data_length) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - data, data_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_IMPORT_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_IMPORT_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -uint32_t psa_interruptible_get_max_ops( - void - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - uint32_t value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - 0; - - ser_params = malloc(needed); - if (ser_params == NULL) { - value = 0; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_INTERRUPTIBLE_GET_MAX_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_INTERRUPTIBLE_GET_MAX_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -void psa_interruptible_set_max_ops( - uint32_t max_ops - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(max_ops); - - ser_params = malloc(needed); - if (ser_params == NULL) { - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_uint32_t( - &pos, &remaining, - max_ops); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_INTERRUPTIBLE_SET_MAX_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_INTERRUPTIBLE_SET_MAX_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); -} - - -psa_status_t psa_key_agreement( - mbedtls_svc_key_id_t private_key, - const uint8_t *peer_key, size_t peer_key_length, - psa_algorithm_t alg, - const psa_key_attributes_t *attributes, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) + - psasim_serialise_buffer_needs(peer_key, peer_key_length) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - private_key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - peer_key, peer_key_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_AGREEMENT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_AGREEMENT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_agreement_iop_abort( - psa_key_agreement_iop_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_agreement_iop_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_agreement_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_AGREEMENT_IOP_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_AGREEMENT_IOP_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_agreement_iop_complete( - psa_key_agreement_iop_t *operation, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_agreement_iop_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_agreement_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_AGREEMENT_IOP_COMPLETE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_AGREEMENT_IOP_COMPLETE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -uint32_t psa_key_agreement_iop_get_num_ops( - psa_key_agreement_iop_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - uint32_t value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_agreement_iop_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - value = 0; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_agreement_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_AGREEMENT_IOP_GET_NUM_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_AGREEMENT_IOP_GET_NUM_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -psa_status_t psa_key_agreement_iop_setup( - psa_key_agreement_iop_t *operation, - mbedtls_svc_key_id_t private_key, - const uint8_t *peer_key, size_t peer_key_length, - psa_algorithm_t alg, - const psa_key_attributes_t *attributes - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_agreement_iop_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) + - psasim_serialise_buffer_needs(peer_key, peer_key_length) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_psa_key_attributes_t_needs(*attributes); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_agreement_iop_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - private_key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - peer_key, peer_key_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_AGREEMENT_IOP_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_AGREEMENT_IOP_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_abort( - psa_key_derivation_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_get_capacity( - const psa_key_derivation_operation_t *operation, - size_t *capacity - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_size_t_needs(*capacity); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *capacity); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_GET_CAPACITY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_GET_CAPACITY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - capacity); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_input_bytes( - psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - const uint8_t *data, size_t data_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_key_derivation_step_t_needs(step) + - psasim_serialise_buffer_needs(data, data_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_step_t( - &pos, &remaining, - step); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - data, data_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_INPUT_BYTES, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_INPUT_BYTES server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_input_integer( - psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - uint64_t value - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_key_derivation_step_t_needs(step) + - psasim_serialise_uint64_t_needs(value); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_step_t( - &pos, &remaining, - step); - if (!ok) { - goto fail; - } - ok = psasim_serialise_uint64_t( - &pos, &remaining, - value); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_INPUT_INTEGER, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_INPUT_INTEGER server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_input_key( - psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - mbedtls_svc_key_id_t key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_key_derivation_step_t_needs(step) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_step_t( - &pos, &remaining, - step); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_INPUT_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_INPUT_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_key_agreement( - psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - mbedtls_svc_key_id_t private_key, - const uint8_t *peer_key, size_t peer_key_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_key_derivation_step_t_needs(step) + - psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) + - psasim_serialise_buffer_needs(peer_key, peer_key_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_step_t( - &pos, &remaining, - step); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - private_key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - peer_key, peer_key_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_KEY_AGREEMENT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_KEY_AGREEMENT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_output_bytes( - psa_key_derivation_operation_t *operation, - uint8_t *output, size_t output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(output, output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_OUTPUT_BYTES, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_OUTPUT_BYTES server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_output_key( - const psa_key_attributes_t *attributes, - psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_OUTPUT_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_OUTPUT_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_output_key_custom( - const psa_key_attributes_t *attributes, - psa_key_derivation_operation_t *operation, - const psa_custom_key_parameters_t *custom, - const uint8_t *custom_data, size_t custom_data_length, - mbedtls_svc_key_id_t *key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_custom_key_parameters_t_needs(*custom) + - psasim_serialise_buffer_needs(custom_data, custom_data_length) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_custom_key_parameters_t( - &pos, &remaining, - *custom); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - custom_data, custom_data_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - *key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_OUTPUT_KEY_CUSTOM, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_OUTPUT_KEY_CUSTOM server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_set_capacity( - psa_key_derivation_operation_t *operation, - size_t capacity - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_size_t_needs(capacity); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - capacity); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_SET_CAPACITY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_SET_CAPACITY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_key_derivation_setup( - psa_key_derivation_operation_t *operation, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_derivation_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_KEY_DERIVATION_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_KEY_DERIVATION_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_abort( - psa_mac_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_mac_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_mac_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_compute( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *mac, size_t mac_size, - size_t *mac_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(mac, mac_size) + - psasim_serialise_size_t_needs(*mac_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - mac, mac_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *mac_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_COMPUTE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_COMPUTE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - mac, mac_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - mac_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_sign_finish( - psa_mac_operation_t *operation, - uint8_t *mac, size_t mac_size, - size_t *mac_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(mac, mac_size) + - psasim_serialise_size_t_needs(*mac_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_mac_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - mac, mac_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *mac_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_SIGN_FINISH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_SIGN_FINISH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_mac_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - mac, mac_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - mac_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_sign_setup( - psa_mac_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_mac_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_SIGN_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_SIGN_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_mac_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_update( - psa_mac_operation_t *operation, - const uint8_t *input, size_t input_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_mac_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_UPDATE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_UPDATE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_mac_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_verify( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - const uint8_t *mac, size_t mac_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(mac, mac_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - mac, mac_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_VERIFY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_VERIFY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_verify_finish( - psa_mac_operation_t *operation, - const uint8_t *mac, size_t mac_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(mac, mac_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_mac_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - mac, mac_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_VERIFY_FINISH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_VERIFY_FINISH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_mac_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_mac_verify_setup( - psa_mac_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_mac_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_MAC_VERIFY_SETUP, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_MAC_VERIFY_SETUP server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_mac_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_purge_key( - mbedtls_svc_key_id_t key - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_PURGE_KEY, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_PURGE_KEY server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_raw_key_agreement( - psa_algorithm_t alg, - mbedtls_svc_key_id_t private_key, - const uint8_t *peer_key, size_t peer_key_length, - uint8_t *output, size_t output_size, - size_t *output_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) + - psasim_serialise_buffer_needs(peer_key, peer_key_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - private_key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - peer_key, peer_key_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - output, output_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *output_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_RAW_KEY_AGREEMENT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_RAW_KEY_AGREEMENT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -void psa_reset_key_attributes( - psa_key_attributes_t *attributes - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes); - - ser_params = malloc(needed); - if (ser_params == NULL) { - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_key_attributes_t( - &pos, &remaining, - *attributes); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_RESET_KEY_ATTRIBUTES, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_RESET_KEY_ATTRIBUTES server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &rpos, &rremain, - attributes); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); -} - - -psa_status_t psa_sign_hash( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, - size_t *signature_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(hash, hash_length) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(*signature_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - signature, signature_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *signature_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_SIGN_HASH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_SIGN_HASH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - signature, signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - signature_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_sign_hash_abort( - psa_sign_hash_interruptible_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_SIGN_HASH_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_SIGN_HASH_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_sign_hash_complete( - psa_sign_hash_interruptible_operation_t *operation, - uint8_t *signature, size_t signature_size, - size_t *signature_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(*signature_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - signature, signature_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *signature_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_SIGN_HASH_COMPLETE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_SIGN_HASH_COMPLETE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - signature, signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - signature_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -uint32_t psa_sign_hash_get_num_ops( - const psa_sign_hash_interruptible_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - uint32_t value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - value = 0; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_SIGN_HASH_GET_NUM_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_SIGN_HASH_GET_NUM_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -psa_status_t psa_sign_hash_start( - psa_sign_hash_interruptible_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(hash, hash_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_SIGN_HASH_START, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_SIGN_HASH_START server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_sign_message( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *signature, size_t signature_size, - size_t *signature_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(*signature_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - signature, signature_size); - if (!ok) { - goto fail; - } - ok = psasim_serialise_size_t( - &pos, &remaining, - *signature_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_SIGN_MESSAGE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_SIGN_MESSAGE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_return_buffer( - &rpos, &rremain, - signature, signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &rpos, &rremain, - signature_length); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_verify_hash( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(hash, hash_length) + - psasim_serialise_buffer_needs(signature, signature_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - signature, signature_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_VERIFY_HASH, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_VERIFY_HASH server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_verify_hash_abort( - psa_verify_hash_interruptible_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_VERIFY_HASH_ABORT, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_VERIFY_HASH_ABORT server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_verify_hash_complete( - psa_verify_hash_interruptible_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_VERIFY_HASH_COMPLETE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_VERIFY_HASH_COMPLETE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -uint32_t psa_verify_hash_get_num_ops( - const psa_verify_hash_interruptible_operation_t *operation - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - uint32_t value = 0; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation); - - ser_params = malloc(needed); - if (ser_params == NULL) { - value = 0; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_VERIFY_HASH_GET_NUM_OPS, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_VERIFY_HASH_GET_NUM_OPS server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &rpos, &rremain, - &value); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return value; -} - - -psa_status_t psa_verify_hash_start( - psa_verify_hash_interruptible_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(hash, hash_length) + - psasim_serialise_buffer_needs(signature, signature_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - *operation); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - hash, hash_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - signature, signature_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_VERIFY_HASH_START, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_VERIFY_HASH_START server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} - - -psa_status_t psa_verify_message( - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - const uint8_t *signature, size_t signature_length - ) -{ - uint8_t *ser_params = NULL; - uint8_t *ser_result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - size_t needed = - psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(signature, signature_length); - - ser_params = malloc(needed); - if (ser_params == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto fail; - } - - uint8_t *pos = ser_params; - size_t remaining = needed; - int ok; - ok = psasim_serialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - ok = psasim_serialise_mbedtls_svc_key_id_t( - &pos, &remaining, - key); - if (!ok) { - goto fail; - } - ok = psasim_serialise_psa_algorithm_t( - &pos, &remaining, - alg); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - input, input_length); - if (!ok) { - goto fail; - } - ok = psasim_serialise_buffer( - &pos, &remaining, - signature, signature_length); - if (!ok) { - goto fail; - } - - ok = psa_crypto_call(PSA_VERIFY_MESSAGE, - ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); - if (!ok) { - printf("PSA_VERIFY_MESSAGE server call failed\n"); - goto fail; - } - - uint8_t *rpos = ser_result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t( - &rpos, &rremain, - &status); - if (!ok) { - goto fail; - } - -fail: - free(ser_params); - free(ser_result); - - return status; -} diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c deleted file mode 100644 index bd121c5433..0000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ /dev/null @@ -1,9226 +0,0 @@ -/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */ - -/* server implementations */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -#include - -#include "psa_functions_codes.h" -#include "psa_sim_serialise.h" - -#include "service.h" - -#if !defined(MBEDTLS_PSA_CRYPTO_C) -#error "Error: MBEDTLS_PSA_CRYPTO_C must be enabled on server build" -#endif - -#if defined(MBEDTLS_TEST_HOOKS) -void (*mbedtls_test_hook_error_add)(int, int, const char *, int); -#endif - -// Returns 1 for success, 0 for failure -int psa_crypto_init_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - uint8_t *result = NULL; - int ok; - - // Now we call the actual target function - - status = psa_crypto_init( - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_decrypt_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *nonce = NULL; - size_t nonce_length; - uint8_t *additional_data = NULL; - size_t additional_data_length; - uint8_t *ciphertext = NULL; - size_t ciphertext_length; - uint8_t *plaintext = NULL; - size_t plaintext_size; - size_t plaintext_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &nonce, &nonce_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &additional_data, &additional_data_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &ciphertext, &ciphertext_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &plaintext, &plaintext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &plaintext_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_decrypt( - key, - alg, - nonce, nonce_length, - additional_data, additional_data_length, - ciphertext, ciphertext_length, - plaintext, plaintext_size, - &plaintext_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(plaintext, plaintext_size) + - psasim_serialise_size_t_needs(plaintext_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - plaintext, plaintext_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - plaintext_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(nonce); - free(additional_data); - free(ciphertext); - free(plaintext); - - return 1; // success - -fail: - free(result); - - free(nonce); - free(additional_data); - free(ciphertext); - free(plaintext); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_decrypt_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_decrypt_setup( - operation, - key, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_encrypt_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *nonce = NULL; - size_t nonce_length; - uint8_t *additional_data = NULL; - size_t additional_data_length; - uint8_t *plaintext = NULL; - size_t plaintext_length; - uint8_t *ciphertext = NULL; - size_t ciphertext_size; - size_t ciphertext_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &nonce, &nonce_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &additional_data, &additional_data_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &plaintext, &plaintext_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &ciphertext, &ciphertext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &ciphertext_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_encrypt( - key, - alg, - nonce, nonce_length, - additional_data, additional_data_length, - plaintext, plaintext_length, - ciphertext, ciphertext_size, - &ciphertext_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + - psasim_serialise_size_t_needs(ciphertext_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - ciphertext, ciphertext_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - ciphertext_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(nonce); - free(additional_data); - free(plaintext); - free(ciphertext); - - return 1; // success - -fail: - free(result); - - free(nonce); - free(additional_data); - free(plaintext); - free(ciphertext); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_encrypt_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_encrypt_setup( - operation, - key, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_finish_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - uint8_t *ciphertext = NULL; - size_t ciphertext_size; - size_t ciphertext_length; - uint8_t *tag = NULL; - size_t tag_size; - size_t tag_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &ciphertext, &ciphertext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &ciphertext_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &tag, &tag_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &tag_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_finish( - operation, - ciphertext, ciphertext_size, - &ciphertext_length, - tag, tag_size, - &tag_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation) + - psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + - psasim_serialise_size_t_needs(ciphertext_length) + - psasim_serialise_buffer_needs(tag, tag_size) + - psasim_serialise_size_t_needs(tag_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - ciphertext, ciphertext_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - ciphertext_length); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - tag, tag_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - tag_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(ciphertext); - free(tag); - - return 1; // success - -fail: - free(result); - - free(ciphertext); - free(tag); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_generate_nonce_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - uint8_t *nonce = NULL; - size_t nonce_size; - size_t nonce_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &nonce, &nonce_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &nonce_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_generate_nonce( - operation, - nonce, nonce_size, - &nonce_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation) + - psasim_serialise_buffer_needs(nonce, nonce_size) + - psasim_serialise_size_t_needs(nonce_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - nonce, nonce_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - nonce_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(nonce); - - return 1; // success - -fail: - free(result); - - free(nonce); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_set_lengths_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - size_t ad_length; - size_t plaintext_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &ad_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &plaintext_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_set_lengths( - operation, - ad_length, - plaintext_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_set_nonce_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - uint8_t *nonce = NULL; - size_t nonce_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &nonce, &nonce_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_set_nonce( - operation, - nonce, nonce_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(nonce); - - return 1; // success - -fail: - free(result); - - free(nonce); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_update_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - uint8_t *input = NULL; - size_t input_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_update( - operation, - input, input_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(output); - - return 1; // success - -fail: - free(result); - - free(input); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_update_ad_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - uint8_t *input = NULL; - size_t input_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_update_ad( - operation, - input, input_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - - return 1; // success - -fail: - free(result); - - free(input); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_aead_verify_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_aead_operation_t *operation; - uint8_t *plaintext = NULL; - size_t plaintext_size; - size_t plaintext_length; - uint8_t *tag = NULL; - size_t tag_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_aead_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &plaintext, &plaintext_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &plaintext_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &tag, &tag_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_aead_verify( - operation, - plaintext, plaintext_size, - &plaintext_length, - tag, tag_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_aead_operation_t_needs(operation) + - psasim_serialise_buffer_needs(plaintext, plaintext_size) + - psasim_serialise_size_t_needs(plaintext_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_aead_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - plaintext, plaintext_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - plaintext_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(plaintext); - free(tag); - - return 1; // success - -fail: - free(result); - - free(plaintext); - free(tag); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_asymmetric_decrypt_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *salt = NULL; - size_t salt_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &salt, &salt_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_asymmetric_decrypt( - key, - alg, - input, input_length, - salt, salt_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(salt); - free(output); - - return 1; // success - -fail: - free(result); - - free(input); - free(salt); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_asymmetric_encrypt_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *salt = NULL; - size_t salt_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &salt, &salt_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_asymmetric_encrypt( - key, - alg, - input, input_length, - salt, salt_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(salt); - free(output); - - return 1; // success - -fail: - free(result); - - free(input); - free(salt); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_can_do_hash_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - int value = 0; - psa_algorithm_t hash_alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &hash_alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - value = psa_can_do_hash( - hash_alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_int_needs(value); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_int( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_decrypt_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_decrypt( - key, - alg, - input, input_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(output); - - return 1; // success - -fail: - free(result); - - free(input); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_decrypt_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_decrypt_setup( - operation, - key, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_encrypt_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_encrypt( - key, - alg, - input, input_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(output); - - return 1; // success - -fail: - free(result); - - free(input); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_encrypt_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_encrypt_setup( - operation, - key, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_finish_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_finish( - operation, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(output); - - return 1; // success - -fail: - free(result); - - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_generate_iv_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - uint8_t *iv = NULL; - size_t iv_size; - size_t iv_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &iv, &iv_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &iv_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_generate_iv( - operation, - iv, iv_size, - &iv_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation) + - psasim_serialise_buffer_needs(iv, iv_size) + - psasim_serialise_size_t_needs(iv_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - iv, iv_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - iv_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(iv); - - return 1; // success - -fail: - free(result); - - free(iv); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_set_iv_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - uint8_t *iv = NULL; - size_t iv_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &iv, &iv_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_set_iv( - operation, - iv, iv_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(iv); - - return 1; // success - -fail: - free(result); - - free(iv); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_cipher_update_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_cipher_operation_t *operation; - uint8_t *input = NULL; - size_t input_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_cipher_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_cipher_update( - operation, - input, input_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_cipher_operation_t_needs(operation) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_cipher_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(output); - - return 1; // success - -fail: - free(result); - - free(input); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_copy_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t source_key; - psa_key_attributes_t attributes; - mbedtls_svc_key_id_t target_key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &source_key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &target_key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_copy_key( - source_key, - &attributes, - &target_key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_mbedtls_svc_key_id_t_needs(target_key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - target_key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_destroy_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_destroy_key( - key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_export_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - uint8_t *data = NULL; - size_t data_size; - size_t data_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &data, &data_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &data_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_export_key( - key, - data, data_size, - &data_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(data, data_size) + - psasim_serialise_size_t_needs(data_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - data, data_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - data_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(data); - - return 1; // success - -fail: - free(result); - - free(data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_export_public_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - uint8_t *data = NULL; - size_t data_size; - size_t data_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &data, &data_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &data_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_export_public_key( - key, - data, data_size, - &data_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(data, data_size) + - psasim_serialise_size_t_needs(data_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - data, data_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - data_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(data); - - return 1; // success - -fail: - free(result); - - free(data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_export_public_key_iop_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_export_public_key_iop_t operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_export_public_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_export_public_key_iop_abort( - &operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_export_public_key_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_export_public_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_export_public_key_iop_complete_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_export_public_key_iop_t operation; - uint8_t *data = NULL; - size_t data_size; - size_t data_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_export_public_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &data, &data_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &data_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_export_public_key_iop_complete( - &operation, - data, data_size, - &data_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_export_public_key_iop_t_needs(operation) + - psasim_serialise_buffer_needs(data, data_size) + - psasim_serialise_size_t_needs(data_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_export_public_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - data, data_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - data_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(data); - - return 1; // success - -fail: - free(result); - - free(data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_export_public_key_iop_get_num_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t value = 0; - psa_export_public_key_iop_t operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_export_public_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - value = psa_export_public_key_iop_get_num_ops( - &operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(value) + - psasim_serialise_psa_export_public_key_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_uint32_t( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_export_public_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_export_public_key_iop_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_export_public_key_iop_t operation; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_export_public_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_export_public_key_iop_setup( - &operation, - key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_export_public_key_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_export_public_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_generate_key( - &attributes, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_key_custom_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes; - psa_custom_key_parameters_t custom; - uint8_t *custom_data = NULL; - size_t custom_data_length; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_custom_key_parameters_t( - &pos, &remaining, - &custom); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &custom_data, &custom_data_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_generate_key_custom( - &attributes, - &custom, - custom_data, custom_data_length, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(custom_data); - - return 1; // success - -fail: - free(result); - - free(custom_data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_key_iop_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_generate_key_iop_t operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_generate_key_iop_abort( - &operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_generate_key_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_key_iop_complete_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_generate_key_iop_t operation; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_generate_key_iop_complete( - &operation, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_generate_key_iop_t_needs(operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_key_iop_get_num_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t value = 0; - psa_generate_key_iop_t operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - value = psa_generate_key_iop_get_num_ops( - &operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(value) + - psasim_serialise_psa_generate_key_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_uint32_t( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_key_iop_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_generate_key_iop_t operation; - psa_key_attributes_t attributes; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_generate_key_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_generate_key_iop_setup( - &operation, - &attributes - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_generate_key_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_generate_key_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_generate_random_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - uint8_t *output = NULL; - size_t output_size; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_generate_random( - output, output_size - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(output, output_size); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(output); - - return 1; // success - -fail: - free(result); - - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_get_key_attributes_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_key_attributes_t attributes; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_get_key_attributes( - key, - &attributes - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_key_attributes_t_needs(attributes); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_key_attributes_t( - &rpos, &rremain, - attributes); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_hash_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_hash_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_clone_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *source_operation; - psa_hash_operation_t *target_operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &source_operation); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &target_operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_clone( - source_operation, - target_operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_hash_operation_t_needs(target_operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_hash_operation_t( - &rpos, &rremain, - target_operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_compare_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *hash = NULL; - size_t hash_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_compare( - alg, - input, input_length, - hash, hash_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(hash); - - return 1; // success - -fail: - free(result); - - free(input); - free(hash); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_compute_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *hash = NULL; - size_t hash_size; - size_t hash_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &hash_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_compute( - alg, - input, input_length, - hash, hash_size, - &hash_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(hash, hash_size) + - psasim_serialise_size_t_needs(hash_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - hash, hash_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - hash_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(hash); - - return 1; // success - -fail: - free(result); - - free(input); - free(hash); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_finish_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *operation; - uint8_t *hash = NULL; - size_t hash_size; - size_t hash_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &hash_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_finish( - operation, - hash, hash_size, - &hash_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_hash_operation_t_needs(operation) + - psasim_serialise_buffer_needs(hash, hash_size) + - psasim_serialise_size_t_needs(hash_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_hash_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - hash, hash_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - hash_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(hash); - - return 1; // success - -fail: - free(result); - - free(hash); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *operation; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_setup( - operation, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_hash_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_hash_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_update_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *operation; - uint8_t *input = NULL; - size_t input_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_update( - operation, - input, input_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_hash_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_hash_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - - return 1; // success - -fail: - free(result); - - free(input); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_hash_verify_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t *operation; - uint8_t *hash = NULL; - size_t hash_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_hash_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_hash_verify( - operation, - hash, hash_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_hash_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_hash_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(hash); - - return 1; // success - -fail: - free(result); - - free(hash); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_import_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes; - uint8_t *data = NULL; - size_t data_length; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &data, &data_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_import_key( - &attributes, - data, data_length, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(data); - - return 1; // success - -fail: - free(result); - - free(data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_interruptible_get_max_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t value = 0; - - uint8_t *result = NULL; - int ok; - - // Now we call the actual target function - - value = psa_interruptible_get_max_ops( - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(value); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_uint32_t( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_interruptible_set_max_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t max_ops; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint32_t( - &pos, &remaining, - &max_ops); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - psa_interruptible_set_max_ops( - max_ops - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs(); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_agreement_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t private_key; - uint8_t *peer_key = NULL; - size_t peer_key_length; - psa_algorithm_t alg; - psa_key_attributes_t attributes; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &private_key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &peer_key, &peer_key_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_agreement( - private_key, - peer_key, peer_key_length, - alg, - &attributes, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(peer_key); - - return 1; // success - -fail: - free(result); - - free(peer_key); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_agreement_iop_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_agreement_iop_t operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_agreement_iop_abort( - &operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_key_agreement_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_agreement_iop_complete_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_agreement_iop_t operation; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_agreement_iop_complete( - &operation, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_key_agreement_iop_t_needs(operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_agreement_iop_get_num_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t value = 0; - psa_key_agreement_iop_t operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - value = psa_key_agreement_iop_get_num_ops( - &operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(value) + - psasim_serialise_psa_key_agreement_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_uint32_t( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_agreement_iop_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_agreement_iop_t operation; - mbedtls_svc_key_id_t private_key; - uint8_t *peer_key = NULL; - size_t peer_key_length; - psa_algorithm_t alg; - psa_key_attributes_t attributes; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_agreement_iop_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &private_key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &peer_key, &peer_key_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_agreement_iop_setup( - &operation, - private_key, - peer_key, peer_key_length, - alg, - &attributes - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_key_agreement_iop_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_key_agreement_iop_t( - &rpos, &rremain, - operation); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(peer_key); - - return 1; // success - -fail: - free(result); - - free(peer_key); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_get_capacity_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - size_t capacity; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &capacity); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_get_capacity( - operation, - &capacity - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_size_t_needs(capacity); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - capacity); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_input_bytes_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - psa_key_derivation_step_t step; - uint8_t *data = NULL; - size_t data_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_step_t( - &pos, &remaining, - &step); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &data, &data_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_input_bytes( - operation, - step, - data, data_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(data); - - return 1; // success - -fail: - free(result); - - free(data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_input_integer_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - psa_key_derivation_step_t step; - uint64_t value; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_step_t( - &pos, &remaining, - &step); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_uint64_t( - &pos, &remaining, - &value); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_input_integer( - operation, - step, - value - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_input_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - psa_key_derivation_step_t step; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_step_t( - &pos, &remaining, - &step); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_input_key( - operation, - step, - key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_key_agreement_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - psa_key_derivation_step_t step; - mbedtls_svc_key_id_t private_key; - uint8_t *peer_key = NULL; - size_t peer_key_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_derivation_step_t( - &pos, &remaining, - &step); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &private_key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &peer_key, &peer_key_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_key_agreement( - operation, - step, - private_key, - peer_key, peer_key_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(peer_key); - - return 1; // success - -fail: - free(result); - - free(peer_key); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_output_bytes_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - uint8_t *output = NULL; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_output_bytes( - operation, - output, output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation) + - psasim_serialise_buffer_needs(output, output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(output); - - return 1; // success - -fail: - free(result); - - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_output_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes; - psa_key_derivation_operation_t *operation; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_output_key( - &attributes, - operation, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_output_key_custom_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes; - psa_key_derivation_operation_t *operation; - psa_custom_key_parameters_t custom; - uint8_t *custom_data = NULL; - size_t custom_data_length; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_custom_key_parameters_t( - &pos, &remaining, - &custom); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &custom_data, &custom_data_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_output_key_custom( - &attributes, - operation, - &custom, - custom_data, custom_data_length, - &key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_mbedtls_svc_key_id_t( - &rpos, &rremain, - key); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(custom_data); - - return 1; // success - -fail: - free(result); - - free(custom_data); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_set_capacity_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - size_t capacity; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &capacity); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_set_capacity( - operation, - capacity - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_key_derivation_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_derivation_operation_t *operation; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_key_derivation_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_key_derivation_setup( - operation, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_key_derivation_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_mac_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_mac_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_mac_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_compute_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *mac = NULL; - size_t mac_size; - size_t mac_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &mac, &mac_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &mac_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_compute( - key, - alg, - input, input_length, - mac, mac_size, - &mac_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(mac, mac_size) + - psasim_serialise_size_t_needs(mac_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - mac, mac_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - mac_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(mac); - - return 1; // success - -fail: - free(result); - - free(input); - free(mac); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_sign_finish_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t *operation; - uint8_t *mac = NULL; - size_t mac_size; - size_t mac_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_mac_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &mac, &mac_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &mac_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_sign_finish( - operation, - mac, mac_size, - &mac_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_mac_operation_t_needs(operation) + - psasim_serialise_buffer_needs(mac, mac_size) + - psasim_serialise_size_t_needs(mac_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_mac_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - mac, mac_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - mac_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(mac); - - return 1; // success - -fail: - free(result); - - free(mac); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_sign_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_mac_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_sign_setup( - operation, - key, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_mac_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_mac_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_update_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t *operation; - uint8_t *input = NULL; - size_t input_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_mac_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_update( - operation, - input, input_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_mac_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_mac_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - - return 1; // success - -fail: - free(result); - - free(input); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_verify_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *mac = NULL; - size_t mac_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &mac, &mac_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_verify( - key, - alg, - input, input_length, - mac, mac_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(mac); - - return 1; // success - -fail: - free(result); - - free(input); - free(mac); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_verify_finish_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t *operation; - uint8_t *mac = NULL; - size_t mac_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_mac_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &mac, &mac_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_verify_finish( - operation, - mac, mac_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_mac_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_mac_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(mac); - - return 1; // success - -fail: - free(result); - - free(mac); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_mac_verify_setup_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_mac_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_mac_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_mac_verify_setup( - operation, - key, - alg - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_mac_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_mac_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_purge_key_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_purge_key( - key - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_raw_key_agreement_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t alg; - mbedtls_svc_key_id_t private_key; - uint8_t *peer_key = NULL; - size_t peer_key_length; - uint8_t *output = NULL; - size_t output_size; - size_t output_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &private_key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &peer_key, &peer_key_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &output, &output_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &output_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_raw_key_agreement( - alg, - private_key, - peer_key, peer_key_length, - output, output_size, - &output_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(output_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - output, output_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - output_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(peer_key); - free(output); - - return 1; // success - -fail: - free(result); - - free(peer_key); - free(output); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_reset_key_attributes_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_key_attributes_t attributes; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_key_attributes_t( - &pos, &remaining, - &attributes); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - psa_reset_key_attributes( - &attributes - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(attributes); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_key_attributes_t( - &rpos, &rremain, - attributes); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_sign_hash_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *hash = NULL; - size_t hash_length; - uint8_t *signature = NULL; - size_t signature_size; - size_t signature_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &signature, &signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &signature_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_sign_hash( - key, - alg, - hash, hash_length, - signature, signature_size, - &signature_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(signature_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - signature, signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - signature_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(hash); - free(signature); - - return 1; // success - -fail: - free(result); - - free(hash); - free(signature); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_sign_hash_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_sign_hash_interruptible_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_sign_hash_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_sign_hash_complete_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_sign_hash_interruptible_operation_t *operation; - uint8_t *signature = NULL; - size_t signature_size; - size_t signature_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &signature, &signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &signature_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_sign_hash_complete( - operation, - signature, signature_size, - &signature_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(operation) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(signature_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - signature, signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - signature_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(signature); - - return 1; // success - -fail: - free(result); - - free(signature); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_sign_hash_get_num_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t value = 0; - psa_sign_hash_interruptible_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - value = psa_sign_hash_get_num_ops( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(value); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_uint32_t( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_sign_hash_start_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_sign_hash_interruptible_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *hash = NULL; - size_t hash_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_sign_hash_start( - operation, - key, - alg, - hash, hash_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(hash); - - return 1; // success - -fail: - free(result); - - free(hash); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_sign_message_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *signature = NULL; - size_t signature_size; - size_t signature_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &signature, &signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_size_t( - &pos, &remaining, - &signature_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_sign_message( - key, - alg, - input, input_length, - signature, signature_size, - &signature_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(signature_length); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_buffer( - &rpos, &rremain, - signature, signature_size); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_size_t( - &rpos, &rremain, - signature_length); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(signature); - - return 1; // success - -fail: - free(result); - - free(input); - free(signature); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_verify_hash_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *hash = NULL; - size_t hash_length; - uint8_t *signature = NULL; - size_t signature_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &signature, &signature_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_verify_hash( - key, - alg, - hash, hash_length, - signature, signature_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(hash); - free(signature); - - return 1; // success - -fail: - free(result); - - free(hash); - free(signature); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_verify_hash_abort_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_verify_hash_interruptible_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_verify_hash_abort( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t( - &rpos, &rremain, - operation, 1); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_verify_hash_complete_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_verify_hash_interruptible_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_verify_hash_complete( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_verify_hash_get_num_ops_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - uint32_t value = 0; - psa_verify_hash_interruptible_operation_t *operation; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - value = psa_verify_hash_get_num_ops( - operation - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(value); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_uint32_t( - &rpos, &rremain, - value); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - return 1; // success - -fail: - free(result); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_verify_hash_start_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_verify_hash_interruptible_operation_t *operation; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *hash = NULL; - size_t hash_length; - uint8_t *signature = NULL; - size_t signature_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t( - &pos, &remaining, - &operation); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &hash, &hash_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &signature, &signature_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_verify_hash_start( - operation, - key, - alg, - hash, hash_length, - signature, signature_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status) + - psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(operation); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t( - &rpos, &rremain, - operation, 0); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(hash); - free(signature); - - return 1; // success - -fail: - free(result); - - free(hash); - free(signature); - - return 0; // This shouldn't happen! -} - -// Returns 1 for success, 0 for failure -int psa_verify_message_wrapper( - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_svc_key_id_t key; - psa_algorithm_t alg; - uint8_t *input = NULL; - size_t input_length; - uint8_t *signature = NULL; - size_t signature_length; - - uint8_t *pos = in_params; - size_t remaining = in_params_len; - uint8_t *result = NULL; - int ok; - - ok = psasim_deserialise_begin(&pos, &remaining); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_mbedtls_svc_key_id_t( - &pos, &remaining, - &key); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_algorithm_t( - &pos, &remaining, - &alg); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &input, &input_length); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_buffer( - &pos, &remaining, - &signature, &signature_length); - if (!ok) { - goto fail; - } - - // Now we call the actual target function - - status = psa_verify_message( - key, - alg, - input, input_length, - signature, signature_length - ); - - // NOTE: Should really check there is no overflow as we go along. - size_t result_size = - psasim_serialise_begin_needs() + - psasim_serialise_psa_status_t_needs(status); - - result = malloc(result_size); - if (result == NULL) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_size; - - ok = psasim_serialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_serialise_psa_status_t( - &rpos, &rremain, - status); - if (!ok) { - goto fail; - } - - *out_params = result; - *out_params_len = result_size; - - free(input); - free(signature); - - return 1; // success - -fail: - free(result); - - free(input); - free(signature); - - return 0; // This shouldn't happen! -} - -psa_status_t psa_crypto_call(psa_msg_t msg) -{ - int ok = 0; - - int func = msg.type; - - /* We only expect a single input buffer, with everything serialised in it */ - if (msg.in_size[1] != 0 || msg.in_size[2] != 0 || msg.in_size[3] != 0) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - /* We expect exactly 2 output buffers, one for size, the other for data */ - if (msg.out_size[0] != sizeof(size_t) || msg.out_size[1] == 0 || - msg.out_size[2] != 0 || msg.out_size[3] != 0) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - uint8_t *in_params = NULL; - size_t in_params_len = 0; - uint8_t *out_params = NULL; - size_t out_params_len = 0; - - in_params_len = msg.in_size[0]; - in_params = malloc(in_params_len); - if (in_params == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - - /* Read the bytes from the client */ - size_t actual = psa_read(msg.handle, 0, in_params, in_params_len); - if (actual != in_params_len) { - free(in_params); - return PSA_ERROR_CORRUPTION_DETECTED; - } - - switch (func) { - case PSA_CRYPTO_INIT: - ok = psa_crypto_init_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_ABORT: - ok = psa_aead_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_DECRYPT: - ok = psa_aead_decrypt_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_DECRYPT_SETUP: - ok = psa_aead_decrypt_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_ENCRYPT: - ok = psa_aead_encrypt_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_ENCRYPT_SETUP: - ok = psa_aead_encrypt_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_FINISH: - ok = psa_aead_finish_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_GENERATE_NONCE: - ok = psa_aead_generate_nonce_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_SET_LENGTHS: - ok = psa_aead_set_lengths_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_SET_NONCE: - ok = psa_aead_set_nonce_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_UPDATE: - ok = psa_aead_update_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_UPDATE_AD: - ok = psa_aead_update_ad_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_AEAD_VERIFY: - ok = psa_aead_verify_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_ASYMMETRIC_DECRYPT: - ok = psa_asymmetric_decrypt_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_ASYMMETRIC_ENCRYPT: - ok = psa_asymmetric_encrypt_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CAN_DO_HASH: - ok = psa_can_do_hash_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_ABORT: - ok = psa_cipher_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_DECRYPT: - ok = psa_cipher_decrypt_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_DECRYPT_SETUP: - ok = psa_cipher_decrypt_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_ENCRYPT: - ok = psa_cipher_encrypt_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_ENCRYPT_SETUP: - ok = psa_cipher_encrypt_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_FINISH: - ok = psa_cipher_finish_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_GENERATE_IV: - ok = psa_cipher_generate_iv_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_SET_IV: - ok = psa_cipher_set_iv_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_CIPHER_UPDATE: - ok = psa_cipher_update_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_COPY_KEY: - ok = psa_copy_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_DESTROY_KEY: - ok = psa_destroy_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_EXPORT_KEY: - ok = psa_export_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_EXPORT_PUBLIC_KEY: - ok = psa_export_public_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_EXPORT_PUBLIC_KEY_IOP_ABORT: - ok = psa_export_public_key_iop_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_EXPORT_PUBLIC_KEY_IOP_COMPLETE: - ok = psa_export_public_key_iop_complete_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_EXPORT_PUBLIC_KEY_IOP_GET_NUM_OPS: - ok = psa_export_public_key_iop_get_num_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_EXPORT_PUBLIC_KEY_IOP_SETUP: - ok = psa_export_public_key_iop_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_KEY: - ok = psa_generate_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_KEY_CUSTOM: - ok = psa_generate_key_custom_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_KEY_IOP_ABORT: - ok = psa_generate_key_iop_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_KEY_IOP_COMPLETE: - ok = psa_generate_key_iop_complete_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_KEY_IOP_GET_NUM_OPS: - ok = psa_generate_key_iop_get_num_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_KEY_IOP_SETUP: - ok = psa_generate_key_iop_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GENERATE_RANDOM: - ok = psa_generate_random_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_GET_KEY_ATTRIBUTES: - ok = psa_get_key_attributes_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_ABORT: - ok = psa_hash_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_CLONE: - ok = psa_hash_clone_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_COMPARE: - ok = psa_hash_compare_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_COMPUTE: - ok = psa_hash_compute_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_FINISH: - ok = psa_hash_finish_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_SETUP: - ok = psa_hash_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_UPDATE: - ok = psa_hash_update_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_HASH_VERIFY: - ok = psa_hash_verify_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_IMPORT_KEY: - ok = psa_import_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_INTERRUPTIBLE_GET_MAX_OPS: - ok = psa_interruptible_get_max_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_INTERRUPTIBLE_SET_MAX_OPS: - ok = psa_interruptible_set_max_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_AGREEMENT: - ok = psa_key_agreement_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_AGREEMENT_IOP_ABORT: - ok = psa_key_agreement_iop_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_AGREEMENT_IOP_COMPLETE: - ok = psa_key_agreement_iop_complete_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_AGREEMENT_IOP_GET_NUM_OPS: - ok = psa_key_agreement_iop_get_num_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_AGREEMENT_IOP_SETUP: - ok = psa_key_agreement_iop_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_ABORT: - ok = psa_key_derivation_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_GET_CAPACITY: - ok = psa_key_derivation_get_capacity_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_INPUT_BYTES: - ok = psa_key_derivation_input_bytes_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_INPUT_INTEGER: - ok = psa_key_derivation_input_integer_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_INPUT_KEY: - ok = psa_key_derivation_input_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_KEY_AGREEMENT: - ok = psa_key_derivation_key_agreement_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_OUTPUT_BYTES: - ok = psa_key_derivation_output_bytes_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_OUTPUT_KEY: - ok = psa_key_derivation_output_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_OUTPUT_KEY_CUSTOM: - ok = psa_key_derivation_output_key_custom_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_SET_CAPACITY: - ok = psa_key_derivation_set_capacity_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_KEY_DERIVATION_SETUP: - ok = psa_key_derivation_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_ABORT: - ok = psa_mac_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_COMPUTE: - ok = psa_mac_compute_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_SIGN_FINISH: - ok = psa_mac_sign_finish_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_SIGN_SETUP: - ok = psa_mac_sign_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_UPDATE: - ok = psa_mac_update_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_VERIFY: - ok = psa_mac_verify_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_VERIFY_FINISH: - ok = psa_mac_verify_finish_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_MAC_VERIFY_SETUP: - ok = psa_mac_verify_setup_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_PURGE_KEY: - ok = psa_purge_key_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_RAW_KEY_AGREEMENT: - ok = psa_raw_key_agreement_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_RESET_KEY_ATTRIBUTES: - ok = psa_reset_key_attributes_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_SIGN_HASH: - ok = psa_sign_hash_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_SIGN_HASH_ABORT: - ok = psa_sign_hash_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_SIGN_HASH_COMPLETE: - ok = psa_sign_hash_complete_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_SIGN_HASH_GET_NUM_OPS: - ok = psa_sign_hash_get_num_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_SIGN_HASH_START: - ok = psa_sign_hash_start_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_SIGN_MESSAGE: - ok = psa_sign_message_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_VERIFY_HASH: - ok = psa_verify_hash_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_VERIFY_HASH_ABORT: - ok = psa_verify_hash_abort_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_VERIFY_HASH_COMPLETE: - ok = psa_verify_hash_complete_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_VERIFY_HASH_GET_NUM_OPS: - ok = psa_verify_hash_get_num_ops_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_VERIFY_HASH_START: - ok = psa_verify_hash_start_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - case PSA_VERIFY_MESSAGE: - ok = psa_verify_message_wrapper(in_params, in_params_len, - &out_params, &out_params_len); - break; - } - - free(in_params); - - if (out_params_len > msg.out_size[1]) { - fprintf(stderr, "unable to write %zu bytes into buffer of %zu bytes\n", - out_params_len, msg.out_size[1]); - exit(1); - } - - /* Write the exact amount of data we're returning */ - psa_write(msg.handle, 0, &out_params_len, sizeof(out_params_len)); - - /* And write the data itself */ - if (out_params_len) { - psa_write(msg.handle, 1, out_params, out_params_len); - } - - free(out_params); - - return ok ? PSA_SUCCESS : PSA_ERROR_GENERIC_ERROR; -} - -void psa_crypto_close(void) -{ - psa_sim_serialize_reset(); -} diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl deleted file mode 100755 index 0f4c86f817..0000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ /dev/null @@ -1,1208 +0,0 @@ -#!/usr/bin/env perl -# -# This is a proof-of-concept script to show that the client and server wrappers -# can be created by a script. It is not hooked into the build, so is run -# manually and the output files are what are to be reviewed. In due course -# this will be replaced by a Python script based on the -# code_wrapper.psa_wrapper module. -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -use strict; -use Data::Dumper; -use File::Basename; -use JSON qw(encode_json); - -my $debug = 0; - -# Globals (sorry!) -my $output_dir = dirname($0); - -my %functions = get_functions(); -my @functions = sort keys %functions; - -# We don't want these functions (e.g. because they are not implemented, etc) -my @skip_functions = ( - 'mbedtls_psa_crypto_free', # redefined rather than wrapped - 'mbedtls_psa_external_get_random', # not in the default config, uses unsupported type - 'mbedtls_psa_get_stats', # uses unsupported type - 'mbedtls_psa_platform_get_builtin_key', # not in the default config, uses unsupported type - 'psa_get_key_slot_number', # not in the default config, uses unsupported type - 'psa_key_derivation_verify_bytes', # not implemented yet - 'psa_key_derivation_verify_key', # not implemented yet -); - -my $skip_functions_re = '\A(' . join('|', @skip_functions). ')\Z'; -@functions = grep(!/$skip_functions_re - |_pake_ # Skip everything PAKE - |_init\Z # constructors - /x, @functions); -# Restore psa_crypto_init() and put it first. -unshift @functions, 'psa_crypto_init'; - -# get_functions(), called above, returns a data structure for each function -# that we need to create client and server stubs for. The functions are -# listed from PSA header files. -# -# In this script, the data for psa_crypto_init() looks like: -# -# "psa_crypto_init": { -# "return": { # Info on return type -# "type": "psa_status_t", # Return type -# "name": "status", # Name to be used for this in C code -# "default": "PSA_ERROR_CORRUPTION_DETECTED" # Default value -# }, -# "args": [], # void function, so args empty -# } -# -# The data for psa_hash_compute() looks like: -# -# "psa_hash_compute": { -# "return": { # Information on return type -# "type": "psa_status_t", -# "name": "status", -# "default": "PSA_ERROR_CORRUPTION_DETECTED" -# }, -# "args": [{ -# "type": "psa_algorithm_t", # Type of first argument -# "ctypename": "psa_algorithm_t ", # C type with trailing spaces -# # (so that e.g. `char *` looks ok) -# "name": "alg", -# "is_output": 0 -# }, { -# "type": "const buffer", # Specially created -# "ctypename": "", # (so no C type) -# "name": "input, input_length", # A pair of arguments -# "is_output": 0 # const, so not an output argument -# }, { -# "type": "buffer", # Specially created -# "ctypename": "", -# "name": "hash, hash_size", -# "is_output": 1 # Not const, so output argument -# }, { -# "type": "size_t", # size_t *hash_length -# "ctypename": "size_t ", -# "name": "*hash_length", # * comes into the name -# "is_output": 1 -# } -# ], -# }, -# -# It's possible that a production version might not need both type and ctypename; -# that was done for convenience and future-proofing during development. - -write_function_codes("$output_dir/psa_functions_codes.h"); - -write_client_calls("$output_dir/psa_sim_crypto_client.c"); - -write_server_implementations("$output_dir/psa_sim_crypto_server.c"); - -sub write_function_codes -{ - my ($file) = @_; - - open(my $fh, ">", $file) || die("$0: $file: $!\n"); - - # NOTE: psa_crypto_init() is written manually - - print $fh <", $file) || die("$0: $file: $!\n"); - - print $fh client_calls_header(); - - for my $function (@functions) { - # psa_crypto_init() is hand written to establish connection to server - if ($function ne "psa_crypto_init") { - my $f = $functions{$function}; - output_client($fh, $f, $function); - } - } - - close($fh); -} - -sub write_server_implementations -{ - my ($file) = @_; - - open(my $fh, ">", $file) || die("$0: $file: $!\n"); - - print $fh server_implementations_header(); - - print $fh debug_functions() if $debug; - - for my $function (@functions) { - my $f = $functions{$function}; - output_server_wrapper($fh, $f, $function); - } - - # Now output a switch statement that calls each of the wrappers - - print $fh < msg.out_size[1]) { - fprintf(stderr, "unable to write %zu bytes into buffer of %zu bytes\\n", - out_params_len, msg.out_size[1]); - exit(1); - } - - /* Write the exact amount of data we're returning */ - psa_write(msg.handle, 0, &out_params_len, sizeof(out_params_len)); - - /* And write the data itself */ - if (out_params_len) { - psa_write(msg.handle, 1, out_params, out_params_len); - } - - free(out_params); - - return ok ? PSA_SUCCESS : PSA_ERROR_GENERIC_ERROR; -} -EOF - - # Finally, add psa_crypto_close() - - print $fh < -#include - -#include - -#include "psa_functions_codes.h" -#include "psa_sim_serialise.h" - -#include "service.h" - -#if !defined(MBEDTLS_PSA_CRYPTO_C) -#error "Error: MBEDTLS_PSA_CRYPTO_C must be enabled on server build" -#endif - -#if defined(MBEDTLS_TEST_HOOKS) -void (*mbedtls_test_hook_error_add)(int, int, const char *, int); -#endif -EOF -} - -sub client_calls_header -{ - my $code = <<'EOF'; -/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */ - -/* client calls */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -/* Includes from psasim */ -#include -#include -#include "psa_manifest/sid.h" -#include "psa_functions_codes.h" -#include "psa_sim_serialise.h" - -/* Includes from mbedtls */ -#include "mbedtls/version.h" -#include "psa/crypto.h" - -#define CLIENT_PRINT(fmt, ...) \ - INFO("Client: " fmt, ##__VA_ARGS__) - -static psa_handle_t handle = -1; - -#if defined(MBEDTLS_PSA_CRYPTO_C) -#error "Error: MBEDTLS_PSA_CRYPTO_C must be disabled on client build" -#endif -EOF - - $code .= debug_functions() if $debug; - - $code .= <<'EOF'; - -int psa_crypto_call(int function, - uint8_t *in_params, size_t in_params_len, - uint8_t **out_params, size_t *out_params_len) -{ - // psa_outvec outvecs[1]; - if (handle < 0) { - fprintf(stderr, "NOT CONNECTED\n"); - exit(1); - } - - psa_invec invec; - invec.base = in_params; - invec.len = in_params_len; - - size_t max_receive = 24576; - uint8_t *receive = malloc(max_receive); - if (receive == NULL) { - fprintf(stderr, "FAILED to allocate %u bytes\n", (unsigned) max_receive); - exit(1); - } - - size_t actual_received = 0; - - psa_outvec outvecs[2]; - outvecs[0].base = &actual_received; - outvecs[0].len = sizeof(actual_received); - outvecs[1].base = receive; - outvecs[1].len = max_receive; - - psa_status_t status = psa_call(handle, function, &invec, 1, outvecs, 2); - if (status != PSA_SUCCESS) { - free(receive); - return 0; - } - - *out_params = receive; - *out_params_len = actual_received; - - return 1; // success -} - -psa_status_t psa_crypto_init(void) -{ - const char *mbedtls_version; - uint8_t *result = NULL; - size_t result_length; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - mbedtls_version = mbedtls_version_get_string_full(); - CLIENT_PRINT("%s", mbedtls_version); - - CLIENT_PRINT("My PID: %d", getpid()); - - CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_CRYPTO_SID)); - handle = psa_connect(PSA_SID_CRYPTO_SID, 1); - - if (handle < 0) { - CLIENT_PRINT("Couldn't connect %d", handle); - return PSA_ERROR_COMMUNICATION_FAILURE; - } - - int ok = psa_crypto_call(PSA_CRYPTO_INIT, NULL, 0, &result, &result_length); - CLIENT_PRINT("PSA_CRYPTO_INIT returned: %d", ok); - - if (!ok) { - goto fail; - } - - uint8_t *rpos = result; - size_t rremain = result_length; - - ok = psasim_deserialise_begin(&rpos, &rremain); - if (!ok) { - goto fail; - } - - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); - if (!ok) { - goto fail; - } - -fail: - free(result); - - return status; -} - -void mbedtls_psa_crypto_free(void) -{ - /* Do not try to close a connection that was never started.*/ - if (handle == -1) { - return; - } - - CLIENT_PRINT("Closing handle"); - psa_close(handle); - handle = -1; -} -EOF -} - -sub debug_functions -{ - return <> 4); - p[1] = hex_digit(b & 0x0F); - - return 2; -} - -int hex_uint16(char *p, uint16_t b) -{ - hex_byte(p, b >> 8); - hex_byte(p + 2, b & 0xFF); - - return 4; -} - -char human_char(uint8_t c) -{ - return (c >= ' ' && c <= '~') ? (char)c : '.'; -} - -void dump_buffer(const uint8_t *buffer, size_t len) -{ - char line[80]; - - const uint8_t *p = buffer; - - size_t max = (len > 0xFFFF) ? 0xFFFF : len; - - for (size_t i = 0; i < max; i += 16) { - - char *q = line; - - q += hex_uint16(q, (uint16_t)i); - *q++ = ' '; - *q++ = ' '; - - size_t ll = (i + 16 > max) ? (max % 16) : 16; - - size_t j; - for (j = 0; j < ll; j++) { - q += hex_byte(q, p[i + j]); - *q++ = ' '; - } - - while (j++ < 16) { - *q++ = ' '; - *q++ = ' '; - *q++ = ' '; - } - - *q++ = ' '; - - for (j = 0; j < ll; j++) { - *q++ = human_char(p[i + j]); - } - - *q = '\\0'; - - printf("%s\\n", line); - } -} - -void hex_dump(uint8_t *p, size_t n) -{ - for (size_t i = 0; i < n; i++) { - printf("0x%02X ", p[i]); - } - printf("\\n"); -} -EOF -} - -sub output_server_wrapper -{ - my ($fh, $f, $name) = @_; - - my $ret_type = $f->{return}->{type}; - my $ret_name = $f->{return}->{name}; - my $ret_default = $f->{return}->{default}; - - my @buffers = (); # We need to free() these on exit - - print $fh <{args}; - - for my $i (0 .. $#$args) { - my $arg = $args->[$i]; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - $argtype =~ s/^const //; - - if ($argtype =~ /^(const )?buffer$/) { - my ($n1, $n2) = split(/,\s*/, $argname); - print $fh <= 0) { # If we have any args (>= 0) - print $fh <= 0) { # If we have any args (>= 0) - print $fh <[$i]; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - my $sep = ($i == $#$args) ? ";" : " +"; - $argtype =~ s/^const //; - - if ($argtype =~ /^(const )?buffer$/) { - my ($n1, $n2) = split(/,\s*/, $argname); - print $fh <{is_output}, @$args); - - my $sep1 = (($ret_type eq "void") and ($#outputs < 0)) ? ";" : " +"; - - print $fh <{is_output}; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - my $sep = ($i == $#outputs) ? ";" : " +"; - $argtype =~ s/^const //; - $argname =~ s/^\*//; # Remove any leading * - my $server_specific = ($argtype =~ /^psa_\w+_operation_t/) ? "server_" : ""; - - print $fh <{is_output}, @$args); - - for my $i (0 .. $#outputs) { - my $arg = $outputs[$i]; - die("$i: this should have been filtered out by grep") unless $arg->{is_output}; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - my $sep = ($i == $#outputs) ? ";" : " +"; - $argtype =~ s/^const //; - - if ($argtype eq "buffer") { - print $fh <{return}->{type}; - my $ret_name = $f->{return}->{name}; - my $ret_default = $f->{return}->{default}; - - print $fh <{args}; - - for my $i (0 .. $#$args) { - my $arg = $args->[$i]; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - my $sep = ($i == $#$args) ? ";" : " +"; - $argtype =~ s/^const //; - - print $fh <[$i]; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - my $sep = ($i == $#$args) ? ";" : " +"; - $argtype =~ s/^const //; - - print $fh <{is_output}, @$args); - - for my $i (0 .. $#outputs) { - my $arg = $outputs[$i]; - die("$i: this should have been filtered out by grep") unless $arg->{is_output}; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - my $sep = ($i == $#outputs) ? ";" : " +"; - $argtype =~ s/^const //; - - if ($argtype eq "buffer") { - print $fh <{return}->{type}; - my $ret_name = $f->{return}->{name}; - my $args = $f->{args}; - - if ($ret_type eq "void") { - print $fh "\n $name(\n"; - } else { - print $fh "\n $ret_name = $name(\n"; - } - - print $fh " );\n" if $#$args < 0; # If no arguments, empty arg list - - for my $i (0 .. $#$args) { - my $arg = $args->[$i]; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $argname = $arg->{name}; - - if ($argtype =~ /^(const )?buffer$/) { - my ($n1, $n2) = split(/,\s*/, $argname); - print $fh " $n1, $n2"; - } else { - $argname =~ s/^\*/\&/; # Replace leading * with & - if ($is_server && $argtype =~ /^psa_\w+_operation_t/) { - $argname =~ s/^\&//; # Actually, for psa_XXX_operation_t, don't do this on the server side - } - print $fh " $argname"; - } - my $sep = ($i == $#$args) ? "\n );" : ","; - print $fh "$sep\n"; - } -} - -sub output_signature -{ - my ($fh, $f, $name, $what) = @_; - - my $ret_type = $f->{return}->{type}; - my $args = $f->{args}; - - my $final_sep = ($what eq "declaration") ? "\n);" : "\n )"; - - print $fh "\n$ret_type $name(\n"; - - print $fh " void\n )\n" if $#$args < 0; # No arguments - - for my $i (0 .. $#$args) { - my $arg = $args->[$i]; - my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" - my $ctypename = $arg->{ctypename}; # e.g. "int ", "char *"; empty for buffer - my $argname = $arg->{name}; - - if ($argtype =~ /^(const )?buffer$/) { - my $const = length($1) ? "const " : ""; - my ($n1, $n2) = split(/,/, $argname); - print $fh " ${const}uint8_t *$n1, size_t $n2"; - } else { - print $fh " $ctypename$argname"; - } - my $sep = ($i == $#$args) ? $final_sep : ","; - print $fh "$sep\n"; - } -} - -sub get_functions -{ - my $header_dir = 'tf-psa-crypto/include'; - my $src = ""; - for my $header_file ('psa/crypto.h', 'psa/crypto_extra.h') { - local *HEADER; - open HEADER, '<', "$header_dir/$header_file" - or die "$header_dir/$header_file: $!"; - while (
) { - chomp; - s/\/\/.*//; - s/\s+^//; - s/\s+/ /g; - $_ .= "\n"; - $src .= $_; - } - close HEADER; - } - - $src =~ s/\/\*.*?\*\///gs; - - my @src = split(/\n+/, $src); - - my @rebuild = (); - my %funcs = (); - for (my $i = 0; $i <= $#src; $i++) { - my $line = $src[$i]; - if ($line =~ /^(static(?:\s+inline)?\s+)? - ((?:(?:enum|struct|union)\s+)?\w+\s*\**\s*)\s+ - ((?:mbedtls|psa)_\w*)\(/x) { - # begin function declaration - #print "have one $line\n"; - while ($line !~ /;/) { - $line .= $src[$i + 1]; - $i++; - } - if ($line =~ /^static/) { - # IGNORE static inline functions: they're local. - next; - } - $line =~ s/\s+/ /g; - if ($line =~ /(\w+)\s+\b(\w+)\s*\(\s*(.*\S)\s*\)\s*[;{]/s) { - my ($ret_type, $func, $args) = ($1, $2, $3); - - my $copy = $line; - $copy =~ s/{$//; - my $f = { - "orig" => $copy, - }; - - my @args = split(/\s*,\s*/, $args); - - my $ret_name = ""; - $ret_name = "status" if $ret_type eq "psa_status_t"; - $ret_name = "value" if $ret_type eq "uint32_t"; - $ret_name = "value" if $ret_type eq "int"; - $ret_name = "(void)" if $ret_type eq "void"; - die("ret_name for $ret_type?") unless length($ret_name); - my $ret_default = ""; - $ret_default = "PSA_ERROR_CORRUPTION_DETECTED" if $ret_type eq "psa_status_t"; - $ret_default = "0" if $ret_type eq "uint32_t"; - $ret_default = "0" if $ret_type eq "int"; - $ret_default = "(void)" if $ret_type eq "void"; - die("ret_default for $ret_type?") unless length($ret_default); - - #print "FUNC $func RET_NAME $ret_name RET_TYPE $ret_type ARGS (", join("; ", @args), ")\n"; - - $f->{return} = { - "type" => $ret_type, - "default" => $ret_default, - "name" => $ret_name, - }; - $f->{args} = []; - # psa_algorithm_t alg; const uint8_t *input; size_t input_length; uint8_t *hash; size_t hash_size; size_t *hash_length - for (my $i = 0; $i <= $#args; $i++) { - my $arg = $args[$i]; - # "type" => "psa_algorithm_t", - # "ctypename" => "psa_algorithm_t ", - # "name" => "alg", - # "is_output" => 0, - my ($type, $ctype, $name, $is_output); - if ($arg =~ /^(\w+)\s+(\w+)$/) { # e.g. psa_algorithm_t alg - ($type, $name) = ($1, $2); - $ctype = $type . " "; - $is_output = 0; - } elsif ($arg =~ /^((const)\s+)?uint8_t\s*\*\s*(\w+)$/) { - $type = "buffer"; - $is_output = (length($1) == 0) ? 1 : 0; - $type = "const buffer" if !$is_output; - $ctype = ""; - $name = $3; - #print("$arg: $name: might be a buffer?\n"); - die("$arg: not a buffer 1!\n") if $i == $#args; - my $next = $args[$i + 1]; - if ($func eq "psa_key_derivation_verify_bytes" && - $arg eq "const uint8_t *expected_output" && - $next eq "size_t output_length") { - $next = "size_t expected_output_length"; # doesn't follow naming convention, so override - } - die("$arg: not a buffer 2!\n") if $next !~ /^size_t\s+(${name}_\w+)$/; - $i++; # We're using the next param here - my $nname = $1; - $name .= ", " . $nname; - } elsif ($arg =~ /^((const)\s+)?(\w+)\s*\*(\w+)$/) { - ($type, $name) = ($3, "*" . $4); - $ctype = $1 . $type . " "; - $is_output = (length($1) == 0) ? 1 : 0; - } elsif ($arg eq "void") { - # we'll just ignore this one - } else { - die("ARG HELP $arg\n"); - } - #print "$arg => <$type><$ctype><$name><$is_output>\n"; - if ($arg ne "void") { - push(@{$f->{args}}, { - "type" => $type, - "ctypename" => $ctype, - "name" => $name, - "is_output" => $is_output, - }); - } - } - $funcs{$func} = $f; - } else { - die("FAILED"); - } - push(@rebuild, $line); - } elsif ($line =~ /^#/i) { - # IGNORE directive - while ($line =~ /\\$/) { - $i++; - $line = $src[$i]; - } - } elsif ($line =~ /^(?:typedef +)?(enum|struct|union)[^;]*$/) { - # IGNORE compound type definition - while ($line !~ /^\}/) { - $i++; - $line = $src[$i]; - } - } elsif ($line =~ /^typedef /i) { - # IGNORE type definition - } elsif ($line =~ / = .*;$/) { - # IGNORE assignment in inline function definition - } else { - if ($line =~ /psa_/) { - print "NOT PARSED: $line\n"; - } - push(@rebuild, $line); - } - } - - #print ::Dumper(\%funcs); - #exit; - - return %funcs; -} diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c deleted file mode 100644 index 0dde934ada..0000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ /dev/null @@ -1,1765 +0,0 @@ -/** - * \file psa_sim_serialise.c - * - * \brief Rough-and-ready serialisation and deserialisation for the PSA Crypto simulator - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa_sim_serialise.h" -#include "util.h" -#include -#include - -/* Basic idea: - * - * All arguments to a function will be serialised into a single buffer to - * be sent to the server with the PSA crypto function to be called. - * - * All returned data (the function's return value and any values returned - * via `out` parameters) will similarly be serialised into a buffer to be - * sent back to the client from the server. - * - * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer" - * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions, - * psasim_serialise_foo() and psasim_deserialise_foo(). - * - * We also have psasim_serialise_foo_needs() functions, which return a - * size_t giving the number of bytes that serialising that instance of that - * type will need. This allows callers to size buffers for serialisation. - * - * Each serialised buffer starts with a version byte, bytes that indicate - * the size of basic C types, and four bytes that indicate the endianness - * (to avoid incompatibilities if we ever run this over a network - we are - * not aiming for universality, just for correctness and simplicity). - * - * Most types are serialised as a fixed-size (per type) octet string, with - * no type indication. This is acceptable as (a) this is for the test PSA crypto - * simulator only, not production, and (b) these functions are called by - * code that itself is written by script. - * - * We also want to keep serialised data reasonably compact as communication - * between client and server goes in messages of less than 200 bytes each. - * - * Many serialisation functions can be created by a script; an exemplar Perl - * script is included. It is not hooked into the build and so must be run - * manually, but is expected to be replaced by a Python script in due course. - * Types that can have their functions created by script include plain old C - * data types (e.g. int), types typedef'd to those, and even structures that - * don't contain pointers. - */ - -/* include/psa/crypto_platform.h:typedef uint32_t mbedtls_psa_client_handle_t; - * but we don't get it on server builds, so redefine it here with a unique type name - */ -typedef uint32_t psasim_client_handle_t; - -typedef struct psasim_operation_s { - psasim_client_handle_t handle; -} psasim_operation_t; - -#define MAX_LIVE_HANDLES_PER_CLASS 100 /* this many slots */ - -static psa_hash_operation_t hash_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t hash_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_hash_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_hash_operation_slot(void) -{ - psasim_client_handle_t handle = next_hash_operation_handle++; - if (next_hash_operation_handle == 0) { /* wrapped around */ - FATAL("Hash operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (hash_operation_handles[i] == 0) { - hash_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_hash_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (hash_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -static psa_aead_operation_t aead_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t aead_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_aead_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_aead_operation_slot(void) -{ - psasim_client_handle_t handle = next_aead_operation_handle++; - if (next_aead_operation_handle == 0) { /* wrapped around */ - FATAL("Aead operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (aead_operation_handles[i] == 0) { - aead_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_aead_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (aead_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -static psa_mac_operation_t mac_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t mac_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_mac_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_mac_operation_slot(void) -{ - psasim_client_handle_t handle = next_mac_operation_handle++; - if (next_mac_operation_handle == 0) { /* wrapped around */ - FATAL("Mac operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (mac_operation_handles[i] == 0) { - mac_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_mac_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (mac_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -static psa_cipher_operation_t cipher_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t cipher_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_cipher_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_cipher_operation_slot(void) -{ - psasim_client_handle_t handle = next_cipher_operation_handle++; - if (next_cipher_operation_handle == 0) { /* wrapped around */ - FATAL("Cipher operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (cipher_operation_handles[i] == 0) { - cipher_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_cipher_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (cipher_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -static psa_key_derivation_operation_t key_derivation_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t key_derivation_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_key_derivation_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_key_derivation_operation_slot(void) -{ - psasim_client_handle_t handle = next_key_derivation_operation_handle++; - if (next_key_derivation_operation_handle == 0) { /* wrapped around */ - FATAL("Key_derivation operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (key_derivation_operation_handles[i] == 0) { - key_derivation_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_key_derivation_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (key_derivation_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -static psa_sign_hash_interruptible_operation_t sign_hash_interruptible_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t sign_hash_interruptible_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_sign_hash_interruptible_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_sign_hash_interruptible_operation_slot(void) -{ - psasim_client_handle_t handle = next_sign_hash_interruptible_operation_handle++; - if (next_sign_hash_interruptible_operation_handle == 0) { /* wrapped around */ - FATAL("Sign_hash_interruptible operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (sign_hash_interruptible_operation_handles[i] == 0) { - sign_hash_interruptible_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_sign_hash_interruptible_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (sign_hash_interruptible_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -static psa_verify_hash_interruptible_operation_t verify_hash_interruptible_operations[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t verify_hash_interruptible_operation_handles[ - MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t next_verify_hash_interruptible_operation_handle = 1; - -/* Get a free slot */ -static ssize_t allocate_verify_hash_interruptible_operation_slot(void) -{ - psasim_client_handle_t handle = next_verify_hash_interruptible_operation_handle++; - if (next_verify_hash_interruptible_operation_handle == 0) { /* wrapped around */ - FATAL("Verify_hash_interruptible operation handle wrapped"); - } - - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (verify_hash_interruptible_operation_handles[i] == 0) { - verify_hash_interruptible_operation_handles[i] = handle; - return i; - } - } - - ERROR("All slots are currently used. Unable to allocate a new one."); - - return -1; /* all in use */ -} - -/* Find the slot given the handle */ -static ssize_t find_verify_hash_interruptible_slot_by_handle(psasim_client_handle_t handle) -{ - for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { - if (verify_hash_interruptible_operation_handles[i] == handle) { - return i; - } - } - - ERROR("Unable to find slot by handle %u", handle); - - return -1; /* not found */ -} - -size_t psasim_serialise_begin_needs(void) -{ - /* The serialisation buffer will - * start with a byte of 0 to indicate version 0, - * then have 1 byte each for length of int, long, void *, - * then have 4 bytes to indicate endianness. */ - return 4 + sizeof(uint32_t); -} - -int psasim_serialise_begin(uint8_t **pos, size_t *remaining) -{ - uint32_t endian = 0x1234; - - if (*remaining < 4 + sizeof(endian)) { - return 0; - } - - *(*pos)++ = 0; /* version */ - *(*pos)++ = (uint8_t) sizeof(int); - *(*pos)++ = (uint8_t) sizeof(long); - *(*pos)++ = (uint8_t) sizeof(void *); - - memcpy(*pos, &endian, sizeof(endian)); - - *pos += sizeof(endian); - - return 1; -} - -int psasim_deserialise_begin(uint8_t **pos, size_t *remaining) -{ - uint8_t version = 255; - uint8_t int_size = 0; - uint8_t long_size = 0; - uint8_t ptr_size = 0; - uint32_t endian; - - if (*remaining < 4 + sizeof(endian)) { - return 0; - } - - memcpy(&version, (*pos)++, sizeof(version)); - if (version != 0) { - return 0; - } - - memcpy(&int_size, (*pos)++, sizeof(int_size)); - if (int_size != sizeof(int)) { - return 0; - } - - memcpy(&long_size, (*pos)++, sizeof(long_size)); - if (long_size != sizeof(long)) { - return 0; - } - - memcpy(&ptr_size, (*pos)++, sizeof(ptr_size)); - if (ptr_size != sizeof(void *)) { - return 0; - } - - *remaining -= 4; - - memcpy(&endian, *pos, sizeof(endian)); - if (endian != 0x1234) { - return 0; - } - - *pos += sizeof(endian); - *remaining -= sizeof(endian); - - return 1; -} - -size_t psasim_serialise_unsigned_int_needs( - unsigned int value) -{ - return sizeof(value); -} - -int psasim_serialise_unsigned_int(uint8_t **pos, - size_t *remaining, - unsigned int value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_unsigned_int(uint8_t **pos, - size_t *remaining, - unsigned int *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_int_needs( - int value) -{ - return sizeof(value); -} - -int psasim_serialise_int(uint8_t **pos, - size_t *remaining, - int value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_int(uint8_t **pos, - size_t *remaining, - int *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_size_t_needs( - size_t value) -{ - return sizeof(value); -} - -int psasim_serialise_size_t(uint8_t **pos, - size_t *remaining, - size_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_size_t(uint8_t **pos, - size_t *remaining, - size_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_uint16_t_needs( - uint16_t value) -{ - return sizeof(value); -} - -int psasim_serialise_uint16_t(uint8_t **pos, - size_t *remaining, - uint16_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_uint16_t(uint8_t **pos, - size_t *remaining, - uint16_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_uint32_t_needs( - uint32_t value) -{ - return sizeof(value); -} - -int psasim_serialise_uint32_t(uint8_t **pos, - size_t *remaining, - uint32_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_uint32_t(uint8_t **pos, - size_t *remaining, - uint32_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_uint64_t_needs( - uint64_t value) -{ - return sizeof(value); -} - -int psasim_serialise_uint64_t(uint8_t **pos, - size_t *remaining, - uint64_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_uint64_t(uint8_t **pos, - size_t *remaining, - uint64_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_buffer_needs(const uint8_t *buffer, size_t buffer_size) -{ - (void) buffer; - return sizeof(buffer_size) + buffer_size; -} - -int psasim_serialise_buffer(uint8_t **pos, - size_t *remaining, - const uint8_t *buffer, - size_t buffer_length) -{ - if (*remaining < sizeof(buffer_length) + buffer_length) { - return 0; - } - - memcpy(*pos, &buffer_length, sizeof(buffer_length)); - *pos += sizeof(buffer_length); - - if (buffer_length > 0) { // To be able to serialise (NULL, 0) - memcpy(*pos, buffer, buffer_length); - *pos += buffer_length; - } - - return 1; -} - -int psasim_deserialise_buffer(uint8_t **pos, - size_t *remaining, - uint8_t **buffer, - size_t *buffer_length) -{ - if (*remaining < sizeof(*buffer_length)) { - return 0; - } - - memcpy(buffer_length, *pos, sizeof(*buffer_length)); - - *pos += sizeof(buffer_length); - *remaining -= sizeof(buffer_length); - - if (*buffer_length == 0) { // Deserialise (NULL, 0) - *buffer = NULL; - return 1; - } - - if (*remaining < *buffer_length) { - return 0; - } - - uint8_t *data = malloc(*buffer_length); - if (data == NULL) { - return 0; - } - - memcpy(data, *pos, *buffer_length); - *pos += *buffer_length; - *remaining -= *buffer_length; - - *buffer = data; - - return 1; -} - -/* When the client is deserialising a buffer returned from the server, it needs - * to use this function to deserialised the returned buffer. It should use the - * usual \c psasim_serialise_buffer() function to serialise the outbound - * buffer. */ -int psasim_deserialise_return_buffer(uint8_t **pos, - size_t *remaining, - uint8_t *buffer, - size_t buffer_length) -{ - if (*remaining < sizeof(buffer_length)) { - return 0; - } - - size_t length_check; - - memcpy(&length_check, *pos, sizeof(buffer_length)); - - *pos += sizeof(buffer_length); - *remaining -= sizeof(buffer_length); - - if (buffer_length != length_check) { // Make sure we're sent back the same we sent to the server - return 0; - } - - if (length_check == 0) { // Deserialise (NULL, 0) - return 1; - } - - if (*remaining < buffer_length) { - return 0; - } - - memcpy(buffer, *pos, buffer_length); - *pos += buffer_length; - *remaining -= buffer_length; - - return 1; -} - -size_t psasim_serialise_psa_custom_key_parameters_t_needs( - psa_custom_key_parameters_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_custom_key_parameters_t(uint8_t **pos, - size_t *remaining, - psa_custom_key_parameters_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_custom_key_parameters_t(uint8_t **pos, - size_t *remaining, - psa_custom_key_parameters_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_psa_status_t_needs( - psa_status_t value) -{ - return psasim_serialise_int_needs(value); -} - -int psasim_serialise_psa_status_t(uint8_t **pos, - size_t *remaining, - psa_status_t value) -{ - return psasim_serialise_int(pos, remaining, value); -} - -int psasim_deserialise_psa_status_t(uint8_t **pos, - size_t *remaining, - psa_status_t *value) -{ - return psasim_deserialise_int(pos, remaining, value); -} - -size_t psasim_serialise_psa_algorithm_t_needs( - psa_algorithm_t value) -{ - return psasim_serialise_unsigned_int_needs(value); -} - -int psasim_serialise_psa_algorithm_t(uint8_t **pos, - size_t *remaining, - psa_algorithm_t value) -{ - return psasim_serialise_unsigned_int(pos, remaining, value); -} - -int psasim_deserialise_psa_algorithm_t(uint8_t **pos, - size_t *remaining, - psa_algorithm_t *value) -{ - return psasim_deserialise_unsigned_int(pos, remaining, value); -} - -size_t psasim_serialise_psa_key_derivation_step_t_needs( - psa_key_derivation_step_t value) -{ - return psasim_serialise_uint16_t_needs(value); -} - -int psasim_serialise_psa_key_derivation_step_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_step_t value) -{ - return psasim_serialise_uint16_t(pos, remaining, value); -} - -int psasim_deserialise_psa_key_derivation_step_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_step_t *value) -{ - return psasim_deserialise_uint16_t(pos, remaining, value); -} - -size_t psasim_serialise_psa_hash_operation_t_needs( - psa_hash_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_hash_operation_t_needs( - psa_hash_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - hash_operations; - - if (completed) { - memset(&hash_operations[slot], - 0, - sizeof(psa_hash_operation_t)); - hash_operation_handles[slot] = 0; - } - - client_operation.handle = hash_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_hash_operation_slot(); - } else { - slot = find_hash_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &hash_operations[slot]; - - return 1; -} - -size_t psasim_serialise_psa_aead_operation_t_needs( - psa_aead_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_aead_operation_t_needs( - psa_aead_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - aead_operations; - - if (completed) { - memset(&aead_operations[slot], - 0, - sizeof(psa_aead_operation_t)); - aead_operation_handles[slot] = 0; - } - - client_operation.handle = aead_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_aead_operation_slot(); - } else { - slot = find_aead_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &aead_operations[slot]; - - return 1; -} - -size_t psasim_serialise_psa_key_attributes_t_needs( - psa_key_attributes_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_key_attributes_t(uint8_t **pos, - size_t *remaining, - psa_key_attributes_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_key_attributes_t(uint8_t **pos, - size_t *remaining, - psa_key_attributes_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_psa_mac_operation_t_needs( - psa_mac_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_mac_operation_t_needs( - psa_mac_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - mac_operations; - - if (completed) { - memset(&mac_operations[slot], - 0, - sizeof(psa_mac_operation_t)); - mac_operation_handles[slot] = 0; - } - - client_operation.handle = mac_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_mac_operation_slot(); - } else { - slot = find_mac_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &mac_operations[slot]; - - return 1; -} - -size_t psasim_serialise_psa_cipher_operation_t_needs( - psa_cipher_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_cipher_operation_t_needs( - psa_cipher_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - cipher_operations; - - if (completed) { - memset(&cipher_operations[slot], - 0, - sizeof(psa_cipher_operation_t)); - cipher_operation_handles[slot] = 0; - } - - client_operation.handle = cipher_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_cipher_operation_slot(); - } else { - slot = find_cipher_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &cipher_operations[slot]; - - return 1; -} - -size_t psasim_serialise_psa_key_derivation_operation_t_needs( - psa_key_derivation_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_key_derivation_operation_t_needs( - psa_key_derivation_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - key_derivation_operations; - - if (completed) { - memset(&key_derivation_operations[slot], - 0, - sizeof(psa_key_derivation_operation_t)); - key_derivation_operation_handles[slot] = 0; - } - - client_operation.handle = key_derivation_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_key_derivation_operation_slot(); - } else { - slot = find_key_derivation_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &key_derivation_operations[slot]; - - return 1; -} - -size_t psasim_serialise_psa_sign_hash_interruptible_operation_t_needs( - psa_sign_hash_interruptible_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs( - psa_sign_hash_interruptible_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - sign_hash_interruptible_operations; - - if (completed) { - memset(&sign_hash_interruptible_operations[slot], - 0, - sizeof(psa_sign_hash_interruptible_operation_t)); - sign_hash_interruptible_operation_handles[slot] = 0; - } - - client_operation.handle = sign_hash_interruptible_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_sign_hash_interruptible_operation_slot(); - } else { - slot = find_sign_hash_interruptible_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &sign_hash_interruptible_operations[slot]; - - return 1; -} - -size_t psasim_serialise_psa_verify_hash_interruptible_operation_t_needs( - psa_verify_hash_interruptible_operation_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs( - psa_verify_hash_interruptible_operation_t *operation) -{ - (void) operation; - - /* We will actually return a handle */ - return sizeof(psasim_operation_t); -} - -int psasim_server_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t *operation, - int completed) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(client_operation)) { - return 0; - } - - ssize_t slot = operation - verify_hash_interruptible_operations; - - if (completed) { - memset(&verify_hash_interruptible_operations[slot], - 0, - sizeof(psa_verify_hash_interruptible_operation_t)); - verify_hash_interruptible_operation_handles[slot] = 0; - } - - client_operation.handle = verify_hash_interruptible_operation_handles[slot]; - - memcpy(*pos, &client_operation, sizeof(client_operation)); - *pos += sizeof(client_operation); - - return 1; -} - -int psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t **operation) -{ - psasim_operation_t client_operation; - - if (*remaining < sizeof(psasim_operation_t)) { - return 0; - } - - memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); - *pos += sizeof(psasim_operation_t); - *remaining -= sizeof(psasim_operation_t); - - ssize_t slot; - if (client_operation.handle == 0) { /* We need a new handle */ - slot = allocate_verify_hash_interruptible_operation_slot(); - } else { - slot = find_verify_hash_interruptible_slot_by_handle(client_operation.handle); - } - - if (slot < 0) { - return 0; - } - - *operation = &verify_hash_interruptible_operations[slot]; - - return 1; -} - -size_t psasim_serialise_mbedtls_svc_key_id_t_needs( - mbedtls_svc_key_id_t value) -{ - return sizeof(value); -} - -int psasim_serialise_mbedtls_svc_key_id_t(uint8_t **pos, - size_t *remaining, - mbedtls_svc_key_id_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_mbedtls_svc_key_id_t(uint8_t **pos, - size_t *remaining, - mbedtls_svc_key_id_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_psa_key_agreement_iop_t_needs( - psa_key_agreement_iop_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_key_agreement_iop_t(uint8_t **pos, - size_t *remaining, - psa_key_agreement_iop_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_key_agreement_iop_t(uint8_t **pos, - size_t *remaining, - psa_key_agreement_iop_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_psa_generate_key_iop_t_needs( - psa_generate_key_iop_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_generate_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_generate_key_iop_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_generate_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_generate_key_iop_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -size_t psasim_serialise_psa_export_public_key_iop_t_needs( - psa_export_public_key_iop_t value) -{ - return sizeof(value); -} - -int psasim_serialise_psa_export_public_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_export_public_key_iop_t value) -{ - if (*remaining < sizeof(value)) { - return 0; - } - - memcpy(*pos, &value, sizeof(value)); - *pos += sizeof(value); - - return 1; -} - -int psasim_deserialise_psa_export_public_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_export_public_key_iop_t *value) -{ - if (*remaining < sizeof(*value)) { - return 0; - } - - memcpy(value, *pos, sizeof(*value)); - - *pos += sizeof(*value); - *remaining -= sizeof(*value); - - return 1; -} - -void psa_sim_serialize_reset(void) -{ - memset(hash_operation_handles, 0, - sizeof(hash_operation_handles)); - memset(hash_operations, 0, - sizeof(hash_operations)); - memset(aead_operation_handles, 0, - sizeof(aead_operation_handles)); - memset(aead_operations, 0, - sizeof(aead_operations)); - memset(mac_operation_handles, 0, - sizeof(mac_operation_handles)); - memset(mac_operations, 0, - sizeof(mac_operations)); - memset(cipher_operation_handles, 0, - sizeof(cipher_operation_handles)); - memset(cipher_operations, 0, - sizeof(cipher_operations)); - memset(key_derivation_operation_handles, 0, - sizeof(key_derivation_operation_handles)); - memset(key_derivation_operations, 0, - sizeof(key_derivation_operations)); - memset(sign_hash_interruptible_operation_handles, 0, - sizeof(sign_hash_interruptible_operation_handles)); - memset(sign_hash_interruptible_operations, 0, - sizeof(sign_hash_interruptible_operations)); - memset(verify_hash_interruptible_operation_handles, 0, - sizeof(verify_hash_interruptible_operation_handles)); - memset(verify_hash_interruptible_operations, 0, - sizeof(verify_hash_interruptible_operations)); -} diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h deleted file mode 100644 index 3b6f08e19d..0000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h +++ /dev/null @@ -1,1432 +0,0 @@ -/** - * \file psa_sim_serialise.h - * - * \brief Rough-and-ready serialisation and deserialisation for the PSA Crypto simulator - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -#include "psa/crypto.h" -#include "psa/crypto_types.h" -#include "psa/crypto_values.h" - -/* Basic idea: - * - * All arguments to a function will be serialised into a single buffer to - * be sent to the server with the PSA crypto function to be called. - * - * All returned data (the function's return value and any values returned - * via `out` parameters) will similarly be serialised into a buffer to be - * sent back to the client from the server. - * - * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer" - * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions, - * psasim_serialise_foo() and psasim_deserialise_foo(). - * - * We also have psasim_serialise_foo_needs() functions, which return a - * size_t giving the number of bytes that serialising that instance of that - * type will need. This allows callers to size buffers for serialisation. - * - * Each serialised buffer starts with a version byte, bytes that indicate - * the size of basic C types, and four bytes that indicate the endianness - * (to avoid incompatibilities if we ever run this over a network - we are - * not aiming for universality, just for correctness and simplicity). - * - * Most types are serialised as a fixed-size (per type) octet string, with - * no type indication. This is acceptable as (a) this is for the test PSA crypto - * simulator only, not production, and (b) these functions are called by - * code that itself is written by script. - * - * We also want to keep serialised data reasonably compact as communication - * between client and server goes in messages of less than 200 bytes each. - * - * Many serialisation functions can be created by a script; an exemplar Perl - * script is included. It is not hooked into the build and so must be run - * manually, but is expected to be replaced by a Python script in due course. - * Types that can have their functions created by script include plain old C - * data types (e.g. int), types typedef'd to those, and even structures that - * don't contain pointers. - */ - -/** Reset all operation slots. - * - * Should be called when all clients have disconnected. - */ -void psa_sim_serialize_reset(void); - -/** Return how much buffer space is needed by \c psasim_serialise_begin(). - * - * \return The number of bytes needed in the buffer for - * \c psasim_serialise_begin()'s output. - */ -size_t psasim_serialise_begin_needs(void); - -/** Begin serialisation into a buffer. - * - * This must be the first serialisation API called - * on a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error (likely - * no space). - */ -int psasim_serialise_begin(uint8_t **pos, size_t *remaining); - -/** Begin deserialisation of a buffer. - * - * This must be the first deserialisation API called - * on a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_begin(uint8_t **pos, size_t *remaining); - -/** Return how much buffer space is needed by \c psasim_serialise_unsigned_int() - * to serialise an `unsigned int`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_unsigned_int() to serialise - * the given value. - */ -size_t psasim_serialise_unsigned_int_needs( - unsigned int value); - -/** Serialise an `unsigned int` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_unsigned_int(uint8_t **pos, - size_t *remaining, - unsigned int value); - -/** Deserialise an `unsigned int` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to an `unsigned int` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_unsigned_int(uint8_t **pos, - size_t *remaining, - unsigned int *value); - -/** Return how much buffer space is needed by \c psasim_serialise_int() - * to serialise an `int`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_int() to serialise - * the given value. - */ -size_t psasim_serialise_int_needs( - int value); - -/** Serialise an `int` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_int(uint8_t **pos, - size_t *remaining, - int value); - -/** Deserialise an `int` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to an `int` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_int(uint8_t **pos, - size_t *remaining, - int *value); - -/** Return how much buffer space is needed by \c psasim_serialise_size_t() - * to serialise a `size_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_size_t() to serialise - * the given value. - */ -size_t psasim_serialise_size_t_needs( - size_t value); - -/** Serialise a `size_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_size_t(uint8_t **pos, - size_t *remaining, - size_t value); - -/** Deserialise a `size_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `size_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_size_t(uint8_t **pos, - size_t *remaining, - size_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_uint16_t() - * to serialise an `uint16_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_uint16_t() to serialise - * the given value. - */ -size_t psasim_serialise_uint16_t_needs( - uint16_t value); - -/** Serialise an `uint16_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_uint16_t(uint8_t **pos, - size_t *remaining, - uint16_t value); - -/** Deserialise an `uint16_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to an `uint16_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_uint16_t(uint8_t **pos, - size_t *remaining, - uint16_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_uint32_t() - * to serialise an `uint32_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_uint32_t() to serialise - * the given value. - */ -size_t psasim_serialise_uint32_t_needs( - uint32_t value); - -/** Serialise an `uint32_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_uint32_t(uint8_t **pos, - size_t *remaining, - uint32_t value); - -/** Deserialise an `uint32_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to an `uint32_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_uint32_t(uint8_t **pos, - size_t *remaining, - uint32_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_uint64_t() - * to serialise an `uint64_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_uint64_t() to serialise - * the given value. - */ -size_t psasim_serialise_uint64_t_needs( - uint64_t value); - -/** Serialise an `uint64_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_uint64_t(uint8_t **pos, - size_t *remaining, - uint64_t value); - -/** Deserialise an `uint64_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to an `uint64_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_uint64_t(uint8_t **pos, - size_t *remaining, - uint64_t *value); - -/** Return how much space is needed by \c psasim_serialise_buffer() - * to serialise a buffer: a (`uint8_t *`, `size_t`) pair. - * - * \param buffer Pointer to the buffer to be serialised - * (needed in case some serialisations are value- - * dependent). - * \param buffer_size Number of bytes in the buffer to be serialised. - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_buffer() to serialise - * the specified buffer. - */ -size_t psasim_serialise_buffer_needs(const uint8_t *buffer, size_t buffer_size); - -/** Serialise a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param buffer Pointer to the buffer to be serialised. - * \param buffer_length Number of bytes in the buffer to be serialised. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_buffer(uint8_t **pos, size_t *remaining, - const uint8_t *buffer, size_t buffer_length); - -/** Deserialise a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the serialisation buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the serialisation buffer. - * \param buffer Pointer to a `uint8_t *` to receive the address - * of a newly-allocated buffer, which the caller - * must `free()`. - * \param buffer_length Pointer to a `size_t` to receive the number of - * bytes in the deserialised buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_buffer(uint8_t **pos, size_t *remaining, - uint8_t **buffer, size_t *buffer_length); - -/** Deserialise a buffer returned from the server. - * - * When the client is deserialising a buffer returned from the server, it needs - * to use this function to deserialised the returned buffer. It should use the - * usual \c psasim_serialise_buffer() function to serialise the outbound - * buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the serialisation buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the serialisation buffer. - * \param buffer Pointer to a `uint8_t *` to receive the address - * of a newly-allocated buffer, which the caller - * must `free()`. - * \param buffer_length Pointer to a `size_t` to receive the number of - * bytes in the deserialised buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_return_buffer(uint8_t **pos, size_t *remaining, - uint8_t *buffer, size_t buffer_length); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_custom_key_parameters_t() - * to serialise a `psa_custom_key_parameters_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_custom_key_parameters_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_custom_key_parameters_t_needs( - psa_custom_key_parameters_t value); - -/** Serialise a `psa_custom_key_parameters_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_custom_key_parameters_t(uint8_t **pos, - size_t *remaining, - psa_custom_key_parameters_t value); - -/** Deserialise a `psa_custom_key_parameters_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_custom_key_parameters_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_custom_key_parameters_t(uint8_t **pos, - size_t *remaining, - psa_custom_key_parameters_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_status_t() - * to serialise a `psa_status_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_status_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_status_t_needs( - psa_status_t value); - -/** Serialise a `psa_status_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_status_t(uint8_t **pos, - size_t *remaining, - psa_status_t value); - -/** Deserialise a `psa_status_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_status_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_status_t(uint8_t **pos, - size_t *remaining, - psa_status_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_algorithm_t() - * to serialise a `psa_algorithm_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_algorithm_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_algorithm_t_needs( - psa_algorithm_t value); - -/** Serialise a `psa_algorithm_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_algorithm_t(uint8_t **pos, - size_t *remaining, - psa_algorithm_t value); - -/** Deserialise a `psa_algorithm_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_algorithm_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_algorithm_t(uint8_t **pos, - size_t *remaining, - psa_algorithm_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_key_derivation_step_t() - * to serialise a `psa_key_derivation_step_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_key_derivation_step_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_key_derivation_step_t_needs( - psa_key_derivation_step_t value); - -/** Serialise a `psa_key_derivation_step_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_key_derivation_step_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_step_t value); - -/** Deserialise a `psa_key_derivation_step_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_key_derivation_step_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_key_derivation_step_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_step_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_hash_operation_t() - * to serialise a `psa_hash_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_hash_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_hash_operation_t_needs( - psa_hash_operation_t value); - -/** Serialise a `psa_hash_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t value); - -/** Deserialise a `psa_hash_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_hash_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_hash_operation_t() - * to serialise a `psa_hash_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_hash_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_hash_operation_t_needs( - psa_hash_operation_t *value); - -/** Serialise a `psa_hash_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t *value, - int completed); - -/** Deserialise a `psa_hash_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_hash_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_hash_operation_t(uint8_t **pos, - size_t *remaining, - psa_hash_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_aead_operation_t() - * to serialise a `psa_aead_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_aead_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_aead_operation_t_needs( - psa_aead_operation_t value); - -/** Serialise a `psa_aead_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t value); - -/** Deserialise a `psa_aead_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_aead_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_aead_operation_t() - * to serialise a `psa_aead_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_aead_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_aead_operation_t_needs( - psa_aead_operation_t *value); - -/** Serialise a `psa_aead_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t *value, - int completed); - -/** Deserialise a `psa_aead_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_aead_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_aead_operation_t(uint8_t **pos, - size_t *remaining, - psa_aead_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_key_attributes_t() - * to serialise a `psa_key_attributes_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_key_attributes_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_key_attributes_t_needs( - psa_key_attributes_t value); - -/** Serialise a `psa_key_attributes_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_key_attributes_t(uint8_t **pos, - size_t *remaining, - psa_key_attributes_t value); - -/** Deserialise a `psa_key_attributes_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_key_attributes_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_key_attributes_t(uint8_t **pos, - size_t *remaining, - psa_key_attributes_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_mac_operation_t() - * to serialise a `psa_mac_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_mac_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_mac_operation_t_needs( - psa_mac_operation_t value); - -/** Serialise a `psa_mac_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t value); - -/** Deserialise a `psa_mac_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_mac_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_mac_operation_t() - * to serialise a `psa_mac_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_mac_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_mac_operation_t_needs( - psa_mac_operation_t *value); - -/** Serialise a `psa_mac_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t *value, - int completed); - -/** Deserialise a `psa_mac_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_mac_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_mac_operation_t(uint8_t **pos, - size_t *remaining, - psa_mac_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_cipher_operation_t() - * to serialise a `psa_cipher_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_cipher_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_cipher_operation_t_needs( - psa_cipher_operation_t value); - -/** Serialise a `psa_cipher_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t value); - -/** Deserialise a `psa_cipher_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_cipher_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_cipher_operation_t() - * to serialise a `psa_cipher_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_cipher_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_cipher_operation_t_needs( - psa_cipher_operation_t *value); - -/** Serialise a `psa_cipher_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t *value, - int completed); - -/** Deserialise a `psa_cipher_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_cipher_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_cipher_operation_t(uint8_t **pos, - size_t *remaining, - psa_cipher_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_key_derivation_operation_t() - * to serialise a `psa_key_derivation_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_key_derivation_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_key_derivation_operation_t_needs( - psa_key_derivation_operation_t value); - -/** Serialise a `psa_key_derivation_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t value); - -/** Deserialise a `psa_key_derivation_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_key_derivation_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_key_derivation_operation_t() - * to serialise a `psa_key_derivation_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_key_derivation_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_key_derivation_operation_t_needs( - psa_key_derivation_operation_t *value); - -/** Serialise a `psa_key_derivation_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t *value, - int completed); - -/** Deserialise a `psa_key_derivation_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_key_derivation_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_key_derivation_operation_t(uint8_t **pos, - size_t *remaining, - psa_key_derivation_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_sign_hash_interruptible_operation_t() - * to serialise a `psa_sign_hash_interruptible_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_sign_hash_interruptible_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_sign_hash_interruptible_operation_t_needs( - psa_sign_hash_interruptible_operation_t value); - -/** Serialise a `psa_sign_hash_interruptible_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t value); - -/** Deserialise a `psa_sign_hash_interruptible_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_sign_hash_interruptible_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_sign_hash_interruptible_operation_t() - * to serialise a `psa_sign_hash_interruptible_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_sign_hash_interruptible_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs( - psa_sign_hash_interruptible_operation_t *value); - -/** Serialise a `psa_sign_hash_interruptible_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t *value, - int completed); - -/** Deserialise a `psa_sign_hash_interruptible_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_sign_hash_interruptible_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_sign_hash_interruptible_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_verify_hash_interruptible_operation_t() - * to serialise a `psa_verify_hash_interruptible_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_verify_hash_interruptible_operation_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_verify_hash_interruptible_operation_t_needs( - psa_verify_hash_interruptible_operation_t value); - -/** Serialise a `psa_verify_hash_interruptible_operation_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t value); - -/** Deserialise a `psa_verify_hash_interruptible_operation_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_verify_hash_interruptible_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t *value); - -/** Return how much buffer space is needed by \c psasim_server_serialise_psa_verify_hash_interruptible_operation_t() - * to serialise a `psa_verify_hash_interruptible_operation_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_verify_hash_interruptible_operation_t() to serialise - * the given value. - */ -size_t psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs( - psa_verify_hash_interruptible_operation_t *value); - -/** Serialise a `psa_verify_hash_interruptible_operation_t` into a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * \param completed Non-zero if the operation is now completed (set by - * finish and abort calls). - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t *value, - int completed); - -/** Deserialise a `psa_verify_hash_interruptible_operation_t` from a buffer on the server side. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_verify_hash_interruptible_operation_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, - size_t *remaining, - psa_verify_hash_interruptible_operation_t **value); - -/** Return how much buffer space is needed by \c psasim_serialise_mbedtls_svc_key_id_t() - * to serialise a `mbedtls_svc_key_id_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_mbedtls_svc_key_id_t() to serialise - * the given value. - */ -size_t psasim_serialise_mbedtls_svc_key_id_t_needs( - mbedtls_svc_key_id_t value); - -/** Serialise a `mbedtls_svc_key_id_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_mbedtls_svc_key_id_t(uint8_t **pos, - size_t *remaining, - mbedtls_svc_key_id_t value); - -/** Deserialise a `mbedtls_svc_key_id_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `mbedtls_svc_key_id_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_mbedtls_svc_key_id_t(uint8_t **pos, - size_t *remaining, - mbedtls_svc_key_id_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_key_agreement_iop_t() - * to serialise a `psa_key_agreement_iop_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_key_agreement_iop_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_key_agreement_iop_t_needs( - psa_key_agreement_iop_t value); - -/** Serialise a `psa_key_agreement_iop_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_key_agreement_iop_t(uint8_t **pos, - size_t *remaining, - psa_key_agreement_iop_t value); - -/** Deserialise a `psa_key_agreement_iop_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_key_agreement_iop_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_key_agreement_iop_t(uint8_t **pos, - size_t *remaining, - psa_key_agreement_iop_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_generate_key_iop_t() - * to serialise a `psa_generate_key_iop_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_generate_key_iop_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_generate_key_iop_t_needs( - psa_generate_key_iop_t value); - -/** Serialise a `psa_generate_key_iop_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_generate_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_generate_key_iop_t value); - -/** Deserialise a `psa_generate_key_iop_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_generate_key_iop_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_generate_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_generate_key_iop_t *value); - -/** Return how much buffer space is needed by \c psasim_serialise_psa_export_public_key_iop_t() - * to serialise a `psa_export_public_key_iop_t`. - * - * \param value The value that will be serialised into the buffer - * (needed in case some serialisations are value- - * dependent). - * - * \return The number of bytes needed in the buffer by - * \c psasim_serialise_psa_export_public_key_iop_t() to serialise - * the given value. - */ -size_t psasim_serialise_psa_export_public_key_iop_t_needs( - psa_export_public_key_iop_t value); - -/** Serialise a `psa_export_public_key_iop_t` into a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value The value to serialise into the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_serialise_psa_export_public_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_export_public_key_iop_t value); - -/** Deserialise a `psa_export_public_key_iop_t` from a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * \param value Pointer to a `psa_export_public_key_iop_t` to receive the value - * deserialised from the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_psa_export_public_key_iop_t(uint8_t **pos, - size_t *remaining, - psa_export_public_key_iop_t *value); diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl deleted file mode 100755 index 0c9faf42ef..0000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl +++ /dev/null @@ -1,1048 +0,0 @@ -#!/usr/bin/env perl -# -# psa_sim_serialise.pl - Sample Perl script to show how many serialisation -# functions can be created by templated scripting. -# -# This is an example only, and is expected to be replaced by a Python script -# for production use. It is not hooked into the build: it needs to be run -# manually: -# -# perl psa_sim_serialise.pl h > psa_sim_serialise.h -# perl psa_sim_serialise.pl c > psa_sim_serialise.c -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -use strict; - -my $usage = "$0: usage: $0 c|h\n"; -my $which = lc(shift) || die($usage); -die($usage) unless $which eq "c" || $which eq "h"; - -# Most types are serialised as a fixed-size (per type) octet string, with -# no type indication. This is acceptable as (a) this is for the test PSA crypto -# simulator only, not production, and (b) these functions are called by -# code that itself is written by script. -# -# We also want to keep serialised data reasonably compact as communication -# between client and server goes in messages of less than 200 bytes each. -# -# This script is able to create serialisation functions for plain old C data -# types (e.g. unsigned int), types typedef'd to those, and even structures -# that don't contain pointers. -# -# Structures that contain pointers will need to have their serialisation and -# deserialisation functions written manually (like those for the "buffer" type -# are). -# -my @types = qw(unsigned-int int size_t - uint16_t uint32_t uint64_t - buffer - psa_custom_key_parameters_t - psa_status_t psa_algorithm_t psa_key_derivation_step_t - psa_hash_operation_t - psa_aead_operation_t - psa_key_attributes_t - psa_mac_operation_t - psa_cipher_operation_t - psa_key_derivation_operation_t - psa_sign_hash_interruptible_operation_t - psa_verify_hash_interruptible_operation_t - mbedtls_svc_key_id_t - psa_key_agreement_iop_t - psa_generate_key_iop_t - psa_export_public_key_iop_t); - -grep(s/-/ /g, @types); - -# IS-A: Some data types are typedef'd; we serialise them as the other type -my %isa = ( - "psa_status_t" => "int", - "psa_algorithm_t" => "unsigned int", - "psa_key_derivation_step_t" => "uint16_t", -); - -if ($which eq "h") { - - print h_header(); - - for my $type (@types) { - if ($type eq "buffer") { - print declare_buffer_functions(); - } else { - print declare_needs($type, ""); - print declare_serialise($type, ""); - print declare_deserialise($type, ""); - - if ($type =~ /^psa_\w+_operation_t$/) { - print declare_needs($type, "server_"); - print declare_serialise($type, "server_"); - print declare_deserialise($type, "server_"); - } - } - } - -} elsif ($which eq "c") { - - my $have_operation_types = (grep(/psa_\w+_operation_t/, @types)) ? 1 : 0; - - print c_header(); - print c_define_types_for_operation_types() if $have_operation_types; - - for my $type (@types) { - next unless $type =~ /^psa_(\w+)_operation_t$/; - print define_operation_type_data_and_functions($1); - } - - print c_define_begins(); - - for my $type (@types) { - if ($type eq "buffer") { - print define_buffer_functions(); - } elsif (exists($isa{$type})) { - print define_needs_isa($type, $isa{$type}); - print define_serialise_isa($type, $isa{$type}); - print define_deserialise_isa($type, $isa{$type}); - } else { - print define_needs($type); - print define_serialise($type); - print define_deserialise($type); - - if ($type =~ /^psa_\w+_operation_t$/) { - print define_server_needs($type); - print define_server_serialise($type); - print define_server_deserialise($type); - } - } - } - - print define_server_serialize_reset(@types); -} else { - die("internal error - shouldn't happen"); -} - -sub declare_needs -{ - my ($type, $server) = @_; - - my $an = ($type =~ /^[ui]/) ? "an" : "a"; - my $type_d = $type; - $type_d =~ s/ /_/g; - - my $ptr = (length($server)) ? "*" : ""; - - return < -#include - -#include "psa/crypto.h" -#include "psa/crypto_types.h" -#include "psa/crypto_values.h" - -/* Basic idea: - * - * All arguments to a function will be serialised into a single buffer to - * be sent to the server with the PSA crypto function to be called. - * - * All returned data (the function's return value and any values returned - * via `out` parameters) will similarly be serialised into a buffer to be - * sent back to the client from the server. - * - * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer" - * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions, - * psasim_serialise_foo() and psasim_deserialise_foo(). - * - * We also have psasim_serialise_foo_needs() functions, which return a - * size_t giving the number of bytes that serialising that instance of that - * type will need. This allows callers to size buffers for serialisation. - * - * Each serialised buffer starts with a version byte, bytes that indicate - * the size of basic C types, and four bytes that indicate the endianness - * (to avoid incompatibilities if we ever run this over a network - we are - * not aiming for universality, just for correctness and simplicity). - * - * Most types are serialised as a fixed-size (per type) octet string, with - * no type indication. This is acceptable as (a) this is for the test PSA crypto - * simulator only, not production, and (b) these functions are called by - * code that itself is written by script. - * - * We also want to keep serialised data reasonably compact as communication - * between client and server goes in messages of less than 200 bytes each. - * - * Many serialisation functions can be created by a script; an exemplar Perl - * script is included. It is not hooked into the build and so must be run - * manually, but is expected to be replaced by a Python script in due course. - * Types that can have their functions created by script include plain old C - * data types (e.g. int), types typedef'd to those, and even structures that - * don't contain pointers. - */ - -/** Reset all operation slots. - * - * Should be called when all clients have disconnected. - */ -void psa_sim_serialize_reset(void); - -/** Return how much buffer space is needed by \c psasim_serialise_begin(). - * - * \return The number of bytes needed in the buffer for - * \c psasim_serialise_begin()'s output. - */ -size_t psasim_serialise_begin_needs(void); - -/** Begin serialisation into a buffer. - * - * This must be the first serialisation API called - * on a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error (likely - * no space). - */ -int psasim_serialise_begin(uint8_t **pos, size_t *remaining); - -/** Begin deserialisation of a buffer. - * - * This must be the first deserialisation API called - * on a buffer. - * - * \param pos[in,out] Pointer to a `uint8_t *` holding current position - * in the buffer. - * \param remaining[in,out] Pointer to a `size_t` holding number of bytes - * remaining in the buffer. - * - * \return \c 1 on success ("okay"), \c 0 on error. - */ -int psasim_deserialise_begin(uint8_t **pos, size_t *remaining); -EOF -} - -sub define_needs -{ - my ($type) = @_; - - my $type_d = $type; - $type_d =~ s/ /_/g; - - return < 0) { // To be able to serialise (NULL, 0) - memcpy(*pos, buffer, buffer_length); - *pos += buffer_length; - } - - return 1; -} - -int psasim_deserialise_buffer(uint8_t **pos, - size_t *remaining, - uint8_t **buffer, - size_t *buffer_length) -{ - if (*remaining < sizeof(*buffer_length)) { - return 0; - } - - memcpy(buffer_length, *pos, sizeof(*buffer_length)); - - *pos += sizeof(buffer_length); - *remaining -= sizeof(buffer_length); - - if (*buffer_length == 0) { // Deserialise (NULL, 0) - *buffer = NULL; - return 1; - } - - if (*remaining < *buffer_length) { - return 0; - } - - uint8_t *data = malloc(*buffer_length); - if (data == NULL) { - return 0; - } - - memcpy(data, *pos, *buffer_length); - *pos += *buffer_length; - *remaining -= *buffer_length; - - *buffer = data; - - return 1; -} - -/* When the client is deserialising a buffer returned from the server, it needs - * to use this function to deserialised the returned buffer. It should use the - * usual \c psasim_serialise_buffer() function to serialise the outbound - * buffer. */ -int psasim_deserialise_return_buffer(uint8_t **pos, - size_t *remaining, - uint8_t *buffer, - size_t buffer_length) -{ - if (*remaining < sizeof(buffer_length)) { - return 0; - } - - size_t length_check; - - memcpy(&length_check, *pos, sizeof(buffer_length)); - - *pos += sizeof(buffer_length); - *remaining -= sizeof(buffer_length); - - if (buffer_length != length_check) { // Make sure we're sent back the same we sent to the server - return 0; - } - - if (length_check == 0) { // Deserialise (NULL, 0) - return 1; - } - - if (*remaining < buffer_length) { - return 0; - } - - memcpy(buffer, *pos, buffer_length); - *pos += buffer_length; - *remaining -= buffer_length; - - return 1; -} -EOF -} - - -sub c_header -{ - return <<'EOF'; -/** - * \file psa_sim_serialise.c - * - * \brief Rough-and-ready serialisation and deserialisation for the PSA Crypto simulator - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa_sim_serialise.h" -#include "util.h" -#include -#include - -/* Basic idea: - * - * All arguments to a function will be serialised into a single buffer to - * be sent to the server with the PSA crypto function to be called. - * - * All returned data (the function's return value and any values returned - * via `out` parameters) will similarly be serialised into a buffer to be - * sent back to the client from the server. - * - * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer" - * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions, - * psasim_serialise_foo() and psasim_deserialise_foo(). - * - * We also have psasim_serialise_foo_needs() functions, which return a - * size_t giving the number of bytes that serialising that instance of that - * type will need. This allows callers to size buffers for serialisation. - * - * Each serialised buffer starts with a version byte, bytes that indicate - * the size of basic C types, and four bytes that indicate the endianness - * (to avoid incompatibilities if we ever run this over a network - we are - * not aiming for universality, just for correctness and simplicity). - * - * Most types are serialised as a fixed-size (per type) octet string, with - * no type indication. This is acceptable as (a) this is for the test PSA crypto - * simulator only, not production, and (b) these functions are called by - * code that itself is written by script. - * - * We also want to keep serialised data reasonably compact as communication - * between client and server goes in messages of less than 200 bytes each. - * - * Many serialisation functions can be created by a script; an exemplar Perl - * script is included. It is not hooked into the build and so must be run - * manually, but is expected to be replaced by a Python script in due course. - * Types that can have their functions created by script include plain old C - * data types (e.g. int), types typedef'd to those, and even structures that - * don't contain pointers. - */ -EOF -} - -sub c_define_types_for_operation_types -{ - return <<'EOF'; - -/* include/psa/crypto_platform.h:typedef uint32_t mbedtls_psa_client_handle_t; - * but we don't get it on server builds, so redefine it here with a unique type name - */ -typedef uint32_t psasim_client_handle_t; - -typedef struct psasim_operation_s { - psasim_client_handle_t handle; -} psasim_operation_t; - -#define MAX_LIVE_HANDLES_PER_CLASS 100 /* this many slots */ -EOF -} - -sub define_operation_type_data_and_functions -{ - my ($type) = @_; # e.g. 'hash' rather than 'psa_hash_operation_t' - - my $utype = ucfirst($type); - - return < $#code; - - # Find where the ( is - my $idx = index($code[$i], "("); - die("can't find (") if $idx < 0; - - my $indent = " " x ($idx + 1); - do { - # Indent each line up until the one with the ; on it - $code[++$i] =~ s/^\s+/$indent/; - } while ($code[$i] !~ /;/); - - return join("\n", @code) . "\n"; -} diff --git a/tests/psa-client-server/psasim/src/server.c b/tests/psa-client-server/psasim/src/server.c deleted file mode 100644 index aa0c75a488..0000000000 --- a/tests/psa-client-server/psasim/src/server.c +++ /dev/null @@ -1,117 +0,0 @@ -/* psasim test server */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -/* Includes from psasim */ -#include "service.h" -#include "error_ext.h" -#include "util.h" -#include "psa_manifest/manifest.h" -#include "psa_functions_codes.h" - -/* Includes from mbedtls */ -#include "mbedtls/version.h" -#include "psa/crypto.h" - -#ifdef DEBUG -#define SERVER_PRINT(fmt, ...) \ - PRINT("Server: " fmt, ##__VA_ARGS__) -#else -#define SERVER_PRINT(...) -#endif - -#define BUF_SIZE 25 - -static int kill_on_disconnect = 0; /* Kill the server on client disconnection. */ - -void parse_input_args(int argc, char *argv[]) -{ - int opt; - - while ((opt = getopt(argc, argv, "k")) != -1) { - switch (opt) { - case 'k': - kill_on_disconnect = 1; - break; - default: - fprintf(stderr, "Usage: %s [-k]\n", argv[0]); - exit(EXIT_FAILURE); - } - } -} - -int psa_server_main(int argc, char *argv[]) -{ - psa_status_t ret = PSA_ERROR_PROGRAMMER_ERROR; - psa_msg_t msg = { -1 }; - const int magic_num = 66; - int client_disconnected = 0; - extern psa_status_t psa_crypto_call(psa_msg_t msg); - extern psa_status_t psa_crypto_close(void); - -#if defined(MBEDTLS_VERSION_C) - const char *mbedtls_version = mbedtls_version_get_string_full(); - SERVER_PRINT("%s", mbedtls_version); -#endif - - parse_input_args(argc, argv); - SERVER_PRINT("Starting"); - - while (!(kill_on_disconnect && client_disconnected)) { - psa_signal_t signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK); - - if (signals > 0) { - SERVER_PRINT("Signals: 0x%08x", signals); - } - - if (signals & PSA_CRYPTO_SIGNAL) { - if (PSA_SUCCESS == psa_get(PSA_CRYPTO_SIGNAL, &msg)) { - SERVER_PRINT("handle: %d - rhandle: %p", msg.handle, (int *) msg.rhandle); - switch (msg.type) { - case PSA_IPC_CONNECT: - SERVER_PRINT("Got a connection message"); - psa_set_rhandle(msg.handle, (void *) &magic_num); - ret = PSA_SUCCESS; - break; - case PSA_IPC_DISCONNECT: - SERVER_PRINT("Got a disconnection message"); - ret = PSA_SUCCESS; - client_disconnected = 1; - psa_crypto_close(); - break; - default: - SERVER_PRINT("Got an IPC call of type %d", msg.type); - ret = psa_crypto_call(msg); - SERVER_PRINT("Internal function call returned %d", ret); - - if (msg.client_id > 0) { - psa_notify(msg.client_id); - } else { - SERVER_PRINT("Client is non-secure, so won't notify"); - } - } - - psa_reply(msg.handle, ret); - } else { - SERVER_PRINT("Failed to retrieve message"); - } - } else if (SIGSTP_SIG & signals) { - SERVER_PRINT("Recieved SIGSTP signal. Gonna EOI it."); - psa_eoi(SIGSTP_SIG); - } else if (SIGINT_SIG & signals) { - SERVER_PRINT("Handling interrupt!"); - SERVER_PRINT("Gracefully quitting"); - psa_panic(); - } else { - SERVER_PRINT("No signal asserted"); - } - } - - return 0; -} diff --git a/tests/psa-client-server/psasim/test/kill_servers.sh b/tests/psa-client-server/psasim/test/kill_servers.sh deleted file mode 100755 index d72263791f..0000000000 --- a/tests/psa-client-server/psasim/test/kill_servers.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -set -e - -pkill psa_server || true - -# Remove temporary files -rm -f psa_notify_* - -# Remove all IPCs -# Not just ipcrm -all=msg as it is not supported on macOS. -# Filter out header and empty lines, choosing to select based on keys being -# output in hex. -ipcs -q | fgrep 0x | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true diff --git a/tests/psa-client-server/psasim/test/run_test.sh b/tests/psa-client-server/psasim/test/run_test.sh deleted file mode 100755 index f54e352532..0000000000 --- a/tests/psa-client-server/psasim/test/run_test.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# This is a simple bash script that tests psa_client/psa_server interaction. -# This script is automatically executed when "make run" is launched by the -# "psasim" root folder. The script can also be launched manually once -# binary files are built (i.e. after "make test" is executed from the "psasim" -# root folder). - -set -e - -cd "$(dirname "$0")" - -CLIENT_BIN=$1 -shift - -./kill_servers.sh - -./start_server.sh -./$CLIENT_BIN "$@" - -./kill_servers.sh diff --git a/tests/psa-client-server/psasim/test/start_server.sh b/tests/psa-client-server/psasim/test/start_server.sh deleted file mode 100755 index 1249930af1..0000000000 --- a/tests/psa-client-server/psasim/test/start_server.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -set -e - -# The server creates some local files when it starts up so we can wait for this -# event as signal that the server is ready so that we can start client(s). -function wait_for_server_startup() { - SECONDS=0 - TIMEOUT=10 - - while [ $(find . -name "psa_notify_*" | wc -l) -eq 0 ]; do - if [ "$SECONDS" -ge "$TIMEOUT" ]; then - echo "Timeout: psa_server not started within $TIMEOUT seconds." - return 1 - fi - sleep 0.1 - done -} - -$(dirname "$0")/psa_server & -wait_for_server_startup diff --git a/tests/psa-client-server/psasim/tools/psa_autogen.py b/tests/psa-client-server/psasim/tools/psa_autogen.py deleted file mode 100755 index fbc98060fe..0000000000 --- a/tests/psa-client-server/psasim/tools/psa_autogen.py +++ /dev/null @@ -1,174 +0,0 @@ -#!/usr/bin/env python3 -"""This hacky script generates a partition from a manifest file""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import json -import os -import sys -from os import listdir - -if len(sys.argv) != 2: - print("Usage: psa_autogen ") - sys.exit(1) - -FILENAME = str(sys.argv[1]) - -SCRIPT_PATH = os.path.dirname(__file__) -GENERATED_H_PATH = os.path.join(SCRIPT_PATH, "..", "include", "psa_manifest") -GENERATED_C_PATH = os.path.join(SCRIPT_PATH, "..", "src") - -MANIFEST_FILE = os.path.join(GENERATED_H_PATH, "manifest.h") -PID_FILE = os.path.join(GENERATED_H_PATH, "pid.h") -SID_FILE = os.path.join(GENERATED_H_PATH, "sid.h") - -with open(str(FILENAME), "r") as read_file: - data = json.load(read_file) - FILENAME = os.path.basename(FILENAME) - FILENAME = FILENAME.split('.')[0] - print("Base filename is " + str(FILENAME)) - - if str(data['psa_framework_version'] == "1.0"): - entry_point = str(data['entry_point']) - partition_name = str(data['name']) - services = data['services'] - try: - irqs = data['irqs'] - except KeyError: - irqs = [] - - try: - os.mkdir(GENERATED_H_PATH) - print("Generating psa_manifest directory") - except OSError: - print("PSA manifest directory already exists") - - manifest_content = [] - pids_content = [] - sids_content = [] - - if len(services) > 28: - print ("Unsupported number of services") - - count = 4 # For creating SID array - nsacl = "const int ns_allowed[32] = { " - policy = "const int strict_policy[32] = { " - qcode = "const char *psa_queues[] = { " - versions = "const uint32_t versions[32] = { " - queue_path = "psa_service_" - start = False - - for x in range(0, count): - qcode = qcode + "\"\", " - nsacl = nsacl + "0, " - policy = policy + "0, " - versions = versions + "0, " - - # Go through all the services to make sid.h and pid.h - for svc in services: - manifest_content.append("#define {}_SIGNAL 0x{:08x}".format(svc['signal'], 2**count)) - sids_content.append("#define {}_SID {}".format(svc['name'], svc['sid'])) - qcode = qcode + "\"" + queue_path + str(int(svc['sid'], 16)) + "\"," - ns_clients = svc['non_secure_clients'] - print(str(svc)) - if ns_clients == "true": - nsacl = nsacl + "1, " - else: - nsacl = nsacl + "0, " - try: - versions = versions + str(svc['minor_version']) + ", " - except KeyError: - versions = versions + "1, " - - strict = 0 - try: - if str(svc['minor_policy']).lower() == "strict": - strict = 1 - policy = policy + "1, " - else: - policy = policy + "0, " - except KeyError: - strict = 0 - policy = policy + "0, " - - count = count+1 - - sigcode = "" - handlercode = "void __sig_handler(int signo) {\n" - irqcount = count - for irq in irqs: - manifest_content.append("#define {} 0x{:08x}".format(irq['signal'], 2**irqcount)) - sigcode = sigcode + " signal({}, __sig_handler);\n".format(irq['source']) - handlercode = handlercode + \ - " if (signo == {}) {{ raise_signal(0x{:08x}); }};\n".format(irq['source'], 2**irqcount) - irqcount = irqcount+1 - - handlercode = handlercode + "}\n" - - while (count < 32): - qcode = qcode + "\"\", " - nsacl = nsacl + "0, " - versions = versions + "0, " - policy = policy + "0, " - count = count + 1 - - qcode = qcode + "};\n" - nsacl = nsacl + "};\n" - versions = versions + "};\n" - policy = policy + "};\n" - - with open(MANIFEST_FILE, "wt") as output: - output.write("\n".join(manifest_content)) - with open(SID_FILE, "wt") as output: - output.write("\n".join(sids_content)) - with open(PID_FILE, "wt") as output: - output.write("\n".join(pids_content)) - - symbols = [] - - # Go through source files and look for the entrypoint - for root, directories, filenames in os.walk(GENERATED_C_PATH): - for filename in filenames: - if "psa_ff_bootstrap" in filename or filename == "psa_manifest": - continue - try: - fullpath = os.path.join(root,filename) - with open(fullpath, encoding='utf-8') as currentFile: - text = currentFile.read() - if str(entry_point + "(") in text: - symbols.append(filename) - except IOError: - print("Couldn't open " + filename) - except UnicodeDecodeError: - pass - - print(str("Number of entrypoints detected: " + str(len(symbols)))) - if len(symbols) < 1: - print("Couldn't find function " + entry_point) - sys.exit(1) - elif len(symbols) > 1: - print("Duplicate entrypoint symbol detected: " + str(symbols)) - sys.exit(2) - else: - C_FILENAME = os.path.join(GENERATED_C_PATH, "psa_ff_bootstrap_" + partition_name + ".c") - c_content = [] - c_content.append("#include ") - c_content.append("#include \"" + symbols[0] + "\"") - c_content.append("#include ") - c_content.append(qcode) - c_content.append(nsacl) - c_content.append(policy) - c_content.append(versions) - c_content.append(handlercode) - c_content.append("int main(int argc, char *argv[]) {") - c_content.append(" (void) argc;") - c_content.append(sigcode) - c_content.append(" __init_psasim(psa_queues, 32, ns_allowed, versions," - "strict_policy);") - c_content.append(" " + entry_point + "(argc, argv);") - c_content.append("}") - with open(C_FILENAME, "wt") as output: - output.write("\n".join(c_content)) - - print("Success") From 1c2b690389a2d1a6927b54c732c2e3e0390eda1a Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 17 Nov 2025 11:44:30 +0000 Subject: [PATCH 1331/1548] Test Makefiles: Updated location of psasim Signed-off-by: Minos Galanakis --- scripts/common.make | 3 ++- tests/Makefile | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/common.make b/scripts/common.make index cc63bb7e77..0082bd98ee 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -15,7 +15,8 @@ ifndef MBEDTLS_PATH MBEDTLS_PATH := .. endif -PSASIM_PATH=$(MBEDTLS_PATH)/tests/psa-client-server/psasim +PSASIM_PATH?=$(abspath $(MBEDTLS_PATH)/framework/psasim) + ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make)) # Use the define keyword to get a multi-line message. diff --git a/tests/Makefile b/tests/Makefile index b24c4ef9e2..45d12b72de 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -196,7 +196,7 @@ $(CRYPTO_BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_ clean: ifndef WINDOWS - $(MAKE) -C psa-client-server/psasim clean + $(MAKE) -C $(PSASIM_PATH) clean rm -rf $(BINARIES) *.c *.datax rm -rf $(CRYPTO_BINARIES) ../tf-psa-crypto/tests/*.c ../tf-psa-crypto/tests/*.datax rm -f src/*.o src/test_helpers/*.o src/libmbed* From 9b49d5dbdedc4b7758be9f7ecb3c42c29e556c5d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Jan 2026 17:56:34 +0100 Subject: [PATCH 1332/1548] library: ssl: fix documentation of IANA TLS group info Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 225736fce7..baf889ba62 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3660,21 +3660,25 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ -/* +/** * This structure defines the correpondence between IANA's TLS-ID and its * corresponding group name. * This is used in macro #MBEDTLS_SSL_IANA_TLS_GROUPS_INFO to define the list * of known TLS IDs and corresponding group names. + * + * Future versions of the library might add new fields to this structure. */ typedef struct { uint16_t tls_id; const char *group_name; } mbedtls_ssl_iana_tls_group_info_t; -/* - * Initializer for a list of known "TLS ID" <-> "group name". - * Each entry is a structure of type mbedtls_ssl_iana_tls_group_info_t. - * The last entry has 'tls_id = 0' and 'group_name = NULL'. +/** + * Initializer for a list of known TLS 1.2 named elliptic curves and + * TLS 1.3 groups, with their names. + * + * Each entry is a structure of type #mbedtls_ssl_iana_tls_group_info_t. + * The last entry has `tls_id = 0` and `group_name = NULL`. */ #define MBEDTLS_SSL_IANA_TLS_GROUPS_INFO \ { \ @@ -3696,7 +3700,7 @@ typedef struct { } #if defined(MBEDTLS_DEBUG_C) -/* +/** * List of known "TLS ID" <-> "group name". * #MBEDTLS_SSL_IANA_TLS_GROUPS_INFO is used to initialized the list. */ From 476a2edea7c068b2b58ddf33009a456591350779 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Jan 2026 23:37:50 +0100 Subject: [PATCH 1333/1548] library: extend mbedtls_ssl_iana_tls_group_info_t structure Add new field that tells if the corresponding group is supported or not in the current build. Test function "test_mbedtls_ssl_get_supported_group_list" is extended to verify this new feature. Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 119 ++++++++++++++++++++++----- tests/suites/test_suite_ssl.function | 13 ++- 2 files changed, 109 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index baf889ba62..95f3c3e22c 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3661,18 +3661,93 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ /** - * This structure defines the correpondence between IANA's TLS-ID and its - * corresponding group name. - * This is used in macro #MBEDTLS_SSL_IANA_TLS_GROUPS_INFO to define the list - * of known TLS IDs and corresponding group names. + * This structure defines each entry of the macro #MBEDTLS_SSL_IANA_TLS_GROUPS_INFO. * - * Future versions of the library might add new fields to this structure. + * \note Future versions of the library might add new fields to this structure. */ typedef struct { + /** TLS-ID */ uint16_t tls_id; + + /** Group name */ const char *group_name; + + /** 1 if the group is supported; 0 otherwise */ + uint8_t is_supported; } mbedtls_ssl_iana_tls_group_info_t; +/* Helpers to check which PSA_WANT_xxx symbols are defined for groups. */ +#if defined(PSA_WANT_ECC_MONTGOMERY_255) +#define MBEDTLS_SSL_HAVE_GROUP_X25519 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_X25519 0 +#endif +#if defined(PSA_WANT_ECC_SECP_R1_256) +#define MBEDTLS_SSL_HAVE_GROUP_SECP256R1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_SECP256R1 0 +#endif +#if defined(PSA_WANT_ECC_SECP_K1_256) +#define MBEDTLS_SSL_HAVE_GROUP_SECP256K1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_SECP256K1 0 +#endif +#if defined(PSA_WANT_ECC_SECP_R1_384) +#define MBEDTLS_SSL_HAVE_GROUP_SECP384R1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_SECP384R1 0 +#endif +#if defined(PSA_WANT_ECC_MONTGOMERY_448) +#define MBEDTLS_SSL_HAVE_GROUP_X448 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_X448 0 +#endif +#if defined(PSA_WANT_ECC_SECP_R1_521) +#define MBEDTLS_SSL_HAVE_GROUP_SECP521R1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_SECP521R1 0 +#endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) +#define MBEDTLS_SSL_HAVE_GROUP_BP256R1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_BP256R1 0 +#endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) +#define MBEDTLS_SSL_HAVE_GROUP_BP384R1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_BP384R1 0 +#endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) +#define MBEDTLS_SSL_HAVE_GROUP_BP512R1 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_BP512R1 0 +#endif +#if defined(PSA_WANT_DH_RFC7919_2048) +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE2048 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE2048 0 +#endif +#if defined(PSA_WANT_DH_RFC7919_3072) +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE3072 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE3072 0 +#endif +#if defined(PSA_WANT_DH_RFC7919_4096) +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE4096 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE4096 0 +#endif +#if defined(PSA_WANT_DH_RFC7919_6144) +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE6144 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE6144 0 +#endif +#if defined(PSA_WANT_DH_RFC7919_8192) +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE8192 1 +#else +#define MBEDTLS_SSL_HAVE_GROUP_FFDHE8192 0 +#endif + /** * Initializer for a list of known TLS 1.2 named elliptic curves and * TLS 1.3 groups, with their names. @@ -3680,23 +3755,23 @@ typedef struct { * Each entry is a structure of type #mbedtls_ssl_iana_tls_group_info_t. * The last entry has `tls_id = 0` and `group_name = NULL`. */ -#define MBEDTLS_SSL_IANA_TLS_GROUPS_INFO \ - { \ - { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192" }, \ - { MBEDTLS_SSL_IANA_TLS_GROUP_NONE, NULL } \ +#define MBEDTLS_SSL_IANA_TLS_GROUPS_INFO \ + { \ + { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", MBEDTLS_SSL_HAVE_GROUP_X25519 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", MBEDTLS_SSL_HAVE_GROUP_SECP256R1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", MBEDTLS_SSL_HAVE_GROUP_SECP256K1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", MBEDTLS_SSL_HAVE_GROUP_SECP384R1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", MBEDTLS_SSL_HAVE_GROUP_X448 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", MBEDTLS_SSL_HAVE_GROUP_SECP521R1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", MBEDTLS_SSL_HAVE_GROUP_BP256R1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", MBEDTLS_SSL_HAVE_GROUP_BP384R1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", MBEDTLS_SSL_HAVE_GROUP_BP512R1 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", MBEDTLS_SSL_HAVE_GROUP_FFDHE2048 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", MBEDTLS_SSL_HAVE_GROUP_FFDHE3072 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", MBEDTLS_SSL_HAVE_GROUP_FFDHE4096 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", MBEDTLS_SSL_HAVE_GROUP_FFDHE6144 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", MBEDTLS_SSL_HAVE_GROUP_FFDHE8192 }, \ + { MBEDTLS_SSL_IANA_TLS_GROUP_NONE, NULL, 1 } \ } #if defined(MBEDTLS_DEBUG_C) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c63ad65bd2..55f9965542 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3580,15 +3580,26 @@ void test_mbedtls_ssl_get_supported_group_list(int iana_group_id, int is_availab const uint16_t *list = mbedtls_ssl_get_supported_group_list(); int found = 0; + /* First: go through the list returned by mbedtls_ssl_get_supported_group_list() and + * check that the specified group ID is supported/unsupported as expected. */ for (int i = 0; list[i] != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; i++) { if (list[i] == iana_group_id) { found = 1; break; } } - TEST_EQUAL(found, is_available); + /* Second: check that supported/unsupported property for the specified group is also + * correctly set in the array initialized by MBEDTLS_SSL_IANA_TLS_GROUP_NONE. */ + mbedtls_ssl_iana_tls_group_info_t group_info_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO; + mbedtls_ssl_iana_tls_group_info_t *ptr; + for (ptr = &group_info_table[0]; ptr->tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; ptr++) { + if (ptr->tls_id == iana_group_id) { + TEST_EQUAL(ptr->is_supported, is_available); + } + } + exit:; } /* END_CASE */ From 7663b9c72760b7058ab423db491f680897ff8388 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 28 Jan 2026 16:34:54 +0000 Subject: [PATCH 1334/1548] Updated framework pointer Signed-off-by: Minos Galanakis --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index ee399cc257..421f7a29f7 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit ee399cc257e84c2c5328d866335053d05b3b169c +Subproject commit 421f7a29f79e535fc6497b6cb4767cd7023db20b From d8239083355f0b4a991acaad3c8fd66494a6fbce Mon Sep 17 00:00:00 2001 From: hi Date: Mon, 26 Jan 2026 20:09:48 +0800 Subject: [PATCH 1335/1548] fix: Disabling the MBEDTLS_SSL_CLI_C feature caused a compilation error: unused parameter "ssl". Signed-off-by: hi --- library/ssl_msg.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index d4b915aa74..d0f281975a 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5412,6 +5412,8 @@ static int ssl_tls13_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl) #endif } } +#else + (void)ssl; #endif /* MBEDTLS_SSL_CLI_C */ /* Fail in all other cases. */ From 4987340d24c2934ceae06f47f749649cacea3ce0 Mon Sep 17 00:00:00 2001 From: hi Date: Thu, 29 Jan 2026 00:14:36 +0800 Subject: [PATCH 1336/1548] fix code style in ssl_msg.c and add signoff Signed-off-by: hi --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index d0f281975a..7e91a441e6 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5413,7 +5413,7 @@ static int ssl_tls13_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl) } } #else - (void)ssl; + (void) ssl; #endif /* MBEDTLS_SSL_CLI_C */ /* Fail in all other cases. */ From 7bba265eed2fcd3940ef407b6c301868f73ede25 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 30 Jan 2026 12:23:16 +0000 Subject: [PATCH 1337/1548] Add link to TF-PSA-Crypto SECURITY.md To avoid confusion about the threat model of cryptographic code, add a link to the SECURITY.md of TF-PSA-Crypto. This should help users who are unaware that the cryptography has been split into a separate repository. Signed-off-by: David Horstmann --- SECURITY.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 98cb59bd1c..7059970bb8 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -19,6 +19,12 @@ Only the maintained branches, as listed in [`BRANCHES.md`](BRANCHES.md), get security fixes. Users are urged to always use the latest version of a maintained branch. +## Use of TF-PSA-Crypto + +Note that Mbed TLS uses the cryptography API provided by TF-PSA-Crypto. Its +security policy can be found +[here](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/SECURITY.md). + ## Threat model We classify attacks based on the capabilities of the attacker. From 8b1d9e49d9032bf228e2008f5012bab0fc3a0554 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 30 Jan 2026 14:51:59 +0000 Subject: [PATCH 1338/1548] Reword to be more specific Specify that the cryptographic operations of Mbed TLS are governed by its threat model and point specifically to block ciphers as an important case of this. Signed-off-by: David Horstmann --- SECURITY.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 7059970bb8..e36162abd7 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -21,9 +21,13 @@ Users are urged to always use the latest version of a maintained branch. ## Use of TF-PSA-Crypto -Note that Mbed TLS uses the cryptography API provided by TF-PSA-Crypto. Its -security policy can be found -[here](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/SECURITY.md). +Note that Mbed TLS uses the cryptography API provided by TF-PSA-Crypto. +Its +[threat model](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/SECURITY.md#threat-model) +applies to all cryptographic operations performed by Mbed TLS. In particular, +users of Mbed TLS should note the considerations around +[block ciphers](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/SECURITY.md#block-ciphers) +since they apply to the block ciphers used in TLS. ## Threat model From c3f585b8ee9c6239a2dcee8affdb70be83ebd043 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 30 Jan 2026 22:02:08 +0100 Subject: [PATCH 1339/1548] tests: ssl: fix typo in comment in test_mbedtls_ssl_get_supported_group_list Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 55f9965542..a12acfe83e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3591,7 +3591,7 @@ void test_mbedtls_ssl_get_supported_group_list(int iana_group_id, int is_availab TEST_EQUAL(found, is_available); /* Second: check that supported/unsupported property for the specified group is also - * correctly set in the array initialized by MBEDTLS_SSL_IANA_TLS_GROUP_NONE. */ + * correctly set in the array initialized by MBEDTLS_SSL_IANA_TLS_GROUP_INFO. */ mbedtls_ssl_iana_tls_group_info_t group_info_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO; mbedtls_ssl_iana_tls_group_info_t *ptr; for (ptr = &group_info_table[0]; ptr->tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; ptr++) { From 318e4314dfc7e591e265903f57acdf20a13a3371 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 2 Feb 2026 13:38:03 +0100 Subject: [PATCH 1340/1548] changelog: add notes about helpers added to get list of known/supported TLS groups Signed-off-by: Valerio Setti --- ChangeLog.d/issue10349.txt | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ChangeLog.d/issue10349.txt diff --git a/ChangeLog.d/issue10349.txt b/ChangeLog.d/issue10349.txt new file mode 100644 index 0000000000..ab47659ed8 --- /dev/null +++ b/ChangeLog.d/issue10349.txt @@ -0,0 +1,8 @@ +Features + * Function mbedtls_ssl_get_supported_group_list() is added to return the list + of supported groups IDs (curves and finite fields). + * MBEDTLS_SSL_IANA_TLS_GROUPS_INFO is added to allow defining the list of + mbedtls_ssl_iana_tls_group_info_t items which represent known TLS groups + with corresponding informations. + If MBEDTLS_DEBUG_C is also enabled then mbedtls_ssl_iana_tls_group_info is + also available as implementation of such list. From 86c40c1b0d442d8fcef4441e8dbf229e184df45a Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 14 Jan 2026 15:49:33 +0000 Subject: [PATCH 1341/1548] Add new X509 verification result for 'not started' Add a new verification result bitflag MBEDTLS_X509_VERIFY_NOT_STARTED to use as a safe initial value for verify_result. This is better than the current initial value which is 0 (indicating success). Signed-off-by: David Horstmann --- include/mbedtls/x509.h | 1 + include/mbedtls/x509_crt.h | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 130c427c4f..b52c988386 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -104,6 +104,7 @@ #define MBEDTLS_X509_BADCRL_BAD_MD 0x020000 /**< The CRL is signed with an unacceptable hash. */ #define MBEDTLS_X509_BADCRL_BAD_PK 0x040000 /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */ #define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000 /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */ +#define MBEDTLS_X509_VERIFY_NOT_STARTED 0x100000 /**< No verification has yet been performed (used as a safe initial value). */ /** \} name X509 Verify codes */ /** \} addtogroup x509_module */ diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 8ee7c464af..90f58ee552 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -207,7 +207,10 @@ mbedtls_x509_crt_profile; "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).") \ X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_KEY, \ "MBEDTLS_X509_BADCRL_BAD_KEY", \ - "The CRL is signed with an unacceptable key (eg bad curve, RSA too short).") + "The CRL is signed with an unacceptable key (eg bad curve, RSA too short).") \ + X509_CRT_ERROR_INFO(MBEDTLS_X509_VERIFY_NOT_STARTED, \ + "MBEDTLS_X509_VERIFY_NOT_STARTED", \ + "No verification has yet been performed.") /** * Container for writing a certificate (CRT) From dea75cbb881dc1f64e8f353dd59d535425b57a39 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 3 Sep 2025 11:21:00 +0100 Subject: [PATCH 1342/1548] Set verify_result to failure by default At initialization, set the verify_result field of the ssl session to MBEDTLS_X509_VERIFY_NOT_STARTED, rather than 0 as it is by default currently. This prevents mbedtls_ssl_get_verify_result() from indicating that certificate verification has passed if it is called prior to the handshake happening. Signed-off-by: David Horstmann --- library/ssl_tls.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 54129891a7..2b8f8919c5 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -954,6 +954,8 @@ void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform) void mbedtls_ssl_session_init(mbedtls_ssl_session *session) { memset(session, 0, sizeof(mbedtls_ssl_session)); + /* Set verify_result to indicate failure by default. */ + session->verify_result = MBEDTLS_X509_VERIFY_NOT_STARTED; } MBEDTLS_CHECK_RETURN_CRITICAL From 0ecde06ce957c4629a7ed13a2ac37421505d4693 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 7 Oct 2025 16:07:57 +0100 Subject: [PATCH 1343/1548] Add non-regression test for verify_result init Write a testcase to get verify_result before we have performed a handshake and make sure that it is initialised to a failure value. Signed-off-by: David Horstmann --- tests/suites/test_suite_ssl.data | 3 +++ tests/suites/test_suite_ssl.function | 33 ++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 6b9c73f11e..31baf27373 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3527,3 +3527,6 @@ ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_3:1:MBEDTLS_SSL_SERVER_CERTI TLS fatal alert getter ssl_get_alert_after_fatal + +Default verify_result before doing a handshake +verify_result_without_handshake diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index d27d959232..a02051b704 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -6040,3 +6040,36 @@ exit: USE_PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +void verify_result_without_handshake(void) +{ + /* Test the result of verification before we perform a handshake. */ + mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; + + PSA_INIT(); + + mbedtls_ssl_init(&ssl); + mbedtls_ssl_config_init(&conf); + + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT), 0); + + mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); + mbedtls_ssl_conf_ca_chain(&conf, NULL, NULL); + + TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); + + uint32_t verify_result = mbedtls_ssl_get_verify_result(&ssl); + + TEST_EQUAL(verify_result, MBEDTLS_X509_VERIFY_NOT_STARTED); + +exit: + mbedtls_ssl_config_free(&conf); + mbedtls_ssl_free(&ssl); + PSA_DONE(); +} +/* END_CASE */ From e29d7be48e95647236275fb8dff936b4b565b544 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 8 Oct 2025 10:49:24 +0100 Subject: [PATCH 1344/1548] Add ChangeLog entry for verify_result hardening Signed-off-by: David Horstmann --- ChangeLog.d/verify-result-default-value.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/verify-result-default-value.txt diff --git a/ChangeLog.d/verify-result-default-value.txt b/ChangeLog.d/verify-result-default-value.txt new file mode 100644 index 0000000000..d85dfe2670 --- /dev/null +++ b/ChangeLog.d/verify-result-default-value.txt @@ -0,0 +1,5 @@ +Changes + * Harden mbedtls_ssl_get_verify_result() against misuse. + Return failure if the handshake has not yet been attempted. Previously + the result of verification was zero-initialized so the function would + return 0 (indicating success). From 687a1ba9070a6269c522075d92e5068ff9a90eae Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 28 Jan 2026 17:49:19 +0000 Subject: [PATCH 1345/1548] Switch to a default value of -1u Since we explicitly document the value 0xFFFFFFFF or -1u as representing 'result not available', we can use it as a sensible default value without creating an API change. Use this value instead of introducing a new verification result value. Signed-off-by: David Horstmann --- include/mbedtls/x509.h | 1 - include/mbedtls/x509_crt.h | 5 +---- library/ssl_tls.c | 4 ++-- tests/suites/test_suite_ssl.function | 2 +- 4 files changed, 4 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index b52c988386..130c427c4f 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -104,7 +104,6 @@ #define MBEDTLS_X509_BADCRL_BAD_MD 0x020000 /**< The CRL is signed with an unacceptable hash. */ #define MBEDTLS_X509_BADCRL_BAD_PK 0x040000 /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */ #define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000 /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */ -#define MBEDTLS_X509_VERIFY_NOT_STARTED 0x100000 /**< No verification has yet been performed (used as a safe initial value). */ /** \} name X509 Verify codes */ /** \} addtogroup x509_module */ diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 90f58ee552..8ee7c464af 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -207,10 +207,7 @@ mbedtls_x509_crt_profile; "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).") \ X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_KEY, \ "MBEDTLS_X509_BADCRL_BAD_KEY", \ - "The CRL is signed with an unacceptable key (eg bad curve, RSA too short).") \ - X509_CRT_ERROR_INFO(MBEDTLS_X509_VERIFY_NOT_STARTED, \ - "MBEDTLS_X509_VERIFY_NOT_STARTED", \ - "No verification has yet been performed.") + "The CRL is signed with an unacceptable key (eg bad curve, RSA too short).") /** * Container for writing a certificate (CRT) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2b8f8919c5..ce93417d73 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -954,8 +954,8 @@ void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform) void mbedtls_ssl_session_init(mbedtls_ssl_session *session) { memset(session, 0, sizeof(mbedtls_ssl_session)); - /* Set verify_result to indicate failure by default. */ - session->verify_result = MBEDTLS_X509_VERIFY_NOT_STARTED; + /* Set verify_result to -1u to indicate 'result not available'. */ + session->verify_result = 0xFFFFFFFF; } MBEDTLS_CHECK_RETURN_CRITICAL diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index a02051b704..f002f468e9 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -6065,7 +6065,7 @@ void verify_result_without_handshake(void) uint32_t verify_result = mbedtls_ssl_get_verify_result(&ssl); - TEST_EQUAL(verify_result, MBEDTLS_X509_VERIFY_NOT_STARTED); + TEST_EQUAL(verify_result, 0xFFFFFFFF); exit: mbedtls_ssl_config_free(&conf); From ff51a1a1769ee1ec2f56b18aca5f34075c21552c Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 5 Feb 2026 14:17:47 +0000 Subject: [PATCH 1346/1548] Initialize verify_result in session free Initialize the verify_result field in mbedtls_ssl_session_free(). Previously we were just zeroising the entire session object, which would yield a default 'success' value if the same object were reused. Test that this initialisation is actually happening by setting verify_result manually to zero and calling mbedtls_ssl_session_free() on the session before checking its value. Signed-off-by: David Horstmann --- library/ssl_tls.c | 3 +++ tests/suites/test_suite_ssl.function | 10 ++++++++++ 2 files changed, 13 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ce93417d73..ceae9b9a3e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4571,6 +4571,9 @@ void mbedtls_ssl_session_free(mbedtls_ssl_session *session) #endif mbedtls_platform_zeroize(session, sizeof(mbedtls_ssl_session)); + + /* Set verify_result to -1u to indicate 'result not available'. */ + session->verify_result = 0xFFFFFFFF; } #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index f002f468e9..06fc4b3032 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -6067,6 +6067,16 @@ void verify_result_without_handshake(void) TEST_EQUAL(verify_result, 0xFFFFFFFF); + /* Set the verify result manually and check that session_free resets it. */ + + /* Set the verify result to 0. */ + ssl.session_negotiate->verify_result = 0; + + mbedtls_ssl_session_free(ssl.session_negotiate); + + verify_result = mbedtls_ssl_get_verify_result(&ssl); + TEST_EQUAL(verify_result, 0xFFFFFFFF); + exit: mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); From 4cce03530a9d887a0ccb2afadad3cb749769cc2c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Feb 2026 14:50:00 +0100 Subject: [PATCH 1347/1548] Remove unused variable Signed-off-by: Gilles Peskine --- scripts/bump_version.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index 9966dea63b..d76f160f9e 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -15,7 +15,6 @@ set -e VERSION="" -SOVERSION="" # Parse arguments # From 05d8c712023e4979f3293e1a15bdc87b58c59fd1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Feb 2026 14:50:23 +0100 Subject: [PATCH 1348/1548] Don't treat --help as an error Signed-off-by: Gilles Peskine --- scripts/bump_version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index d76f160f9e..529d84751e 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -51,7 +51,7 @@ do echo -e " --so-x509 \tSO version to bump libmbedx509 to." echo -e " --so-tls \tSO version to bump libmbedtls to." echo -e " -v|--verbose\t\tVerbose." - exit 1 + exit 0 ;; *) # print error From f7b4b5aac088c3a105e454bb0bfa98f09f6fc7c9 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 2 Oct 2025 15:52:59 +0100 Subject: [PATCH 1349/1548] Add malicious ip test for inet_pton Signed-off-by: Janos Follath --- tests/suites/test_suite_x509parse.data | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 0ca27a9d68..4fc5054b49 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1170,6 +1170,9 @@ x509_crt_parse_cn_inet_pton:"\:\:ffff\:1111.2.3.4":"":0 X509 CRT parse CN: IPv6 invalid address IPv4-mapped #3 x509_crt_parse_cn_inet_pton:"\:\:1.2.3.4\:ffff":"":0 +X509 CRT parse CN: IPv6 invalid address IPv4-mapped #4 +x509_crt_parse_cn_inet_pton:"1.2.3.4\:":"":0 + X509 CRT verification with ca callback: failure depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK x509_verify_ca_cb_failure:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"NULL":MBEDTLS_ERR_X509_FATAL_ERROR From 346720d674728b8600a8e8d2696a00dd5c38592d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 2 Oct 2025 15:53:56 +0100 Subject: [PATCH 1350/1548] Add ASan to test_sw_inet_pton Signed-off-by: Janos Follath --- tests/scripts/components-configuration-x509.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-configuration-x509.sh b/tests/scripts/components-configuration-x509.sh index 8010a2a2e6..66e9b16da8 100644 --- a/tests/scripts/components-configuration-x509.sh +++ b/tests/scripts/components-configuration-x509.sh @@ -28,8 +28,9 @@ component_test_sw_inet_pton () { # MBEDTLS_TEST_HOOKS required for x509_crt_parse_cn_inet_pton scripts/config.py set MBEDTLS_TEST_HOOKS - $MAKE_COMMAND CFLAGS="-DMBEDTLS_TEST_SW_INET_PTON" + CC=$ASAN_CC CFLAGS="-DMBEDTLS_TEST_SW_INET_PTON" cmake -D CMAKE_BUILD_TYPE:String=Asan . + make msg "test: default plus MBEDTLS_TEST_SW_INET_PTON" - $MAKE_COMMAND test + make test } From d5e7465ea07bb708c82a1710a2867596e7e78b2e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 20 Jan 2026 18:19:33 +0000 Subject: [PATCH 1351/1548] inet_pton: help ASan find the underflow The generated unit tests have the input parameters in large stack buffers and therefore ASan doesn't notice under or overflows in them. Copy the input parameter into a locally allocated buffer to trigger ASan if something goes wrong. Signed-off-by: Janos Follath --- tests/suites/test_suite_x509parse.function | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index e892ab9a9e..25d229d6f1 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -488,12 +488,22 @@ exit: void x509_crt_parse_cn_inet_pton(const char *cn, data_t *exp, int ref_ret) { uint32_t addr[4]; - size_t addrlen = mbedtls_x509_crt_parse_cn_inet_pton(cn, addr); + + char *cn_local = NULL; + size_t cn_local_len = strlen(cn) + 1; + TEST_CALLOC(cn_local, cn_local_len); + memcpy(cn_local, cn, cn_local_len); + + size_t addrlen = mbedtls_x509_crt_parse_cn_inet_pton(cn_local, addr); TEST_EQUAL(addrlen, (size_t) ref_ret); if (addrlen) { TEST_MEMORY_COMPARE(exp->x, exp->len, addr, addrlen); } + +exit: + mbedtls_free(cn_local); + } /* END_CASE */ From 1a127e3c892076dd9725fce2ee10015eb20448f4 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 20 Jan 2026 18:46:52 +0000 Subject: [PATCH 1352/1548] inet_pton: fix buggy condition The flawed condition made us accept invalid IPv6 addresses and in some cases lead to a buffer underread. Signed-off-by: Janos Follath --- library/x509_crt.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 59c3204467..25a4bbaf68 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2719,8 +2719,12 @@ static int x509_inet_pton_ipv6(const char *src, void *dst) if (*p == '\0') { break; } else if (*p == '.') { - /* Don't accept IPv4 too early or late */ - if ((nonzero_groups == 0 && zero_group_start == -1) || + /* Don't accept IPv4 too early or late: + * - The first 6 nonzero groups must be 16 bit pieces of address delimited by ':' + * - This might be fully or partially represented with compressed syntax (a zero + * group "::") + */ + if ((nonzero_groups < 6 && zero_group_start == -1) || nonzero_groups >= 7) { break; } From 57f189887bf72268d3de042cf1437e324f022708 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 21 Jan 2026 09:16:07 +0000 Subject: [PATCH 1353/1548] Add ChangeLog entry Signed-off-by: Janos Follath --- ChangeLog.d/inet_pton.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/inet_pton.txt diff --git a/ChangeLog.d/inet_pton.txt b/ChangeLog.d/inet_pton.txt new file mode 100644 index 0000000000..526cd9be5f --- /dev/null +++ b/ChangeLog.d/inet_pton.txt @@ -0,0 +1,4 @@ +Security + * Fix a limited buffer underflow in x509_inet_pton_ipv6(). In rare cases + (e.g. on platforms with memory protection when the overread crosses page + boundary) this could lead to DoS. Found and reported by Haruto Kimura. From 50376926a7356c25da12f1d2e66cacf2d3e9bbcb Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 21 Jan 2026 17:29:07 +0000 Subject: [PATCH 1354/1548] inet_pton: simplify IPv4 walkback loop Signed-off-by: Janos Follath --- library/x509_crt.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 25a4bbaf68..028ae8bf14 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2729,16 +2729,15 @@ static int x509_inet_pton_ipv6(const char *src, void *dst) break; } - /* Walk back to prior ':', then parse as IPv4-mapped */ - int steps = 4; + /* Walk back to prior ':', then parse as IPv4-mapped. + * At this point nonzero_groups == 6 or zero_group_start >= 0. Either way we have a + * ':' before the current position and still inside the buffer. Thus it is safe to + * search back for that ':' without any further checks. + */ do { p--; - steps--; - } while (*p != ':' && steps > 0); + } while (*p != ':'); - if (*p != ':') { - break; - } p++; nonzero_groups--; if (x509_inet_pton_ipv4((const char *) p, From d3a85826065b86195dbd4c4511c21e1748c9784d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 12 Feb 2026 11:47:24 +0100 Subject: [PATCH 1355/1548] Actually check committed generated files We were accidentally running the check in TF-PSA-Crypto instead of in Mbed TLS. Signed-off-by: Gilles Peskine --- tests/scripts/components-basic-checks.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 199396df30..0c5a0b19fd 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -43,6 +43,7 @@ component_check_generated_files () { cd $TF_PSA_CRYPTO_ROOT_DIR ./framework/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR/tf-psa-crypto" --check + cd "$MBEDTLS_ROOT_DIR" # This component ends with the generated files present in the source tree. # This is necessary for subsequent components! From 384a16746fed5797b95f7dde8721f5212783408f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 11 Feb 2026 14:31:29 +0100 Subject: [PATCH 1356/1548] library: check_config: remove redundant check on hash algorithms for TLS 1.2 TLS-PRF uses either SHA-256 and SHA-384, so the removed paragraph was not correct. The correct version is already available few lines below in the same header file. Signed-off-by: Valerio Setti --- library/mbedtls_check_config.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/library/mbedtls_check_config.h b/library/mbedtls_check_config.h index 855e4e3674..96b892e038 100644 --- a/library/mbedtls_check_config.h +++ b/library/mbedtls_check_config.h @@ -142,11 +142,6 @@ "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx" #endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - !(defined(PSA_WANT_ALG_SHA_1) || defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_512)) -#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_SSL_EARLY_DATA) && \ ( !defined(MBEDTLS_SSL_SESSION_TICKETS) || \ ( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \ From 607f725563dc934e65487db6c41398027ca24d77 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 16 Feb 2026 10:57:09 +0000 Subject: [PATCH 1357/1548] Set verify_result in non-verification cases When we are using PSK or when authmode == MBEDTLS_SSL_VERIFY_NONE, we intentionally do not verify the certificate. In these cases, do not keep verify_result at -1u but set it to MBEDTLS_X509_BADCERT_SKIP_VERIFY to indicate that no certificate verification took place. Signed-off-by: David Horstmann --- library/ssl_tls.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ceae9b9a3e..09e1ebf574 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2018,6 +2018,9 @@ int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } + /* Since we're not using a certificate, set verify_result to skipped */ + ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; + /* Allow calling psa_destroy_key() on psk remove */ ssl->handshake->psk_opaque_is_internal = 1; return mbedtls_ssl_set_hs_psk_opaque(ssl, key); @@ -6980,6 +6983,7 @@ static int ssl_parse_certificate_coordinate(mbedtls_ssl_context *ssl, ssl->handshake->ciphersuite_info; if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { + ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; return SSL_CERTIFICATE_SKIP; } @@ -8695,6 +8699,7 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, void *rs_ctx) { if (authmode == MBEDTLS_SSL_VERIFY_NONE) { + ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; return 0; } From 24c80cc536dc5f3606026c594a8eccf45b7587d6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 16 Feb 2026 16:49:11 +0100 Subject: [PATCH 1358/1548] Update tf-psa-crypto with mldsa-native Signed-off-by: Gilles Peskine --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index f7ad6b6931..4587e3f861 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit f7ad6b6931e179c2e40b3d04f3e6d207a7e3c36e +Subproject commit 4587e3f861c29a8aa1439078aef4ed593d07a34b From 26e1a7c5c80d10faab7d95231bfe514b976a99f4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 16 Feb 2026 16:49:26 +0100 Subject: [PATCH 1359/1548] Update framework with XOF support in psasim Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 421f7a29f7..4a57bd209d 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 421f7a29f79e535fc6497b6cb4767cd7023db20b +Subproject commit 4a57bd209dd9cfd6170573c8da5452daf84190f3 From 37e3dcf00d84f4783282d197549e85399a3ad7c7 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 16 Feb 2026 16:18:01 +0000 Subject: [PATCH 1360/1548] Reword ChangeLog entry We do not return failure, but return -1u which is documented as a value that indicates that the result is not available. Signed-off-by: David Horstmann --- ChangeLog.d/verify-result-default-value.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/verify-result-default-value.txt b/ChangeLog.d/verify-result-default-value.txt index d85dfe2670..2cf3f0c21b 100644 --- a/ChangeLog.d/verify-result-default-value.txt +++ b/ChangeLog.d/verify-result-default-value.txt @@ -1,5 +1,5 @@ Changes * Harden mbedtls_ssl_get_verify_result() against misuse. - Return failure if the handshake has not yet been attempted. Previously - the result of verification was zero-initialized so the function would - return 0 (indicating success). + If the handshake has not yet been attempted, return -1u to indicate + that the result is not available. Previously the result of verification + was zero-initialized so the function would return 0 (indicating success). From 059fe77e4b61b3f409439f9463baac4b71b3cf3f Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 16 Feb 2026 16:59:20 +0000 Subject: [PATCH 1361/1548] Fix missing type conversion in the TLS-Exporter In the TLS-Exporter for TLS 1.3 we mistakenly call PSA_HASH_LENGTH() on an mbedtls_md_type_t when it should be called on a psa_algorithm_t. Fortunately, these two types have almost the same values, since we have previously aligned them to make conversion more efficient. As a result, PSA_HASH_LENGTH() produces exactly the same value when called on an mbedtls_md_type_t as with the equivalent psa_algorithm_t. Thanks to this happy coincidence, fix a largely cosmetic issue (rather than a major functional bug). Signed-off-by: David Horstmann --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 54129891a7..b803c79c8c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8938,7 +8938,7 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, const size_t context_len) { const psa_algorithm_t psa_hash_alg = mbedtls_md_psa_alg_from_type(hash_alg); - const size_t hash_len = PSA_HASH_LENGTH(hash_alg); + const size_t hash_len = PSA_HASH_LENGTH(psa_hash_alg); const unsigned char *secret = ssl->session->app_secrets.exporter_master_secret; /* The length of the label must be at most 249 bytes to fit into the HkdfLabel From 29eb9886694ebfd14bbe2601584173138657da6c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 14 Jan 2026 16:15:30 +0100 Subject: [PATCH 1362/1548] Update framework pointer Signed-off-by: Ronald Cron --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 4a57bd209d..8ed11c99fe 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 4a57bd209dd9cfd6170573c8da5452daf84190f3 +Subproject commit 8ed11c99fe9e6d4d96289ebc1e134949421be917 From 57b29c2fe5fa0ebb4403b7b9049a0a40f795c9a5 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 20 Jan 2026 16:03:47 +0100 Subject: [PATCH 1363/1548] Introduce branch specific make_generated_files.py Introduce branch specific make_generated_files.py and use it in the development branch. Signed-off-by: Ronald Cron --- scripts/make_generated_files.bat | 2 +- scripts/make_generated_files.py | 81 ++++++++++++++++++++++++ tests/scripts/components-basic-checks.sh | 8 +-- 3 files changed, 86 insertions(+), 5 deletions(-) create mode 100755 scripts/make_generated_files.py diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index f10b23b705..1c3536306e 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -12,4 +12,4 @@ python framework\scripts\make_generated_files.py || exit /b 1 cd .. @rem @@@@ mbedtls @@@@ -python framework\scripts\make_generated_files.py || exit /b 1 +python scripts\make_generated_files.py || exit /b 1 diff --git a/scripts/make_generated_files.py b/scripts/make_generated_files.py new file mode 100755 index 0000000000..93f93df811 --- /dev/null +++ b/scripts/make_generated_files.py @@ -0,0 +1,81 @@ +#!/usr/bin/env python3 +"""Generate, check and list the generated files +""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +import sys +from pathlib import Path + +import framework_scripts_path # pylint: disable=unused-import + +from mbedtls_framework import build_tree +from mbedtls_framework import generated_files +from mbedtls_framework.generated_files import GenerationScript, get_generation_script_files + +GENERATION_SCRIPTS = [ + GenerationScript( + Path("scripts/generate_errors.pl"), + [Path("library/error.c")], + None, "tf-psa-crypto/drivers/builtin/include/mbedtls \ + include/mbedtls/ \ + scripts/data_files" + ), + GenerationScript( + Path("scripts/generate_features.pl"), + [Path("library/version_features.c")], + None, "include/mbedtls/ scripts/data_files" + ), + GenerationScript( + Path("framework/scripts/generate_ssl_debug_helpers.py"), + [Path("library/ssl_debug_helpers_generated.c")], + "", None + ), + GenerationScript( + Path("framework/scripts/generate_test_keys.py"), + [Path("tests/include/test/test_keys.h")], + None, "--output" + ), + GenerationScript( + Path("framework/scripts/generate_test_cert_macros.py"), + [Path("tests/include/test/test_certs.h")], + None, "--output" + ), + GenerationScript( + Path("scripts/generate_query_config.pl"), + [Path("programs/test/query_config.c")], + None, "include/mbedtls/mbedtls_config.h \ + tf-psa-crypto/include/psa/crypto_config.h \ + scripts/data_files/query_config.fmt" + ), + GenerationScript( + Path("framework/scripts/generate_config_tests.py"), + get_generation_script_files("framework/scripts/generate_config_tests.py"), + "--directory", None + ), + GenerationScript( + Path("framework/scripts/generate_tls13_compat_tests.py"), + [Path("tests/opt-testcases/tls13-compat.sh")], + None, "--output" + ), + GenerationScript( + Path("framework/scripts/generate_tls_handshake_tests.py"), + [Path("tests/opt-testcases/handshake-generated.sh")], + None, "--output" + ), + GenerationScript( + Path("scripts/generate_config_checks.py"), + get_generation_script_files("scripts/generate_config_checks.py"), + output_dir_option="", + optional=True) +] + +def main() -> int: + if not build_tree.looks_like_mbedtls_root("."): + raise RuntimeError("This script must be run from Mbed TLS.") + + return generated_files.main(GENERATION_SCRIPTS) + +if __name__ == "__main__": + sys.exit(main()) diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 0c5a0b19fd..6a5bc3a1d7 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -19,14 +19,14 @@ component_check_recursion () { component_check_generated_files () { msg "Check make_generated_files.py consistency" $MAKE_COMMAND neat - $FRAMEWORK/scripts/make_generated_files.py - $FRAMEWORK/scripts/make_generated_files.py --check + scripts/make_generated_files.py + scripts/make_generated_files.py --check $MAKE_COMMAND neat msg "Check files generated with make" MBEDTLS_ROOT_DIR="$PWD" $MAKE_COMMAND generated_files - $FRAMEWORK/scripts/make_generated_files.py --check + scripts/make_generated_files.py --check cd $TF_PSA_CRYPTO_ROOT_DIR ./framework/scripts/make_generated_files.py --check @@ -39,7 +39,7 @@ component_check_generated_files () { make cd "$MBEDTLS_ROOT_DIR" - $FRAMEWORK/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR" --check + scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR" --check cd $TF_PSA_CRYPTO_ROOT_DIR ./framework/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR/tf-psa-crypto" --check From 1b5a0b187774926e05db7f2ca7ec0492faf0a0fd Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 20 Jan 2026 16:27:28 +0100 Subject: [PATCH 1364/1548] Add branch specific generate_tls_handshake_tests.py file Signed-off-by: Ronald Cron --- scripts/generate_tls_handshake_tests.py | 17 +++++++++++++++++ scripts/make_generated_files.py | 2 +- tests/CMakeLists.txt | 4 ++-- tests/Makefile | 4 ++-- 4 files changed, 22 insertions(+), 5 deletions(-) create mode 100755 scripts/generate_tls_handshake_tests.py diff --git a/scripts/generate_tls_handshake_tests.py b/scripts/generate_tls_handshake_tests.py new file mode 100755 index 0000000000..30f27b1b37 --- /dev/null +++ b/scripts/generate_tls_handshake_tests.py @@ -0,0 +1,17 @@ +#!/usr/bin/env python3 +""" +Generate miscellaneous TLS test cases relating to the handshake. +""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +import sys + +import framework_scripts_path # pylint: disable=unused-import + +from mbedtls_framework import tls_handshake_tests + +if __name__ == '__main__': + sys.argv[1:1] = ["--no-tls12-client-hello-defragmentation-support"] + tls_handshake_tests.main() diff --git a/scripts/make_generated_files.py b/scripts/make_generated_files.py index 93f93df811..5822f36f03 100755 --- a/scripts/make_generated_files.py +++ b/scripts/make_generated_files.py @@ -60,7 +60,7 @@ None, "--output" ), GenerationScript( - Path("framework/scripts/generate_tls_handshake_tests.py"), + Path("scripts/generate_tls_handshake_tests.py"), [Path("tests/opt-testcases/handshake-generated.sh")], None, "--output" ), diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index d12133d300..04beb498f3 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -58,10 +58,10 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR}/.. COMMAND "${MBEDTLS_PYTHON_EXECUTABLE}" - "${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py" + "${PROJECT_SOURCE_DIR}/scripts/generate_tls_handshake_tests.py" DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/tls_test_case.py - ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py + ${PROJECT_SOURCE_DIR}/framework/scripts/generate_tls_handshake_tests.py ) add_custom_target(handshake-generated.sh DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh) diff --git a/tests/Makefile b/tests/Makefile index 45d12b72de..745a09d240 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -45,9 +45,9 @@ GENERATED_FILES = \ .PHONY: ssl-opt opt-testcases/handshake-generated.sh: ../framework/scripts/mbedtls_framework/tls_test_case.py -opt-testcases/handshake-generated.sh: ../framework/scripts/generate_tls_handshake_tests.py +opt-testcases/handshake-generated.sh: ../scripts/generate_tls_handshake_tests.py echo " Gen $@" - $(PYTHON) ../framework/scripts/generate_tls_handshake_tests.py -o $@ + $(PYTHON) ../scripts/generate_tls_handshake_tests.py -o $@ GENERATED_FILES += opt-testcases/handshake-generated.sh ssl-opt: opt-testcases/handshake-generated.sh From 8ab14401d7ab556430892861ae732f4e93421468 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 29 Jan 2026 16:04:55 +0100 Subject: [PATCH 1365/1548] ssl_server2.c: Flush stdout to improve logs timeliness Signed-off-by: Ronald Cron --- programs/ssl/ssl_server2.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index f4de913ed3..0ae2f79303 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3490,6 +3490,7 @@ int main(int argc, char *argv[]) * 5. Verify the client certificate */ mbedtls_printf(" . Verifying peer X.509 certificate..."); + fflush(stdout); if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) { char vrfy_buf[512]; @@ -3507,6 +3508,7 @@ int main(int argc, char *argv[]) char crt_buf[512]; mbedtls_printf(" . Peer certificate information ...\n"); + fflush(stdout); mbedtls_x509_crt_info(crt_buf, sizeof(crt_buf), " ", mbedtls_ssl_get_peer_cert(&ssl)); mbedtls_printf("%s\n", crt_buf); @@ -3959,6 +3961,7 @@ int main(int argc, char *argv[]) size_t buf_len; mbedtls_printf(" . Serializing live connection..."); + fflush(stdout); ret = mbedtls_ssl_context_save(&ssl, NULL, 0, &buf_len); if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { @@ -3993,6 +3996,7 @@ int main(int argc, char *argv[]) size_t b64_len; mbedtls_printf(" . Save serialized context to a file... "); + fflush(stdout); mbedtls_base64_encode(NULL, 0, &b64_len, context_buf, buf_len); @@ -4041,6 +4045,7 @@ int main(int argc, char *argv[]) if (opt.serialize == 1) { /* nothing to do here, done by context_save() already */ mbedtls_printf(" . Context has been reset... ok\n"); + fflush(stdout); } /* @@ -4053,6 +4058,7 @@ int main(int argc, char *argv[]) */ if (opt.serialize == 2) { mbedtls_printf(" . Freeing and reinitializing context..."); + fflush(stdout); mbedtls_ssl_free(&ssl); @@ -4089,6 +4095,7 @@ int main(int argc, char *argv[]) } mbedtls_printf(" . Deserializing connection..."); + fflush(stdout); if ((ret = mbedtls_ssl_context_load(&ssl, context_buf, buf_len)) != 0) { @@ -4118,6 +4125,7 @@ int main(int argc, char *argv[]) */ close_notify: mbedtls_printf(" . Closing the connection..."); + fflush(stdout); /* No error checking, the connection might be closed already */ do { From 86b7df5591e3ce1c40cefc1d49c368f8405e630b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 3 Feb 2026 09:56:11 +0100 Subject: [PATCH 1366/1548] ssl_tls.c: Rename and expand ssl_tls13_get_hs_msg_name Signed-off-by: Ronald Cron --- library/ssl_debug_helpers.h | 2 ++ library/ssl_tls.c | 16 ++++++++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 6f843404c7..62be3b245d 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -36,6 +36,8 @@ const char *mbedtls_ssl_named_group_to_str(uint16_t in); const char *mbedtls_ssl_get_extension_name(unsigned int extension_type); +const char *mbedtls_ssl_get_hs_msg_name(int hs_msg_type); + void mbedtls_ssl_print_extensions(const mbedtls_ssl_context *ssl, int level, const char *file, int line, int hs_msg_type, uint32_t extensions_mask, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b803c79c8c..24ac3cec4d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -679,7 +679,7 @@ const char *mbedtls_ssl_get_extension_name(unsigned int extension_type) mbedtls_ssl_get_extension_id(extension_type)]; } -static const char *ssl_tls13_get_hs_msg_name(int hs_msg_type) +const char *mbedtls_ssl_get_hs_msg_name(int hs_msg_type) { switch (hs_msg_type) { case MBEDTLS_SSL_HS_CLIENT_HELLO: @@ -694,8 +694,16 @@ static const char *ssl_tls13_get_hs_msg_name(int hs_msg_type) return "EncryptedExtensions"; case MBEDTLS_SSL_HS_CERTIFICATE: return "Certificate"; + case MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE: + return "ServerKeyExchange"; case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: return "CertificateRequest"; + case MBEDTLS_SSL_HS_CERTIFICATE_VERIFY: + return "CertificateVerify"; + case MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE: + return "ClientKeyExchange"; + case MBEDTLS_SSL_HS_FINISHED: + return "Finished"; } return "Unknown"; } @@ -710,7 +718,7 @@ void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl, mbedtls_debug_print_msg( ssl, level, file, line, "%s: %s(%u) extension %s %s.", - ssl_tls13_get_hs_msg_name(hs_msg_type), + mbedtls_ssl_get_hs_msg_name(hs_msg_type), mbedtls_ssl_get_extension_name(extension_type), extension_type, extra_msg0, extra_msg1); @@ -721,7 +729,7 @@ void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl, if (extra_msg) { mbedtls_debug_print_msg( ssl, level, file, line, - "%s: %s(%u) extension %s.", ssl_tls13_get_hs_msg_name(hs_msg_type), + "%s: %s(%u) extension %s.", mbedtls_ssl_get_hs_msg_name(hs_msg_type), mbedtls_ssl_get_extension_name(extension_type), extension_type, extra_msg); return; @@ -729,7 +737,7 @@ void mbedtls_ssl_print_extension(const mbedtls_ssl_context *ssl, mbedtls_debug_print_msg( ssl, level, file, line, - "%s: %s(%u) extension.", ssl_tls13_get_hs_msg_name(hs_msg_type), + "%s: %s(%u) extension.", mbedtls_ssl_get_hs_msg_name(hs_msg_type), mbedtls_ssl_get_extension_name(extension_type), extension_type); } From 7fe38dd9343dca7e404bae1e13b01e3637184e79 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 3 Feb 2026 09:58:21 +0100 Subject: [PATCH 1367/1548] ssl_msg.c: Improve HS message reassembly completed message Signed-off-by: Ronald Cron --- library/ssl_msg.c | 5 ++++- tests/ssl-opt.sh | 27 ++++++++++++++------------- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 8d04162414..66790bbf1b 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -18,6 +18,7 @@ #include "mbedtls/ssl.h" #include "debug_internal.h" +#include "ssl_debug_helpers.h" #include "mbedtls/error.h" #include "mbedtls/platform_util.h" #include "mbedtls/version.h" @@ -4157,7 +4158,9 @@ static int ssl_load_buffered_message(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message has been buffered - load")); + MBEDTLS_SSL_DEBUG_MSG(2, ("%s handshake message has been buffered%s", + mbedtls_ssl_get_hs_msg_name(hs_buf->data[0]), + hs_buf->is_fragmented ? " and reassembled" : "")); MBEDTLS_SSL_DEBUG_BUF(3, "Buffered handshake message (incl. header)", hs_buf->data, msg_len + 12); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ab727e6a48..6ca200b52c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11496,9 +11496,9 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ hs_timeout=2500-60000" \ 0 \ -c "Buffering HS message" \ - -c "Next handshake message has been buffered - load"\ + -c "Certificate handshake message has been buffered$"\ -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ + -S "handshake message has been buffered"\ -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ -S "Injecting buffered CCS message" \ @@ -11516,9 +11516,9 @@ run_test "DTLS reordering: Buffer out-of-order handshake message fragment on -c "Buffering HS message" \ -c "found fragmented DTLS handshake message"\ -c "Next handshake message 1 not or only partially buffered" \ - -c "Next handshake message has been buffered - load"\ + -c "Certificate handshake message has been buffered and reassembled"\ -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ + -S "handshake message has been buffered" \ -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ -S "Injecting buffered CCS message" \ @@ -11539,10 +11539,11 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex hs_timeout=2500-60000" \ 0 \ -c "Buffering HS message" \ - -c "Next handshake message has been buffered - load"\ + -c "Certificate handshake message has been buffered and reassembled"\ + -c "ServerKeyExchange handshake message has been buffered$"\ -C "attempt to make space by freeing buffered messages" \ -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ + -S "handshake message has been buffered" \ -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ -S "Injecting buffered CCS message" \ @@ -11566,7 +11567,7 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex -c "attempt to make space by freeing buffered future messages" \ -c "Enough space available after freeing buffered HS messages" \ -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load"\ + -S "handshake message has been buffered" \ -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ -S "Injecting buffered CCS message" \ @@ -11582,9 +11583,9 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ hs_timeout=2500-60000" \ 0 \ -C "Buffering HS message" \ - -C "Next handshake message has been buffered - load"\ + -C "handshake message has been buffered" \ -s "Buffering HS message" \ - -s "Next handshake message has been buffered - load" \ + -s "ClientKeyExchange handshake message has been buffered$" \ -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ -S "Injecting buffered CCS message" \ @@ -11601,9 +11602,9 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ hs_timeout=2500-60000" \ 0 \ -C "Buffering HS message" \ - -C "Next handshake message has been buffered - load"\ + -C "handshake message has been buffered" \ -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load" \ + -S "handshake message has been buffered" \ -c "Injecting buffered CCS message" \ -c "Remember CCS message" \ -S "Injecting buffered CCS message" \ @@ -11619,9 +11620,9 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ hs_timeout=2500-60000" \ 0 \ -C "Buffering HS message" \ - -C "Next handshake message has been buffered - load"\ + -C "handshake message has been buffered" \ -S "Buffering HS message" \ - -S "Next handshake message has been buffered - load" \ + -S "handshake message has been buffered" \ -C "Injecting buffered CCS message" \ -C "Remember CCS message" \ -s "Injecting buffered CCS message" \ From 8f0240c35074639d0c4ab1eae0e659b39537716d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 14 Jan 2026 16:24:01 +0100 Subject: [PATCH 1368/1548] ssl-opt.sh: Remove CH reassembly unsupported test We are about to have full support for TLS 1.2 CH reassembly on server side. The equivalent positive test would be a duplicate of one of the tests generated by generate_tls_handshake_tests.py. Thus just removing the negative test. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6ca200b52c..98ef8a442f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13767,16 +13767,6 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth # Most test cases are in opt-testcases/handshake-generated.sh -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_certificate_authentication -run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello (unsupported)" \ - "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \ - "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ - 1 \ - -s "The SSL configuration is tls12 only" \ - -s "bad client hello message" \ - -s "SSL - A message could not be parsed due to a syntactic error" - # Test server-side buffer resizing with fragmented handshake on TLS1.2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH From cad9c8ae715dd33165d1941c39a01ed49240effe Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 3 Feb 2026 11:19:52 +0100 Subject: [PATCH 1369/1548] ssl-opt.sh: Remove DTLS reassembly redundant test Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 98ef8a442f..732608fe72 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9973,15 +9973,7 @@ run_test "DTLS reassembly: no fragmentation (openssl server)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: some fragmentation (openssl server)" \ - "$O_SRV -dtls -mtu 256" \ - "$P_CLI dtls=1 debug_level=2" \ - 0 \ - -c "found fragmented DTLS handshake message" \ - -C "error" - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS reassembly: more fragmentation (openssl server)" \ +run_test "DTLS reassembly: fragmentation (openssl server)" \ "$O_SRV -dtls -mtu 256" \ "$P_CLI dtls=1 debug_level=2" \ 0 \ From addf640a3b3cdf1820fa90b2a7e6fa7916f151bb Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 3 Feb 2026 11:18:20 +0100 Subject: [PATCH 1370/1548] ssl-opt.sh: Improve DTLS reassembly tests Improve DTLS reassembly tests with OpenSSL and GnuTLS server. Check that some messages have been reassembled. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 732608fe72..08f0762911 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9914,6 +9914,7 @@ run_test "DTLS reassembly: some fragmentation (gnutls server)" \ "$P_CLI dtls=1 debug_level=2" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ -C "error" requires_gnutls @@ -9923,6 +9924,8 @@ run_test "DTLS reassembly: more fragmentation (gnutls server)" \ "$P_CLI dtls=1 debug_level=2" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ + -c "ServerKeyExchange handshake message has been buffered and reassembled" \ -C "error" requires_gnutls @@ -9932,6 +9935,8 @@ run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ + -c "ServerKeyExchange handshake message has been buffered and reassembled" \ -C "error" requires_gnutls @@ -9942,6 +9947,7 @@ run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ -c "client hello, adding renegotiation extension" \ -c "found renegotiation extension" \ -c "=> renegotiate" \ @@ -9957,6 +9963,7 @@ run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ -c "client hello, adding renegotiation extension" \ -c "found renegotiation extension" \ -c "=> renegotiate" \ @@ -9972,12 +9979,17 @@ run_test "DTLS reassembly: no fragmentation (openssl server)" \ -C "found fragmented DTLS handshake message" \ -C "error" +# Minimum possible MTU for OpenSSL server: 256 bytes. +# We expect the server Certificate handshake to be fragmented and verify that +# this is the case. Depending on the configuration, other handshake messages may +# also be fragmented. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: fragmentation (openssl server)" \ "$O_SRV -dtls -mtu 256" \ "$P_CLI dtls=1 debug_level=2" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9986,6 +9998,7 @@ run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \ 0 \ -c "found fragmented DTLS handshake message" \ + -c "Certificate handshake message has been buffered and reassembled" \ -C "error" # Tests for sending fragmented handshake messages with DTLS From b952ba09d66d7d000cefae958454d52644523d9b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 3 Feb 2026 14:50:25 +0100 Subject: [PATCH 1371/1548] ssl-opt.sh: Improve DTLS proxy 3d tests Improve DTLS proxy 3d tests with OpenSSL and GnuTLS servers. Have a better control of which message is fragmented and verify it is the case. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 08f0762911..4b5d60f51a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11863,10 +11863,11 @@ not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, openssl server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ - "$O_NEXT_SRV -dtls1_2 -mtu 768" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ + "$O_NEXT_SRV -dtls1_2 -mtu 256" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 tickets=0" \ 0 \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "Certificate handshake message has been buffered and reassembled" requires_openssl_next client_needs_more_time 8 @@ -11874,10 +11875,11 @@ not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ - "$O_NEXT_SRV -dtls1_2 -mtu 768" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \ + "$O_NEXT_SRV -dtls1_2 -mtu 256" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2 tickets=0" \ 0 \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "Certificate handshake message has been buffered and reassembled" requires_gnutls client_needs_more_time 6 @@ -11898,10 +11900,11 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_NEXT_SRV -u --mtu 512" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000" \ 0 \ -s "Extra-header:" \ - -c "Extra-header:" + -c "Extra-header:" \ + -c "Certificate handshake message has been buffered and reassembled" requires_gnutls_next client_needs_more_time 8 @@ -11910,10 +11913,11 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_NEXT_SRV -u --mtu 512" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2" \ 0 \ -s "Extra-header:" \ - -c "Extra-header:" + -c "Extra-header:" \ + -c "Certificate handshake message has been buffered and reassembled" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "export keys functionality" \ From 4f0741498ca05b66ad3d0f29ec22812ac4c7b0ae Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 3 Feb 2026 17:31:12 +0100 Subject: [PATCH 1372/1548] ssl_msg.c: Improve handshake message fragmenting message Signed-off-by: Ronald Cron --- library/ssl_msg.c | 3 ++- tests/ssl-opt.sh | 18 +++++++++--------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 66790bbf1b..d159f8fd33 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2326,7 +2326,8 @@ int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl) max_hs_frag_len : rem_len; if (frag_off == 0 && cur_hs_frag_len != hs_len) { - MBEDTLS_SSL_DEBUG_MSG(2, ("fragmenting handshake message (%u > %u)", + MBEDTLS_SSL_DEBUG_MSG(2, ("fragmenting %s handshake message (%u > %u)", + mbedtls_ssl_get_hs_msg_name(cur->p[0]), (unsigned) cur_hs_frag_len, (unsigned) max_hs_frag_len)); } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4b5d60f51a..2b83239efc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10662,12 +10662,12 @@ requires_gnutls requires_max_content_len 2048 run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ "$G_SRV -u" \ - "$P_CLI dtls=1 debug_level=2 \ + "$P_CLI dtls=1 debug_level=5 \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ key_file=$DATA_FILES_PATH/server8.key \ mtu=512 force_version=dtls12" \ 0 \ - -c "fragmenting handshake message" \ + -c "fragmenting Certificate handshake message" \ -C "error" # We use --insecure for the GnuTLS client because it expects @@ -10689,7 +10689,7 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ mtu=512 force_version=dtls12" \ "$G_CLI -u --insecure 127.0.0.1" \ 0 \ - -s "fragmenting handshake message" + -s "fragmenting Certificate handshake message" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC @@ -10701,7 +10701,7 @@ run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ key_file=$DATA_FILES_PATH/server8.key \ mtu=512 force_version=dtls12" \ 0 \ - -c "fragmenting handshake message" \ + -c "fragmenting Certificate handshake message" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS @@ -10714,7 +10714,7 @@ run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ mtu=512 force_version=dtls12" \ "$O_CLI -dtls1_2" \ 0 \ - -s "fragmenting handshake message" + -s "fragmenting Certificate handshake message" # interop tests for DTLS fragmentating with unreliable connection # @@ -10733,7 +10733,7 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 0 \ - -c "fragmenting handshake message" \ + -c "fragmenting Certificate handshake message" \ -C "error" requires_gnutls_next @@ -10749,7 +10749,7 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \ "$G_NEXT_CLI -u --insecure 127.0.0.1" \ 0 \ - -s "fragmenting handshake message" + -s "fragmenting Certificate handshake message" ## The test below requires 1.1.1a or higher version of openssl, otherwise ## it might trigger a bug due to openssl server (https://github.com/openssl/openssl/issues/6902) @@ -10766,7 +10766,7 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 0 \ - -c "fragmenting handshake message" \ + -c "fragmenting Certificate handshake message" \ -C "error" ## the test below will time out with certain seed. @@ -10784,7 +10784,7 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ hs_timeout=250-60000 mtu=512 force_version=dtls12" \ "$O_CLI -dtls1_2" \ 0 \ - -s "fragmenting handshake message" + -s "fragmenting Certificate handshake message" # Tests for DTLS-SRTP (RFC 5764) requires_config_enabled MBEDTLS_SSL_DTLS_SRTP From 076ddc3ac76b0aab138a0ea2134fc89e6fcedc50 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 13 Feb 2026 10:05:02 +0100 Subject: [PATCH 1373/1548] tests: cmake: Fix dependency on generate_tls_handshake_tests.py Signed-off-by: Ronald Cron --- tests/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 04beb498f3..ec625234dc 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -61,7 +61,7 @@ if(GEN_FILES) "${PROJECT_SOURCE_DIR}/scripts/generate_tls_handshake_tests.py" DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/tls_test_case.py - ${PROJECT_SOURCE_DIR}/framework/scripts/generate_tls_handshake_tests.py + ${PROJECT_SOURCE_DIR}/scripts/generate_tls_handshake_tests.py ) add_custom_target(handshake-generated.sh DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh) From 73be048c8a53af0761ef1386459f0e10be36ccc9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 13 Feb 2026 10:06:53 +0100 Subject: [PATCH 1374/1548] ssl-opt.sh: Revert leftover debug level increase Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2b83239efc..9b5987188f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10662,7 +10662,7 @@ requires_gnutls requires_max_content_len 2048 run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ "$G_SRV -u" \ - "$P_CLI dtls=1 debug_level=5 \ + "$P_CLI dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ key_file=$DATA_FILES_PATH/server8.key \ mtu=512 force_version=dtls12" \ From 86eac795c9b42874b7df89a8931f18f00754252f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Feb 2026 16:26:18 +0100 Subject: [PATCH 1375/1548] Have MBEDTLS_TIMING_C require MBEDTLS_HAVE_TIME Nowadays, the timing module just builds on a function that provides a timer with millisecond resolution. In terms of platform requirements, this is almost exactly equivalent to `mbedtls_ms_time()` provides (`mbedtls_ms_time()` is arguably a little stronger because it is supposed to last longer than a single timer object, but an application could start a timer when it starts, so there's no real difference.) So it's a bit silly that `timing.c` essentially reimplements this. Rely on `mbedtls_ms_time()` instead. This is an API break because in Mbed TLS 4.0, it was possible to enable `MBEDTLS_TIMING_C` without `MBEDTLS_HAVE_TIME`. However, `timing.c` only provided an implementation for Windows and Unix-like platforms, and on those platforms, it is very likely that the default implementation of `MBEDTLS_HAVE_TIME` would also work. (The main exception would be a platform that has the traditional Unix function `gettimeofday()`, but not the 1990s novelty `clock_gettime()`.) So make this an official requirement, as a belated change that really should have gone into 4.0 if we'd taken the time to dig into it. Signed-off-by: Gilles Peskine --- ChangeLog.d/timing.txt | 5 +++++ configs/config-ccm-psk-dtls1_2.h | 2 +- configs/config-symmetric-only.h | 2 +- configs/crypto-config-ccm-psk-tls1_2.h | 3 ++- configs/crypto-config-thread.h | 1 + include/mbedtls/mbedtls_config.h | 17 ++--------------- library/mbedtls_check_config.h | 5 +++++ 7 files changed, 17 insertions(+), 18 deletions(-) create mode 100644 ChangeLog.d/timing.txt diff --git a/ChangeLog.d/timing.txt b/ChangeLog.d/timing.txt new file mode 100644 index 0000000000..f7d9f1a42b --- /dev/null +++ b/ChangeLog.d/timing.txt @@ -0,0 +1,5 @@ +API changes + * MBEDTLS_TIMING_C now requires MBEDTLS_HAVE_TIME to be enabled in the + TF-PSA-Crypto configuration, unless MBEDTLS_TIMING_ALT is enabled. + As a benefit, platforms where the default implementation is not + supported now only need to implement MBEDTLS_PLATFORM_MS_TIME_ALT. diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h index 6712c331b0..8aaa884b4a 100644 --- a/configs/config-ccm-psk-dtls1_2.h +++ b/configs/config-ccm-psk-dtls1_2.h @@ -29,7 +29,7 @@ #define MBEDTLS_SSL_COOKIE_C #define MBEDTLS_SSL_SRV_C #define MBEDTLS_SSL_TLS_C -#define MBEDTLS_TIMING_C +#define MBEDTLS_TIMING_C //Only used by test programs /* TLS protocol feature support */ #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h index 606f4a1bf5..5199489c21 100644 --- a/configs/config-symmetric-only.h +++ b/configs/config-symmetric-only.h @@ -12,5 +12,5 @@ #define MBEDTLS_ERROR_STRERROR_DUMMY #define MBEDTLS_VERSION_FEATURES -#define MBEDTLS_TIMING_C +#define MBEDTLS_TIMING_C //Only for benchmarking #define MBEDTLS_VERSION_C diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h index c2dabc28e8..817835e33e 100644 --- a/configs/crypto-config-ccm-psk-tls1_2.h +++ b/configs/crypto-config-ccm-psk-tls1_2.h @@ -26,7 +26,8 @@ #define MBEDTLS_PSA_CRYPTO_C /* System support */ -//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ +/* Optionally used in Hello messages. Needed for DTLS testing. */ +#define MBEDTLS_HAVE_TIME /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ #define MBEDTLS_CTR_DRBG_C diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h index 1b2621cf58..5e0df736e9 100644 --- a/configs/crypto-config-thread.h +++ b/configs/crypto-config-thread.h @@ -48,6 +48,7 @@ /* System support */ #define MBEDTLS_HAVE_ASM +#define MBEDTLS_HAVE_TIME //Only used by test programs #define MBEDTLS_AES_ROM_TABLES #define MBEDTLS_ECP_NIST_OPTIM diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index ad843c70c3..a38b61c147 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -63,22 +63,9 @@ /** * \def MBEDTLS_TIMING_C * - * Enable the semi-portable timing interface. + * Enable a timer interface used by some sample and test programs. * - * \note The provided implementation only works on POSIX/Unix (including Linux, - * BSD and OS X) and Windows. On other platforms, you can either disable that - * module and provide your own implementations of the callbacks needed by - * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide - * your own implementation of the whole module by setting - * \c MBEDTLS_TIMING_ALT in the current file. - * - * \note The timing module will include time.h on suitable platforms - * regardless of the setting of MBEDTLS_HAVE_TIME, unless - * MBEDTLS_TIMING_ALT is used. See timing.c for more information. - * - * \note See also our Knowledge Base article about porting to a new - * environment: - * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS + * Requires: MBEDTLS_HAVE_TIME or MBEDTLS_TIMING_ALT * * Module: library/timing.c */ diff --git a/library/mbedtls_check_config.h b/library/mbedtls_check_config.h index 855e4e3674..f92c79c0da 100644 --- a/library/mbedtls_check_config.h +++ b/library/mbedtls_check_config.h @@ -363,5 +363,10 @@ #error "MBEDTLS_PKCS7_C is defined, but not all prerequisites" #endif +#if defined(MBEDTLS_TIMING_C) && \ + !(defined(MBEDTLS_HAVE_TIME) || defined(MBEDTLS_TIMING_ALT)) +#error "MBEDTLS_TIMING_C requires either MBEDTLS_HAVE_TIME or MBEDTLS_TIMING_ALT" +#endif + /* *INDENT-ON* */ #endif /* MBEDTLS_CHECK_CONFIG_H */ From 137b5b776dbfb8dd1df8eeeb0bb88b8d2d344b33 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 18 Feb 2026 22:50:07 +0100 Subject: [PATCH 1376/1548] Simplify MBEDTLS_TIMING_C to use mbedtls_ms_time() Don't ship two slightly different wheels. This reduces our platform adherence by using only `clock_gettime()` in the library and not `gettimeofday()` as well. Signed-off-by: Gilles Peskine --- include/mbedtls/timing.h | 4 +- library/timing.c | 84 ++-------------------------------------- 2 files changed, 6 insertions(+), 82 deletions(-) diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 62ae1022d9..6b7848c268 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -23,11 +23,13 @@ extern "C" { // Regular implementation // +#include + /** * \brief timer structure */ struct mbedtls_timing_hr_time { - uint64_t MBEDTLS_PRIVATE(opaque)[4]; + mbedtls_ms_time_t MBEDTLS_PRIVATE(ms); }; /** diff --git a/library/timing.c b/library/timing.c index 1ed88639ef..45a3ae1575 100644 --- a/library/timing.c +++ b/library/timing.c @@ -13,95 +13,17 @@ #if !defined(MBEDTLS_TIMING_ALT) -#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ - !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \ - !defined(__HAIKU__) && !defined(__midipix__) -#error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in mbedtls_config.h" -#endif - -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - -#include -#include - -struct _hr_time { - LARGE_INTEGER start; -}; - -#else - -#include -#include -#include -/* time.h should be included independently of MBEDTLS_HAVE_TIME. If the - * platform matches the ifdefs above, it will be used. */ -#include -#include -struct _hr_time { - struct timeval start; -}; -#endif /* _WIN32 && !EFIX64 && !EFI32 */ - -/** - * \brief Return the elapsed time in milliseconds - * - * \warning May change without notice - * - * \param val points to a timer structure - * \param reset If 0, query the elapsed time. Otherwise (re)start the timer. - * - * \return Elapsed time since the previous reset in ms. When - * restarting, this is always 0. - * - * \note To initialize a timer, call this function with reset=1. - * - * Determining the elapsed time and resetting the timer is not - * atomic on all platforms, so after the sequence - * `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 = - * get_timer(0) }` the value time1+time2 is only approximately - * the delay since the first reset. - */ -#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset) { - struct _hr_time *t = (struct _hr_time *) val; - - if (reset) { - QueryPerformanceCounter(&t->start); - return 0; - } else { - unsigned long delta; - LARGE_INTEGER now, hfreq; - QueryPerformanceCounter(&now); - QueryPerformanceFrequency(&hfreq); - delta = (unsigned long) ((now.QuadPart - t->start.QuadPart) * 1000ul - / hfreq.QuadPart); - return delta; - } -} - -#else /* _WIN32 && !EFIX64 && !EFI32 */ - -unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset) -{ - struct _hr_time *t = (struct _hr_time *) val; - if (reset) { - gettimeofday(&t->start, NULL); + val->ms = mbedtls_ms_time(); return 0; } else { - unsigned long delta; - struct timeval now; - gettimeofday(&now, NULL); - delta = (now.tv_sec - t->start.tv_sec) * 1000ul - + (now.tv_usec - t->start.tv_usec) / 1000; - return delta; + mbedtls_ms_time_t now = mbedtls_ms_time(); + return now - val->ms; } } -#endif /* _WIN32 && !EFIX64 && !EFI32 */ - /* * Set delays to watch */ From 7ea318246c0bd68f959ff74d4e0fab71fdbfbd83 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Feb 2026 12:30:00 +0100 Subject: [PATCH 1377/1548] Fix build error when MBEDTLS_TIMING_C and MBEDTLS_HAVE_TIME are both disabled Signed-off-by: Gilles Peskine --- include/mbedtls/timing.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 6b7848c268..01364dd0ba 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -29,7 +29,14 @@ extern "C" { * \brief timer structure */ struct mbedtls_timing_hr_time { - mbedtls_ms_time_t MBEDTLS_PRIVATE(ms); +#if defined(MBEDTLS_HAVE_TIME) + mbedtls_ms_time_t ms; +#else + /* Without MBEDTLS_HAVE_TIME, we expose the type definitions and + * function declarations, but they can't be implemented. We do + * need to write something here. */ + unsigned MBEDTLS_PRIVATE(unused); +#endif }; /** From 5890b22b828cfb3f76060691d31e492a174f32e3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Feb 2026 14:16:42 +0100 Subject: [PATCH 1378/1548] Fix a build error with MSVC Also fixes a minor bug on Windows with timers running over ~49 days. Signed-off-by: Gilles Peskine --- ChangeLog.d/timing.txt | 8 ++++++++ include/mbedtls/timing.h | 2 +- library/timing.c | 4 ++-- programs/test/udp_proxy.c | 4 +++- programs/x509/load_roots.c | 4 ++-- 5 files changed, 16 insertions(+), 6 deletions(-) diff --git a/ChangeLog.d/timing.txt b/ChangeLog.d/timing.txt index f7d9f1a42b..96f4feb0e4 100644 --- a/ChangeLog.d/timing.txt +++ b/ChangeLog.d/timing.txt @@ -3,3 +3,11 @@ API changes TF-PSA-Crypto configuration, unless MBEDTLS_TIMING_ALT is enabled. As a benefit, platforms where the default implementation is not supported now only need to implement MBEDTLS_PLATFORM_MS_TIME_ALT. + * When MBEDTLS_TIMING_ALT is enabled, the function + mbedtls_timing_get_timer() now returns unsigned long long instead + of unsigned long. + +Bugfix + * mbedtls_timing_get_delay() now correctly treats a timer as expired + after more than 2^32 ms (about 49 days) on platforms where long is + a 32-bit type. diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 01364dd0ba..7a2eb938de 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -53,7 +53,7 @@ typedef struct mbedtls_timing_delay_context { #endif /* MBEDTLS_TIMING_ALT */ /* Internal use */ -unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset); +unsigned long long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset); /** * \brief Set a pair of delays to watch diff --git a/library/timing.c b/library/timing.c index 45a3ae1575..6273f44c00 100644 --- a/library/timing.c +++ b/library/timing.c @@ -13,7 +13,7 @@ #if !defined(MBEDTLS_TIMING_ALT) -unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset) +unsigned long long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset) { if (reset) { val->ms = mbedtls_ms_time(); @@ -45,7 +45,7 @@ void mbedtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms) int mbedtls_timing_get_delay(void *data) { mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data; - unsigned long elapsed_ms; + unsigned long long elapsed_ms; if (ctx->fin_ms == 0) { return -1; diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 81de042a50..eab15feb38 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -360,7 +360,9 @@ static unsigned elapsed_time(void) return 0; } - return mbedtls_timing_get_timer(&hires, 0); + /* Wraps after ~49.7 days (assuming 32-bit int). + * Don't run udp_proxy that long! */ + return (unsigned) mbedtls_timing_get_timer(&hires, 0); } typedef struct { diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index 0222d0f795..8fdccdd6ab 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -82,7 +82,7 @@ int main(int argc, char *argv[]) int exit_code = MBEDTLS_EXIT_FAILURE; unsigned i, j; struct mbedtls_timing_hr_time timer; - unsigned long ms; + unsigned long long ms; psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -151,7 +151,7 @@ int main(int argc, char *argv[]) mbedtls_printf("."); } ms = mbedtls_timing_get_timer(&timer, 0); - mbedtls_printf("\n%u iterations -> %lu ms\n", opt.iterations, ms); + mbedtls_printf("\n%u iterations -> %llu ms\n", opt.iterations, ms); exit_code = MBEDTLS_EXIT_SUCCESS; exit: From e2b04b68473d020b392d268df42e75cbbfafc4da Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Feb 2026 14:55:25 +0100 Subject: [PATCH 1379/1548] Don't use printf("%llu") We can't easily printf a `long long` on MingW yet, pending the work on https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/675 for which this is an early stage. A `long` is enough here anyway. Signed-off-by: Gilles Peskine --- programs/x509/load_roots.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index 8fdccdd6ab..215d9453e2 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -82,7 +82,7 @@ int main(int argc, char *argv[]) int exit_code = MBEDTLS_EXIT_FAILURE; unsigned i, j; struct mbedtls_timing_hr_time timer; - unsigned long long ms; + unsigned long ms; psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -150,8 +150,10 @@ int main(int argc, char *argv[]) } mbedtls_printf("."); } - ms = mbedtls_timing_get_timer(&timer, 0); - mbedtls_printf("\n%u iterations -> %llu ms\n", opt.iterations, ms); + /* On 64-bit Windows and 32-bit platforms, this wraps after about + * 49.7 days. This shouldn't be a problem in practice. */ + ms = (unsigned long) mbedtls_timing_get_timer(&timer, 0); + mbedtls_printf("\n%u iterations -> %lu ms\n", opt.iterations, ms); exit_code = MBEDTLS_EXIT_SUCCESS; exit: From ed642cab9e6ee5891ab88bc34651194c4ab016c7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Feb 2026 17:24:34 +0100 Subject: [PATCH 1380/1548] Fix inclusion of when MBEDTLS_HAVE_TIME is disabled Signed-off-by: Gilles Peskine --- include/mbedtls/timing.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 7a2eb938de..8c15df58e8 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -23,7 +23,9 @@ extern "C" { // Regular implementation // +#if defined(MBEDTLS_HAVE_TIME) #include +#endif /** * \brief timer structure From d507b4668464a996f04c5a22545274aabbbb262d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 19 Feb 2026 13:23:23 +0000 Subject: [PATCH 1381/1548] Remove DriverVsReference tasks from analyze_outcomes.py Signed-off-by: Ben Taylor --- tests/scripts/analyze_outcomes.py | 456 +----------------------------- 1 file changed, 1 insertion(+), 455 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 42464a845e..29c41beba2 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -218,463 +218,9 @@ def _has_word_re(words: typing.Iterable[str], ], } - -# The names that we give to classes derived from DriverVSReference do not -# follow the usual naming convention, because it's more readable to use -# underscores and parts of the configuration names. Also, these classes -# are just there to specify some data, so they don't need repetitive -# documentation. -#pylint: disable=invalid-name,missing-class-docstring - -class DriverVSReference_hash(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_hash_use_psa' - DRIVER = 'test_psa_crypto_config_accel_hash_use_psa' - IGNORED_SUITES = [ - # the software implementations that are being excluded - 'mdx', 'sha1', 'sha256', 'sha3', 'sha512', 'shax', - 'md.psa', # purposefully depends on whether drivers are present - 'psa_crypto_low_hash.generated', # testing the builtins - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - } - -class DriverVSReference_hmac(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_hmac' - DRIVER = 'test_psa_crypto_config_accel_hmac' - IGNORED_SUITES = [ - # These suites require legacy hash support, which is disabled - # in the accelerated component. - 'mdx', 'sha1', 'sha256', 'sha3', 'sha512', 'shax', - # This suite tests builtins directly, but these are missing - # in the accelerated case. - 'psa_crypto_low_hash.generated', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'), - re.compile(r'.*\bMBEDTLS_MD_C\b') - ], - 'test_suite_md': [ - # Builtin HMAC is not supported in the accelerate component. - re.compile('.*HMAC.*'), - # Following tests make use of functions which are not available - # when MD_C is disabled, as it happens in the accelerated - # test component. - re.compile('generic .* Hash file .*'), - 'MD list', - ], - 'test_suite_md.psa': [ - # "legacy only" tests require hash algorithms to be NOT - # accelerated, but this of course false for the accelerated - # test component. - re.compile('PSA dispatch .* legacy only'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - } - -class DriverVSReference_cipher_aead_cmac(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_cipher_aead_cmac' - DRIVER = 'test_psa_crypto_config_accel_cipher_aead_cmac' - # Modules replaced by drivers. - IGNORED_SUITES = [ - # low-level (block/stream) cipher modules - 'aes', 'aria', 'camellia', 'des', 'chacha20', - # AEAD modes, CMAC and POLY1305 - 'ccm', 'chachapoly', 'cmac', 'gcm', 'poly1305', - # The Cipher abstraction layer - 'cipher', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA|CHACHA20|DES)_.*'), - re.compile(r'.*\bMBEDTLS_(CCM|CHACHAPOLY|CMAC|GCM|POLY1305)_.*'), - re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'), - re.compile(r'.*\bMBEDTLS_CIPHER_.*'), - ], - # PEM decryption is not supported so far. - # The rest of PEM (write, unencrypted read) works though. - 'test_suite_pem': [ - re.compile(r'PEM read .*(AES|DES|\bencrypt).*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # Following tests depend on AES_C/DES_C but are not about - # them really, just need to know some error code is there. - 'test_suite_error': [ - 'Low and high error', - 'Single low error' - ], - # The en/decryption part of PKCS#12 is not supported so far. - # The rest of PKCS#12 (key derivation) works though. - 'test_suite_pkcs12': [ - re.compile(r'PBE Encrypt, .*'), - re.compile(r'PBE Decrypt, .*'), - ], - # The en/decryption part of PKCS#5 is not supported so far. - # The rest of PKCS#5 (PBKDF2) works though. - 'test_suite_pkcs5': [ - re.compile(r'PBES2 Encrypt, .*'), - re.compile(r'PBES2 Decrypt .*'), - ], - # Encrypted keys are not supported so far. - # pylint: disable=line-too-long - 'test_suite_pkparse': [ - 'Key ASN1 (Encrypted key PKCS12, trailing garbage data)', - 'Key ASN1 (Encrypted key PKCS5, trailing garbage data)', - re.compile(r'Parse (RSA|EC) Key .*\(.* ([Ee]ncrypted|password).*\)'), - ], - # Encrypted keys are not supported so far. - 'ssl-opt': [ - 'TLS: password protected server key', - 'TLS: password protected client key', - 'TLS: password protected server key, two certificates', - ], - } - -class DriverVSReference_ecp_light_only(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ecc_ecp_light_only' - DRIVER = 'test_psa_crypto_config_accel_ecc_ecp_light_only' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'ecdsa', 'ecdh', 'ecjpake', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # This test wants a legacy function that takes f_rng, p_rng - # arguments, and uses legacy ECDSA for that. The test is - # really about the wrapper around the PSA RNG, not ECDSA. - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - # In the accelerated test ECP_C is not set (only ECP_LIGHT is) - # so we must ignore disparities in the tests for which ECP_C - # is required. - 'test_suite_ecp': [ - re.compile(r'ECP check public-private .*'), - re.compile(r'ECP calculate public: .*'), - re.compile(r'ECP gen keypair .*'), - re.compile(r'ECP point muladd .*'), - re.compile(r'ECP point multiplication .*'), - re.compile(r'ECP test vectors .*'), - ], - } - -class DriverVSReference_no_ecp_at_all(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ecc_no_ecp_at_all' - DRIVER = 'test_psa_crypto_config_accel_ecc_no_ecp_at_all' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'ecp', 'ecdsa', 'ecdh', 'ecjpake', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), - re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # See ecp_light_only - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - 'test_suite_pkparse': [ - # When PK_PARSE_C and ECP_C are defined then PK_PARSE_EC_COMPRESSED - # is automatically enabled in build_info.h (backward compatibility) - # even if it is disabled in config_psa_crypto_no_ecp_at_all(). As a - # consequence compressed points are supported in the reference - # component but not in the accelerated one, so they should be skipped - # while checking driver's coverage. - re.compile(r'Parse EC Key .*compressed\)'), - re.compile(r'Parse Public EC Key .*compressed\)'), - ], - } - -class DriverVSReference_ecc_no_bignum(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ecc_no_bignum' - DRIVER = 'test_psa_crypto_config_accel_ecc_no_bignum' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'ecp', 'ecdsa', 'ecdh', 'ecjpake', - 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw', - 'bignum.generated', 'bignum.misc', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'), - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), - re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # See ecp_light_only - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - # See no_ecp_at_all - 'test_suite_pkparse': [ - re.compile(r'Parse EC Key .*compressed\)'), - re.compile(r'Parse Public EC Key .*compressed\)'), - ], - 'test_suite_asn1parse': [ - 'INTEGER too large for mpi', - ], - 'test_suite_asn1write': [ - re.compile(r'ASN.1 Write mpi.*'), - ], - 'test_suite_debug': [ - re.compile(r'Debug print mbedtls_mpi.*'), - ], - } - -class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ecc_ffdh_no_bignum' - DRIVER = 'test_psa_crypto_config_accel_ecc_ffdh_no_bignum' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'ecp', 'ecdsa', 'ecdh', 'ecjpake', - 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw', - 'bignum.generated', 'bignum.misc', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'), - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), - re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'), - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # See ecp_light_only - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - # See no_ecp_at_all - 'test_suite_pkparse': [ - re.compile(r'Parse EC Key .*compressed\)'), - re.compile(r'Parse Public EC Key .*compressed\)'), - ], - 'test_suite_asn1parse': [ - 'INTEGER too large for mpi', - ], - 'test_suite_asn1write': [ - re.compile(r'ASN.1 Write mpi.*'), - ], - 'test_suite_debug': [ - re.compile(r'Debug print mbedtls_mpi.*'), - ], - } - -class DriverVSReference_ffdh_alg(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_ffdh' - DRIVER = 'test_psa_crypto_config_accel_ffdh' - IGNORED_TESTS = { - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - } - -class DriverVSReference_tfm_config(outcome_analysis.DriverVSReference): - REFERENCE = 'test_tfm_config_no_p256m' - DRIVER = 'test_tfm_config_p256m_driver_accel_ec' - IGNORED_SUITES = [ - # Modules replaced by drivers - 'asn1parse', 'asn1write', - 'ecp', 'ecdsa', 'ecdh', 'ecjpake', - 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw', - 'bignum.generated', 'bignum.misc', - # Unit tests for the built-in implementation - 'psa_crypto_ecp', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'), - re.compile(r'.*\bMBEDTLS_(ASN1\w+)_C\b.*'), - re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECP)_.*'), - re.compile(r'.*\bMBEDTLS_PSA_P256M_DRIVER_ENABLED\b.*') - ], - 'test_suite_config.crypto_combinations': [ - 'Config: ECC: Weierstrass curves only', - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # See ecp_light_only - 'test_suite_random': [ - 'PSA classic wrapper: ECDSA signature (SECP256R1)', - ], - } - -class DriverVSReference_rsa(outcome_analysis.DriverVSReference): - REFERENCE = 'test_psa_crypto_config_reference_rsa_crypto' - DRIVER = 'test_psa_crypto_config_accel_rsa_crypto' - IGNORED_SUITES = [ - # Modules replaced by drivers. - 'rsa', 'pkcs1_v15', 'pkcs1_v21', - # We temporarily don't care about PK stuff. - 'pk', 'pkwrite', 'pkparse' - ] - IGNORED_TESTS = { - 'test_suite_bignum.misc': [ - re.compile(r'.*\bmbedtls_mpi_is_prime.*'), - re.compile(r'.*\bmbedtls_mpi_gen_prime.*'), - ], - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(PKCS1|RSA)_.*'), - re.compile(r'.*\bMBEDTLS_GENPRIME\b.*') - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - # Following tests depend on RSA_C but are not about - # them really, just need to know some error code is there. - 'test_suite_error': [ - 'Low and high error', - 'Single high error' - ], - # Constant time operations only used for PKCS1_V15 - 'test_suite_constant_time': [ - re.compile(r'mbedtls_ct_zeroize_if .*'), - re.compile(r'mbedtls_ct_memmove_left .*') - ], - 'test_suite_psa_crypto': [ - # We don't support generate_key_custom entry points - # in drivers yet. - re.compile(r'PSA generate key custom: RSA, e=.*'), - re.compile(r'PSA generate key ext: RSA, e=.*'), - ], - } - -class DriverVSReference_block_cipher_dispatch(outcome_analysis.DriverVSReference): - REFERENCE = 'test_full_block_cipher_legacy_dispatch' - DRIVER = 'test_full_block_cipher_psa_dispatch' - IGNORED_SUITES = [ - # Skipped in the accelerated component - 'aes', 'aria', 'camellia', - # These require AES_C, ARIA_C or CAMELLIA_C to be enabled in - # order for the cipher module (actually cipher_wrapper) to work - # properly. However these symbols are disabled in the accelerated - # component so we ignore them. - 'cipher.ccm', 'cipher.gcm', 'cipher.aes', 'cipher.aria', - 'cipher.camellia', - ] - IGNORED_TESTS = { - 'test_suite_config': [ - re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA)_.*'), - re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'), - ], - 'test_suite_cmac': [ - # Following tests require AES_C/ARIA_C/CAMELLIA_C to be enabled, - # but these are not available in the accelerated component. - 'CMAC null arguments', - re.compile('CMAC.* (AES|ARIA|Camellia).*'), - ], - 'test_suite_cipher.padding': [ - # Following tests require AES_C/CAMELLIA_C to be enabled, - # but these are not available in the accelerated component. - re.compile('Set( non-existent)? padding with (AES|CAMELLIA).*'), - ], - 'test_suite_pkcs5': [ - # The AES part of PKCS#5 PBES2 is not yet supported. - # The rest of PKCS#5 (PBKDF2) works, though. - re.compile(r'PBES2 .* AES-.*') - ], - 'test_suite_pkparse': [ - # PEM (called by pkparse) requires AES_C in order to decrypt - # the key, but this is not available in the accelerated - # component. - re.compile('Parse RSA Key.*(password|AES-).*'), - ], - 'test_suite_pem': [ - # Following tests require AES_C, but this is diabled in the - # accelerated component. - re.compile('PEM read .*AES.*'), - 'PEM read (unknown encryption algorithm)', - ], - 'test_suite_error': [ - # Following tests depend on AES_C but are not about them - # really, just need to know some error code is there. - 'Single low error', - 'Low and high error', - ], - 'test_suite_platform': [ - # Incompatible with sanitizers (e.g. ASan). If the driver - # component uses a sanitizer but the reference component - # doesn't, we have a PASS vs SKIP mismatch. - 'Check mbedtls_calloc overallocation', - ], - } - -#pylint: enable=invalid-name,missing-class-docstring - - # List of tasks with a function that can handle this task and additional arguments if required -KNOWN_TASKS = { +KNOWN_TASKS: typing.Dict[str, typing.Type[outcome_analysis.Task]] = { 'analyze_coverage': CoverageTask, - 'analyze_driver_vs_reference_hash': DriverVSReference_hash, - 'analyze_driver_vs_reference_hmac': DriverVSReference_hmac, - 'analyze_driver_vs_reference_cipher_aead_cmac': DriverVSReference_cipher_aead_cmac, - 'analyze_driver_vs_reference_ecp_light_only': DriverVSReference_ecp_light_only, - 'analyze_driver_vs_reference_no_ecp_at_all': DriverVSReference_no_ecp_at_all, - 'analyze_driver_vs_reference_ecc_no_bignum': DriverVSReference_ecc_no_bignum, - 'analyze_driver_vs_reference_ecc_ffdh_no_bignum': DriverVSReference_ecc_ffdh_no_bignum, - 'analyze_driver_vs_reference_ffdh_alg': DriverVSReference_ffdh_alg, - 'analyze_driver_vs_reference_tfm_config': DriverVSReference_tfm_config, - 'analyze_driver_vs_reference_rsa': DriverVSReference_rsa, - 'analyze_block_cipher_dispatch': DriverVSReference_block_cipher_dispatch, } if __name__ == '__main__': From f004998303611f9514d1e7c9d3dbfe1f726632ea Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 21 Feb 2026 21:20:22 +0100 Subject: [PATCH 1382/1548] Add issue number Signed-off-by: Gilles Peskine --- ChangeLog.d/timing.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/timing.txt b/ChangeLog.d/timing.txt index 96f4feb0e4..b3943cdcf2 100644 --- a/ChangeLog.d/timing.txt +++ b/ChangeLog.d/timing.txt @@ -10,4 +10,4 @@ API changes Bugfix * mbedtls_timing_get_delay() now correctly treats a timer as expired after more than 2^32 ms (about 49 days) on platforms where long is - a 32-bit type. + a 32-bit type. Fixes #10613. From 99c4159681ef5e7ebfce3ca2daf1efc93f0718b2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 21 Feb 2026 21:19:42 +0100 Subject: [PATCH 1383/1548] Disable Unix-like integration code in baremetal builds in all.sh Signed-off-by: Gilles Peskine --- tests/scripts/components-configuration-crypto.sh | 2 +- tests/scripts/components-configuration.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index aee412c4a8..baa59fb5f5 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -528,7 +528,7 @@ component_test_crypto_for_psa_service () { component_build_crypto_baremetal () { msg "build: make, crypto only, baremetal config" scripts/config.py crypto_baremetal - CFLAGS="-O1 -I$PWD/framework/tests/include/baremetal-override/" cmake . + CFLAGS="-O1 -I$PWD/framework/tests/include/baremetal-override/ -DMBEDTLS_TEST_PLATFORM_IS_NOT_UNIXLIKE" cmake . cmake --build . ctest are_empty_libraries library/libmbedx509.* library/libmbedtls.* diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index 89104a3bab..dcd01c7e58 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -220,7 +220,7 @@ component_test_full_deprecated_warning () { component_build_baremetal () { msg "build: make, baremetal config" scripts/config.py baremetal - $MAKE_COMMAND CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/" + $MAKE_COMMAND CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/ -DMBEDTLS_TEST_PLATFORM_IS_NOT_UNIXLIKE" } support_build_baremetal () { From 39813964ef542eb7ff684bc61a40e4015ce7b7c6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 13 Jan 2026 15:42:11 +0100 Subject: [PATCH 1384/1548] ssl_tls.c: Allow client hello fragmentation Signed-off-by: Ronald Cron --- library/ssl_tls.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 24ac3cec4d..6df6c4bd88 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2892,13 +2892,6 @@ size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_PROTO_DTLS) size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl) { - /* Return unlimited mtu for client hello messages to avoid fragmentation. */ - if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - (ssl->state == MBEDTLS_SSL_CLIENT_HELLO || - ssl->state == MBEDTLS_SSL_SERVER_HELLO)) { - return 0; - } - if (ssl->handshake == NULL || ssl->handshake->mtu == 0) { return ssl->mtu; } From fa5e75d6f6d50de7d74d2e64b14f87c51277fd45 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 14 Jan 2026 16:32:48 +0100 Subject: [PATCH 1385/1548] ssl-opt.sh: Relax deps of handshake defrag tests Relax the dependencies of the tests about handshake message defragmentation/reassembly on server side. TLS 1.3 does not need to be enable anymore for this to work for TLS 1.2 handshake messages. Signed-off-by: Ronald Cron --- scripts/generate_tls_handshake_tests.py | 3 --- tests/ssl-opt.sh | 3 --- 2 files changed, 6 deletions(-) diff --git a/scripts/generate_tls_handshake_tests.py b/scripts/generate_tls_handshake_tests.py index 30f27b1b37..76c8e45d57 100755 --- a/scripts/generate_tls_handshake_tests.py +++ b/scripts/generate_tls_handshake_tests.py @@ -6,12 +6,9 @@ # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -import sys - import framework_scripts_path # pylint: disable=unused-import from mbedtls_framework import tls_handshake_tests if __name__ == '__main__': - sys.argv[1:1] = ["--no-tls12-client-hello-defragmentation-support"] tls_handshake_tests.main() diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9b5987188f..cef8bfab48 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13826,7 +13826,6 @@ run_test "Handshake defragmentation on server: len=256, client-initiated rene -s "Consume: waiting for more handshake fragments 256/" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on server: len=128, client-initiated renegotiation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ @@ -13843,7 +13842,6 @@ run_test "Handshake defragmentation on server: len=128, client-initiated rene -s "Consume: waiting for more handshake fragments 128/" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on server: len=4, client-initiated renegotiation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \ @@ -13860,7 +13858,6 @@ run_test "Handshake defragmentation on server: len=4, client-initiated renego -s "Consume: waiting for more handshake fragments 4/" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Handshake defragmentation on server: len=4, client-initiated server-rejected renegotiation" \ "$P_SRV debug_level=4 exchanges=2 renegotiation=0 auth_mode=required" \ From 2e9b9681e60ff52d69a3a68b4c7be0bcbab9191b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 21 Jan 2026 11:33:35 +0100 Subject: [PATCH 1386/1548] ssl_server2.c: DTLS: Attempt to read the response to the close notification Signed-off-by: Ronald Cron --- programs/ssl/ssl_server2.c | 50 ++++++++++++++++++- tests/compat.sh | 1 + tests/scripts/components-configuration-tls.sh | 1 + 3 files changed, 51 insertions(+), 1 deletion(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 0ae2f79303..f262542377 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -4133,7 +4133,55 @@ int main(int argc, char *argv[]) } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE); ret = 0; - mbedtls_printf(" done\n"); + /* + * In the DTLS case, attempt to read a possible response to the close + * notification. This avoids reconnecting to the same client when we + * reset and later receive its close-notification response during + * step 3 (waiting for a client to connect). + * + * Stop waiting for the response if the connection has already ended. + * + * The waiting loop below relies on mbedtls_ssl_read() returning regularly + * in order to keep the total waiting time approximately bounded to 1s. If + * no read timeout is configured (see the read_timeout option), or if the + * configured timeout is close to or larger than 1s, the total waiting time + * may exceed 1s by a significant margin. + */ +#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_HAVE_TIME) + if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + mbedtls_ms_time_t start = mbedtls_ms_time(); + for (;;) { + ret = mbedtls_ssl_read(&ssl, buf, opt.buffer_size); + /* + * mbedtls_ssl_read() returned some data or timed out, loop if we + * have not spent already too much time, quite arbitrarily 1s. + */ + if ((ret > 0) || (ret == MBEDTLS_ERR_SSL_TIMEOUT)) { + if ((mbedtls_ms_time() - start) < 1000) { + continue; + } + } + + if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { + mbedtls_printf(" done, received client close notification.\n"); + } else { + /* ret = 0, silent transport EOF or ret < 0 except + * MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY. Note that we do not + * handle specifically the non-fatal error codes like + * MBEDTLS_ERR_SSL_WANT_READ as we do not really expect them + * here. + */ + mbedtls_printf(" done\n"); + } + break; + } + ret = 0; + } else +#endif /* MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_HAVE_TIME */ + { + mbedtls_printf(" done\n"); + } + fflush(stdout); #if defined(MBEDTLS_SSL_CACHE_C) if (opt.cache_remove > 0) { diff --git a/tests/compat.sh b/tests/compat.sh index 2b6f454127..3f44c984fb 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -557,6 +557,7 @@ setup_arguments() # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes if is_dtls "$MODE"; then O_SERVER_ARGS="$O_SERVER_ARGS" + M_SERVER_ARGS="$M_SERVER_ARGS read_timeout=1000" else O_SERVER_ARGS="$O_SERVER_ARGS -www" fi diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index 5a77c4defc..d017eef182 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -165,6 +165,7 @@ component_test_tls1_2_ccm_psk_dtls () { msg "build: configs/config-ccm-psk-dtls1_2.h" MBEDTLS_CONFIG="configs/config-ccm-psk-dtls1_2.h" CRYPTO_CONFIG="configs/crypto-config-ccm-psk-tls1_2.h" + tf-psa-crypto/scripts/config.py -f "$CRYPTO_CONFIG" set MBEDTLS_HAVE_TIME CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . make From 516e74ca5c43bf142dc3c4e7e0b25e3ab27df44f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 12 Jan 2026 12:45:40 +0100 Subject: [PATCH 1387/1548] ssl_tls12_server.c: Document replay check and update in ssl_parse_client_hello() Signed-off-by: Ronald Cron --- library/ssl_tls12_server.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index ec4446c1b4..8f724d31ef 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -938,6 +938,9 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) memcpy(&ssl->cur_out_ctr[2], ssl->in_ctr + 2, sizeof(ssl->cur_out_ctr) - 2); + /* Check for record replay and then update the window. This replicates what + * is done in `ssl_get_next_record()` when the record is not fetched through + * `mbedtls_ssl_read_record()`. */ #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) if (mbedtls_ssl_dtls_replay_check(ssl) != 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("replayed record, discarding")); From a50110be7135e0ab54531e0247b3fba1b3f9ee82 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 14 Jan 2026 13:48:52 +0100 Subject: [PATCH 1388/1548] ssl_tls12_server.c: Use mbedtls_ssl_read_record() only to read the ClientHello In ssl_tls12_server.c:ssl_parse_client_hello(), remove the code that directly reads the received data to read the record expected to contain the ClientHello message. The function already supported handling a ClientHello read via mbedtls_ssl_read_record() in the following cases: - when the ClientHello was read as a post-handshake message (renegotiation). - when the ClientHello was read by ssl_tls13_process_client_hello() during TLS 1.3 or TLS 1.2 version negotiation. Signed-off-by: Ronald Cron --- library/ssl_msg.c | 5 ++ library/ssl_tls12_server.c | 120 ++++++------------------------------- 2 files changed, 22 insertions(+), 103 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index d159f8fd33..64e3de795d 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5504,6 +5504,11 @@ static int ssl_tls12_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl) ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; } #endif + + /* Keep the ClientHello message for ssl_parse_client_hello() */ + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { + ssl->keep_current_message = 1; + } ret = mbedtls_ssl_start_renegotiation(ssl); if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && ret != 0) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 8f724d31ef..15f78486e6 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -869,29 +869,22 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client hello")); - int renegotiating; - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -read_record_header: -#endif /* - * If renegotiating, then the input was read with mbedtls_ssl_read_record(), - * otherwise read it ourselves manually in order to support SSLv2 - * ClientHello, which doesn't use the same record layer format. - * Otherwise in a scenario of TLS 1.3/TLS 1.2 version negotiation, the - * ClientHello has been already fully fetched by the TLS 1.3 code and the - * flag ssl->keep_current_message is raised. + * Fetch the expected ClientHello handshake message. Do not ask + * mbedtls_ssl_read_record() to update the handshake digest, to align + * with cases where the ClientHello may already have been fetched in + * ssl_tls13_process_client_hello() or as a post-handshake message + * (renegotiation). */ - renegotiating = 0; -#if defined(MBEDTLS_SSL_RENEGOTIATION) - renegotiating = (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE); -#endif - if (!renegotiating && !ssl->keep_current_message) { - if ((ret = mbedtls_ssl_fetch_input(ssl, 5)) != 0) { - /* No alert on a read error. */ - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); - return ret; - } + if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record ", ret); + return ret; + } + + ret = mbedtls_ssl_update_handshake_status(ssl); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_update_handshake_status"), ret); + return ret; } buf = ssl->in_hdr; @@ -910,7 +903,8 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, message type: %d", buf[0])); - if (buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE) { + if ((ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) || + (buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE)) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } @@ -937,66 +931,11 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) memcpy(&ssl->cur_out_ctr[2], ssl->in_ctr + 2, sizeof(ssl->cur_out_ctr) - 2); - - /* Check for record replay and then update the window. This replicates what - * is done in `ssl_get_next_record()` when the record is not fetched through - * `mbedtls_ssl_read_record()`. */ -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - if (mbedtls_ssl_dtls_replay_check(ssl) != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("replayed record, discarding")); - ssl->next_record_offset = 0; - ssl->in_left = 0; - goto read_record_header; - } - - /* No MAC to check yet, so we can update right now */ - mbedtls_ssl_dtls_replay_update(ssl); -#endif } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - msg_len = MBEDTLS_GET_UINT16_BE(ssl->in_len, 0); - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { - /* Set by mbedtls_ssl_read_record() */ - msg_len = ssl->in_hslen; - } else -#endif - { - if (ssl->keep_current_message) { - ssl->keep_current_message = 0; - } else { - if (msg_len > MBEDTLS_SSL_IN_CONTENT_LEN) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - if ((ret = mbedtls_ssl_fetch_input(ssl, - mbedtls_ssl_in_hdr_len(ssl) + msg_len)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); - return ret; - } - - /* Done reading this record, get ready for the next one */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len(ssl); - } else -#endif - ssl->in_left = 0; - } - } - buf = ssl->in_msg; - - MBEDTLS_SSL_DEBUG_BUF(4, "record contents", buf, msg_len); - - ret = ssl->handshake->update_checksum(ssl, buf, msg_len); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret); - return ret; - } + msg_len = ssl->in_hslen; /* * Handshake layer: @@ -1006,13 +945,6 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) * 6 . 8 DTLS only: fragment offset * 9 . 11 DTLS only: fragment length */ - if (msg_len < mbedtls_ssl_hs_hdr_len(ssl)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake type: %d", buf[0])); - if (buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; @@ -1043,24 +975,6 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) ssl->handshake->out_msg_seq = cli_msg_seq; ssl->handshake->in_msg_seq = cli_msg_seq + 1; } - { - /* - * For now we don't support fragmentation, so make sure - * fragment_offset == 0 and fragment_length == length - */ - size_t fragment_offset, fragment_length, length; - fragment_offset = MBEDTLS_GET_UINT24_BE(ssl->in_msg, 6); - fragment_length = MBEDTLS_GET_UINT24_BE(ssl->in_msg, 9); - length = MBEDTLS_GET_UINT24_BE(ssl->in_msg, 1); - MBEDTLS_SSL_DEBUG_MSG( - 4, ("fragment_offset=%u fragment_length=%u length=%u", - (unsigned) fragment_offset, (unsigned) fragment_length, - (unsigned) length)); - if (fragment_offset != 0 || length != fragment_length) { - MBEDTLS_SSL_DEBUG_MSG(1, ("ClientHello fragmentation not supported")); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - } - } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ From 943c1071bb7f2585ab96adaced51eda3809fb837 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 8 Jan 2026 09:15:40 +0100 Subject: [PATCH 1389/1548] ssl_tls12_server.c: Move ClientHello message_seq adjustment Move ClientHello message_seq adjustment to the record layer. Signed-off-by: Ronald Cron --- library/ssl_msg.c | 21 +++++++++++++++++++++ library/ssl_tls12_server.c | 28 ---------------------------- 2 files changed, 21 insertions(+), 28 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 64e3de795d..fb5327a709 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2967,6 +2967,27 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INVALID_RECORD; } + /* + * When establishing the connection, the client may go through a series + * of ClientHello and HelloVerifyRequest requests and responses. The + * server does not keep any trace of these initial round trips as + * intended: minimum allocated ressources as long as the reachability + * of the client has not been confirmed. When receiving the "first + * ClientHello" from server perspective, we may thus need to adapt + * the next expected `message_seq` for the incoming and outgoing + * handshake messages. + */ + if (ssl->in_msg[0] == MBEDTLS_SSL_HS_CLIENT_HELLO && + ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && + ssl->state == MBEDTLS_SSL_CLIENT_HELLO +#if defined(MBEDTLS_SSL_RENEGOTIATION) + && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE +#endif + ) { + ssl->handshake->in_msg_seq = recv_msg_seq; + ssl->handshake->out_msg_seq = recv_msg_seq; + } + if (ssl->handshake != NULL && ((mbedtls_ssl_is_handshake_over(ssl) == 0 && recv_msg_seq != ssl->handshake->in_msg_seq) || diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 15f78486e6..a6c36420c6 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -950,34 +950,6 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - /* - * Copy the client's handshake message_seq on initial handshakes, - * check sequence number on renego. - */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { - /* This couldn't be done in ssl_prepare_handshake_record() */ - unsigned int cli_msg_seq = (unsigned int) MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4); - if (cli_msg_seq != ssl->handshake->in_msg_seq) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message_seq: " - "%u (expected %u)", cli_msg_seq, - ssl->handshake->in_msg_seq)); - return MBEDTLS_ERR_SSL_DECODE_ERROR; - } - - ssl->handshake->in_msg_seq++; - } else -#endif - { - unsigned int cli_msg_seq = (unsigned int) MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4); - ssl->handshake->out_msg_seq = cli_msg_seq; - ssl->handshake->in_msg_seq = cli_msg_seq + 1; - } - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - buf += mbedtls_ssl_hs_hdr_len(ssl); msg_len -= mbedtls_ssl_hs_hdr_len(ssl); From 00160b910a3c342248f781b3e5122e89744cf354 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 22 Jan 2026 18:43:57 +0100 Subject: [PATCH 1390/1548] ssl_tls12_server.c: Move ClientHello record sequence_number init Signed-off-by: Ronald Cron --- library/ssl_msg.c | 9 +++++++++ library/ssl_tls12_server.c | 19 ------------------- 2 files changed, 9 insertions(+), 19 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index fb5327a709..a9fe96ffa6 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2986,6 +2986,15 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) ) { ssl->handshake->in_msg_seq = recv_msg_seq; ssl->handshake->out_msg_seq = recv_msg_seq; + + /* Epoch should be 0 for initial handshakes */ + if (ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; + } + + memcpy(&ssl->cur_out_ctr[2], ssl->in_ctr + 2, + sizeof(ssl->cur_out_ctr) - 2); } if (ssl->handshake != NULL && diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index a6c36420c6..8ece1f7b33 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -915,25 +915,6 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, protocol version: [%d:%d]", buf[1], buf[2])); - /* For DTLS if this is the initial handshake, remember the client sequence - * number to use it in our next message (RFC 6347 4.2.1) */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM -#if defined(MBEDTLS_SSL_RENEGOTIATION) - && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE -#endif - ) { - /* Epoch should be 0 for initial handshakes */ - if (ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - memcpy(&ssl->cur_out_ctr[2], ssl->in_ctr + 2, - sizeof(ssl->cur_out_ctr) - 2); - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - buf = ssl->in_msg; msg_len = ssl->in_hslen; From 0db3a49330f4ede94c4eb4175384e4e0d1973905 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 22 Jan 2026 18:46:53 +0100 Subject: [PATCH 1391/1548] ssl_tls12_server.c: parse_client_hello: Remove remaining record level code Signed-off-by: Ronald Cron --- library/ssl_tls12_server.c | 31 ++----------------------------- 1 file changed, 2 insertions(+), 29 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 8ece1f7b33..36d15c50a7 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -887,34 +887,6 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) return ret; } - buf = ssl->in_hdr; - - MBEDTLS_SSL_DEBUG_BUF(4, "record header", buf, mbedtls_ssl_in_hdr_len(ssl)); - - /* - * TLS Client Hello - * - * Record layer: - * 0 . 0 message type - * 1 . 2 protocol version - * 3 . 11 DTLS: epoch + record sequence number - * 3 . 4 message length - */ - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, message type: %d", - buf[0])); - - if ((ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) || - (buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, message len.: %d", - MBEDTLS_GET_UINT16_BE(ssl->in_len, 0))); - - MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, protocol version: [%d:%d]", - buf[1], buf[2])); - buf = ssl->in_msg; msg_len = ssl->in_hslen; @@ -926,7 +898,8 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) * 6 . 8 DTLS only: fragment offset * 9 . 11 DTLS only: fragment length */ - if (buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO) { + if ((ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) || + (buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO)) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } From d718a35a1ff61af29bcae73c607848bc23ad24d4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 23 Jan 2026 15:36:49 +0100 Subject: [PATCH 1392/1548] ssl_msg.c: Remove some now unnecessary code Signed-off-by: Ronald Cron --- library/ssl_msg.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index a9fe96ffa6..207f4b7e1c 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -4873,14 +4873,9 @@ static int ssl_get_next_record(mbedtls_ssl_context *ssl) /* The record content type may change during decryption, * so re-read it. */ ssl->in_msgtype = rec.type; - /* Also update the input buffer, because unfortunately - * the server-side ssl_parse_client_hello() reparses the - * record header when receiving a ClientHello initiating - * a renegotiation. */ - ssl->in_hdr[0] = rec.type; + ssl->in_msg = rec.buf + rec.data_offset; ssl->in_msglen = rec.data_len; - MBEDTLS_PUT_UINT16_BE(rec.data_len, ssl->in_len, 0); return 0; } From c1cbfdd0722e257e1abb820d0e9adc775760d3cb Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 14 Jan 2026 09:42:27 +0100 Subject: [PATCH 1393/1548] ssl-opt.sh: Add interop test of DTLS defragmentation on server side Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 151 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 151 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index cef8bfab48..2c87e20278 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9971,6 +9971,51 @@ run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ -C "error" \ -s "Extra-header:" +requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "DTLS reassembly: no fragmentation (gnutls client)" \ + "$P_SRV debug_level=2 dtls=1" \ + "$G_NEXT_CLI -u --mtu 2048 --insecure 127.0.0.1" \ + 0 \ + -S "found fragmented DTLS handshake message" \ + -S "error" + +requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "DTLS reassembly: some fragmentation (gnutls client)" \ + "$P_SRV debug_level=2 dtls=1 auth_mode=required" \ + "$G_NEXT_CLI -u --mtu 256 --insecure 127.0.0.1 --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "found fragmented DTLS handshake message" \ + -s "Certificate handshake message has been buffered and reassembled" \ + -S "error" + +# Set the MTU to 128 bytes. The minimum size of a DTLS 1.2 record +# containing a ClientHello handshake message is 69 bytes, without any cookie, +# ciphersuite, or extension. With an MTU of 128 bytes, the ClientHello handshake +# message is therefore very likely to be fragmented in most library +# configurations. +requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "DTLS reassembly: more fragmentation (gnutls client)" \ + "$P_SRV debug_level=2 dtls=1" \ + "$G_NEXT_CLI -u --mtu 128 --insecure 127.0.0.1" \ + 0 \ + -s "ClientHello handshake message has been buffered and reassembled" \ + -S "error" + +requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "DTLS reassembly: more fragmentation, nbio (gnutls client)" \ + "$P_SRV debug_level=2 dtls=1 nbio=2" \ + "$G_NEXT_CLI -u --mtu 128 --insecure 127.0.0.1" \ + 0 \ + -s "ClientHello handshake message has been buffered and reassembled" \ + -S "error" + +# No fragmentation and renegotiation tests with GnuTLS client as the feature +# does not work properly. + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: no fragmentation (openssl server)" \ "$O_SRV -dtls -mtu 2048" \ @@ -10001,6 +10046,37 @@ run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ -c "Certificate handshake message has been buffered and reassembled" \ -C "error" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "DTLS reassembly: no fragmentation (openssl client)" \ + "$P_SRV debug_level=2 dtls=1 auth_mode=required" \ + "$O_NEXT_CLI -dtls -mtu 2048 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -S "found fragmented DTLS handshake message" \ + -S "error" + +# Minimum possible MTU for OpenSSL server: 256 bytes. +# We expect the server Certificate handshake to be fragmented and verify that +# this is the case. Depending on the configuration, other handshake messages may +# also be fragmented like the ClientHello, ClientKeyExchange or +# CertificateVerify messages. +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "DTLS reassembly: some fragmentation (openssl client)" \ + "$P_SRV debug_level=2 dtls=1 auth_mode=required" \ + "$O_NEXT_CLI -dtls -mtu 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "found fragmented DTLS handshake message" \ + -s "Certificate handshake message has been buffered and reassembled" \ + -S "error" + +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "DTLS reassembly: fragmentation, nbio (openssl client)" \ + "$P_SRV debug_level=2 dtls=1 auth_mode=required nbio=2" \ + "$O_NEXT_CLI -dtls -mtu 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "found fragmented DTLS handshake message" \ + -s "Certificate handshake message has been buffered and reassembled" \ + -S "error" + # Tests for sending fragmented handshake messages with DTLS # # Use client auth when we need the client to send large messages, @@ -11881,6 +11957,43 @@ run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ -c "HTTP/1.0 200 OK" \ -c "Certificate handshake message has been buffered and reassembled" +requires_openssl_next +client_needs_more_time 6 +not_with_valgrind # risk of non-mbedtls peer timing out +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "DTLS proxy: 3d, openssl client" \ + -p "$P_PXY drop=5 delay=5 duplicate=5" \ + "$P_SRV dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ + "$O_NEXT_CLI -dtls1_2 -mtu 2048" \ + 0 \ + -s "HTTP/1.0 200 OK" + +requires_openssl_next +client_needs_more_time 8 +not_with_valgrind # risk of non-mbedtls peer timing out +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "DTLS proxy: 3d, openssl client, fragmentation" \ + -p "$P_PXY drop=5 delay=5 duplicate=5" \ + "$P_SRV debug_level=2 dgram_packing=0 auth_mode=required dtls=1 hs_timeout=500-60000 tickets=0" \ + "$O_NEXT_CLI -dtls1_2 -mtu 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "HTTP/1.0 200 OK" \ + -s "found fragmented DTLS handshake message" \ + -s "Certificate handshake message has been buffered and reassembled" + +requires_openssl_next +client_needs_more_time 8 +not_with_valgrind # risk of non-mbedtls peer timing out +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "DTLS proxy: 3d, openssl client, fragmentation, nbio" \ + -p "$P_PXY drop=5 delay=5 duplicate=5" \ + "$P_SRV debug_level=2 dgram_packing=0 auth_mode=required dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \ + "$O_NEXT_CLI -dtls1_2 -mtu 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + 0 \ + -s "HTTP/1.0 200 OK" \ + -s "found fragmented DTLS handshake message" \ + -s "Certificate handshake message has been buffered and reassembled" + requires_gnutls client_needs_more_time 6 not_with_valgrind # risk of non-mbedtls peer timing out @@ -11919,6 +12032,44 @@ run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ -c "Extra-header:" \ -c "Certificate handshake message has been buffered and reassembled" +requires_gnutls +client_needs_more_time 6 +not_with_valgrind # risk of non-mbedtls peer timing out +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "DTLS proxy: 3d, gnutls client" \ + -p "$P_PXY drop=5 delay=5 duplicate=5" \ + "$P_SRV dgram_packing=0 dtls=1" \ + "$G_NEXT_CLI -u --mtu 2048 --insecure 127.0.0.1" \ + 0 \ + -s "HTTP/1.0 200 OK" + +# Set the MTU to 128 bytes. The ClientHello is not surely fragmented but very +# likely. Do not set it to 56 bytes where we would be sure that the ClientHello +# is fragmented as then experimentally the handshake fails too often. +requires_gnutls +client_needs_more_time 8 +not_with_valgrind # risk of non-mbedtls peer timing out +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "DTLS proxy: 3d, gnutls client, fragmentation" \ + -p "$P_PXY drop=5 delay=5 duplicate=5" \ + "$P_SRV dgram_packing=0 dtls=1 debug_level=2" \ + "$G_NEXT_CLI -u --mtu 128 --insecure 127.0.0.1" \ + 0 \ + -s "HTTP/1.0 200 OK" \ + -s "ClientHello handshake message has been buffered and reassembled" + +requires_gnutls +client_needs_more_time 8 +not_with_valgrind # risk of non-mbedtls peer timing out +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "DTLS proxy: 3d, gnutls client, fragmentation, nbio=2" \ + -p "$P_PXY drop=5 delay=5 duplicate=5" \ + "$P_SRV dgram_packing=0 dtls=1 debug_level=2 nbio=2" \ + "$G_NEXT_CLI -u --mtu 128 --insecure 127.0.0.1" \ + 0 \ + -s "HTTP/1.0 200 OK" \ + -s "ClientHello handshake message has been buffered and reassembled" + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "export keys functionality" \ "$P_SRV eap_tls=1 debug_level=3" \ From 6e270c0465b876484ffed1218bf293f38a904655 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 16 Jan 2026 16:50:39 +0100 Subject: [PATCH 1394/1548] ssl-opt.sh: Add tests with CH fragmented with DTLS in default config Signed-off-by: Ronald Cron --- tests/scripts/analyze_outcomes.py | 2 +- tests/ssl-opt.sh | 120 ++++++++++++++++++++++++++++-- 2 files changed, 113 insertions(+), 9 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 29c41beba2..2bd4bd8162 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -43,7 +43,7 @@ def _has_word_re(words: typing.Iterable[str], 'DTLS cookie: enabled, IPv6', # Disabled due to OpenSSL bug. # https://github.com/openssl/openssl/issues/18887 - 'DTLS fragmenting: 3d, openssl client, DTLS 1.2', + 'DTLS fragmenting: 3d, MTU=512, openssl client, DTLS 1.2', # We don't run ssl-opt.sh with Valgrind on the CI because # it's extremely slow. We don't intend to change this. 'DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)', diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2c87e20278..7f36ab5c14 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10360,6 +10360,37 @@ run_test "DTLS fragmenting: both (MTU=512)" \ -c "found fragmented DTLS handshake message" \ -C "error" +# Depending on the ciphersuite selected to encrypt the application data, the +# maximum application data payload per record may be small with an MTU of 128. +# For example, with TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, this maximum is +# 35 bytes. We therefore reduce the size of the client request and the server +# response in this test. +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_max_content_len 2048 +run_test "DTLS fragmenting: both (MTU=128)" \ + -p "$P_PXY mtu=128" \ + "$P_SRV dtls=1 debug_level=5 auth_mode=required \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ + response_size=8 \ + hs_timeout=2500-60000 \ + mtu=128" \ + "$P_CLI dtls=1 debug_level=2 \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ + request_size=8 \ + hs_timeout=2500-60000 \ + mtu=128" \ + 0 \ + -s "found fragmented DTLS handshake message" \ + -s "fragmenting Certificate handshake message" \ + -s "fragmenting ServerKeyExchange handshake message" \ + -c "found fragmented DTLS handshake message" \ + -c "fragmenting ClientHello handshake message" \ + -c "fragmenting Certificate handshake message" \ + -c "fragmenting CertificateVerify handshake message" \ + -C "error" + # Test for automatic MTU reduction on repeated resend. # Forcing ciphersuite for this test to fit the MTU of 508 with full config. # The ratio of max/min timeout should ideally equal 4 to accept two @@ -10736,7 +10767,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_gnutls requires_max_content_len 2048 -run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ +run_test "DTLS fragmenting: MTU=512, gnutls server, DTLS 1.2" \ "$G_SRV -u" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ @@ -10746,6 +10777,21 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ -c "fragmenting Certificate handshake message" \ -C "error" +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC +requires_gnutls +requires_max_content_len 2048 +run_test "DTLS fragmenting: MTU=128, gnutls server, DTLS 1.2" \ + "$G_NEXT_SRV -u" \ + "$P_CLI dtls=1 debug_level=2 \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ + mtu=128 force_version=dtls12" \ + 0 \ + -c "fragmenting ClientHello handshake message" \ + -c "fragmenting Certificate handshake message" \ + -C "error" + # We use --insecure for the GnuTLS client because it expects # the hostname / IP it connects to to be the name used in the # certificate obtained from the server. Here, however, it @@ -10758,7 +10804,7 @@ requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_gnutls requires_not_i686 requires_max_content_len 2048 -run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ +run_test "DTLS fragmenting: MTU=512, gnutls client, DTLS 1.2" \ "$P_SRV dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ key_file=$DATA_FILES_PATH/server7.key \ @@ -10770,7 +10816,7 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 -run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ +run_test "DTLS fragmenting: MTU=512, openssl server, DTLS 1.2" \ "$O_SRV -dtls1_2 -verify 10" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ @@ -10780,10 +10826,29 @@ run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ -c "fragmenting Certificate handshake message" \ -C "error" +# Depending on the ciphersuite selected to encrypt the application data, the +# maximum application data payload per record may be small with an MTU of 128. +# For example, with TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, this maximum is +# 35 bytes. We therefore reduce the size of the client request in this test. +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC +requires_max_content_len 2048 +run_test "DTLS fragmenting: MTU=128, openssl server, DTLS 1.2" \ + "$O_NEXT_SRV -dtls1_2 -verify 10" \ + "$P_CLI dtls=1 debug_level=2 \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ + request_size=8 \ + mtu=128 force_version=dtls12" \ + 0 \ + -c "fragmenting ClientHello handshake message" \ + -c "fragmenting Certificate handshake message" \ + -C "error" + requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 -run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ +run_test "DTLS fragmenting: MTU=512, openssl client, DTLS 1.2" \ "$P_SRV dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ key_file=$DATA_FILES_PATH/server7.key \ @@ -10801,7 +10866,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 4 requires_max_content_len 2048 -run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ +run_test "DTLS fragmenting: 3d, MTU=512, gnutls server, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$G_NEXT_SRV -u" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ @@ -10812,12 +10877,29 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ -c "fragmenting Certificate handshake message" \ -C "error" +requires_gnutls_next +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC +client_needs_more_time 6 +requires_max_content_len 2048 +run_test "DTLS fragmenting: 3d, MTU=128, gnutls server, DTLS 1.2" \ + -p "$P_PXY drop=8 delay=8 duplicate=8" \ + "$G_NEXT_SRV -u" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ + hs_timeout=250-60000 mtu=128 force_version=dtls12" \ + 0 \ + -c "fragmenting ClientHello handshake message" \ + -c "fragmenting Certificate handshake message" \ + -C "error" + requires_gnutls_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 4 requires_max_content_len 2048 -run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ +run_test "DTLS fragmenting: 3d, MTU=512, gnutls client, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$P_SRV dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ @@ -10834,7 +10916,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 4 requires_max_content_len 2048 -run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ +run_test "DTLS fragmenting: 3d, MTU=512, openssl server, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$O_NEXT_SRV -dtls1_2 -verify 10" \ "$P_CLI dtls=1 debug_level=2 \ @@ -10845,6 +10927,28 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ -c "fragmenting Certificate handshake message" \ -C "error" +# Depending on the ciphersuite selected to encrypt the application data, the +# maximum application data payload per record may be small with an MTU of 128. +# For example, with TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, this maximum is +# 35 bytes. We therefore reduce the size of the client request in this test. +requires_openssl_next +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC +client_needs_more_time 4 +requires_max_content_len 2048 +run_test "DTLS fragmenting: 3d, MTU=128, openssl server, DTLS 1.2" \ + -p "$P_PXY drop=8 delay=8 duplicate=8" \ + "$O_NEXT_SRV -dtls1_2 -verify 10" \ + "$P_CLI dtls=1 debug_level=2 \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ + request_size=8 \ + hs_timeout=250-60000 mtu=128 force_version=dtls12" \ + 0 \ + -c "fragmenting ClientHello handshake message" \ + -c "fragmenting Certificate handshake message" \ + -C "error" + ## the test below will time out with certain seed. ## The cause is an openssl bug (https://github.com/openssl/openssl/issues/18887) skip_next_test @@ -10852,7 +10956,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 4 requires_max_content_len 2048 -run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ +run_test "DTLS fragmenting: 3d, MTU=512, openssl client, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$P_SRV dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ From e436f74576770436392d1a1702ff151706fc71c5 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 10 Feb 2026 19:12:21 +0100 Subject: [PATCH 1395/1548] ssl-opt.sh: Fix/improve comments Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7f36ab5c14..c460505a8c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9993,8 +9993,9 @@ run_test "DTLS reassembly: some fragmentation (gnutls client)" \ # Set the MTU to 128 bytes. The minimum size of a DTLS 1.2 record # containing a ClientHello handshake message is 69 bytes, without any cookie, # ciphersuite, or extension. With an MTU of 128 bytes, the ClientHello handshake -# message is therefore very likely to be fragmented in most library -# configurations. +# message is therefore very likely to be fragmented, regardless of the +# GnuTLS client version. For example, the ClientHello sent by the GnuTLS 3.7.2 +# client is 206 bytes in this test. requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: more fragmentation (gnutls client)" \ @@ -10055,10 +10056,11 @@ run_test "DTLS reassembly: no fragmentation (openssl client)" \ -S "error" # Minimum possible MTU for OpenSSL server: 256 bytes. -# We expect the server Certificate handshake to be fragmented and verify that -# this is the case. Depending on the configuration, other handshake messages may -# also be fragmented like the ClientHello, ClientKeyExchange or -# CertificateVerify messages. +# We expect the client Certificate handshake message to be fragmented and +# verify that this is the case. With OpenSSL 3.0.13, the ClientHello handshake +# message is 224 bytes and also fragmented. However, it may not hold across +# OpenSSL version updates. Therefore, we do not verify that the ClientHello is +# reassembled by the server. requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: some fragmentation (openssl client)" \ "$P_SRV debug_level=2 dtls=1 auth_mode=required" \ @@ -12147,9 +12149,12 @@ run_test "DTLS proxy: 3d, gnutls client" \ 0 \ -s "HTTP/1.0 200 OK" -# Set the MTU to 128 bytes. The ClientHello is not surely fragmented but very -# likely. Do not set it to 56 bytes where we would be sure that the ClientHello -# is fragmented as then experimentally the handshake fails too often. +# Set the MTU to 128 bytes. The ClientHello is not guaranteed to be surely +# fragmented but it is very likely. For example, the ClientHello sent by the +# GnuTLS 3.7.2 client is 206 bytes in this test. We expect ClientHello +# fragmentation to remain the case across GnuTLS version updates. Avoid using a +# smaller MTU, as the smaller the MTU, the more likely the handshake is to fail +# in this very unreliable connection emulation. requires_gnutls client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out From 3ddc63d74e48eb911ac1569418a2212e64b71b5c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 11 Feb 2026 09:19:18 +0100 Subject: [PATCH 1396/1548] ssl-opt.sh: DTLS reassembly: Improve max_content_len requirements Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c460505a8c..7e5d30387b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10320,7 +10320,7 @@ run_test "DTLS fragmenting: server (MTU)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 2048 +requires_max_content_len 1024 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: both (MTU=1024)" \ -p "$P_PXY mtu=1024" \ @@ -10343,7 +10343,7 @@ run_test "DTLS fragmenting: both (MTU=1024)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 -requires_max_content_len 2048 +requires_max_content_len 512 run_test "DTLS fragmenting: both (MTU=512)" \ -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -10368,7 +10368,7 @@ run_test "DTLS fragmenting: both (MTU=512)" \ # 35 bytes. We therefore reduce the size of the client request and the server # response in this test. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS -requires_max_content_len 2048 +requires_max_content_len 128 run_test "DTLS fragmenting: both (MTU=128)" \ -p "$P_PXY mtu=128" \ "$P_SRV dtls=1 debug_level=5 auth_mode=required \ @@ -10446,7 +10446,7 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 2048 +requires_max_content_len 1024 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ -p "$P_PXY mtu=1024" \ @@ -10473,7 +10473,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 2048 +requires_max_content_len 512 run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -10496,7 +10496,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 2048 +requires_max_content_len 1024 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ -p "$P_PXY mtu=1024" \ @@ -10520,7 +10520,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 2048 +requires_max_content_len 512 run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -10553,7 +10553,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 2048 +requires_max_content_len 1450 run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ -p "$P_PXY mtu=1450" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -10580,7 +10580,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_max_content_len 2048 +requires_max_content_len 512 run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -10609,7 +10609,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_max_content_len 2048 +requires_max_content_len 512 run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ -p "$P_PXY mtu=512" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -10638,7 +10638,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_max_content_len 2048 +requires_max_content_len 1024 run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -10668,7 +10668,7 @@ requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC -requires_max_content_len 2048 +requires_max_content_len 1024 run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -10697,7 +10697,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_max_content_len 2048 +requires_max_content_len 1024 run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ -p "$P_PXY mtu=1024" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ @@ -10723,7 +10723,7 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 2 -requires_max_content_len 2048 +requires_max_content_len 512 run_test "DTLS fragmenting: proxy MTU + 3d" \ -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \ @@ -10744,7 +10744,7 @@ run_test "DTLS fragmenting: proxy MTU + 3d" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 2 -requires_max_content_len 2048 +requires_max_content_len 512 run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ From 814f5da61a004146b7f942609202cf034b461b50 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 11 Feb 2026 09:08:03 +0100 Subject: [PATCH 1397/1548] ssl-opt.sh: Use more diverse MTUs Do not use only power of 2 MTUs. Use diverse MTUs in DTLS reassembly/ fragmenting/proxy tests. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 189 +++++++++++++++++++++++++++++++++++------------ 1 file changed, 142 insertions(+), 47 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7e5d30387b..a999c94f5b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9931,7 +9931,7 @@ run_test "DTLS reassembly: more fragmentation (gnutls server)" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ - "$G_SRV -u --mtu 128" \ + "$G_SRV -u --mtu 109" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \ 0 \ -c "found fragmented DTLS handshake message" \ @@ -9943,7 +9943,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ - "$G_SRV -u --mtu 256" \ + "$G_SRV -u --mtu 241" \ "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ 0 \ -c "found fragmented DTLS handshake message" \ @@ -9984,7 +9984,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: some fragmentation (gnutls client)" \ "$P_SRV debug_level=2 dtls=1 auth_mode=required" \ - "$G_NEXT_CLI -u --mtu 256 --insecure 127.0.0.1 --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key" \ + "$G_NEXT_CLI -u --mtu 211 --insecure 127.0.0.1 --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key" \ 0 \ -s "found fragmented DTLS handshake message" \ -s "Certificate handshake message has been buffered and reassembled" \ @@ -10000,7 +10000,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: more fragmentation (gnutls client)" \ "$P_SRV debug_level=2 dtls=1" \ - "$G_NEXT_CLI -u --mtu 128 --insecure 127.0.0.1" \ + "$G_NEXT_CLI -u --mtu 103 --insecure 127.0.0.1" \ 0 \ -s "ClientHello handshake message has been buffered and reassembled" \ -S "error" @@ -10009,7 +10009,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: more fragmentation, nbio (gnutls client)" \ "$P_SRV debug_level=2 dtls=1 nbio=2" \ - "$G_NEXT_CLI -u --mtu 128 --insecure 127.0.0.1" \ + "$G_NEXT_CLI -u --mtu 103 --insecure 127.0.0.1" \ 0 \ -s "ClientHello handshake message has been buffered and reassembled" \ -S "error" @@ -10040,7 +10040,7 @@ run_test "DTLS reassembly: fragmentation (openssl server)" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ - "$O_SRV -dtls -mtu 256" \ + "$O_SRV -dtls -mtu 273" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \ 0 \ -c "found fragmented DTLS handshake message" \ @@ -10073,7 +10073,7 @@ run_test "DTLS reassembly: some fragmentation (openssl client)" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: fragmentation, nbio (openssl client)" \ "$P_SRV debug_level=2 dtls=1 auth_mode=required nbio=2" \ - "$O_NEXT_CLI -dtls -mtu 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -dtls -mtu 269 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "found fragmented DTLS handshake message" \ -s "Certificate handshake message has been buffered and reassembled" \ @@ -10320,20 +10320,20 @@ run_test "DTLS fragmenting: server (MTU)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC -requires_max_content_len 1024 +requires_max_content_len 1038 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "DTLS fragmenting: both (MTU=1024)" \ - -p "$P_PXY mtu=1024" \ +run_test "DTLS fragmenting: both (MTU=1038)" \ + -p "$P_PXY mtu=1038" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=2500-60000 \ - mtu=1024" \ + mtu=1038" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ key_file=$DATA_FILES_PATH/server8.key \ hs_timeout=2500-60000 \ - mtu=1024" \ + mtu=1038" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ @@ -10343,20 +10343,20 @@ run_test "DTLS fragmenting: both (MTU=1024)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_hash_alg SHA_256 -requires_max_content_len 512 -run_test "DTLS fragmenting: both (MTU=512)" \ - -p "$P_PXY mtu=512" \ +requires_max_content_len 509 +run_test "DTLS fragmenting: both (MTU=509)" \ + -p "$P_PXY mtu=509" \ "$P_SRV dtls=1 debug_level=2 auth_mode=required \ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ key_file=$DATA_FILES_PATH/server7.key \ hs_timeout=2500-60000 \ - mtu=512" \ + mtu=509" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ key_file=$DATA_FILES_PATH/server8.key \ force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ hs_timeout=2500-60000 \ - mtu=512" \ + mtu=509" \ 0 \ -s "found fragmented DTLS handshake message" \ -c "found fragmented DTLS handshake message" \ @@ -10366,7 +10366,7 @@ run_test "DTLS fragmenting: both (MTU=512)" \ # maximum application data payload per record may be small with an MTU of 128. # For example, with TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384, this maximum is # 35 bytes. We therefore reduce the size of the client request and the server -# response in this test. +# response in this test and the two following tests. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_max_content_len 128 run_test "DTLS fragmenting: both (MTU=128)" \ @@ -10393,6 +10393,58 @@ run_test "DTLS fragmenting: both (MTU=128)" \ -c "fragmenting CertificateVerify handshake message" \ -C "error" +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_max_content_len 2048 +run_test "DTLS fragmenting: both (MTU=107)" \ + -p "$P_PXY mtu=107" \ + "$P_SRV dtls=1 debug_level=5 auth_mode=required \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ + response_size=8 \ + hs_timeout=2500-60000 \ + mtu=107" \ + "$P_CLI dtls=1 debug_level=2 \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ + request_size=8 \ + hs_timeout=2500-60000 \ + mtu=107" \ + 0 \ + -s "found fragmented DTLS handshake message" \ + -s "fragmenting Certificate handshake message" \ + -s "fragmenting ServerKeyExchange handshake message" \ + -c "found fragmented DTLS handshake message" \ + -c "fragmenting ClientHello handshake message" \ + -c "fragmenting Certificate handshake message" \ + -c "fragmenting CertificateVerify handshake message" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_max_content_len 2048 +run_test "DTLS fragmenting: both (MTU=133)" \ + -p "$P_PXY mtu=133" \ + "$P_SRV dtls=1 debug_level=5 auth_mode=required \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ + response_size=8 \ + hs_timeout=2500-60000 \ + mtu=133" \ + "$P_CLI dtls=1 debug_level=2 \ + crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ + key_file=$DATA_FILES_PATH/server8.key \ + request_size=8 \ + hs_timeout=2500-60000 \ + mtu=133" \ + 0 \ + -s "found fragmented DTLS handshake message" \ + -s "fragmenting Certificate handshake message" \ + -s "fragmenting ServerKeyExchange handshake message" \ + -c "found fragmented DTLS handshake message" \ + -c "fragmenting ClientHello handshake message" \ + -c "fragmenting Certificate handshake message" \ + -c "fragmenting CertificateVerify handshake message" \ + -C "error" + # Test for automatic MTU reduction on repeated resend. # Forcing ciphersuite for this test to fit the MTU of 508 with full config. # The ratio of max/min timeout should ideally equal 4 to accept two @@ -10769,12 +10821,12 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_gnutls requires_max_content_len 2048 -run_test "DTLS fragmenting: MTU=512, gnutls server, DTLS 1.2" \ +run_test "DTLS fragmenting: MTU=501, gnutls server, DTLS 1.2" \ "$G_SRV -u" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ key_file=$DATA_FILES_PATH/server8.key \ - mtu=512 force_version=dtls12" \ + mtu=501 force_version=dtls12" \ 0 \ -c "fragmenting Certificate handshake message" \ -C "error" @@ -10783,12 +10835,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_gnutls requires_max_content_len 2048 -run_test "DTLS fragmenting: MTU=128, gnutls server, DTLS 1.2" \ +run_test "DTLS fragmenting: MTU=110, gnutls server, DTLS 1.2" \ "$G_NEXT_SRV -u" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ key_file=$DATA_FILES_PATH/server8.key \ - mtu=128 force_version=dtls12" \ + request_size=35 \ + mtu=110 force_version=dtls12" \ 0 \ -c "fragmenting ClientHello handshake message" \ -c "fragmenting Certificate handshake message" \ @@ -10806,11 +10859,25 @@ requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_gnutls requires_not_i686 requires_max_content_len 2048 -run_test "DTLS fragmenting: MTU=512, gnutls client, DTLS 1.2" \ +run_test "DTLS fragmenting: MTU=536, gnutls client, DTLS 1.2" \ "$P_SRV dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ key_file=$DATA_FILES_PATH/server7.key \ - mtu=512 force_version=dtls12" \ + mtu=536 force_version=dtls12" \ + "$G_CLI -u --insecure 127.0.0.1" \ + 0 \ + -s "fragmenting Certificate handshake message" + +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC +requires_gnutls +requires_not_i686 +requires_max_content_len 2048 +run_test "DTLS fragmenting: MTU=149, gnutls client, DTLS 1.2" \ + "$P_SRV dtls=1 debug_level=2 \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ + mtu=149 force_version=dtls12" \ "$G_CLI -u --insecure 127.0.0.1" \ 0 \ -s "fragmenting Certificate handshake message" @@ -10818,12 +10885,12 @@ run_test "DTLS fragmenting: MTU=512, gnutls client, DTLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 -run_test "DTLS fragmenting: MTU=512, openssl server, DTLS 1.2" \ +run_test "DTLS fragmenting: MTU=525, openssl server, DTLS 1.2" \ "$O_SRV -dtls1_2 -verify 10" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ key_file=$DATA_FILES_PATH/server8.key \ - mtu=512 force_version=dtls12" \ + mtu=525 force_version=dtls12" \ 0 \ -c "fragmenting Certificate handshake message" \ -C "error" @@ -10835,13 +10902,13 @@ run_test "DTLS fragmenting: MTU=512, openssl server, DTLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC requires_max_content_len 2048 -run_test "DTLS fragmenting: MTU=128, openssl server, DTLS 1.2" \ +run_test "DTLS fragmenting: MTU=130, openssl server, DTLS 1.2" \ "$O_NEXT_SRV -dtls1_2 -verify 10" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ key_file=$DATA_FILES_PATH/server8.key \ request_size=8 \ - mtu=128 force_version=dtls12" \ + mtu=130 force_version=dtls12" \ 0 \ -c "fragmenting ClientHello handshake message" \ -c "fragmenting Certificate handshake message" \ @@ -10859,6 +10926,18 @@ run_test "DTLS fragmenting: MTU=512, openssl client, DTLS 1.2" \ 0 \ -s "fragmenting Certificate handshake message" +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC +requires_max_content_len 2048 +run_test "DTLS fragmenting: MTU=131, openssl client, DTLS 1.2" \ + "$P_SRV dtls=1 debug_level=2 \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ + mtu=131 force_version=dtls12" \ + "$O_CLI -dtls1_2" \ + 0 \ + -s "fragmenting Certificate handshake message" + # interop tests for DTLS fragmentating with unreliable connection # # again we just want to test that the we fragment in a way that @@ -10868,13 +10947,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 4 requires_max_content_len 2048 -run_test "DTLS fragmenting: 3d, MTU=512, gnutls server, DTLS 1.2" \ +run_test "DTLS fragmenting: 3d, MTU=434, gnutls server, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$G_NEXT_SRV -u" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=250-60000 mtu=512 force_version=dtls12" \ + hs_timeout=250-60000 mtu=434 force_version=dtls12" \ 0 \ -c "fragmenting Certificate handshake message" \ -C "error" @@ -10884,13 +10963,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 6 requires_max_content_len 2048 -run_test "DTLS fragmenting: 3d, MTU=128, gnutls server, DTLS 1.2" \ +run_test "DTLS fragmenting: 3d, MTU=103, gnutls server, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$G_NEXT_SRV -u" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=250-60000 mtu=128 force_version=dtls12" \ + request_size=35 \ + hs_timeout=250-60000 mtu=103 force_version=dtls12" \ 0 \ -c "fragmenting ClientHello handshake message" \ -c "fragmenting Certificate handshake message" \ @@ -10901,12 +10981,27 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 4 requires_max_content_len 2048 -run_test "DTLS fragmenting: 3d, MTU=512, gnutls client, DTLS 1.2" \ +run_test "DTLS fragmenting: 3d, MTU=614, gnutls client, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$P_SRV dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ key_file=$DATA_FILES_PATH/server7.key \ - hs_timeout=250-60000 mtu=512 force_version=dtls12" \ + hs_timeout=250-60000 mtu=614 force_version=dtls12" \ + "$G_NEXT_CLI -u --insecure 127.0.0.1" \ + 0 \ + -s "fragmenting Certificate handshake message" + +requires_gnutls_next +requires_config_enabled MBEDTLS_SSL_PROTO_DTLS +requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC +client_needs_more_time 4 +requires_max_content_len 2048 +run_test "DTLS fragmenting: 3d, MTU=116, gnutls client, DTLS 1.2" \ + -p "$P_PXY drop=8 delay=8 duplicate=8" \ + "$P_SRV dtls=1 debug_level=2 \ + crt_file=$DATA_FILES_PATH/server7_int-ca.crt \ + key_file=$DATA_FILES_PATH/server7.key \ + hs_timeout=250-60000 mtu=116 force_version=dtls12" \ "$G_NEXT_CLI -u --insecure 127.0.0.1" \ 0 \ -s "fragmenting Certificate handshake message" @@ -10918,13 +11013,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 4 requires_max_content_len 2048 -run_test "DTLS fragmenting: 3d, MTU=512, openssl server, DTLS 1.2" \ +run_test "DTLS fragmenting: 3d, MTU=541, openssl server, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$O_NEXT_SRV -dtls1_2 -verify 10" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ key_file=$DATA_FILES_PATH/server8.key \ - hs_timeout=250-60000 mtu=512 force_version=dtls12" \ + hs_timeout=250-60000 mtu=541 force_version=dtls12" \ 0 \ -c "fragmenting Certificate handshake message" \ -C "error" @@ -10938,14 +11033,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC client_needs_more_time 4 requires_max_content_len 2048 -run_test "DTLS fragmenting: 3d, MTU=128, openssl server, DTLS 1.2" \ +run_test "DTLS fragmenting: 3d, MTU=108, openssl server, DTLS 1.2" \ -p "$P_PXY drop=8 delay=8 duplicate=8" \ "$O_NEXT_SRV -dtls1_2 -verify 10" \ "$P_CLI dtls=1 debug_level=2 \ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \ key_file=$DATA_FILES_PATH/server8.key \ request_size=8 \ - hs_timeout=250-60000 mtu=128 force_version=dtls12" \ + hs_timeout=250-60000 mtu=108 force_version=dtls12" \ 0 \ -c "fragmenting ClientHello handshake message" \ -c "fragmenting Certificate handshake message" \ @@ -12045,7 +12140,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, openssl server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ - "$O_NEXT_SRV -dtls1_2 -mtu 256" \ + "$O_NEXT_SRV -dtls1_2 -mtu 277" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 tickets=0" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -12057,7 +12152,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ - "$O_NEXT_SRV -dtls1_2 -mtu 256" \ + "$O_NEXT_SRV -dtls1_2 -mtu 268" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2 tickets=0" \ 0 \ -c "HTTP/1.0 200 OK" \ @@ -12081,7 +12176,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, openssl client, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV debug_level=2 dgram_packing=0 auth_mode=required dtls=1 hs_timeout=500-60000 tickets=0" \ - "$O_NEXT_CLI -dtls1_2 -mtu 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -dtls1_2 -mtu 260 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "HTTP/1.0 200 OK" \ -s "found fragmented DTLS handshake message" \ @@ -12094,7 +12189,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, openssl client, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV debug_level=2 dgram_packing=0 auth_mode=required dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \ - "$O_NEXT_CLI -dtls1_2 -mtu 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ + "$O_NEXT_CLI -dtls1_2 -mtu 259 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -s "HTTP/1.0 200 OK" \ -s "found fragmented DTLS handshake message" \ @@ -12118,7 +12213,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$G_NEXT_SRV -u --mtu 512" \ + "$G_NEXT_SRV -u --mtu 499" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000" \ 0 \ -s "Extra-header:" \ @@ -12131,7 +12226,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$G_NEXT_SRV -u --mtu 512" \ + "$G_NEXT_SRV -u --mtu 528" \ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2" \ 0 \ -s "Extra-header:" \ @@ -12149,7 +12244,7 @@ run_test "DTLS proxy: 3d, gnutls client" \ 0 \ -s "HTTP/1.0 200 OK" -# Set the MTU to 128 bytes. The ClientHello is not guaranteed to be surely +# Set the MTU to 131 bytes. The ClientHello is not guaranteed to be surely # fragmented but it is very likely. For example, the ClientHello sent by the # GnuTLS 3.7.2 client is 206 bytes in this test. We expect ClientHello # fragmentation to remain the case across GnuTLS version updates. Avoid using a @@ -12162,7 +12257,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, gnutls client, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dgram_packing=0 dtls=1 debug_level=2" \ - "$G_NEXT_CLI -u --mtu 128 --insecure 127.0.0.1" \ + "$G_NEXT_CLI -u --mtu 131 --insecure 127.0.0.1" \ 0 \ -s "HTTP/1.0 200 OK" \ -s "ClientHello handshake message has been buffered and reassembled" @@ -12174,7 +12269,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, gnutls client, fragmentation, nbio=2" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dgram_packing=0 dtls=1 debug_level=2 nbio=2" \ - "$G_NEXT_CLI -u --mtu 128 --insecure 127.0.0.1" \ + "$G_NEXT_CLI -u --mtu 135 --insecure 127.0.0.1" \ 0 \ -s "HTTP/1.0 200 OK" \ -s "ClientHello handshake message has been buffered and reassembled" From 3771c17a0b02cb9e80c0d6c4de90c3c9ec78d59c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 13 Feb 2026 10:52:28 +0100 Subject: [PATCH 1398/1548] Update mbedtls_ssl_handshake() documentation Signed-off-by: Ronald Cron --- include/mbedtls/ssl.h | 7 ------- 1 file changed, 7 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1425896976..8f58b3e9c0 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4788,13 +4788,6 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * supported with some limitations (those limitations do * not apply to DTLS, where defragmentation is fully * supported): - * - On an Mbed TLS server that only accepts TLS 1.2, - * the initial ClientHello message must not be fragmented. - * A TLS 1.2 ClientHello may be fragmented if the server - * also accepts TLS 1.3 connections (meaning - * that #MBEDTLS_SSL_PROTO_TLS1_3 enabled, and the - * accepted versions have not been restricted with - * mbedtls_ssl_conf_max_tls_version() or the like). * - The first fragment of a handshake message must be * at least 4 bytes long. * - Non-handshake records must not be interleaved between From a5f45bb93578c668a2547a28bfeacf72f757a410 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 13 Feb 2026 11:03:13 +0100 Subject: [PATCH 1399/1548] Add change log Signed-off-by: Ronald Cron --- ChangeLog.d/dtls-client-hello-defragmentation.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/dtls-client-hello-defragmentation.txt diff --git a/ChangeLog.d/dtls-client-hello-defragmentation.txt b/ChangeLog.d/dtls-client-hello-defragmentation.txt new file mode 100644 index 0000000000..f5ff0b754c --- /dev/null +++ b/ChangeLog.d/dtls-client-hello-defragmentation.txt @@ -0,0 +1,5 @@ +Bugfix + * Support re-assembly of fragmented DTLS 1.2 ClientHello in Mbed TLS server. + * Support re-assembly of fragmented TLS 1.2 ClientHello in Mbed TLS server + even if TLS 1.3 support is disabled. This removes the main limitation on + support for re-assembly of fragmented handshake messages in TLS 1.2. From 53dd7d0dce5e16d21fd2bcb4e5454c6533590360 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 23 Feb 2026 14:09:13 +0100 Subject: [PATCH 1400/1548] ssl_tls12_server.c: Update hs status after some validations of the ClientHello Signed-off-by: Ronald Cron --- library/ssl_tls12_server.c | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 36d15c50a7..54fb8669ae 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -881,12 +881,6 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) return ret; } - ret = mbedtls_ssl_update_handshake_status(ssl); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_update_handshake_status"), ret); - return ret; - } - buf = ssl->in_msg; msg_len = ssl->in_hslen; @@ -1092,6 +1086,21 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) ext_len = 0; } + /* + * Update the handshake checksum after performing preliminary + * validation of the ClientHello and before parsing its extensions. + * + * The checksum must be updated before parsing the extensions because + * ssl_parse_session_ticket_ext() may decrypt the ticket in place and + * therefore modify the ClientHello message. This occurs when using + * the Mbed TLS ssl_ticket.c implementation. + */ + ret = mbedtls_ssl_update_handshake_status(ssl); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_update_handshake_status"), ret); + return ret; + } + ext = buf + ext_offset + 2; MBEDTLS_SSL_DEBUG_BUF(3, "client hello extensions", ext, ext_len); @@ -1233,7 +1242,11 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_SESSION_TICKETS) case MBEDTLS_TLS_EXT_SESSION_TICKET: MBEDTLS_SSL_DEBUG_MSG(3, ("found session ticket extension")); - + /* + * If the Mbed TLS ssl_ticket.c implementation is used, the + * ticket is decrypted in place. This modifies the ClientHello + * message in the input buffer. + */ ret = ssl_parse_session_ticket_ext(ssl, ext + 4, ext_size); if (ret != 0) { return ret; From 64898a5e5caff176d9f70bdde4bacd3f7d9e9c0a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 25 Feb 2026 08:40:28 +0100 Subject: [PATCH 1401/1548] Add warning in mbedtls_ssl_context_save/load documentation Signed-off-by: Ronald Cron --- include/mbedtls/ssl.h | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 6b98ad4584..d0114240b0 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5138,6 +5138,27 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl); * * \see mbedtls_ssl_context_load() * + * \warning The serialized data contains highly sensitive material, + * including the master secret from which the session's traffic + * keys are derived. + * + * The serialized data is not cryptographically protected. + * It is the responsibility of the user of the + * mbedtls_ssl_context_save() and + * mbedtls_ssl_context_load() APIs to ensure both its + * confidentiality and integrity while stored or transported. + * + * A breach of confidentiality could result in full compromise + * of the associated TLS session, including loss of + * confidentiality and integrity of past and future + * application data protected under that session. + * + * A breach of integrity may allow modification of the + * serialized data prior to restoration. As it represents + * trusted internal context, tampering could potentially result + * in arbitrary code execution or other severe compromise of + * the hosting process. + * \note The serialized data only contains the data that is * necessary to resume the connection: negotiated protocol * options, session identifier, keys, etc. @@ -5204,6 +5225,27 @@ int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl, * more than one context would cause severe security failures * including but not limited to loss of confidentiality. * + * \warning The serialized data contains highly sensitive material, + * including the master secret from which the session's traffic + * keys are derived. + * + * The serialized data is not cryptographically protected. + * It is the responsibility of the user of the + * mbedtls_ssl_context_save() and + * mbedtls_ssl_context_load() APIs to ensure both its + * confidentiality and integrity while stored or transported. + * + * A breach of confidentiality could result in full compromise + * of the associated TLS session, including loss of + * confidentiality and integrity of past and future + * application data protected under that session. + * + * A breach of integrity may allow modification of the + * serialized data prior to restoration. As it represents + * trusted internal context, tampering could potentially result + * in arbitrary code execution or other severe compromise of + * the hosting process. + * * \note Before calling this function, the SSL context must be * prepared in one of the two following ways. The first way is * to take a context freshly initialised with From d5d7131eb5f0e9f66d17e65829fa3028d47e50a9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 25 Feb 2026 09:04:08 +0100 Subject: [PATCH 1402/1548] Add warning in mbedtls_ssl_session_load/save documentation Signed-off-by: Ronald Cron --- include/mbedtls/ssl.h | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index d0114240b0..fac87623af 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3156,6 +3156,27 @@ int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session * On server, this can be used for alternative implementations * of session cache or session tickets. * + * \warning The serialized data contains highly sensitive material, + * including a resumption key (TLS 1.3) or the master secret + * (TLS 1.2) from which the session's traffic keys are derived. + * + * The serialized data is not cryptographically protected. + * It is the responsibility of the user of the + * mbedtls_ssl_session_save() and + * mbedtls_ssl_session_load() APIs to ensure both its + * confidentiality and integrity while stored or transported. + * + * A breach of confidentiality could result in full compromise + * of the associated TLS session, including loss of + * confidentiality and integrity of past and future + * application data protected under that session. + * + * A breach of integrity may allow modification of the + * serialized data prior to restoration. As it represents + * trusted internal context, tampering could potentially result + * in arbitrary code execution or other severe compromise of + * the hosting process. + * * \warning If a peer certificate chain is associated with the session, * the serialized state will only contain the peer's * end-entity certificate and the result of the chain @@ -3194,6 +3215,27 @@ int mbedtls_ssl_session_load(mbedtls_ssl_session *session, * * \see mbedtls_ssl_session_load() * + * \warning The serialized data contains highly sensitive material, + * including a resumption key (TLS 1.3) or the master secret + * (TLS 1.2) from which the session's traffic keys are derived. + * + * The serialized data is not cryptographically protected. + * It is the responsibility of the user of the + * mbedtls_ssl_session_save() and + * mbedtls_ssl_session_load() APIs to ensure both its + * confidentiality and integrity while stored or transported. + * + * A breach of confidentiality could result in full compromise + * of the associated TLS session, including loss of + * confidentiality and integrity of past and future + * application data protected under that session. + * + * A breach of integrity may allow modification of the + * serialized data prior to restoration. As it represents + * trusted internal context, tampering could potentially result + * in arbitrary code execution or other severe compromise of + * the hosting process. + * * \param session The session structure to be saved. * \param buf The buffer to write the serialized data to. It must be a * writeable buffer of at least \p buf_len bytes, or may be \c From 027ed1fef0fcd6450d8ba1c21e8fc86d40e6ee4b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 25 Feb 2026 18:56:12 +0100 Subject: [PATCH 1403/1548] Reduce duplication between save/load documentations Signed-off-by: Ronald Cron --- include/mbedtls/ssl.h | 24 ++++-------------------- 1 file changed, 4 insertions(+), 20 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index fac87623af..1fa66f00c8 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3225,16 +3225,8 @@ int mbedtls_ssl_session_load(mbedtls_ssl_session *session, * mbedtls_ssl_session_load() APIs to ensure both its * confidentiality and integrity while stored or transported. * - * A breach of confidentiality could result in full compromise - * of the associated TLS session, including loss of - * confidentiality and integrity of past and future - * application data protected under that session. - * - * A breach of integrity may allow modification of the - * serialized data prior to restoration. As it represents - * trusted internal context, tampering could potentially result - * in arbitrary code execution or other severe compromise of - * the hosting process. + * See the mbedtls_ssl_session_load() documentation for + * additional information. * * \param session The session structure to be saved. * \param buf The buffer to write the serialized data to. It must be a @@ -5190,17 +5182,9 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl); * mbedtls_ssl_context_load() APIs to ensure both its * confidentiality and integrity while stored or transported. * - * A breach of confidentiality could result in full compromise - * of the associated TLS session, including loss of - * confidentiality and integrity of past and future - * application data protected under that session. + * See the mbedtls_ssl_context_load() documentation for + * additional information. * - * A breach of integrity may allow modification of the - * serialized data prior to restoration. As it represents - * trusted internal context, tampering could potentially result - * in arbitrary code execution or other severe compromise of - * the hosting process. - * \note The serialized data only contains the data that is * necessary to resume the connection: negotiated protocol * options, session identifier, keys, etc. From 75b8b0f4d95d6c1520c7ec0016ecbc18cde95e8e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 17 Feb 2026 10:46:42 +0100 Subject: [PATCH 1404/1548] Add unit test with TLS 1.2 nego after HRR Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.data | 3 + tests/suites/test_suite_ssl.function | 154 +++++++++++++++++++++++++++ 2 files changed, 157 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index b05de38509..be7aa90bf0 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3367,3 +3367,6 @@ ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_3:1:MBEDTLS_SSL_SERVER_CERTI TLS fatal alert getter ssl_get_alert_after_fatal + +TLS 1.3 - HRR then TLS 1.2 second ClientHello +tls13_hrr_then_tls12_second_client_hello diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 628a183853..d438f230c4 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5981,3 +5981,157 @@ exit: USE_PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_HAS_TLS1_3_CHACHA20_POLY1305_SHA256:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ +void tls13_hrr_then_tls12_second_client_hello() +{ + int ret = -1; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_test_ssl_endpoint client_ep, server_ep; + memset(&client_ep, 0, sizeof(client_ep)); + memset(&server_ep, 0, sizeof(server_ep)); + mbedtls_test_handshake_test_options client_options; + mbedtls_test_handshake_test_options server_options; + mbedtls_ssl_session saved_session; + uint16_t group_list[3] = { + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, + MBEDTLS_SSL_IANA_TLS_GROUP_NONE + }; + const int tls12_ciphersuite_list[2] = { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + 0 + }; + + mbedtls_test_init_handshake_options(&client_options); + mbedtls_test_init_handshake_options(&server_options); + mbedtls_ssl_session_init(&saved_session); + + PSA_INIT(); + + /* + * Run first handshake to get a ticket from the server. + */ + client_options.pk_alg = MBEDTLS_PK_ECDSA; + client_options.group_list = group_list; + client_options.cipher = "TLS1-3-CHACHA20-POLY1305-SHA256"; + server_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.group_list = group_list; + + ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, + &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Prepare for handshake with the ticket. + */ + /* Remove the group SECP256R1 fron the list of groups supported by the + * server such that it sends an HRR in response to the ClientHello. + */ + server_options.group_list = group_list + 1; + + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, + &client_options); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, + &server_options); + TEST_EQUAL(ret, 0); + + mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, + mbedtls_test_ticket_write, + mbedtls_test_ticket_parse, + NULL); + + ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), + &(server_ep.socket), 1024); + TEST_EQUAL(ret, 0); + + ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Progress the handshake up to the point where the server has sent the + * HRR and the client as received and processed the server HRR but not + * written the second ClientHello in response to the HRR. + */ + ret = mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_HELLO_RETRY_REQUEST); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_move_handshake_to_state( + &(client_ep.ssl), &(server_ep.ssl), + MBEDTLS_SSL_CLIENT_HELLO); + TEST_EQUAL(ret, 0); + + #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + /* If the compatibility mode is enabled, filter the dummy change_cipher_spec + * record sent by the server after the HRR. Otherwise, as we have switched + * the client to TLS 1.2 it would fail when reading this record. + */ + ret = mbedtls_ssl_read_record(&(client_ep.ssl), 0); + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); + #endif + + /* + * Reset the client and tweak its configuration and context such as it + * resumes a TLS 1.2 session using an all-zeroes master secret as the + * server will when it receives the TLS 1.2 ClientHello. + * To be able to compute the Finished message the server will expect, we + * also initiate the handshake transcript by cloning the server current one. + * This transcript is the server's one after the call to + * `mbedtls_ssl_reset_transcript_for_hrr()`. It is computed only + * with the data of the first ClientHello thus a man-in-the-middle could + * compute it without having access to the server context. Here we use + * the server context just for convenience. + */ + + client_ep.ssl.tls_version = MBEDTLS_SSL_VERSION_TLS1_2; + mbedtls_ssl_conf_min_tls_version((mbedtls_ssl_config *) client_ep.ssl.conf, + MBEDTLS_SSL_VERSION_TLS1_2); + mbedtls_ssl_conf_max_tls_version((mbedtls_ssl_config *) client_ep.ssl.conf, + MBEDTLS_SSL_VERSION_TLS1_2); + mbedtls_ssl_conf_ciphersuites((mbedtls_ssl_config *) client_ep.ssl.conf, + tls12_ciphersuite_list); + + ret = mbedtls_ssl_session_reset(&(client_ep.ssl)); + + client_ep.ssl.handshake->resume = 1; + client_ep.ssl.session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; + memset(client_ep.ssl.session_negotiate->id, 0xa5, + sizeof(client_ep.ssl.session_negotiate->id)); + client_ep.ssl.session_negotiate->id_len = sizeof(client_ep.ssl.session_negotiate->id); + client_ep.ssl.session_negotiate->ciphersuite = + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256; + + status = psa_hash_abort(&client_ep.ssl.handshake->fin_sha256_psa); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_hash_clone(&server_ep.ssl.handshake->fin_sha256_psa, + &client_ep.ssl.handshake->fin_sha256_psa); + TEST_EQUAL(status, PSA_SUCCESS); + + /* + * Restart and complete the handshake. + */ + + ret = mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_move_handshake_to_state( + &(client_ep.ssl), &(server_ep.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER); + TEST_EQUAL(ret, 0); + +exit: + mbedtls_test_ssl_endpoint_free(&client_ep); + mbedtls_test_ssl_endpoint_free(&server_ep); + mbedtls_test_free_handshake_options(&client_options); + mbedtls_test_free_handshake_options(&server_options); + mbedtls_ssl_session_free(&saved_session); + PSA_DONE(); +} +/* END_CASE */ From f549fc7bdcc9b435236de5594bec0ed8e587988c Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 26 Feb 2026 11:57:17 +0000 Subject: [PATCH 1405/1548] Fix null pointer dereference in string to names In mbedtls_x509_string_to_names() we were not checking for allocation failures. An allocation failure would lead to a memcpy() to a null pointer address. Fix this by checking the result of the call to mbedtls_calloc() and returning MBEDTLS_ERR_X509_ALLOC_FAILED in the error case. Signed-off-by: David Horstmann --- library/x509_create.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/x509_create.c b/library/x509_create.c index 370eb9b2e1..e424cbb47c 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -487,6 +487,9 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam } else { oid.len = strlen(attr_descr->oid); oid.p = mbedtls_calloc(1, oid.len); + if (oid.p == NULL) { + return MBEDTLS_ERR_X509_ALLOC_FAILED; + } memcpy(oid.p, attr_descr->oid, oid.len); numericoid = 0; } From 2acb9a2e7b4ed18aaa32d4ce65f90279e94455d5 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 26 Feb 2026 14:04:40 +0000 Subject: [PATCH 1406/1548] Add ChangeLog entry for NULL dereference fix Signed-off-by: David Horstmann --- ChangeLog.d/fix-null-pointer-dereference.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/fix-null-pointer-dereference.txt diff --git a/ChangeLog.d/fix-null-pointer-dereference.txt b/ChangeLog.d/fix-null-pointer-dereference.txt new file mode 100644 index 0000000000..1eb3c416a8 --- /dev/null +++ b/ChangeLog.d/fix-null-pointer-dereference.txt @@ -0,0 +1,4 @@ +Security + * Fix a NULL pointer dereference in mbedtls_x509_string_to_names() when + mbedtls_calloc() fails to allocate memory. This was caused by failing to + check whether mbedtls_calloc() returned NULL. From ed767bada9108fb7e15a1012f384a08e2cd637f2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 19 Feb 2026 18:11:19 +0100 Subject: [PATCH 1407/1548] tls13: Do not negotiate TLS 1.2 after an HRR Signed-off-by: Ronald Cron --- library/ssl_tls13_server.c | 10 +++++- tests/suites/test_suite_ssl.function | 47 +++++++++------------------- 2 files changed, 23 insertions(+), 34 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 982e6f8c3b..b0e22230aa 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1948,6 +1948,9 @@ static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) /* * Version 1.2 of the protocol has to be used for the handshake. + * If we have sent an HRR, then the second ClientHello is inconsistent + * with the first one and we abort the handshake with an `illegal_parameter` + * fatal alert. * If TLS 1.2 is not supported, abort the handshake. Otherwise, set the * ssl->keep_current_message flag for the ClientHello to be kept and parsed * as a TLS 1.2 ClientHello. We also change ssl->tls_version to @@ -1955,7 +1958,12 @@ static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) * will dispatch to the TLS 1.2 state machine. */ if (SSL_CLIENT_HELLO_TLS1_2 == parse_client_hello_ret) { - /* Check if server supports TLS 1.2 */ + if (ssl->handshake->hello_retry_request_flag) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Non compliant 2nd ClientHello, TLS 1.2 version")); + MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; + } if (!mbedtls_ssl_conf_is_tls12_enabled(ssl->conf)) { MBEDTLS_SSL_DEBUG_MSG( 1, ("TLS 1.2 not supported.")); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index d438f230c4..a42ff8b964 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5982,17 +5982,18 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_HAS_TLS1_3_CHACHA20_POLY1305_SHA256:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_HAS_TLS1_3_CHACHA20_POLY1305_SHA256:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_DEBUG_C */ void tls13_hrr_then_tls12_second_client_hello() { int ret = -1; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_test_ssl_endpoint client_ep, server_ep; memset(&client_ep, 0, sizeof(client_ep)); memset(&server_ep, 0, sizeof(server_ep)); mbedtls_test_handshake_test_options client_options; mbedtls_test_handshake_test_options server_options; mbedtls_ssl_session saved_session; + mbedtls_test_ssl_log_pattern server_pattern = + { "Non compliant 2nd ClientHello, TLS 1.2 version", 0 }; uint16_t group_list[3] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, @@ -6034,6 +6035,8 @@ void tls13_hrr_then_tls12_second_client_hello() &client_options); TEST_EQUAL(ret, 0); + server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; + server_options.srv_log_obj = &server_pattern; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, &server_options); TEST_EQUAL(ret, 0); @@ -6075,16 +6078,8 @@ void tls13_hrr_then_tls12_second_client_hello() #endif /* - * Reset the client and tweak its configuration and context such as it - * resumes a TLS 1.2 session using an all-zeroes master secret as the - * server will when it receives the TLS 1.2 ClientHello. - * To be able to compute the Finished message the server will expect, we - * also initiate the handshake transcript by cloning the server current one. - * This transcript is the server's one after the call to - * `mbedtls_ssl_reset_transcript_for_hrr()`. It is computed only - * with the data of the first ClientHello thus a man-in-the-middle could - * compute it without having access to the server context. Here we use - * the server context just for convenience. + * Reset the client and force it to TLS 1.2 so that it sends a TLS 1.2 + * ClientHello. */ client_ep.ssl.tls_version = MBEDTLS_SSL_VERSION_TLS1_2; @@ -6097,34 +6092,20 @@ void tls13_hrr_then_tls12_second_client_hello() ret = mbedtls_ssl_session_reset(&(client_ep.ssl)); - client_ep.ssl.handshake->resume = 1; - client_ep.ssl.session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - memset(client_ep.ssl.session_negotiate->id, 0xa5, - sizeof(client_ep.ssl.session_negotiate->id)); - client_ep.ssl.session_negotiate->id_len = sizeof(client_ep.ssl.session_negotiate->id); - client_ep.ssl.session_negotiate->ciphersuite = - MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256; - - status = psa_hash_abort(&client_ep.ssl.handshake->fin_sha256_psa); - TEST_EQUAL(status, PSA_SUCCESS); - - status = psa_hash_clone(&server_ep.ssl.handshake->fin_sha256_psa, - &client_ep.ssl.handshake->fin_sha256_psa); - TEST_EQUAL(status, PSA_SUCCESS); - /* - * Restart and complete the handshake. + * Restart and try to complete the handshake on server side which is + * expected to fail early. */ + mbedtls_debug_set_threshold(1); ret = mbedtls_test_move_handshake_to_state( &(server_ep.ssl), &(client_ep.ssl), MBEDTLS_SSL_HANDSHAKE_OVER); - TEST_EQUAL(ret, 0); + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - ret = mbedtls_test_move_handshake_to_state( - &(client_ep.ssl), &(server_ep.ssl), - MBEDTLS_SSL_HANDSHAKE_OVER); - TEST_EQUAL(ret, 0); + TEST_EQUAL(server_pattern.counter, 1); + TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); + TEST_EQUAL(server_ep.ssl.state, MBEDTLS_SSL_CLIENT_HELLO); exit: mbedtls_test_ssl_endpoint_free(&client_ep); From 8731587e41379e8ea5cd7ddda7e418059947ed7a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 26 Feb 2026 12:06:19 +0100 Subject: [PATCH 1408/1548] tls13: Commit to session resume only when we actually do it Signed-off-by: Ronald Cron --- library/ssl_tls13_server.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index b0e22230aa..19aa0e6b32 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1755,6 +1755,11 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } + if (handshake->key_exchange_mode != + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) { + hrr_required = (no_usable_share_for_key_agreement != 0); + } + #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) if (handshake->key_exchange_mode & MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL) { @@ -1765,17 +1770,12 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, ((unsigned) psk.ciphersuite_info->id), psk.ciphersuite_info->name)); - if (psk.type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) { + if (psk.type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION && (!hrr_required)) { handshake->resume = 1; } } #endif - if (handshake->key_exchange_mode != - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) { - hrr_required = (no_usable_share_for_key_agreement != 0); - } - mbedtls_ssl_optimize_checksum(ssl, handshake->ciphersuite_info); return hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK; From 29d00fa8613033fafe27cd4c3dafa0e8360cb003 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 29 Jan 2026 16:20:19 +0100 Subject: [PATCH 1409/1548] Create a mbedtls_common.h for the project We already have `x509_internal.h` which is common to all parts of the X.509 library, and `ssl_misc.h` which is common to all parts of the TLS library. Also create `mbedtls_common.h` which is for the Mbed TLS project as a whole. Signed-off-by: Gilles Peskine --- library/mbedtls_common.h | 17 +++++++++++++++++ library/mbedtls_config.c | 4 ++++ library/ssl_misc.h | 2 +- library/x509_internal.h | 2 +- 4 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 library/mbedtls_common.h diff --git a/library/mbedtls_common.h b/library/mbedtls_common.h new file mode 100644 index 0000000000..11d7c8249f --- /dev/null +++ b/library/mbedtls_common.h @@ -0,0 +1,17 @@ +/** + * \file mbedtls_common.h + * + * \brief Utility macros for internal use in the library + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef MBEDTLS_MBEDTLS_COMMON_H +#define MBEDTLS_MBEDTLS_COMMON_H + +/* Mbed TLS requires TF-PSA-Crypto internals. */ +#include "tf_psa_crypto_common.h" + +#endif /* MBEDTLS_MBEDTLS_COMMON_H */ diff --git a/library/mbedtls_config.c b/library/mbedtls_config.c index a3deae3152..48be660015 100644 --- a/library/mbedtls_config.c +++ b/library/mbedtls_config.c @@ -6,6 +6,10 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +/* We are a special snowflake: we don't include "mbedtls_common.h", + * because that would pull and we need to + * tune the way it works. */ + /* Apply the TF-PSA-Crypto configuration first. We need to do this * before , because "mbedtls_config_check_before.h" * needs to run after the crypto config (including derived macros) is diff --git a/library/ssl_misc.h b/library/ssl_misc.h index f8c03dfa2f..5f8980a20e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -10,7 +10,7 @@ #ifndef MBEDTLS_SSL_MISC_H #define MBEDTLS_SSL_MISC_H -#include "tf_psa_crypto_common.h" +#include "mbedtls_common.h" #include "mbedtls/build_info.h" #include "mbedtls/error.h" diff --git a/library/x509_internal.h b/library/x509_internal.h index ea3aeb6351..fcb996b19d 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -10,7 +10,7 @@ #ifndef MBEDTLS_X509_INTERNAL_H #define MBEDTLS_X509_INTERNAL_H -#include "tf_psa_crypto_common.h" +#include "mbedtls_common.h" #include "mbedtls/build_info.h" #include "mbedtls/private_access.h" From 3a988859504cd3f6b4a379560837a81356d4ffab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 29 Jan 2026 16:25:15 +0100 Subject: [PATCH 1410/1548] Create a header to declare platform requirements On some platforms, the system headers expose different interfaces depending on what macros are defined, for example to provide different standards compliance level. Create a common place where we can declare such macros, so that our code can behave in the same way when it's in different files. Individual .c files can still override these requirements by defining macros before including the common header, if it's really necessary. Signed-off-by: Gilles Peskine --- library/mbedtls_common.h | 10 ++++++++++ library/mbedtls_platform_requirements.h | 18 ++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 library/mbedtls_platform_requirements.h diff --git a/library/mbedtls_common.h b/library/mbedtls_common.h index 11d7c8249f..2aacfcbc22 100644 --- a/library/mbedtls_common.h +++ b/library/mbedtls_common.h @@ -11,6 +11,16 @@ #ifndef MBEDTLS_MBEDTLS_COMMON_H #define MBEDTLS_MBEDTLS_COMMON_H +/* Before including any system header, declare some macros to tell system + * headers what we expect of them. + * + * Do this before including any header from TF-PSA-Crypto, since the + * convention is first-come-first-served (so that users can + * override some macros on the command line, and individual users can + * override some macros before including the common header). + */ +#include "mbedtls_platform_requirements.h" + /* Mbed TLS requires TF-PSA-Crypto internals. */ #include "tf_psa_crypto_common.h" diff --git a/library/mbedtls_platform_requirements.h b/library/mbedtls_platform_requirements.h new file mode 100644 index 0000000000..f6dd4ce4aa --- /dev/null +++ b/library/mbedtls_platform_requirements.h @@ -0,0 +1,18 @@ +/** + * \file mbedtls_platform_requirements.h + * + * \brief Declare macros that tell system headers what we expect of them. + * + * This file must be included before any system header, and so in particular + * before build_info.h (which includes the user config, which may include + * system headers). + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef MBEDTLS_MBEDTLS_PLATFORM_REQUIREMENTS_H +#define MBEDTLS_MBEDTLS_PLATFORM_REQUIREMENTS_H + +#endif /* MBEDTLS_MBEDTLS_PLATFORM_REQUIREMENTS_H */ From 7af09b4f219583973364df691b10f060031ae544 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 26 Jan 2026 17:45:48 +0100 Subject: [PATCH 1411/1548] Add a few more test cases for printf formats Signed-off-by: Gilles Peskine --- tests/suites/test_suite_debug.data | 34 ++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index 3d72056528..d9a5c5c2ed 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -1,12 +1,46 @@ printf "%" MBEDTLS_PRINTF_SIZET, 0 printf_int_expr:PRINTF_SIZET:sizeof(size_t):0:"0" +printf "%" MBEDTLS_PRINTF_SIZET, 1 byte +printf_int_expr:PRINTF_SIZET:sizeof(size_t):42:"42" + +printf "%" MBEDTLS_PRINTF_SIZET, 4 bytes +printf_int_expr:PRINTF_SIZET:sizeof(size_t):0xfedcba98:"4275878552" + +printf "%" MBEDTLS_PRINTF_SIZET, 8 bytes +depends_on:SIZE_MAX>=0xffffffffffffffff +printf_int_expr:PRINTF_SIZET:sizeof(size_t):0xfedcba9876543210:"18364758544493064720" + printf "%" MBEDTLS_PRINTF_LONGLONG, 0 printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0:"0" +printf "%" MBEDTLS_PRINTF_LONGLONG, 1 byte +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):42:"42" + +printf "%" MBEDTLS_PRINTF_LONGLONG, 4 bytes +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0xfedcba98:"4275878552" + +printf "%" MBEDTLS_PRINTF_LONGLONG, 8 bytes +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0x7edcba9876543210:"9141386507638288912" + +printf "%" MBEDTLS_PRINTF_LONGLONG, 8 bytes, negative +printf_int_expr:PRINTF_LONGLONG:sizeof(long long):-0x7edcba9876543210:"-9141386507638288912" + printf "%" MBEDTLS_PRINTF_MS_TIME, 0 printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0:"0" +printf "%" MBEDTLS_PRINTF_MS_TIME, 1 byte +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):42:"42" + +printf "%" MBEDTLS_PRINTF_MS_TIME, 4 bytes +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0xfedcba98:"4275878552" + +printf "%" MBEDTLS_PRINTF_MS_TIME, 8 bytes +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0x7edcba9876543210:"9141386507638288912" + +printf "%" MBEDTLS_PRINTF_MS_TIME, 8 bytes, negative +printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):-0x7edcba9876543210:"-9141386507638288912" + Debug print msg (threshold 1, level 0) debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n" From 3c67824964cc7a64eb919d98585ec412d1f5a5b3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 17 Feb 2026 17:08:12 +0100 Subject: [PATCH 1412/1548] test_suite_debug: test the printf used by debug.c In `test_suite_debug`, test `mbedtls_debug_snprintf()`, which uses `mbedtls_vsnprintf()` like `mbedtls_debug_print_msg()`. Do this instead of testing `mbedtls_snprintf()`, which might be subtly different (older Windows runtimes had slightly different behavior for vsnprintf() vs snprintf(); TF-PSA-Crypto might pick up a different function if the platform configuration is different in TF-PSA-Crypto and Mbed TLS). Signed-off-by: Gilles Peskine --- library/debug.c | 10 ++++++++++ library/debug_internal.h | 13 +++++++++++++ tests/suites/test_suite_debug.function | 6 +++--- 3 files changed, 26 insertions(+), 3 deletions(-) diff --git a/library/debug.c b/library/debug.c index e622ac9ed4..c27d15d12e 100644 --- a/library/debug.c +++ b/library/debug.c @@ -21,6 +21,16 @@ /* DEBUG_BUF_SIZE must be at least 2 */ #define DEBUG_BUF_SIZE 512 +int mbedtls_debug_snprintf(char *dest, size_t maxlen, + const char *format, ...) +{ + va_list argp; + va_start(argp, format); + int ret = mbedtls_vsnprintf(dest, maxlen, format, argp); + va_end(argp); + return ret; +} + static int debug_threshold = 0; void mbedtls_debug_set_threshold(int threshold) diff --git a/library/debug_internal.h b/library/debug_internal.h index d09e492094..2b869450f6 100644 --- a/library/debug_internal.h +++ b/library/debug_internal.h @@ -12,6 +12,19 @@ #include "mbedtls/debug.h" +/* This should be equivalent to mbedtls_snprintf(). But it might not be due + * to platform shenanigans. For example, Mbed TLS and TF-PSA-Crypto could + * have inconsistent platform definitions. On Mingw, some code might + * be built with a different setting of __USE_MINGW_ANSI_STDIO, resulting + * in an old non-C99 printf being used somewhere. + * + * Our library assumes that mbedtls_snprintf() and other printf functions + * are consistent throughout. This function is not an official API and + * is not meant to be used inside the library. It is provided to help + * debugging printf inconsistencies issues. If you need it, good luck! + */ +int mbedtls_debug_snprintf(char *dest, size_t maxlen, + const char *format, ...) MBEDTLS_PRINTF_ATTRIBUTE(3, 4); /** * \brief Print a message to the debug output. This function is always used * through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 05b0112b93..2d5e5619b6 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -116,11 +116,11 @@ void printf_int_expr(int format_indicator, intmax_t sizeof_x, intmax_t x, char * /* Nominal case: buffer just large enough */ TEST_CALLOC(output, n + 1); if ((size_t) sizeof_x <= sizeof(int)) { // Any smaller integers would be promoted to an int due to calling a vararg function - TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (int) x)); + TEST_EQUAL(n, mbedtls_debug_snprintf(output, n + 1, format, (int) x)); } else if (sizeof_x == sizeof(long)) { - TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (long) x)); + TEST_EQUAL(n, mbedtls_debug_snprintf(output, n + 1, format, (long) x)); } else if (sizeof_x == sizeof(long long)) { - TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (long long) x)); + TEST_EQUAL(n, mbedtls_debug_snprintf(output, n + 1, format, (long long) x)); } else { TEST_FAIL( "sizeof_x <= sizeof(int) || sizeof_x == sizeof(long) || sizeof_x == sizeof(long long)"); From cdf3b0a535ba3dab4f72c754c512333883ca1bf7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 30 Jan 2026 20:39:10 +0100 Subject: [PATCH 1413/1548] MingW: insist on standard-compliant printf() and friends Always activate `__USE_MINGW_ANSI_STDIO` unless overridden on the command line. This is necessary with older versions of MingW and/or Windows, where snprintf does not always zero-terminate the buffer, and does not support formats such as `"%zu"` for size_t and `"%lld"` for long long. Simplify debug.h accordingly. The macros `MBEDTLS_PRINTF_SIZET`, `MBEDTLS_PRINTF_SIZET_HAX` and `MBEDTLS_PRINTF_LONGLONG` are no longer needed, but they are still used in our code base and must stay in debug.h for backward compatibility. Signed-off-by: Gilles Peskine --- include/mbedtls/debug.h | 35 +++++++------------------ library/mbedtls_platform_requirements.h | 14 ++++++++++ 2 files changed, 24 insertions(+), 25 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 87ea6c3150..b8273bc757 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -59,10 +59,10 @@ */ #if defined(__has_attribute) #if __has_attribute(format) -#if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 +#if defined(__MINGW32__) #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ __attribute__((__format__(gnu_printf, string_index, first_to_check))) -#else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */ +#else /* defined(__MINGW32__) */ #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \ __attribute__((format(printf, string_index, first_to_check))) #endif @@ -73,30 +73,15 @@ #define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) #endif -/** - * \def MBEDTLS_PRINTF_SIZET - * - * MBEDTLS_PRINTF_xxx: Due to issues with older window compilers - * and MinGW we need to define the printf specifier for size_t - * and long long per platform. - * - * Module: library/debug.c - * Caller: - * - * This module provides debugging functions. +/* Legacy definitions, kept for backward compatibility. + * Since Mbed TLS 4.1, the standard specifiers are always valid. + * We still define the macros because they're part of the Mbed TLS 4.0 API. + * In the library and test code, keep using them for code that's backported + * to 3.6. */ -#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) - #include - #define MBEDTLS_PRINTF_SIZET PRIuPTR - #define MBEDTLS_PRINTF_SIZET_HEX PRIxPTR - #define MBEDTLS_PRINTF_LONGLONG "I64d" -#else \ - /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */ - #define MBEDTLS_PRINTF_SIZET "zu" - #define MBEDTLS_PRINTF_SIZET_HEX "zx" - #define MBEDTLS_PRINTF_LONGLONG "lld" -#endif \ - /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1900) */ +#define MBEDTLS_PRINTF_SIZET "zu" +#define MBEDTLS_PRINTF_SIZET_HEX "zx" +#define MBEDTLS_PRINTF_LONGLONG "lld" #if !defined(MBEDTLS_PRINTF_MS_TIME) #include diff --git a/library/mbedtls_platform_requirements.h b/library/mbedtls_platform_requirements.h index f6dd4ce4aa..c86204e6fa 100644 --- a/library/mbedtls_platform_requirements.h +++ b/library/mbedtls_platform_requirements.h @@ -15,4 +15,18 @@ #ifndef MBEDTLS_MBEDTLS_PLATFORM_REQUIREMENTS_H #define MBEDTLS_MBEDTLS_PLATFORM_REQUIREMENTS_H +/* On Mingw-w64, force the use of a C99-compliant printf() and friends. + * This is necessary on older versions of Mingw and/or Windows runtimes + * where snprintf does not always zero-terminate the buffer, and does + * not support formats such as "%zu" for size_t and "%lld" for long long. + * + * Defining __USE_MINGW_ANSI_STDIO=0 may work and provide a small code size + * and performance benefit for some combinations of older Mingw and Windows + * versions. Do this at your own risk and make sure that least + * test_suite_debug passes. + */ +#if !defined(__USE_MINGW_ANSI_STDIO) +#define __USE_MINGW_ANSI_STDIO 1 +#endif + #endif /* MBEDTLS_MBEDTLS_PLATFORM_REQUIREMENTS_H */ From 64ff7fc1dcd1354479664d6a42e83ea098eeaad2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 20 Feb 2026 17:54:06 +0100 Subject: [PATCH 1414/1548] Stop using MBEDTLS_PRINTF_SIZET Since Mbed TLS 3.6.0, all officially supported versions of Visual Studio a printf function family that is sufficiently compliant to C99 for our purposes, in particular supporting `%zu` for `size_t`. The only platform without `%zu` that we semi-officially support is older versions of MinGW, still used in our CI. MinGW provides either a Windows legacy printf or a standards-compliant printf depending on the value of `__USE_MINGW_ANSI_STDIO` when compiling each C file. Force the use of the compliant version. Don't rely on `MBEDTLS_PRINTF_SIZET`, which is defined in `` and no longer considers the Windows legacy version in Mbed TLS >= 4.1. Signed-off-by: Gilles Peskine --- programs/ssl/ssl_client2.c | 8 ++------ programs/ssl/ssl_context_info.c | 9 +++++++++ programs/ssl/ssl_server2.c | 2 -- programs/ssl/ssl_test_lib.h | 11 +++++++++++ programs/test/selftest.c | 12 ++++++++++-- 5 files changed, 32 insertions(+), 10 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index cb316706b7..fc00473cfc 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -5,14 +5,8 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#include "mbedtls/private/pk_private.h" - #include "ssl_test_lib.h" -#include "test/psa_crypto_helpers.h" - #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) int main(void) { @@ -27,6 +21,8 @@ int main(void) } #else /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */ +#include "test/psa_crypto_helpers.h" + /* Size of memory to be allocated for the heap, when using the library's memory * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ #define MEMORY_HEAP_SIZE 120000 diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 8310bd21f3..9d7fb99e09 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -5,6 +5,15 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +/* On Mingw-w64, force the use of a C99-compliant printf() and friends. + * This is necessary on older versions of Mingw and/or Windows runtimes + * where snprintf does not always zero-terminate the buffer, and does + * not support formats such as "%zu" for size_t and "%lld" for long long. + */ +#if !defined(__USE_MINGW_ANSI_STDIO) +#define __USE_MINGW_ANSI_STDIO 1 +#endif + #include "mbedtls/build_info.h" #include "mbedtls/debug.h" #include "mbedtls/platform.h" diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 0ae2f79303..79cbad877d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include "ssl_test_lib.h" #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 62da9e92c8..491da1dd5f 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -8,6 +8,17 @@ #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H #define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H +/* On Mingw-w64, force the use of a C99-compliant printf() and friends. + * This is necessary on older versions of Mingw and/or Windows runtimes + * where snprintf does not always zero-terminate the buffer, and does + * not support formats such as "%zu" for size_t and "%lld" for long long. + */ +#if !defined(__USE_MINGW_ANSI_STDIO) +#define __USE_MINGW_ANSI_STDIO 1 +#endif + +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include "mbedtls/private/pk_private.h" #include "mbedtls/build_info.h" diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 7312edf690..51cd45f026 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -5,6 +5,15 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +/* On Mingw-w64, force the use of a C99-compliant printf() and friends. + * This is necessary on older versions of Mingw and/or Windows runtimes + * where snprintf does not always zero-terminate the buffer, and does + * not support formats such as "%zu" for size_t and "%lld" for long long. + */ +#if !defined(__USE_MINGW_ANSI_STDIO) +#define __USE_MINGW_ANSI_STDIO 1 +#endif + #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/build_info.h" @@ -441,8 +450,7 @@ int main(int argc, char *argv[]) } \ } else { \ mbedtls_printf("Padding checks only implemented for types of size 2, 4 or 8" \ - " - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET \ - "\n", \ + " - cannot check type '" #TYPE "' of size %zu\n", \ sizeof(TYPE)); \ mbedtls_exit(MBEDTLS_EXIT_FAILURE); \ } \ From 4ec9536339a8209720633a78c76f74d707976522 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Feb 2026 21:34:32 +0100 Subject: [PATCH 1415/1548] Temporarily force standard *printf functions on MingW On MingW, temporarily force the use of the standard versions of `snprintf()` and `vsnprintf()` (since we set `__USE_MINGW_ANSI_STDIO` in `mbedtls_platform_requirements.h`). Do not honor `platform.h` configuration, because with the current TF-PSA-Crypto, `MBEDTLS_PLATFORM_VSNPRINTF_ALT and `MBEDTLS_PLATFORM_SNPRINTF_ALT` are always enabled on MinGW, so what matters is the setting of `__USE_MINGW_ANSI_STDIO` when `platform.c` is built, and until https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/694, the legacy printf functions are used there. Revert this commit once the `tf-psa-crypto` module is updated with the merge of https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/694. Signed-off-by: Gilles Peskine --- library/debug.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/library/debug.c b/library/debug.c index c27d15d12e..59969070c4 100644 --- a/library/debug.c +++ b/library/debug.c @@ -21,6 +21,20 @@ /* DEBUG_BUF_SIZE must be at least 2 */ #define DEBUG_BUF_SIZE 512 +/* Temporary hack: on MingW, do not honor the platform.h configuration + * for snprintf and vsnprintf. Instead, force the native functions, + * which are the standard ones, not the Windows legacy ones. + * + * This hack should be removed once TF-PSA-Crypto has been updated to + * use the standard printf family. + */ +#if defined(__MINGW32__) +#undef mbedtls_snprintf +#define mbedtls_snprintf snprintf +#undef mbedtls_vsnprintf +#define mbedtls_vsnprintf vsnprintf +#endif + int mbedtls_debug_snprintf(char *dest, size_t maxlen, const char *format, ...) { From eb1328285ba28159e8d6f0f36eb76d120ae10fb4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 28 Feb 2026 11:54:57 +0000 Subject: [PATCH 1416/1548] Update framework with support for standard printf on MinGW Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 8ed11c99fe..e07b6643e8 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 8ed11c99fe9e6d4d96289ebc1e134949421be917 +Subproject commit e07b6643e8db5fe2fdc20be288b91a2194316862 From a3d55d9ec71a7366e581447d2b0495d8795a22df Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 2 Mar 2026 13:21:01 +0100 Subject: [PATCH 1417/1548] Document the purpose of mbedtls_common.h Signed-off-by: Gilles Peskine --- library/mbedtls_common.h | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/library/mbedtls_common.h b/library/mbedtls_common.h index 2aacfcbc22..ef8448e12b 100644 --- a/library/mbedtls_common.h +++ b/library/mbedtls_common.h @@ -1,7 +1,19 @@ /** * \file mbedtls_common.h * - * \brief Utility macros for internal use in the library + * \brief Utility macros for internal use in the library. + * + * This file should be included as the first thing in all library C files + * (directly, or indirectly via x509_internal.h or ssl_misc.h). + * It must not be included by sample programs, since sample programs + * illustrate what you can do without the library sources. + * It may be included (often indirectly) by test code that isn't purely + * black-box testing. + * + * This file takes care of setting up requirements for platform headers. + * It includes the library configuration and derived macros. + * It additionally defines various utility macros and other definitions + * (but no function declarations). */ /* * Copyright The Mbed TLS Contributors From 436f1e30ad3eab1032ddf6a31bff9d054b8b9479 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 2 Mar 2026 13:22:42 +0100 Subject: [PATCH 1418/1548] Include the config in mbedtls_commmon.h as promised Signed-off-by: Gilles Peskine --- library/mbedtls_common.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/mbedtls_common.h b/library/mbedtls_common.h index ef8448e12b..43dac8266b 100644 --- a/library/mbedtls_common.h +++ b/library/mbedtls_common.h @@ -33,6 +33,10 @@ */ #include "mbedtls_platform_requirements.h" +/* From this point onwards, ensure we have the library configuration and + * the configuration-derived macros. */ +#include + /* Mbed TLS requires TF-PSA-Crypto internals. */ #include "tf_psa_crypto_common.h" From 29192f0a00d1fbdc8e35f7e7dbe710b340cdb761 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 2 Mar 2026 13:23:50 +0100 Subject: [PATCH 1419/1548] Use the mbedtls_common.h in generated library .c files as well Signed-off-by: Gilles Peskine --- scripts/data_files/error.fmt | 4 ++-- scripts/data_files/version_features.fmt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 69bec9fe40..0d91ccbf32 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -1,11 +1,11 @@ -/* +/* -*-c-*- * Error message information * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "tf_psa_crypto_common.h" +#include "mbedtls_common.h" #include "mbedtls/error.h" diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt index fc71f5d777..4b28764a7e 100644 --- a/scripts/data_files/version_features.fmt +++ b/scripts/data_files/version_features.fmt @@ -1,11 +1,11 @@ -/* +/* -*-c-*- * Version feature information * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "ssl_misc.h" +#include "mbedtls_common.h" #if defined(MBEDTLS_VERSION_C) From 5d479d805028af50a939e57a87958253265057f5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 17 Feb 2026 17:16:48 +0100 Subject: [PATCH 1420/1548] Update tf-psa-crypto with unified Unix detection Signed-off-by: Gilles Peskine --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 4587e3f861..293cfe5ece 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 4587e3f861c29a8aa1439078aef4ed593d07a34b +Subproject commit 293cfe5eceed98a2ee75d5241a78657b466750c7 From e8dec9c0310adfb1be6795e17407136adcd70c76 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 16 Jan 2026 18:55:24 +0100 Subject: [PATCH 1421/1548] Unify the detection of Unix-like platforms We were using slightly different guards to decide whether to include `` in different places. Unify those. Signed-off-by: Gilles Peskine --- ChangeLog.d/unistd.txt | 3 +++ library/net_sockets.c | 4 +--- 2 files changed, 4 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/unistd.txt diff --git a/ChangeLog.d/unistd.txt b/ChangeLog.d/unistd.txt new file mode 100644 index 0000000000..d2e4d4301a --- /dev/null +++ b/ChangeLog.d/unistd.txt @@ -0,0 +1,3 @@ +Changes + * Tweak the detection of Unix-like platforms, which makes more system + interfaces (timing, threading) available on Haiku, QNX and Midipix. diff --git a/library/net_sockets.c b/library/net_sockets.c index ca70f3797b..25f06824cb 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -19,9 +19,7 @@ #if defined(MBEDTLS_NET_C) -#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \ - !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \ - !defined(__HAIKU__) && !defined(__midipix__) +#if !defined(MBEDTLS_PLATFORM_IS_UNIXLIKE) && !defined(_WIN32) #error "This module only works on Unix and Windows, see MBEDTLS_NET_C in mbedtls_config.h" #endif From 37fd7d52102bd6a75ad0a814f9775f70a36fb88c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 30 Jan 2026 18:06:56 +0100 Subject: [PATCH 1422/1548] Start from a clean baseline for C11 ext1 and POSIX features Define `_POSIX_C_SOURCE` and `_XOPEN_SOURCE` in a single place that applies everywhere, to make things simple. This may break some platforms that require special handling for POSIX functions and types. Subsequent commits will add platform-specific hacks as needed. Signed-off-by: Gilles Peskine --- library/mbedtls_platform_requirements.h | 14 ++++++++++++++ library/net_sockets.c | 10 ---------- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/library/mbedtls_platform_requirements.h b/library/mbedtls_platform_requirements.h index c86204e6fa..c4f959191f 100644 --- a/library/mbedtls_platform_requirements.h +++ b/library/mbedtls_platform_requirements.h @@ -15,6 +15,20 @@ #ifndef MBEDTLS_MBEDTLS_PLATFORM_REQUIREMENTS_H #define MBEDTLS_MBEDTLS_PLATFORM_REQUIREMENTS_H +#if !defined(_POSIX_C_SOURCE) +/* For standards-compliant access to + * getaddrinfo(), + * ... */ +#define _POSIX_C_SOURCE 200112L +#endif + +#if !defined(_XOPEN_SOURCE) +/* For standards-compliant access to + * sockaddr_storage, + * ... */ +#define _XOPEN_SOURCE 600 +#endif + /* On Mingw-w64, force the use of a C99-compliant printf() and friends. * This is necessary on older versions of Mingw and/or Windows runtimes * where snprintf does not always zero-terminate the buffer, and does diff --git a/library/net_sockets.c b/library/net_sockets.c index 25f06824cb..404ef761ae 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -5,16 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -/* Enable definition of getaddrinfo() even when compiling with -std=c99. Must - * be set before mbedtls_config.h, which pulls in glibc's features.h indirectly. - * Harmless on other platforms. */ -#ifndef _POSIX_C_SOURCE -#define _POSIX_C_SOURCE 200112L -#endif -#ifndef _XOPEN_SOURCE -#define _XOPEN_SOURCE 600 /* sockaddr_storage */ -#endif - #include "ssl_misc.h" #if defined(MBEDTLS_NET_C) From 037f3c62ff62faa6876c331cd6f3c3d622aef1eb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 21 Feb 2026 20:20:02 +0100 Subject: [PATCH 1423/1548] Tell MSVC to allow non-s functions where needed Signed-off-by: Gilles Peskine --- library/mbedtls_platform_requirements.h | 9 +++++++++ programs/ssl/ssl_test_lib.h | 9 +++++++++ programs/util/pem2der.c | 9 +++++++++ programs/x509/cert_req.c | 9 +++++++++ programs/x509/cert_write.c | 9 +++++++++ 5 files changed, 45 insertions(+) diff --git a/library/mbedtls_platform_requirements.h b/library/mbedtls_platform_requirements.h index c4f959191f..ad27fef450 100644 --- a/library/mbedtls_platform_requirements.h +++ b/library/mbedtls_platform_requirements.h @@ -43,4 +43,13 @@ #define __USE_MINGW_ANSI_STDIO 1 #endif +/* Tell MSVC that we're ok with using classic C functions even + * when an `_s` variant exist. For most functions, the improvements + * of the `_s` variants are of limited usefulness and not worth + * the portability headaches. + */ +#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + #endif /* MBEDTLS_MBEDTLS_PLATFORM_REQUIREMENTS_H */ diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 491da1dd5f..a9384d16df 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -17,6 +17,15 @@ #define __USE_MINGW_ANSI_STDIO 1 #endif +/* Tell MSVC that we're ok with using classic C functions even + * when an `_s` variant exist. For most functions, the improvements + * of the `_s` variants are of limited usefulness and not worth + * the portability headaches. + */ +#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + #define MBEDTLS_ALLOW_PRIVATE_ACCESS #include "mbedtls/private/pk_private.h" diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index 177365b87c..191988082f 100644 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -5,6 +5,15 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +/* Tell MSVC that we're ok with using classic C functions even + * when an `_s` variant exist. For most functions, the improvements + * of the `_s` variants are of limited usefulness and not worth + * the portability headaches. + */ +#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + #include "mbedtls/build_info.h" #include "mbedtls/platform.h" diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 0d7b5a1e6e..d6e22aaf8c 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -5,6 +5,15 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +/* Tell MSVC that we're ok with using classic C functions even + * when an `_s` variant exist. For most functions, the improvements + * of the `_s` variants are of limited usefulness and not worth + * the portability headaches. + */ +#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/build_info.h" diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index eb090fd051..8ff35f0c2f 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -5,6 +5,15 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +/* Tell MSVC that we're ok with using classic C functions even + * when an `_s` variant exist. For most functions, the improvements + * of the `_s` variants are of limited usefulness and not worth + * the portability headaches. + */ +#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS #include "mbedtls/build_info.h" From b38e28dbf00b72303781020580e4e7fbfe1ec21c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 4 Mar 2026 11:54:35 +0100 Subject: [PATCH 1424/1548] Make sure we declare TF-PSA-Crypto platform requirements before including system headers Signed-off-by: Gilles Peskine --- library/mbedtls_common.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/library/mbedtls_common.h b/library/mbedtls_common.h index 43dac8266b..188ae4692b 100644 --- a/library/mbedtls_common.h +++ b/library/mbedtls_common.h @@ -33,6 +33,14 @@ */ #include "mbedtls_platform_requirements.h" +/* Mbed TLS is tightly coupled with TF-PSA-Crypto, and inherits all of + * its platform requirements because we don't have a clear separation of + * public vs private platform interfaces. So make sure we declare the + * TF-PSA-Crypto platform requirements. We need to do that before including + * any system headers, thus before including the user config file since it + * may include platform headers. */ +#include "tf_psa_crypto_platform_requirements.h" + /* From this point onwards, ensure we have the library configuration and * the configuration-derived macros. */ #include From 68c44a4a9772ff6fb17f5db573eb00ff9fb77dfe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 5 Mar 2026 12:10:16 +0100 Subject: [PATCH 1425/1548] Update attribution to conform to contributor's request Signed-off-by: Gilles Peskine --- ChangeLog.d/inet_pton.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog.d/inet_pton.txt b/ChangeLog.d/inet_pton.txt index 526cd9be5f..22e6806556 100644 --- a/ChangeLog.d/inet_pton.txt +++ b/ChangeLog.d/inet_pton.txt @@ -1,4 +1,5 @@ Security * Fix a limited buffer underflow in x509_inet_pton_ipv6(). In rare cases (e.g. on platforms with memory protection when the overread crosses page - boundary) this could lead to DoS. Found and reported by Haruto Kimura. + boundary) this could lead to DoS. Found and reported by Haruto Kimura + (Stella). From ba5774387bd285f59b0d88750cd219259cdfcebe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 8 Mar 2026 20:30:08 +0100 Subject: [PATCH 1426/1548] Update framework with psasim serialise supporting unsigned and crypto dir reorg prep Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index e07b6643e8..9b92164c47 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit e07b6643e8db5fe2fdc20be288b91a2194316862 +Subproject commit 9b92164c47fdaecb2600b417733507e2a105c3a5 From 1ef64a73e4b67459029cbf3332ec1816675615c1 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 13 Feb 2026 17:01:19 +0100 Subject: [PATCH 1427/1548] programs: metatest: Remove include path duplication Signed-off-by: Ronald Cron --- programs/Makefile | 2 +- programs/test/CMakeLists.txt | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index 36679dcb0f..323e33ec56 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -199,7 +199,7 @@ endif test/metatest$(EXEXT): $(FRAMEWORK)/tests/programs/metatest.c $(DEP) echo " CC $(FRAMEWORK)/tests/programs/metatest.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core -I../tf-psa-crypto/drivers/builtin/include -I../tf-psa-crypto/drivers/builtin/src $(FRAMEWORK)/tests/programs/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core -I../tf-psa-crypto/drivers/builtin/src $(FRAMEWORK)/tests/programs/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ test/query_config.o: test/query_config.c $(FRAMEWORK)/tests/programs/query_config.h $(DEP) echo " CC test/query_config.c" diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 8a5d6ba822..1b371d30b9 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -103,8 +103,7 @@ foreach(exe IN LISTS executables) endforeach() target_include_directories(metatest - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/include - ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/src) + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/src) install(TARGETS ${executables} DESTINATION "bin" From ae822174766eeec502961c7e2b70a216a76cad08 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 14 Feb 2026 10:42:33 +0100 Subject: [PATCH 1428/1548] programs: metatest: Add tf-psa-crypto/platform as include dir Signed-off-by: Ronald Cron --- programs/Makefile | 2 +- programs/test/CMakeLists.txt | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index 323e33ec56..846361d788 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -199,7 +199,7 @@ endif test/metatest$(EXEXT): $(FRAMEWORK)/tests/programs/metatest.c $(DEP) echo " CC $(FRAMEWORK)/tests/programs/metatest.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core -I../tf-psa-crypto/drivers/builtin/src $(FRAMEWORK)/tests/programs/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core -I../tf-psa-crypto/drivers/builtin/src -I../tf-psa-crypto/platform $(FRAMEWORK)/tests/programs/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ test/query_config.o: test/query_config.c $(FRAMEWORK)/tests/programs/query_config.h $(DEP) echo " CC test/query_config.c" diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 1b371d30b9..0de71a9b03 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -103,8 +103,9 @@ foreach(exe IN LISTS executables) endforeach() target_include_directories(metatest - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/src) - + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/src + ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/platform +) install(TARGETS ${executables} DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) From 03ee085e104587b8719903880dce2081d9056f02 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 14 Feb 2026 10:26:02 +0100 Subject: [PATCH 1429/1548] Remove duplicated recursion tests The recursion tests for the crypto code are run in a TF-PSA-Crypto component. No need to run them in an Mbed TLS component as well. Signed-off-by: Ronald Cron --- tests/scripts/components-basic-checks.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 6a5bc3a1d7..1e480dd12b 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -12,8 +12,6 @@ component_check_recursion () { msg "Check: recursion.pl" # < 1s ./framework/scripts/recursion.pl library/*.c - ./framework/scripts/recursion.pl ${PSA_CORE_PATH}/*.c - ./framework/scripts/recursion.pl ${BUILTIN_SRC_PATH}/*.c } component_check_generated_files () { From 24bf98156ac7d0146ac824f30ce51ebad2bac584 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 14 Feb 2026 10:40:44 +0100 Subject: [PATCH 1430/1548] components*.sh: Handle current and upcoming object paths Signed-off-by: Ronald Cron --- .../components-configuration-crypto.sh | 31 ++++++-- tests/scripts/components-platform.sh | 72 +++++++++++++++++++ 2 files changed, 97 insertions(+), 6 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index baa59fb5f5..6a6b0a70de 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -10,6 +10,7 @@ ################################################################ CMAKE_BUILTIN_BUILD_DIR="tf-psa-crypto/drivers/builtin/CMakeFiles/builtin.dir/src" +CMAKE_EXTRAS_BUILD_DIR="tf-psa-crypto/extras/CMakeFiles/extras.dir" component_test_psa_crypto_key_id_encodes_owner () { msg "build: full config + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" @@ -280,8 +281,13 @@ component_full_no_pkparse_pkwrite () { cmake --build . # Ensure that PK_[PARSE|WRITE]_C were not re-enabled accidentally (additive config). - not grep mbedtls_pk_parse_key ${CMAKE_BUILTIN_BUILD_DIR}/pkparse.c.o - not grep mbedtls_pk_write_key_der ${CMAKE_BUILTIN_BUILD_DIR}/pkwrite.c.o + if [ -f ${TF_PSA_CRYPTO_ROOT_DIR}/extras/pkparse.c ]; then + not grep mbedtls_pk_parse_key ${CMAKE_EXTRAS_BUILD_DIR}/pkparse.c.o + not grep mbedtls_pk_write_key_der ${CMAKE_EXTRAS_BUILD_DIR}/pkwrite.c.o + else + not grep mbedtls_pk_parse_key ${CMAKE_BUILTIN_BUILD_DIR}/pkparse.c.o + not grep mbedtls_pk_write_key_der ${CMAKE_BUILTIN_BUILD_DIR}/pkwrite.c.o + fi msg "test: full without pkparse and pkwrite" ctest @@ -302,7 +308,11 @@ component_full_no_pkwrite () { make # Ensure that PK_WRITE_C was not re-enabled accidentally (additive config). - not grep mbedtls_pk_write_key_der ${CMAKE_BUILTIN_BUILD_DIR}/pkwrite.c.o + if [ -f ${TF_PSA_CRYPTO_ROOT_DIR}/extras/pkwrite.c ]; then + not grep mbedtls_pk_write_key_der ${CMAKE_EXTRAS_BUILD_DIR}/pkwrite.c.o + else + not grep mbedtls_pk_write_key_der ${CMAKE_BUILTIN_BUILD_DIR}/pkwrite.c.o + fi msg "test: full without pkwrite" make test @@ -329,8 +339,13 @@ component_test_crypto_full_md_light_only () { cmake --build . # Make sure we don't have the HMAC functions, but the hashing functions - not grep mbedtls_md_hmac ${CMAKE_BUILTIN_BUILD_DIR}/md.c.o - grep mbedtls_md ${CMAKE_BUILTIN_BUILD_DIR}/md.c.o + if [ -f ${TF_PSA_CRYPTO_ROOT_DIR}/extras/md.c ]; then + not grep mbedtls_md_hmac ${CMAKE_EXTRAS_BUILD_DIR}/md.c.o + grep mbedtls_md ${CMAKE_EXTRAS_BUILD_DIR}/md.c.o + else + not grep mbedtls_md_hmac ${CMAKE_BUILTIN_BUILD_DIR}/md.c.o + grep mbedtls_md ${CMAKE_BUILTIN_BUILD_DIR}/md.c.o + fi msg "test: crypto_full with only the light subset of MD" ctest @@ -1668,7 +1683,11 @@ component_test_psa_crypto_config_accel_hmac () { helper_libtestdriver1_make_main "$loc_accel_list" # Ensure that built-in support for HMAC is disabled. - not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o + if [ -f ${TF_PSA_CRYPTO_ROOT_DIR}/extras/md.c ]; then + not grep mbedtls_md_hmac ${TF_PSA_CRYPTO_ROOT_DIR}/extras/md.o + else + not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o + fi # Run the tests # ------------- diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh index d6eef6f781..2f3becf983 100644 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -439,6 +439,18 @@ component_build_arm_none_eabi_gcc () { ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o ${ARM_NONE_EABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o ${ARM_NONE_EABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/dispatch/*.o" > /dev/null; then + ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/dispatch/*.o + fi + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/extras/*.o" > /dev/null; then + ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/extras/*.o + fi + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/platform/*.o" > /dev/null; then + ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/platform/*.o + fi + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/utilities/*.o" > /dev/null; then + ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/utilities/*.o + fi } component_build_arm_linux_gnueabi_gcc_arm5vte () { @@ -455,6 +467,18 @@ component_build_arm_linux_gnueabi_gcc_arm5vte () { ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t library/*.o ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/dispatch/*.o" > /dev/null; then + ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/dispatch/*.o + fi + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/extras/*.o" > /dev/null; then + ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/extras/*.o + fi + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/platform/*.o" > /dev/null; then + ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/platform/*.o + fi + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/utilities/*.o" > /dev/null; then + ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/utilities/*.o + fi } support_build_arm_linux_gnueabi_gcc_arm5vte () { @@ -473,6 +497,18 @@ component_build_arm_none_eabi_gcc_arm5vte () { ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o ${ARM_NONE_EABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o ${ARM_NONE_EABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/dispatch/*.o" > /dev/null; then + ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/dispatch/*.o + fi + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/extras/*.o" > /dev/null; then + ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/extras/*.o + fi + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/platform/*.o" > /dev/null; then + ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/platform/*.o + fi + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/utilities/*.o" > /dev/null; then + ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/utilities/*.o + fi } component_build_arm_none_eabi_gcc_m0plus () { @@ -484,6 +520,18 @@ component_build_arm_none_eabi_gcc_m0plus () { ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o ${ARM_NONE_EABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o ${ARM_NONE_EABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/dispatch/*.o" > /dev/null; then + ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/dispatch/*.o + fi + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/extras/*.o" > /dev/null; then + ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/extras/*.o + fi + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/platform/*.o" > /dev/null; then + ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/platform/*.o + fi + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/utilities/*.o" > /dev/null; then + ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/utilities/*.o + fi for lib in library/*.a; do echo "$lib:" ${ARM_NONE_EABI_GCC_PREFIX}size -t $lib | grep TOTALS @@ -499,6 +547,18 @@ component_build_arm_none_eabi_gcc_no_udbl_division () { not grep __aeabi_uldiv library/*.o not grep __aeabi_uldiv ${PSA_CORE_PATH}/*.o not grep __aeabi_uldiv ${BUILTIN_SRC_PATH}/*.o + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/dispatch/*.o" > /dev/null; then + not grep __aeabi_uldiv ${TF_PSA_CRYPTO_ROOT_DIR}/dispatch/*.o + fi + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/extras/*.o" > /dev/null; then + not grep __aeabi_uldiv ${TF_PSA_CRYPTO_ROOT_DIR}/extras/*.o + fi + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/platform/*.o" > /dev/null; then + not grep __aeabi_uldiv ${TF_PSA_CRYPTO_ROOT_DIR}/platform/*.o + fi + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/utilities/*.o" > /dev/null; then + not grep __aeabi_uldiv ${TF_PSA_CRYPTO_ROOT_DIR}/utilities/*.o + fi } component_build_arm_none_eabi_gcc_no_64bit_multiplication () { @@ -510,6 +570,18 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () { not grep __aeabi_lmul library/*.o not grep __aeabi_lmul ${PSA_CORE_PATH}/*.o not grep __aeabi_lmul ${BUILTIN_SRC_PATH}/*.o + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/dispatch/*.o" > /dev/null; then + not grep __aeabi_lmul ${TF_PSA_CRYPTO_ROOT_DIR}/dispatch/*.o + fi + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/extras/*.o" > /dev/null; then + not grep __aeabi_lmul ${TF_PSA_CRYPTO_ROOT_DIR}/extras/*.o + fi + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/platform/*.o" > /dev/null; then + not grep __aeabi_lmul ${TF_PSA_CRYPTO_ROOT_DIR}/platform/*.o + fi + if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/utilities/*.o" > /dev/null; then + not grep __aeabi_lmul ${TF_PSA_CRYPTO_ROOT_DIR}/utilities/*.o + fi } component_build_arm_clang_thumb () { From 325170b96297eb21c17a523ac913cc220d3ee926 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 14 Feb 2026 10:49:40 +0100 Subject: [PATCH 1431/1548] legacy.make: Add globs and paths for tags and cscope Signed-off-by: Ronald Cron --- scripts/legacy.make | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/legacy.make b/scripts/legacy.make index b22b8ef8bf..5726f9e82a 100644 --- a/scripts/legacy.make +++ b/scripts/legacy.make @@ -180,6 +180,10 @@ C_SOURCE_FILES = $(wildcard \ tf-psa-crypto/drivers/*/*/*.c \ tf-psa-crypto/drivers/*/*/*/*.c \ tf-psa-crypto/drivers/*/*/*/*/*.c \ + tf-psa-crypto/dispatch/*.[hc] \ + tf-psa-crypto/extras/*.[hc] \ + tf-psa-crypto/platform/*.[hc] \ + tf-psa-crypto/utilities/*.[hc] \ programs/*/*.[hc] \ framework/tests/include/*/*.h framework/tests/include/*/*/*.h \ framework/tests/src/*.c framework/tests/src/*/*.c \ @@ -200,5 +204,9 @@ cscope.in.out cscope.po.out cscope.out: $(C_SOURCE_FILES) cscope -bq -u -Iinclude -Ilibrary -Itf-psa-crypto/core \ -Itf-psa-crypto/include \ -Itf-psa-crypto/drivers/builtin/src \ + -Itf-psa-crypto/dispatch \ + -Itf-psa-crypto/extras \ + -Itf-psa-crypto/platform \ + -Itf-psa-crypto/utilities \ $(patsubst %,-I%,$(wildcard tf-psa-crypto/drivers/*/include)) -Iframework/tests/include $(C_SOURCE_FILES) .PHONY: cscope global From f3a20d25d618ba21a969f205198c6147411ef51d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 14 Feb 2026 10:51:38 +0100 Subject: [PATCH 1432/1548] Prepare libtestdriver1 build for upcoming directory changes Signed-off-by: Ronald Cron --- tests/Makefile | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index 745a09d240..a34bc95f99 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -252,7 +252,19 @@ libtestdriver1.a: cp -Rf ../scripts ./libtestdriver1 cp -Rf ../tf-psa-crypto/core ./libtestdriver1/tf-psa-crypto cp -Rf ../tf-psa-crypto/include ./libtestdriver1/tf-psa-crypto - cp -Rf ../tf-psa-crypto/drivers/builtin ./libtestdriver1/tf-psa-crypto/drivers + cp -Rf ../tf-psa-crypto/drivers/builtin ./libtestdriver1/tf-psa-crypto/drivers/builtin + if [ -d ../tf-psa-crypto/dispatch ]; then \ + cp -Rf ../tf-psa-crypto/dispatch ./libtestdriver1/tf-psa-crypto/dispatch; \ + fi + if [ -d ../tf-psa-crypto/extras ]; then \ + cp -Rf ../tf-psa-crypto/extras ./libtestdriver1/tf-psa-crypto/extras; \ + fi + if [ -d ../tf-psa-crypto/platform ]; then \ + cp -Rf ../tf-psa-crypto/platform ./libtestdriver1/tf-psa-crypto/platform; \ + fi + if [ -d ../tf-psa-crypto/utilities ]; then \ + cp -Rf ../tf-psa-crypto/utilities ./libtestdriver1/tf-psa-crypto/utilities; \ + fi cp -Rf ../tf-psa-crypto/scripts ./libtestdriver1/tf-psa-crypto # Set the test driver base (minimal) configuration. @@ -285,7 +297,18 @@ libtestdriver1.a: perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*/*.h perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/src/*.[ch] - + if [ -d ../tf-psa-crypto/dispatch ]; then \ + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/dispatch/*.[ch]; \ + fi + if [ -d ../tf-psa-crypto/extras ]; then \ + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/extras/*.[ch]; \ + fi + if [ -d ../tf-psa-crypto/platform ]; then \ + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/platform/*.[ch]; \ + fi + if [ -d ../tf-psa-crypto/utilities ]; then \ + perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/utilities/*.[ch]; \ + fi $(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a From a400a3bb8aecc2f88a7dcd814d17f719777184e7 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 14 Feb 2026 10:53:14 +0100 Subject: [PATCH 1433/1548] Adapt list_internal_identifiers.py for upcoming directory changes Signed-off-by: Ronald Cron --- tests/scripts/list_internal_identifiers.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/list_internal_identifiers.py b/tests/scripts/list_internal_identifiers.py index 2cbfdce8d5..445aeda352 100755 --- a/tests/scripts/list_internal_identifiers.py +++ b/tests/scripts/list_internal_identifiers.py @@ -37,7 +37,9 @@ def main(): "include/mbedtls/*_internal.h", "library/*.h", "tf-psa-crypto/core/*.h", - "tf-psa-crypto/drivers/builtin/src/*.h" + "tf-psa-crypto/drivers/builtin/src/*.h", + "tf-psa-crypto/platform/*.h", + "tf-psa-crypto/utilities/*.h", ])[0] result.sort(key=lambda x: x.name) From 32479c6a725762fcba58e0e2b59dc471c716060e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 14 Feb 2026 10:53:23 +0100 Subject: [PATCH 1434/1548] cmake: Introduce TF_PSA_CRYPTO_PRIVATE_INCLUDE_DIRS Signed-off-by: Ronald Cron --- CMakeLists.txt | 53 ++++++++++++++++++++++++++---------------- library/CMakeLists.txt | 5 ++-- tests/CMakeLists.txt | 10 ++++---- 3 files changed, 40 insertions(+), 28 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index bc122f5167..42e4ccb34d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -373,6 +373,20 @@ foreach(target IN LISTS tf_psa_crypto_library_targets) endif() endforeach(target) +# +# TF-PSA-Crypto directories with internal headers that are currently still +# consumed by Mbed TLS. When we have finished cleaning up this list should be +# empty. +# +set(TF_PSA_CRYPTO_PRIVATE_INCLUDE_DIRS + ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/core + ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/dispatch + ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/src + ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/extras + ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/platform + ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/utilities +) + add_subdirectory(library) add_subdirectory(pkgconfig) @@ -416,16 +430,16 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) endif() target_include_directories(mbedtls_test PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/tests/include - PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include - PRIVATE tests/include - PRIVATE include - PRIVATE tf-psa-crypto/include - PRIVATE tf-psa-crypto/drivers/builtin/include - PRIVATE tf-psa-crypto/drivers/everest/include - PRIVATE tf-psa-crypto/drivers/pqcp/include - PRIVATE library - PRIVATE tf-psa-crypto/core - PRIVATE tf-psa-crypto/drivers/builtin/src) + ${MBEDTLS_FRAMEWORK_DIR}/tests/include + tests/include + include + tf-psa-crypto/include + tf-psa-crypto/drivers/builtin/include + tf-psa-crypto/drivers/everest/include + tf-psa-crypto/drivers/pqcp/include + library + ${TF_PSA_CRYPTO_PRIVATE_INCLUDE_DIRS} + ) # Request C11, needed for memory poisoning tests set_target_properties(mbedtls_test PROPERTIES C_STANDARD 11) set_config_files_compile_definitions(mbedtls_test) @@ -453,16 +467,15 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) endif() target_include_directories(mbedtls_test_helpers PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/tests/include - PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include - PRIVATE tests/include - PRIVATE include - PRIVATE tf-psa-crypto/include - PRIVATE tf-psa-crypto/drivers/builtin/include - PRIVATE library - PRIVATE tf-psa-crypto/core - PRIVATE tf-psa-crypto/drivers/builtin/src - PRIVATE tf-psa-crypto/drivers/everest/include - PRIVATE tf-psa-crypto/drivers/pqcp/include + ${MBEDTLS_FRAMEWORK_DIR}/tests/include + tests/include + include + tf-psa-crypto/include + tf-psa-crypto/drivers/builtin/include + library + tf-psa-crypto/drivers/everest/include + tf-psa-crypto/drivers/pqcp/include + ${TF_PSA_CRYPTO_PRIVATE_INCLUDE_DIRS} ) set_config_files_compile_definitions(mbedtls_test_helpers) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 5474e2cacf..f1b7c74aba 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -236,15 +236,14 @@ foreach(target IN LISTS target_libraries) add_library(MbedTLS::${target} ALIAS ${target}) # add_subdirectory support # Include public header files from /include, /tf-psa-crypto/include/ and # tf-psa-crypto/drivers/builtin/include/. Include private header files - # from /library, tf-psa-crypto/core/ and tf-psa-crypto/drivers/builtin/src/. + # from /library and ${TF_PSA_CRYPTO_PRIVATE_INCLUDE_DIRS}. target_include_directories(${target} PUBLIC $ $ $ $ PRIVATE ${MBEDTLS_DIR}/library/ - ${MBEDTLS_DIR}/tf-psa-crypto/core - ${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/src + ${TF_PSA_CRYPTO_PRIVATE_INCLUDE_DIRS} # needed for generated headers ${CMAKE_CURRENT_BINARY_DIR}) set_config_files_compile_definitions(${target}) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index ec625234dc..09913b56e7 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -177,11 +177,11 @@ function(add_test_suite suite_name) # them as PUBLIC. target_include_directories(test_suite_${data_name} PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../framework/tests/include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/core - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/src) + ${CMAKE_CURRENT_SOURCE_DIR}/include + ${PROJECT_SOURCE_DIR}/framework/tests/include + ${PROJECT_SOURCE_DIR}/library + ${TF_PSA_CRYPTO_PRIVATE_INCLUDE_DIRS} + ) # Request C11, which is needed for memory poisoning tests set_target_properties(test_suite_${data_name} PROPERTIES C_STANDARD 11) From aa024253d6b3713bfba9ea1d163b4f8b6407b595 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 27 Feb 2026 17:30:50 +0100 Subject: [PATCH 1435/1548] tests: make: Fix spaces instead of tab Signed-off-by: Ronald Cron --- tests/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index a34bc95f99..62a7b82e61 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -255,16 +255,16 @@ libtestdriver1.a: cp -Rf ../tf-psa-crypto/drivers/builtin ./libtestdriver1/tf-psa-crypto/drivers/builtin if [ -d ../tf-psa-crypto/dispatch ]; then \ cp -Rf ../tf-psa-crypto/dispatch ./libtestdriver1/tf-psa-crypto/dispatch; \ - fi + fi if [ -d ../tf-psa-crypto/extras ]; then \ cp -Rf ../tf-psa-crypto/extras ./libtestdriver1/tf-psa-crypto/extras; \ - fi + fi if [ -d ../tf-psa-crypto/platform ]; then \ cp -Rf ../tf-psa-crypto/platform ./libtestdriver1/tf-psa-crypto/platform; \ - fi + fi if [ -d ../tf-psa-crypto/utilities ]; then \ cp -Rf ../tf-psa-crypto/utilities ./libtestdriver1/tf-psa-crypto/utilities; \ - fi + fi cp -Rf ../tf-psa-crypto/scripts ./libtestdriver1/tf-psa-crypto # Set the test driver base (minimal) configuration. From 269b390bb4cb5303188af9b862780412933d670b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 9 Mar 2026 08:22:51 +0100 Subject: [PATCH 1436/1548] components-platform.sh: Fix path of compiler directory Signed-off-by: Ronald Cron --- tests/scripts/components-platform.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh index 2f3becf983..b68a4aeafc 100644 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -468,16 +468,16 @@ component_build_arm_linux_gnueabi_gcc_arm5vte () { ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t ${PSA_CORE_PATH}/*.o ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t ${BUILTIN_SRC_PATH}/*.o if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/dispatch/*.o" > /dev/null; then - ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/dispatch/*.o + ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/dispatch/*.o fi if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/extras/*.o" > /dev/null; then - ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/extras/*.o + ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/extras/*.o fi if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/platform/*.o" > /dev/null; then - ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/platform/*.o + ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/platform/*.o fi if compgen -G "${TF_PSA_CRYPTO_ROOT_DIR}/utilities/*.o" > /dev/null; then - ${ARM_NONE_EABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/utilities/*.o + ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t ${TF_PSA_CRYPTO_ROOT_DIR}/utilities/*.o fi } From bef136e607ee0a436ea9d0b56bf37d6401c81507 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 9 Mar 2026 08:23:53 +0100 Subject: [PATCH 1437/1548] Update framework pointer to the merge of PR 280 Signed-off-by: Ronald Cron --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index e07b6643e8..9b92164c47 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit e07b6643e8db5fe2fdc20be288b91a2194316862 +Subproject commit 9b92164c47fdaecb2600b417733507e2a105c3a5 From 65a038198ed4ab94e9201e3dff624df7a0c6fb57 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 9 Mar 2026 23:28:50 +0100 Subject: [PATCH 1438/1548] Improve comments Signed-off-by: Ronald Cron --- library/ssl_msg.c | 4 ++-- library/ssl_tls12_server.c | 9 +++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 207f4b7e1c..f6bef7cbc2 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2970,8 +2970,8 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) /* * When establishing the connection, the client may go through a series * of ClientHello and HelloVerifyRequest requests and responses. The - * server does not keep any trace of these initial round trips as - * intended: minimum allocated ressources as long as the reachability + * server intentionally does not keep trace of these initial round + * trips: minimum allocated ressources as long as the reachability * of the client has not been confirmed. When receiving the "first * ClientHello" from server perspective, we may thus need to adapt * the next expected `message_seq` for the incoming and outgoing diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 54fb8669ae..5c6832e044 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -871,10 +871,11 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) /* * Fetch the expected ClientHello handshake message. Do not ask - * mbedtls_ssl_read_record() to update the handshake digest, to align - * with cases where the ClientHello may already have been fetched in - * ssl_tls13_process_client_hello() or as a post-handshake message - * (renegotiation). + * mbedtls_ssl_read_record() to update the handshake digest, because the + * ClientHello may already have been read in ssl_tls13_process_client_hello() + * or as a post-handshake message (renegotiation). In those cases we need + * to update the digest ourselves, and it is simpler to do so + * unconditionally than to track whether it is needed. */ if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record ", ret); From 7f40da187cbedb89c7027289db720825aaab9b08 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 10 Mar 2026 08:25:14 +0100 Subject: [PATCH 1439/1548] ssl_tls12_server.c: Move back the digest update Move back the digest update just after the call to mbedtls_ssl_read_record(). It fits well here as we explain in the comment associated to the call to mbedtls_ssl_read_record() that we update it manually. Signed-off-by: Ronald Cron --- library/ssl_tls12_server.c | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 5c6832e044..94e61a8aca 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -882,6 +882,20 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) return ret; } + /* + * Update the handshake checksum. + * + * Note that the checksum must be updated before parsing the extensions + * because ssl_parse_session_ticket_ext() may decrypt the ticket in place + * and therefore modify the ClientHello message. This occurs when using + * the Mbed TLS ssl_ticket.c implementation. + */ + ret = mbedtls_ssl_update_handshake_status(ssl); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_update_handshake_status"), ret); + return ret; + } + buf = ssl->in_msg; msg_len = ssl->in_hslen; @@ -1087,21 +1101,6 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) ext_len = 0; } - /* - * Update the handshake checksum after performing preliminary - * validation of the ClientHello and before parsing its extensions. - * - * The checksum must be updated before parsing the extensions because - * ssl_parse_session_ticket_ext() may decrypt the ticket in place and - * therefore modify the ClientHello message. This occurs when using - * the Mbed TLS ssl_ticket.c implementation. - */ - ret = mbedtls_ssl_update_handshake_status(ssl); - if (0 != ret) { - MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_update_handshake_status"), ret); - return ret; - } - ext = buf + ext_offset + 2; MBEDTLS_SSL_DEBUG_BUF(3, "client hello extensions", ext, ext_len); From 09210ea54ff627d22c0efade7e1ba6c16225a959 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 10 Mar 2026 08:49:25 +0100 Subject: [PATCH 1440/1548] Restore seq number check of post-handshake ClientHello msg The check was wrongly removed by the commit "ssl_tls12_server.c: Move ClientHello message_seq adjustment". Signed-off-by: Ronald Cron --- library/ssl_msg.c | 59 +++++++++++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 23 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index f6bef7cbc2..abb5a5696f 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2967,34 +2967,47 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INVALID_RECORD; } - /* - * When establishing the connection, the client may go through a series - * of ClientHello and HelloVerifyRequest requests and responses. The - * server intentionally does not keep trace of these initial round - * trips: minimum allocated ressources as long as the reachability - * of the client has not been confirmed. When receiving the "first - * ClientHello" from server perspective, we may thus need to adapt - * the next expected `message_seq` for the incoming and outgoing - * handshake messages. - */ if (ssl->in_msg[0] == MBEDTLS_SSL_HS_CLIENT_HELLO && - ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - ssl->state == MBEDTLS_SSL_CLIENT_HELLO + ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { + if (ssl->state == MBEDTLS_SSL_CLIENT_HELLO #if defined(MBEDTLS_SSL_RENEGOTIATION) - && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE + && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE #endif - ) { - ssl->handshake->in_msg_seq = recv_msg_seq; - ssl->handshake->out_msg_seq = recv_msg_seq; + ) { + /* + * When establishing the connection, the client may go through + * a series of ClientHello and HelloVerifyRequest requests and + * responses. The server intentionally does not keep trace of + * these initial round trips: minimum allocated ressources as + * long as the reachability of the client has not been + * confirmed. When receiving the "first ClientHello" from + * server perspective, we may thus need to adapt the next + * expected `message_seq` for the incoming and outgoing + * handshake messages. + */ + ssl->handshake->in_msg_seq = recv_msg_seq; + ssl->handshake->out_msg_seq = recv_msg_seq; - /* Epoch should be 0 for initial handshakes */ - if (ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } + /* Epoch should be 0 for initial handshakes */ + if (ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; + } - memcpy(&ssl->cur_out_ctr[2], ssl->in_ctr + 2, - sizeof(ssl->cur_out_ctr) - 2); + memcpy(&ssl->cur_out_ctr[2], ssl->in_ctr + 2, + sizeof(ssl->cur_out_ctr) - 2); + } else if (mbedtls_ssl_is_handshake_over(ssl) == 1) { + /* In case of a post-handshake ClientHello that initiates a + * renegotiation check that the handshake message sequence + * number is zero. + */ + if (recv_msg_seq != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message_seq: " + "%u (expected 0)", + recv_msg_seq)); + return MBEDTLS_ERR_SSL_DECODE_ERROR; + } + } } if (ssl->handshake != NULL && From e051abd5e3830ae98014ed9b73903d3a07dd344b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 10 Mar 2026 14:56:26 +0100 Subject: [PATCH 1441/1548] tls13_hrr_then_tls12_second_client_hello: Various improvements Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.function | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index a42ff8b964..b3c34aeac0 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -6026,7 +6026,7 @@ void tls13_hrr_then_tls12_second_client_hello() /* * Prepare for handshake with the ticket. */ - /* Remove the group SECP256R1 fron the list of groups supported by the + /* Remove the group SECP256R1 from the list of groups supported by the * server such that it sends an HRR in response to the ClientHello. */ server_options.group_list = group_list + 1; @@ -6055,7 +6055,7 @@ void tls13_hrr_then_tls12_second_client_hello() /* * Progress the handshake up to the point where the server has sent the - * HRR and the client as received and processed the server HRR but not + * HRR and the client has received and processed the server HRR but not * written the second ClientHello in response to the HRR. */ ret = mbedtls_test_move_handshake_to_state( @@ -6083,14 +6083,12 @@ void tls13_hrr_then_tls12_second_client_hello() */ client_ep.ssl.tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - mbedtls_ssl_conf_min_tls_version((mbedtls_ssl_config *) client_ep.ssl.conf, - MBEDTLS_SSL_VERSION_TLS1_2); - mbedtls_ssl_conf_max_tls_version((mbedtls_ssl_config *) client_ep.ssl.conf, - MBEDTLS_SSL_VERSION_TLS1_2); - mbedtls_ssl_conf_ciphersuites((mbedtls_ssl_config *) client_ep.ssl.conf, - tls12_ciphersuite_list); + mbedtls_ssl_conf_min_tls_version(&client_ep.conf, MBEDTLS_SSL_VERSION_TLS1_2); + mbedtls_ssl_conf_max_tls_version(&client_ep.conf, MBEDTLS_SSL_VERSION_TLS1_2); + mbedtls_ssl_conf_ciphersuites(&client_ep.conf, tls12_ciphersuite_list); ret = mbedtls_ssl_session_reset(&(client_ep.ssl)); + TEST_EQUAL(ret, 0); /* * Restart and try to complete the handshake on server side which is @@ -6113,6 +6111,7 @@ exit: mbedtls_test_free_handshake_options(&client_options); mbedtls_test_free_handshake_options(&server_options); mbedtls_ssl_session_free(&saved_session); + mbedtls_debug_set_threshold(0); PSA_DONE(); } /* END_CASE */ From 624fc2e0de8e28f687cb3de0ebfb3f830db02ee9 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 10 Mar 2026 15:08:04 +0000 Subject: [PATCH 1442/1548] Move TLS 1.3 verify-result setting for PSK When we are doing PSK, we'd like to set verify_result to MBEDTLS_X509_BADCERT_SKIP_VERIFY. Previously this was done in mbedtls_ssl_set_hs_psk() but this is inadequate since this function may be called for early data (where certificate verification happens later in the handshake. Instead, set this value after writing / processing the encrypted extensions on the server / client respectively, so that we know whether we are doing certificate verification or not for sure. This change is effective only for TLS 1.3 as TLS 1.2 sets verify_result for PSK in ssl_parse_certificate_coordinate(). Signed-off-by: David Horstmann --- library/ssl_tls.c | 3 --- library/ssl_tls13_client.c | 3 +++ library/ssl_tls13_server.c | 3 +++ 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 09e1ebf574..bf459b473e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2018,9 +2018,6 @@ int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } - /* Since we're not using a certificate, set verify_result to skipped */ - ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; - /* Allow calling psa_destroy_key() on psk remove */ ssl->handshake->psk_opaque_is_internal = 1; return mbedtls_ssl_set_hs_psk_opaque(ssl, key); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index b7b075cc97..9b7ca82f91 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2264,6 +2264,9 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); + + /* Since we're not using a certificate, set verify_result to skipped */ + ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; } else { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST); } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 982e6f8c3b..270dcd0e6e 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2616,6 +2616,9 @@ static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_FINISHED); + + /* Since we're not using a certificate, set verify_result to skipped */ + ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; } else { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST); } From 139ac457ab92d56488d3619a7728d57830b4ebf0 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 10 Mar 2026 15:40:00 +0100 Subject: [PATCH 1443/1548] tls13_hrr_then_tls12_second_client_hello: Improve some comments Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.function | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index b3c34aeac0..c039b95c26 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -6027,7 +6027,8 @@ void tls13_hrr_then_tls12_second_client_hello() * Prepare for handshake with the ticket. */ /* Remove the group SECP256R1 from the list of groups supported by the - * server such that it sends an HRR in response to the ClientHello. + * server. Since it is the client's preferred group, the client will + * send a key share only for SECP256R1, forcing the server to send a HRR. */ server_options.group_list = group_list + 1; @@ -6078,10 +6079,12 @@ void tls13_hrr_then_tls12_second_client_hello() #endif /* - * Reset the client and force it to TLS 1.2 so that it sends a TLS 1.2 - * ClientHello. + * The client has just received the server's HRR and is expected to send a + * second ClientHello. Instead of sending a compliant second TLS 1.3 + * ClientHello, we want it to send a TLS 1.2-only ClientHello. To achieve + * this, we reset the client with a TLS 1.2-only configuration before + * resuming the handshake with the server. */ - client_ep.ssl.tls_version = MBEDTLS_SSL_VERSION_TLS1_2; mbedtls_ssl_conf_min_tls_version(&client_ep.conf, MBEDTLS_SSL_VERSION_TLS1_2); mbedtls_ssl_conf_max_tls_version(&client_ep.conf, MBEDTLS_SSL_VERSION_TLS1_2); From 759895e7df1b108ed640f6f5b9527bf10cb06e66 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 10 Mar 2026 16:16:19 +0100 Subject: [PATCH 1444/1548] tls13_hrr_then_tls12_second_client_hello: Improve client and server state checks Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.function | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c039b95c26..8c57ec1b6e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -6063,11 +6063,13 @@ void tls13_hrr_then_tls12_second_client_hello() &(server_ep.ssl), &(client_ep.ssl), MBEDTLS_SSL_HELLO_RETRY_REQUEST); TEST_EQUAL(ret, 0); + TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); ret = mbedtls_test_move_handshake_to_state( &(client_ep.ssl), &(server_ep.ssl), MBEDTLS_SSL_CLIENT_HELLO); TEST_EQUAL(ret, 0); + TEST_EQUAL(server_ep.ssl.state, MBEDTLS_SSL_CLIENT_HELLO); #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) /* If the compatibility mode is enabled, filter the dummy change_cipher_spec From 622b69d1d059d5e5b6dd5792cf8402f22908baab Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 10 Mar 2026 17:01:50 +0100 Subject: [PATCH 1445/1548] Add change log Signed-off-by: Ronald Cron --- ChangeLog.d/tls12-2nd-client-hello.txt | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 ChangeLog.d/tls12-2nd-client-hello.txt diff --git a/ChangeLog.d/tls12-2nd-client-hello.txt b/ChangeLog.d/tls12-2nd-client-hello.txt new file mode 100644 index 0000000000..7513e0b945 --- /dev/null +++ b/ChangeLog.d/tls12-2nd-client-hello.txt @@ -0,0 +1,9 @@ +Security + * Fixed an issue in TLS 1.3 server handling of the second ClientHello, after + sending a HelloRetryRequest message. A man-in-the-middle attacker could + force a TLS 1.3 session resumption using a ticket to fall back to an + unintended TLS 1.2 session resumption with an all-zero master secret. + This could result in client authentication being bypassed and allow client + impersonation. + Found and reported by Jaehun Lee, Pohang University of Science and + Technology (POSTECH). From c6e1d67b1b91e203b3046add717be221cbfe80a2 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 11 Mar 2026 09:55:41 +0000 Subject: [PATCH 1446/1548] ssl-opt.sh: Check for cert verify skipped Check that the message "! Certificate verification was skipped" is present in the output when auth_mode=none. This indicates that the certificate verify flag MBEDTLS_X509_BADCERT_SKIP_VERIFY was correctly set. Signed-off-by: David Horstmann --- tests/ssl-opt.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ab727e6a48..4222768949 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5772,6 +5772,7 @@ run_test "Authentication: server badcert, client none" \ key_file=$DATA_FILES_PATH/server5.key" \ "$P_CLI debug_level=3 auth_mode=none" \ 0 \ + -c "! Certificate verification was skipped" \ -C "x509_verify_cert() returned" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ @@ -5783,12 +5784,14 @@ run_test "Authentication: server badcert, client none (1.2)" \ key_file=$DATA_FILES_PATH/server5.key" \ "$P_CLI force_version=tls12 debug_level=3 auth_mode=none" \ 0 \ + -c "! Certificate verification was skipped" \ -C "x509_verify_cert() returned" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! mbedtls_ssl_handshake returned" \ -C "send alert level=2 message=48" \ -C "X509 - Certificate verification failed" + run_test "Authentication: server goodcert, client required, no trusted CA" \ "$P_SRV" \ "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \ @@ -5837,6 +5840,7 @@ run_test "Authentication: server goodcert, client none, no trusted CA" \ "$P_SRV" \ "$P_CLI debug_level=3 auth_mode=none ca_file=none ca_path=none" \ 0 \ + -c "! Certificate verification was skipped" \ -C "x509_verify_cert() returned" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! Certificate verification flags"\ @@ -5844,11 +5848,13 @@ run_test "Authentication: server goodcert, client none, no trusted CA" \ -C "X509 - Certificate verification failed" \ -C "SSL - No CA Chain is set, but required to operate" + requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: server goodcert, client none, no trusted CA (1.2)" \ "$P_SRV" \ "$P_CLI force_version=tls12 debug_level=3 auth_mode=none ca_file=none ca_path=none" \ 0 \ + -c "! Certificate verification was skipped" \ -C "x509_verify_cert() returned" \ -C "! The certificate is not correctly signed by the trusted CA" \ -C "! Certificate verification flags"\ @@ -5856,6 +5862,7 @@ run_test "Authentication: server goodcert, client none, no trusted CA (1.2)" -C "X509 - Certificate verification failed" \ -C "SSL - No CA Chain is set, but required to operate" + # The next few tests check what happens if the server has a valid certificate # that does not match its name (impersonation). @@ -5939,12 +5946,14 @@ run_test "Authentication: hostname mismatch, client none" \ "$P_SRV" \ "$P_CLI auth_mode=none server_name=wrong-name debug_level=2" \ 0 \ + -c "! Certificate verification was skipped" \ -C "does not match with the expected CN" \ -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" + run_test "Authentication: hostname null, client required" \ "$P_SRV" \ "$P_CLI auth_mode=required set_hostname=NULL debug_level=2" \ @@ -5970,12 +5979,14 @@ run_test "Authentication: hostname null, client none" \ "$P_SRV" \ "$P_CLI auth_mode=none set_hostname=NULL debug_level=2" \ 0 \ + -c "! Certificate verification was skipped" \ -C "does not match with the expected CN" \ -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ -C "x509_verify_cert() returned -" \ -C "X509 - Certificate verification failed" + run_test "Authentication: hostname unset, client required" \ "$P_SRV" \ "$P_CLI auth_mode=required set_hostname=no debug_level=2" \ @@ -6015,6 +6026,7 @@ run_test "Authentication: hostname unset, client none" \ "$P_SRV" \ "$P_CLI auth_mode=none set_hostname=no debug_level=2" \ 0 \ + -c "! Certificate verification was skipped" \ -C "does not match with the expected CN" \ -C "Certificate verification without having set hostname" \ -C "Certificate verification without CN verification" \ @@ -6173,6 +6185,7 @@ run_test "Authentication: client badcert, server none" \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ key_file=$DATA_FILES_PATH/server5.key" \ 0 \ + -s "! Certificate verification was skipped" \ -s "skip write certificate request" \ -C "skip parse certificate request" \ -c "got no certificate request" \ @@ -6280,6 +6293,7 @@ run_test "Authentication: server max_int+1 chain, client none" \ "$P_CLI force_version=tls12 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \ auth_mode=none" \ 0 \ + -c "! Certificate verification was skipped" \ -C "X509 - A fatal error occurred" requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA From f51e72ab2da9bbdb619ce6e0f8a2958d0e7f220b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 11 Mar 2026 12:35:30 +0100 Subject: [PATCH 1447/1548] Update tf-psa-crypto to development Signed-off-by: Gilles Peskine --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 293cfe5ece..125474d4e0 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 293cfe5eceed98a2ee75d5241a78657b466750c7 +Subproject commit 125474d4e05965a6dfe2af350b5462ce62bed4cd From 708b401697b70bd8c5bca84b47ff0c1487482c54 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 11 Mar 2026 11:39:35 +0000 Subject: [PATCH 1448/1548] ssl-opt.sh Check for cert verify skipped In testcases in opt-testcases/tls13kex-modes.sh, check for the setting of the failure flag MBEDTLS_X509_BADCERT_SKIP_VERIFY by looking for the string "! Certificate verification was skipped" in the output in cases where the key exchange is negotiated to use PSK. Note that this check for output is only added to the success cases since the negative tests fail before this string is printed. Signed-off-by: David Horstmann --- tests/opt-testcases/tls13-kex-modes.sh | 170 +++++++++++++++++-------- 1 file changed, 119 insertions(+), 51 deletions(-) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 1bb251fdb8..8229dd01ae 100644 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -26,7 +26,8 @@ run_test "TLS 1.3: G->m: all/psk, good" \ -S "No usable PSK or ticket" \ -s "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" \ requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -87,7 +88,8 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \ -S "No usable PSK or ticket" \ -s "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -148,7 +150,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -209,7 +212,8 @@ run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -290,7 +294,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -354,7 +359,8 @@ run_test "TLS 1.3: G->m: all/psk_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -418,7 +424,8 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \ -S "No usable PSK or ticket" \ -s "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -916,7 +923,8 @@ run_test "TLS 1.3: G->m: psk_ephemeral group(secp256r1) check, good" \ -s "write selected_group: secp256r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -933,7 +941,8 @@ run_test "TLS 1.3: G->m: psk_ephemeral group(secp384r1) check, good" \ -s "write selected_group: secp384r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -950,7 +959,8 @@ run_test "TLS 1.3: G->m: psk_ephemeral group(secp521r1) check, good" \ -s "write selected_group: secp521r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -967,7 +977,8 @@ run_test "TLS 1.3: G->m: psk_ephemeral group(x25519) check, good" \ -s "write selected_group: x25519" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -984,7 +995,8 @@ run_test "TLS 1.3: G->m: psk_ephemeral group(x448) check, good" \ -s "write selected_group: x448" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1022,7 +1034,8 @@ run_test "TLS 1.3: O->m: all/psk, good" \ -S "No usable PSK or ticket" \ -s "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1080,7 +1093,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1138,7 +1152,8 @@ run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1197,7 +1212,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1258,7 +1274,8 @@ run_test "TLS 1.3: O->m: all/psk_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1628,7 +1645,8 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \ -s "write selected_group: secp256r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1645,7 +1663,8 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \ -s "write selected_group: secp384r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1662,7 +1681,8 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \ -s "write selected_group: secp521r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1679,7 +1699,8 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \ -s "write selected_group: x25519" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1696,7 +1717,8 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \ -s "write selected_group: x448" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1713,7 +1735,8 @@ run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ -s "HRR selected_group: secp384r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -1732,7 +1755,8 @@ run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ -s "HRR selected_group: secp384r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" # Add psk test cases for mbedtls client code @@ -1751,7 +1775,9 @@ run_test "TLS 1.3: m->m: psk/psk, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1835,7 +1861,9 @@ run_test "TLS 1.3: m->m: psk/psk_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1880,7 +1908,9 @@ run_test "TLS 1.3: m->m: psk/all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1940,7 +1970,9 @@ run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1995,7 +2027,9 @@ run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2038,7 +2072,9 @@ run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2083,7 +2119,9 @@ run_test "TLS 1.3: m->m: psk_ephemeral/all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2215,7 +2253,9 @@ run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2319,7 +2359,9 @@ run_test "TLS 1.3: m->m: ephemeral_all/psk_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2413,7 +2455,9 @@ run_test "TLS 1.3: m->m: psk_all/psk, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2456,7 +2500,9 @@ run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2515,7 +2561,9 @@ run_test "TLS 1.3: m->m: psk_all/ephemeral_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2560,7 +2608,9 @@ run_test "TLS 1.3: m->m: psk_all/psk_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2605,7 +2655,9 @@ run_test "TLS 1.3: m->m: psk_all/all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2652,7 +2704,9 @@ run_test "TLS 1.3: m->m: all/psk, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2699,7 +2753,9 @@ run_test "TLS 1.3: m->m: all/psk_ephemeral, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2810,7 +2866,9 @@ run_test "TLS 1.3: m->m: all/psk_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2906,7 +2964,8 @@ run_test "TLS 1.3: m->O: psk/all, good" \ -c "client hello, adding PSK binder list" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 ok" + -c "HTTP/1.0 200 ok" \ + -c "! Certificate verification was skipped" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -2941,7 +3000,8 @@ run_test "TLS 1.3: m->O: psk_all/all, good" \ -c "client hello, adding PSK binder list" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" + -c "HTTP/1.0 200 ok" \ + -c "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -2959,7 +3019,8 @@ run_test "TLS 1.3: m->O: psk_all/ephemeral_all, good" \ -c "client hello, adding PSK binder list" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" + -c "HTTP/1.0 200 ok" \ + -c "! Certificate verification was skipped" #OPENSSL-SERVER psk_ephemeral mode requires_openssl_tls1_3_with_compatible_ephemeral @@ -2977,7 +3038,8 @@ run_test "TLS 1.3: m->O: psk_ephemeral/all, good" \ -c "client hello, adding PSK binder list" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" + -c "HTTP/1.0 200 ok" \ + -c "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -2994,7 +3056,8 @@ run_test "TLS 1.3: m->O: psk_ephemeral/ephemeral_all, good" \ -c "client hello, adding PSK binder list" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" + -c "HTTP/1.0 200 ok" \ + -c "! Certificate verification was skipped" #OPENSSL-SERVER ephemeral mode requires_openssl_tls1_3_with_compatible_ephemeral @@ -3115,7 +3178,8 @@ run_test "TLS 1.3: m->G: psk/all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 @@ -3154,7 +3218,8 @@ run_test "TLS 1.3: m->G: psk_all/all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 @@ -3174,7 +3239,8 @@ run_test "TLS 1.3: m->G: psk_all/ephemeral_all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" #GNUTLS-SERVER psk_ephemeral mode requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3194,7 +3260,8 @@ run_test "TLS 1.3: m->G: psk_ephemeral/all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 @@ -3213,7 +3280,8 @@ run_test "TLS 1.3: m->G: psk_ephemeral/ephemeral_all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" #GNUTLS-SERVER ephemeral mode requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 From 23318bde24e4558a9f69486c8229866363546322 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 3 Mar 2026 13:28:46 +0100 Subject: [PATCH 1449/1548] Remove PSA status coverage log test We haven't used this in years. It's obsolete because this functionality should now be provided by the more general PSA function wrappers (`PSALoggingWrapper` generator), although that work is unfinished. It belongs in TF-PSA-Crypto anyway. So remove it, it's one less little amount of baggage. Signed-off-by: Gilles Peskine --- programs/Makefile | 3 - tests/Makefile | 16 --- .../components-configuration-crypto.sh | 9 -- tests/scripts/psa_collect_statuses.py | 130 ------------------ 4 files changed, 158 deletions(-) delete mode 100755 tests/scripts/psa_collect_statuses.py diff --git a/programs/Makefile b/programs/Makefile index 846361d788..21a69766c1 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -8,9 +8,6 @@ else DLOPEN_LDFLAGS ?= endif -ifdef RECORD_PSA_STATUS_COVERAGE_LOG -LOCAL_CFLAGS += -Werror -DRECORD_PSA_STATUS_COVERAGE_LOG -endif DEP=${MBEDLIBS} ${MBEDTLS_TEST_OBJS} # Only build the dlopen test in shared library builds, and not when building diff --git a/tests/Makefile b/tests/Makefile index 62a7b82e61..06bef9734c 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -19,10 +19,6 @@ LOCAL_CFLAGS += $(TF_PSA_CRYPTO_LIBRARY_PRIVATE_INCLUDE) # on non-POSIX platforms. LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L -ifdef RECORD_PSA_STATUS_COVERAGE_LOG -LOCAL_CFLAGS += -Werror -DRECORD_PSA_STATUS_COVERAGE_LOG -endif - GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(patsubst tests/%,%,$(shell \ $(PYTHON) ../framework/scripts/generate_config_tests.py --list || \ echo FAILED \ @@ -110,12 +106,6 @@ include/test/test_keys.h: ../framework/scripts/generate_test_keys.py $(PYTHON) ../framework/scripts/generate_test_keys.py --output $@ TEST_OBJS_DEPS = $(wildcard include/test/*.h include/test/*/*.h) -ifdef RECORD_PSA_STATUS_COVERAGE_LOG -# Explicitly depend on this header because on a clean copy of the source tree, -# it doesn't exist yet and must be generated as part of the build, and -# therefore the wildcard enumeration above doesn't include it. -TEST_OBJS_DEPS += ../framework/tests/include/test/instrument_record_status.h -endif TEST_OBJS_DEPS += include/test/test_certs.h include/test/test_keys.h \ ../tf-psa-crypto/tests/include/test/test_keys.h @@ -311,9 +301,3 @@ libtestdriver1.a: fi $(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a - -ifdef RECORD_PSA_STATUS_COVERAGE_LOG -../framework/tests/include/test/instrument_record_status.h: ../tf-psa-crypto/include/psa/crypto.h Makefile - echo " Gen $@" - sed <../tf-psa-crypto/include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p' -endif diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 6a6b0a70de..2227287358 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -493,15 +493,6 @@ component_test_everest_curve25519_only () { ctest } -component_test_psa_collect_statuses () { - msg "build+test: psa_collect_statuses" # ~30s - scripts/config.py full - tests/scripts/psa_collect_statuses.py - # Check that psa_crypto_init() succeeded at least once - grep -q '^0:psa_crypto_init:' tests/statuses.log - rm -f tests/statuses.log -} - # Check that the specified libraries exist and are empty. are_empty_libraries () { nm "$@" >/dev/null 2>/dev/null diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py deleted file mode 100755 index a91e3a3b30..0000000000 --- a/tests/scripts/psa_collect_statuses.py +++ /dev/null @@ -1,130 +0,0 @@ -#!/usr/bin/env python3 -"""Describe the test coverage of PSA functions in terms of return statuses. - -1. Build Mbed TLS with -DRECORD_PSA_STATUS_COVERAGE_LOG -2. Run psa_collect_statuses.py - -The output is a series of line of the form "psa_foo PSA_ERROR_XXX". Each -function/status combination appears only once. - -This script must be run from the top of an Mbed TLS source tree. -The build command is "make -DRECORD_PSA_STATUS_COVERAGE_LOG", which is -only supported with make (as opposed to CMake or other build methods). -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import argparse -import os -import subprocess -import sys - -DEFAULT_STATUS_LOG_FILE = 'tests/statuses.log' -DEFAULT_PSA_CONSTANT_NAMES = 'tf-psa-crypto/programs/psa/psa_constant_names' - -class Statuses: - """Information about observed return statues of API functions.""" - - def __init__(self): - self.functions = {} - self.codes = set() - self.status_names = {} - - def collect_log(self, log_file_name): - """Read logs from RECORD_PSA_STATUS_COVERAGE_LOG. - - Read logs produced by running Mbed TLS test suites built with - -DRECORD_PSA_STATUS_COVERAGE_LOG. - """ - with open(log_file_name) as log: - for line in log: - value, function, tail = line.split(':', 2) - if function not in self.functions: - self.functions[function] = {} - fdata = self.functions[function] - if value not in self.functions[function]: - fdata[value] = [] - fdata[value].append(tail) - self.codes.add(int(value)) - - def get_constant_names(self, psa_constant_names): - """Run psa_constant_names to obtain names for observed numerical values.""" - values = [str(value) for value in self.codes] - cmd = [psa_constant_names, 'status'] + values - output = subprocess.check_output(cmd).decode('ascii') - for value, name in zip(values, output.rstrip().split('\n')): - self.status_names[value] = name - - def report(self): - """Report observed return values for each function. - - The report is a series of line of the form "psa_foo PSA_ERROR_XXX". - """ - for function in sorted(self.functions.keys()): - fdata = self.functions[function] - names = [self.status_names[value] for value in fdata.keys()] - for name in sorted(names): - sys.stdout.write('{} {}\n'.format(function, name)) - -def collect_status_logs(options): - """Build and run unit tests and report observed function return statuses. - - Build Mbed TLS with -DRECORD_PSA_STATUS_COVERAGE_LOG, run the - test suites and display information about observed return statuses. - """ - rebuilt = False - if not options.use_existing_log and os.path.exists(options.log_file): - os.remove(options.log_file) - if not os.path.exists(options.log_file): - if options.clean_before: - subprocess.check_call(['make', '-f', 'scripts/legacy.make', 'clean'], - cwd='tests', - stdout=sys.stderr) - with open(os.devnull, 'w') as devnull: - make_q_ret = subprocess.call(['make', '-f', 'scripts/legacy.make', - '-q', 'lib', 'tests'], - stdout=devnull, stderr=devnull) - if make_q_ret != 0: - subprocess.check_call(['make', '-f', 'scripts/legacy.make', - 'RECORD_PSA_STATUS_COVERAGE_LOG=1'], - stdout=sys.stderr) - rebuilt = True - subprocess.check_call(['make', '-f', 'scripts/legacy.make', 'test'], - stdout=sys.stderr) - data = Statuses() - data.collect_log(options.log_file) - data.get_constant_names(options.psa_constant_names) - if rebuilt and options.clean_after: - subprocess.check_call(['make', '-f', 'scripts/legacy.make', 'clean'], - cwd='tests', - stdout=sys.stderr) - return data - -def main(): - parser = argparse.ArgumentParser(description=globals()['__doc__']) - parser.add_argument('--clean-after', - action='store_true', - help='Run "make clean" after rebuilding') - parser.add_argument('--clean-before', - action='store_true', - help='Run "make clean" before regenerating the log file)') - parser.add_argument('--log-file', metavar='FILE', - default=DEFAULT_STATUS_LOG_FILE, - help='Log file location (default: {})'.format( - DEFAULT_STATUS_LOG_FILE - )) - parser.add_argument('--psa-constant-names', metavar='PROGRAM', - default=DEFAULT_PSA_CONSTANT_NAMES, - help='Path to psa_constant_names (default: {})'.format( - DEFAULT_PSA_CONSTANT_NAMES - )) - parser.add_argument('--use-existing-log', '-e', - action='store_true', - help='Don\'t regenerate the log file if it exists') - options = parser.parse_args() - data = collect_status_logs(options) - data.report() - -if __name__ == '__main__': - main() From 326fb18585c789f43fd33e9f36d6484f87b7c7fe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 3 Mar 2026 13:36:38 +0100 Subject: [PATCH 1450/1548] Move some scripts from mbedtls into the framework Move a bunch of files from `scripts` and `mbedtls/scripts` to the framework. Most are not called from any scripts invoked by the CI, but a couple are. A subsequent commit will adapt the scripts. None of these scripts are referenced from other repositories except in documentation. The following files will be removed, and added to `mbedtls-framework`: * `scripts/ecp_comb_table.py` * `scripts/massif_max.pl` * `tests/scripts/audit-validity-dates.py` (moved to `scripts/`) * `tests/scripts/gen_ctr_drbg.pl` (moved to `scripts/`) * `tests/scripts/gen_gcm_decrypt.pl` (moved to `scripts/`) * `tests/scripts/gen_gcm_encrypt.pl` (moved to `scripts/`) * `tests/scripts/gen_pkcs1_v21_sign_verify.pl` (moved to `scripts/`) * `tests/scripts/generate-afl-tests.sh` (moved to `scripts/`) * `tests/scripts/generate_server9_bad_saltlen.py` (moved to `scripts/`) * `tests/scripts/run-metatests.sh` (moved to `scripts/`) * `tests/scripts/run_demos.py` (moved to `scripts/`) * `tests/scripts/test_config_script.py` (moved to `scripts/`) Signed-off-by: Gilles Peskine --- scripts/ecp_comb_table.py | 237 --------- scripts/massif_max.pl | 36 -- tests/scripts/audit-validity-dates.py | 469 ------------------ tests/scripts/gen_ctr_drbg.pl | 96 ---- tests/scripts/gen_gcm_decrypt.pl | 101 ---- tests/scripts/gen_gcm_encrypt.pl | 84 ---- tests/scripts/gen_pkcs1_v21_sign_verify.pl | 74 --- tests/scripts/generate-afl-tests.sh | 71 --- tests/scripts/generate_server9_bad_saltlen.py | 87 ---- tests/scripts/run-metatests.sh | 89 ---- tests/scripts/run_demos.py | 65 --- tests/scripts/test_config_script.py | 175 ------- 12 files changed, 1584 deletions(-) delete mode 100755 scripts/ecp_comb_table.py delete mode 100755 scripts/massif_max.pl delete mode 100755 tests/scripts/audit-validity-dates.py delete mode 100755 tests/scripts/gen_ctr_drbg.pl delete mode 100755 tests/scripts/gen_gcm_decrypt.pl delete mode 100755 tests/scripts/gen_gcm_encrypt.pl delete mode 100755 tests/scripts/gen_pkcs1_v21_sign_verify.pl delete mode 100755 tests/scripts/generate-afl-tests.sh delete mode 100755 tests/scripts/generate_server9_bad_saltlen.py delete mode 100755 tests/scripts/run-metatests.sh delete mode 100755 tests/scripts/run_demos.py delete mode 100755 tests/scripts/test_config_script.py diff --git a/scripts/ecp_comb_table.py b/scripts/ecp_comb_table.py deleted file mode 100755 index 6146e881c9..0000000000 --- a/scripts/ecp_comb_table.py +++ /dev/null @@ -1,237 +0,0 @@ -#!/usr/bin/env python3 -""" -Purpose - -This script dumps comb table of ec curve. When you add a new ec curve, you -can use this script to generate codes to define `_T` in ecp_curves.c -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import os -import subprocess -import sys -import tempfile - -HOW_TO_ADD_NEW_CURVE = """ -If you are trying to add new curve, you can follow these steps: - -1. Define curve parameters (_p, _gx, etc...) in ecp_curves.c. -2. Add a macro to define _T to NULL following these parameters. -3. Build mbedcrypto -4. Run this script with an argument of new curve -5. Copy the output of this script into ecp_curves.c and replace the macro added - in Step 2 -6. Rebuild and test if everything is ok - -Replace the in the above with the name of the curve you want to add.""" - -CC = os.getenv('CC', 'cc') -MBEDTLS_LIBRARY_PATH = os.getenv('MBEDTLS_LIBRARY_PATH', "library") - -SRC_DUMP_COMB_TABLE = r''' -#include -#include -#include "mbedtls/ecp.h" -#include "mbedtls/error.h" - -static void dump_mpi_initialize( const char *name, const mbedtls_mpi *d ) -{ - uint8_t buf[128] = {0}; - size_t olen; - uint8_t *p; - - olen = mbedtls_mpi_size( d ); - mbedtls_mpi_write_binary_le( d, buf, olen ); - printf("static const mbedtls_mpi_uint %s[] = {\n", name); - for (p = buf; p < buf + olen; p += 8) { - printf( " BYTES_TO_T_UINT_8( 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X ),\n", - p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7] ); - } - printf("};\n"); -} - -static void dump_T( const mbedtls_ecp_group *grp ) -{ - char name[128]; - - printf( "#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1\n" ); - - for (size_t i = 0; i < grp->T_size; ++i) { - snprintf( name, sizeof(name), "%s_T_%zu_X", CURVE_NAME, i ); - dump_mpi_initialize( name, &grp->T[i].X ); - - snprintf( name, sizeof(name), "%s_T_%zu_Y", CURVE_NAME, i ); - dump_mpi_initialize( name, &grp->T[i].Y ); - } - printf( "static const mbedtls_ecp_point %s_T[%zu] = {\n", CURVE_NAME, grp->T_size ); - size_t olen; - for (size_t i = 0; i < grp->T_size; ++i) { - int z; - if ( mbedtls_mpi_cmp_int(&grp->T[i].Z, 0) == 0 ) { - z = 0; - } else if ( mbedtls_mpi_cmp_int(&grp->T[i].Z, 1) == 0 ) { - z = 1; - } else { - fprintf( stderr, "Unexpected value of Z (i = %d)\n", (int)i ); - exit( 1 ); - } - printf( " ECP_POINT_INIT_XY_Z%d(%s_T_%zu_X, %s_T_%zu_Y),\n", - z, - CURVE_NAME, i, - CURVE_NAME, i - ); - } - printf("};\n#endif\n\n"); -} - -int main() -{ - int rc; - mbedtls_mpi m; - mbedtls_ecp_point R; - mbedtls_ecp_group grp; - - mbedtls_ecp_group_init( &grp ); - rc = mbedtls_ecp_group_load( &grp, CURVE_ID ); - if (rc != 0) { - char buf[100]; - mbedtls_strerror( rc, buf, sizeof(buf) ); - fprintf( stderr, "mbedtls_ecp_group_load: %s (-0x%x)\n", buf, -rc ); - return 1; - } - grp.T = NULL; - mbedtls_ecp_point_init( &R ); - mbedtls_mpi_init( &m); - mbedtls_mpi_lset( &m, 1 ); - rc = mbedtls_ecp_mul( &grp, &R, &m, &grp.G, NULL, NULL ); - if ( rc != 0 ) { - char buf[100]; - mbedtls_strerror( rc, buf, sizeof(buf) ); - fprintf( stderr, "mbedtls_ecp_mul: %s (-0x%x)\n", buf, -rc ); - return 1; - } - if ( grp.T == NULL ) { - fprintf( stderr, "grp.T is not generated. Please make sure" - "MBEDTLS_ECP_FIXED_POINT_OPTIM is enabled in mbedtls_config.h\n" ); - return 1; - } - dump_T( &grp ); - return 0; -} -''' - -SRC_DUMP_KNOWN_CURVE = r''' -#include -#include -#include "mbedtls/ecp.h" - -int main() { - const mbedtls_ecp_curve_info *info = mbedtls_ecp_curve_list(); - mbedtls_ecp_group grp; - - mbedtls_ecp_group_init( &grp ); - while ( info->name != NULL ) { - mbedtls_ecp_group_load( &grp, info->grp_id ); - if ( mbedtls_ecp_get_type(&grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) { - printf( " %s", info->name ); - } - info++; - } - printf( "\n" ); - return 0; -} -''' - - -def join_src_path(*args): - return os.path.normpath(os.path.join(os.path.dirname(__file__), "..", *args)) - - -def run_c_source(src, cflags): - """ - Compile and run C source code - :param src: the c language code to run - :param cflags: additional cflags passing to compiler - :return: - """ - binname = tempfile.mktemp(prefix="mbedtls") - fd, srcname = tempfile.mkstemp(prefix="mbedtls", suffix=".c") - srcfile = os.fdopen(fd, mode="w") - srcfile.write(src) - srcfile.close() - args = [CC, - *cflags, - '-I' + join_src_path("include"), - "-o", binname, - '-L' + MBEDTLS_LIBRARY_PATH, - srcname, - '-lmbedcrypto'] - - p = subprocess.run(args=args, check=False) - if p.returncode != 0: - return False - p = subprocess.run(args=[binname], check=False, env={ - 'LD_LIBRARY_PATH': MBEDTLS_LIBRARY_PATH - }) - if p.returncode != 0: - return False - os.unlink(srcname) - os.unlink(binname) - return True - - -def compute_curve(curve): - """compute comb table for curve""" - r = run_c_source( - SRC_DUMP_COMB_TABLE, - [ - '-g', - '-DCURVE_ID=MBEDTLS_ECP_DP_%s' % curve.upper(), - '-DCURVE_NAME="%s"' % curve.lower(), - ]) - if not r: - print("""\ -Unable to compile and run utility.""", file=sys.stderr) - sys.exit(1) - - -def usage(): - print(""" -Usage: python %s ... - -Arguments: - curve Specify one or more curve names (e.g secp256r1) - -All possible curves: """ % sys.argv[0]) - run_c_source(SRC_DUMP_KNOWN_CURVE, []) - print(""" -Environment Variable: - CC Specify which c compile to use to compile utility. - MBEDTLS_LIBRARY_PATH - Specify the path to mbedcrypto library. (e.g. build/library/) - -How to add a new curve: %s""" % HOW_TO_ADD_NEW_CURVE) - - -def run_main(): - shared_lib_path = os.path.normpath(os.path.join(MBEDTLS_LIBRARY_PATH, "libmbedcrypto.so")) - static_lib_path = os.path.normpath(os.path.join(MBEDTLS_LIBRARY_PATH, "libmbedcrypto.a")) - if not os.path.exists(shared_lib_path) and not os.path.exists(static_lib_path): - print("Warning: both '%s' and '%s' are not exists. This script will use " - "the library from your system instead of the library compiled by " - "this source directory.\n" - "You can specify library path using environment variable " - "'MBEDTLS_LIBRARY_PATH'." % (shared_lib_path, static_lib_path), - file=sys.stderr) - - if len(sys.argv) <= 1: - usage() - else: - for curve in sys.argv[1:]: - compute_curve(curve) - - -if __name__ == '__main__': - run_main() diff --git a/scripts/massif_max.pl b/scripts/massif_max.pl deleted file mode 100755 index 52ca606b52..0000000000 --- a/scripts/massif_max.pl +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env perl - -# Parse a massif.out.xxx file and output peak total memory usage -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use warnings; -use strict; - -use utf8; -use open qw(:std utf8); - -die unless @ARGV == 1; - -my @snaps; -open my $fh, '<', $ARGV[0] or die; -{ local $/ = 'snapshot='; @snaps = <$fh>; } -close $fh or die; - -my ($max, $max_heap, $max_he, $max_stack) = (0, 0, 0, 0); -for (@snaps) -{ - my ($heap, $heap_extra, $stack) = m{ - mem_heap_B=(\d+)\n - mem_heap_extra_B=(\d+)\n - mem_stacks_B=(\d+) - }xm; - next unless defined $heap; - my $total = $heap + $heap_extra + $stack; - if( $total > $max ) { - ($max, $max_heap, $max_he, $max_stack) = ($total, $heap, $heap_extra, $stack); - } -} - -printf "$max (heap $max_heap+$max_he, stack $max_stack)\n"; diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py deleted file mode 100755 index 3d0924602c..0000000000 --- a/tests/scripts/audit-validity-dates.py +++ /dev/null @@ -1,469 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -"""Audit validity date of X509 crt/crl/csr. - -This script is used to audit the validity date of crt/crl/csr used for testing. -It prints the information about X.509 objects excluding the objects that -are valid throughout the desired validity period. The data are collected -from framework/data_files/ and tests/suites/*.data files by default. -""" - -import os -import re -import typing -import argparse -import datetime -import glob -import logging -import hashlib -from enum import Enum - -# The script requires cryptography >= 35.0.0 which is only available -# for Python >= 3.6. -import cryptography -from cryptography import x509 - -from generate_test_code import FileWrapper - -import scripts_path # pylint: disable=unused-import -from mbedtls_framework import build_tree -from mbedtls_framework import logging_util - -def check_cryptography_version(): - match = re.match(r'^[0-9]+', cryptography.__version__) - if match is None or int(match.group(0)) < 35: - raise Exception("audit-validity-dates requires cryptography >= 35.0.0" - + "({} is too old)".format(cryptography.__version__)) - -class DataType(Enum): - CRT = 1 # Certificate - CRL = 2 # Certificate Revocation List - CSR = 3 # Certificate Signing Request - - -class DataFormat(Enum): - PEM = 1 # Privacy-Enhanced Mail - DER = 2 # Distinguished Encoding Rules - - -class AuditData: - """Store data location, type and validity period of X.509 objects.""" - #pylint: disable=too-few-public-methods - def __init__(self, data_type: DataType, x509_obj): - self.data_type = data_type - # the locations that the x509 object could be found - self.locations = [] # type: typing.List[str] - self.fill_validity_duration(x509_obj) - self._obj = x509_obj - encoding = cryptography.hazmat.primitives.serialization.Encoding.DER - self._identifier = hashlib.sha1(self._obj.public_bytes(encoding)).hexdigest() - - @property - def identifier(self): - """ - Identifier of the underlying X.509 object, which is consistent across - different runs. - """ - return self._identifier - - def fill_validity_duration(self, x509_obj): - """Read validity period from an X.509 object.""" - # Certificate expires after "not_valid_after" - # Certificate is invalid before "not_valid_before" - if self.data_type == DataType.CRT: - self.not_valid_after = x509_obj.not_valid_after - self.not_valid_before = x509_obj.not_valid_before - # CertificateRevocationList expires after "next_update" - # CertificateRevocationList is invalid before "last_update" - elif self.data_type == DataType.CRL: - self.not_valid_after = x509_obj.next_update - self.not_valid_before = x509_obj.last_update - # CertificateSigningRequest is always valid. - elif self.data_type == DataType.CSR: - self.not_valid_after = datetime.datetime.max - self.not_valid_before = datetime.datetime.min - else: - raise ValueError("Unsupported file_type: {}".format(self.data_type)) - - -class X509Parser: - """A parser class to parse crt/crl/csr file or data in PEM/DER format.""" - PEM_REGEX = br'-{5}BEGIN (?P.*?)-{5}(?P.*?)-{5}END (?P=type)-{5}' - PEM_TAG_REGEX = br'-{5}BEGIN (?P.*?)-{5}\n' - PEM_TAGS = { - DataType.CRT: 'CERTIFICATE', - DataType.CRL: 'X509 CRL', - DataType.CSR: 'CERTIFICATE REQUEST' - } - - def __init__(self, - backends: - typing.Dict[DataType, - typing.Dict[DataFormat, - typing.Callable[[bytes], object]]]) \ - -> None: - self.backends = backends - self.__generate_parsers() - - def __generate_parser(self, data_type: DataType): - """Parser generator for a specific DataType""" - tag = self.PEM_TAGS[data_type] - pem_loader = self.backends[data_type][DataFormat.PEM] - der_loader = self.backends[data_type][DataFormat.DER] - def wrapper(data: bytes): - pem_type = X509Parser.pem_data_type(data) - # It is in PEM format with target tag - if pem_type == tag: - return pem_loader(data) - # It is in PEM format without target tag - if pem_type: - return None - # It might be in DER format - try: - result = der_loader(data) - except ValueError: - result = None - return result - wrapper.__name__ = "{}.parser[{}]".format(type(self).__name__, tag) - return wrapper - - def __generate_parsers(self): - """Generate parsers for all support DataType""" - self.parsers = {} - for data_type, _ in self.PEM_TAGS.items(): - self.parsers[data_type] = self.__generate_parser(data_type) - - def __getitem__(self, item): - return self.parsers[item] - - @staticmethod - def pem_data_type(data: bytes) -> typing.Optional[str]: - """Get the tag from the data in PEM format - - :param data: data to be checked in binary mode. - :return: PEM tag or "" when no tag detected. - """ - m = re.search(X509Parser.PEM_TAG_REGEX, data) - if m is not None: - return m.group('type').decode('UTF-8') - else: - return None - - @staticmethod - def check_hex_string(hex_str: str) -> bool: - """Check if the hex string is possibly DER data.""" - hex_len = len(hex_str) - # At least 6 hex char for 3 bytes: Type + Length + Content - if hex_len < 6: - return False - # Check if Type (1 byte) is SEQUENCE. - if hex_str[0:2] != '30': - return False - # Check LENGTH (1 byte) value - content_len = int(hex_str[2:4], base=16) - consumed = 4 - if content_len in (128, 255): - # Indefinite or Reserved - return False - elif content_len > 127: - # Definite, Long - length_len = (content_len - 128) * 2 - content_len = int(hex_str[consumed:consumed+length_len], base=16) - consumed += length_len - # Check LENGTH - if hex_len != content_len * 2 + consumed: - return False - return True - - -class Auditor: - """ - A base class that uses X509Parser to parse files to a list of AuditData. - - A subclass must implement the following methods: - - collect_default_files: Return a list of file names that are defaultly - used for parsing (auditing). The list will be stored in - Auditor.default_files. - - parse_file: Method that parses a single file to a list of AuditData. - - A subclass may override the following methods: - - parse_bytes: Defaultly, it parses `bytes` that contains only one valid - X.509 data(DER/PEM format) to an X.509 object. - - walk_all: Defaultly, it iterates over all the files in the provided - file name list, calls `parse_file` for each file and stores the results - by extending the `results` passed to the function. - """ - def __init__(self, logger): - self.logger = logger - self.default_files = self.collect_default_files() - self.parser = X509Parser({ - DataType.CRT: { - DataFormat.PEM: x509.load_pem_x509_certificate, - DataFormat.DER: x509.load_der_x509_certificate - }, - DataType.CRL: { - DataFormat.PEM: x509.load_pem_x509_crl, - DataFormat.DER: x509.load_der_x509_crl - }, - DataType.CSR: { - DataFormat.PEM: x509.load_pem_x509_csr, - DataFormat.DER: x509.load_der_x509_csr - }, - }) - - def collect_default_files(self) -> typing.List[str]: - """Collect the default files for parsing.""" - raise NotImplementedError - - def parse_file(self, filename: str) -> typing.List[AuditData]: - """ - Parse a list of AuditData from file. - - :param filename: name of the file to parse. - :return list of AuditData parsed from the file. - """ - raise NotImplementedError - - def parse_bytes(self, data: bytes): - """Parse AuditData from bytes.""" - for data_type in list(DataType): - try: - result = self.parser[data_type](data) - except ValueError as val_error: - result = None - self.logger.warning(val_error) - if result is not None: - audit_data = AuditData(data_type, result) - return audit_data - return None - - def walk_all(self, - results: typing.Dict[str, AuditData], - file_list: typing.Optional[typing.List[str]] = None) \ - -> None: - """ - Iterate over all the files in the list and get audit data. The - results will be written to `results` passed to this function. - - :param results: The dictionary used to store the parsed - AuditData. The keys of this dictionary should - be the identifier of the AuditData. - """ - if file_list is None: - file_list = self.default_files - for filename in file_list: - data_list = self.parse_file(filename) - for d in data_list: - if d.identifier in results: - results[d.identifier].locations.extend(d.locations) - else: - results[d.identifier] = d - - @staticmethod - def find_test_dir(): - """Get the relative path for the Mbed TLS test directory.""" - return os.path.relpath(build_tree.guess_mbedtls_root() + '/tests') - - -class TestDataAuditor(Auditor): - """Class for auditing files in `framework/data_files/`""" - - def collect_default_files(self): - """Collect all files in `framework/data_files/`""" - test_data_glob = os.path.join(build_tree.guess_mbedtls_root(), - 'framework', 'data_files/**') - data_files = [f for f in glob.glob(test_data_glob, recursive=True) - if os.path.isfile(f)] - return data_files - - def parse_file(self, filename: str) -> typing.List[AuditData]: - """ - Parse a list of AuditData from data file. - - :param filename: name of the file to parse. - :return list of AuditData parsed from the file. - """ - with open(filename, 'rb') as f: - data = f.read() - - results = [] - # Try to parse all PEM blocks. - is_pem = False - for idx, m in enumerate(re.finditer(X509Parser.PEM_REGEX, data, flags=re.S), 1): - is_pem = True - result = self.parse_bytes(data[m.start():m.end()]) - if result is not None: - result.locations.append("{}#{}".format(filename, idx)) - results.append(result) - - # Might be DER format. - if not is_pem: - result = self.parse_bytes(data) - if result is not None: - result.locations.append("{}".format(filename)) - results.append(result) - - return results - - -def parse_suite_data(data_f): - """ - Parses .data file for test arguments that possiblly have a - valid X.509 data. If you need a more precise parser, please - use generate_test_code.parse_test_data instead. - - :param data_f: file object of the data file. - :return: Generator that yields test function argument list. - """ - for line in data_f: - line = line.strip() - # Skip comments - if line.startswith('#'): - continue - - # Check parameters line - match = re.search(r'\A\w+(.*:)?\"', line) - if match: - # Read test vectors - parts = re.split(r'(?[0-9a-fA-F]+)"', test_arg) - if not match: - continue - if not X509Parser.check_hex_string(match.group('data')): - continue - audit_data = self.parse_bytes(bytes.fromhex(match.group('data'))) - if audit_data is None: - continue - audit_data.locations.append("{}:{}:#{}".format(filename, - data_f.line_no, - idx + 1)) - audit_data_list.append(audit_data) - - return audit_data_list - - -def list_all(audit_data: AuditData): - for loc in audit_data.locations: - print("{}\t{:20}\t{:20}\t{:3}\t{}".format( - audit_data.identifier, - audit_data.not_valid_before.isoformat(timespec='seconds'), - audit_data.not_valid_after.isoformat(timespec='seconds'), - audit_data.data_type.name, - loc)) - - -def main(): - """ - Perform argument parsing. - """ - parser = argparse.ArgumentParser(description=__doc__) - - parser.add_argument('-a', '--all', - action='store_true', - help='list the information of all the files') - parser.add_argument('-v', '--verbose', - action='store_true', dest='verbose', - help='show logs') - parser.add_argument('--from', dest='start_date', - help=('Start of desired validity period (UTC, YYYY-MM-DD). ' - 'Default: today'), - metavar='DATE') - parser.add_argument('--to', dest='end_date', - help=('End of desired validity period (UTC, YYYY-MM-DD). ' - 'Default: --from'), - metavar='DATE') - parser.add_argument('--data-files', action='append', nargs='*', - help='data files to audit', - metavar='FILE') - parser.add_argument('--suite-data-files', action='append', nargs='*', - help='suite data files to audit', - metavar='FILE') - - args = parser.parse_args() - - # start main routine - # setup logger - logger = logging.getLogger() - logging_util.configure_logger(logger) - logger.setLevel(logging.DEBUG if args.verbose else logging.ERROR) - - td_auditor = TestDataAuditor(logger) - sd_auditor = SuiteDataAuditor(logger) - - data_files = [] - suite_data_files = [] - if args.data_files is None and args.suite_data_files is None: - data_files = td_auditor.default_files - suite_data_files = sd_auditor.default_files - else: - if args.data_files is not None: - data_files = [x for l in args.data_files for x in l] - if args.suite_data_files is not None: - suite_data_files = [x for l in args.suite_data_files for x in l] - - # validity period start date - if args.start_date: - start_date = datetime.datetime.fromisoformat(args.start_date) - else: - start_date = datetime.datetime.today() - # validity period end date - if args.end_date: - end_date = datetime.datetime.fromisoformat(args.end_date) - else: - end_date = start_date - - # go through all the files - audit_results = {} - td_auditor.walk_all(audit_results, data_files) - sd_auditor.walk_all(audit_results, suite_data_files) - - logger.info("Total: {} objects found!".format(len(audit_results))) - - # we filter out the files whose validity duration covers the provided - # duration. - filter_func = lambda d: (start_date < d.not_valid_before) or \ - (d.not_valid_after < end_date) - - sortby_end = lambda d: d.not_valid_after - - if args.all: - filter_func = None - - # filter and output the results - for d in sorted(filter(filter_func, audit_results.values()), key=sortby_end): - list_all(d) - - logger.debug("Done!") - -check_cryptography_version() -if __name__ == "__main__": - main() diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl deleted file mode 100755 index ec5e5d8915..0000000000 --- a/tests/scripts/gen_ctr_drbg.pl +++ /dev/null @@ -1,96 +0,0 @@ -#!/usr/bin/env perl -# -# Based on NIST CTR_DRBG.rsp validation file -# Only uses AES-256-CTR cases that use a Derivation function -# and concats nonce and personalization for initialization. -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use strict; - -my $file = shift; - -open(TEST_DATA, "$file") or die "Opening test cases '$file': $!"; - -sub get_suite_val($) -{ - my $name = shift; - my $val = ""; - - my $line = ; - ($val) = ($line =~ /\[$name\s\=\s(\w+)\]/); - - return $val; -} - -sub get_val($) -{ - my $name = shift; - my $val = ""; - my $line; - - while($line = ) - { - next if($line !~ /=/); - last; - } - - ($val) = ($line =~ /^$name = (\w+)/); - - return $val; -} - -my $cnt = 1;; -while (my $line = ) -{ - next if ($line !~ /^\[AES-256 use df/); - - my $PredictionResistanceStr = get_suite_val("PredictionResistance"); - my $PredictionResistance = 0; - $PredictionResistance = 1 if ($PredictionResistanceStr eq 'True'); - my $EntropyInputLen = get_suite_val("EntropyInputLen"); - my $NonceLen = get_suite_val("NonceLen"); - my $PersonalizationStringLen = get_suite_val("PersonalizationStringLen"); - my $AdditionalInputLen = get_suite_val("AdditionalInputLen"); - - for ($cnt = 0; $cnt < 15; $cnt++) - { - my $Count = get_val("COUNT"); - my $EntropyInput = get_val("EntropyInput"); - my $Nonce = get_val("Nonce"); - my $PersonalizationString = get_val("PersonalizationString"); - my $AdditionalInput1 = get_val("AdditionalInput"); - my $EntropyInputPR1 = get_val("EntropyInputPR") if ($PredictionResistance == 1); - my $EntropyInputReseed = get_val("EntropyInputReseed") if ($PredictionResistance == 0); - my $AdditionalInputReseed = get_val("AdditionalInputReseed") if ($PredictionResistance == 0); - my $AdditionalInput2 = get_val("AdditionalInput"); - my $EntropyInputPR2 = get_val("EntropyInputPR") if ($PredictionResistance == 1); - my $ReturnedBits = get_val("ReturnedBits"); - - if ($PredictionResistance == 1) - { - print("CTR_DRBG NIST Validation (AES-256 use df,$PredictionResistanceStr,$EntropyInputLen,$NonceLen,$PersonalizationStringLen,$AdditionalInputLen) #$Count\n"); - print("ctr_drbg_validate_pr"); - print(":\"$Nonce$PersonalizationString\""); - print(":\"$EntropyInput$EntropyInputPR1$EntropyInputPR2\""); - print(":\"$AdditionalInput1\""); - print(":\"$AdditionalInput2\""); - print(":\"$ReturnedBits\""); - print("\n\n"); - } - else - { - print("CTR_DRBG NIST Validation (AES-256 use df,$PredictionResistanceStr,$EntropyInputLen,$NonceLen,$PersonalizationStringLen,$AdditionalInputLen) #$Count\n"); - print("ctr_drbg_validate_nopr"); - print(":\"$Nonce$PersonalizationString\""); - print(":\"$EntropyInput$EntropyInputReseed\""); - print(":\"$AdditionalInput1\""); - print(":\"$AdditionalInputReseed\""); - print(":\"$AdditionalInput2\""); - print(":\"$ReturnedBits\""); - print("\n\n"); - } - } -} -close(TEST_DATA); diff --git a/tests/scripts/gen_gcm_decrypt.pl b/tests/scripts/gen_gcm_decrypt.pl deleted file mode 100755 index 30d45c307d..0000000000 --- a/tests/scripts/gen_gcm_decrypt.pl +++ /dev/null @@ -1,101 +0,0 @@ -#!/usr/bin/env perl -# -# Based on NIST gcmDecryptxxx.rsp validation files -# Only first 3 of every set used for compile time saving -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use strict; - -my $file = shift; - -open(TEST_DATA, "$file") or die "Opening test cases '$file': $!"; - -sub get_suite_val($) -{ - my $name = shift; - my $val = ""; - - while(my $line = ) - { - next if ($line !~ /^\[/); - ($val) = ($line =~ /\[$name\s\=\s(\w+)\]/); - last; - } - - return $val; -} - -sub get_val($) -{ - my $name = shift; - my $val = ""; - my $line; - - while($line = ) - { - next if($line !~ /=/); - last; - } - - ($val) = ($line =~ /^$name = (\w+)/); - - return $val; -} - -sub get_val_or_fail($) -{ - my $name = shift; - my $val = "FAIL"; - my $line; - - while($line = ) - { - next if($line !~ /=/ && $line !~ /FAIL/); - last; - } - - ($val) = ($line =~ /^$name = (\w+)/) if ($line =~ /=/); - - return $val; -} - -my $cnt = 1;; -while (my $line = ) -{ - my $key_len = get_suite_val("Keylen"); - next if ($key_len !~ /\d+/); - my $iv_len = get_suite_val("IVlen"); - my $pt_len = get_suite_val("PTlen"); - my $add_len = get_suite_val("AADlen"); - my $tag_len = get_suite_val("Taglen"); - - for ($cnt = 0; $cnt < 3; $cnt++) - { - my $Count = get_val("Count"); - my $key = get_val("Key"); - my $iv = get_val("IV"); - my $ct = get_val("CT"); - my $add = get_val("AAD"); - my $tag = get_val("Tag"); - my $pt = get_val_or_fail("PT"); - - print("GCM NIST Validation (AES-$key_len,$iv_len,$pt_len,$add_len,$tag_len) #$Count\n"); - print("gcm_decrypt_and_verify"); - print(":\"$key\""); - print(":\"$ct\""); - print(":\"$iv\""); - print(":\"$add\""); - print(":$tag_len"); - print(":\"$tag\""); - print(":\"$pt\""); - print(":0"); - print("\n\n"); - } -} - -print("GCM Selftest\n"); -print("gcm_selftest:\n\n"); - -close(TEST_DATA); diff --git a/tests/scripts/gen_gcm_encrypt.pl b/tests/scripts/gen_gcm_encrypt.pl deleted file mode 100755 index b4f08494c0..0000000000 --- a/tests/scripts/gen_gcm_encrypt.pl +++ /dev/null @@ -1,84 +0,0 @@ -#!/usr/bin/env perl -# -# Based on NIST gcmEncryptIntIVxxx.rsp validation files -# Only first 3 of every set used for compile time saving -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use strict; - -my $file = shift; - -open(TEST_DATA, "$file") or die "Opening test cases '$file': $!"; - -sub get_suite_val($) -{ - my $name = shift; - my $val = ""; - - while(my $line = ) - { - next if ($line !~ /^\[/); - ($val) = ($line =~ /\[$name\s\=\s(\w+)\]/); - last; - } - - return $val; -} - -sub get_val($) -{ - my $name = shift; - my $val = ""; - my $line; - - while($line = ) - { - next if($line !~ /=/); - last; - } - - ($val) = ($line =~ /^$name = (\w+)/); - - return $val; -} - -my $cnt = 1;; -while (my $line = ) -{ - my $key_len = get_suite_val("Keylen"); - next if ($key_len !~ /\d+/); - my $iv_len = get_suite_val("IVlen"); - my $pt_len = get_suite_val("PTlen"); - my $add_len = get_suite_val("AADlen"); - my $tag_len = get_suite_val("Taglen"); - - for ($cnt = 0; $cnt < 3; $cnt++) - { - my $Count = get_val("Count"); - my $key = get_val("Key"); - my $pt = get_val("PT"); - my $add = get_val("AAD"); - my $iv = get_val("IV"); - my $ct = get_val("CT"); - my $tag = get_val("Tag"); - - print("GCM NIST Validation (AES-$key_len,$iv_len,$pt_len,$add_len,$tag_len) #$Count\n"); - print("gcm_encrypt_and_tag"); - print(":\"$key\""); - print(":\"$pt\""); - print(":\"$iv\""); - print(":\"$add\""); - print(":\"$ct\""); - print(":$tag_len"); - print(":\"$tag\""); - print(":0"); - print("\n\n"); - } -} - -print("GCM Selftest\n"); -print("gcm_selftest:\n\n"); - -close(TEST_DATA); diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl deleted file mode 100755 index fe2d3f5d37..0000000000 --- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/env perl -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -use strict; - -my $file = shift; - -open(TEST_DATA, "$file") or die "Opening test cases '$file': $!"; - -sub get_val($$) -{ - my $str = shift; - my $name = shift; - my $val = ""; - - while(my $line = ) - { - next if($line !~ /^# $str/); - last; - } - - while(my $line = ) - { - last if($line eq "\r\n"); - $val .= $line; - } - - $val =~ s/[ \r\n]//g; - - return $val; -} - -my $state = 0; -my $val_n = ""; -my $val_e = ""; -my $val_p = ""; -my $val_q = ""; -my $mod = 0; -my $cnt = 1; -while (my $line = ) -{ - next if ($line !~ /^# Example/); - - ( $mod ) = ($line =~ /A (\d+)/); - $val_n = get_val("RSA modulus n", "N"); - $val_e = get_val("RSA public exponent e", "E"); - $val_p = get_val("Prime p", "P"); - $val_q = get_val("Prime q", "Q"); - - for(my $i = 1; $i <= 6; $i++) - { - my $val_m = get_val("Message to be", "M"); - my $val_salt = get_val("Salt", "Salt"); - my $val_sig = get_val("Signature", "Sig"); - - print("RSASSA-PSS Signature Example ${cnt}_${i}\n"); - print("pkcs1_rsassa_pss_sign:$mod:16:\"$val_p\":16:\"$val_q\":16:\"$val_n\":16:\"$val_e\":SIG_RSA_SHA1:MBEDTLS_MD_SHA1"); - print(":\"$val_m\""); - print(":\"$val_salt\""); - print(":\"$val_sig\":0"); - print("\n\n"); - - print("RSASSA-PSS Signature Example ${cnt}_${i} (verify)\n"); - print("pkcs1_rsassa_pss_verify:$mod:16:\"$val_n\":16:\"$val_e\":SIG_RSA_SHA1:MBEDTLS_MD_SHA1"); - print(":\"$val_m\""); - print(":\"$val_salt\""); - print(":\"$val_sig\":0"); - print("\n\n"); - } - $cnt++; -} -close(TEST_DATA); diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh deleted file mode 100755 index d4ef0f3af1..0000000000 --- a/tests/scripts/generate-afl-tests.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/sh - -# This script splits the data test files containing the test cases into -# individual files (one test case per file) suitable for use with afl -# (American Fuzzy Lop). http://lcamtuf.coredump.cx/afl/ -# -# Usage: generate-afl-tests.sh -# - should be the path to one of the test suite files -# such as 'test_suite_rsa.data' -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -# Abort on errors -set -e - -if [ -z $1 ] -then - echo " [!] No test file specified" >&2 - echo "Usage: $0 " >&2 - exit 1 -fi - -SRC_FILEPATH=$(dirname $1)/$(basename $1) -TESTSUITE=$(basename $1 .data) - -THIS_DIR=$(basename $PWD) - -if [ -d ../library -a -d ../include -a -d ../tests -a $THIS_DIR == "tests" ]; -then :; -else - echo " [!] Must be run from Mbed TLS tests directory" >&2 - exit 1 -fi - -DEST_TESTCASE_DIR=$TESTSUITE-afl-tests -DEST_OUTPUT_DIR=$TESTSUITE-afl-out - -echo " [+] Creating output directories" >&2 - -if [ -e $DEST_OUTPUT_DIR/* ]; -then : - echo " [!] Test output files already exist." >&2 - exit 1 -else - mkdir -p $DEST_OUTPUT_DIR -fi - -if [ -e $DEST_TESTCASE_DIR/* ]; -then : - echo " [!] Test output files already exist." >&2 -else - mkdir -p $DEST_TESTCASE_DIR -fi - -echo " [+] Creating test cases" >&2 -cd $DEST_TESTCASE_DIR - -split -p '^\s*$' ../$SRC_FILEPATH - -for f in *; -do - # Strip out any blank lines (no trim on OS X) - sed '/^\s*$/d' $f >testcase_$f - rm $f -done - -cd .. - -echo " [+] Test cases in $DEST_TESTCASE_DIR" >&2 - diff --git a/tests/scripts/generate_server9_bad_saltlen.py b/tests/scripts/generate_server9_bad_saltlen.py deleted file mode 100755 index 9af4dd3b6d..0000000000 --- a/tests/scripts/generate_server9_bad_saltlen.py +++ /dev/null @@ -1,87 +0,0 @@ -#!/usr/bin/env python3 -"""Generate server9-bad-saltlen.crt - -Generate a certificate signed with RSA-PSS, with an incorrect salt length. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import subprocess -import argparse -from asn1crypto import pem, x509, core #type: ignore #pylint: disable=import-error - -OPENSSL_RSA_PSS_CERT_COMMAND = r''' -openssl x509 -req -CA {ca_name}.crt -CAkey {ca_name}.key -set_serial 24 {ca_password} \ - {openssl_extfile} -days 3650 -outform DER -in {csr} \ - -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:{anounce_saltlen} \ - -sigopt rsa_mgf1_md:sha256 -''' -SIG_OPT = \ - r'-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:{saltlen} -sigopt rsa_mgf1_md:sha256' -OPENSSL_RSA_PSS_DGST_COMMAND = r'''openssl dgst -sign {ca_name}.key {ca_password} \ - -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:{actual_saltlen} \ - -sigopt rsa_mgf1_md:sha256''' - - -def auto_int(x): - return int(x, 0) - - -def build_argparser(parser): - """Build argument parser""" - parser.description = __doc__ - parser.add_argument('--ca-name', type=str, required=True, - help='Basename of CA files') - parser.add_argument('--ca-password', type=str, - required=True, help='CA key file password') - parser.add_argument('--csr', type=str, required=True, - help='CSR file for generating certificate') - parser.add_argument('--openssl-extfile', type=str, - required=True, help='X905 v3 extension config file') - parser.add_argument('--anounce_saltlen', type=auto_int, - required=True, help='Announced salt length') - parser.add_argument('--actual_saltlen', type=auto_int, - required=True, help='Actual salt length') - parser.add_argument('--output', type=str, required=True) - - -def main(): - parser = argparse.ArgumentParser() - build_argparser(parser) - args = parser.parse_args() - - return generate(**vars(args)) - -def generate(**kwargs): - """Generate different salt length certificate file.""" - ca_password = kwargs.get('ca_password', '') - if ca_password: - kwargs['ca_password'] = r'-passin "pass:{ca_password}"'.format( - **kwargs) - else: - kwargs['ca_password'] = '' - extfile = kwargs.get('openssl_extfile', '') - if extfile: - kwargs['openssl_extfile'] = '-extfile {openssl_extfile}'.format( - **kwargs) - else: - kwargs['openssl_extfile'] = '' - - cmd = OPENSSL_RSA_PSS_CERT_COMMAND.format(**kwargs) - der_bytes = subprocess.check_output(cmd, shell=True) - target_certificate = x509.Certificate.load(der_bytes) - - cmd = OPENSSL_RSA_PSS_DGST_COMMAND.format(**kwargs) - #pylint: disable=unexpected-keyword-arg - der_bytes = subprocess.check_output(cmd, - input=target_certificate['tbs_certificate'].dump(), - shell=True) - - with open(kwargs.get('output'), 'wb') as f: - target_certificate['signature_value'] = core.OctetBitString(der_bytes) - f.write(pem.armor('CERTIFICATE', target_certificate.dump())) - - -if __name__ == '__main__': - main() diff --git a/tests/scripts/run-metatests.sh b/tests/scripts/run-metatests.sh deleted file mode 100755 index 22a302c62f..0000000000 --- a/tests/scripts/run-metatests.sh +++ /dev/null @@ -1,89 +0,0 @@ -#!/bin/sh - -help () { - cat <&2 "$0: FATAL: programs/test/metatest not found" - exit 120 -fi - -LIST_ONLY= -while getopts hl OPTLET; do - case $OPTLET in - h) help; exit;; - l) LIST_ONLY=1;; - \?) help >&2; exit 120;; - esac -done -shift $((OPTIND - 1)) - -list_matches () { - while read name platform junk; do - for pattern in "$@"; do - case $platform in - $pattern) echo "$name"; break;; - esac - done - done -} - -count=0 -errors=0 -run_metatest () { - ret=0 - "$METATEST_PROGRAM" "$1" || ret=$? - if [ $ret -eq 0 ]; then - echo >&2 "$0: Unexpected success: $1" - errors=$((errors + 1)) - fi - count=$((count + 1)) -} - -# Don't pipe the output of metatest so that if it fails, this script exits -# immediately with a failure status. -full_list=$("$METATEST_PROGRAM" list) -matching_list=$(printf '%s\n' "$full_list" | list_matches "$@") - -if [ -n "$LIST_ONLY" ]; then - printf '%s\n' $matching_list - exit -fi - -for name in $matching_list; do - run_metatest "$name" -done - -if [ $errors -eq 0 ]; then - echo "Ran $count metatests, all good." - exit 0 -else - echo "Ran $count metatests, $errors unexpected successes." - exit 1 -fi diff --git a/tests/scripts/run_demos.py b/tests/scripts/run_demos.py deleted file mode 100755 index f9a8100141..0000000000 --- a/tests/scripts/run_demos.py +++ /dev/null @@ -1,65 +0,0 @@ -#!/usr/bin/env python3 -"""Run the Mbed TLS demo scripts. -""" -import argparse -import glob -import subprocess -import sys - -def run_demo(demo, quiet=False): - """Run the specified demo script. Return True if it succeeds.""" - args = {} - if quiet: - args['stdout'] = subprocess.DEVNULL - args['stderr'] = subprocess.DEVNULL - returncode = subprocess.call([demo], **args) - return returncode == 0 - -def run_demos(demos, quiet=False): - """Run the specified demos and print summary information about failures. - - Return True if all demos passed and False if a demo fails. - """ - failures = [] - for demo in demos: - if not quiet: - print('#### {} ####'.format(demo)) - success = run_demo(demo, quiet=quiet) - if not success: - failures.append(demo) - if not quiet: - print('{}: FAIL'.format(demo)) - if quiet: - print('{}: {}'.format(demo, 'PASS' if success else 'FAIL')) - else: - print('') - successes = len(demos) - len(failures) - print('{}/{} demos passed'.format(successes, len(demos))) - if failures and not quiet: - print('Failures:', *failures) - return not failures - -def run_all_demos(quiet=False): - """Run all the available demos. - - Return True if all demos passed and False if a demo fails. - """ - mbedtls_demos = glob.glob('programs/*/*_demo.sh') - tf_psa_crypto_demos = glob.glob('tf-psa-crypto/programs/*/*_demo.sh') - all_demos = mbedtls_demos + tf_psa_crypto_demos - if not all_demos: - # Keep the message on one line. pylint: disable=line-too-long - raise Exception('No demos found. run_demos needs to operate from the Mbed TLS toplevel directory.') - return run_demos(all_demos, quiet=quiet) - -def main(): - parser = argparse.ArgumentParser(description=__doc__) - parser.add_argument('--quiet', '-q', - action='store_true', - help="suppress the output of demos") - options = parser.parse_args() - success = run_all_demos(quiet=options.quiet) - sys.exit(0 if success else 1) - -if __name__ == '__main__': - main() diff --git a/tests/scripts/test_config_script.py b/tests/scripts/test_config_script.py deleted file mode 100755 index b58a3114cf..0000000000 --- a/tests/scripts/test_config_script.py +++ /dev/null @@ -1,175 +0,0 @@ -#!/usr/bin/env python3 - -"""Test helper for the Mbed TLS configuration file tool - -Run config.py with various parameters and write the results to files. - -This is a harness to help regression testing, not a functional tester. -Sample usage: - - test_config_script.py -d old - ## Modify config.py and/or mbedtls_config.h ## - test_config_script.py -d new - diff -ru old new -""" - -## Copyright The Mbed TLS Contributors -## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -## - -import argparse -import glob -import os -import re -import shutil -import subprocess - -OUTPUT_FILE_PREFIX = 'config-' - -def output_file_name(directory, stem, extension): - return os.path.join(directory, - '{}{}.{}'.format(OUTPUT_FILE_PREFIX, - stem, extension)) - -def cleanup_directory(directory): - """Remove old output files.""" - for extension in []: - pattern = output_file_name(directory, '*', extension) - filenames = glob.glob(pattern) - for filename in filenames: - os.remove(filename) - -def prepare_directory(directory): - """Create the output directory if it doesn't exist yet. - - If there are old output files, remove them. - """ - if os.path.exists(directory): - cleanup_directory(directory) - else: - os.makedirs(directory) - -def guess_presets_from_help(help_text): - """Figure out what presets the script supports. - - help_text should be the output from running the script with --help. - """ - # Try the output format from config.py - hits = re.findall(r'\{([-\w,]+)\}', help_text) - for hit in hits: - words = set(hit.split(',')) - if 'get' in words and 'set' in words and 'unset' in words: - words.remove('get') - words.remove('set') - words.remove('unset') - return words - # Try the output format from config.pl - hits = re.findall(r'\n +([-\w]+) +- ', help_text) - if hits: - return hits - raise Exception("Unable to figure out supported presets. Pass the '-p' option.") - -def list_presets(options): - """Return the list of presets to test. - - The list is taken from the command line if present, otherwise it is - extracted from running the config script with --help. - """ - if options.presets: - return re.split(r'[ ,]+', options.presets) - else: - help_text = subprocess.run([options.script, '--help'], - check=False, # config.pl --help returns 255 - stdout=subprocess.PIPE, - stderr=subprocess.STDOUT).stdout - return guess_presets_from_help(help_text.decode('ascii')) - -def run_one(options, args, stem_prefix='', input_file=None): - """Run the config script with the given arguments. - - Take the original content from input_file if specified, defaulting - to options.input_file if input_file is None. - - Write the following files, where xxx contains stem_prefix followed by - a filename-friendly encoding of args: - * config-xxx.h: modified file. - * config-xxx.out: standard output. - * config-xxx.err: standard output. - * config-xxx.status: exit code. - - Return ("xxx+", "path/to/config-xxx.h") which can be used as - stem_prefix and input_file to call this function again with new args. - """ - if input_file is None: - input_file = options.input_file - stem = stem_prefix + '-'.join(args) - data_filename = output_file_name(options.output_directory, stem, 'h') - stdout_filename = output_file_name(options.output_directory, stem, 'out') - stderr_filename = output_file_name(options.output_directory, stem, 'err') - status_filename = output_file_name(options.output_directory, stem, 'status') - shutil.copy(input_file, data_filename) - # Pass only the file basename, not the full path, to avoid getting the - # directory name in error messages, which would make comparisons - # between output directories more difficult. - cmd = [os.path.abspath(options.script), - '-f', os.path.basename(data_filename)] - with open(stdout_filename, 'wb') as out: - with open(stderr_filename, 'wb') as err: - status = subprocess.call(cmd + args, - cwd=options.output_directory, - stdin=subprocess.DEVNULL, - stdout=out, stderr=err) - with open(status_filename, 'w') as status_file: - status_file.write('{}\n'.format(status)) - return stem + "+", data_filename - -### A list of symbols to test with. -### This script currently tests what happens when you change a symbol from -### having a value to not having a value or vice versa. This is not -### necessarily useful behavior, and we may not consider it a bug if -### config.py stops handling that case correctly. -TEST_SYMBOLS = [ - 'CUSTOM_SYMBOL', # does not exist - 'PSA_WANT_KEY_TYPE_AES', # set, no value - 'MBEDTLS_MPI_MAX_SIZE', # unset, has a value - 'MBEDTLS_NO_UDBL_DIVISION', # unset, in "System support" - 'MBEDTLS_PLATFORM_ZEROIZE_ALT', # unset, in "Customisation configuration options" -] - -def run_all(options): - """Run all the command lines to test.""" - presets = list_presets(options) - for preset in presets: - run_one(options, [preset]) - for symbol in TEST_SYMBOLS: - run_one(options, ['get', symbol]) - (stem, filename) = run_one(options, ['set', symbol]) - run_one(options, ['get', symbol], stem_prefix=stem, input_file=filename) - run_one(options, ['--force', 'set', symbol]) - (stem, filename) = run_one(options, ['set', symbol, 'value']) - run_one(options, ['get', symbol], stem_prefix=stem, input_file=filename) - run_one(options, ['--force', 'set', symbol, 'value']) - run_one(options, ['unset', symbol]) - -def main(): - """Command line entry point.""" - parser = argparse.ArgumentParser(description=__doc__, - formatter_class=argparse.RawDescriptionHelpFormatter) - parser.add_argument('-d', metavar='DIR', - dest='output_directory', required=True, - help="""Output directory.""") - parser.add_argument('-f', metavar='FILE', - dest='input_file', default='include/mbedtls/mbedtls_config.h', - help="""Config file (default: %(default)s).""") - parser.add_argument('-p', metavar='PRESET,...', - dest='presets', - help="""Presets to test (default: guessed from --help).""") - parser.add_argument('-s', metavar='FILE', - dest='script', default='scripts/config.py', - help="""Configuration script (default: %(default)s).""") - options = parser.parse_args() - prepare_directory(options.output_directory) - run_all(options) - -if __name__ == '__main__': - main() From 702b389645e482cf579737a72c44738555a95c55 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 3 Mar 2026 13:52:24 +0100 Subject: [PATCH 1451/1548] Update framework with moved scripts Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 9b92164c47..c3d6599465 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 9b92164c47fdaecb2600b417733507e2a105c3a5 +Subproject commit c3d659946503c3ef259bc424e1c3fd10d55df543 From c4d40c2de3bc704c12a7d7bcb88fd33a29ee51b3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Feb 2026 19:35:56 +0100 Subject: [PATCH 1452/1548] Move requirements to the framework for scripts in the framework Signed-off-by: Gilles Peskine --- scripts/ci.requirements.txt | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt index 2ab7ba98da..7525036441 100644 --- a/scripts/ci.requirements.txt +++ b/scripts/ci.requirements.txt @@ -1,6 +1,7 @@ # Python package requirements for Mbed TLS testing. -r driver.requirements.txt +-r ../framework/scripts/ci.requirements.txt # The dependencies below are only used in scripts that we run on the Linux CI. @@ -16,13 +17,3 @@ pylint == 2.4.4; platform_system == 'Linux' # https://github.com/Mbed-TLS/mbedtls-framework/issues/50 # mypy 0.942 is the version in Ubuntu 22.04. mypy == 0.942; platform_system == 'Linux' - -# At the time of writing, only needed for tests/scripts/audit-validity-dates.py. -# It needs >=35.0.0 for correct operation, and that requires Python >=3.6. -# >=35.0.0 also requires Rust to build from source, which we are forced to do on -# FreeBSD, since PyPI doesn't carry binary wheels for the BSDs. -cryptography >= 35.0.0; platform_system == 'Linux' - -# For building `framework/data_files/server9-bad-saltlen.crt` and check python -# files. -asn1crypto; platform_system == 'Linux' From f840cb16e5bf8c289c631bddba039b04b9e4234f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Feb 2026 19:36:33 +0100 Subject: [PATCH 1453/1548] Update paths after moving some scripts to the framework Signed-off-by: Gilles Peskine --- tests/scripts/components-configuration-crypto.sh | 2 +- tests/scripts/components-configuration.sh | 12 ++++++------ tests/scripts/components-platform.sh | 12 ++++++------ tests/scripts/components-sanitizers.sh | 4 ++-- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 2227287358..7683eec8d9 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -462,7 +462,7 @@ component_test_everest () { make test msg "test: metatests (clang, ASan)" - tests/scripts/run-metatests.sh any asan poison + framework/scripts/run-metatests.sh any asan poison msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s tests/ssl-opt.sh -f ECDH diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh index dcd01c7e58..bad3822ccb 100644 --- a/tests/scripts/components-configuration.sh +++ b/tests/scripts/components-configuration.sh @@ -22,7 +22,7 @@ component_test_default_out_of_box () { programs/test/selftest msg "program demos: make, default config (out-of-box)" # ~10s - tests/scripts/run_demos.py + framework/scripts/run_demos.py } component_test_default_cmake_gcc_asan () { @@ -34,13 +34,13 @@ component_test_default_cmake_gcc_asan () { make test msg "program demos (ASan build)" # ~10s - tests/scripts/run_demos.py + framework/scripts/run_demos.py msg "test: selftest (ASan build)" # ~ 10s programs/test/selftest msg "test: metatests (GCC, ASan build)" - tests/scripts/run-metatests.sh any asan poison + framework/scripts/run-metatests.sh any asan poison msg "test: ssl-opt.sh (ASan build)" # ~ 1 min tests/ssl-opt.sh @@ -143,10 +143,10 @@ component_test_full_cmake_clang () { programs/test/cpp_dummy_build msg "test: metatests (clang)" - tests/scripts/run-metatests.sh any pthread + framework/scripts/run-metatests.sh any pthread msg "program demos (full config, clang)" # ~10s - tests/scripts/run_demos.py + framework/scripts/run_demos.py msg "test: psa_constant_names (full config, clang)" # ~ 1s $FRAMEWORK/scripts/test_psa_constant_names.py @@ -214,7 +214,7 @@ component_test_full_deprecated_warning () { $MAKE_COMMAND test msg "program demos: full config + MBEDTLS_TEST_DEPRECATED" # ~10s - tests/scripts/run_demos.py + framework/scripts/run_demos.py } component_build_baremetal () { diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh index b68a4aeafc..fe975fb3e8 100644 --- a/tests/scripts/components-platform.sh +++ b/tests/scripts/components-platform.sh @@ -330,7 +330,7 @@ component_test_arm_linux_gnueabi_gcc_arm5vte () { programs/test/selftest msg "program demos: make, default config (out-of-box)" # ~0s - tests/scripts/run_demos.py + framework/scripts/run_demos.py } support_test_arm_linux_gnueabi_gcc_arm5vte () { @@ -350,7 +350,7 @@ component_test_arm_linux_gnueabi_gcc_thumb_1_opt_0 () { programs/test/selftest msg "program demos: make, default config (out-of-box)" # ~0s - tests/scripts/run_demos.py + framework/scripts/run_demos.py } support_test_arm_linux_gnueabi_gcc_thumb_1_opt_0 () { @@ -368,7 +368,7 @@ component_test_arm_linux_gnueabi_gcc_thumb_1_opt_s () { programs/test/selftest msg "program demos: make, default config (out-of-box)" # ~0s - tests/scripts/run_demos.py + framework/scripts/run_demos.py } support_test_arm_linux_gnueabi_gcc_thumb_1_opt_s () { @@ -386,7 +386,7 @@ component_test_arm_linux_gnueabihf_gcc_armv7 () { programs/test/selftest msg "program demos: make, default config (out-of-box)" # ~0s - tests/scripts/run_demos.py + framework/scripts/run_demos.py } support_test_arm_linux_gnueabihf_gcc_armv7 () { @@ -404,7 +404,7 @@ component_test_arm_linux_gnueabihf_gcc_thumb_2 () { programs/test/selftest msg "program demos: make, default config (out-of-box)" # ~0s - tests/scripts/run_demos.py + framework/scripts/run_demos.py } support_test_arm_linux_gnueabihf_gcc_thumb_2 () { @@ -422,7 +422,7 @@ component_test_aarch64_linux_gnu_gcc () { programs/test/selftest msg "program demos: make, default config (out-of-box)" # ~0s - tests/scripts/run_demos.py + framework/scripts/run_demos.py } support_test_aarch64_linux_gnu_gcc () { diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh index 26b149f69e..baed88aa53 100644 --- a/tests/scripts/components-sanitizers.sh +++ b/tests/scripts/components-sanitizers.sh @@ -132,10 +132,10 @@ component_test_memsan () { make test msg "test: metatests (MSan)" - tests/scripts/run-metatests.sh any msan + framework/scripts/run-metatests.sh any msan msg "program demos (MSan)" # ~20s - tests/scripts/run_demos.py + framework/scripts/run_demos.py msg "test: ssl-opt.sh (MSan)" # ~ 1 min tests/ssl-opt.sh From 931fc8c40687008c9b3e35994d1180236baa4e87 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 12 Mar 2026 15:49:21 +0100 Subject: [PATCH 1454/1548] Update massif_max.pl location Signed-off-by: Gilles Peskine --- scripts/memory.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/memory.sh b/scripts/memory.sh index ffce225f2d..40b0de2d37 100755 --- a/scripts/memory.sh +++ b/scripts/memory.sh @@ -90,7 +90,7 @@ do_config() kill $SRV_PID wait $SRV_PID - scripts/massif_max.pl massif.out.* + framework/scripts/massif_max.pl massif.out.* mv massif.out.* massif-$NAME.$$ } From 95f08855070058c28cb6a0176509bb40597bd405 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 13 Mar 2026 11:58:39 +0100 Subject: [PATCH 1455/1548] library: x509: fix guard in mbedtls_x509_crt_profile_next Replace MBEDTLS_ECP_C with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY which is already used in all other profiles in this file. Signed-off-by: Valerio Setti --- library/x509_crt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 59c3204467..dc07ba8334 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -118,7 +118,7 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next = MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), 0xFFFFFFF, /* Any PK alg */ -#if defined(MBEDTLS_ECP_C) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) /* Curves at or above 128-bit security level. */ MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) | From 868bea42a17339fcafa782e363e0a800284296ce Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 12 Mar 2026 17:50:03 +0000 Subject: [PATCH 1456/1548] Only check for verify skipped if we have certs Check for the 'Certificate verification was skipped' message only when the testcase depends on MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED since in other cases certificates may not be enabled at all and this message will not be printed in the output. Signed-off-by: David Horstmann --- tests/opt-testcases/tls13-kex-modes.sh | 275 +++++++++++++------------ 1 file changed, 139 insertions(+), 136 deletions(-) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 8229dd01ae..f0984c5fb2 100644 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -26,8 +26,7 @@ run_test "TLS 1.3: G->m: all/psk, good" \ -S "No usable PSK or ticket" \ -s "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" \ + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -88,8 +87,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \ -S "No usable PSK or ticket" \ -s "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -150,8 +148,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -212,8 +209,7 @@ run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -294,8 +290,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -359,8 +354,7 @@ run_test "TLS 1.3: G->m: all/psk_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -424,8 +418,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \ -S "No usable PSK or ticket" \ -s "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -489,7 +482,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -510,7 +504,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch, -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -531,7 +526,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, fail, key material mism -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -553,7 +549,8 @@ run_test "TLS 1.3: G->m: all/ephemeral_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -574,7 +571,8 @@ run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -595,7 +593,8 @@ run_test "TLS 1.3: G->m: all/ephemeral_all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -618,7 +617,8 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -641,7 +641,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -663,7 +664,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -685,7 +687,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -708,7 +711,8 @@ run_test "TLS 1.3: G->m: all/all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -730,7 +734,8 @@ run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -752,7 +757,8 @@ run_test "TLS 1.3: G->m: all/all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -775,7 +781,8 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -797,7 +804,8 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -820,7 +828,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -842,7 +851,8 @@ run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -863,7 +873,8 @@ run_test "TLS 1.3: G->m: all/psk_or_ephemeral, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -885,7 +896,8 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -906,7 +918,8 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, fail, key materia -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -923,8 +936,7 @@ run_test "TLS 1.3: G->m: psk_ephemeral group(secp256r1) check, good" \ -s "write selected_group: secp256r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -941,8 +953,7 @@ run_test "TLS 1.3: G->m: psk_ephemeral group(secp384r1) check, good" \ -s "write selected_group: secp384r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -959,8 +970,7 @@ run_test "TLS 1.3: G->m: psk_ephemeral group(secp521r1) check, good" \ -s "write selected_group: secp521r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -977,8 +987,7 @@ run_test "TLS 1.3: G->m: psk_ephemeral group(x25519) check, good" \ -s "write selected_group: x25519" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -995,8 +1004,7 @@ run_test "TLS 1.3: G->m: psk_ephemeral group(x448) check, good" \ -s "write selected_group: x448" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1034,8 +1042,7 @@ run_test "TLS 1.3: O->m: all/psk, good" \ -S "No usable PSK or ticket" \ -s "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1093,8 +1100,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1152,8 +1158,7 @@ run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1212,8 +1217,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1274,8 +1278,7 @@ run_test "TLS 1.3: O->m: all/psk_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1336,7 +1339,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1356,7 +1360,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch, -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1376,7 +1381,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mism -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1397,7 +1403,8 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1417,7 +1424,8 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1437,7 +1445,8 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1459,7 +1468,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1480,7 +1490,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1501,7 +1512,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1523,7 +1535,8 @@ run_test "TLS 1.3: O->m: all/all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1544,7 +1557,8 @@ run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1565,7 +1579,8 @@ run_test "TLS 1.3: O->m: all/all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1587,7 +1602,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1608,7 +1624,8 @@ run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1628,7 +1645,8 @@ run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1645,8 +1663,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \ -s "write selected_group: secp256r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1663,8 +1680,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \ -s "write selected_group: secp384r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1681,8 +1697,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \ -s "write selected_group: secp521r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1699,8 +1714,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \ -s "write selected_group: x25519" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1717,8 +1731,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \ -s "write selected_group: x448" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1735,8 +1748,7 @@ run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ -s "HRR selected_group: secp384r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -1755,8 +1767,7 @@ run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ -s "HRR selected_group: secp384r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" # Add psk test cases for mbedtls client code @@ -1775,9 +1786,7 @@ run_test "TLS 1.3: m->m: psk/psk, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" \ - -s "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1861,9 +1870,7 @@ run_test "TLS 1.3: m->m: psk/psk_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" \ - -s "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1970,9 +1977,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" \ - -s "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2072,9 +2077,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" \ - -s "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2314,7 +2317,9 @@ run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2408,7 +2413,9 @@ run_test "TLS 1.3: m->m: ephemeral_all/all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2455,9 +2462,7 @@ run_test "TLS 1.3: m->m: psk_all/psk, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" \ - -s "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2500,9 +2505,7 @@ run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" \ - -s "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2608,9 +2611,7 @@ run_test "TLS 1.3: m->m: psk_all/psk_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" \ - -s "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2818,7 +2819,9 @@ run_test "TLS 1.3: m->m: all/ephemeral_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2915,7 +2918,9 @@ run_test "TLS 1.3: m->m: all/all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2964,8 +2969,7 @@ run_test "TLS 1.3: m->O: psk/all, good" \ -c "client hello, adding PSK binder list" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 ok" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 ok" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3000,8 +3004,7 @@ run_test "TLS 1.3: m->O: psk_all/all, good" \ -c "client hello, adding PSK binder list" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 ok" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3019,8 +3022,7 @@ run_test "TLS 1.3: m->O: psk_all/ephemeral_all, good" \ -c "client hello, adding PSK binder list" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 ok" #OPENSSL-SERVER psk_ephemeral mode requires_openssl_tls1_3_with_compatible_ephemeral @@ -3038,8 +3040,7 @@ run_test "TLS 1.3: m->O: psk_ephemeral/all, good" \ -c "client hello, adding PSK binder list" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 ok" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3056,8 +3057,7 @@ run_test "TLS 1.3: m->O: psk_ephemeral/ephemeral_all, good" \ -c "client hello, adding PSK binder list" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 ok" #OPENSSL-SERVER ephemeral mode requires_openssl_tls1_3_with_compatible_ephemeral @@ -3101,7 +3101,8 @@ run_test "TLS 1.3: m->O: ephemeral_all/all, good" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" + -c "HTTP/1.0 200 ok" \ + -c "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3119,7 +3120,8 @@ run_test "TLS 1.3: m->O: ephemeral_all/ephemeral_all, good" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" + -c "HTTP/1.0 200 ok" \ + -c "! Certificate verification was skipped" #OPENSSL-SERVER all mode requires_openssl_tls1_3_with_compatible_ephemeral @@ -3139,7 +3141,8 @@ run_test "TLS 1.3: m->O: all/all, good" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" + -c "HTTP/1.0 200 ok" \ + -c "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3158,7 +3161,8 @@ run_test "TLS 1.3: m->O: all/ephemeral_all, good" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" + -c "HTTP/1.0 200 ok" \ + -c "! Certificate verification was skipped" #GNUTLS-SERVER psk mode requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3178,8 +3182,7 @@ run_test "TLS 1.3: m->G: psk/all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 @@ -3218,8 +3221,7 @@ run_test "TLS 1.3: m->G: psk_all/all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 @@ -3239,8 +3241,7 @@ run_test "TLS 1.3: m->G: psk_all/ephemeral_all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" #GNUTLS-SERVER psk_ephemeral mode requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3260,8 +3261,7 @@ run_test "TLS 1.3: m->G: psk_ephemeral/all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 @@ -3280,8 +3280,7 @@ run_test "TLS 1.3: m->G: psk_ephemeral/ephemeral_all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" #GNUTLS-SERVER ephemeral mode requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3327,7 +3326,8 @@ run_test "TLS 1.3: m->G: ephemeral_all/all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 @@ -3347,7 +3347,8 @@ run_test "TLS 1.3: m->G: ephemeral_all/ephemeral_all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" #GNUTLS-SERVER all mode requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3369,7 +3370,8 @@ run_test "TLS 1.3: m->G: all/all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 @@ -3390,4 +3392,5 @@ run_test "TLS 1.3: m->G: all/ephemeral_all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" From 22245cb2942531adf8010654757dcbde43c8064b Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 13 Mar 2026 15:15:09 +0000 Subject: [PATCH 1457/1548] Add unused fields to SSL structs These fields reserve a small space for us to repurpose in the lifetime of the 4.1 LTS release without breaking the ABI, if needed. Signed-off-by: David Horstmann --- include/mbedtls/ssl.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8f58b3e9c0..c4cbaaf4e0 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1239,6 +1239,12 @@ struct mbedtls_ssl_session { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_ssl_tls13_application_secrets MBEDTLS_PRIVATE(app_secrets); #endif + + /* Unused field reserved for future use */ + union { + size_t number; + void *ptr; + } MBEDTLS_PRIVATE(unused); }; /* @@ -1565,6 +1571,12 @@ struct mbedtls_ssl_config { #if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) const mbedtls_x509_crt *MBEDTLS_PRIVATE(dn_hints);/*!< acceptable client cert issuers */ #endif + + /* Unused field reserved for future use */ + union { + size_t number; + void *ptr; + } MBEDTLS_PRIVATE(unused); }; struct mbedtls_ssl_context { @@ -1848,6 +1860,12 @@ struct mbedtls_ssl_context { * does not currently restore the user data. */ mbedtls_ssl_user_data_t MBEDTLS_PRIVATE(user_data); + + /* Unused field reserved for future use */ + union { + size_t number; + void *ptr; + } MBEDTLS_PRIVATE(unused); }; /** From a9ba5975f8a2340ad43c194483d49ce8ab3ef2e5 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 13 Mar 2026 15:17:26 +0000 Subject: [PATCH 1458/1548] Add unused field to mbedtls_x509_crt structure This field reserves a small space for us to repurpose in the lifetime of the 4.1 LTS release without breaking the ABI, if needed. Signed-off-by: David Horstmann --- include/mbedtls/x509_crt.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 8ee7c464af..0a7b532404 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -82,6 +82,12 @@ typedef struct mbedtls_x509_crt { mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ mbedtls_pk_sigalg_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ + /* Unused field reserved for future use */ + union { + size_t number; + void *ptr; + } MBEDTLS_PRIVATE(unused); + /** Next certificate in the linked list that constitutes the CA chain. * \p NULL indicates the end of the list. * Do not modify this field directly. */ From 937c70ac903bdc8fe0263e33dbcfca4b7bc0031b Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 13 Mar 2026 18:04:16 +0000 Subject: [PATCH 1459/1548] Do not check fail cases for verify skipped In testcases where we are expecting handshake failure the message "Certificate verification was skipped" is not printed, so do not check for it. Signed-off-by: David Horstmann --- tests/opt-testcases/tls13-kex-modes.sh | 36 +++++++++----------------- 1 file changed, 12 insertions(+), 24 deletions(-) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index f0984c5fb2..a8864559e8 100644 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -526,8 +526,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, fail, key material mism -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -593,8 +592,7 @@ run_test "TLS 1.3: G->m: all/ephemeral_all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -687,8 +685,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -757,8 +754,7 @@ run_test "TLS 1.3: G->m: all/all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -804,8 +800,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -873,8 +868,7 @@ run_test "TLS 1.3: G->m: all/psk_or_ephemeral, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -918,8 +912,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, fail, key materia -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1381,8 +1374,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mism -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1445,8 +1437,7 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1512,8 +1503,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1579,8 +1569,7 @@ run_test "TLS 1.3: O->m: all/all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1645,8 +1634,7 @@ run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 From d7b85b76a66354fedab299c27e6a8da9e26e08fe Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 23 Jan 2026 16:22:50 +0000 Subject: [PATCH 1460/1548] sig_algs: fix typo in client's sig_algs check This bug caused the client accepting sig_algs used by the server that it explicitly wanted to disallow. Signed-off-by: Janos Follath --- library/ssl_tls12_client.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index ebcc0d56bb..b03859a8d6 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1910,8 +1910,8 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); sig_alg = MBEDTLS_GET_UINT16_BE(p, 0); if (mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg( - sig_alg, &pk_alg, &md_alg) != 0 && - !mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg) && + sig_alg, &pk_alg, &md_alg) != 0 || + !mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg) || !mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg)) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); From 01f6ccf020485f6c29d769226c5cdd12340fb315 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 18 Feb 2026 19:39:56 +0000 Subject: [PATCH 1461/1548] Fix root cert prerequisites This root certificate uses SECP-384 and if we don't have it in the build, the parsing already fails even if we don't try to use it, there is no reason to have it in the build without the SECP-384. Signed-off-by: Janos Follath --- tests/src/certs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/src/certs.c b/tests/src/certs.c index c45f0628c0..3ec99cd516 100644 --- a/tests/src/certs.c +++ b/tests/src/certs.c @@ -443,7 +443,7 @@ const unsigned char *mbedtls_test_cas_der[] = { mbedtls_test_ca_crt_rsa_sha1_der, #endif /* PSA_WANT_ALG_SHA_1 */ #endif /* MBEDTLS_RSA_C */ -#if defined(PSA_HAVE_ALG_SOME_ECDSA) +#if defined(PSA_HAVE_ALG_SOME_ECDSA) && defined(PSA_WANT_ECC_SECP_R1_384) mbedtls_test_ca_crt_ec_der, #endif /* PSA_HAVE_ALG_SOME_ECDSA */ NULL From bab37f69d99cd14d64799dc6c4749d83a062e6d9 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 18 Feb 2026 14:25:41 +0000 Subject: [PATCH 1462/1548] Fix mbedtls_test_free_handshake_options We usually follow the pattern that a zero-initialised struct is safe to free. This wasn't the case here. Signed-off-by: Janos Follath --- tests/src/test_helpers/ssl_helpers.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 83dac17419..db29413de6 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -99,8 +99,10 @@ void mbedtls_test_free_handshake_options( mbedtls_test_handshake_test_options *opts) { #if defined(MBEDTLS_SSL_CACHE_C) - mbedtls_ssl_cache_free(opts->cache); - mbedtls_free(opts->cache); + if (opts->cache != NULL) { + mbedtls_ssl_cache_free(opts->cache); + mbedtls_free(opts->cache); + } #else (void) opts; #endif From 475ac34e1fac035792d0a49c514d34f993f368bc Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 23 Jan 2026 16:18:01 +0000 Subject: [PATCH 1463/1548] sig_algs: Add non-regression test Signed-off-by: Janos Follath --- tests/include/test/ssl_helpers.h | 28 +++++++ tests/suites/test_suite_ssl.data | 8 ++ tests/suites/test_suite_ssl.function | 114 +++++++++++++++++++++++++++ 3 files changed, 150 insertions(+) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index d019c5065e..70e4bbaae1 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -68,12 +68,40 @@ #define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY #endif +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ + defined(PSA_WANT_ECC_SECP_R1_384) && \ + defined(PSA_WANT_ALG_SHA_384) +#define MBEDTLS_CAN_HANDLE_ECDSA_TEST_KEY +#endif + +#if defined(PSA_WANT_ECC_MONTGOMERY_255) || \ + defined(PSA_WANT_ECC_SECP_R1_256) || \ + defined(PSA_WANT_ECC_SECP_R1_384) || \ + defined(PSA_WANT_ECC_MONTGOMERY_448) || \ + defined(PSA_WANT_ECC_SECP_R1_521) || \ + defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) || \ + defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) || \ + defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) +#define MBEDTLS_TEST_HAS_DEFAULT_EC_GROUP +#endif + #if defined(PSA_WANT_ALG_GCM) || \ defined(PSA_WANT_ALG_CCM) || \ defined(PSA_WANT_ALG_CHACHA20_POLY1305) #define MBEDTLS_TEST_HAS_AEAD_ALG #endif +/* + * To use the test keys we need PSA_WANT_ALG_SHA_256. Some test cases need an additional hash that + * can be used in modern TLS, but it doesn't matter which one. + */ +#if defined(PSA_WANT_ALG_SHA_512) || \ + defined(PSA_WANT_ALG_SHA_384) || \ + defined(PSA_WANT_ALG_SHA_224) || \ + defined(PSA_WANT_ALG_SHA_1) +#define MBEDTLS_TEST_HAS_ADDITIONAL_HASH +#endif + enum { #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ tls13_label_ ## name, diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 99856e304b..da9a5e738e 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3530,3 +3530,11 @@ ssl_get_alert_after_fatal TLS 1.3 - HRR then TLS 1.2 second ClientHello tls13_hrr_then_tls12_second_client_hello + +Negative Test: Server using sig_alg not offered by the client #1 +depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY:PSA_WANT_ALG_SHA_256 +send_invalid_sig_alg:MBEDTLS_SSL_SIG_RSA:MBEDTLS_SSL_HASH_SHA256:MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER + +Negative Test: Server using sig_alg not offered by the client #2 +depends_on:MBEDTLS_CAN_HANDLE_ECDSA_TEST_KEY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_512 +send_invalid_sig_alg:MBEDTLS_SSL_SIG_ECDSA:MBEDTLS_SSL_HASH_SHA512:MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index ca59346cc8..b447773f12 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5725,6 +5725,120 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_ADDITIONAL_HASH:MBEDTLS_TEST_HAS_DEFAULT_EC_GROUP*/ +void send_invalid_sig_alg(int sig, int hash, int expected_ret) +{ + // This is a test about the client behaviour in case it receives a key exchange signed with a + // sig_alg it didn't specify in the client hello. The input specifies a target_sig_alg, which we + // make sure that the client does not offer but the server does. Then we make the server beleive + // that target_sig_alg is the only one the client offered. + + // Remark: We need an additional hash algorithm offered, because if we don't have it, the server + // realises too early that there is no common ground and we don't get the chance to manipulate + // it. This is why we need MBEDTLS_TEST_HAS_ADDITIONAL_HASH in the requirements. + + enum { BUFFSIZE = 16384 }; + uint16_t *client_sig_algs = NULL; + mbedtls_test_ssl_endpoint server, client; + memset(&server, 0, sizeof(server)); + memset(&client, 0, sizeof(client)); + mbedtls_test_handshake_test_options options; + memset(&options, 0, sizeof(options)); + + uint16_t target_sig_alg = ((hash << 8) | sig); + + mbedtls_test_init_handshake_options(&options); + + // Make sure the server has credentals for target_sig_alg + if (sig == MBEDTLS_SSL_SIG_ECDSA) { + options.pk_alg = MBEDTLS_PK_ECDSA; + } else { + options.pk_alg = MBEDTLS_PK_RSA; + } + + // Force a ciphersuite where target_sig_alg is relevant + if (sig == MBEDTLS_SSL_SIG_ECDSA) { + options.cipher = "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256"; + } else { + options.cipher = "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"; + } + + // Force TLS 1.2 as this test is a non-regression test for a bug in TLS 1.2 client and TLS 1.3 + // behaviour in this regard is substantially different. + options.client_max_version = MBEDTLS_SSL_VERSION_TLS1_2; + options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2; + + // Add loggers for easier debugging - we are not looking for any patterns. + // To turn on debug output, uncomment the threshold line and set the macro in + // the definition of mbedtls_test_ssl_log_analyzer(). +#if defined(MBEDTLS_DEBUG_C) + options.srv_log_obj = NULL; + options.srv_log_fun = mbedtls_test_ssl_log_analyzer; + options.cli_log_obj = NULL; + options.cli_log_fun = mbedtls_test_ssl_log_analyzer; + mbedtls_debug_set_threshold(3); +#endif + + int ret = -1; + + PSA_INIT(); + + ret = mbedtls_test_ssl_endpoint_init_conf(&client, MBEDTLS_SSL_IS_CLIENT, &options); + TEST_EQUAL(ret, 0); + + // Remove the target signature algorithm from the client's list + size_t client_sig_algs_len = 0; + while (client.conf.sig_algs[client_sig_algs_len++] != MBEDTLS_TLS1_3_SIG_NONE) { + ; + } + client_sig_algs_len--; + + TEST_CALLOC(client_sig_algs, client_sig_algs_len); + size_t j = 0; + for (size_t i = 0; client.conf.sig_algs[i] != MBEDTLS_TLS1_3_SIG_NONE; i++) { + if (client.conf.sig_algs[i] != target_sig_alg) { + client_sig_algs[j++] = client.conf.sig_algs[i]; + } + } + TEST_ASSERT(j < client_sig_algs_len); + client_sig_algs[j] = MBEDTLS_TLS1_3_SIG_NONE; + client.conf.sig_algs = client_sig_algs; + + ret = mbedtls_test_ssl_endpoint_init_ssl(&client, &options); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, + &options); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket, + BUFFSIZE); + TEST_EQUAL(ret, 0); + + // Move the connection to the point before the server sending the key exchange message + ret = mbedtls_test_move_handshake_to_state(&server.ssl, &client.ssl, + MBEDTLS_SSL_SERVER_KEY_EXCHANGE); + TEST_EQUAL(ret, 0); + + // Make the server beleive that the only sig_alg the client accepts is target_sig_alg + server.ssl.handshake->received_sig_algs[0] = target_sig_alg; + server.ssl.handshake->received_sig_algs[1] = MBEDTLS_TLS1_3_SIG_NONE; + + // Move the connection to a state where it is certain that the client has parsed the server key + // exchange + ret = mbedtls_test_move_handshake_to_state(&client.ssl, &server.ssl, + MBEDTLS_SSL_CERTIFICATE_REQUEST); + TEST_EQUAL(ret, expected_ret); + +exit: + mbedtls_test_free_handshake_options(&options); + mbedtls_test_ssl_endpoint_free(&server); + mbedtls_test_ssl_endpoint_free(&client); + mbedtls_free(client_sig_algs); + PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_KEYING_MATERIAL_EXPORT:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void ssl_tls_exporter_consistent_result(int proto, int exported_key_length, int use_context) { From f68d402029c6fb61a73b63ba5b977ec9a8a52270 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 23 Jan 2026 16:31:53 +0000 Subject: [PATCH 1464/1548] sig_algs: add ChangeLog Signed-off-by: Janos Follath --- ChangeLog.d/sig_algs_check.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/sig_algs_check.txt diff --git a/ChangeLog.d/sig_algs_check.txt b/ChangeLog.d/sig_algs_check.txt new file mode 100644 index 0000000000..b0aed6dfd3 --- /dev/null +++ b/ChangeLog.d/sig_algs_check.txt @@ -0,0 +1,5 @@ +Security + * Fix a bug in the TLS 1.2 client's signature algorithm check, which caused + the client to accept server key exchange messages signed with a signature + algorithm explicitly disallowed by the client. Found and reported by + EFR-GmbH and M. Heuft of Security-Research-Consulting GmbH. CVE-2026-25834 From e8894974cbc8dc98b4ddeea0f645ce0e19ac84f5 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 10 Mar 2026 11:51:30 +0000 Subject: [PATCH 1465/1548] Reintroduce ssl_parse_signature_algorithm The logic was easier to follow before 693a47a, which removed the ssl_parse_signature_algorithm function and introduced the bug being fixed in this PR. When validating multiple conditions, it's easier to read, easier to debug and, as we can see, easier to get right if you validate them separately. Signed-off-by: Janos Follath --- library/ssl_tls12_client.c | 74 +++++++++++++++++++++++++++++++++----- 1 file changed, 66 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index b03859a8d6..8d26562c1e 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1732,6 +1732,71 @@ static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_parse_signature_algorithm(mbedtls_ssl_context *ssl, + unsigned char **p, + unsigned char *end, + mbedtls_md_type_t *md_alg, + mbedtls_pk_sigalg_t *pk_alg) +{ + *md_alg = MBEDTLS_MD_NONE; + *pk_alg = MBEDTLS_PK_SIGALG_NONE; + + MBEDTLS_SSL_CHK_BUF_READ_PTR(*p, end, 2); + uint16_t sig_alg = MBEDTLS_GET_UINT16_BE(*p, 0); + + if (mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg(sig_alg, pk_alg, md_alg) != 0) { + /* + * Check hash algorithm + */ + if (*md_alg == MBEDTLS_MD_NONE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Server used unsupported HashAlgorithm %d", (*p)[0])); + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + } + + /* + * Check signature algorithm + */ + if (*pk_alg == MBEDTLS_PK_SIGALG_NONE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Server used unsupported SignatureAlgorithm %d", (*p)[1])); + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + } + + /* + * This shouldn't happen, but be robust. + */ + MBEDTLS_SSL_DEBUG_MSG(1, ("Server used unsupported value in SigAlg extension %d", sig_alg)); + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + } + + /* + * mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg() understands sig_alg code points across + * TLS versions. Make sure that the received sig_alg extension is valid in TLS 1.2. + */ + if (!mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg)) { + MBEDTLS_SSL_DEBUG_MSG( 1, ("Server used unsupported value in SigAlg extension %d", sig_alg)); + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + } + + /* + * Check if the signature algorithm is acceptable + */ + if(!mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Server used SigAlg value %d that was not offered", sig_alg)); + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + } + + MBEDTLS_SSL_DEBUG_MSG(2, ("Server used SignatureAlgorithm %d", (*p)[1])); + MBEDTLS_SSL_DEBUG_MSG(2, ("Server used HashAlgorithm %d", (*p)[0])); + *p += 2; + + return 0; +} +#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ + MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) { @@ -1889,7 +1954,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); size_t params_len = (size_t) (p - params); void *rs_ctx = NULL; - uint16_t sig_alg; mbedtls_pk_context *peer_pk; @@ -1907,12 +1971,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) /* * Handle the digitally-signed structure */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); - sig_alg = MBEDTLS_GET_UINT16_BE(p, 0); - if (mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg( - sig_alg, &pk_alg, &md_alg) != 0 || - !mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg) || - !mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg)) { + if (ssl_parse_signature_algorithm(ssl, &p, end, &md_alg, &pk_alg) != 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( @@ -1921,7 +1980,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } - p += 2; psa_hash_alg = mbedtls_md_psa_alg_from_type(md_alg); if (!mbedtls_pk_can_do_psa(peer_pk, From 25f971db8750fc87f19f9981719b35b32040b74f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 10 Mar 2026 14:02:38 +0000 Subject: [PATCH 1466/1548] Fix the MBEDTLS_TEST_HAS_ADDITIONAL_HASH macro It should require a hash that is configured in TLS 1.2 SSL contexts by default. Signed-off-by: Janos Follath --- tests/include/test/ssl_helpers.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 70e4bbaae1..2744016fa8 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -93,12 +93,10 @@ /* * To use the test keys we need PSA_WANT_ALG_SHA_256. Some test cases need an additional hash that - * can be used in modern TLS, but it doesn't matter which one. + * is configured by default (see mbedtls_ssl_config_defaults()), but it doesn't matter which one. */ #if defined(PSA_WANT_ALG_SHA_512) || \ - defined(PSA_WANT_ALG_SHA_384) || \ - defined(PSA_WANT_ALG_SHA_224) || \ - defined(PSA_WANT_ALG_SHA_1) + defined(PSA_WANT_ALG_SHA_384) #define MBEDTLS_TEST_HAS_ADDITIONAL_HASH #endif From 971309addfdb4f026fa86561803d732d09cd18fa Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 10 Mar 2026 14:17:14 +0000 Subject: [PATCH 1467/1548] Use API function to set sig_alg config in test Signed-off-by: Janos Follath --- tests/suites/test_suite_ssl.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index b447773f12..90580b393d 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5802,7 +5802,7 @@ void send_invalid_sig_alg(int sig, int hash, int expected_ret) } TEST_ASSERT(j < client_sig_algs_len); client_sig_algs[j] = MBEDTLS_TLS1_3_SIG_NONE; - client.conf.sig_algs = client_sig_algs; + mbedtls_ssl_conf_sig_algs(&client.conf, client_sig_algs); ret = mbedtls_test_ssl_endpoint_init_ssl(&client, &options); TEST_EQUAL(ret, 0); From 305aef1ad7b603f54152ee26874263b37daaf264 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 10 Mar 2026 14:44:02 +0000 Subject: [PATCH 1468/1548] send_invalid_sig_alg: check logs There are other issues that can fail with the same error code. Make sure that the handshake fails exactly the way we want it to fail by analysing the client logs. Signed-off-by: Janos Follath --- tests/suites/test_suite_ssl.function | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 90580b393d..4a2ca71835 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5768,14 +5768,17 @@ void send_invalid_sig_alg(int sig, int hash, int expected_ret) options.client_max_version = MBEDTLS_SSL_VERSION_TLS1_2; options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2; - // Add loggers for easier debugging - we are not looking for any patterns. - // To turn on debug output, uncomment the threshold line and set the macro in - // the definition of mbedtls_test_ssl_log_analyzer(). + mbedtls_test_ssl_log_pattern cli_pattern; + cli_pattern.pattern = "that was not offered"; + cli_pattern.counter = 0; + options.cli_log_obj = &cli_pattern; + options.cli_log_fun = mbedtls_test_ssl_log_analyzer; #if defined(MBEDTLS_DEBUG_C) + // Add loggers for easier debugging - we are not looking for any patterns in the server logs. + // To turn on debug output, uncomment the threshold line and set the macro in the definition + // of mbedtls_test_ssl_log_analyzer(). options.srv_log_obj = NULL; options.srv_log_fun = mbedtls_test_ssl_log_analyzer; - options.cli_log_obj = NULL; - options.cli_log_fun = mbedtls_test_ssl_log_analyzer; mbedtls_debug_set_threshold(3); #endif @@ -5829,8 +5832,12 @@ void send_invalid_sig_alg(int sig, int hash, int expected_ret) ret = mbedtls_test_move_handshake_to_state(&client.ssl, &server.ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST); TEST_EQUAL(ret, expected_ret); + TEST_EQUAL(cli_pattern.counter, 1); exit: +#if defined(MBEDTLS_DEBUG_C) + mbedtls_debug_set_threshold(0); +#endif mbedtls_test_free_handshake_options(&options); mbedtls_test_ssl_endpoint_free(&server); mbedtls_test_ssl_endpoint_free(&client); From 6cb0d86f16b4a0728bbceaafc9adc5d51769a074 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 10 Mar 2026 14:58:27 +0000 Subject: [PATCH 1469/1548] Fix some compile time guards Signed-off-by: Janos Follath --- tests/src/certs.c | 2 +- tests/suites/test_suite_ssl.data | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/src/certs.c b/tests/src/certs.c index 3ec99cd516..b9ba13b7ee 100644 --- a/tests/src/certs.c +++ b/tests/src/certs.c @@ -458,7 +458,7 @@ const size_t mbedtls_test_cas_der_len[] = { sizeof(mbedtls_test_ca_crt_rsa_sha1_der), #endif /* PSA_WANT_ALG_SHA_1 */ #endif /* MBEDTLS_RSA_C */ -#if defined(PSA_HAVE_ALG_SOME_ECDSA) +#if defined(PSA_HAVE_ALG_SOME_ECDSA) && defined(PSA_WANT_ECC_SECP_R1_384) sizeof(mbedtls_test_ca_crt_ec_der), #endif /* PSA_HAVE_ALG_SOME_ECDSA */ 0 diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index da9a5e738e..7a6999687f 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3536,5 +3536,5 @@ depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY:PSA_WANT_ALG_SHA_256 send_invalid_sig_alg:MBEDTLS_SSL_SIG_RSA:MBEDTLS_SSL_HASH_SHA256:MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER Negative Test: Server using sig_alg not offered by the client #2 -depends_on:MBEDTLS_CAN_HANDLE_ECDSA_TEST_KEY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_512 +depends_on:MBEDTLS_CAN_HANDLE_ECDSA_TEST_KEY:PSA_WANT_ALG_SHA_512 send_invalid_sig_alg:MBEDTLS_SSL_SIG_ECDSA:MBEDTLS_SSL_HASH_SHA512:MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER From c139e44935a7086cef5697ba9580cadc92a8e125 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 10 Mar 2026 15:01:11 +0000 Subject: [PATCH 1470/1548] Fix typos Signed-off-by: Janos Follath --- tests/suites/test_suite_ssl.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 4a2ca71835..3149668e99 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5749,7 +5749,7 @@ void send_invalid_sig_alg(int sig, int hash, int expected_ret) mbedtls_test_init_handshake_options(&options); - // Make sure the server has credentals for target_sig_alg + // Make sure the server has credentials for target_sig_alg if (sig == MBEDTLS_SSL_SIG_ECDSA) { options.pk_alg = MBEDTLS_PK_ECDSA; } else { @@ -5823,7 +5823,7 @@ void send_invalid_sig_alg(int sig, int hash, int expected_ret) MBEDTLS_SSL_SERVER_KEY_EXCHANGE); TEST_EQUAL(ret, 0); - // Make the server beleive that the only sig_alg the client accepts is target_sig_alg + // Make the server believe that the only sig_alg the client accepts is target_sig_alg server.ssl.handshake->received_sig_algs[0] = target_sig_alg; server.ssl.handshake->received_sig_algs[1] = MBEDTLS_TLS1_3_SIG_NONE; From 6394676a741b4b7fc42a25509a26d9b12eafa50a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 11 Mar 2026 09:21:32 +0000 Subject: [PATCH 1471/1548] Fix test case dependency Signed-off-by: Janos Follath --- tests/suites/test_suite_ssl.function | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 3149668e99..c00acd755b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5725,7 +5725,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_ADDITIONAL_HASH:MBEDTLS_TEST_HAS_DEFAULT_EC_GROUP*/ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_ADDITIONAL_HASH:MBEDTLS_TEST_HAS_DEFAULT_EC_GROUP:MBEDTLS_DEBUG_C*/ void send_invalid_sig_alg(int sig, int hash, int expected_ret) { // This is a test about the client behaviour in case it receives a key exchange signed with a @@ -5773,14 +5773,12 @@ void send_invalid_sig_alg(int sig, int hash, int expected_ret) cli_pattern.counter = 0; options.cli_log_obj = &cli_pattern; options.cli_log_fun = mbedtls_test_ssl_log_analyzer; -#if defined(MBEDTLS_DEBUG_C) // Add loggers for easier debugging - we are not looking for any patterns in the server logs. // To turn on debug output, uncomment the threshold line and set the macro in the definition // of mbedtls_test_ssl_log_analyzer(). options.srv_log_obj = NULL; options.srv_log_fun = mbedtls_test_ssl_log_analyzer; mbedtls_debug_set_threshold(3); -#endif int ret = -1; @@ -5835,9 +5833,7 @@ void send_invalid_sig_alg(int sig, int hash, int expected_ret) TEST_EQUAL(cli_pattern.counter, 1); exit: -#if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold(0); -#endif mbedtls_test_free_handshake_options(&options); mbedtls_test_ssl_endpoint_free(&server); mbedtls_test_ssl_endpoint_free(&client); From 75092c82620cb6d9ecda5dbda32ca3bda80b435f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 11 Mar 2026 09:57:04 +0000 Subject: [PATCH 1472/1548] send_invalid_sig_alg: add baseline test Add a test case with a successful handshake for each test case that causes the desired handshake failure, with minimal differences between the two. The reason is to have more assurance that the handshake is failing for the desired reason (as opposed to not having done something correctly in the test code). Signed-off-by: Janos Follath --- tests/suites/test_suite_ssl.data | 12 ++++++++++-- tests/suites/test_suite_ssl.function | 13 +++++++++---- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 7a6999687f..15b986a805 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3531,10 +3531,18 @@ ssl_get_alert_after_fatal TLS 1.3 - HRR then TLS 1.2 second ClientHello tls13_hrr_then_tls12_second_client_hello -Negative Test: Server using sig_alg not offered by the client #1 +Baseline for: Server using sig_alg not offered by the client - RSA with SHA256 +depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY:PSA_WANT_ALG_SHA_256 +send_invalid_sig_alg:MBEDTLS_SSL_SIG_RSA:MBEDTLS_SSL_HASH_SHA256:0 + +Negative Test: Server using sig_alg not offered by the client - RSA with SHA256 depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY:PSA_WANT_ALG_SHA_256 send_invalid_sig_alg:MBEDTLS_SSL_SIG_RSA:MBEDTLS_SSL_HASH_SHA256:MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER -Negative Test: Server using sig_alg not offered by the client #2 +Baseline for: Server using sig_alg not offered by the client - ECDSA with SHA512 +depends_on:MBEDTLS_CAN_HANDLE_ECDSA_TEST_KEY:PSA_WANT_ALG_SHA_512 +send_invalid_sig_alg:MBEDTLS_SSL_SIG_ECDSA:MBEDTLS_SSL_HASH_SHA512:0 + +Negative Test: Server using sig_alg not offered by the client - ECDSA with SHA512 depends_on:MBEDTLS_CAN_HANDLE_ECDSA_TEST_KEY:PSA_WANT_ALG_SHA_512 send_invalid_sig_alg:MBEDTLS_SSL_SIG_ECDSA:MBEDTLS_SSL_HASH_SHA512:MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c00acd755b..6d37b908c4 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5821,16 +5821,21 @@ void send_invalid_sig_alg(int sig, int hash, int expected_ret) MBEDTLS_SSL_SERVER_KEY_EXCHANGE); TEST_EQUAL(ret, 0); - // Make the server believe that the only sig_alg the client accepts is target_sig_alg - server.ssl.handshake->received_sig_algs[0] = target_sig_alg; - server.ssl.handshake->received_sig_algs[1] = MBEDTLS_TLS1_3_SIG_NONE; + if (expected_ret != 0) { + // Make the server believe that the only sig_alg the client accepts is target_sig_alg + server.ssl.handshake->received_sig_algs[0] = target_sig_alg; + server.ssl.handshake->received_sig_algs[1] = MBEDTLS_TLS1_3_SIG_NONE; + } // Move the connection to a state where it is certain that the client has parsed the server key // exchange ret = mbedtls_test_move_handshake_to_state(&client.ssl, &server.ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST); TEST_EQUAL(ret, expected_ret); - TEST_EQUAL(cli_pattern.counter, 1); + + if (expected_ret != 0) { + TEST_EQUAL(cli_pattern.counter, 1); + } exit: mbedtls_debug_set_threshold(0); From 3d0235328123a77321a7ec90f94bf9652aa11f29 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 11 Mar 2026 11:35:44 +0000 Subject: [PATCH 1473/1548] Fix code style Signed-off-by: Janos Follath --- library/ssl_tls12_client.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 8d26562c1e..4673827557 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1776,14 +1776,14 @@ static int ssl_parse_signature_algorithm(mbedtls_ssl_context *ssl, * TLS versions. Make sure that the received sig_alg extension is valid in TLS 1.2. */ if (!mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg)) { - MBEDTLS_SSL_DEBUG_MSG( 1, ("Server used unsupported value in SigAlg extension %d", sig_alg)); + MBEDTLS_SSL_DEBUG_MSG(1, ("Server used unsupported value in SigAlg extension %d", sig_alg)); return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } /* * Check if the signature algorithm is acceptable */ - if(!mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg)) { + if (!mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg)) { MBEDTLS_SSL_DEBUG_MSG(1, ("Server used SigAlg value %d that was not offered", sig_alg)); return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } From 8d21dbf8e899f5ae501c2b6bc23550a21bac685f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 11 Mar 2026 16:09:37 +0000 Subject: [PATCH 1474/1548] Fix dependencies The unit test framework always loads the client key as well, which requires a different curve and a hash than the server key. Signed-off-by: Janos Follath --- tests/include/test/ssl_helpers.h | 6 ++++++ tests/suites/test_suite_ssl.data | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 2744016fa8..a653c9643e 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -74,6 +74,12 @@ #define MBEDTLS_CAN_HANDLE_ECDSA_TEST_KEY #endif +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ + defined(PSA_WANT_ECC_SECP_R1_256) && \ + defined(PSA_WANT_ALG_SHA_256) +#define MBEDTLS_CAN_HANDLE_ECDSA_CLIENT_TEST_KEY +#endif + #if defined(PSA_WANT_ECC_MONTGOMERY_255) || \ defined(PSA_WANT_ECC_SECP_R1_256) || \ defined(PSA_WANT_ECC_SECP_R1_384) || \ diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 15b986a805..53c1c035a8 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3540,9 +3540,9 @@ depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY:PSA_WANT_ALG_SHA_256 send_invalid_sig_alg:MBEDTLS_SSL_SIG_RSA:MBEDTLS_SSL_HASH_SHA256:MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER Baseline for: Server using sig_alg not offered by the client - ECDSA with SHA512 -depends_on:MBEDTLS_CAN_HANDLE_ECDSA_TEST_KEY:PSA_WANT_ALG_SHA_512 +depends_on:MBEDTLS_CAN_HANDLE_ECDSA_TEST_KEY:MBEDTLS_CAN_HANDLE_ECDSA_CLIENT_TEST_KEY:PSA_WANT_ALG_SHA_512 send_invalid_sig_alg:MBEDTLS_SSL_SIG_ECDSA:MBEDTLS_SSL_HASH_SHA512:0 Negative Test: Server using sig_alg not offered by the client - ECDSA with SHA512 -depends_on:MBEDTLS_CAN_HANDLE_ECDSA_TEST_KEY:PSA_WANT_ALG_SHA_512 +depends_on:MBEDTLS_CAN_HANDLE_ECDSA_TEST_KEY:MBEDTLS_CAN_HANDLE_ECDSA_CLIENT_TEST_KEY:PSA_WANT_ALG_SHA_512 send_invalid_sig_alg:MBEDTLS_SSL_SIG_ECDSA:MBEDTLS_SSL_HASH_SHA512:MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER From c46eccf6ef0df8e54e50cc19eaaa3c90142d3c7a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 11 Mar 2026 16:40:02 +0000 Subject: [PATCH 1475/1548] ssl_parse_signature_algorithm: caller to get bytes After the recent refactoring ssl_parse_signature_algorithm() sends an alert on failure, but the caller also sends an alert on failure. Sending two alerts is at least a protocol violation, and might not leave the SSL context in a good state. It is simpler to have the caller read the two bytes, and pass them to this function. Signed-off-by: Janos Follath --- library/ssl_tls12_client.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 4673827557..0bcbc7a5e1 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1736,23 +1736,19 @@ static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl, defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_signature_algorithm(mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end, + uint16_t sig_alg, mbedtls_md_type_t *md_alg, mbedtls_pk_sigalg_t *pk_alg) { *md_alg = MBEDTLS_MD_NONE; *pk_alg = MBEDTLS_PK_SIGALG_NONE; - MBEDTLS_SSL_CHK_BUF_READ_PTR(*p, end, 2); - uint16_t sig_alg = MBEDTLS_GET_UINT16_BE(*p, 0); - if (mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg(sig_alg, pk_alg, md_alg) != 0) { /* * Check hash algorithm */ if (*md_alg == MBEDTLS_MD_NONE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Server used unsupported HashAlgorithm %d", (*p)[0])); + MBEDTLS_SSL_DEBUG_MSG(1, ("Server used unsupported HashAlgorithm %d", sig_alg >> 8)); return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } @@ -1760,7 +1756,8 @@ static int ssl_parse_signature_algorithm(mbedtls_ssl_context *ssl, * Check signature algorithm */ if (*pk_alg == MBEDTLS_PK_SIGALG_NONE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Server used unsupported SignatureAlgorithm %d", (*p)[1])); + MBEDTLS_SSL_DEBUG_MSG(1, + ("Server used unsupported SignatureAlgorithm %d", sig_alg & 0x00FF)); return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } @@ -1788,9 +1785,8 @@ static int ssl_parse_signature_algorithm(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } - MBEDTLS_SSL_DEBUG_MSG(2, ("Server used SignatureAlgorithm %d", (*p)[1])); - MBEDTLS_SSL_DEBUG_MSG(2, ("Server used HashAlgorithm %d", (*p)[0])); - *p += 2; + MBEDTLS_SSL_DEBUG_MSG(2, ("Server used SignatureAlgorithm %d", sig_alg & 0x00FF)); + MBEDTLS_SSL_DEBUG_MSG(2, ("Server used HashAlgorithm %d", sig_alg >> 8)); return 0; } @@ -1971,7 +1967,9 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) /* * Handle the digitally-signed structure */ - if (ssl_parse_signature_algorithm(ssl, &p, end, &md_alg, &pk_alg) != 0) { + MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2); + uint16_t sig_alg = MBEDTLS_GET_UINT16_BE(p, 0); + if (ssl_parse_signature_algorithm(ssl, sig_alg, &md_alg, &pk_alg) != 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( @@ -1980,6 +1978,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } + p += 2; psa_hash_alg = mbedtls_md_psa_alg_from_type(md_alg); if (!mbedtls_pk_can_do_psa(peer_pk, From 862c191f4f004de89702c86e38049694fd52a7f0 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 11 Mar 2026 16:55:28 +0000 Subject: [PATCH 1476/1548] send_invalid_sig_alg: reduce debug dependency Run as much of the test as we can even in the abscence of MBEDTLS_DEBUG_C. Signed-off-by: Janos Follath --- tests/suites/test_suite_ssl.function | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 6d37b908c4..6b3bca6edd 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5768,6 +5768,7 @@ void send_invalid_sig_alg(int sig, int hash, int expected_ret) options.client_max_version = MBEDTLS_SSL_VERSION_TLS1_2; options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2; +#if defined(MBEDTLS_DEBUG_C) mbedtls_test_ssl_log_pattern cli_pattern; cli_pattern.pattern = "that was not offered"; cli_pattern.counter = 0; @@ -5779,6 +5780,7 @@ void send_invalid_sig_alg(int sig, int hash, int expected_ret) options.srv_log_obj = NULL; options.srv_log_fun = mbedtls_test_ssl_log_analyzer; mbedtls_debug_set_threshold(3); +#endif int ret = -1; @@ -5833,12 +5835,16 @@ void send_invalid_sig_alg(int sig, int hash, int expected_ret) MBEDTLS_SSL_CERTIFICATE_REQUEST); TEST_EQUAL(ret, expected_ret); +#if defined(MBEDTLS_DEBUG_C) if (expected_ret != 0) { TEST_EQUAL(cli_pattern.counter, 1); } +#endif exit: +#if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold(0); +#endif mbedtls_test_free_handshake_options(&options); mbedtls_test_ssl_endpoint_free(&server); mbedtls_test_ssl_endpoint_free(&client); From 7b255e3a12a93fc87e3170ee2230a95550ba3df6 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 11 Mar 2026 17:02:56 +0000 Subject: [PATCH 1477/1548] ssl_parse_signature_algorithm: match error codes The caller is returning MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER if ssl_parse_signature_algorithm() fails, but ssl_parse_signature_algorithm() returns MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE upon failure. There is no good reason for this mismatch and better to be aligned. Signed-off-by: Janos Follath --- library/ssl_tls12_client.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 0bcbc7a5e1..841f911e66 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1749,7 +1749,7 @@ static int ssl_parse_signature_algorithm(mbedtls_ssl_context *ssl, */ if (*md_alg == MBEDTLS_MD_NONE) { MBEDTLS_SSL_DEBUG_MSG(1, ("Server used unsupported HashAlgorithm %d", sig_alg >> 8)); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + return MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; } /* @@ -1758,14 +1758,14 @@ static int ssl_parse_signature_algorithm(mbedtls_ssl_context *ssl, if (*pk_alg == MBEDTLS_PK_SIGALG_NONE) { MBEDTLS_SSL_DEBUG_MSG(1, ("Server used unsupported SignatureAlgorithm %d", sig_alg & 0x00FF)); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + return MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; } /* * This shouldn't happen, but be robust. */ MBEDTLS_SSL_DEBUG_MSG(1, ("Server used unsupported value in SigAlg extension %d", sig_alg)); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + return MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; } /* @@ -1774,7 +1774,7 @@ static int ssl_parse_signature_algorithm(mbedtls_ssl_context *ssl, */ if (!mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg)) { MBEDTLS_SSL_DEBUG_MSG(1, ("Server used unsupported value in SigAlg extension %d", sig_alg)); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + return MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; } /* @@ -1782,7 +1782,7 @@ static int ssl_parse_signature_algorithm(mbedtls_ssl_context *ssl, */ if (!mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg)) { MBEDTLS_SSL_DEBUG_MSG(1, ("Server used SigAlg value %d that was not offered", sig_alg)); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + return MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; } MBEDTLS_SSL_DEBUG_MSG(2, ("Server used SignatureAlgorithm %d", sig_alg & 0x00FF)); From 5ffef2897161abf432d957442a7ddc5d96b1e87d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 12 Mar 2026 12:12:30 +0000 Subject: [PATCH 1478/1548] Fix code style Signed-off-by: Janos Follath --- library/ssl_tls12_client.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 841f911e66..76ec4b6c4b 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1757,7 +1757,8 @@ static int ssl_parse_signature_algorithm(mbedtls_ssl_context *ssl, */ if (*pk_alg == MBEDTLS_PK_SIGALG_NONE) { MBEDTLS_SSL_DEBUG_MSG(1, - ("Server used unsupported SignatureAlgorithm %d", sig_alg & 0x00FF)); + ("Server used unsupported SignatureAlgorithm %d", + sig_alg & 0x00FF)); return MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; } From 703c2a6d7c7ead396d170dfe5e1df28c6c074b2a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 13 Mar 2026 11:13:29 +0000 Subject: [PATCH 1479/1548] Fix a typo and an oversight DEBUG_C supposed to have been removed from the test dependencies, still being there is an oversight. Removing it was the sole purpose of 3e58109fbd. Signed-off-by: Janos Follath --- tests/suites/test_suite_ssl.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 6b3bca6edd..a283b65e53 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5725,12 +5725,12 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_ADDITIONAL_HASH:MBEDTLS_TEST_HAS_DEFAULT_EC_GROUP:MBEDTLS_DEBUG_C*/ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_ALG_SHA_256:MBEDTLS_TEST_HAS_ADDITIONAL_HASH:MBEDTLS_TEST_HAS_DEFAULT_EC_GROUP*/ void send_invalid_sig_alg(int sig, int hash, int expected_ret) { // This is a test about the client behaviour in case it receives a key exchange signed with a // sig_alg it didn't specify in the client hello. The input specifies a target_sig_alg, which we - // make sure that the client does not offer but the server does. Then we make the server beleive + // make sure that the client does not offer but the server does. Then we make the server believe // that target_sig_alg is the only one the client offered. // Remark: We need an additional hash algorithm offered, because if we don't have it, the server From 6714b3901775978bd6ed6681cc65b957f9c9966f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 13 Mar 2026 11:26:57 +0000 Subject: [PATCH 1480/1548] Improve ssl_parse_signature_algorithm Simplify and improve error reporting and remove unnecessary initialisation (the caller is responsible for initialising those values). Signed-off-by: Janos Follath --- library/ssl_tls12_client.c | 34 +++++++--------------------------- 1 file changed, 7 insertions(+), 27 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 76ec4b6c4b..a0170d51f6 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1740,32 +1740,10 @@ static int ssl_parse_signature_algorithm(mbedtls_ssl_context *ssl, mbedtls_md_type_t *md_alg, mbedtls_pk_sigalg_t *pk_alg) { - *md_alg = MBEDTLS_MD_NONE; - *pk_alg = MBEDTLS_PK_SIGALG_NONE; - if (mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg(sig_alg, pk_alg, md_alg) != 0) { - /* - * Check hash algorithm - */ - if (*md_alg == MBEDTLS_MD_NONE) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Server used unsupported HashAlgorithm %d", sig_alg >> 8)); - return MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; - } - - /* - * Check signature algorithm - */ - if (*pk_alg == MBEDTLS_PK_SIGALG_NONE) { - MBEDTLS_SSL_DEBUG_MSG(1, - ("Server used unsupported SignatureAlgorithm %d", - sig_alg & 0x00FF)); - return MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; - } - - /* - * This shouldn't happen, but be robust. - */ - MBEDTLS_SSL_DEBUG_MSG(1, ("Server used unsupported value in SigAlg extension %d", sig_alg)); + MBEDTLS_SSL_DEBUG_MSG(1, + ("Server used unsupported value in SigAlg extension 0x%04x", + sig_alg)); return MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; } @@ -1774,7 +1752,9 @@ static int ssl_parse_signature_algorithm(mbedtls_ssl_context *ssl, * TLS versions. Make sure that the received sig_alg extension is valid in TLS 1.2. */ if (!mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Server used unsupported value in SigAlg extension %d", sig_alg)); + MBEDTLS_SSL_DEBUG_MSG(1, + ("Server used unsupported value in SigAlg extension 0x%04x", + sig_alg)); return MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; } @@ -1782,7 +1762,7 @@ static int ssl_parse_signature_algorithm(mbedtls_ssl_context *ssl, * Check if the signature algorithm is acceptable */ if (!mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("Server used SigAlg value %d that was not offered", sig_alg)); + MBEDTLS_SSL_DEBUG_MSG(1, ("Server used SigAlg value 0x%04x that was not offered", sig_alg)); return MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; } From ae885590fb4179299b166a6c56b82bf1ee2a8441 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 10 Feb 2026 11:17:27 +0100 Subject: [PATCH 1481/1548] library: bulk replace MBEDTLS_RSA_C with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC Follow the same pattern that was used in the past to remove dependency on MBEDTLS_RSA_C and use PSA_WANT instead. Relying on MBEDTLS_RSA_C is fine only when builtin drivers are compiled since all PSA_WANT are converted to legacy build symbols. However when builtin drivers are not built (ex: in case of TF-M), then part of the code in TLS/X509 won't be compiled because MBEDTLS_RSA_C is not set. OTOH it's not possible to declare that symbol in a configuration file because it's a legacy one and it will be rejected by buildtime checks. Signed-off-by: Valerio Setti --- library/ssl_misc.h | 2 +- library/ssl_tls.c | 27 ++++++++++++++------------- library/ssl_tls12_server.c | 4 ++-- library/x509_crt.c | 4 ++-- library/x509_oid.c | 8 ++++---- 5 files changed, 23 insertions(+), 22 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 5f8980a20e..f0ca823f33 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2468,7 +2468,7 @@ static inline int mbedtls_ssl_tls12_sig_alg_is_supported( } switch (sig) { -#if defined(MBEDTLS_RSA_C) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) case MBEDTLS_SSL_SIG_RSA: break; #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6df6c4bd88..c99becd9bb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5271,17 +5271,17 @@ static const uint16_t ssl_preset_default_sig_algs[] = { MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, #endif -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_512) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) && defined(PSA_WANT_ALG_SHA_512) MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512, -#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_512 */ +#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC && PSA_WANT_ALG_SHA_512 */ -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_384) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) && defined(PSA_WANT_ALG_SHA_384) MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384, -#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_384 */ +#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC && PSA_WANT_ALG_SHA_384 */ -#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_256) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) && defined(PSA_WANT_ALG_SHA_256) MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, -#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 */ +#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC && PSA_WANT_ALG_SHA_256 */ MBEDTLS_TLS_SIG_NONE }; @@ -5297,7 +5297,7 @@ static const uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, #endif -#if defined(MBEDTLS_RSA_C) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512), #endif #endif /* PSA_WANT_ALG_SHA_512 */ @@ -5309,7 +5309,7 @@ static const uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384, #endif -#if defined(MBEDTLS_RSA_C) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384), #endif #endif /* PSA_WANT_ALG_SHA_384 */ @@ -5321,7 +5321,7 @@ static const uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, #endif -#if defined(MBEDTLS_RSA_C) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256), #endif #endif /* PSA_WANT_ALG_SHA_256 */ @@ -5615,7 +5615,8 @@ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf) } #if defined(MBEDTLS_PK_C) && \ - (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED)) + (defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED)) /* * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX */ @@ -5623,7 +5624,7 @@ unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk) { psa_key_type_t key_type = mbedtls_pk_get_key_type(pk); -#if defined(MBEDTLS_RSA_C) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) if (PSA_KEY_TYPE_IS_RSA(key_type)) { return MBEDTLS_SSL_SIG_RSA; } @@ -5651,7 +5652,7 @@ unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type) mbedtls_pk_sigalg_t mbedtls_ssl_pk_sig_alg_from_sig(unsigned char sig) { switch (sig) { -#if defined(MBEDTLS_RSA_C) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) case MBEDTLS_SSL_SIG_RSA: return MBEDTLS_PK_SIGALG_RSA_PKCS1V15; #endif @@ -5664,7 +5665,7 @@ mbedtls_pk_sigalg_t mbedtls_ssl_pk_sig_alg_from_sig(unsigned char sig) } } #endif /* MBEDTLS_PK_C && - ( MBEDTLS_RSA_C || MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED ) */ + ( PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC || MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED ) */ /* * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 94e61a8aca..e7b24c05c8 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1299,7 +1299,7 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA1), #endif -#if defined(MBEDTLS_RSA_C) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA1), #endif @@ -2246,7 +2246,7 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) */ ct_len = 0; -#if defined(MBEDTLS_RSA_C) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN; #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) diff --git a/library/x509_crt.c b/library/x509_crt.c index dc07ba8334..8fea9bf925 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -210,7 +210,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile, { const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type(pk); -#if defined(MBEDTLS_RSA_C) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) if (pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS) { if (mbedtls_pk_get_bitlen(pk) >= profile->rsa_min_bitlen) { return 0; @@ -218,7 +218,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile, return -1; } -#endif /* MBEDTLS_RSA_C */ +#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */ #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) if (pk_alg == MBEDTLS_PK_ECDSA || diff --git a/library/x509_oid.c b/library/x509_oid.c index cc0063bcd3..8c67cdfa1c 100644 --- a/library/x509_oid.c +++ b/library/x509_oid.c @@ -386,7 +386,7 @@ typedef struct { static const oid_sig_alg_t oid_sig_alg[] = { -#if defined(MBEDTLS_RSA_C) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) #if defined(PSA_WANT_ALG_MD5) { OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5"), @@ -433,7 +433,7 @@ static const oid_sig_alg_t oid_sig_alg[] = MBEDTLS_MD_SHA1, MBEDTLS_PK_SIGALG_RSA_PKCS1V15, }, #endif /* PSA_WANT_ALG_SHA_1 */ -#endif /* MBEDTLS_RSA_C */ +#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */ #if defined(PSA_HAVE_ALG_SOME_ECDSA) #if defined(PSA_WANT_ALG_SHA_1) { @@ -466,12 +466,12 @@ static const oid_sig_alg_t oid_sig_alg[] = }, #endif /* PSA_WANT_ALG_SHA_512 */ #endif /* PSA_HAVE_ALG_SOME_ECDSA */ -#if defined(MBEDTLS_RSA_C) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) { OID_DESCRIPTOR(MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS"), MBEDTLS_MD_NONE, MBEDTLS_PK_SIGALG_RSA_PSS, }, -#endif /* MBEDTLS_RSA_C */ +#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */ { NULL_OID_DESCRIPTOR, MBEDTLS_MD_NONE, MBEDTLS_PK_SIGALG_NONE, From ff2630664a26aa141331952ec9fa40d141a6248e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 10 Feb 2026 16:07:43 +0100 Subject: [PATCH 1482/1548] tests: bulk replace MBEDTLS_RSA_C with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY Signed-off-by: Valerio Setti --- tests/suites/test_suite_debug.data | 4 ++-- tests/suites/test_suite_error.data | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index d9a5c5c2ed..855a05d807 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -81,12 +81,12 @@ Debug print buffer #5 mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n" Debug print certificate #1 (RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_PK_WRITE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_PK_WRITE_C mbedtls_debug_print_crt:"../framework/data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: dumping 'crt->PK' (270 bytes)\nMyFile(0999)\: 0000\: 30 82 01 0a 02 82 01 01 00 a9 02 1f 3d 40 6a d5\nMyFile(0999)\: 0010\: 55 53 8b fd 36 ee 82 65 2e 15 61 5e 89 bf b8 e8\nMyFile(0999)\: 0020\: 45 90 db ee 88 16 52 d3 f1 43 50 47 96 12 59 64\nMyFile(0999)\: 0030\: 87 6b fd 2b e0 46 f9 73 be dd cf 92 e1 91 5b ed\nMyFile(0999)\: 0040\: 66 a0 6f 89 29 79 45 80 d0 83 6a d5 41 43 77 5f\nMyFile(0999)\: 0050\: 39 7c 09 04 47 82 b0 57 39 70 ed a3 ec 15 19 1e\nMyFile(0999)\: 0060\: a8 33 08 47 c1 05 42 a9 fd 4c c3 b4 df dd 06 1f\nMyFile(0999)\: 0070\: 4d 10 51 40 67 73 13 0f 40 f8 6d 81 25 5f 0a b1\nMyFile(0999)\: 0080\: 53 c6 30 7e 15 39 ac f9 5a ee 7f 92 9e a6 05 5b\nMyFile(0999)\: 0090\: e7 13 97 85 b5 23 92 d9 d4 24 06 d5 09 25 89 75\nMyFile(0999)\: 00a0\: 07 dd a6 1a 8f 3f 09 19 be ad 65 2c 64 eb 95 9b\nMyFile(0999)\: 00b0\: dc fe 41 5e 17 a6 da 6c 5b 69 cc 02 ba 14 2c 16\nMyFile(0999)\: 00c0\: 24 9c 4a dc cd d0 f7 52 67 73 f1 2d a0 23 fd 7e\nMyFile(0999)\: 00d0\: f4 31 ca 2d 70 ca 89 0b 04 db 2e a6 4f 70 6e 9e\nMyFile(0999)\: 00e0\: ce bd 58 89 e2 53 59 9e 6e 5a 92 65 e2 88 3f 0c\nMyFile(0999)\: 00f0\: 94 19 a3 dd e5 e8 9d 95 13 ed 29 db ab 70 12 dc\nMyFile(0999)\: 0100\: 5a ca 6b 17 ab 52 82 54 b1 02 03 01 00 01 \n" # Same as above, but with !MBEDTLS_PK_WRITE_C Debug print certificate #1.1 (RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO:!MBEDTLS_PK_WRITE_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:PSA_WANT_ALG_SHA_1:!MBEDTLS_X509_REMOVE_INFO:!MBEDTLS_PK_WRITE_C mbedtls_debug_print_crt:"../framework/data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\n" Debug print certificate #2 (EC) diff --git a/tests/suites/test_suite_error.data b/tests/suites/test_suite_error.data index 8565098286..ed9cf43a44 100644 --- a/tests/suites/test_suite_error.data +++ b/tests/suites/test_suite_error.data @@ -3,7 +3,7 @@ depends_on:MBEDTLS_AES_C error_strerror:-0x0020:"AES - Invalid key length" Single high error -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_X509_CRT_PARSE_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_X509_CRT_PARSE_C error_strerror:-0x2280:"X509 - The serial tag or value is invalid" Non existing high error @@ -14,4 +14,3 @@ error_strerror:-0x007F:"UNKNOWN ERROR CODE (007F)" Non existing low and high error error_strerror:-0x88FF:"UNKNOWN ERROR CODE (8880) \: UNKNOWN ERROR CODE (007F)" - From 2fab51329b40d975e67b2a38d0f0c54708aefdfe Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 10 Feb 2026 16:08:26 +0100 Subject: [PATCH 1483/1548] tests: bulk replace MBEDTLS_RSA_C with PSA_HAVE_ALG_SOME_RSA_VERIFY Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkcs7.data | 60 +- tests/suites/test_suite_pkcs7.function | 2 +- tests/suites/test_suite_x509parse.data | 1156 ++++++++++++------------ 3 files changed, 609 insertions(+), 609 deletions(-) diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index a9b23af368..1e9cdf3132 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -1,9 +1,9 @@ PKCS7 Signed Data Parse Pass SHA256 #1 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":MBEDTLS_PKCS7_SIGNED_DATA PKCS7 Signed Data Parse Pass SHA1 #2 -depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signed_sha1.der":MBEDTLS_PKCS7_SIGNED_DATA PKCS7 Signed Data Parse Pass Without CERT #3 @@ -15,51 +15,51 @@ depends_on:PSA_WANT_ALG_SHA_256 pkcs7_parse:"../framework/data_files/pkcs7_data_no_signers.der":MBEDTLS_PKCS7_SIGNED_DATA PKCS7 Signed Data Parse Fail with multiple certs #4 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY pkcs7_parse:"../framework/data_files/pkcs7_data_multiple_certs_signed.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE PKCS7 Signed Data Parse Fail with corrupted cert #5.0 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badcert.der":MBEDTLS_ERR_PKCS7_INVALID_CERT PKCS7 Signed Data Parse Fail with disabled alg #5.1 -depends_on:MBEDTLS_RSA_C:!PSA_WANT_ALG_SHA_512 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:!PSA_WANT_ALG_SHA_512 pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signed_sha512.der":MBEDTLS_ERR_PKCS7_INVALID_ALG PKCS7 Parse Fail with Inlined Content Info #5.2 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY pkcs7_parse:"../framework/data_files/pkcs7_data_with_signature.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE PKCS7 Signed Data Parse Fail with no RSA #5.3 -depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:!PSA_HAVE_ALG_SOME_RSA_VERIFY pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":MBEDTLS_ERR_PKCS7_INVALID_CERT PKCS7 Signed Data Parse Fail with corrupted signer info #6 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) PKCS7 Signed Data Parse Fail with corrupted signer info[1] invalid size #6.1 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner1_badsize.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Signed Data Parse Fail with corrupted signer info[2] invalid size #6.2 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner2_badsize.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Signed Data Parse Fail with corrupted signer info[1] unexpected tag #6.3 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner1_badtag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) PKCS7 Signed Data Parse Fail with corrupted signer info[2] unexpected tag #6.4 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner2_badtag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) PKCS7 Signed Data Parse Fail with corrupted signer info[1] fuzz bad #6.5 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner1_fuzzbad.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Signed Data Parse Fail with corrupted signer info[2] fuzz bad #6.6 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner2_fuzzbad.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Signed Data Parse Fail Version other than 1 #7 @@ -71,43 +71,43 @@ depends_on:PSA_WANT_ALG_SHA_256 pkcs7_parse:"../framework/data_files/pkcs7_data_cert_encrypted.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE PKCS7 Signed Data Verification Pass zero-len data -depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY pkcs7_verify:"../framework/data_files/pkcs7_zerolendata_detached.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_zerolendata.bin":0:0 PKCS7 Signed Data Verification Fail zero-len data -depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY pkcs7_verify:"../framework/data_files/pkcs7_zerolendata_detached.der":"../framework/data_files/pkcs7-rsa-sha256-2.der":"../framework/data_files/pkcs7_zerolendata.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED PKCS7 Signed Data Verification Pass SHA256 #9 -depends_on:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_data.bin":0:0 PKCS7 Signed Data Verification Pass SHA256 #9.1 -depends_on:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0 PKCS7 Signed Data Verification Pass SHA1 #10 -depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha1.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_data.bin":0:0 PKCS7 Signed Data Verification Pass SHA512 #11 -depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha512.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_data.bin":0:0 PKCS7 Signed Data Verification Fail because of different certificate #12 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-sha256-2.der":"../framework/data_files/pkcs7_data.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED PKCS7 Signed Data Verification Fail because of different data hash #13 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_data_1.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED PKCS7 Signed Data Parse Failure Corrupt signerInfo.issuer #15.1 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY pkcs7_parse:"../framework/data_files/pkcs7_signerInfo_issuer_invalid_size.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Signed Data Parse Failure Corrupt signerInfo.serial #15.2 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY pkcs7_parse:"../framework/data_files/pkcs7_signerInfo_serial_invalid_size.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Signed Data Parse Fail Corrupt signerInfos[2] (6213931373035520) @@ -119,19 +119,19 @@ depends_on:PSA_WANT_ALG_SHA_256 pkcs7_parse:"../framework/data_files/pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Only Signed Data Parse Pass #15 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signeddata_sha256.der":MBEDTLS_PKCS7_SIGNED_DATA PKCS7 Signed Data Verify with multiple(2) signers #16.0 -depends_on:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY pkcs7_verify:"../framework/data_files/pkcs7_data_multiple_signed.der":"../framework/data_files/pkcs7-rsa-sha256-1.crt ../framework/data_files/pkcs7-rsa-sha256-2.crt":"../framework/data_files/pkcs7_data.bin":0:0 PKCS7 Signed Data Verify with multiple(3) signers #16.1 -depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_MEMORY_BUFFER_ALLOC_C +depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_MEMORY_BUFFER_ALLOC_C:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY pkcs7_verify:"../framework/data_files/pkcs7_data_3_signed.der":"../framework/data_files/pkcs7-rsa-sha256-1.crt ../framework/data_files/pkcs7-rsa-sha256-2.crt ../framework/data_files/pkcs7-rsa-sha256-3.crt":"../framework/data_files/pkcs7_data.bin":0:0 PKCS7 Signed Data Hash Verify with multiple signers #17 -depends_on:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY pkcs7_verify:"../framework/data_files/pkcs7_data_multiple_signed.der":"../framework/data_files/pkcs7-rsa-sha256-1.crt ../framework/data_files/pkcs7-rsa-sha256-2.crt":"../framework/data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0 PKCS7 Signed Data Hash Verify Fail with multiple signers #18 @@ -147,11 +147,11 @@ depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_HAVE_TIME_DATE pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-expired.crt":"../framework/data_files/pkcs7_data.bin":0:MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID PKCS7 Signed Data Verify Fail Expired Cert #19 no DATE_TIME 1 -depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_HAVE_TIME_DATE:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_HAVE_TIME_DATE:PSA_HAVE_ALG_SOME_RSA_VERIFY pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-expired.crt":"../framework/data_files/pkcs7_data.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED PKCS7 Signed Data Verify Fail Expired Cert #19 no TIME_DATE 2 -depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_HAVE_TIME_DATE:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_HAVE_TIME_DATE:PSA_HAVE_ALG_SOME_RSA_VERIFY pkcs7_verify:"../framework/data_files/pkcs7_data_rsa_expired.der":"../framework/data_files/pkcs7-rsa-expired.crt":"../framework/data_files/pkcs7_data_1.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED PKCS7 Parse Failure Invalid ASN1: Add null byte to start #20.0 diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 91e0e46ae3..9eccabab22 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -71,7 +71,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY */ void pkcs7_verify(char *pkcs7_file, char *crt_files, char *filetobesigned, diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 0ca27a9d68..688c0e5b84 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1,49 +1,49 @@ X509 CRT information #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_cert_info:"../framework/data_files/parse_input/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information #1 (DER) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_cert_info:"../framework/data_files/parse_input/server1.crt.der":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information #2 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_cert_info:"../framework/data_files/parse_input/server2.crt":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information #2 (DER) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_cert_info:"../framework/data_files/parse_input/server2.crt.der":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information #3 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_cert_info:"../framework/data_files/parse_input/test-ca.crt":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-02-10 14\:44\:00\nexpires on \: 2029-02-10 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" X509 CRT information #3 (DER) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_cert_info:"../framework/data_files/parse_input/test-ca.crt.der":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-02-10 14\:44\:00\nexpires on \: 2029-02-10 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" X509 CRT information MD5 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_MD5 x509_cert_info:"../framework/data_files/parse_input/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_cert_info:"../framework/data_files/parse_input/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224 x509_cert_info:"../framework/data_files/parse_input/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/cert_sha256.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_384 x509_cert_info:"../framework/data_files/parse_input/cert_sha384.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_512 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_512 x509_cert_info:"../framework/data_files/parse_input/cert_sha512.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information RSA-PSS, SHA1 Digest @@ -107,19 +107,19 @@ depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/server5-fan.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nissued on \: 2023-06-20 09\:49\:35\nexpires on \: 2033-06-17 09\:49\:35\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\next key usage \: Wi-SUN Alliance Field Area Network (FAN)\n" X509 CRT information, NS Cert Type -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_cert_info:"../framework/data_files/parse_input/server1.cert_type.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n" X509 CRT information, Key Usage -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_cert_info:"../framework/data_files/parse_input/server1.key_usage.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CRT information, Key Usage with decipherOnly -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_cert_info:"../framework/data_files/parse_input/keyUsage.decipherOnly.crt":"cert. version \: 3\nserial number \: 9B\:13\:CE\:4C\:A5\:6F\:DE\:52\nissuer name \: C=GB, L=Cambridge, O=Default Company Ltd\nsubject name \: C=GB, L=Cambridge, O=Default Company Ltd\nissued on \: 2015-05-12 10\:36\:55\nexpires on \: 2018-05-11 10\:36\:55\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment, Decipher Only\n" X509 CRT information, Subject Alt Name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2019-07-10 11\:27\:52\nexpires on \: 2029-07-10 11\:27\:52\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n" X509 CRT information, Multiple different Subject Alt Name @@ -127,19 +127,19 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256: x509_cert_info:"../framework/data_files/parse_input/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n dNSName \: example.net\n dNSName \: *.example.org\n" X509 CRT information, Subject Alt Name + Key Usage -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_cert_info:"../framework/data_files/parse_input/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: www.shotokan-braunschweig.de\n dNSName \: www.massimo-abate.eu\n iPAddress \: 192.168.1.1\n iPAddress \: 192.168.69.144\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CRT information, Subject Alt Name with uniformResourceIdentifier -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/rsa_single_san_uri.crt.der":"cert. version \: 3\nserial number \: 6F\:75\:EB\:E9\:6D\:25\:BC\:88\:82\:62\:A3\:E0\:68\:A7\:37\:3B\:EC\:75\:8F\:9C\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:38\:05\nexpires on \: 2043-02-09 10\:38\:05\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CRT information, Subject Alt Name with two uniformResourceIdentifiers -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/rsa_multiple_san_uri.crt.der":"cert. version \: 3\nserial number \: 08\:E2\:93\:18\:91\:26\:D8\:46\:88\:90\:10\:4F\:B5\:86\:CB\:C4\:78\:E6\:EA\:0D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:37\:50\nexpires on \: 2043-02-09 10\:37\:50\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-abcde1234567\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CRT information, RSA Certificate Policy any -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/test-ca-any_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" X509 CRT information, ECDSA Certificate Policy any @@ -147,7 +147,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384: x509_cert_info:"../framework/data_files/parse_input/test-ca-any_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" X509 CRT information, RSA Certificate Policy any with qualifier -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/test-ca-any_policy_with_qualifier.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" X509 CRT information, ECDSA Certificate Policy any with qualifier @@ -155,7 +155,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384: x509_cert_info:"../framework/data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" X509 CRT information, RSA Certificate multiple Policies -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/test-ca-multi_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" X509 CRT information, ECDSA Certificate multiple Policies @@ -163,7 +163,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384: x509_cert_info:"../framework/data_files/parse_input/test-ca-multi_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" X509 CRT information, RSA Certificate unsupported policy -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/test-ca-unsupported_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" X509 CRT information, ECDSA Certificate unsupported policy @@ -171,27 +171,27 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384: x509_cert_info:"../framework/data_files/parse_input/test-ca-unsupported_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" X509 CRT information, Key Usage + Extended Key Usage -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\next key usage \: TLS Web Server Authentication\n" X509 CRT information RSA signed by EC -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA x509_cert_info:"../framework/data_files/parse_input/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information EC signed by RSA -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_cert_info:"../framework/data_files/parse_input/server5-rsa-signed.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2025-12-01 10\:15\:30\nexpires on \: 2035-12-01 10\:15\:30\nsigned using \: RSA with SHA-256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 CRT information Bitstring in subject name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_cert_info:"../framework/data_files/parse_input/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=#030B0037313031303132323535\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n" X509 CRT information Non-ASCII string in issuer name and subject name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 Ltd, CN=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 CA\nsubject name \: C=JP, ST=Tokyo, O=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 Ltd, CN=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" X509 CRT information Parsing IPv4 and IPv6 IP names -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C +depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_cert_info:"../framework/data_files/server5-tricky-ip-san.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS Tricky IP SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS Tricky IP SAN\nissued on \: 2023-06-05 11\:30\:36\nexpires on \: 2033-06-02 11\:30\:36\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n iPAddress \: 97.98.99.100\n iPAddress \: 6162\:6364\:2E65\:7861\:6D70\:6C65\:2E63\:6F6D\n" X509 SAN parsing otherName @@ -215,7 +215,7 @@ depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 x509_parse_san:"../framework/data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 SAN parsing dNSName -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_parse_san:"../framework/data_files/parse_input/cert_example_multi.crt":"type \: 2\ndNSName \: example.com\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n":0 X509 SAN parsing Multiple different types @@ -223,7 +223,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256: x509_parse_san:"../framework/data_files/parse_input/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n":0 X509 SAN parsing, no subject alt name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA x509_parse_san:"../framework/data_files/parse_input/server4.crt":"":0 X509 SAN parsing, unsupported otherName name @@ -231,39 +231,39 @@ depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 x509_parse_san:"../framework/data_files/parse_input/server5-unsupported_othername.crt.der":"":0 X509 SAN parsing rfc822Name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_parse_san:"../framework/data_files/parse_input/test_cert_rfc822name.crt.der":"type \: 1\nrfc822Name \: my@other.address\ntype \: 1\nrfc822Name \: second@other.address\n":0 X509 CRT information Parsing IP (invalid data) -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C +depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_parse_san:"../framework/data_files/server5-tricky-ip-san-malformed-len.crt.der":"":MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 CRL information #1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information MD5 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_MD5:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_MD5:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n" X509 CRL Information SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_224:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_224:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n" X509 CRL Information SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n" X509 CRL Information SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_384:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n" X509 CRL Information SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_512:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_512:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crl_info:"../framework/data_files/parse_input/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n" X509 CRL information RSA-PSS, SHA1 Digest @@ -311,39 +311,39 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_512:PSA_HAVE_ mbedtls_x509_crl_parse:"../framework/data_files/parse_input/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT X509 CRL Unsupported critical extension (issuingDistributionPoint) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 mbedtls_x509_crl_parse:"../framework/data_files/parse_input/crl-idp.pem":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRL Unsupported non-critical extension (issuingDistributionPoint) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 mbedtls_x509_crl_parse:"../framework/data_files/parse_input/crl-idpnc.pem":0 X509 CSR Information RSA with MD5 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_MD5:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_MD5:PSA_HAVE_ALG_SOME_RSA_VERIFY:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_RSA_VERIFY:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA224 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_224:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_224:PSA_HAVE_ALG_SOME_RSA_VERIFY:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA256 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA384 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_384:PSA_HAVE_ALG_SOME_RSA_VERIFY:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA512 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_512:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_512:PSA_HAVE_ALG_SOME_RSA_VERIFY:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA256, containing commas -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1.req.commas.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 CSR Information EC with SHA1 @@ -387,23 +387,23 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_ mbedtls_x509_csr_info:"../framework/data_files/parse_input/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA with SHA256 - Microsoft header -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"../framework/data_files/parse_input/server1-ms.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 CSR Information v3 extensions #1 (all) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"../framework/data_files/parse_input/test_csr_v3_all.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\ncert. type \: SSL Client\nkey usage \: CRL Sign\n" X509 CSR Information v3 extensions #2 (nsCertType only) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"../framework/data_files/parse_input/test_csr_v3_nsCertType.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Server\n" X509 CSR Information v3 extensions #3 (subjectAltName only) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"../framework/data_files/parse_input/test_csr_v3_subjectAltName.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n" X509 CSR Information v3 extensions #4 (keyUsage only) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"../framework/data_files/parse_input/test_csr_v3_keyUsage.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Key Encipherment\n" X509 Verify Information: empty @@ -428,55 +428,55 @@ X509 Verify Information: two issues, with prefix x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n" X509 Get Distinguished Name #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 mbedtls_x509_dn_gets:"../framework/data_files/server1.crt":"subject":"C=NL, O=PolarSSL, CN=PolarSSL Server 1" X509 Get Distinguished Name #2 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 mbedtls_x509_dn_gets:"../framework/data_files/server1.crt":"issuer":"C=NL, O=PolarSSL, CN=PolarSSL Test CA" X509 Get Distinguished Name #3 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 mbedtls_x509_dn_gets:"../framework/data_files/server2.crt":"subject":"C=NL, O=PolarSSL, CN=localhost" X509 Get Distinguished Name #4 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 mbedtls_x509_dn_gets:"../framework/data_files/server2.crt":"issuer":"C=NL, O=PolarSSL, CN=PolarSSL Test CA" X509 Get Distinguished Name #5 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 mbedtls_x509_dn_gets:"../framework/data_files/server1.commas.crt":"subject":"C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1" X509 Get Distinguished Name #6 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 mbedtls_x509_dn_gets:"../framework/data_files/server1.hashsymbol.crt":"subject":"C=NL, O=\\#PolarSSL, CN=PolarSSL Server 1" X509 Get Distinguished Name #7 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 mbedtls_x509_dn_gets:"../framework/data_files/server1.spaces.crt":"subject":"C=NL, O=\\ PolarSSL\\ , CN=PolarSSL Server 1" X509 Get Distinguished Name #8 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 mbedtls_x509_dn_gets:"../framework/data_files/server1.asciichars.crt":"subject":"C=NL, O=\\E6\\9E\\81\\E5\\9C\\B0SSL, CN=PolarSSL Server 1" X509 Get Modified DN #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 mbedtls_x509_dn_gets_subject_replace:"../framework/data_files/server1.crt":"Modified":"C=NL, O=Modified, CN=PolarSSL Server 1":0 X509 Get Modified DN #2 Name exactly 255 bytes -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 mbedtls_x509_dn_gets_subject_replace:"../framework/data_files/server1.crt":"123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345":"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345, CN=PolarSSL Server 1":0 X509 Get Modified DN #3 Name exceeds 255 bytes -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 mbedtls_x509_dn_gets_subject_replace:"../framework/data_files/server1.crt":"1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456":"":MBEDTLS_ERR_X509_BUFFER_TOO_SMALL X509 Get Modified DN #4 Name exactly 255 bytes, with comma requiring escaping -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 mbedtls_x509_dn_gets_subject_replace:"../framework/data_files/server1.crt":"1234567890,1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234":"":MBEDTLS_ERR_X509_BUFFER_TOO_SMALL X509 Get Modified DN #5 Name exactly 255 bytes, ending with comma requiring escaping -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 mbedtls_x509_dn_gets_subject_replace:"../framework/data_files/server1.crt":"12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234,":"":MBEDTLS_ERR_X509_BUFFER_TOO_SMALL X509 Get Next DN #1 No Multivalue RDNs @@ -532,27 +532,27 @@ X509 Get Name Corrupted DN Mem Leak mbedtls_x509_get_name:"310B3009060355040613024E4C3111300F060355040A0C08506F6C617253534C3019301706035504030C10506F6C617253534C2054657374204341":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 Time Expired #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 mbedtls_x509_time_is_past:"../framework/data_files/server1.crt":"valid_from":1 X509 Time Expired #2 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 mbedtls_x509_time_is_past:"../framework/data_files/server1.crt":"valid_to":0 X509 Time Expired #3 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 mbedtls_x509_time_is_past:"../framework/data_files/server2.crt":"valid_from":1 X509 Time Expired #4 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 mbedtls_x509_time_is_past:"../framework/data_files/server2.crt":"valid_to":0 X509 Time Expired #5 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 mbedtls_x509_time_is_past:"../framework/data_files/test-ca.crt":"valid_from":1 X509 Time Expired #6 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 mbedtls_x509_time_is_past:"../framework/data_files/test-ca.crt":"valid_to":0 X509 Time Future #1 @@ -580,7 +580,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384: mbedtls_x509_time_is_future:"../framework/data_files/test-ca2.crt":"valid_to":1 X509 CRT verification #1 (Revoked Cert, Expired CRL, no CN) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" X509 CRT verification #1a (Revoked Cert, Future CRL, no CN) @@ -588,7 +588,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PS x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 CRT verification #2 (Revoked Cert, Expired CRL) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl_expired.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" X509 CRT verification #2a (Revoked Cert, Future CRL) @@ -596,7 +596,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PS x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 CRT verification #3 (Revoked Cert, Future CRL, CN Mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 CRT verification #3a (Revoked Cert, Expired CRL, CN Mismatch) @@ -604,7 +604,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PS x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 CRT verification #4 (Valid Cert, Expired CRL) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" X509 CRT verification #4a (Revoked Cert, Future CRL) @@ -612,27 +612,27 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PS x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 CRT verification #5 (Revoked Cert) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 CRT verification #5' (Revoked Cert, differing DN string formats #1) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_utf8.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 CRT verification #5'' (Revoked Cert, differing DN string formats #2) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_printable.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 CRT verification #5''' (Revoked Cert, differing upper and lower case) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_uppercase.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 CRT verification #6 (Revoked Cert) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 CRT verification #7 (Revoked Cert, CN Mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 CRT verification #8 (Valid Cert) @@ -648,115 +648,115 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PS x509_verify:"../framework/data_files/server5-future.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" X509 CRT verification #8c (Expired Cert, longer chain) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server7-expired.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" X509 CRT verification #8d (Future Cert, longer chain) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server7-future.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" X509 CRT verification #9 (Not trusted Cert) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/server1.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #10 (Not trusted Cert, Expired CRL) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/server1.crt":"../framework/data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #13 (Valid Cert MD5 Digest, MD5 forbidden) -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_MD5:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_md5.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL" X509 CRT verification #13 (Valid Cert MD5 Digest, MD5 allowed) -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_MD5:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_md5.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"all":"NULL" X509 CRT verification #14 (Valid Cert SHA1 Digest explicitly allowed in profile) -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_sha1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #14 (Valid Cert SHA1 Digest forbidden in default profile) -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_sha1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"":"NULL" X509 CRT verification #15 (Valid Cert SHA224 Digest) -depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_sha224.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #16 (Valid Cert SHA256 Digest) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_sha256.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #17 (Valid Cert SHA384 Digest) -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_sha384.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #18 (Valid Cert SHA512 Digest) -depends_on:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_sha512.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #19 (Valid Cert, denying callback) -depends_on:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_sha512.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"compat":"verify_none" X509 CRT verification #19 (Not trusted Cert, allowing callback) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/server1.crt":"../framework/data_files/crl_expired.pem":"NULL":0:0:"compat":"verify_all" X509 CRT verification #21 (domain matching wildcard certificate, case insensitive) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_example_wildcard.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"mail.ExAmPlE.com":0:0:"compat":"NULL" X509 CRT verification #22 (domain not matching wildcard certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_example_wildcard.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"mail.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 CRT verification #23 (domain not matching wildcard certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_example_wildcard.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 CRT verification #24 (domain matching CN of multi certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"www.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 CRT verification #25 (domain matching multi certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"example.net":0:0:"compat":"NULL" X509 CRT verification #26 (domain not matching multi certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 CRT verification #27.1 (domain not matching multi certificate: suffix) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"xample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 CRT verification #27.2 (domain not matching multi certificate: head junk) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"bexample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 CRT verification #28 (domain not matching wildcard in multi certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"example.org":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 CRT verification #29 (domain matching wildcard in multi certificate) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/cert_example_multi.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"mail.example.org":0:0:"compat":"NULL" X509 CRT verification #30 (domain matching multi certificate without CN) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify:"../framework/data_files/cert_example_multi_nocn.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"www.shotokan-braunschweig.de":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #31 (domain not matching multi certificate without CN) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify:"../framework/data_files/cert_example_multi_nocn.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH + MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #32 (Valid, EC cert, RSA CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 x509_verify:"../framework/data_files/server5-rsa-signed.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #33 (Valid, RSA cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ECC_SECP_R1_384 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ECC_SECP_R1_384 x509_verify:"../framework/data_files/server4.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #34 (Valid, EC cert, EC CA) @@ -784,7 +784,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PS x509_verify:"../framework/data_files/server5-sha512.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #40 (Valid, depth 0, RSA, CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 x509_verify:"../framework/data_files/test-ca.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #41 (Valid, depth 0, EC, CA) @@ -792,7 +792,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_25 x509_verify:"../framework/data_files/test-ca2.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #42 (Depth 0, not CA, RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/server2.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #43 (Depth 0, not CA, EC) @@ -804,35 +804,35 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_25 x509_verify:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #45 (Corrupted signature, RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_verify:"../framework/data_files/server2-badsign.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #45b (Corrupted signature, intermediate CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 x509_verify:"../framework/data_files/server7-badsign.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #46 (Valid, depth 2, EC-RSA-EC) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_256 x509_verify:"../framework/data_files/server7_int-ca.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #47 (Untrusted, depth 2, EC-RSA-EC) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 x509_verify:"../framework/data_files/server7_int-ca.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #48 (Missing intermediate CA, EC-RSA-EC) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 x509_verify:"../framework/data_files/server7.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #49 (Valid, depth 2, RSA-EC-RSA) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 x509_verify:"../framework/data_files/server8_int-ca2.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #50 (Valid, multiple CAs) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #51 (Valid, multiple CAs, reverse order) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/test-ca_cat21.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #52 (CA keyUsage valid) @@ -844,7 +844,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PS x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.ku-crt.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #54 (CA keyUsage missing cRLSign, no CRL) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.ku-crt.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #55 (CA keyUsage missing keyCertSign) @@ -856,7 +856,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PS x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.ku-ds.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #57 (Valid, RSASSA-PSS, SHA-1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/server9.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #58 (Valid, RSASSA-PSS, SHA-224) @@ -884,7 +884,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_ x509_verify:"../framework/data_files/server9.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1-badsign.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #64 (Valid, RSASSA-PSS, SHA-1, not top) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/server9-with-ca.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #65 (RSASSA-PSS, SHA1, bad cert signature) @@ -904,51 +904,51 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_ x509_verify:"../framework/data_files/server9-bad-saltlen.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #70 (v1 trusted CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 x509_verify:"../framework/data_files/server1-v1.crt":"../framework/data_files/test-ca-v1.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #71 (v1 trusted CA, other) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 x509_verify:"../framework/data_files/server2-v1.crt":"../framework/data_files/server1-v1.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #72 (v1 chain) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 x509_verify:"../framework/data_files/server2-v1-chain.crt":"../framework/data_files/test-ca-v1.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #73 (selfsigned trusted without CA bit) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify:"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #74 (signed by selfsigned trusted without CA bit) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify:"../framework/data_files/server6-ss-child.crt":"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #75 (encoding mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/enco-cert-utf8str.pem":"../framework/data_files/enco-ca-prstr.pem":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #76 (multiple CRLs, not revoked) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #77 (multiple CRLs, revoked) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 CRT verification #78 (multiple CRLs, revoked by second) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 CRT verification #79 (multiple CRLs, revoked by future) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 CRT verification #80 (multiple CRLs, first future, revoked by second) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 CRT verification #81 (multiple CRLs, none relevant) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_1 x509_verify:"../framework/data_files/enco-cert-utf8str.pem":"../framework/data_files/enco-ca-prstr.pem":"../framework/data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #82 (Not yet valid CA and valid CA) @@ -976,11 +976,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_25 x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-past-invalid.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" X509 CRT verification #88 (Spurious cert in the chain) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/server7_spurious_int-ca.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #89 (Spurious cert later in the chain) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify:"../framework/data_files/server10_int3_spurious_int-ca2.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #90 (EE with same name as trusted root) @@ -988,11 +988,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_25 x509_verify:"../framework/data_files/server5-ss-forgeca.crt":"../framework/data_files/test-int-ca3.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"":"NULL" X509 CRT verification #91 (same CA with good then bad key) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca-good-alt.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #91 (same CA with bad then good key) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca-alt-good.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #92 (bad name, allowing callback) @@ -1000,11 +1000,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PS x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all" X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_K1_256:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_K1_256:PSA_WANT_ALG_SHA_1 x509_verify:"../framework/data_files/server11-rsa-signed.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL" X509 CRT verification #94 (Suite B invalid, RSA cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PKCS1_V15:PSA_WANT_ECC_SECP_R1_384 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify:"../framework/data_files/server4.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_PK:"suite_b":"NULL" X509 CRT verification #95 (Suite B Valid, EC cert, EC CA) @@ -1012,63 +1012,63 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PS x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL" X509 CRT verification #96 (next profile Invalid Cert SHA224 Digest) -depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_1 x509_verify:"../framework/data_files/cert_sha224.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL" X509 CRT verification #97 (next profile Valid Cert SHA256 Digest) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_verify:"../framework/data_files/cert_sha256.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL" X509 CRT verification #98 (Revoked Cert, revocation date in the future, _with_ MBEDTLS_HAVE_TIME_DATE) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 CRT verification #99 (Revoked Cert, revocation date in the future, _without_ MBEDTLS_HAVE_TIME_DATE) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_RSA_VERIFY:!MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 CRT verification: domain identical to IPv4 in SubjectAltName -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C +depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"abcd":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" X509 CRT verification: domain identical to IPv6 in SubjectAltName -depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C +depends_on:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"abcd.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" X509 CRT verification: matching IPv4 in SubjectAltName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C +depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"97.98.99.100":0:0:"":"NULL" X509 CRT verification: mismatching IPv4 in SubjectAltName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C +depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"7.8.9.10":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" X509 CRT verification: IPv4 with trailing data in SubjectAltName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C +depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"97.98.99.100?":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" X509 CRT verification: matching IPv6 in SubjectAltName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C +depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"6162\:6364\:2E65\:7861\:6D70\:6C65\:2E63\:6F6D":0:0:"":"NULL" X509 CRT verification: mismatching IPv6 in SubjectAltName -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C +depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify:"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/server5-tricky-ip-san.crt.der":"../framework/data_files/crl_sha256.pem":"6162\:6364\:\:6F6D":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" X509 CRT verification: matching URI in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify:"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/crl_sha256.pem":"urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":0:0:"":"NULL" X509 CRT verification: URI with trailing data in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify:"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/crl_sha256.pem":"urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609cz":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" X509 CRT verification: URI with preceding data in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify:"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/crl_sha256.pem":"zurn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" X509 CRT verification: URI with bad data in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify:"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/rsa_single_san_uri.crt.der":"../framework/data_files/crl_sha256.pem":"bad\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" X509 CRT parse CN: IPv4 valid address @@ -1171,7 +1171,7 @@ X509 CRT parse CN: IPv6 invalid address IPv4-mapped #3 x509_crt_parse_cn_inet_pton:"\:\:1.2.3.4\:ffff":"":0 X509 CRT verification with ca callback: failure -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_RSA_VERIFY:MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK x509_verify_ca_cb_failure:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"NULL":MBEDTLS_ERR_X509_FATAL_ERROR X509 CRT verification callback: bad name @@ -1187,7 +1187,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PS x509_verify_callback:"../framework/data_files/server5-ss-expired.crt":"../framework/data_files/server5-ss-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial D8\:64\:61\:05\:E3\:A3\:CD\:78 - subject C=UK, O=mbed TLS, OU=testsuite, CN=localhost - flags 0x00000001\n" X509 CRT verification callback: simple -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY x509_verify_callback:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 CRT verification callback: simple, EE expired @@ -1199,55 +1199,55 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PS x509_verify_callback:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 CRT verification callback: two trusted roots -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 x509_verify_callback:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 CRT verification callback: two trusted roots, reversed order -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 x509_verify_callback:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 CRT verification callback: root included -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 x509_verify_callback:"../framework/data_files/server1_ca.crt":"../framework/data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 CRT verification callback: intermediate ca -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 x509_verify_callback:"../framework/data_files/server7_int-ca.crt":"../framework/data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 CRT verification callback: intermediate ca, root included -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 x509_verify_callback:"../framework/data_files/server7_int-ca_ca2.crt":"../framework/data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 CRT verification callback: intermediate ca trusted -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_256 x509_verify_callback:"../framework/data_files/server7_int-ca_ca2.crt":"../framework/data_files/test-int-ca.crt":"NULL":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 CRT verification callback: intermediate ca, EE expired -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"../framework/data_files/server7-expired.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n" X509 CRT verification callback: intermediate ca, int expired -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"../framework/data_files/server7_int-ca-exp.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 CRT verification callback: intermediate ca, root expired -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"../framework/data_files/server7_int-ca.crt":"../framework/data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 CRT verification callback: two intermediates -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 x509_verify_callback:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" X509 CRT verification callback: two intermediates, root included -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 x509_verify_callback:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" X509 CRT verification callback: two intermediates, top int trusted -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_verify_callback:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":"NULL":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" X509 CRT verification callback: two intermediates, low int trusted -depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 x509_verify_callback:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-int-ca3.crt":"NULL":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" X509 CRT verification callback: no intermediate, bad signature @@ -1255,7 +1255,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PS x509_verify_callback:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n" X509 CRT verification callback: one intermediate, bad signature -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 x509_verify_callback:"../framework/data_files/server7-badsign.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n" X509 CRT ASN1 (Empty Certificate) @@ -1292,120 +1292,120 @@ X509 CRT ASN1 (inv TBS, length out of bounds) x509parse_crt:"30023003":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS empty) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"30153000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, invalid version tag, serial missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"301730020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, valid outer version tag, no outer length) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"30163001a0300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv inner version tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"30193004a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, valid inner version tag, no inner length) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"30183003a00102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, valid inner version tag, inv inner length encoding) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"30193004a0020285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, valid inner version tag, inner length too large for int) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY # tbsCertificate.version = 0x01000000000000000000000000000000 rejected by mbedtls_asn1_get_int x509parse_crt:"30293014a012021001000000000000000000000000000000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, valid inner version tag, inner vs. outer length mismatch) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"301b3006a00402010200300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, valid version tag, length exceeds TBS) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"30293014a012021100000000000000000000000000000000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, valid version tag + length, unknown version number 3) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"308196308180a0030201038204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION X509 CRT ASN1 (TBS, valid version tag + length, unknown version number 4) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"308196308180a0030201048204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION X509 CRT ASN1 (TBS, valid version tag + length, version number overflow) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"308199308183a00602047FFFFFFF8204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION X509 CRT ASN1 (TBS, serial missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"301a3005a003020102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv serial, tag wrong) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"301c3007a0030201020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv serial, length missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"301b3006a00302010282300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv serial, inv length encoding) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"301c3007a0030201028285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv serial, length out of bounds) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"301c3007a0030201028201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, AlgID missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"3020300ba0030201028204deadbeef300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv AlgID, tag wrong) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"3022300da0030201028204deadbeef0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv AlgID, OID missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"307b3073a0030201008204deadbeef3000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff0201033000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv AlgID, OID tag wrong) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"307f3075a0030201008204deadbeef30020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv AlgID, OID inv length encoding) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"307f3075a0030201008204deadbeef30020685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv AlgID, OID length out of bounds) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"307f3075a0030201008204deadbeef30020601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv AlgID, OID empty) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330020600030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) X509 CRT ASN1 (TBS, inv AlgID, OID unknown) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff02010330060604deadbeef030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) X509 CRT ASN1 (TBS, inv AlgID, param inv length encoding) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0685300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0685030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv AlgID, param length out of bounds) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0601300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0601030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv AlgID, param length mismatch) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"30819a308182a0030201008204deadbeef300f06092a864886f70d01010b06010000300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300f06092a864886f70d01010b06010000030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv AlgID, params present but empty) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0600030200ff":"":MBEDTLS_ERR_X509_INVALID_ALG X509 CRT ASN1 (TBS, inv AlgID, bad RSASSA-PSS params) @@ -1413,379 +1413,379 @@ depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_X509_RSASSA_PSS_SUPPORT x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010a3100300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010a3100030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, Issuer missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"302f301aa0030201008204deadbeef300d06092a864886f70d01010b0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, RDNSequence inv tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b05000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Issuer, RDNSequence length missing) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"3030301ba0030201008204deadbeef300d06092a864886f70d01010b050030300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, RDNSequence inv length encoding) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b05003085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Issuer, RDNSequence length out of bounds) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"3031301ca0030201008204deadbeef300d06092a864886f70d01010b05003001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, RDNSequence empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081893074a0030201028204deadbeef300d06092a864886f70d01010b05003000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, RDN inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Issuer, RDN inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023185301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Issuer, RDN length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023101301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, RDN empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b050030023100301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023085301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023001301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300431023000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv no length data) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b050030053103300106301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020685301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue type length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020601301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b05003006310430020600301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000500301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b050030073105300306000c301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000C85301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b050030083106300406000c01301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Issuer, AttrTypeAndValue value length mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300a3108300606000c010000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv Issuer, 2nd AttributeTypeValue empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300e310c300806000c04546573743000301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, Validity missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"303d3028a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c0454657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573740500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Validity, length field missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"303e3029a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Validity, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"303f302aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notBefore missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30793064a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743000300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notBefore inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430020500300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Validity, notBefore no length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"307a3065a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c0454657374300117300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notBefore inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c04546573743002178f300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Validity, notBefore length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"307b3066a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a300806000c045465737430021701300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notBefore empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a3008060013045465737430101700170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE X509 CRT ASN1 (TBS, inv Validity, notBefore invalid) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE X509 CRT ASN1 (TBS, inv Validity, notAfter missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300e170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notAfter inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935390500300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Validity, notAfter length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374300f170c30393132333132333539353917300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notAfter inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391785300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Validity, notAfter length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391701300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Validity, notAfter empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a300806001304546573743010170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE X509 CRT ASN1 (TBS, inv Validity, notAfter invalid) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303931323331323335393539170c303930313031303000000000300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_DATE X509 CRT ASN1 (TBS, inv Validity, data remaining after 'notAfter') -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303930313031303030303030170c3039313233313233353935391700300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, Subject missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"305b3046a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, RDNSequence inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"305c3047a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353900300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Subject, RDNSequence length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"305c3047a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, RDNSequence inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"305d3048a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Subject, RDNSequence length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"305d3048a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, RDN inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930020500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Subject, RDN inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023185302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Subject, RDN length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023101302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, RDN empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818b3076a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930023100302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431020500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023085302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023001302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818d3078a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300431023000302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv no length data) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818e3079a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930053103300106302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020685302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue type length out of bounds ) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020601302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30818f307aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c3039313233313233353935393006310430020600302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000500302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308190307ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930073105300306000c302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000C85302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308191307ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930083106300406000c01302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv Subject, AttrTypeAndValue value length mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308193307ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300a3108300606000c010000302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv Subject, 2nd AttributeTypeValue empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300e310c300806000c04546573743000302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, SubPubKeyInfo missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30693054a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573740500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"306a3055a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"306b3056a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv algorithm tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"306c3057a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"306d3058a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a3008060013045465737430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081883073a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d30000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, algorithm unknown) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010005000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_UNKNOWN_PK_ALG X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"307a3065a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"307b3066a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743010300d06092A864886F70D010101050003300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000385300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, bitstring length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000301300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, no bitstring data) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"307c3067a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_INVALID_DATA) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv bitstring start) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"307d3068a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_INVALID_DATA) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv RSA modulus) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY X509 CRT ASN1 (TBS, inv SubPubKeyInfo, total length mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081893074a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301e300d06092A864886F70D0101010500030b0030080202ffff0202ffff0500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv SubPubKeyInfo, check failed) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081873072a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY X509 CRT ASN1 (TBS, inv SubPubKeyInfo, check failed, expanded length notation) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY # We expect an extension parsing error here because the IssuerID is optional. @@ -1794,601 +1794,601 @@ x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b05003 # namely the v3 extensions. However, the tag the test exercises is a NULL tag, # and hence we obtain an INVALID_TAG error during extension parsing. X509 CRT ASN1 (TBS, inv IssuerID, inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff0201030500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv IssuerID, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a1300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv IssuerID, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv IssuerID, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308197308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, no IssuerID, inv SubjectID, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a1000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308199308183a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a2300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, IssuerID unsupported in v1 CRT) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, SubjectID unsupported in v1 CRT) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv v3Ext, inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a2000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv v3Ext, outer length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30819b308185a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, outer length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a385300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, outer length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a301300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, outer length 0) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a300300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, inner tag invalid) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv v3Ext, inner length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30819d308187a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, inner length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, inner length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30819e308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, inner/outer length mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a303300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv v3Ext, first ext inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv v3Ext, first ext length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30819f308189a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a303300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, inv first ext length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, first ext length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, first ext empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a030818aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a130818ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, first ext extnID length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, no extnValue) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a230818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a306300430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, inv critical tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv v3Ext, critical length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a330818da0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30730053003060001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, critical inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000185300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, critical length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000101300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, critical length 0) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a430818ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3083006300406000100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, critical length 2) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30a30083006060001020000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, extnValue inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b3009300706000101000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv v3Ext, extnValue length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a6308190a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30a30083006060001010004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, extnValue length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b3009300706000101000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv v3Ext, extnValue length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b3009300706000101000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv v3Ext, data remaining after extnValue) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b3009060001010004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, data missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b300930070603551d200400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, invalid outer tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30c300a30080603551d20040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, outer length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, no policies) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d2004023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30e300c300a0603551d200403300130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, empty policy) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d20040430023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy invalid OID tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d200406300430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy no OID length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a310300e300c0603551d2004053003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy OID length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d200406300430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy OID length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d200406300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, unknown critical policy) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier invalid tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d200409300730050601000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier no length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081af308199a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3133011300f0603551d2004083006300406010030300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d200409300730050601003085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d200409300730050601003001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv extBasicConstraint, no pathlen length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a314301230100603551d130101010406300402010102300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv extBasicConstraint, pathlen is INT_MAX) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server1_pathlen_int_max.crt":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH):0 X509 CRT ASN1 (pathlen is INT_MAX-1) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1 mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server1_pathlen_int_max-1.crt":0:1 X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d13010101040730050201010285300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d13010101040730050201010201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d13010101040730050201010200300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen length mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b430819ea0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a318301630140603551d13010101040a30080201010201010500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv v3Ext, ExtKeyUsage bad second tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d250416301406082b0601050507030107082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a7308191a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30b300930070603551d110400300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, inv tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d1104020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a8308192a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30c300a30080603551d11040130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d1104023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081a9308193a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30d300b30090603551d1104023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, data remaining after name SEQUENCE) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30e300c300a0603551d110403300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv SubjectAltName, name component length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081aa308194a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30e300c300a0603551d110403300180300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, name component inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d11040430028085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, name component length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d11040430028001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, name component unexpected tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d11040430024000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, otherName component empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ab308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a30f300d300b0603551d1104043002a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, otherName invalid OID tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d1104063004a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ac308196a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a310300e300c0603551d1104053003a00106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d1104063004a0020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, otherName OID length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a311300f300d0603551d1104063004a0020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName EXPLICIT tag missing -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b530819fa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a319301730150603551d11040e300ca00a06082b06010505070804300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName unexpected EXPLICIT tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b060105050708040500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b63081a0a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31a301830160603551d11040f300da00b06082b06010505070804a0300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inv outer length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b06010505070804a085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b06010505070804a001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName outer length 0) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b73081a1a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31b301930170603551d110410300ea00c06082b06010505070804a000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner tag invalid) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b83081a2a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31c301a30180603551d110411300fa00d06082b06010505070804a00130300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length inv encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023085300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName inner length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023001300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName empty) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31d301b30190603551d1104123010a00e06082b06010505070804a0023000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName unexpected OID tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID no length) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ba3081a4a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31e301c301a0603551d1104133011a00f06082b06010505070804a003300106300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020685300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName OID length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081bb3081a5a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a31f301d301b0603551d1104143012a01006082b06010505070804a00430020600300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data invalid tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081bc3081a6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a320301e301c0603551d1104153013a01106082b06010505070804a0053003060004300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000485300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d1104163014a01206082b06010505070804a006300406000401300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #1) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083006060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #2) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3233021301f0603551d1104183016a01406082b06010505070804a0083004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv SubjectAltName, HWModuleName data remaining #3) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081bf3081a9a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a3233021301f0603551d1104183016a01406082b06010505070804a0063004060004000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, inv v3Ext, SubjectAltName repeated) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a340303e301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS X509 CRT ASN1 (TBS, inv v3Ext, ExtKeyUsage repeated) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS X509 CRT ASN1 (TBS, inv v3Ext, SubjectAltName repeated outside Extensions) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT (TBS, valid v3Ext in v3 CRT) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 X509 CRT ASN1 (TBS, valid v3Ext in v1 CRT) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, valid v3Ext in v2 CRT) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (TBS, valid SubjectID, valid IssuerID, inv v3Ext, SubjectAltName repeated outside Extensions, inv SubjectAltNames tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509parse_crt:"308203723082025aa003020102020111300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3132303531303133323334315a170d3232303531313133323334315a303a310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c311830160603550403130f7777772e6578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b93c4ac5c8a38e9017a49e52aa7175266180e7c7b56d8cffaab64126b7be11ad5c73160c64114804ffd6e13b05db89bbb39709d51c14dd688739b03d71cbe276d01ad8182d801b54f6e5449af1cbaf612edf490d9d09b7edb1fd3cfd3cfa24cf5dbf7ce453e725b5ea4422e926d3ea20949ee66167ba2e07670b032fa209edf0338f0bce10ef67a4c608dac1edc23fd74add153df95e1c8160463eb5b33d2fa6de471cbc92aeebdf276b1656b7dcecd15557a56eec7525f5b77bdfabd23a5a91987d97170b130aa76b4a8bc14730fb3af84104d5c1dfb81dbf7b01a565a2e01e36b7a65ccc305af8cd6fcdf1196225ca01e3357ffa20f5dcfd69b26a007d17f70203010001a38181307f30090603551d1304023000301d0603551d0e041604147de49c6be6f9717d46d2123dad6b1dfdc2aa784c301f0603551d23041830168014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30320603551d11042b3029c20b6578616d706c652e636f6d820b6578616d706c652e6e6574820d2a2e6578616d706c652e6f7267300d06092a864886f70d010105050003820101004f09cb7ad5eef5ef620ddc7ba285d68cca95b46bda115b92007513b9ca0bceeafbc31fe23f7f217479e2e6bcda06e52f6ff655c67339cf48bc0d2f0cd27a06c34a4cd9485da0d07389e4d4851d969a0e5799c66f1d21271f8d0529e840ae823968c39707cf3c934c1adf2fa6a455487f7c8c1ac922da24cd9239c68aecb08df5698267cb04eede534196c127dc2ffe33fad30eb8d432a9842853a5f0d189d5a298e71691bb9cc0418e8c58acffe3dd2e7aabb0b97176ad0f2733f7a929d3c076c0bf06407c0ed5a47c8ae2326e16aeda641fb0557cdbddf1a4ba447cb39958d2346e00ea976c143af2101e0aa249107601f4f2c818fdcc6346128b091bf194e6":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (SignatureAlgorithm missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081aa3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv SignatureAlgorithm, bad tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573740500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (inv SignatureAlgorithm, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ab3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e7465737430":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv SignatureAlgorithm, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743085":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (inv SignatureAlgorithm, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ac3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e746573743001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv SignatureAlgorithm, not the same as SignatureAlgorithm in TBS) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081bd3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010a0500030200ff":"":MBEDTLS_ERR_X509_SIG_MISMATCH X509 CRT ASN1 (Signature missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081b93081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv Signature, bad tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (inv Signature, length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081ba3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b050003":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv Signature, inv length encoding) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000385":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT ASN1 (inv Signature, length out of bounds) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000301":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRT ASN1 (inv Signature, inv data #1) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 # signature = bit string with invalid encoding (missing number of unused bits) x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000300":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) X509 CRT ASN1 (inv Signature, inv data #2) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 # signature = bit string with invalid encoding (number of unused bits too large) x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030108":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) X509 CRT ASN1 (empty Signature) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 # signature = empty bit string in DER encoding x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030100":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 X509 CRT ASN1 (dummy 24-bit Signature) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 # signature = bit string "011001100110111101101111" x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030400666f6f":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0 # The ASN.1 module rejects non-octet-aligned bit strings. X509 CRT ASN1 (inv Signature: not octet-aligned) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 # signature = bit string "01100110011011110110111" x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030401666f6e":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_INVALID_DATA) X509 CRT ASN1 (inv Signature, length mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"3081be3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff00":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT ASN1 (well-formed) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (GeneralizedTime in notBefore, UTCTime in notAfter) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2010-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (UTCTime in notBefore, GeneralizedTime in notAfter) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e170c303931323331323335393539180e3230313030313031303030303030300c310a30080600130454657374302a300d06092A864886F70D01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-12-31 23\:59\:59\nexpires on \: 2010-01-01 00\:00\:00\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with X520 CN) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: CN=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with X520 C) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: C=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with X520 L) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: L=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with X520 ST) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ST=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with X520 O) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: O=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with X520 OU) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: OU=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with unknown X520 part) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with composite RDN) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d01010505003056310b3009060355040613025553310b300906035504080c0243413121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643117301506035504030c0e4672616e6b656e63657274204341301e170d3133303830323135313433375a170d3135303831373035353433315a3081d1310b3009060355040613025553311330110603550408130a57617368696e67746f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311a3018060355040a1311417574686f72697a652e4e6574204c4c43311d301b060355040f131450726976617465204f7267616e697a6174696f6e312a300e06035504051307343336393139313018060355040313117777772e617574686f72697a652e6e6574311630140603550407130d53616e204672616e636973636f30819f300d06092a864886f70d010101050003818d0030818902818100d885c62e209b6ac005c64f0bcfdaac1f2b67a18802f75b08851ff933deed888b7b68a62fcabdb21d4a8914becfeaaa1b7e08a09ffaf9916563586dc95e2877262b0b5f5ec27eb4d754aa6facd1d39d25b38a2372891bacdd3e919f791ed25704e8920e380e5623a38e6a23935978a3aec7a8e761e211d42effa2713e44e7de0b0203010001300d06092a864886f70d010105050003818100092f7424d3f6da4b8553829d958ed1980b9270b42c0d3d5833509a28c66bb207df9f3c51d122065e00b87c08c2730d2745fe1c279d16fae4d53b4bf5bdfa3631fceeb2e772b6b08a3eca5a2e2c687aefd23b4b73bf77ac6099711342cf070b35c6f61333a7cbf613d8dd4bd73e9df34bcd4284b0b4df57c36c450613f11e5dac":"cert. version \: 3\nserial number \: 4C\:20\:E3\:BD\nissuer name \: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=Frankencert CA\nsubject name \: C=US, ST=Washington, 1.3.6.1.4.1.311.60.2.1.3=#13025553, 1.3.6.1.4.1.311.60.2.1.2=#130844656C6177617265, O=Authorize.Net LLC, 2.5.4.15=#131450726976617465204F7267616E697A6174696F6E, serialNumber=4369191 + CN=www.authorize.net, L=San Francisco\nissued on \: 2013-08-02 15\:14\:37\nexpires on \: 2015-08-17 05\:54\:31\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\n":0 X509 CRT ASN1 (Name with PKCS9 email) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (Name with unknown PKCS9 part) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 CRT ASN1 (ECDSA signature, RSA key) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_ECDSA +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_ECDSA x509parse_crt:"3081e630819e020103300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343631385a170d3233303730383039343631385a300f310d300b0603550403130454657374304c300d06092a864886f70d0101010500033b003038023100e8f546061d3b49bc2f6b7524b7ea4d73a8d5293ee8c64d9407b70b5d16baebc32b8205591eab4e1eb57e9241883701250203010001300906072a8648ce3d0401033800303502186e18209afbed14a0d9a796efcad68891e3ccd5f75815c833021900e92b4fd460b1994693243b9ffad54729de865381bda41d25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0 # This was generated as follows: @@ -2408,43 +2408,43 @@ x509parse_crt:"3082010b3081b3020900f41534662ec7e912300906072a8648ce3d0401300f310 # 5. generate final CRT -> openssl x509 -req -in secp256.csr -CA ca_rsa_1024.crt -CAkey rsa_1024.key -days 3650 -sha1 -set_serial 4 -out secp256-rsa.crt -outform DER # 4. get generated DER content -> xxd -ps secp256-rsa.crt X509 CRT ASN1 (RSA signature, EC key) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C +depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_RSA_VERIFY x509parse_crt:"308201453081af020104300d06092a864886f70d0101050500300f310d300b06035504030c0454657374301e170d3235313132373133333235325a170d3335313132353133333235325a300f310d300b06035504030c04546573743059301306072a8648ce3d020106082a8648ce3d0301070342000478553e5f2e2a8575809988ccff53367a2b239599cb062d1c3047dd3dc60f839c7c6e81b7ee69b84d75628e5ec2e36318c55f0ac92abd9e365b26f70467750f42300d06092a864886f70d010105050003818100973b30950c1504ede8597b266acf65aaa159e3e598c8e4fea7708558b41b049fb75fd679116e6e482241e7912830929aaf8bb47b14435a167103696aaa675c147e496d1bc5f3cf5340481fbd4af24a66d61e97b5022a35f2d0f8ad98410a9fa371d28862aafb27df47f39888770d515b0d0e24fa3d6987b1cc3e8c12db1f4ba3":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2025-11-27 13\:32\:52\nexpires on \: 2035-11-25 13\:32\:52\nsigned using \: RSA with SHA1\nEC key size \: 256 bits\n":0 X509 CRT ASN1 (Unsupported critical extension) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (Unsupported critical extension recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 X509 CRT ASN1 (Unsupported critical extension not recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011e0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT ASN1 (Unsupported non critical extension recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101000403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 X509 CRT ASN1 (Unsupported non critical extension not recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011e0101000403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 X509 CRT ASN1 (Unsupported critical policy recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010101040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 X509 CRT ASN1 (Unsupported critical policy not recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE X509 CRT ASN1 (Unsupported non critical policy recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010100040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 X509 CRT ASN1 (Unsupported non critical policy not recognized by callback) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d01010105000319003016021100ffffffffffffffffffffffffffffffff020103a100a200a315301330110603551d20010100040730053003060100300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 X509 CRL ASN1 (Incorrect first tag) @@ -2472,35 +2472,35 @@ X509 CRL ASN1 (TBSCertList, sig_oid1 id unknown) x509parse_crl:"30143012020100300d06092a864886f70d01010f0500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG X509 CRL ASN1 (TBSCertList, sig_oid1 correct, issuer missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224 x509parse_crl:"30143012020100300d06092a864886f70d01010e0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRL ASN1 (TBSCertList, issuer set missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224 x509parse_crl:"30163014020100300d06092a864886f70d01010e05003000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRL ASN1 (TBSCertList, correct issuer, thisUpdate missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224 x509parse_crl:"30253023020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRL ASN1 (TBSCertList, correct thisUpdate, nextUpdate missing, entries length missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224 x509parse_crl:"30343032020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030":"":MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (TBSCertList, entries present, invalid sig_alg) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224 x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c30383132333132333539353900":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRL ASN1 (TBSCertList, entries present, date in entry invalid) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224 x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c30383132333132333539353900":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRL ASN1 (TBSCertList, sig_alg present, sig_alg does not match) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224 x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010d0500":"":MBEDTLS_ERR_X509_SIG_MISMATCH X509 CRL ASN1 (TBSCertList, sig present, len mismatch) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224 x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e05000302000100":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) # 305c @@ -2522,43 +2522,43 @@ x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b060355040 # 03020001 signatureValue BIT STRING # The subsequent TBSCertList negative tests remove or modify some elements. X509 CRL ASN1 (TBSCertList, sig present) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nserial number\: AB\:CD revocation date\: 2008-12-31 23\:59\:59\nsigned using \: RSA with SHA-224\n":0 X509 CRL ASN1 (TBSCertList, signatureValue missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224 x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e0500":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRL ASN1 (TBSCertList, signatureAlgorithm missing) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224 x509parse_crl:"30493047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRL ASN1 (TBSCertList, single empty entry at end) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224 x509parse_crl:"30373035020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030023000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRL ASN1 (TBSCertList, good entry then empty entry at end) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224 x509parse_crl:"304b3049020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301630128202abcd170c3038313233313233353935393000":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRL ASN1 (TBSCertList, missing time in entry) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224 x509parse_crl:"304e3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRL ASN1 (TBSCertList, missing time in entry at end) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224 x509parse_crl:"303b3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRL ASN1 (TBSCertList, invalid tag for time in entry) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224 x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRL ASN1 (TBSCertList, invalid tag for serial) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224 x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128402abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRL ASN1 (TBSCertList, no entries) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0 X509 CRL ASN1 (invalid version 2) @@ -2568,34 +2568,34 @@ X509 CRL ASN1 (invalid version overflow) x509parse_crl:"3049303102047fffffff300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION X509 CRL ASN1 (extension seq too long, crl-idp.pem byte 121) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30300603551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRL ASN1 (extension oid too long, crl-idp.pem byte 123) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290628551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRL ASN1 (extension critical invalid length, crl-idp.pem byte 128) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0102ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRL ASN1 (extension data too long, crl-idp.pem byte 131) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff0420301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CRL ASN1 (extension data too short, crl-idp.pem byte 131) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRL ASN1 (extension not critical explicit, crl-idp.pem byte 129) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c010100041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2018-03-14 07\:31\:48\nnext update \: 2028-03-14 07\:31\:48\nRevoked certificates\:\nsigned using \: RSA with SHA-256\n":0 X509 CRT parse file dir3/Readme mbedtls_x509_crt_parse_file:"../framework/data_files/dir3/Readme":MBEDTLS_ERR_X509_INVALID_FORMAT:0 X509 CRT parse file dir3/test-ca.crt -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crt_parse_file:"../framework/data_files/dir3/test-ca.crt":0:1 X509 CRT parse file dir3/test-ca2.crt @@ -2606,15 +2606,15 @@ mbedtls_x509_crt_parse_file:"../framework/data_files/dir3/test-ca2.crt":0:1 # and run via qemu-user on Linux on a 64-bit host. This is due to a known # bug in Qemu: https://gitlab.com/qemu-project/qemu/-/issues/263 X509 CRT parse path #1 (one cert) -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crt_parse_path:"../framework/data_files/dir1":0:1 X509 CRT parse path #2 (two certs) -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_parse_path:"../framework/data_files/dir2":0:2 X509 CRT parse path #3 (two certs, one non-cert) -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_parse_path:"../framework/data_files/dir3":1:2 X509 CRT verify long chain (max intermediate CA, trusted) @@ -2630,35 +2630,35 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256 mbedtls_x509_crt_verify_max:"../framework/data_files/dir-maxpath/00.crt":"../framework/data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA+1:MBEDTLS_ERR_X509_FATAL_ERROR:-1 X509 CRT verify chain #1 (zero pathlen intermediate) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert14.crt ../framework/data_files/dir4/cert13.crt ../framework/data_files/dir4/cert12.crt":"../framework/data_files/dir4/cert11.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0 X509 CRT verify chain #2 (zero pathlen root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert23.crt ../framework/data_files/dir4/cert22.crt":"../framework/data_files/dir4/cert21.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0 X509 CRT verify chain #3 (nonzero pathlen root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert34.crt ../framework/data_files/dir4/cert33.crt ../framework/data_files/dir4/cert32.crt":"../framework/data_files/dir4/cert31.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0 X509 CRT verify chain #4 (nonzero pathlen intermediate) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert45.crt ../framework/data_files/dir4/cert44.crt ../framework/data_files/dir4/cert43.crt ../framework/data_files/dir4/cert42.crt":"../framework/data_files/dir4/cert41.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"":0 X509 CRT verify chain #5 (nonzero maxpathlen intermediate) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert54.crt ../framework/data_files/dir4/cert53.crt ../framework/data_files/dir4/cert52.crt":"../framework/data_files/dir4/cert51.crt":0:0:"":0 X509 CRT verify chain #6 (nonzero maxpathlen root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert63.crt ../framework/data_files/dir4/cert62.crt":"../framework/data_files/dir4/cert61.crt":0:0:"":0 X509 CRT verify chain #7 (maxpathlen root, self signed in path) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert74.crt ../framework/data_files/dir4/cert73.crt ../framework/data_files/dir4/cert72.crt":"../framework/data_files/dir4/cert71.crt":0:0:"":0 X509 CRT verify chain #8 (self signed maxpathlen root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert61.crt ../framework/data_files/dir4/cert63.crt ../framework/data_files/dir4/cert62.crt":"../framework/data_files/dir4/cert61.crt":0:0:"":0 X509 CRT verify chain #9 (zero pathlen first intermediate, valid) @@ -2674,31 +2674,31 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_2 mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert92.crt":"../framework/data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch":0 X509 CRT verify chain #12 (suiteb profile, RSA root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_K1_256:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_K1_256:PSA_WANT_ALG_SHA_1 mbedtls_x509_crt_verify_chain:"../framework/data_files/server11-rsa-signed.crt":"../framework/data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0 X509 CRT verify chain #13 (RSA only profile, EC root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_verify_chain:"../framework/data_files/server4.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 X509 CRT verify chain #13 (RSA only profile, EC trusted EE) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256 mbedtls_x509_crt_verify_chain:"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/server5-selfsigned.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 X509 CRT verify chain #14 (RSA-3072 profile, root key too small) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_WANT_ALG_SHA_1 mbedtls_x509_crt_verify_chain:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 X509 CRT verify chain #15 (suiteb profile, rsa intermediate) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256 mbedtls_x509_crt_verify_chain:"../framework/data_files/server7.crt ../framework/data_files/test-int-ca.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0 X509 CRT verify chain #16 (RSA-only profile, EC intermediate) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1 mbedtls_x509_crt_verify_chain:"../framework/data_files/server8.crt ../framework/data_files/test-int-ca2.crt":"../framework/data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 X509 CRT verify chain #17 (SHA-512 profile) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_verify_chain:"../framework/data_files/server7.crt ../framework/data_files/test-int-ca.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_MD:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"sha512":0 X509 CRT verify chain #18 (len=1, vrfy fatal on depth 1) @@ -2710,27 +2710,27 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_2 mbedtls_x509_crt_verify_chain:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":-1:-1:"":1 X509 CRT verify chain #20 (len=1, vrfy fatal on depth 0) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_512:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_512:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crt_verify_chain:"../framework/data_files/server5.crt":"../framework/data_files/test-ca.crt":-1:-1:"":1 X509 CRT verify chain #21 (len=3, vrfy fatal on depth 3) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca.crt":-1:-4:"":8 X509 CRT verify chain #22 (len=3, vrfy fatal on depth 2) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca.crt":-1:-3:"":4 X509 CRT verify chain #23 (len=3, vrfy fatal on depth 1) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca.crt":-1:-2:"":2 X509 CRT verify chain #24 (len=3, vrfy fatal on depth 0) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca.crt":-1:-1:"":1 X509 CRT verify chain #25 (len=3, vrfy fatal on depth 3, untrusted) -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca2.crt":-1:-4:"":8 X509 OID description #1 @@ -2758,47 +2758,47 @@ X509 OID numstring #5 (arithmetic overflow) x509_oid_numstr:"2a8648f9f8f7f6f5f4f3f2f1f001":"":100:MBEDTLS_ERR_ASN1_INVALID_DATA X509 CRT keyUsage #1 (no extension, expected KU) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_check_key_usage:"../framework/data_files/server1.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0 X509 CRT keyUsage #2 (no extension, surprising KU) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_check_key_usage:"../framework/data_files/server1.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:0 X509 CRT keyUsage #3 (extension present, no KU) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":0:0 X509 CRT keyUsage #4 (extension present, single KU present) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE:0 X509 CRT keyUsage #5 (extension present, single KU absent) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 CRT keyUsage #6 (extension present, combined KU present) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0 X509 CRT keyUsage #7 (extension present, combined KU both absent) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN|MBEDTLS_X509_KU_CRL_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 CRT keyUsage #8 (extension present, combined KU one absent) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_KEY_AGREEMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 CRT keyUsage #9 (extension present, decOnly allowed absent) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_check_key_usage:"../framework/data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0 X509 CRT keyUsage #10 (extension present, decOnly non-allowed present) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_check_key_usage:"../framework/data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 CRT keyUsage #11 (extension present, decOnly allowed present) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_check_key_usage:"../framework/data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0 X509 CRT extendedKeyUsage #1 (no extension, serverAuth) @@ -2839,18 +2839,18 @@ X509 RSASSA-PSS parameters ASN1 (unknown tag in top-level sequence) x509_parse_rsassa_pss_params:"a400":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 RSASSA-PSS parameters ASN1 (good, HashAlg SHA256) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_parse_rsassa_pss_params:"a00d300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:0 X509 RSASSA-PSS parameters ASN1 (good, explicit HashAlg = default) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_parse_rsassa_pss_params:"a009300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 X509 RSASSA-PSS parameters ASN1 (HashAlg wrong len #1) x509_parse_rsassa_pss_params:"a00a300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 RSASSA-PSS parameters ASN1 (HashAlg wrong len #2) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_parse_rsassa_pss_params:"a00a300706052b0e03021a00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 RSASSA-PSS parameters ASN1 (HashAlg with parameters) @@ -2860,18 +2860,18 @@ X509 RSASSA-PSS parameters ASN1 (HashAlg unknown OID) x509_parse_rsassa_pss_params:"a00d300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) X509 RSASSA-PSS parameters ASN1 (good, MGAlg = MGF1-SHA256) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0 X509 RSASSA-PSS parameters ASN1 (good, explicit MGAlg = default) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_1 x509_parse_rsassa_pss_params:"a116301406092a864886f70d010108300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 X509 RSASSA-PSS parameters ASN1 (MGAlg wrong len #1) x509_parse_rsassa_pss_params:"a11b301806092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 RSASSA-PSS parameters ASN1 (MGAlg wrong len #2) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_parse_rsassa_pss_params:"a11b301806092a864886f70d010108300b060960864801650304020100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 RSASSA-PSS parameters ASN1 (MGAlg AlgId wrong len #1) @@ -2896,18 +2896,18 @@ X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg unknown OID) x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID) X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params NULL) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_parse_rsassa_pss_params:"a11c301a06092a864886f70d010108300d06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0 X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params wrong tag) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_parse_rsassa_pss_params:"a11c301a06092a864886f70d010108300d06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1c) x509_parse_rsassa_pss_params:"a11d301b06092a864886f70d010108300e06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #2) -depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 +depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:PSA_WANT_ALG_SHA_256 x509_parse_rsassa_pss_params:"a11d301b06092a864886f70d010108300e0609608648016503040201050000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 RSASSA-PSS parameters ASN1 (good, saltLen = 94) @@ -3056,99 +3056,99 @@ mbedtls_x509_csr_parse:"3008300602047fffffff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSIO # Used test_csr_v3_all.csr.der as a base for malforming CSR extenstions/attributes # Please see makefile for ../framework/data_files to check malformation details (test_csr_v3_all_malformed_xxx.csr files) X509 CSR ASN.1 (attributes: invalid sequence tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CSR ASN.1 (attributes: invalid attribute id) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CSR ASN.1 (attributes: not extension request) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n":0 X509 CSR ASN.1 (attributes: invalid extenstion request set tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CSR ASN.1 (attributes: invalid extenstion request sequence tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CSR ASN.1 (attributes: invalid len (len > data)) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CSR ASN.1 (attributes: invalid len (len < data)) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CSR ASN.1 (attributes: extension request invalid len (len > data)) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CSR ASN.1 (attributes: extension request invalid len (len < data)) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CSR ASN.1 (extensions: invalid sequence tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CSR ASN.1 (extensions: invalid extension id tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CSR ASN.1 (extensions: invalid extension data tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CSR ASN.1 (extensions: invalid extension data len (len > data)) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) X509 CSR ASN.1 (extensions: invalid extension data len (len < data)) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CSR ASN.1 (extensions: invalid extension key usage bitstream tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CSR ASN.1 (extensions: invalid extension subject alt name sequence tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CSR ASN.1 (extensions: invalid extension ns cert bitstream tag) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CSR ASN.1 (extensions: duplicated extension) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_DATA) X509 CSR ASN.1 (extensions: invalid extension type data) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_csr_parse_file:"../framework/data_files/parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Client\nkey usage \: CRL Sign\n":0 X509 File parse (no issues) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server7_int-ca.crt":0:2 X509 File parse (extra space in one certificate) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server7_pem_space.crt":1:1 X509 File parse (all certificates fail) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:MBEDTLS_RSA_C +depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server7_all_space.crt":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, MBEDTLS_ERR_BASE64_INVALID_CHARACTER):0 X509 File parse (trailing spaces, OK) -depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/server7_trailing_space.crt":0:2 X509 File parse (Algorithm Params Tag mismatch) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY mbedtls_x509_crt_parse_file:"../framework/data_files/parse_input/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH:0 X509 File parse (does not conform to RFC 5480 / RFC 5758 - AlgorithmIdentifier's parameters field is present, mbedTLS generated before bugfix, OK) @@ -3164,15 +3164,15 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_ x509parse_crt_file:"../framework/data_files/server9-bad-mgfhash.crt":MBEDTLS_ERR_X509_INVALID_ALG X509 File parse & read the ca_istrue field (Not Set) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 mbedtls_x509_get_ca_istrue:"../framework/data_files/parse_input/server1.crt":0 X509 File parse & read the ca_istrue field (Set) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1 mbedtls_x509_get_ca_istrue:"../framework/data_files/test-ca.crt":1 X509 File parse & read the ca_istrue field (Legacy Certificate) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_RSA_VERIFY:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256 mbedtls_x509_get_ca_istrue:"../framework/data_files/server1-v1.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS X509 Get time (UTC no issues) @@ -3328,51 +3328,51 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA x509_verify_restart:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:20:80 X509 CRT verify restart: one int, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify_restart:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":0:0:0:0:0 X509 CRT verify restart: one int, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify_restart:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":0:0:1:100:10000 X509 CRT verify restart: one int, max_ops=30000 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify_restart:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":0:0:30000:0:0 X509 CRT verify restart: one int, max_ops=500 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify_restart:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":0:0:500:25:100 X509 CRT verify restart: one int, EE badsign, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify_restart:"../framework/data_files/server10-bs_int3.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 X509 CRT verify restart: one int, EE badsign, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify_restart:"../framework/data_files/server10-bs_int3.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000 X509 CRT verify restart: one int, EE badsign, max_ops=30000 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify_restart:"../framework/data_files/server10-bs_int3.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0 X509 CRT verify restart: one int, EE badsign, max_ops=500 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify_restart:"../framework/data_files/server10-bs_int3.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100 X509 CRT verify restart: one int, int badsign, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify_restart:"../framework/data_files/server10_int3-bs.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 X509 CRT verify restart: one int, int badsign, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify_restart:"../framework/data_files/server10_int3-bs.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000 X509 CRT verify restart: one int, int badsign, max_ops=30000 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify_restart:"../framework/data_files/server10_int3-bs.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0 X509 CRT verify restart: one int, int badsign, max_ops=500 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_verify_restart:"../framework/data_files/server10_int3-bs.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100 X509 ext types accessor: ext type present @@ -3384,68 +3384,68 @@ depends_on:MBEDTLS_X509_CRT_PARSE_C x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_SUBJECT_ALT_NAME X509 CRT parse Subject Key Id - Correct Subject Key ID -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_crt_parse_subjectkeyid:"../framework/data_files/authorityKeyId_subjectKeyId.crt.der":"A505E864B8DCDF600F50124D60A864AF4D8B4393":0 X509 CRT parse Subject Key Id - Wrong OCTET_STRING tag -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_crt_parse_subjectkeyid:"../framework/data_files/authorityKeyId_subjectKeyId_tag_malformed.crt.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT parse Subject Key Id - Wrong OCTET_STRING length -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_crt_parse_subjectkeyid:"../framework/data_files/authorityKeyId_subjectKeyId_tag_len_malformed.crt.der":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT parse Authority Key Id - Correct Authority Key ID -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId.crt.der":"A505E864B8DCDF600F50124D60A864AF4D8B4393":"C=NL, OU=PolarSSL, CN=PolarSSL Test CA":"680430CD074DE63FCDC051260FD042C2B512B6BA":0 X509 CRT parse Authority Key Id - Correct Authority Key ID (no keyid) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_no_keyid.crt.der":"":"C=NL, OU=PolarSSL, CN=PolarSSL Test CA":"680430CD074DE63FCDC051260FD042C2B512B6BA":0 X509 CRT parse Authority Key Id - Correct Authority Key ID (no issuer) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_no_issuer.crt.der":"A505E864B8DCDF600F50124D60A864AF4D8B4393":"":"":0 X509 CRT parse Authority Key Id - no Authority Key ID -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_no_authorityKeyId.crt.der":"":"":"":0 X509 CRT parse Authority Key Id - Wrong Length -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) X509 CRT parse Authority Key Id - Wrong Sequence tag -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT parse Authority Key Id - Wrong KeyId Tag -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT parse Authority Key Id - Wrong KeyId Tag Length -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_INVALID_LENGTH) X509 CRT parse Authority Key Id - Wrong Issuer Tag -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT parse Authority Key Id - Wrong DirectoryName tag in issuer field -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT parse Authority Key Id - Wrong Serial Number Tag -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) X509 CRT parse Authority Key Id - Wrong Serial Number Tag length -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_crt_parse_authoritykeyid:"../framework/data_files/authorityKeyId_subjectKeyId_sn_len_malformed.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) # clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376: test for bad sequence of names in authorityCertIssuer (see issue #7576) X509 CRT parse Authority Key Id - Wrong Issuer sequence -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_MD5:PSA_HAVE_ALG_SOME_RSA_VERIFY x509_crt_parse_authoritykeyid:"../framework/data_files/clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376.crt.der":"":"":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_OUT_OF_DATA) OID get numeric string - hardware module name From ed0aebd2c5aed88a32b637143d280e56827e0004 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 10 Feb 2026 16:08:53 +0100 Subject: [PATCH 1484/1548] tests: bulk replace MBEDTLS_RSA_C with PSA_HAVE_ALG_SOME_RSA_SIGN Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 52 +++++++++--------- tests/suites/test_suite_ssl.function | 28 +++++----- tests/suites/test_suite_x509write.data | 76 +++++++++++++------------- 3 files changed, 78 insertions(+), 78 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 6b9c73f11e..9864e6e8c8 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -365,15 +365,15 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3 Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0 Handshake, ECDHE-RSA-WITH-AES-128-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256":MBEDTLS_PK_RSA:0 Handshake, ECDHE-RSA-WITH-AES-256-CBC-SHA384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:0 Handshake, ECDHE-ECDSA-WITH-AES-256-CCM @@ -381,7 +381,7 @@ depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_W handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0 Handshake, PSK-WITH-AES-128-CBC-SHA -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0 DTLS Handshake, tls1_2 @@ -389,15 +389,15 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_CAN_HANDLE_RS handshake_version:1:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2 DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1 DTLS Handshake, ECDHE-RSA-WITH-AES-128-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256":MBEDTLS_PK_RSA:1 DTLS Handshake, ECDHE-RSA-WITH-AES-256-CBC-SHA384 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:1 DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM @@ -405,7 +405,7 @@ depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_W handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1 DTLS Handshake, PSK-WITH-AES-128-CBC-SHA -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1 DTLS Handshake with serialization, tls1_2 @@ -428,27 +428,27 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_3 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque @@ -569,51 +569,51 @@ DTLS serialization with MFL=4096 resize_buffers_serialize_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096 DTLS no legacy renegotiation with MFL=512 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY +depends_on:PSA_HAVE_ALG_SOME_RSA_SIGN:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS no legacy renegotiation with MFL=1024 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY +depends_on:PSA_HAVE_ALG_SOME_RSA_SIGN:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS no legacy renegotiation with MFL=2048 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY +depends_on:PSA_HAVE_ALG_SOME_RSA_SIGN:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS no legacy renegotiation with MFL=4096 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY +depends_on:PSA_HAVE_ALG_SOME_RSA_SIGN:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=512 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY +depends_on:PSA_HAVE_ALG_SOME_RSA_SIGN:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=1024 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY +depends_on:PSA_HAVE_ALG_SOME_RSA_SIGN:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=2048 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY +depends_on:PSA_HAVE_ALG_SOME_RSA_SIGN:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy allow renegotiation with MFL=4096 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY +depends_on:PSA_HAVE_ALG_SOME_RSA_SIGN:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"" DTLS legacy break handshake renegotiation with MFL=512 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY +depends_on:PSA_HAVE_ALG_SOME_RSA_SIGN:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS legacy break handshake renegotiation with MFL=1024 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY +depends_on:PSA_HAVE_ALG_SOME_RSA_SIGN:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS legacy break handshake renegotiation with MFL=2048 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY +depends_on:PSA_HAVE_ALG_SOME_RSA_SIGN:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS legacy break handshake renegotiation with MFL=4096 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY +depends_on:PSA_HAVE_ALG_SOME_RSA_SIGN:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index d27d959232..b70a815fc6 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2870,7 +2870,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_ECC_SECP_R1_384:!MBEDTLS_SSL_PROTO_TLS1_3:PSA_WANT_ALG_SHA_256 */ void mbedtls_endpoint_sanity(int endpoint_type) { enum { BUFFSIZE = 1024 }; @@ -2900,7 +2900,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int need_pass) { enum { BUFFSIZE = 1024 }; @@ -2972,7 +2972,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void handshake_version(int dtls, int client_min_version, int client_max_version, int server_min_version, int server_max_version, int expected_negotiated_version) @@ -2997,7 +2997,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 */ void handshake_psk_cipher(char *cipher, int pk_alg, data_t *psk_str, int dtls) { mbedtls_test_handshake_test_options options; @@ -3022,7 +3022,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_HAVE_ALG_SOME_RSA_SIGN:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 */ void handshake_cipher(char *cipher, int pk_alg, int dtls) { test_handshake_psk_cipher(cipher, pk_alg, NULL, dtls); @@ -3032,7 +3032,7 @@ void handshake_cipher(char *cipher, int pk_alg, int dtls) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_HAVE_ALG_SOME_RSA_SIGN:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 */ void handshake_ciphersuite_select(char *cipher, int pk_alg, data_t *psk_str, int psa_alg, int psa_alg2, int psa_usage, int expected_handshake_result, @@ -3065,7 +3065,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void app_data(int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments, int dtls) @@ -3094,7 +3094,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments) @@ -3106,7 +3106,7 @@ void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len, } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_PROTO_TLS1_2:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments) @@ -3118,7 +3118,7 @@ void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len, } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY:TEST_GCM_OR_CHACHAPOLY_ENABLED */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_PROTO_TLS1_2:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY:TEST_GCM_OR_CHACHAPOLY_ENABLED */ void handshake_serialization() { mbedtls_test_handshake_test_options options; @@ -3135,7 +3135,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ void handshake_fragmentation(int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation) @@ -3332,7 +3332,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_PROTO_TLS1_2:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void renegotiation(int legacy_renegotiation) { mbedtls_test_handshake_test_options options; @@ -3633,7 +3633,7 @@ exit:; } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void force_bad_session_id_len() { enum { BUFFSIZE = 1024 }; @@ -3827,7 +3827,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_256:PSA_HAVE_ALG_SOME_RSA_SIGN:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ void raw_key_agreement_fail(int bad_server_ecdhe_key) { enum { BUFFSIZE = 17000 }; diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 4d57a8fb69..78410b1ff2 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -1,49 +1,49 @@ Certificate Request check Server1 SHA1 -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0:0:0:0 Certificate Request check Server1 SHA224 -depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_224:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0:0:0:0 Certificate Request check Server1 SHA256 -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0:0:0:0 Certificate Request check Server1 SHA384 -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_384:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0:0:0:0 Certificate Request check Server1 SHA512 -depends_on:PSA_WANT_ALG_SHA_512:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_512:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0:0:0:0 Certificate Request check Server1 MD5 -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_MD5:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0:0:0:0 Certificate Request check Server1 key_usage -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:0 Certificate Request check opaque Server1 key_usage -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN x509_csr_check_opaque:"../framework/data_files/server1.key":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0 Certificate Request check Server1 key_usage empty -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.key_usage_empty":MBEDTLS_MD_SHA1:0:1:0:0:0 Certificate Request check Server1 ns_cert_type -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0 Certificate Request check Server1 ns_cert_type empty -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.cert_type_empty":MBEDTLS_MD_SHA1:0:0:0:1:0 Certificate Request check Server1 key_usage + ns_cert_type -depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0 Certificate Request check Server5 ECDSA, key_usage @@ -51,7 +51,7 @@ depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC x509_csr_check:"../framework/data_files/server5.key":"../framework/data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0:0 Certificate Request check Server1, set_extension -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.sha256.ext":MBEDTLS_MD_SHA256:0:0:0:0:1 Certificate Request check opaque Server5 ECDSA, key_usage @@ -59,99 +59,99 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256 x509_csr_check_opaque:"../framework/data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0 Certificate write check Server1 SHA1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.crt":0:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, not before 1970 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, not after 2050 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, not before 1970, not after 2050 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, not before 2050, not after 2059 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"../framework/data_files/server1.key_usage.crt":0:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, one ext_key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"../framework/data_files/server1.key_ext_usage.crt":0:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, two ext_key_usages -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"../framework/data_files/server1.key_ext_usages.crt":0:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"../framework/data_files/server1.cert_type.crt":0:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"../framework/data_files/server1.v1.crt":0:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.ca.crt":0:1:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"../framework/data_files/server1.noauthid.crt":1:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"../framework/data_files/server1.key_usage_noauthid.crt":1:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"../framework/data_files/server1.cert_type_noauthid.crt":1:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"../framework/data_files/server1.v1.crt":1:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"../framework/data_files/server1.ca_noauthid.crt":1:1:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.crt":2:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"../framework/data_files/server1.key_usage.crt":2:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"../framework/data_files/server1.cert_type.crt":2:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"../framework/data_files/server1.v1.crt":2:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.ca.crt":2:1:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Full length serial -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"112233445566778899aabbccddeeff0011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.long_serial.crt":0:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Serial starting with 0x80 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"8011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.80serial.crt":0:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server1 SHA1, All 0xFF full length serial -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.long_serial_FF.crt":0:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server5 ECDSA @@ -163,7 +163,7 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINIST x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"../framework/data_files/test-ca2.crt":0 Certificate write check Server1 SHA1, SubjectAltNames -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 +depends_on:PSA_HAVE_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.allSubjectAltNames.crt":0:0:"../framework/data_files/test-ca.crt":1 X509 String to Names #1 From 0dfc52e740a0f5b2478062e6aabe873d84d7362f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 3 Mar 2026 11:38:35 +0100 Subject: [PATCH 1485/1548] tests: ssl: replace remaining occurrences of legacy RSA algorithms Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 34 ++++++++++++++++---------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 9864e6e8c8..8f1af8175c 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -193,39 +193,39 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 TLS 1.3:Move client handshake to SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PSS:MBEDTLS_X509_RSASSA_PSS_SUPPORT move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_CERTIFICATE:1 TLS 1.3:Move client handshake to CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 TLS 1.3:Move client handshake to SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_FINISHED:1 TLS 1.3:Move client handshake to CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 TLS 1.3:Move client handshake to CLIENT_CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:1 TLS 1.3:Move client handshake to CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_FINISHED:1 TLS 1.3:Move client handshake to FLUSH_BUFFERS -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_FLUSH_BUFFERS:1 TLS 1.3:Move client handshake to HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 TLS 1.3:Move client handshake to CLIENT_CCS_AFTER_SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:1 TLS 1.2:Move server handshake to HELLO_REQUEST @@ -321,7 +321,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_CERTIFICATE:1 TLS 1.3:Move server handshake to CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PSS:MBEDTLS_X509_RSASSA_PSS_SUPPORT move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CERTIFICATE_VERIFY:1 TLS 1.3:Move server handshake to SERVER_CCS_AFTER_SERVER_HELLO @@ -329,23 +329,23 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO:1 TLS 1.3:Move server handshake to SERVER_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PSS:MBEDTLS_X509_RSASSA_PSS_SUPPORT move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_FINISHED:1 TLS 1.3:Move server handshake to CLIENT_FINISHED -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_FINISHED:1 TLS 1.3:Move server handshake to HANDSHAKE_WRAPUP -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1 TLS 1.3:Move server handshake to CLIENT_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_CERTIFICATE:1 TLS 1.3:Move server handshake to CLIENT_CERTIFICATE_VERIFY -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:1 TLS 1.2:Negative test moving clients ssl to state: VERIFY_REQUEST_SENT @@ -361,7 +361,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2 Handshake, tls1_3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PSS:MBEDTLS_X509_RSASSA_PSS_SUPPORT handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3 Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 @@ -424,7 +424,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CAN_HANDLE handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_2 Handshake min/max version check, all -> 1.3 -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_PKCS1_V21:MBEDTLS_X509_RSASSA_PSS_SUPPORT +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PSS:MBEDTLS_X509_RSASSA_PSS_SUPPORT handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_3 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque From 2258cb7b5a07de4451de4ecd6b5d34e413d63190 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 11 Mar 2026 22:51:40 +0100 Subject: [PATCH 1486/1548] tests: pkcs7: ease requirements for parse tests replace PSA_HAVE_ALG_SOME_RSA_VERIFY with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkcs7.data | 38 +++++++++++++++--------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index 1e9cdf3132..3e3f7f1d7d 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -1,9 +1,9 @@ PKCS7 Signed Data Parse Pass SHA256 #1 -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":MBEDTLS_PKCS7_SIGNED_DATA PKCS7 Signed Data Parse Pass SHA1 #2 -depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY +depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signed_sha1.der":MBEDTLS_PKCS7_SIGNED_DATA PKCS7 Signed Data Parse Pass Without CERT #3 @@ -15,51 +15,51 @@ depends_on:PSA_WANT_ALG_SHA_256 pkcs7_parse:"../framework/data_files/pkcs7_data_no_signers.der":MBEDTLS_PKCS7_SIGNED_DATA PKCS7 Signed Data Parse Fail with multiple certs #4 -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY pkcs7_parse:"../framework/data_files/pkcs7_data_multiple_certs_signed.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE PKCS7 Signed Data Parse Fail with corrupted cert #5.0 -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badcert.der":MBEDTLS_ERR_PKCS7_INVALID_CERT PKCS7 Signed Data Parse Fail with disabled alg #5.1 -depends_on:PSA_HAVE_ALG_SOME_RSA_VERIFY:!PSA_WANT_ALG_SHA_512 +depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:!PSA_WANT_ALG_SHA_512 pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signed_sha512.der":MBEDTLS_ERR_PKCS7_INVALID_ALG PKCS7 Parse Fail with Inlined Content Info #5.2 -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY pkcs7_parse:"../framework/data_files/pkcs7_data_with_signature.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE PKCS7 Signed Data Parse Fail with no RSA #5.3 -depends_on:PSA_WANT_ALG_SHA_256:!PSA_HAVE_ALG_SOME_RSA_VERIFY +depends_on:PSA_WANT_ALG_SHA_256:!PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":MBEDTLS_ERR_PKCS7_INVALID_CERT PKCS7 Signed Data Parse Fail with corrupted signer info #6 -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) PKCS7 Signed Data Parse Fail with corrupted signer info[1] invalid size #6.1 -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner1_badsize.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Signed Data Parse Fail with corrupted signer info[2] invalid size #6.2 -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner2_badsize.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Signed Data Parse Fail with corrupted signer info[1] unexpected tag #6.3 -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner1_badtag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) PKCS7 Signed Data Parse Fail with corrupted signer info[2] unexpected tag #6.4 -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner2_badtag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) PKCS7 Signed Data Parse Fail with corrupted signer info[1] fuzz bad #6.5 -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner1_fuzzbad.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Signed Data Parse Fail with corrupted signer info[2] fuzz bad #6.6 -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY pkcs7_parse:"../framework/data_files/pkcs7_data_signed_badsigner2_fuzzbad.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Signed Data Parse Fail Version other than 1 #7 @@ -103,11 +103,11 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_RSA_PKCS1V15_VERIFY pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-sha256-1.der":"../framework/data_files/pkcs7_data_1.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED PKCS7 Signed Data Parse Failure Corrupt signerInfo.issuer #15.1 -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY pkcs7_parse:"../framework/data_files/pkcs7_signerInfo_issuer_invalid_size.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Signed Data Parse Failure Corrupt signerInfo.serial #15.2 -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY pkcs7_parse:"../framework/data_files/pkcs7_signerInfo_serial_invalid_size.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Signed Data Parse Fail Corrupt signerInfos[2] (6213931373035520) @@ -119,7 +119,7 @@ depends_on:PSA_WANT_ALG_SHA_256 pkcs7_parse:"../framework/data_files/pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Only Signed Data Parse Pass #15 -depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_SOME_RSA_VERIFY +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY pkcs7_parse:"../framework/data_files/pkcs7_data_cert_signeddata_sha256.der":MBEDTLS_PKCS7_SIGNED_DATA PKCS7 Signed Data Verify with multiple(2) signers #16.0 @@ -147,11 +147,11 @@ depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_HAVE_TIME_DATE pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-expired.crt":"../framework/data_files/pkcs7_data.bin":0:MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID PKCS7 Signed Data Verify Fail Expired Cert #19 no DATE_TIME 1 -depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_HAVE_TIME_DATE:PSA_HAVE_ALG_SOME_RSA_VERIFY +depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_HAVE_TIME_DATE:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY pkcs7_verify:"../framework/data_files/pkcs7_data_cert_signed_sha256.der":"../framework/data_files/pkcs7-rsa-expired.crt":"../framework/data_files/pkcs7_data.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED PKCS7 Signed Data Verify Fail Expired Cert #19 no TIME_DATE 2 -depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_HAVE_TIME_DATE:PSA_HAVE_ALG_SOME_RSA_VERIFY +depends_on:PSA_WANT_ALG_SHA_256:!MBEDTLS_HAVE_TIME_DATE:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY pkcs7_verify:"../framework/data_files/pkcs7_data_rsa_expired.der":"../framework/data_files/pkcs7-rsa-expired.crt":"../framework/data_files/pkcs7_data_1.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED PKCS7 Parse Failure Invalid ASN1: Add null byte to start #20.0 From 894cea1fa2e81ec2c410b78a680573e3f056d537 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 16 Mar 2026 11:05:21 +0100 Subject: [PATCH 1487/1548] Add change log Signed-off-by: Ronald Cron --- ChangeLog.d/context_load_and_session_load_documentation.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/context_load_and_session_load_documentation.txt diff --git a/ChangeLog.d/context_load_and_session_load_documentation.txt b/ChangeLog.d/context_load_and_session_load_documentation.txt new file mode 100644 index 0000000000..f7c1d27f8e --- /dev/null +++ b/ChangeLog.d/context_load_and_session_load_documentation.txt @@ -0,0 +1,6 @@ +Security + * The documentation of mbedtls_ssl_session_save(), + mbedtls_ssl_session_load(), mbedtls_ssl_context_save(), and + mbedtls_ssl_context_load() has been updated to clarify the responsibility + of the application to preserve the confidentiality and integrity of + serialized data, mitigating the risk of misuse of these APIs. From e4d2126ad860b111d682e4862d6f18d1fc699c31 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 11 Mar 2026 23:16:59 +0100 Subject: [PATCH 1488/1548] tests: ssl: replace dependency from RSA PSS to PKCS v1.5 in one handshake test Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 8f1af8175c..cdbd73ab25 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -193,7 +193,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_CERTIFICATE_REQUEST:1 TLS 1.3:Move client handshake to SERVER_CERTIFICATE -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PSS:MBEDTLS_X509_RSASSA_PSS_SUPPORT +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_SERVER_CERTIFICATE:1 TLS 1.3:Move client handshake to CERTIFICATE_VERIFY From ccea2fd244d9f96637149ff0c56d1a1241c58c2b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 17 Mar 2026 11:06:04 +0100 Subject: [PATCH 1489/1548] Improve change log Signed-off-by: Ronald Cron --- ChangeLog.d/context_load_and_session_load_documentation.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog.d/context_load_and_session_load_documentation.txt b/ChangeLog.d/context_load_and_session_load_documentation.txt index f7c1d27f8e..200ab27bf1 100644 --- a/ChangeLog.d/context_load_and_session_load_documentation.txt +++ b/ChangeLog.d/context_load_and_session_load_documentation.txt @@ -4,3 +4,5 @@ Security mbedtls_ssl_context_load() has been updated to clarify the responsibility of the application to preserve the confidentiality and integrity of serialized data, mitigating the risk of misuse of these APIs. + Credit to Haruto Kimura (Stella) for highlighting risks associated with + tampered serialized data. From 831ea1e62108f00ceb597f3344337324d9bbe482 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 17 Mar 2026 16:47:55 +0000 Subject: [PATCH 1490/1548] Updated tf-psa-crypto pointer Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 293cfe5ece..ed3c7d281e 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 293cfe5eceed98a2ee75d5241a78657b466750c7 +Subproject commit ed3c7d281e710ef44264d29f3157fd572165a74d From 72330cac94b4eb37ba367f6ed048ce6454c566e1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Mar 2026 15:25:14 +0100 Subject: [PATCH 1491/1548] Add 4.1 backport line to the PR template Signed-off-by: Gilles Peskine --- .github/pull_request_template.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index e48e44beda..b4bb9c815d 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -13,6 +13,7 @@ If the provided content is part of the present PR remove the # symbol. - [ ] **development PR** provided # | not required because: - [ ] **TF-PSA-Crypto PR** provided # | not required because: - [ ] **framework PR** provided Mbed-TLS/mbedtls-framework# | not required +- [ ] **4.1 PR** provided # | not required because: - [ ] **3.6 PR** provided # | not required because: - **tests** provided | not required because: From 10988b0477f2b8e812da911c8220f51de1e38c8b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Mar 2026 15:29:08 +0100 Subject: [PATCH 1492/1548] Clarify prerequisite, consuming or side PR Signed-off-by: Gilles Peskine --- .github/pull_request_template.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index b4bb9c815d..dbe8d74846 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -11,10 +11,11 @@ If the provided content is part of the present PR remove the # symbol. - [ ] **changelog** provided | not required because: - [ ] **development PR** provided # | not required because: -- [ ] **TF-PSA-Crypto PR** provided # | not required because: -- [ ] **framework PR** provided Mbed-TLS/mbedtls-framework# | not required -- [ ] **4.1 PR** provided # | not required because: -- [ ] **3.6 PR** provided # | not required because: +- [ ] **prerequisite TF-PSA-Crypto PR** provided # | not required because: +- [ ] **prerequisite framework PR** provided Mbed-TLS/mbedtls-framework# | not required +- [ ] **backport 4.1 PR** provided # | not required because: +- [ ] **prerequisite backport 1.1 PR** provided # | not required because: +- [ ] **backport 3.6 PR** provided # | not required because: - **tests** provided | not required because: From c2139f8887e76ad4215f17f9dbbdb8aab1365574 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Mar 2026 16:39:08 +0100 Subject: [PATCH 1493/1548] Add repository shortcut suggestion Signed-off-by: Gilles Peskine --- .github/pull_request_template.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index dbe8d74846..273ccd8745 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -11,10 +11,10 @@ If the provided content is part of the present PR remove the # symbol. - [ ] **changelog** provided | not required because: - [ ] **development PR** provided # | not required because: -- [ ] **prerequisite TF-PSA-Crypto PR** provided # | not required because: +- [ ] **prerequisite TF-PSA-Crypto PR** provided Mbed-TLS/TF-PSA-Crypto# | not required because: - [ ] **prerequisite framework PR** provided Mbed-TLS/mbedtls-framework# | not required - [ ] **backport 4.1 PR** provided # | not required because: -- [ ] **prerequisite backport 1.1 PR** provided # | not required because: +- [ ] **prerequisite backport 1.1 PR** provided Mbed-TLS/TF-PSA-Crypto# | not required because: - [ ] **backport 3.6 PR** provided # | not required because: - **tests** provided | not required because: From 4a21496d6f9aa92d2d7f537ec199e39c7dafecc9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 11 Feb 2026 13:40:07 +0100 Subject: [PATCH 1494/1548] Prepare to generalize check_option_lists.py We're going to have more committed generated files. Signed-off-by: Gilles Peskine --- ...check_option_lists.py => check_committed_generated_files.py} | 0 tests/scripts/components-basic-checks.sh | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename tests/scripts/{check_option_lists.py => check_committed_generated_files.py} (100%) diff --git a/tests/scripts/check_option_lists.py b/tests/scripts/check_committed_generated_files.py similarity index 100% rename from tests/scripts/check_option_lists.py rename to tests/scripts/check_committed_generated_files.py diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 1e480dd12b..73636ee66c 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -47,7 +47,7 @@ component_check_generated_files () { # This is necessary for subsequent components! msg "Check committed generated files" - tests/scripts/check_option_lists.py + tests/scripts/check_committed_generated_files.py } component_check_doxy_blocks () { From 260992c0f44b9e7d7f285db106f1b8ce8a14ac6b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 11 Feb 2026 17:21:25 +0100 Subject: [PATCH 1495/1548] check_committed_generated_files.py: use the new generate_files_helper module Signed-off-by: Gilles Peskine --- .../check_committed_generated_files.py | 42 ++++--------------- 1 file changed, 8 insertions(+), 34 deletions(-) diff --git a/tests/scripts/check_committed_generated_files.py b/tests/scripts/check_committed_generated_files.py index c9b643bb6d..eee4d92023 100755 --- a/tests/scripts/check_committed_generated_files.py +++ b/tests/scripts/check_committed_generated_files.py @@ -1,46 +1,20 @@ #!/usr/bin/env python3 """ -Check that files with lists of config options are up-to-date, or update them. - -This script checks the following file: -scripts/data_files/config-options-current.txt +Check that TF-PSA-Crypto files that can be regenerated are up-to-date, or update them. """ # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -import argparse -import sys - import scripts_path # pylint: disable=unused-import from mbedtls_framework import config_macros +from mbedtls_framework import generate_files_helper +GENERATORS = [ + config_macros.Current(shadow_missing_ok=True), +] -def main(): - parser = argparse.ArgumentParser(description=__doc__) - # For now this script only acts on one target file. - # If we check/update more files, we should add a way to select which - # file(s) to operate on. - parser.add_argument('--always-update', '-U', - action='store_true', - help=('Update target files unconditionally ' - '(overrides --update)')) - parser.add_argument('--update', '-u', - action='store_true', - help='Update target files if needed') - args = parser.parse_args() - data = config_macros.Current(shadow_missing_ok=True) - if args.update or args.always_update: - data.update_shadow_file(args.always_update) - else: - up_to_date = True - if not data.is_shadow_file_up_to_date(): - print(f'{data.shadow_file_path()} is out of date') - print(f'After adding or removing a config option, you need to run') - print(f'{sys.argv[0]} -u and commit the result.') - up_to_date = False - sys.exit(0 if up_to_date else 1) - -if __name__ == "__main__": - main() +if __name__ == '__main__': + generate_files_helper.main(generators=GENERATORS, + description=__doc__) From 61cf7bdc904a05907cff81d58409b72bf0691cb1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 11 Feb 2026 18:16:13 +0100 Subject: [PATCH 1496/1548] Add Python requirements from framework/util Any `all.sh` component that runs a script that requires a more recent version of Python must have a `support_xxx` function that checks for the requisite Python version or package. At this time, there is no such requirement yet in the mbedtls repository. The directory `framework/util` is not yet checked by `pylint` or `mypy`, because we use older versions of these tools that don't work well with modern Python versions. Signed-off-by: Gilles Peskine --- scripts/ci.requirements.txt | 6 ++++++ tests/scripts/components-basic-checks.sh | 10 ++++++++++ 2 files changed, 16 insertions(+) diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt index 7525036441..296c1faaf0 100644 --- a/scripts/ci.requirements.txt +++ b/scripts/ci.requirements.txt @@ -17,3 +17,9 @@ pylint == 2.4.4; platform_system == 'Linux' # https://github.com/Mbed-TLS/mbedtls-framework/issues/50 # mypy 0.942 is the version in Ubuntu 22.04. mypy == 0.942; platform_system == 'Linux' + +# More requirements for scripts in the framework that might not work in +# older versions of Python. Note that requirements that are not available +# in the oldest version of Python on our CI must be annodated with +# "python >= ...". +-r ../framework/util/requirements.txt diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 73636ee66c..72bd2c036d 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -14,6 +14,16 @@ component_check_recursion () { ./framework/scripts/recursion.pl library/*.c } +support_check_generated_files () { + # Add requirements on the Python installation here for + # the sake of check_committed_generated_files.py in mbedtls. + # + # Check the Python version, not the presence of the package, + # because the CI runs `all.sh --list-components` outside of the + # venv that has our desired packages. + : +} + component_check_generated_files () { msg "Check make_generated_files.py consistency" $MAKE_COMMAND neat From aa40ca90d9e0c5680946bbfbae10cfe34cd605a1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Feb 2026 12:51:24 +0100 Subject: [PATCH 1497/1548] Move check_committed_generated_files to its own component This will probably help when a framework change causes the content of these files to change. See https://github.com/Mbed-TLS/mbedtls-test/issues/252 Signed-off-by: Gilles Peskine --- tests/scripts/components-basic-checks.sh | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 72bd2c036d..272efe2ae5 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -14,16 +14,6 @@ component_check_recursion () { ./framework/scripts/recursion.pl library/*.c } -support_check_generated_files () { - # Add requirements on the Python installation here for - # the sake of check_committed_generated_files.py in mbedtls. - # - # Check the Python version, not the presence of the package, - # because the CI runs `all.sh --list-components` outside of the - # venv that has our desired packages. - : -} - component_check_generated_files () { msg "Check make_generated_files.py consistency" $MAKE_COMMAND neat @@ -55,7 +45,19 @@ component_check_generated_files () { # This component ends with the generated files present in the source tree. # This is necessary for subsequent components! +} + +support_check_committed_generated_files () { + # Add requirements on the Python installation here for + # the sake of check_committed_generated_files.py in mbedtls. + # + # Check the Python version, not the presence of the package, + # because the CI runs `all.sh --list-components` outside of the + # venv that has our desired packages. + : +} +component_check_committed_generated_files () { msg "Check committed generated files" tests/scripts/check_committed_generated_files.py } From 92cfa4e70e937ca39fdc9c237895f12af548e12b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 23 Mar 2026 15:43:46 +0100 Subject: [PATCH 1498/1548] cmake: make Threads package search quiet This prevents printing message "-- Could NOT find Threads (missing: Threads_FOUND)" on platforms like Zephyr where threading is not provided by standard libraries. Signed-off-by: Valerio Setti --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 42e4ccb34d..d5d0a98b8d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -122,7 +122,7 @@ endif() # We now potentially need to link all executables against PThreads, if available set(CMAKE_THREAD_PREFER_PTHREAD TRUE) set(THREADS_PREFER_PTHREAD_FLAG TRUE) -find_package(Threads) +find_package(Threads QUIET) # If this is the root project add longer list of available CMAKE_BUILD_TYPE values if(NOT MBEDTLS_AS_SUBPROJECT) From ade56554a6103f7de26c16d4348f6efadb2d8b97 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 24 Mar 2026 18:38:01 +0100 Subject: [PATCH 1499/1548] Revert "ssl_server2.c: DTLS: Attempt to read the response to the close notification" This reverts commit 2e9b9681e60ff52d69a3a68b4c7be0bcbab9191b. Signed-off-by: Ronald Cron --- programs/ssl/ssl_server2.c | 50 +------------------ tests/compat.sh | 1 - tests/scripts/components-configuration-tls.sh | 1 - 3 files changed, 1 insertion(+), 51 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index f2e8eff47a..79cbad877d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -4131,55 +4131,7 @@ int main(int argc, char *argv[]) } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE); ret = 0; - /* - * In the DTLS case, attempt to read a possible response to the close - * notification. This avoids reconnecting to the same client when we - * reset and later receive its close-notification response during - * step 3 (waiting for a client to connect). - * - * Stop waiting for the response if the connection has already ended. - * - * The waiting loop below relies on mbedtls_ssl_read() returning regularly - * in order to keep the total waiting time approximately bounded to 1s. If - * no read timeout is configured (see the read_timeout option), or if the - * configured timeout is close to or larger than 1s, the total waiting time - * may exceed 1s by a significant margin. - */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_HAVE_TIME) - if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - mbedtls_ms_time_t start = mbedtls_ms_time(); - for (;;) { - ret = mbedtls_ssl_read(&ssl, buf, opt.buffer_size); - /* - * mbedtls_ssl_read() returned some data or timed out, loop if we - * have not spent already too much time, quite arbitrarily 1s. - */ - if ((ret > 0) || (ret == MBEDTLS_ERR_SSL_TIMEOUT)) { - if ((mbedtls_ms_time() - start) < 1000) { - continue; - } - } - - if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { - mbedtls_printf(" done, received client close notification.\n"); - } else { - /* ret = 0, silent transport EOF or ret < 0 except - * MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY. Note that we do not - * handle specifically the non-fatal error codes like - * MBEDTLS_ERR_SSL_WANT_READ as we do not really expect them - * here. - */ - mbedtls_printf(" done\n"); - } - break; - } - ret = 0; - } else -#endif /* MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_HAVE_TIME */ - { - mbedtls_printf(" done\n"); - } - fflush(stdout); + mbedtls_printf(" done\n"); #if defined(MBEDTLS_SSL_CACHE_C) if (opt.cache_remove > 0) { diff --git a/tests/compat.sh b/tests/compat.sh index 3f44c984fb..2b6f454127 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -557,7 +557,6 @@ setup_arguments() # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes if is_dtls "$MODE"; then O_SERVER_ARGS="$O_SERVER_ARGS" - M_SERVER_ARGS="$M_SERVER_ARGS read_timeout=1000" else O_SERVER_ARGS="$O_SERVER_ARGS -www" fi diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index d017eef182..5a77c4defc 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -165,7 +165,6 @@ component_test_tls1_2_ccm_psk_dtls () { msg "build: configs/config-ccm-psk-dtls1_2.h" MBEDTLS_CONFIG="configs/config-ccm-psk-dtls1_2.h" CRYPTO_CONFIG="configs/crypto-config-ccm-psk-tls1_2.h" - tf-psa-crypto/scripts/config.py -f "$CRYPTO_CONFIG" set MBEDTLS_HAVE_TIME CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . make From 315c970fbeb4ac13446c56f16dd4c8f4c3df0222 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 20 Mar 2026 11:21:56 +0100 Subject: [PATCH 1500/1548] dtls: Fix debug log Signed-off-by: Ronald Cron --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index abb5a5696f..86c23d766c 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3618,7 +3618,7 @@ static int ssl_parse_record_header(mbedtls_ssl_context const *ssl, ( "datagram of length %u too small to hold DTLS record header of length %u", (unsigned) len, - (unsigned) (rec_hdr_len_len + rec_hdr_len_len))); + (unsigned) (rec_hdr_len_offset + rec_hdr_len_len))); return MBEDTLS_ERR_SSL_INVALID_RECORD; } From 676d74e4c74ce71a38b321f4567dfa8a20f30ff7 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 20 Mar 2026 17:19:10 +0100 Subject: [PATCH 1501/1548] dtls: Error out on invalid/unexpected record header Error out on invalid/unexpected record header when reading the DTLS 1.2 ClientHello. Signed-off-by: Ronald Cron --- library/ssl_msg.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 86c23d766c..65609b8ff9 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -4750,6 +4750,30 @@ static int ssl_get_next_record(mbedtls_ssl_context *ssl) ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; } +#if defined(MBEDTLS_SSL_SRV_C) + /* + * When retrieving the DTLS ClientHello on server side, error out + * when detecting an invalid or unexpected record. + */ + if ((ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) && + (ssl->state == MBEDTLS_SSL_CLIENT_HELLO) +#if defined(MBEDTLS_SSL_RENEGOTIATION) + && (ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE) +#endif + ) { + /* + * For backward compatibility, return + * MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE rather than + * MBEDTLS_ERR_SSL_UNEXPECTED_RECORD. + */ + if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD) { + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; + } else { + return ret; + } + } +#endif /* MBEDTLS_SSL_SRV_C */ + if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD) { #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) /* Reset in pointers to default state for TLS/DTLS records, From 16c5dd99b3278f3ed0582f76baa9a1bc031b5187 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 18 Mar 2026 12:06:59 +0100 Subject: [PATCH 1502/1548] Introduce ssl_buffering_shift_slots Signed-off-by: Ronald Cron --- library/ssl_msg.c | 57 +++++++++++++++++++++++++++++++---------------- tests/ssl-opt.sh | 2 +- 2 files changed, 39 insertions(+), 20 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 65609b8ff9..7eb91031d7 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -275,6 +275,7 @@ int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl, /* Forward declarations for functions related to message buffering. */ static void ssl_buffering_free_slot(mbedtls_ssl_context *ssl, uint8_t slot); +static void ssl_buffering_shift_slots(mbedtls_ssl_context *ssl, unsigned shift); static void ssl_free_buffered_record(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_load_buffered_message(mbedtls_ssl_context *ssl); @@ -3180,28 +3181,10 @@ int mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && ssl->handshake != NULL) { - unsigned offset; - mbedtls_ssl_hs_buffer *hs_buf; /* Increment handshake sequence number */ hs->in_msg_seq++; - - /* - * Clear up handshake buffering and reassembly structure. - */ - - /* Free first entry */ - ssl_buffering_free_slot(ssl, 0); - - /* Shift all other entries */ - for (offset = 0, hs_buf = &hs->buffering.hs[0]; - offset + 1 < MBEDTLS_SSL_MAX_BUFFERED_HS; - offset++, hs_buf++) { - *hs_buf = *(hs_buf + 1); - } - - /* Create a fresh last entry */ - memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer)); + ssl_buffering_shift_slots(ssl, 1); } #endif return 0; @@ -6158,6 +6141,42 @@ static void ssl_buffering_free_slot(mbedtls_ssl_context *ssl, } } +/* + * Shift the buffering slots to the left by `shift` positions. + * After the operation, slot i contains the previous slot i + shift. + */ +static void ssl_buffering_shift_slots(mbedtls_ssl_context *ssl, + unsigned shift) +{ + mbedtls_ssl_handshake_params * const hs = ssl->handshake; + unsigned offset; + + if (shift == 0) { + return; + } + + if (shift >= MBEDTLS_SSL_MAX_BUFFERED_HS) { + shift = MBEDTLS_SSL_MAX_BUFFERED_HS; + } + + /* Free discarded entries */ + for (offset = 0; offset < shift; offset++) { + ssl_buffering_free_slot(ssl, offset); + } + + /* Shift remaining entries left */ + for (offset = 0; offset + shift < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++) { + hs->buffering.hs[offset] = hs->buffering.hs[offset + shift]; + } + + /* Reset the remaining entries at the end. It may have been already + * partially done by the loop freing the discarded entries but that is + * simpler and safer. + */ + for (; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++) { + memset(&hs->buffering.hs[offset], 0, sizeof(hs->buffering.hs[offset])); + } +} #endif /* MBEDTLS_SSL_PROTO_DTLS */ /* diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index a999c94f5b..b5e968b751 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2168,7 +2168,7 @@ run_test "Default, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 run_test "Default, DTLS" \ - "$P_SRV dtls=1" \ + "$P_SRV debug_level=5 dtls=1" \ "$P_CLI dtls=1" \ 0 \ -s "Protocol is DTLSv1.2" \ From 912ef74195a105650bb95c8296dc880c241d4369 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 18 Mar 2026 12:15:52 +0100 Subject: [PATCH 1503/1548] Update buffering when adapting to ClientHello message_seq Signed-off-by: Ronald Cron --- library/ssl_msg.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 7eb91031d7..6a9d88d850 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2986,17 +2986,21 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) * expected `message_seq` for the incoming and outgoing * handshake messages. */ - ssl->handshake->in_msg_seq = recv_msg_seq; - ssl->handshake->out_msg_seq = recv_msg_seq; + if ((ssl->handshake->in_msg_seq == 0) && (recv_msg_seq > 0)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("shift slots by %u", recv_msg_seq)); + ssl_buffering_shift_slots(ssl, recv_msg_seq); + ssl->handshake->in_msg_seq = recv_msg_seq; + ssl->handshake->out_msg_seq = recv_msg_seq; + + /* Epoch should be 0 for initial handshakes */ + if (ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; + } - /* Epoch should be 0 for initial handshakes */ - if (ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; + memcpy(&ssl->cur_out_ctr[2], ssl->in_ctr + 2, + sizeof(ssl->cur_out_ctr) - 2); } - - memcpy(&ssl->cur_out_ctr[2], ssl->in_ctr + 2, - sizeof(ssl->cur_out_ctr) - 2); } else if (mbedtls_ssl_is_handshake_over(ssl) == 1) { /* In case of a post-handshake ClientHello that initiates a * renegotiation check that the handshake message sequence From 0c301a686aa296433d01f4d5db7f4612a1da4aaa Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 23 Mar 2026 15:40:02 +0100 Subject: [PATCH 1504/1548] dtls: Improve comment Signed-off-by: Ronald Cron --- library/ssl_msg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 6a9d88d850..287b0bf507 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -6174,8 +6174,8 @@ static void ssl_buffering_shift_slots(mbedtls_ssl_context *ssl, } /* Reset the remaining entries at the end. It may have been already - * partially done by the loop freing the discarded entries but that is - * simpler and safer. + * done for the first ones by the loop freing the discarded entries but + * that is simpler and safer. */ for (; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++) { memset(&hs->buffering.hs[offset], 0, sizeof(hs->buffering.hs[offset])); From f9b7441542734d91bcd52cb234ccd76409559745 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 23 Mar 2026 18:23:03 +0100 Subject: [PATCH 1505/1548] dtls: Keep invalid/unexpected record header error code Signed-off-by: Ronald Cron --- library/ssl_msg.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 287b0bf507..812f578baf 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -4748,16 +4748,7 @@ static int ssl_get_next_record(mbedtls_ssl_context *ssl) && (ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE) #endif ) { - /* - * For backward compatibility, return - * MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE rather than - * MBEDTLS_ERR_SSL_UNEXPECTED_RECORD. - */ - if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD) { - return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } else { - return ret; - } + return ret; } #endif /* MBEDTLS_SSL_SRV_C */ From 140ebea442ce2436f2f8ce59b554df6a70baad2f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 24 Mar 2026 00:48:28 +0100 Subject: [PATCH 1506/1548] dtls: parse_client_hello: Adapt mbedtls_ssl_read_record() error code Signed-off-by: Ronald Cron --- library/ssl_tls12_server.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 94e61a8aca..5dbdd3854c 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -879,6 +879,31 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) */ if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record ", ret); + + /* + * In the case of an alert message corresponding to the termination of + * a previous connection, `ssl_parse_record_header()` and then + * `mbedtls_ssl_read_record()` may return + * MBEDTLS_ERR_SSL_UNEXPECTED_RECORD because of a non zero epoch. + * + * Historically, the library has returned + * MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE in this situation. + * The sample program dtls_server.c relies on this behavior + * (see + * https://github.com/Mbed-TLS/mbedtls/blob/d5e35a376bee23fad0b17f2e3e94a32ce4017c64/programs/ssl/dtls_server.c#L295), + * and user applications may rely on it as well. + * + * For compatibility, map MBEDTLS_ERR_SSL_UNEXPECTED_RECORD + * to MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE here. + * + * MBEDTLS_ERR_SSL_UNEXPECTED_RECORD does not appear to be + * used to detect a specific error condition, so this mapping + * should not remove any meaningful distinction. + */ + if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD) { + ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; + } + return ret; } From c9264ad227d1e70780bfd6a1e4db3fd70a7155b3 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 23 Mar 2026 16:25:33 +0100 Subject: [PATCH 1507/1548] dtls: Fix log level Signed-off-by: Ronald Cron --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 812f578baf..c0c2825c4d 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2987,7 +2987,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) * handshake messages. */ if ((ssl->handshake->in_msg_seq == 0) && (recv_msg_seq > 0)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("shift slots by %u", recv_msg_seq)); + MBEDTLS_SSL_DEBUG_MSG(3, ("shift slots by %u", recv_msg_seq)); ssl_buffering_shift_slots(ssl, recv_msg_seq); ssl->handshake->in_msg_seq = recv_msg_seq; ssl->handshake->out_msg_seq = recv_msg_seq; From f285018fa368ae832d43309e14703501038fee90 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 24 Mar 2026 10:03:21 +0100 Subject: [PATCH 1508/1548] Disable "DTLS proxy: 3d, (openssl|gnutls) client, fragmentation" tests The tests fail intermittently on the CI with a frequency that significantly impacts CI throughput. Signed-off-by: Ronald Cron --- tests/scripts/analyze_outcomes.py | 9 +++++++++ tests/ssl-opt.sh | 13 +++++++++++++ 2 files changed, 22 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 2bd4bd8162..b6f18c5b88 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -50,6 +50,15 @@ def _has_word_re(words: typing.Iterable[str], # TLS doesn't use restartable ECDH yet. # https://github.com/Mbed-TLS/mbedtls/issues/7294 re.compile(r'EC restart:.*no USE_PSA.*'), + # The following test fails intermittently on the CI with a frequency + # that significantly impacts CI throughput. They are thus disabled + # for the time being. See + # https://github.com/Mbed-TLS/mbedtls/issues/10652 for more + # information. + 'DTLS proxy: 3d, openssl client, fragmentation', + 'DTLS proxy: 3d, openssl client, fragmentation, nbio', + 'DTLS proxy: 3d, gnutls client, fragmentation', + 'DTLS proxy: 3d, gnutls client, fragmentation, nbio=2', ], 'test_suite_config.mbedtls_boolean': [ # Missing coverage of test configurations. diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b5e968b751..7abcd4b96d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -12169,6 +12169,9 @@ run_test "DTLS proxy: 3d, openssl client" \ 0 \ -s "HTTP/1.0 200 OK" +# The following test fails intermittently on the CI with a frequency that +# significantly impacts CI throughput. Disable it for the time being. +skip_next_test requires_openssl_next client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out @@ -12182,6 +12185,9 @@ run_test "DTLS proxy: 3d, openssl client, fragmentation" \ -s "found fragmented DTLS handshake message" \ -s "Certificate handshake message has been buffered and reassembled" +# The following test fails intermittently on the CI with a frequency that +# significantly impacts CI throughput. Disable it for the time being. +skip_next_test requires_openssl_next client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out @@ -12250,6 +12256,10 @@ run_test "DTLS proxy: 3d, gnutls client" \ # fragmentation to remain the case across GnuTLS version updates. Avoid using a # smaller MTU, as the smaller the MTU, the more likely the handshake is to fail # in this very unreliable connection emulation. + +# The following test fails intermittently on the CI with a frequency that +# significantly impacts CI throughput. Disable it for the time being. +skip_next_test requires_gnutls client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out @@ -12262,6 +12272,9 @@ run_test "DTLS proxy: 3d, gnutls client, fragmentation" \ -s "HTTP/1.0 200 OK" \ -s "ClientHello handshake message has been buffered and reassembled" +# The following test fails intermittently on the CI with a frequency that +# significantly impacts CI throughput. Disable it for the time being. +skip_next_test requires_gnutls client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out From fbe388dc287bfe3414b565c0a009c879172c744e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 24 Mar 2026 12:25:34 +0100 Subject: [PATCH 1509/1548] ssl-opt.sh: Fix log checks in some "DTLS reassembly" tests In DTLS reassembly tests, the server may receive a close_notify alert at the end of a test. In this case, the Mbed TLS server logs an error, so these tests should not check for the absence of the string "error" in the server logs. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7abcd4b96d..aa339a9eab 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9978,7 +9978,7 @@ run_test "DTLS reassembly: no fragmentation (gnutls client)" \ "$G_NEXT_CLI -u --mtu 2048 --insecure 127.0.0.1" \ 0 \ -S "found fragmented DTLS handshake message" \ - -S "error" + -s "HTTP/1.0 200 OK" requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9988,7 +9988,7 @@ run_test "DTLS reassembly: some fragmentation (gnutls client)" \ 0 \ -s "found fragmented DTLS handshake message" \ -s "Certificate handshake message has been buffered and reassembled" \ - -S "error" + -s "HTTP/1.0 200 OK" # Set the MTU to 128 bytes. The minimum size of a DTLS 1.2 record # containing a ClientHello handshake message is 69 bytes, without any cookie, @@ -10003,7 +10003,7 @@ run_test "DTLS reassembly: more fragmentation (gnutls client)" \ "$G_NEXT_CLI -u --mtu 103 --insecure 127.0.0.1" \ 0 \ -s "ClientHello handshake message has been buffered and reassembled" \ - -S "error" + -s "HTTP/1.0 200 OK" requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -10012,7 +10012,7 @@ run_test "DTLS reassembly: more fragmentation, nbio (gnutls client)" \ "$G_NEXT_CLI -u --mtu 103 --insecure 127.0.0.1" \ 0 \ -s "ClientHello handshake message has been buffered and reassembled" \ - -S "error" + -s "HTTP/1.0 200 OK" # No fragmentation and renegotiation tests with GnuTLS client as the feature # does not work properly. @@ -10053,7 +10053,7 @@ run_test "DTLS reassembly: no fragmentation (openssl client)" \ "$O_NEXT_CLI -dtls -mtu 2048 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \ 0 \ -S "found fragmented DTLS handshake message" \ - -S "error" + -s "HTTP/1.0 200 OK" # Minimum possible MTU for OpenSSL server: 256 bytes. # We expect the client Certificate handshake message to be fragmented and @@ -10068,7 +10068,7 @@ run_test "DTLS reassembly: some fragmentation (openssl client)" \ 0 \ -s "found fragmented DTLS handshake message" \ -s "Certificate handshake message has been buffered and reassembled" \ - -S "error" + -s "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS reassembly: fragmentation, nbio (openssl client)" \ @@ -10077,7 +10077,7 @@ run_test "DTLS reassembly: fragmentation, nbio (openssl client)" \ 0 \ -s "found fragmented DTLS handshake message" \ -s "Certificate handshake message has been buffered and reassembled" \ - -S "error" + -s "HTTP/1.0 200 OK" # Tests for sending fragmented handshake messages with DTLS # From f2f44a9c9f7c3c3d66324029d1131f5bc1d5910e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 24 Mar 2026 15:42:42 +0100 Subject: [PATCH 1510/1548] Restrict mapping of UNEXPECTED_RECORD to UNEXPECTED_MESSAGE Signed-off-by: Ronald Cron --- library/ssl_tls12_server.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 5dbdd3854c..26ba8590ac 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -880,6 +880,7 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record ", ret); +#if defined(MBEDTLS_SSL_PROTO_DTLS) /* * In the case of an alert message corresponding to the termination of * a previous connection, `ssl_parse_record_header()` and then @@ -900,9 +901,16 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) * used to detect a specific error condition, so this mapping * should not remove any meaningful distinction. */ - if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD) { - ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; + if ((ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) +#if defined(MBEDTLS_SSL_RENEGOTIATION) + && (ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE) +#endif + ) { + if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD) { + ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; + } } +#endif /* MBEDTLS_SSL_PROTO_DTLS */ return ret; } From 1141cd0fb634c754a4ad9a3572621b0656511247 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 24 Mar 2026 15:47:55 +0100 Subject: [PATCH 1511/1548] Improve comments Signed-off-by: Ronald Cron --- library/ssl_msg.c | 20 +++++++++++++++----- tests/ssl-opt.sh | 4 ++++ 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index c0c2825c4d..0799a0067e 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -4739,8 +4739,18 @@ static int ssl_get_next_record(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_SRV_C) /* - * When retrieving the DTLS ClientHello on server side, error out - * when detecting an invalid or unexpected record. + * In DTLS, invalid records are usually ignored because it is easy + * for an attacker to inject UDP datagrams, and we do not want such + * packets to disrupt the entire connection. + * + * However, when expecting the ClientHello, we reject invalid or + * unexpected records. This avoids waiting for further records + * before receiving at least one valid message. Such records could + * be leftover messages from a previous connection, accidental + * input, or part of a DoS attempt. + * + * Since no valid message has been received yet, immediately + * closing the connection does not result in any loss. */ if ((ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) && (ssl->state == MBEDTLS_SSL_CLIENT_HELLO) @@ -6164,9 +6174,9 @@ static void ssl_buffering_shift_slots(mbedtls_ssl_context *ssl, hs->buffering.hs[offset] = hs->buffering.hs[offset + shift]; } - /* Reset the remaining entries at the end. It may have been already - * done for the first ones by the loop freing the discarded entries but - * that is simpler and safer. + /* Reset the remaining entries at the end. Some may already have been + * cleared by the loop freeing the discarded entries, but resetting all + * of them is simpler and avoids tracking which ones were already handled. */ for (; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++) { memset(&hs->buffering.hs[offset], 0, sizeof(hs->buffering.hs[offset])); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index aa339a9eab..2b0341ebef 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -12171,6 +12171,7 @@ run_test "DTLS proxy: 3d, openssl client" \ # The following test fails intermittently on the CI with a frequency that # significantly impacts CI throughput. Disable it for the time being. +# See https://github.com/Mbed-TLS/mbedtls/issues/10652 for more information. skip_next_test requires_openssl_next client_needs_more_time 8 @@ -12187,6 +12188,7 @@ run_test "DTLS proxy: 3d, openssl client, fragmentation" \ # The following test fails intermittently on the CI with a frequency that # significantly impacts CI throughput. Disable it for the time being. +# See https://github.com/Mbed-TLS/mbedtls/issues/10652 for more information. skip_next_test requires_openssl_next client_needs_more_time 8 @@ -12259,6 +12261,7 @@ run_test "DTLS proxy: 3d, gnutls client" \ # The following test fails intermittently on the CI with a frequency that # significantly impacts CI throughput. Disable it for the time being. +# See https://github.com/Mbed-TLS/mbedtls/issues/10652 for more information. skip_next_test requires_gnutls client_needs_more_time 8 @@ -12274,6 +12277,7 @@ run_test "DTLS proxy: 3d, gnutls client, fragmentation" \ # The following test fails intermittently on the CI with a frequency that # significantly impacts CI throughput. Disable it for the time being. +# See https://github.com/Mbed-TLS/mbedtls/issues/10652 for more information. skip_next_test requires_gnutls client_needs_more_time 8 From 7a8fbc2100fc2d04e558526c1cc5b7f3c18e58b5 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 24 Mar 2026 15:49:25 +0100 Subject: [PATCH 1512/1548] Remove debug leftover Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2b0341ebef..4d0b6f6082 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2168,7 +2168,7 @@ run_test "Default, TLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 run_test "Default, DTLS" \ - "$P_SRV debug_level=5 dtls=1" \ + "$P_SRV dtls=1" \ "$P_CLI dtls=1" \ 0 \ -s "Protocol is DTLSv1.2" \ From 1330606ca1ea4d9296fc97ed320735075293e2f6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 24 Mar 2026 16:49:34 +0100 Subject: [PATCH 1513/1548] dtls: Fix adaptation to first ClientHello For each received ClientHello fragment, check that its epoch is zero and update the record-level sequence number. Signed-off-by: Ronald Cron --- library/ssl_msg.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 0799a0067e..87d64788bd 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2991,16 +2991,17 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) ssl_buffering_shift_slots(ssl, recv_msg_seq); ssl->handshake->in_msg_seq = recv_msg_seq; ssl->handshake->out_msg_seq = recv_msg_seq; + } - /* Epoch should be 0 for initial handshakes */ - if (ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - - memcpy(&ssl->cur_out_ctr[2], ssl->in_ctr + 2, - sizeof(ssl->cur_out_ctr) - 2); + /* Epoch should be 0 for initial handshakes */ + if (ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } + + memcpy(&ssl->cur_out_ctr[2], ssl->in_ctr + 2, + sizeof(ssl->cur_out_ctr) - 2); + } else if (mbedtls_ssl_is_handshake_over(ssl) == 1) { /* In case of a post-handshake ClientHello that initiates a * renegotiation check that the handshake message sequence From f3f27070a6e3d2a2bc4ad3a859e9173310c44224 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 26 Mar 2026 11:07:16 +0000 Subject: [PATCH 1514/1548] Added attributions & CVE Signed-off-by: Minos Galanakis --- ChangeLog.d/fix-null-pointer-dereference.txt | 3 ++- ChangeLog.d/inet_pton.txt | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog.d/fix-null-pointer-dereference.txt b/ChangeLog.d/fix-null-pointer-dereference.txt index 1eb3c416a8..1dd7d61905 100644 --- a/ChangeLog.d/fix-null-pointer-dereference.txt +++ b/ChangeLog.d/fix-null-pointer-dereference.txt @@ -1,4 +1,5 @@ Security * Fix a NULL pointer dereference in mbedtls_x509_string_to_names() when mbedtls_calloc() fails to allocate memory. This was caused by failing to - check whether mbedtls_calloc() returned NULL. + check whether mbedtls_calloc() returned NULL. Found and reported by + Haruto Kimura (Stella). diff --git a/ChangeLog.d/inet_pton.txt b/ChangeLog.d/inet_pton.txt index 22e6806556..1acb8de84e 100644 --- a/ChangeLog.d/inet_pton.txt +++ b/ChangeLog.d/inet_pton.txt @@ -3,3 +3,4 @@ Security (e.g. on platforms with memory protection when the overread crosses page boundary) this could lead to DoS. Found and reported by Haruto Kimura (Stella). + CVE-2026-25833 From feb0dd04bafac7838a67deba8956693fb23e3cd4 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 26 Mar 2026 14:51:04 +0000 Subject: [PATCH 1515/1548] Extended attributions & CVE Signed-off-by: Minos Galanakis --- ChangeLog.d/context_load_and_session_load_documentation.txt | 4 ++-- ChangeLog.d/inet_pton.txt | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/context_load_and_session_load_documentation.txt b/ChangeLog.d/context_load_and_session_load_documentation.txt index 200ab27bf1..dbbbda1fea 100644 --- a/ChangeLog.d/context_load_and_session_load_documentation.txt +++ b/ChangeLog.d/context_load_and_session_load_documentation.txt @@ -4,5 +4,5 @@ Security mbedtls_ssl_context_load() has been updated to clarify the responsibility of the application to preserve the confidentiality and integrity of serialized data, mitigating the risk of misuse of these APIs. - Credit to Haruto Kimura (Stella) for highlighting risks associated with - tampered serialized data. + Credit to Haruto Kimura (Stella) and Eva Crystal (0xiviel) for + highlighting risks associated with tampered serialized data. diff --git a/ChangeLog.d/inet_pton.txt b/ChangeLog.d/inet_pton.txt index 1acb8de84e..73b9aa6b19 100644 --- a/ChangeLog.d/inet_pton.txt +++ b/ChangeLog.d/inet_pton.txt @@ -2,5 +2,4 @@ Security * Fix a limited buffer underflow in x509_inet_pton_ipv6(). In rare cases (e.g. on platforms with memory protection when the overread crosses page boundary) this could lead to DoS. Found and reported by Haruto Kimura - (Stella). - CVE-2026-25833 + (Stella). CVE-2026-25833 From 43b89543ecbb42d463c5352e17926a2d315e339e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 26 Mar 2026 22:20:01 +0000 Subject: [PATCH 1516/1548] Updated framework submodule Signed-off-by: Minos Galanakis --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 9b92164c47..dff9da0443 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 9b92164c47fdaecb2600b417733507e2a105c3a5 +Subproject commit dff9da04438d712f7647fd995bc90fadd0c0e2ce From 83d1ebc1148d563e41aeb4ed4cc488af31cfc7c3 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 26 Mar 2026 22:20:06 +0000 Subject: [PATCH 1517/1548] Updated tf psa-crypto submodule Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index ed3c7d281e..29160dd877 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit ed3c7d281e710ef44264d29f3157fd572165a74d +Subproject commit 29160dd877d29658279fd683b2ae57b320ddcf09 From e89565f92a863bfd9314e65fbe3ce0178a98af20 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 26 Mar 2026 22:20:52 +0000 Subject: [PATCH 1518/1548] Bump version ./scripts/bump_version.sh --version 4.1.0 \ --so-crypto 18 --so-tls 23 --so-x509 9 Signed-off-by: Minos Galanakis --- CMakeLists.txt | 8 ++++---- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/build_info.h | 8 ++++---- library/Makefile | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 42e4ccb34d..a19b6f723b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -37,10 +37,10 @@ cmake_policy(SET CMP0011 NEW) # is deprecated and will be removed in future versions. cmake_policy(SET CMP0012 NEW) -set(MBEDTLS_VERSION 4.0.0) -set(MBEDTLS_CRYPTO_SOVERSION 17) -set(MBEDTLS_X509_SOVERSION 8) -set(MBEDTLS_TLS_SOVERSION 22) +set(MBEDTLS_VERSION 4.1.0) +set(MBEDTLS_CRYPTO_SOVERSION 18) +set(MBEDTLS_X509_SOVERSION 9) +set(MBEDTLS_TLS_SOVERSION 23) if(TEST_CPP) project("Mbed TLS" diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 4eda5ba2aa..b28b82b851 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -10,7 +10,7 @@ */ /** - * @mainpage Mbed TLS v4.0.0 API Documentation + * @mainpage Mbed TLS v4.1.0 API Documentation * * This documentation describes the application programming interface (API) * of Mbed TLS. diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 80e459cc72..c6a5e4f4fd 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -1,4 +1,4 @@ -PROJECT_NAME = "Mbed TLS v4.0.0" +PROJECT_NAME = "Mbed TLS v4.1.0" OUTPUT_DIRECTORY = ../apidoc/ FULL_PATH_NAMES = NO OPTIMIZE_OUTPUT_FOR_C = YES diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 7b7ff49f5a..e077bbce40 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -27,7 +27,7 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 4 -#define MBEDTLS_VERSION_MINOR 0 +#define MBEDTLS_VERSION_MINOR 1 #define MBEDTLS_VERSION_PATCH 0 /** @@ -35,9 +35,9 @@ * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x04000000 -#define MBEDTLS_VERSION_STRING "4.0.0" -#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 4.0.0" +#define MBEDTLS_VERSION_NUMBER 0x04010000 +#define MBEDTLS_VERSION_STRING "4.1.0" +#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 4.1.0" #if defined(MBEDTLS_CONFIG_FILES_READ) #error "Something went wrong: MBEDTLS_CONFIG_FILES_READ defined before reading the config files!" diff --git a/library/Makefile b/library/Makefile index ad2854ad3a..cb6a99cc6c 100644 --- a/library/Makefile +++ b/library/Makefile @@ -72,9 +72,9 @@ LOCAL_CFLAGS += -fPIC -fpic endif endif -SOEXT_TLS?=so.21 -SOEXT_X509?=so.8 -SOEXT_CRYPTO?=so.16 +SOEXT_TLS?=so.23 +SOEXT_X509?=so.9 +SOEXT_CRYPTO?=so.18 ARFLAGS = $(AR_DASH)src ifdef APPLE_BUILD diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 3c818583fd..5ffdfe71f9 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compile time library version -check_compiletime_version:"4.0.0" +check_compiletime_version:"4.1.0" Check runtime library version -check_runtime_version:"4.0.0" +check_runtime_version:"4.1.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From 641fa2695cab74d25b8d9315daacd6839d393ed1 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 26 Mar 2026 22:23:55 +0000 Subject: [PATCH 1519/1548] Assemble ChangeLog ./framework/scripts/assemble_changelog.py Signed-off-by: Minos Galanakis --- ChangeLog | 77 +++++++++++++++++++ ChangeLog.d/alert-getter.txt | 6 -- ...nfig_checks_generator-fix-windows-path.txt | 3 - ...xt_load_and_session_load_documentation.txt | 8 -- .../dtls-client-hello-defragmentation.txt | 5 -- ChangeLog.d/fix-null-pointer-dereference.txt | 5 -- ChangeLog.d/gnuinstalldirs_include.txt | 3 - ChangeLog.d/iar-6.5fs.txt | 3 - ChangeLog.d/inet_pton.txt | 5 -- ChangeLog.d/issue10349.txt | 8 -- ChangeLog.d/sig_algs_check.txt | 5 -- ChangeLog.d/timing.txt | 13 ---- ChangeLog.d/tls12-2nd-client-hello.txt | 9 --- ChangeLog.d/unistd.txt | 3 - ChangeLog.d/verify-result-default-value.txt | 5 -- 15 files changed, 77 insertions(+), 81 deletions(-) delete mode 100644 ChangeLog.d/alert-getter.txt delete mode 100644 ChangeLog.d/config_checks_generator-fix-windows-path.txt delete mode 100644 ChangeLog.d/context_load_and_session_load_documentation.txt delete mode 100644 ChangeLog.d/dtls-client-hello-defragmentation.txt delete mode 100644 ChangeLog.d/fix-null-pointer-dereference.txt delete mode 100644 ChangeLog.d/gnuinstalldirs_include.txt delete mode 100644 ChangeLog.d/iar-6.5fs.txt delete mode 100644 ChangeLog.d/inet_pton.txt delete mode 100644 ChangeLog.d/issue10349.txt delete mode 100644 ChangeLog.d/sig_algs_check.txt delete mode 100644 ChangeLog.d/timing.txt delete mode 100644 ChangeLog.d/tls12-2nd-client-hello.txt delete mode 100644 ChangeLog.d/unistd.txt delete mode 100644 ChangeLog.d/verify-result-default-value.txt diff --git a/ChangeLog b/ChangeLog index 4dc0941fee..12191e1116 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,82 @@ Mbed TLS ChangeLog (Sorted per branch, date) += Mbed TLS 4.1.0 branch released 2026-03-31 + +API changes + * MBEDTLS_TIMING_C now requires MBEDTLS_HAVE_TIME to be enabled in the + TF-PSA-Crypto configuration, unless MBEDTLS_TIMING_ALT is enabled. + As a benefit, platforms where the default implementation is not + supported now only need to implement MBEDTLS_PLATFORM_MS_TIME_ALT. + * When MBEDTLS_TIMING_ALT is enabled, the function + mbedtls_timing_get_timer() now returns unsigned long long instead + of unsigned long. + +Features + * Add the function mbedtls_ssl_get_fatal_alert(), which returns the type of + the last received fatal alert. This allows callers to retrieve more + detailed information when mbedtls_ssl_handshake(), + mbedtls_ssl_handshake_step(), or mbedtls_ssl_read() returns the generic + MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE error code. + * Function mbedtls_ssl_get_supported_group_list() is added to return the list + of supported groups IDs (curves and finite fields). + * MBEDTLS_SSL_IANA_TLS_GROUPS_INFO is added to allow defining the list of + mbedtls_ssl_iana_tls_group_info_t items which represent known TLS groups + with corresponding informations. + If MBEDTLS_DEBUG_C is also enabled then mbedtls_ssl_iana_tls_group_info is + also available as implementation of such list. + +Security + * The documentation of mbedtls_ssl_session_save(), + mbedtls_ssl_session_load(), mbedtls_ssl_context_save(), and + mbedtls_ssl_context_load() has been updated to clarify the responsibility + of the application to preserve the confidentiality and integrity of + serialized data, mitigating the risk of misuse of these APIs. + Credit to Haruto Kimura (Stella) and Eva Crystal (0xiviel) for + highlighting risks associated with tampered serialized data. + * Fix a NULL pointer dereference in mbedtls_x509_string_to_names() when + mbedtls_calloc() fails to allocate memory. This was caused by failing to + check whether mbedtls_calloc() returned NULL. Found and reported by + Haruto Kimura (Stella). + * Fix a limited buffer underflow in x509_inet_pton_ipv6(). In rare cases + (e.g. on platforms with memory protection when the overread crosses page + boundary) this could lead to DoS. Found and reported by Haruto Kimura + (Stella). CVE-2026-25833 + * Fix a bug in the TLS 1.2 client's signature algorithm check, which caused + the client to accept server key exchange messages signed with a signature + algorithm explicitly disallowed by the client. Found and reported by + EFR-GmbH and M. Heuft of Security-Research-Consulting GmbH. CVE-2026-25834 + * Fixed an issue in TLS 1.3 server handling of the second ClientHello, after + sending a HelloRetryRequest message. A man-in-the-middle attacker could + force a TLS 1.3 session resumption using a ticket to fall back to an + unintended TLS 1.2 session resumption with an all-zero master secret. + This could result in client authentication being bypassed and allow client + impersonation. + Found and reported by Jaehun Lee, Pohang University of Science and + Technology (POSTECH). + +Bugfix + * CMake now installs headers to `CMAKE_INSTALL_INCLUDEDIR` instead of the + hard-coded `include` directory. + * Fix CMake failure on Windows because of a native directory separator. + Fixes #10502. + * mbedtls_timing_get_delay() now correctly treats a timer as expired + after more than 2^32 ms (about 49 days) on platforms where long is + a 32-bit type. Fixes #10613. + * Support re-assembly of fragmented DTLS 1.2 ClientHello in Mbed TLS server. + * Support re-assembly of fragmented TLS 1.2 ClientHello in Mbed TLS server + even if TLS 1.3 support is disabled. This removes the main limitation on + support for re-assembly of fragmented handshake messages in TLS 1.2. + +Changes + * Add casts to some Enums to remove compiler errors thrown by IAR 6.5. + Removes Warning "mixed ENUM with other type". + * Tweak the detection of Unix-like platforms, which makes more system + interfaces (timing, threading) available on Haiku, QNX and Midipix. + * Harden mbedtls_ssl_get_verify_result() against misuse. + If the handshake has not yet been attempted, return -1u to indicate + that the result is not available. Previously the result of verification + was zero-initialized so the function would return 0 (indicating success). + = Mbed TLS 4.0.0 branch released 2025-10-15 API changes diff --git a/ChangeLog.d/alert-getter.txt b/ChangeLog.d/alert-getter.txt deleted file mode 100644 index da90cf31d7..0000000000 --- a/ChangeLog.d/alert-getter.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * Add the function mbedtls_ssl_get_fatal_alert(), which returns the type of - the last received fatal alert. This allows callers to retrieve more - detailed information when mbedtls_ssl_handshake(), - mbedtls_ssl_handshake_step(), or mbedtls_ssl_read() returns the generic - MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE error code. diff --git a/ChangeLog.d/config_checks_generator-fix-windows-path.txt b/ChangeLog.d/config_checks_generator-fix-windows-path.txt deleted file mode 100644 index e5726cf77b..0000000000 --- a/ChangeLog.d/config_checks_generator-fix-windows-path.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix CMake failure on Windows because of a native directory separator. - Fixes #10502. diff --git a/ChangeLog.d/context_load_and_session_load_documentation.txt b/ChangeLog.d/context_load_and_session_load_documentation.txt deleted file mode 100644 index dbbbda1fea..0000000000 --- a/ChangeLog.d/context_load_and_session_load_documentation.txt +++ /dev/null @@ -1,8 +0,0 @@ -Security - * The documentation of mbedtls_ssl_session_save(), - mbedtls_ssl_session_load(), mbedtls_ssl_context_save(), and - mbedtls_ssl_context_load() has been updated to clarify the responsibility - of the application to preserve the confidentiality and integrity of - serialized data, mitigating the risk of misuse of these APIs. - Credit to Haruto Kimura (Stella) and Eva Crystal (0xiviel) for - highlighting risks associated with tampered serialized data. diff --git a/ChangeLog.d/dtls-client-hello-defragmentation.txt b/ChangeLog.d/dtls-client-hello-defragmentation.txt deleted file mode 100644 index f5ff0b754c..0000000000 --- a/ChangeLog.d/dtls-client-hello-defragmentation.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Support re-assembly of fragmented DTLS 1.2 ClientHello in Mbed TLS server. - * Support re-assembly of fragmented TLS 1.2 ClientHello in Mbed TLS server - even if TLS 1.3 support is disabled. This removes the main limitation on - support for re-assembly of fragmented handshake messages in TLS 1.2. diff --git a/ChangeLog.d/fix-null-pointer-dereference.txt b/ChangeLog.d/fix-null-pointer-dereference.txt deleted file mode 100644 index 1dd7d61905..0000000000 --- a/ChangeLog.d/fix-null-pointer-dereference.txt +++ /dev/null @@ -1,5 +0,0 @@ -Security - * Fix a NULL pointer dereference in mbedtls_x509_string_to_names() when - mbedtls_calloc() fails to allocate memory. This was caused by failing to - check whether mbedtls_calloc() returned NULL. Found and reported by - Haruto Kimura (Stella). diff --git a/ChangeLog.d/gnuinstalldirs_include.txt b/ChangeLog.d/gnuinstalldirs_include.txt deleted file mode 100644 index 7e0782d1e1..0000000000 --- a/ChangeLog.d/gnuinstalldirs_include.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * CMake now installs headers to `CMAKE_INSTALL_INCLUDEDIR` instead of the - hard-coded `include` directory. diff --git a/ChangeLog.d/iar-6.5fs.txt b/ChangeLog.d/iar-6.5fs.txt deleted file mode 100644 index 63e903b9c3..0000000000 --- a/ChangeLog.d/iar-6.5fs.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Add casts to some Enums to remove compiler errors thrown by IAR 6.5. - Removes Warning "mixed ENUM with other type". diff --git a/ChangeLog.d/inet_pton.txt b/ChangeLog.d/inet_pton.txt deleted file mode 100644 index 73b9aa6b19..0000000000 --- a/ChangeLog.d/inet_pton.txt +++ /dev/null @@ -1,5 +0,0 @@ -Security - * Fix a limited buffer underflow in x509_inet_pton_ipv6(). In rare cases - (e.g. on platforms with memory protection when the overread crosses page - boundary) this could lead to DoS. Found and reported by Haruto Kimura - (Stella). CVE-2026-25833 diff --git a/ChangeLog.d/issue10349.txt b/ChangeLog.d/issue10349.txt deleted file mode 100644 index ab47659ed8..0000000000 --- a/ChangeLog.d/issue10349.txt +++ /dev/null @@ -1,8 +0,0 @@ -Features - * Function mbedtls_ssl_get_supported_group_list() is added to return the list - of supported groups IDs (curves and finite fields). - * MBEDTLS_SSL_IANA_TLS_GROUPS_INFO is added to allow defining the list of - mbedtls_ssl_iana_tls_group_info_t items which represent known TLS groups - with corresponding informations. - If MBEDTLS_DEBUG_C is also enabled then mbedtls_ssl_iana_tls_group_info is - also available as implementation of such list. diff --git a/ChangeLog.d/sig_algs_check.txt b/ChangeLog.d/sig_algs_check.txt deleted file mode 100644 index b0aed6dfd3..0000000000 --- a/ChangeLog.d/sig_algs_check.txt +++ /dev/null @@ -1,5 +0,0 @@ -Security - * Fix a bug in the TLS 1.2 client's signature algorithm check, which caused - the client to accept server key exchange messages signed with a signature - algorithm explicitly disallowed by the client. Found and reported by - EFR-GmbH and M. Heuft of Security-Research-Consulting GmbH. CVE-2026-25834 diff --git a/ChangeLog.d/timing.txt b/ChangeLog.d/timing.txt deleted file mode 100644 index b3943cdcf2..0000000000 --- a/ChangeLog.d/timing.txt +++ /dev/null @@ -1,13 +0,0 @@ -API changes - * MBEDTLS_TIMING_C now requires MBEDTLS_HAVE_TIME to be enabled in the - TF-PSA-Crypto configuration, unless MBEDTLS_TIMING_ALT is enabled. - As a benefit, platforms where the default implementation is not - supported now only need to implement MBEDTLS_PLATFORM_MS_TIME_ALT. - * When MBEDTLS_TIMING_ALT is enabled, the function - mbedtls_timing_get_timer() now returns unsigned long long instead - of unsigned long. - -Bugfix - * mbedtls_timing_get_delay() now correctly treats a timer as expired - after more than 2^32 ms (about 49 days) on platforms where long is - a 32-bit type. Fixes #10613. diff --git a/ChangeLog.d/tls12-2nd-client-hello.txt b/ChangeLog.d/tls12-2nd-client-hello.txt deleted file mode 100644 index 7513e0b945..0000000000 --- a/ChangeLog.d/tls12-2nd-client-hello.txt +++ /dev/null @@ -1,9 +0,0 @@ -Security - * Fixed an issue in TLS 1.3 server handling of the second ClientHello, after - sending a HelloRetryRequest message. A man-in-the-middle attacker could - force a TLS 1.3 session resumption using a ticket to fall back to an - unintended TLS 1.2 session resumption with an all-zero master secret. - This could result in client authentication being bypassed and allow client - impersonation. - Found and reported by Jaehun Lee, Pohang University of Science and - Technology (POSTECH). diff --git a/ChangeLog.d/unistd.txt b/ChangeLog.d/unistd.txt deleted file mode 100644 index d2e4d4301a..0000000000 --- a/ChangeLog.d/unistd.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Tweak the detection of Unix-like platforms, which makes more system - interfaces (timing, threading) available on Haiku, QNX and Midipix. diff --git a/ChangeLog.d/verify-result-default-value.txt b/ChangeLog.d/verify-result-default-value.txt deleted file mode 100644 index 2cf3f0c21b..0000000000 --- a/ChangeLog.d/verify-result-default-value.txt +++ /dev/null @@ -1,5 +0,0 @@ -Changes - * Harden mbedtls_ssl_get_verify_result() against misuse. - If the handshake has not yet been attempted, return -1u to indicate - that the result is not available. Previously the result of verification - was zero-initialized so the function would return 0 (indicating success). From 0fe989b6b514192783c469039edd325fd0989806 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 18 Mar 2026 16:37:06 +0000 Subject: [PATCH 1520/1548] Update BRANCHES.md Signed-off-by: Minos Galanakis --- BRANCHES.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/BRANCHES.md b/BRANCHES.md index c781704977..8abb39cefb 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -11,6 +11,7 @@ At any point in time, we have a number of maintained branches, currently consist - One or more long-time support (LTS) branches: these only get bug fixes and security fixes. Currently, the supported LTS branches are: - [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6). +- [`mbedtls-4.1`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-4.1). We retain a number of historical branches, whose names are prefixed by `archive/`, such as [`archive/mbedtls-2.7`](https://github.com/Mbed-TLS/mbedtls/tree/archive/mbedtls-2.7). @@ -22,11 +23,11 @@ the API of 4.(x+1) is backward compatible with 4.x). We only break API compatibility on major version changes (e.g. from 3.x to 4.0). We also maintain ABI compatibility within LTS branches; see the next section for details. -We will make regular LTS releases on an 18-month cycle, each of which will have -a 3 year support lifetime. On this basis, 3.6 LTS (released March 2024) will be -supported until March 2027. The next LTS release will be a 4.x release. Due to -the size and scope of the 4.0 release, the release date of the first 4.x LTS is -yet to be determined. +We plan to make regular LTS releases on an 18-month cycle, each with a support +lifetime of three years.On this basis, Mbed TLS 3.6 LTS (released in March 2024) +will be supported until March 2027. Due to the size and scope of the 4.0 release, +the first 4.x LTS, version 4.1, was released two years after 3.6, in March 2026, +and will be supported until March 2029. ## Backwards Compatibility for application code @@ -87,6 +88,9 @@ The following branches are currently maintained: - [`development`](https://github.com/Mbed-TLS/mbedtls/) - [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6) maintained until March 2027, see - . + . +- [`mbedtls-4.1`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-4.1) + maintained until March 2029, see + . Users are urged to always use the latest version of a maintained branch. From 0cfd96499d5110b2bb832702c15ac88627079752 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 31 Mar 2026 15:36:07 +0100 Subject: [PATCH 1521/1548] Updated tf-psa-crypto submodule Signed-off-by: Minos Galanakis --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 29160dd877..426f86031a 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 29160dd877d29658279fd683b2ae57b320ddcf09 +Subproject commit 426f86031a37bf317fbf0fee9251eb6e612ae58e From be18f3f4a53b87f8d981d020d835f691943dc9c7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Nov 2025 15:46:58 +0100 Subject: [PATCH 1522/1548] Add a section about compiler-introduced timing side channels Signed-off-by: Gilles Peskine --- SECURITY.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index e36162abd7..6f545f8fcf 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -107,6 +107,12 @@ model, they need to be mitigated by physical countermeasures. ### Caveats +#### Compiler-induced side channels + +Mbed TLS is mostly written in C. We use standard C except with known compilers, so we do not expect compilers to introduce direct vulnerabilities. However, compilers can introduce [timing side channels](#timing-attacks) in code that was intended to be constant-time. Mbed TLS includes countermeasures to try to prevent this. But given the diversity of compilers, compiler options and target platforms, this prevention may not be complete. + +We recommend compiling Mbed TLS with commonly used levels of optimizations, such as `-O2` or `-Os`. Higher levels of optimization such as `-O3` or `-Oz` are likely to be safe but are less scrutinized. We do not recommend using less vetted optimization options unless your system is physically isolated. + #### Out-of-scope countermeasures Mbed TLS has evolved organically and a well defined threat model hasn't always From 54ebb9b42db9f6e0193f2d755c04b41d21eeec8a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Nov 2025 15:49:02 +0100 Subject: [PATCH 1523/1548] Mention the new advice about compiler options in the changelog Signed-off-by: Gilles Peskine --- ChangeLog.d/security-advice.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/security-advice.txt diff --git a/ChangeLog.d/security-advice.txt b/ChangeLog.d/security-advice.txt new file mode 100644 index 0000000000..1f7677a882 --- /dev/null +++ b/ChangeLog.d/security-advice.txt @@ -0,0 +1,2 @@ +Security + * Added advice about compiler options in SECURITY.md. From d1f0ce8493050f983a6238b120c29a35e2243015 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Feb 2026 11:44:02 +0100 Subject: [PATCH 1524/1548] Be more specific about what compiler options we consider legitimate Signed-off-by: Gilles Peskine --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 6f545f8fcf..b485d0112e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -111,7 +111,7 @@ model, they need to be mitigated by physical countermeasures. Mbed TLS is mostly written in C. We use standard C except with known compilers, so we do not expect compilers to introduce direct vulnerabilities. However, compilers can introduce [timing side channels](#timing-attacks) in code that was intended to be constant-time. Mbed TLS includes countermeasures to try to prevent this. But given the diversity of compilers, compiler options and target platforms, this prevention may not be complete. -We recommend compiling Mbed TLS with commonly used levels of optimizations, such as `-O2` or `-Os`. Higher levels of optimization such as `-O3` or `-Oz` are likely to be safe but are less scrutinized. We do not recommend using less vetted optimization options unless your system is physically isolated. +We recommend compiling Mbed TLS with commonly used levels of optimizations, such as `-O2` or `-Os`. We will generally treat exploitable timing side channels as a vulnerability if they appear with a common compiler at a common level of optimization. Higher levels of optimization such as `-O3` or `-Oz` are still likely to be safe but are less scrutinized. We do not recommend using individual options that might introduce data-dependent timing, and we will not try to work around such optimizations if they are not part of a commonly used level. #### Out-of-scope countermeasures From 619f1acd75e3daa652659a0d0b6046b54be2855e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 5 Apr 2026 20:41:34 +0200 Subject: [PATCH 1525/1548] Update framework with UNCOVERED_TESTS in outcome analysis Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index dff9da0443..80a0ea93f0 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit dff9da04438d712f7647fd995bc90fadd0c0e2ce +Subproject commit 80a0ea93f0215bcd9030734904b4b54fb8306f07 From 68d6b072877fb99aab7c5373289912e68ef6bd46 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 5 Apr 2026 20:41:58 +0200 Subject: [PATCH 1526/1548] Rename IGNORED_TESTS to UNCOVERED_TESTS Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index b6f18c5b88..7ca1f760cb 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -33,7 +33,7 @@ def _has_word_re(words: typing.Iterable[str], r'.*\b(?:' + r'|'.join(words) + r')\b.*', re.DOTALL) - IGNORED_TESTS = { + UNCOVERED_TESTS = { 'ssl-opt': [ # We don't run ssl-opt.sh with Valgrind on the CI because # it's extremely slow. We don't intend to change this. From bb5cfbbdec43242901fe8a9d74291ed3300a622c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 5 Apr 2026 20:43:52 +0200 Subject: [PATCH 1527/1548] Move _has_word_re to the framework Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 7ca1f760cb..5a9b343034 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -16,23 +16,6 @@ class CoverageTask(outcome_analysis.CoverageTask): """Justify test cases that are never executed.""" - @staticmethod - def _has_word_re(words: typing.Iterable[str], - exclude: typing.Optional[str] = None) -> typing.Pattern: - """Construct a regex that matches if any of the words appears. - - The occurrence must start and end at a word boundary. - - If exclude is specified, strings containing a match for that - regular expression will not match the returned pattern. - """ - exclude_clause = r'' - if exclude: - exclude_clause = r'(?!.*' + exclude + ')' - return re.compile(exclude_clause + - r'.*\b(?:' + r'|'.join(words) + r')\b.*', - re.DOTALL) - UNCOVERED_TESTS = { 'ssl-opt': [ # We don't run ssl-opt.sh with Valgrind on the CI because From 1978e1bd6b2181021a839c42ab7e4b0157faffdb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 6 Apr 2026 21:51:25 +0200 Subject: [PATCH 1528/1548] Ignore test cases that TF-PSA-Crypto tells us to ignore If the `tf-psa-crypto` submodule has `tests/scripts/analyze_outcomes.py`, require it to define a global variable `INTERNAL_TEST_CASES`. Those test cases will be ignored in Mbed TLS's coverage analysis. Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 50 +++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 5a9b343034..1e5ab43634 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -6,11 +6,28 @@ less likely to be useful. """ +import importlib +import importlib.machinery +import importlib.util +import os import re import typing import scripts_path # pylint: disable=unused-import from mbedtls_framework import outcome_analysis +from mbedtls_framework import typing_util + + +class CryptoAnalyzeOutcomesType(typing_util.Protocol): + """Our expectations on tf-psa-crypto/tests/scripts/analyze_outcomes.py. + + See CoverageTask_load_crypto_module(). + """ + #pylint: disable=too-few-public-methods + + # Test cases that are about internal aspects of TF-PSA-Crypto, + # which Mbed TLS is therefore not required to cover. + INTERNAL_TEST_CASES: outcome_analysis.TestCaseSetDescription class CoverageTask(outcome_analysis.CoverageTask): @@ -210,6 +227,39 @@ class CoverageTask(outcome_analysis.CoverageTask): ], } + def _load_crypto_module(self) -> None: + """Try to load the tf-psa-crypto submodule's outcome analysis Python module.""" + if self.crypto_module is not None: + return + crypto_script_path = 'tf-psa-crypto/tests/scripts/analyze_outcomes.py' + if not os.path.exists(crypto_script_path): + # During a transition period, while the crypto script is not + # yet present in all branches we care about, allow it not to + # exist. + return + crypto_spec = importlib.util.spec_from_file_location( + 'tf_psa_crypto.analyze_outcomes', + crypto_script_path) + # Assertions to help mypy. + assert crypto_spec is not None + assert crypto_spec.loader is not None + self.crypto_module: typing.Optional[CryptoAnalyzeOutcomesType] = \ + importlib.util.module_from_spec(crypto_spec) + crypto_spec.loader.exec_module(self.crypto_module) + + def _load_crypto_instructions(self) -> None: + """Try to load instructions from the tf-psa-crypto submodule's outcome analysis.""" + self._load_crypto_module() + if self.crypto_module is not None: + crypto_internal_test_cases = self.crypto_module.INTERNAL_TEST_CASES + self.ignored_tests.extend(crypto_internal_test_cases) + + def __init__(self, options) -> None: + super().__init__(options) + self.crypto_module = None # declared with a type in _load_crypto_module above + self._load_crypto_instructions() + + # List of tasks with a function that can handle this task and additional arguments if required KNOWN_TASKS: typing.Dict[str, typing.Type[outcome_analysis.Task]] = { 'analyze_coverage': CoverageTask, From 667a3f6442d55231b64106d5974fbd537ed94849 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 7 Apr 2026 11:47:24 +0200 Subject: [PATCH 1529/1548] Move test currently covered by crypto from uncovered list to ignored list If we can't read `INTERNAL_TEST_CASES` from `tf-psa-crypto/tests/scripts/analyze_outcomes.py` because the script doesn't exist, hard-code the legacy value of that information. Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 1e5ab43634..48f00f03c4 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -71,12 +71,6 @@ class CoverageTask(outcome_analysis.CoverageTask): # https://github.com/Mbed-TLS/mbedtls/issues/9586 'Config: !MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED', ], - 'test_suite_config.crypto_combinations': [ - # New thing in crypto. Not intended to be tested separately - # in mbedtls. - # https://github.com/Mbed-TLS/mbedtls/issues/10300 - 'Config: entropy: NV seed only', - ], 'test_suite_config.psa_boolean': [ # We don't test with HMAC disabled. # https://github.com/Mbed-TLS/mbedtls/issues/9591 @@ -252,7 +246,17 @@ def _load_crypto_instructions(self) -> None: self._load_crypto_module() if self.crypto_module is not None: crypto_internal_test_cases = self.crypto_module.INTERNAL_TEST_CASES - self.ignored_tests.extend(crypto_internal_test_cases) + else: + # Legacy set of tests covered by TF-PSA-Crypto only, + # from before Mbed TLS's outcome analysis read that information + # from TF-PSA-Crypto. This branch can be removed once + # the presence of the crypto module becomes mandatory. + crypto_internal_test_cases = { + 'test_suite_config.crypto_combinations': [ + 'Config: entropy: NV seed only', + ], + } + self.ignored_tests.extend(crypto_internal_test_cases) def __init__(self, options) -> None: super().__init__(options) From 16a90a556e7ee045cc2633545de799ebb729e795 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 8 Apr 2026 15:31:52 +0200 Subject: [PATCH 1530/1548] Add copyright line Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 48f00f03c4..226ca54c14 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -6,6 +6,9 @@ less likely to be useful. """ +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + import importlib import importlib.machinery import importlib.util From d25f03919a3de57dc7e3492804ad25dcbf597eb2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 8 Apr 2026 15:47:49 +0200 Subject: [PATCH 1531/1548] INTERNAL_TEST_CASES moved to a separate data-only module This way, when Mbed TLS's `analyze_outcomes.py` loads the python module from TF-PSA-Crypto (because it needs to know the value of `INTERNAL_TEST_CASES`), there's no risk that the subproject and the superproject will have different requirements on auxiliary modules such as `mbedtls_framework.outcome_analysis`. Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 226ca54c14..7ce88f9921 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -22,7 +22,7 @@ class CryptoAnalyzeOutcomesType(typing_util.Protocol): - """Our expectations on tf-psa-crypto/tests/scripts/analyze_outcomes.py. + """Our expectations on tf-psa-crypto/tests/scripts/tf_psa_crypto_test_case_info.py. See CoverageTask_load_crypto_module(). """ @@ -225,17 +225,19 @@ class CoverageTask(outcome_analysis.CoverageTask): } def _load_crypto_module(self) -> None: - """Try to load the tf-psa-crypto submodule's outcome analysis Python module.""" + """Try to load the information about test cases from the tf-psa-crypto submodule..""" + # All this complexity is because we don't want to add the directory + # to the import path. if self.crypto_module is not None: return - crypto_script_path = 'tf-psa-crypto/tests/scripts/analyze_outcomes.py' + crypto_script_path = 'tf-psa-crypto/tests/scripts/tf_psa_crypto_test_case_info.py' if not os.path.exists(crypto_script_path): # During a transition period, while the crypto script is not # yet present in all branches we care about, allow it not to # exist. return crypto_spec = importlib.util.spec_from_file_location( - 'tf_psa_crypto.analyze_outcomes', + 'tf_psa_crypto_test_case_info', crypto_script_path) # Assertions to help mypy. assert crypto_spec is not None From 806e1d365b254c12ed88af6ec94f71c932aaeedb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 8 Apr 2026 17:22:10 +0200 Subject: [PATCH 1532/1548] Documentation improvements Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 7ce88f9921..1a73a2a619 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -24,7 +24,7 @@ class CryptoAnalyzeOutcomesType(typing_util.Protocol): """Our expectations on tf-psa-crypto/tests/scripts/tf_psa_crypto_test_case_info.py. - See CoverageTask_load_crypto_module(). + See CoverageTask._load_crypto_module(). """ #pylint: disable=too-few-public-methods @@ -239,7 +239,7 @@ def _load_crypto_module(self) -> None: crypto_spec = importlib.util.spec_from_file_location( 'tf_psa_crypto_test_case_info', crypto_script_path) - # Assertions to help mypy. + # Assertions and type annotation to help mypy. assert crypto_spec is not None assert crypto_spec.loader is not None self.crypto_module: typing.Optional[CryptoAnalyzeOutcomesType] = \ From 9248af96b1cfddc4901dd6e5be8e3034d0bab96c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 31 Mar 2026 15:01:08 +0200 Subject: [PATCH 1533/1548] Create a directory for maintainer-only Python scripts This directory is currently excluded from `check-python-files.sh`, because we run it on the CI in an old Python version that doesn't support some of our new maintainer scripts. There are no such scripts in mbedtls for now (only in TF-PSA-Crypto), but be ready if we want to add some. Signed-off-by: Gilles Peskine --- scripts/maintainer/maintainer_scripts_path.py | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 scripts/maintainer/maintainer_scripts_path.py diff --git a/scripts/maintainer/maintainer_scripts_path.py b/scripts/maintainer/maintainer_scripts_path.py new file mode 100644 index 0000000000..0ea13110cc --- /dev/null +++ b/scripts/maintainer/maintainer_scripts_path.py @@ -0,0 +1,20 @@ +"""Add our Python library directories for maintainer scripts to the module search path. + +Usage: + + import maintainer_scripts_path # pylint: disable=unused-import +""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# + +import os +import sys + +sys.path.append(os.path.join(os.path.dirname(__file__), + os.path.pardir, os.path.pardir, + 'framework', 'scripts')) +sys.path.append(os.path.join(os.path.dirname(__file__), + os.path.pardir, os.path.pardir, + 'framework', 'util')) From cc134b0b94836a6044c76c2d7d362848811d0855 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Apr 2026 14:49:14 +0200 Subject: [PATCH 1534/1548] Update crypto submodule with analyze_outcomes.py Update framework to match. Signed-off-by: Gilles Peskine --- framework | 2 +- tf-psa-crypto | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/framework b/framework index 80a0ea93f0..c6610dde67 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 80a0ea93f0215bcd9030734904b4b54fb8306f07 +Subproject commit c6610dde67ffd2a3a81cc204a73572b9c31a5775 diff --git a/tf-psa-crypto b/tf-psa-crypto index 426f86031a..8c29e401e9 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 426f86031a37bf317fbf0fee9251eb6e612ae58e +Subproject commit 8c29e401e9c1a3180a1eca6aed13958453276550 From 6b31bc6885142bfd6e51c955c53163d1856ef260 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 13 Apr 2026 14:57:07 +0200 Subject: [PATCH 1535/1548] Unify TF-PSA-Crypto and mbedtls templates Following the team discussion, don't suggest "prerequisite" or "consuming" in the template. Suggest linking all the pull requests in a group everywhere. Signed-off-by: Gilles Peskine --- .github/pull_request_template.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 273ccd8745..2259b1d1eb 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -9,15 +9,14 @@ Please write a few sentences describing the overall goals of the pull request's Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line. If the provided content is part of the present PR remove the # symbol. -- [ ] **changelog** provided | not required because: -- [ ] **development PR** provided # | not required because: -- [ ] **prerequisite TF-PSA-Crypto PR** provided Mbed-TLS/TF-PSA-Crypto# | not required because: -- [ ] **prerequisite framework PR** provided Mbed-TLS/mbedtls-framework# | not required -- [ ] **backport 4.1 PR** provided # | not required because: -- [ ] **prerequisite backport 1.1 PR** provided Mbed-TLS/TF-PSA-Crypto# | not required because: -- [ ] **backport 3.6 PR** provided # | not required because: -- **tests** provided | not required because: - +- [ ] **changelog** provided | not required because: +- [ ] **framework PR** provided Mbed-TLS/mbedtls-framework# | not required +- [ ] **TF-PSA-Crypto development PR** provided Mbed-TLS/TF-PSA-Crypto# | not required because: +- [ ] **TF-PSA-Crypto 1.1 PR** provided Mbed-TLS/TF-PSA-Crypto# | not required because: +- [ ] **mbedtls development PR** provided # | not required because: +- [ ] **mbedtls 4.1 PR** provided # | not required because: +- [ ] **mbedtls 3.6 PR** provided # | not required because: +- **tests** provided | not required because: ## Notes for the submitter From 5b3df6fbc49ff87668338cfadb2f15e005705d9f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 17 Apr 2026 14:59:18 +0200 Subject: [PATCH 1536/1548] Remove component_test_psa_crypto_config_(accel|reference)_* components Remove component_test_psa_crypto_config_(accel|reference)_* components and associated utility functions. Signed-off-by: Ronald Cron --- .../components-configuration-crypto.sh | 1056 ----------------- 1 file changed, 1056 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 08863b2586..c2ac874e37 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1094,697 +1094,6 @@ component_test_psa_crypto_config_ffdh_2048_only () { tests/ssl-opt.sh -f "ffdh" } -component_test_psa_crypto_config_accel_ecdsa () { - msg "build: accelerated ECDSA" - - # Configure - # --------- - - # Start from default config + TLS 1.3 - helper_libtestdriver1_adjust_config "default" - - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - - # Disable things that depend on it - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - - # Build - # ----- - - # These hashes are needed for some ECDSA signature tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - - # Run the tests - # ------------- - - msg "test: accelerated ECDSA" - $MAKE_COMMAND test -} - -component_test_psa_crypto_config_accel_ecdh () { - msg "build: accelerated ECDH" - - # Configure - # --------- - - # Start from default config (no USE_PSA) - helper_libtestdriver1_adjust_config "default" - - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDH \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - - # Disable things that depend on it - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_psa_key_agreement_ecdh ${BUILTIN_SRC_PATH}/psa_crypto_ecp.o - - # Run the tests - # ------------- - - msg "test: accelerated ECDH" - $MAKE_COMMAND test -} - -component_test_psa_crypto_config_accel_ffdh () { - msg "build: full with accelerated FFDH" - - # Configure - # --------- - - # start with full (USE_PSA and TLS 1.3) - helper_libtestdriver1_adjust_config "full" - - # Algorithms and key types to accelerate - loc_accel_list="ALG_FFDH \ - $(helper_get_psa_key_type_list "DH") \ - $(helper_get_psa_dh_group_list)" - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_psa_ffdh_key_agreement ${BUILTIN_SRC_PATH}/psa_crypto_ffdh.o - - # Run the tests - # ------------- - - msg "test: full with accelerated FFDH" - $MAKE_COMMAND test - - msg "ssl-opt: full with accelerated FFDH alg" - tests/ssl-opt.sh -f "ffdh" -} - -component_test_psa_crypto_config_reference_ffdh () { - msg "build: full with non-accelerated FFDH" - - # Start with full (USE_PSA and TLS 1.3) - helper_libtestdriver1_adjust_config "full" - - $MAKE_COMMAND - - msg "test suites: full with non-accelerated FFDH alg" - $MAKE_COMMAND test - - msg "ssl-opt: full with non-accelerated FFDH alg" - tests/ssl-opt.sh -f "ffdh" -} - -component_test_psa_crypto_config_accel_pake () { - msg "build: full with accelerated PAKE" - - # Configure - # --------- - - helper_libtestdriver1_adjust_config "full" - - loc_accel_list="ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - - # Make built-in fallback not available - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_ecjpake_init ${BUILTIN_SRC_PATH}/ecjpake.o - - # Run the tests - # ------------- - - msg "test: full with accelerated PAKE" - $MAKE_COMMAND test -} - -component_test_psa_crypto_config_accel_ecc_some_key_types () { - msg "build: full with accelerated EC algs and some key types" - - # Configure - # --------- - - # start with config full for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - - # Algorithms and key types to accelerate - # For key types, use an explicitly list to omit GENERATE (and DERIVE) - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - ALG_ECDH \ - ALG_JPAKE \ - KEY_TYPE_ECC_PUBLIC_KEY \ - KEY_TYPE_ECC_KEY_PAIR_BASIC \ - KEY_TYPE_ECC_KEY_PAIR_IMPORT \ - KEY_TYPE_ECC_KEY_PAIR_EXPORT \ - $(helper_get_psa_curve_list)" - - # Disable all curves - those that aren't accelerated should be re-enabled - helper_disable_builtin_curves - - # Restartable feature is not yet supported by PSA. Once it will in - # the future, the following line could be removed (see issues - # 6061, 6332 and following ones) - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE - - # this is not supported by the driver API yet - scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - - # Build - # ----- - - # These hashes are needed for some ECDSA signature tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # ECP should be re-enabled but not the others - not grep mbedtls_psa_key_agreement_ecdh ${BUILTIN_SRC_PATH}/psa_crypto_ecp.o - not grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o - grep mbedtls_ecp ${BUILTIN_SRC_PATH}/ecp.o - - # Run the tests - # ------------- - - msg "test suites: full with accelerated EC algs and some key types" - $MAKE_COMMAND test -} - -# Run tests with only (non-)Weierstrass accelerated -# Common code used in: -# - component_test_psa_crypto_config_accel_ecc_weierstrass_curves -# - component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves -common_test_psa_crypto_config_accel_ecc_some_curves () { - weierstrass=$1 - if [ $weierstrass -eq 1 ]; then - desc="Weierstrass" - else - desc="non-Weierstrass" - fi - - msg "build: crypto_full minus PK with accelerated EC algs and $desc curves" - - # Configure - # --------- - - # Start with config crypto_full and remove PK_C: - # that's what's supported now, see docs/driver-only-builds.md. - helper_libtestdriver1_adjust_config "crypto_full" - scripts/config.py unset MBEDTLS_PK_C - scripts/config.py unset MBEDTLS_PK_PARSE_C - scripts/config.py unset MBEDTLS_PK_WRITE_C - - # Disable all curves - those that aren't accelerated should be re-enabled - helper_disable_builtin_curves - - # Note: Curves are handled in a special way by the libtestdriver machinery, - # so we only want to include them in the accel list when building the main - # libraries, hence the use of a separate variable. - # Note: the following loop is a modified version of - # helper_get_psa_curve_list that only keeps Weierstrass families. - loc_weierstrass_list="" - loc_non_weierstrass_list="" - for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do - case $item in - ECC_BRAINPOOL*|ECC_SECP*) - loc_weierstrass_list="$loc_weierstrass_list $item" - ;; - *) - loc_non_weierstrass_list="$loc_non_weierstrass_list $item" - ;; - esac - done - if [ $weierstrass -eq 1 ]; then - loc_curve_list=$loc_weierstrass_list - else - loc_curve_list=$loc_non_weierstrass_list - fi - - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - ALG_ECDH \ - ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $loc_curve_list" - - # Restartable feature is not yet supported by PSA. Once it will in - # the future, the following line could be removed (see issues - # 6061, 6332 and following ones) - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE - - # this is not supported by the driver API yet - scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - - # Build - # ----- - - # These hashes are needed for some ECDSA signature tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - # For grep to work below we need less inlining in ecp.c - ASAN_CFLAGS="$ASAN_CFLAGS -O0" helper_libtestdriver1_make_main "$loc_accel_list" - - # We expect ECDH to be re-enabled for the missing curves - grep mbedtls_psa_key_agreement_ecdh ${BUILTIN_SRC_PATH}/psa_crypto_ecp.o - # We expect ECP to be re-enabled, however the parts specific to the - # families of curves that are accelerated should be ommited. - # - functions with mxz in the name are specific to Montgomery curves - # - ecp_muladd is specific to Weierstrass curves - ##nm ${BUILTIN_SRC_PATH}/ecp.o | tee ecp.syms - if [ $weierstrass -eq 1 ]; then - not grep mbedtls_ecp_muladd ${BUILTIN_SRC_PATH}/ecp.o - grep mxz ${BUILTIN_SRC_PATH}/ecp.o - else - grep mbedtls_ecp_muladd ${BUILTIN_SRC_PATH}/ecp.o - not grep mxz ${BUILTIN_SRC_PATH}/ecp.o - fi - # We expect ECDSA and ECJPAKE to be re-enabled only when - # Weierstrass curves are not accelerated - if [ $weierstrass -eq 1 ]; then - not grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o - else - grep mbedtls_ecdsa ${BUILTIN_SRC_PATH}/ecdsa.o - grep mbedtls_ecjpake ${BUILTIN_SRC_PATH}/ecjpake.o - fi - - # Run the tests - # ------------- - - msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves" - $MAKE_COMMAND test -} - -component_test_psa_crypto_config_accel_ecc_weierstrass_curves () { - common_test_psa_crypto_config_accel_ecc_some_curves 1 -} - -component_test_psa_crypto_config_accel_ecc_non_weierstrass_curves () { - common_test_psa_crypto_config_accel_ecc_some_curves 0 -} - -# Auxiliary function to build config for all EC based algorithms (EC-JPAKE, -# ECDH, ECDSA) with and without drivers. -# The input parameter is a boolean value which indicates: -# - 0 keep built-in EC algs, -# - 1 exclude built-in EC algs (driver only). -# -# This is used by the two following components to ensure they always use the -# same config, except for the use of driver or built-in EC algorithms: -# - component_test_psa_crypto_config_accel_ecc_ecp_light_only; -# - component_test_psa_crypto_config_reference_ecc_ecp_light_only. -# This supports comparing their test coverage with analyze_outcomes.py. -config_psa_crypto_config_ecp_light_only () { - driver_only="$1" - # start with config full for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - - # Restartable feature is not yet supported by PSA. Once it will in - # the future, the following line could be removed (see issues - # 6061, 6332 and following ones) - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE -} - -# Keep in sync with component_test_psa_crypto_config_reference_ecc_ecp_light_only -component_test_psa_crypto_config_accel_ecc_ecp_light_only () { - msg "build: full with accelerated EC algs" - - # Configure - # --------- - - # Use the same config as reference, only without built-in EC algs - config_psa_crypto_config_ecp_light_only 1 - - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - ALG_ECDH \ - ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - - # Do not disable builtin curves because that support is required for: - # - MBEDTLS_PK_PARSE_EC_EXTENDED - # - MBEDTLS_PK_PARSE_EC_COMPRESSED - - # Build - # ----- - - # These hashes are needed for some ECDSA signature tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure any built-in EC alg was not re-enabled by accident (additive config) - not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_psa_key_agreement_ecdh ${BUILTIN_SRC_PATH}/psa_crypto_ecp.o - not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o - not grep mbedtls_ecp_mul ${BUILTIN_SRC_PATH}/ecp.o - - # Run the tests - # ------------- - - msg "test suites: full with accelerated EC algs" - $MAKE_COMMAND test - - msg "ssl-opt: full with accelerated EC algs" - tests/ssl-opt.sh -} - -# Keep in sync with component_test_psa_crypto_config_accel_ecc_ecp_light_only -component_test_psa_crypto_config_reference_ecc_ecp_light_only () { - msg "build: non-accelerated EC algs" - - config_psa_crypto_config_ecp_light_only 0 - - cmake -D CMAKE_BUILD_TYPE:String=Release . - cmake --build . - - msg "test suites: full with non-accelerated EC algs" - ctest - - msg "ssl-opt: full with non-accelerated EC algs" - tests/ssl-opt.sh -} - -# This helper function is used by: -# - component_test_psa_crypto_config_accel_ecc_no_ecp_at_all() -# - component_test_psa_crypto_config_reference_ecc_no_ecp_at_all() -# to ensure that both tests use the same underlying configuration when testing -# driver's coverage with analyze_outcomes.py. -# -# This functions accepts 1 boolean parameter as follows: -# - 1: building with accelerated EC algorithms (ECDSA, ECDH, ECJPAKE), therefore -# excluding their built-in implementation as well as ECP_C & ECP_LIGHT -# - 0: include built-in implementation of EC algorithms. -# -# PK_C and RSA_C are always disabled to ensure there is no remaining dependency -# on the ECP module. -config_psa_crypto_no_ecp_at_all () { - driver_only="$1" - # start with full config for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - - # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) - scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED - scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED - scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - - # Restartable feature is not yet supported by PSA. Once it will in - # the future, the following line could be removed (see issues - # 6061, 6332 and following ones) - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE -} - -# Build and test a configuration where driver accelerates all EC algs while -# all support and dependencies from ECP and ECP_LIGHT are removed on the library -# side. -# -# Keep in sync with component_test_psa_crypto_config_reference_ecc_no_ecp_at_all() -component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { - msg "build: full + accelerated EC algs - ECP" - - # Configure - # --------- - - # Set common configurations between library's and driver's builds - config_psa_crypto_no_ecp_at_all 1 - # Disable all the builtin curves. All the required algs are accelerated. - helper_disable_builtin_curves - - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - ALG_ECDH \ - ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - - # Build - # ----- - - # Things we wanted supported in libtestdriver1, but not accelerated in the main library: - # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure any built-in EC alg was not re-enabled by accident (additive config) - not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_psa_key_agreement_ecdh ${BUILTIN_SRC_PATH}/psa_crypto_ecp.o - not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o - # Also ensure that ECP module was not re-enabled - not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o - - # Run the tests - # ------------- - - msg "test: full + accelerated EC algs - ECP" - $MAKE_COMMAND test - - msg "ssl-opt: full + accelerated EC algs - ECP" - tests/ssl-opt.sh -} - -# Reference function used for driver's coverage analysis in analyze_outcomes.py -# in conjunction with component_test_psa_crypto_config_accel_ecc_no_ecp_at_all(). -# Keep in sync with its accelerated counterpart. -component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { - msg "build: full + non accelerated EC algs" - - config_psa_crypto_no_ecp_at_all 0 - - cmake -D CMAKE_BUILD_TYPE:String=Release . - cmake --build . - - msg "test: full + non accelerated EC algs" - ctest - - msg "ssl-opt: full + non accelerated EC algs" - tests/ssl-opt.sh -} - -# This is a common configuration helper used directly from: -# - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum -# - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum -# and indirectly from: -# - component_test_psa_crypto_config_accel_ecc_no_bignum -# - accelerate all EC algs, disable RSA and FFDH -# - component_test_psa_crypto_config_reference_ecc_no_bignum -# - this is the reference component of the above -# - it still disables RSA and FFDH, but it uses builtin EC algs -# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum -# - accelerate all EC and FFDH algs, disable only RSA -# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum -# - this is the reference component of the above -# - it still disables RSA, but it uses builtin EC and FFDH algs -# -# This function accepts 2 parameters: -# $1: a boolean value which states if we are testing an accelerated scenario -# or not. -# $2: a string value which states which components are tested. Allowed values -# are "ECC" or "ECC_DH". -config_psa_crypto_config_accel_ecc_ffdh_no_bignum () { - driver_only="$1" - test_target="$2" - # start with full config for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - - # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) - scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED - scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED - scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - - # RSA support is intentionally disabled on this test because RSA_C depends - # on BIGNUM_C. - scripts/config.py unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*" - scripts/config.py unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*" - scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - # Also disable key exchanges that depend on RSA - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - - if [ "$test_target" = "ECC" ]; then - # When testing ECC only, we disable FFDH support, both from builtin and - # PSA sides. - scripts/config.py unset PSA_WANT_ALG_FFDH - scripts/config.py unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" - scripts/config.py unset-all "PSA_WANT_DH_RFC7919_[0-9]*" - fi - - # Restartable feature is not yet supported by PSA. Once it will in - # the future, the following line could be removed (see issues - # 6061, 6332 and following ones) - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE -} - -# Common helper used by: -# - component_test_psa_crypto_config_accel_ecc_no_bignum -# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum -# -# The goal is to build and test accelerating either: -# - ECC only or -# - both ECC and FFDH -# -# It is meant to be used in conjunction with -# common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum() for drivers -# coverage analysis in the "analyze_outcomes.py" script. -common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { - test_target="$1" - - # This is an internal helper to simplify text message handling - if [ "$test_target" = "ECC_DH" ]; then - accel_text="ECC/FFDH" - removed_text="ECP - DH" - else - accel_text="ECC" - removed_text="ECP" - fi - - msg "build: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" - - # Configure - # --------- - - # Set common configurations between library's and driver's builds - config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$test_target" - # Disable all the builtin curves. All the required algs are accelerated. - helper_disable_builtin_curves - - # By default we accelerate all EC keys/algs - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - ALG_ECDH \ - ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC") \ - $(helper_get_psa_curve_list)" - # Optionally we can also add DH to the list of accelerated items - if [ "$test_target" = "ECC_DH" ]; then - loc_accel_list="$loc_accel_list \ - ALG_FFDH \ - $(helper_get_psa_key_type_list "DH") \ - $(helper_get_psa_dh_group_list)" - fi - - # Build - # ----- - - # Things we wanted supported in libtestdriver1, but not accelerated in the main library: - # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure any built-in EC alg was not re-enabled by accident (additive config) - not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o - not grep mbedtls_psa_key_agreement_ecdh ${BUILTIN_SRC_PATH}/psa_crypto_ecp.o - not grep mbedtls_ecjpake_ ${BUILTIN_SRC_PATH}/ecjpake.o - # Also ensure that ECP, RSA or BIGNUM modules were not re-enabled - not grep mbedtls_ecp_ ${BUILTIN_SRC_PATH}/ecp.o - not grep mbedtls_rsa_ ${BUILTIN_SRC_PATH}/rsa.o - not grep mbedtls_mpi_ ${BUILTIN_SRC_PATH}/bignum.o - - # Run the tests - # ------------- - - msg "test suites: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" - - $MAKE_COMMAND test - - msg "ssl-opt: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM" - tests/ssl-opt.sh -} - -# Common helper used by: -# - component_test_psa_crypto_config_reference_ecc_no_bignum -# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum -# -# The goal is to build and test a reference scenario (i.e. with builtin -# components) compared to the ones used in -# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() above. -# -# It is meant to be used in conjunction with -# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() for drivers' -# coverage analysis in "analyze_outcomes.py" script. -common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { - test_target="$1" - - # This is an internal helper to simplify text message handling - if [ "$test_target" = "ECC_DH" ]; then - accel_text="ECC/FFDH" - else - accel_text="ECC" - fi - - msg "build: full + non accelerated $accel_text algs + USE_PSA" - - config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$test_target" - - cmake -D CMAKE_BUILD_TYPE:String=Release . - cmake --build . - - msg "test suites: full + non accelerated EC algs + USE_PSA" - ctest - - msg "ssl-opt: full + non accelerated $accel_text algs + USE_PSA" - tests/ssl-opt.sh -} - -component_test_psa_crypto_config_accel_ecc_no_bignum () { - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC" -} - -component_test_psa_crypto_config_reference_ecc_no_bignum () { - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC" -} - -component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC_DH" -} - -component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC_DH" -} - component_test_tfm_config_as_is () { msg "build: configs/config-tfm.h" MBEDTLS_CONFIG="configs/config-tfm.h" @@ -1906,74 +1215,6 @@ component_test_psa_ecc_key_pair_no_generate () { build_and_test_psa_want_key_pair_partial crypto_full "ECC" "GENERATE" } -config_psa_crypto_accel_rsa () { - driver_only=$1 - - # Start from crypto_full config (no X.509, no TLS) - helper_libtestdriver1_adjust_config "crypto_full" - - if [ "$driver_only" -eq 1 ]; then - # We need PEM parsing in the test library as well to support the import - # of PEM encoded RSA keys. - scripts/config.py -c "$CONFIG_TEST_DRIVER_H" set MBEDTLS_PEM_PARSE_C - scripts/config.py -c "$CONFIG_TEST_DRIVER_H" set MBEDTLS_BASE64_C - fi -} - -component_test_psa_crypto_config_accel_rsa_crypto () { - msg "build: crypto_full with accelerated RSA" - - loc_accel_list="ALG_RSA_OAEP ALG_RSA_PSS \ - ALG_RSA_PKCS1V15_CRYPT ALG_RSA_PKCS1V15_SIGN \ - KEY_TYPE_RSA_PUBLIC_KEY \ - KEY_TYPE_RSA_KEY_PAIR_BASIC \ - KEY_TYPE_RSA_KEY_PAIR_GENERATE \ - KEY_TYPE_RSA_KEY_PAIR_IMPORT \ - KEY_TYPE_RSA_KEY_PAIR_EXPORT" - - # Configure - # --------- - - config_psa_crypto_accel_rsa 1 - - # Build - # ----- - - # These hashes are needed for unit tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512 ALG_MD5" - helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_rsa ${BUILTIN_SRC_PATH}/rsa.o - - # Run the tests - # ------------- - - msg "test: crypto_full with accelerated RSA" - $MAKE_COMMAND test -} - -component_test_psa_crypto_config_reference_rsa_crypto () { - msg "build: crypto_full with non-accelerated RSA" - - # Configure - # --------- - config_psa_crypto_accel_rsa 0 - - # Build - # ----- - cmake -D CMAKE_BUILD_TYPE:String=Release . - cmake --build . - - # Run the tests - # ------------- - msg "test: crypto_full with non-accelerated RSA" - ctest -} - # This is a temporary test to verify that full RSA support is present even when # only one single new symbols (PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) is defined. component_test_new_psa_want_key_pair_symbol () { @@ -2017,303 +1258,6 @@ component_test_new_psa_want_key_pair_symbol () { fi } -component_test_psa_crypto_config_accel_hash () { - msg "test: accelerated hash" - - loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \ - ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - # Configure - # --------- - - # Start from default config (no USE_PSA) - helper_libtestdriver1_adjust_config "default" - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # There's a risk of something getting re-enabled via config_psa.h; - # make sure it did not happen. Note: it's OK for MD_C to be enabled. - not grep mbedtls_md5 ${BUILTIN_SRC_PATH}/md5.o - not grep mbedtls_sha1 ${BUILTIN_SRC_PATH}/sha1.o - not grep mbedtls_sha256 ${BUILTIN_SRC_PATH}/sha256.o - not grep mbedtls_sha512 ${BUILTIN_SRC_PATH}/sha512.o - not grep mbedtls_ripemd160 ${BUILTIN_SRC_PATH}/ripemd160.o - - # Run the tests - # ------------- - - msg "test: accelerated hash" - $MAKE_COMMAND test -} - -# Auxiliary function to build config for hashes with and without drivers -config_psa_crypto_hash_use_psa () { - driver_only="$1" - # start with config full for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - if [ "$driver_only" -eq 1 ]; then - # disable the built-in implementation of hashes - scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - fi -} - -# Note that component_test_psa_crypto_config_reference_hash_use_psa -# is related to this component and both components need to be kept in sync. -# For details please see comments for component_test_psa_crypto_config_reference_hash_use_psa. -component_test_psa_crypto_config_accel_hash_use_psa () { - msg "test: full with accelerated hashes" - - loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \ - ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - # Configure - # --------- - - config_psa_crypto_hash_use_psa 1 - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # There's a risk of something getting re-enabled via config_psa.h; - # make sure it did not happen. Note: it's OK for MD_C to be enabled. - not grep mbedtls_md5 ${BUILTIN_SRC_PATH}/md5.o - not grep mbedtls_sha1 ${BUILTIN_SRC_PATH}/sha1.o - not grep mbedtls_sha256 ${BUILTIN_SRC_PATH}/sha256.o - not grep mbedtls_sha512 ${BUILTIN_SRC_PATH}/sha512.o - not grep mbedtls_ripemd160 ${BUILTIN_SRC_PATH}/ripemd160.o - - # Run the tests - # ------------- - - msg "test: full with accelerated hashes" - $MAKE_COMMAND test - - # This is mostly useful so that we can later compare outcome files with - # the reference config in analyze_outcomes.py, to check that the - # dependency declarations in ssl-opt.sh and in TLS code are correct. - msg "test: ssl-opt.sh, full with accelerated hashes" - tests/ssl-opt.sh - - # This is to make sure all ciphersuites are exercised, but we don't need - # interop testing (besides, we already got some from ssl-opt.sh). - msg "test: compat.sh, full with accelerated hashes" - tests/compat.sh -p mbedTLS -V YES -} - -# This component provides reference configuration for test_psa_crypto_config_accel_hash_use_psa -# without accelerated hash. The outcome from both components are used by the analyze_outcomes.py -# script to find regression in test coverage when accelerated hash is used (tests and ssl-opt). -# Both components need to be kept in sync. -component_test_psa_crypto_config_reference_hash_use_psa () { - msg "test: full without accelerated hashes" - - config_psa_crypto_hash_use_psa 0 - - cmake -D CMAKE_BUILD_TYPE:String=Release . - cmake --build . - - msg "test: full without accelerated hashes" - ctest - - msg "test: ssl-opt.sh, full without accelerated hashes" - tests/ssl-opt.sh -} - -# Auxiliary function to build config for hashes with and without drivers -config_psa_crypto_hmac_use_psa () { - driver_only="$1" - # start with config full for maximum coverage (also enables USE_PSA) - helper_libtestdriver1_adjust_config "full" - - if [ "$driver_only" -eq 1 ]; then - # Disable MD_C in order to disable the builtin support for HMAC. MD_LIGHT - # is still enabled though (for ENTROPY_C among others). - scripts/config.py unset MBEDTLS_MD_C - # Also disable the configuration options that tune the builtin hashes, - # since those hashes are disabled. - scripts/config.py unset-all MBEDTLS_SHA - fi - - # Direct dependencies of MD_C. We disable them also in the reference - # component to work with the same set of features. - scripts/config.py unset MBEDTLS_PKCS7_C - scripts/config.py unset MBEDTLS_PKCS5_C - scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset MBEDTLS_HKDF_C - # Dependencies of HMAC_DRBG - scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA -} - -component_test_psa_crypto_config_accel_hmac () { - msg "test: full with accelerated hmac" - - loc_accel_list="ALG_HMAC KEY_TYPE_HMAC \ - ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \ - ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - # Configure - # --------- - - config_psa_crypto_hmac_use_psa 1 - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Ensure that built-in support for HMAC is disabled. - if [ -f ${TF_PSA_CRYPTO_ROOT_DIR}/extras/md.c ]; then - not grep mbedtls_md_hmac ${TF_PSA_CRYPTO_ROOT_DIR}/extras/md.o - else - not grep mbedtls_md_hmac ${BUILTIN_SRC_PATH}/md.o - fi - - # Run the tests - # ------------- - - msg "test: full with accelerated hmac" - $MAKE_COMMAND test -} - -component_test_psa_crypto_config_reference_hmac () { - msg "test: full without accelerated hmac" - - config_psa_crypto_hmac_use_psa 0 - - cmake -D CMAKE_BUILD_TYPE:String=Release . - cmake --build . - - msg "test: full without accelerated hmac" - ctest -} - -component_test_psa_crypto_config_accel_aead () { - msg "test: accelerated AEAD" - - loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 \ - KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" - - # Configure - # --------- - - # Start from full config - helper_libtestdriver1_adjust_config "full" - - # Disable CCM_STAR_NO_TAG because this re-enables CCM_C. - scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_ccm ${BUILTIN_SRC_PATH}/ccm.o - not grep mbedtls_gcm ${BUILTIN_SRC_PATH}/gcm.o - not grep mbedtls_chachapoly ${BUILTIN_SRC_PATH}/chachapoly.o - - # Run the tests - # ------------- - - msg "test: accelerated AEAD" - $MAKE_COMMAND test -} - -# This is a common configuration function used in: -# - component_test_psa_crypto_config_accel_cipher_aead_cmac -# - component_test_psa_crypto_config_reference_cipher_aead_cmac -common_psa_crypto_config_accel_cipher_aead_cmac () { - # Start from the full config - helper_libtestdriver1_adjust_config "full" - - scripts/config.py unset MBEDTLS_NIST_KW_C -} - -# The 2 following test components, i.e. -# - component_test_psa_crypto_config_accel_cipher_aead_cmac -# - component_test_psa_crypto_config_reference_cipher_aead_cmac -# are meant to be used together in analyze_outcomes.py script in order to test -# driver's coverage for ciphers and AEADs. -component_test_psa_crypto_config_accel_cipher_aead_cmac () { - msg "build: full config with accelerated cipher inc. AEAD and CMAC" - - loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \ - ALG_OFB ALG_XTS ALG_STREAM_CIPHER ALG_CCM_STAR_NO_TAG \ - ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 ALG_CMAC \ - KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA" - - # Configure - # --------- - - common_psa_crypto_config_accel_cipher_aead_cmac - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o - not grep mbedtls_aes ${BUILTIN_SRC_PATH}/aes.o - not grep mbedtls_aria ${BUILTIN_SRC_PATH}/aria.o - not grep mbedtls_camellia ${BUILTIN_SRC_PATH}/camellia.o - not grep mbedtls_ccm ${BUILTIN_SRC_PATH}/ccm.o - not grep mbedtls_gcm ${BUILTIN_SRC_PATH}/gcm.o - not grep mbedtls_chachapoly ${BUILTIN_SRC_PATH}/chachapoly.o - not grep mbedtls_cmac ${BUILTIN_SRC_PATH}/cmac.o - not grep mbedtls_poly1305 ${BUILTIN_SRC_PATH}/poly1305.o - - # Run the tests - # ------------- - - msg "test: full config with accelerated cipher inc. AEAD and CMAC" - $MAKE_COMMAND test - - msg "ssl-opt: full config with accelerated cipher inc. AEAD and CMAC" - # Exclude password-protected key tests — they require built-in CBC and AES. - tests/ssl-opt.sh -e "TLS: password protected" - - msg "compat.sh: full config with accelerated cipher inc. AEAD and CMAC" - tests/compat.sh -V NO -p mbedTLS -} - -component_test_psa_crypto_config_reference_cipher_aead_cmac () { - msg "build: full config with non-accelerated cipher inc. AEAD and CMAC" - common_psa_crypto_config_accel_cipher_aead_cmac - - cmake -D CMAKE_BUILD_TYPE:String=Release . - cmake --build . - - msg "test: full config with non-accelerated cipher inc. AEAD and CMAC" - ctest - - msg "ssl-opt: full config with non-accelerated cipher inc. AEAD and CMAC" - # Exclude password-protected key tests as in test_psa_crypto_config_accel_cipher_aead_cmac. - tests/ssl-opt.sh -e "TLS: password protected" - - msg "compat.sh: full config with non-accelerated cipher inc. AEAD and CMAC" - tests/compat.sh -V NO -p mbedTLS -} - common_block_cipher_dispatch () { TEST_WITH_DRIVER="$1" From a0adc1c5b1415f7ae766055fd3b6f433b03aa5ef Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 17 Apr 2026 15:03:40 +0200 Subject: [PATCH 1537/1548] Remove remaining MbedTLS libtestdriver1 components Signed-off-by: Ronald Cron --- .../components-configuration-crypto.sh | 167 ------------------ 1 file changed, 167 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index c2ac874e37..e936756806 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -584,65 +584,6 @@ component_build_psa_crypto_spm () { check_renamed_symbols framework/tests/include/spe/crypto_spe.h library/libmbedcrypto.a } -# The goal of this component is to build a configuration where: -# - test code and libtestdriver1 can make use of calloc/free and -# - core library (including PSA core) cannot use calloc/free. -component_test_psa_crypto_without_heap() { - msg "crypto without heap: build libtestdriver1" - # Disable PSA features that cannot be accelerated and whose builtin support - # requires calloc/free. - scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - scripts/config.py unset-all "^PSA_WANT_ALG_HKDF" - scripts/config.py unset-all "^PSA_WANT_ALG_PBKDF2_" - scripts/config.py unset-all "^PSA_WANT_ALG_TLS12_" - # RSA key support requires ASN1 parse/write support for testing, but ASN1 - # is disabled below. - scripts/config.py unset-all "^PSA_WANT_KEY_TYPE_RSA_" - scripts/config.py unset-all "^PSA_WANT_ALG_RSA_" - # EC-JPAKE use calloc/free in PSA core - scripts/config.py unset PSA_WANT_ALG_JPAKE - scripts/config.py set TF_PSA_CRYPTO_ALLOW_REMOVED_MECHANISMS || true - - # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H). - PSA_SYM_LIST=$(./scripts/config.py get-all-enabled PSA_WANT) - loc_accel_list=$(echo $PSA_SYM_LIST | sed 's/PSA_WANT_//g') - - helper_libtestdriver1_adjust_config crypto - helper_libtestdriver1_make_drivers "$loc_accel_list" - - msg "crypto without heap: build main library" - # Disable all legacy MBEDTLS_xxx symbols. - scripts/config.py unset-all "^MBEDTLS_" - # Build the PSA core using the proper config file. - scripts/config.py set MBEDTLS_PSA_CRYPTO_C - # Enable fully-static key slots in PSA core. - scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS - # Prevent PSA core from creating a copy of input/output buffers. - scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS - # Prevent PSA core from using CTR-DRBG or HMAC-DRBG for random generation. - scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG - # Set calloc/free as null pointer functions. Calling them would crash - # the program so we can use this as a "sentinel" for being sure no module - # is making use of these functions in the library. - scripts/config.py set MBEDTLS_PLATFORM_C - scripts/config.py set MBEDTLS_PLATFORM_MEMORY - scripts/config.py set MBEDTLS_PLATFORM_STD_CALLOC NULL - scripts/config.py set MBEDTLS_PLATFORM_STD_FREE NULL - - helper_libtestdriver1_make_main "$loc_accel_list" lib - - msg "crypto without heap: build test suites and helpers" - # Reset calloc/free functions to normal operations so that test code can - # freely use them. - scripts/config.py unset MBEDTLS_PLATFORM_MEMORY - scripts/config.py unset MBEDTLS_PLATFORM_STD_CALLOC - scripts/config.py unset MBEDTLS_PLATFORM_STD_FREE - helper_libtestdriver1_make_main "$loc_accel_list" tests - - msg "crypto without heap: test" - $MAKE_COMMAND test -} - component_test_no_rsa_key_pair_generation () { msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE @@ -1258,114 +1199,6 @@ component_test_new_psa_want_key_pair_symbol () { fi } -common_block_cipher_dispatch () { - TEST_WITH_DRIVER="$1" - - # Start from the full config - helper_libtestdriver1_adjust_config "full" - - # Disable cipher's modes that, when not accelerated, cause - # legacy key types to be re-enabled in "config_adjust_legacy_from_psa.h". - # Keep this also in the reference component in order to skip the same tests - # that were skipped in the accelerated one. - scripts/config.py unset PSA_WANT_ALG_CTR - scripts/config.py unset PSA_WANT_ALG_CFB - scripts/config.py unset PSA_WANT_ALG_OFB - scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py unset PSA_WANT_ALG_CMAC - scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 - - # Disable direct dependency on AES_C - scripts/config.py unset MBEDTLS_NIST_KW_C - - # Prevent the cipher module from using deprecated PSA path. The reason is - # that otherwise there will be tests relying on "aes_info" (defined in - # "cipher_wrap.c") whose functions are not available when AES_C is - # not defined. ARIA and Camellia are not a problem in this case because - # the PSA path is not tested for these key types. - scripts/config.py set MBEDTLS_DEPRECATED_REMOVED -} - -component_test_full_block_cipher_psa_dispatch_static_keystore () { - msg "build: full + PSA dispatch in block_cipher with static keystore" - # Check that the static key store works well when CTR_DRBG uses a - # PSA key for AES. - scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC - - loc_accel_list="ALG_ECB_NO_PADDING \ - KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" - - # Configure - # --------- - - common_block_cipher_dispatch 1 - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure disabled components were not re-enabled by accident (additive - # config) - not grep mbedtls_aes_ ${BUILTIN_SRC_PATH}/aes.o - not grep mbedtls_aria_ ${BUILTIN_SRC_PATH}/aria.o - not grep mbedtls_camellia_ ${BUILTIN_SRC_PATH}/camellia.o - - # Run the tests - # ------------- - - msg "test: full + PSA dispatch in block_cipher with static keystore" - $MAKE_COMMAND test -} - -component_test_full_block_cipher_psa_dispatch () { - msg "build: full + PSA dispatch in block_cipher" - - loc_accel_list="ALG_ECB_NO_PADDING \ - KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" - - # Configure - # --------- - - common_block_cipher_dispatch 1 - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure disabled components were not re-enabled by accident (additive - # config) - not grep mbedtls_aes_ ${BUILTIN_SRC_PATH}/aes.o - not grep mbedtls_aria_ ${BUILTIN_SRC_PATH}/aria.o - not grep mbedtls_camellia_ ${BUILTIN_SRC_PATH}/camellia.o - - # Run the tests - # ------------- - - msg "test: full + PSA dispatch in block_cipher" - $MAKE_COMMAND test -} - -# This is the reference component of component_test_full_block_cipher_psa_dispatch -component_test_full_block_cipher_legacy_dispatch () { - msg "build: full + legacy dispatch in block_cipher" - - common_block_cipher_dispatch 0 - - cmake -D CMAKE_BUILD_TYPE:String=Release . - cmake --build . - - msg "test: full + legacy dispatch in block_cipher" - ctest -} - component_test_aead_chachapoly_disabled () { msg "build: full minus CHACHAPOLY" scripts/config.py full From 698939ca156cd5b78c3d93cee7dab4058d056b38 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 17 Apr 2026 15:11:27 +0200 Subject: [PATCH 1538/1548] Remove various config crypto components component_build_psa_config_file and component_build_crypto_baremetal are not needed in TF-PSA-Crypto context. They are respectively duplicate of component_tf_psa_crypto_build_custom_config_file in components-build-system.sh and component_build_baremetal (to be added in components-configuration.sh, see #117). The others will be re-introduced later: component_build_aes_variations: covered by #81 component_build_psa_alt_headers: covered by #81 component_test_psa_crypto_drivers: covered by #768 component_depends_py_*: see https://github.com/Mbed-TLS/mbedtls-docs/pull/201 Signed-off-by: Ronald Cron --- .../components-configuration-crypto.sh | 230 ------------------ 1 file changed, 230 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index e936756806..a70a4b2f4e 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -975,45 +975,6 @@ component_test_crypto_for_psa_service () { are_empty_libraries library/libmbedx509.* library/libmbedtls.* } -component_build_crypto_baremetal () { - msg "build: make, crypto only, baremetal config" - scripts/config.py crypto_baremetal - CFLAGS="-O1 -I$PWD/framework/tests/include/baremetal-override/ -DMBEDTLS_TEST_PLATFORM_IS_NOT_UNIXLIKE" cmake . - cmake --build . - ctest - are_empty_libraries library/libmbedx509.* library/libmbedtls.* -} - -support_build_crypto_baremetal () { - support_build_baremetal "$@" -} - -# depends.py family of tests -component_test_depends_py_cipher_id () { - msg "test/build: depends.py cipher_id (gcc)" - tests/scripts/depends.py cipher_id -} - -component_test_depends_py_cipher_chaining () { - msg "test/build: depends.py cipher_chaining (gcc)" - tests/scripts/depends.py cipher_chaining -} - -component_test_depends_py_curves () { - msg "test/build: depends.py curves (gcc)" - tests/scripts/depends.py curves -} - -component_test_depends_py_hashes () { - msg "test/build: depends.py hashes (gcc)" - tests/scripts/depends.py hashes -} - -component_test_depends_py_pkalgs () { - msg "test/build: depends.py pkalgs (gcc)" - tests/scripts/depends.py pkalgs -} - component_test_psa_crypto_config_ffdh_2048_only () { msg "build: full config - only DH 2048" @@ -1237,123 +1198,6 @@ component_test_ccm_aes_sha256 () { ctest } -# Test that the given .o file builds with all (valid) combinations of the given options. -# -# Syntax: build_test_config_combos FILE VALIDATOR_FUNCTION OPT1 OPT2 ... -# -# The validator function is the name of a function to validate the combination of options. -# It may be "" if all combinations are valid. -# It receives a string containing a combination of options, as passed to the compiler, -# e.g. "-DOPT1 -DOPT2 ...". It must return 0 iff the combination is valid, non-zero if invalid. -build_test_config_combos () { - file=$1 - shift - validate_options=$1 - shift - options=("$@") - - # clear all of the options so that they can be overridden on the clang commandline - for opt in "${options[@]}"; do - ./scripts/config.py unset ${opt} - done - - # enter the library directory - cd library - - # The most common issue is unused variables/functions, so ensure -Wunused is set. - warning_flags="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" - - # Extract the command generated by the Makefile to build the target file. - # This ensures that we have any include paths, macro definitions, etc - # that may be applied by make. - # Add -fsyntax-only as we only want a syntax check and don't need to generate a file. - compile_cmd="clang \$(LOCAL_CFLAGS) ${warning_flags} -fsyntax-only -c" - - makefile=$(TMPDIR=. mktemp) - deps="" - - len=${#options[@]} - source_file=../${file%.o}.c - - targets=0 - echo 'include Makefile' >${makefile} - - for ((i = 0; i < $((2**${len})); i++)); do - # generate each of 2^n combinations of options - # each bit of $i is used to determine if options[i] will be set or not - target="t" - clang_args="" - for ((j = 0; j < ${len}; j++)); do - if (((i >> j) & 1)); then - opt=-D${options[$j]} - clang_args="${clang_args} ${opt}" - target="${target}${opt}" - fi - done - - # if combination is not known to be invalid, add it to the makefile - if [[ -z $validate_options ]] || $validate_options "${clang_args}"; then - cmd="${compile_cmd} ${clang_args}" - echo "${target}: ${source_file}; $cmd ${source_file}" >> ${makefile} - - deps="${deps} ${target}" - ((++targets)) - fi - done - - echo "build_test_config_combos: ${deps}" >> ${makefile} - - # execute all of the commands via Make (probably in parallel) - make -s -f ${makefile} build_test_config_combos - echo "$targets targets checked" - - # clean up the temporary makefile - rm ${makefile} -} - -validate_aes_config_variations () { - if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then - if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \ - ("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then - return 1 - fi - fi - return 0 -} - -component_build_aes_variations () { - # 18s - around 90ms per clang invocation on M1 Pro - # - # aes.o has many #if defined(...) guards that intersect in complex ways. - # Test that all the combinations build cleanly. - - MBEDTLS_ROOT_DIR="$PWD" - msg "build: aes.o for all combinations of relevant config options" - - build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ - "MBEDTLS_AES_ROM_TABLES" \ - "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ - "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" - - cd "$MBEDTLS_ROOT_DIR" - msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT" - - # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW, - # manually set or unset those configurations to check - # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o. - scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_NIST_KW_C - - scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING - - build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ - "MBEDTLS_AES_ROM_TABLES" \ - "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ - "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" -} - support_build_aes_aesce_armcc () { support_build_armcc } @@ -1665,80 +1509,6 @@ component_test_full_static_keystore () { ctest } -component_test_psa_crypto_drivers () { - # Test dispatch to drivers and fallbacks with - # test_suite_psa_crypto_driver_wrappers test suite. The test drivers that - # are wrappers around the builtin drivers are activated by - # PSA_CRYPTO_DRIVER_TEST. - # - # For the time being, some test cases in test_suite_block_cipher and - # test_suite_md.psa rely on this component to be run at least once by the - # CI. This should disappear as we progress the 4.x work. See - # config_adjust_test_accelerators.h for more information. - msg "build: full + test drivers dispatching to builtins" - scripts/config.py full - loc_cflags="-DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS" - loc_cflags="${loc_cflags} -I../framework/tests/include -I${MBEDTLS_ROOT_DIR}/include" - - CC=$ASAN_CC CFLAGS="${loc_cflags}" cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: full + test drivers dispatching to builtins" - make test -} - -component_build_psa_config_file () { - msg "build: make with TF_PSA_CRYPTO_CONFIG_FILE" # ~40s - cp "$CRYPTO_CONFIG_H" psa_test_config.h - echo '#error "TF_PSA_CRYPTO_CONFIG_FILE is not working"' >"$CRYPTO_CONFIG_H" - $MAKE_COMMAND CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'" - # Make sure this feature is enabled. We'll disable it in the next phase. - programs/test/query_compile_time_config PSA_WANT_ALG_CMAC - $MAKE_COMMAND clean - - msg "build: make with TF_PSA_CRYPTO_CONFIG_FILE + TF_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s - # In the user config, disable one feature and its dependencies, which will - # reflect on the mbedtls configuration so we can query it with - # query_compile_time_config. - echo '#undef PSA_WANT_ALG_CMAC' >psa_user_config.h - echo '#undef PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128' >> psa_user_config.h - $MAKE_COMMAND CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DTF_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'" - not programs/test/query_compile_time_config PSA_WANT_ALG_CMAC - - rm -f psa_test_config.h psa_user_config.h -} - -component_build_psa_alt_headers () { - msg "build: make with PSA alt headers" # ~20s - - PSA_ALT_HDRS="$PWD/tests/include/alt-dummy" - mkdir -p "$PSA_ALT_HDRS/psa" - # Generate alternative versions of the substitutable headers with the - # same content except different include guards. - sed -E 's/^(# *(define|ifndef) +[A-Za-z0-9_]+)_H\b/\1_ALT_H/' \ - tf-psa-crypto/include/psa/crypto_platform.h \ - > "$PSA_ALT_HDRS/psa/crypto_platform_alt.h" - - sed -E 's/^(# *(define|ifndef) +[A-Za-z0-9_]+)_H\b/\1_ALT_H/' \ - tf-psa-crypto/include/psa/crypto_struct.h \ - > "$PSA_ALT_HDRS/psa/crypto_struct_alt.h" - - # Build the library and some programs. - CFLAGS="-I$PSA_ALT_HDRS -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" cmake -D CMAKE_BUILD_TYPE:String=Release . - cmake --build . --target lib - cmake --build . --target programs - - # Check that we're getting the alternative include guards and not the - # original include guards. - programs/test/query_included_headers | grep -x PSA_CRYPTO_PLATFORM_ALT_H - programs/test/query_included_headers | grep -x PSA_CRYPTO_STRUCT_ALT_H - programs/test/query_included_headers | not grep -x PSA_CRYPTO_PLATFORM_H - programs/test/query_included_headers | not grep -x PSA_CRYPTO_STRUCT_H - - # Explicitly clean up generated alt headers - rm -f "$PSA_ALT_HDRS/psa/crypto_platform_alt.h" "$PSA_ALT_HDRS/psa/crypto_struct_alt.h" -} - component_test_min_mpi_window_size () { msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s scripts/config.py set MBEDTLS_MPI_WINDOW_SIZE 1 From 363c00415a9796a048ea745e4a5c3fe76afd089f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 16 Apr 2026 15:40:12 +0200 Subject: [PATCH 1539/1548] Add CMAKE_EXTRAS_BUILD_DIR Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index a70a4b2f4e..4a76adaa46 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -10,6 +10,7 @@ ################################################################ CMAKE_BUILTIN_BUILD_DIR="drivers/builtin/CMakeFiles/builtin.dir/src" +CMAKE_EXTRAS_BUILD_DIR="extras/CMakeFiles/extras.dir" component_test_accel_ecc_all () { msg "build: full + all ECC accelerated" From cd2a9775b2018b0cb079a00c27db92e1e3bfbd99 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 16 Apr 2026 15:37:07 +0200 Subject: [PATCH 1540/1548] Remove TLS related code, comments Signed-off-by: Ronald Cron --- .../components-configuration-crypto.sh | 97 +++---------------- 1 file changed, 12 insertions(+), 85 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 4a76adaa46..4f36a029b9 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -606,9 +606,6 @@ component_test_no_pem_no_fs () { msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s make test - - msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min - tests/ssl-opt.sh } component_test_rsa_no_crt () { @@ -619,19 +616,10 @@ component_test_rsa_no_crt () { msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s make test - - msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s - tests/ssl-opt.sh -f RSA - - msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min - tests/compat.sh -t RSA - - msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec - tests/context-info.sh } -component_test_no_ctr_drbg_use_psa () { - msg "build: Full minus CTR_DRBG, PSA crypto in TLS" +component_test_no_ctr_drbg () { + msg "build: Full minus CTR_DRBG" scripts/config.py full scripts/config.py unset MBEDTLS_CTR_DRBG_C @@ -640,19 +628,10 @@ component_test_no_ctr_drbg_use_psa () { msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites" make test - - # In this configuration, the TLS test programs use HMAC_DRBG. - # The SSL tests are slow, so run a small subset, just enough to get - # confidence that the SSL code copes with HMAC_DRBG. - msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" - tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server' - - msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)" - tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL } -component_test_no_hmac_drbg_use_psa () { - msg "build: Full minus HMAC_DRBG, PSA crypto in TLS" +component_test_no_hmac_drbg () { + msg "build: Full minus HMAC_DRBG" scripts/config.py full scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # requires HMAC_DRBG @@ -662,23 +641,10 @@ component_test_no_hmac_drbg_use_psa () { msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites" make test - - # Normally our ECDSA implementation uses deterministic ECDSA. But since - # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used - # instead. - # Test SSL with non-deterministic ECDSA. Only test features that - # might be affected by how ECDSA signature is performed. - msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)" - tests/ssl-opt.sh -f 'Default\|SSL async private: sign' - - # To save time, only test one protocol version, since this part of - # the protocol is identical in (D)TLS up to 1.2. - msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)" - tests/compat.sh -m tls12 -t 'ECDSA' } -component_test_psa_external_rng_no_drbg_use_psa () { - msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS" +component_test_psa_external_rng_no_drbg () { + msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED @@ -692,9 +658,6 @@ component_test_psa_external_rng_no_drbg_use_psa () { msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" ctest - - msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)" - tests/ssl-opt.sh -f 'Default\|opaque' } component_test_psa_external_rng_use_psa_crypto () { @@ -710,9 +673,6 @@ component_test_psa_external_rng_use_psa_crypto () { msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" ctest - - msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED" - tests/ssl-opt.sh -f 'Default\|opaque' } component_full_no_pkparse_pkwrite () { @@ -831,17 +791,7 @@ component_test_full_no_cipher () { component_test_full_no_ccm () { msg "build: full no PSA_WANT_ALG_CCM" - # Full config enables: - # - USE_PSA_CRYPTO so that TLS code dispatches cipher/AEAD to PSA - # - CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated scripts/config.py full - - # Disable PSA_WANT_ALG_CCM so that CCM is not supported in PSA. CCM_C is still - # enabled, but not used from TLS since USE_PSA is set. - # This is helpful to ensure that TLS tests below have proper dependencies. - # - # Note: also PSA_WANT_ALG_CCM_STAR_NO_TAG is enabled, but it does not cause - # PSA_WANT_ALG_CCM to be re-enabled. scripts/config.py unset PSA_WANT_ALG_CCM cmake -D CMAKE_BUILD_TYPE:String=Release . @@ -887,13 +837,12 @@ component_test_full_no_ccm_star_no_tag () { } component_test_config_symmetric_only () { - msg "build: configs/config-symmetric-only.h" - MBEDTLS_CONFIG="configs/config-symmetric-only.h" + msg "build: configs/crypto-config-symmetric-only.h" CRYPTO_CONFIG="tf-psa-crypto/configs/crypto-config-symmetric-only.h" - CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: configs/config-symmetric-only.h - unit tests" + msg "test: configs/crypto-config-symmetric-only.h - unit tests" make test } @@ -908,13 +857,6 @@ component_test_everest () { msg "test: metatests (clang, ASan)" framework/scripts/run-metatests.sh any asan poison - - msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s - tests/ssl-opt.sh -f ECDH - - msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min - # Exclude some symmetric ciphers that are redundant here to gain time. - tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA' } component_test_everest_curve25519_only () { @@ -939,11 +881,6 @@ component_test_everest_curve25519_only () { } # Check that the specified libraries exist and are empty. -are_empty_libraries () { - nm "$@" >/dev/null 2>/dev/null - ! nm "$@" 2>/dev/null | grep -v ':$' | grep . -} - component_test_crypto_for_psa_service () { msg "build: make, config for PSA crypto service" scripts/config.py crypto @@ -973,7 +910,6 @@ component_test_crypto_for_psa_service () { CFLAGS="-O1" cmake . cmake --build . ctest - are_empty_libraries library/libmbedx509.* library/libmbedtls.* } component_test_psa_crypto_config_ffdh_2048_only () { @@ -992,19 +928,15 @@ component_test_psa_crypto_config_ffdh_2048_only () { msg "test: full config - only DH 2048" ctest - - msg "ssl-opt: full config - only DH 2048" - tests/ssl-opt.sh -f "ffdh" } component_test_tfm_config_as_is () { - msg "build: configs/config-tfm.h" - MBEDTLS_CONFIG="configs/config-tfm.h" + msg "build: crypto_config_profile_medium.h" CRYPTO_CONFIG="tf-psa-crypto/configs/ext/crypto_config_profile_medium.h" - CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . + CC=$ASAN_CC cmake -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: configs/config-tfm.h - unit tests" + msg "test: crypto_config_profile_medium.h - unit tests" make test } @@ -1013,7 +945,6 @@ component_test_tfm_config_as_is () { # - component_test_tfm_config_no_p256m() common_tfm_config () { # Enable TF-M config - cp configs/config-tfm.h "$CONFIG_H" cp tf-psa-crypto/configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" # Config adjustment for better test coverage in our environment. @@ -1111,10 +1042,6 @@ component_test_psa_ecc_key_pair_no_derive () { } component_test_psa_ecc_key_pair_no_generate () { - # TLS needs ECC key generation whenever ephemeral ECDH is enabled. - # We don't have proper guards for configurations with ECC key generation - # disabled (https://github.com/Mbed-TLS/mbedtls/issues/9481). Until - # then (if ever), just test the crypto part of the library. build_and_test_psa_want_key_pair_partial crypto_full "ECC" "GENERATE" } From 65c7f1c47912e0fea499cc9b844b56f33ce73c11 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 16 Apr 2026 16:05:55 +0200 Subject: [PATCH 1541/1548] Fix file paths Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 4f36a029b9..3fb4951a0e 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -838,7 +838,7 @@ component_test_full_no_ccm_star_no_tag () { component_test_config_symmetric_only () { msg "build: configs/crypto-config-symmetric-only.h" - CRYPTO_CONFIG="tf-psa-crypto/configs/crypto-config-symmetric-only.h" + CRYPTO_CONFIG="configs/crypto-config-symmetric-only.h" CC=$ASAN_CC cmake -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . make @@ -932,7 +932,7 @@ component_test_psa_crypto_config_ffdh_2048_only () { component_test_tfm_config_as_is () { msg "build: crypto_config_profile_medium.h" - CRYPTO_CONFIG="tf-psa-crypto/configs/ext/crypto_config_profile_medium.h" + CRYPTO_CONFIG="configs/ext/crypto_config_profile_medium.h" CC=$ASAN_CC cmake -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan . make @@ -945,7 +945,7 @@ component_test_tfm_config_as_is () { # - component_test_tfm_config_no_p256m() common_tfm_config () { # Enable TF-M config - cp tf-psa-crypto/configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" + cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" # Config adjustment for better test coverage in our environment. # This is not needed just to build and pass tests. @@ -974,7 +974,7 @@ component_test_tfm_config_p256m_driver_accel_ec () { not grep mbedtls_rsa_ ${CMAKE_BUILTIN_BUILD_DIR}/rsa.c.o not grep mbedtls_mpi_ ${CMAKE_BUILTIN_BUILD_DIR}/bignum.c.o # Check that p256m was built - grep -q p256_ecdsa_ library/libmbedcrypto.a + grep -q p256_ecdsa_ core/libtfpsacrypto.a # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration # files, so we want to ensure that it has not be re-enabled accidentally. @@ -1116,9 +1116,7 @@ component_test_aead_only_ccm () { component_test_ccm_aes_sha256 () { msg "build: CCM + AES + SHA256 configuration" - # Setting a blank config disables everyhing in the library side. - echo '#define MBEDTLS_CONFIG_H ' >"$CONFIG_H" - cp tf-psa-crypto/configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H" + cp configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H" cmake -D CMAKE_BUILD_TYPE:String=Release . cmake --build . From 141ce56d8135fe0c80651ffcf70500b0282875a4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 16 Apr 2026 16:52:02 +0200 Subject: [PATCH 1542/1548] Fix build targets Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 3fb4951a0e..69f7dac937 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -577,7 +577,7 @@ component_build_psa_crypto_spm () { # aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM # is active. CFLAGS="-I$PWD/framework/tests/include/spe" cmake -D CMAKE_BUILD_TYPE:String=Release . - cmake --build . --target lib + cmake --build . --target tfpsacrypto # Check that if a symbol is renamed by crypto_spe.h, the non-renamed # version is not present. From 40d40f3799079f7867292f3929aca3193bebb8a5 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 16 Apr 2026 16:57:43 +0200 Subject: [PATCH 1543/1548] Fix config preset Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 69f7dac937..7b10d3b5cd 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -540,7 +540,7 @@ component_test_psa_assume_exclusive_buffers () { component_test_crypto_with_static_key_slots() { msg "build: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" - scripts/config.py crypto_full + scripts/config.py full scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS # Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE to a value that # is enough to contain: @@ -678,7 +678,7 @@ component_test_psa_external_rng_use_psa_crypto () { component_full_no_pkparse_pkwrite () { msg "build: full without pkparse and pkwrite" - scripts/config.py crypto_full + scripts/config.py full scripts/config.py unset MBEDTLS_PK_PARSE_C scripts/config.py unset MBEDTLS_PK_WRITE_C @@ -725,7 +725,7 @@ component_full_no_pkwrite () { component_test_crypto_full_md_light_only () { msg "build: crypto_full with only the light subset of MD" - scripts/config.py crypto_full + scripts/config.py full # Disable MD scripts/config.py unset MBEDTLS_MD_C @@ -883,7 +883,6 @@ component_test_everest_curve25519_only () { # Check that the specified libraries exist and are empty. component_test_crypto_for_psa_service () { msg "build: make, config for PSA crypto service" - scripts/config.py crypto scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER # Disable things that are not needed for just cryptography, to # reach a configuration that would be typical for a PSA cryptography @@ -1042,7 +1041,7 @@ component_test_psa_ecc_key_pair_no_derive () { } component_test_psa_ecc_key_pair_no_generate () { - build_and_test_psa_want_key_pair_partial crypto_full "ECC" "GENERATE" + build_and_test_psa_want_key_pair_partial full "ECC" "GENERATE" } # This is a temporary test to verify that full RSA support is present even when @@ -1059,9 +1058,6 @@ component_test_new_psa_want_key_pair_symbol () { export MBEDTLS_TEST_OUTCOME_FILE fi - # Start from crypto configuration - scripts/config.py crypto - # Remove RSA dependencies scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT From 651ba808f0faafed38f43c6996866de44678b3d9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 16 Apr 2026 18:20:39 +0200 Subject: [PATCH 1544/1548] Remove call to run-metatests.sh Adding back the call is covered by #140. Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 7b10d3b5cd..adbdd11e5c 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -854,9 +854,6 @@ component_test_everest () { msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s make test - - msg "test: metatests (clang, ASan)" - framework/scripts/run-metatests.sh any asan poison } component_test_everest_curve25519_only () { From 1f073e677912a2c80349aae47f7d33969cda2e33 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 16 Apr 2026 18:50:11 +0200 Subject: [PATCH 1545/1548] Remove calls to selftest program The program selftest does not exist in TF-PSA-Crypto and it is not sure we will have one, see #128. Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index adbdd11e5c..726180c823 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1186,9 +1186,6 @@ component_test_aes_only_128_bit_keys_have_builtins () { msg "test: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" ctest - - msg "selftest: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" - programs/test/selftest } component_test_gcm_largetable () { @@ -1239,7 +1236,6 @@ component_test_aes_fewer_tables_and_rom_tables () { # - enable/disable the list of config options passed from -s/-u respectively. # - build # - test for tests_suite_xxx -# - selftest # # Usage: helper_block_cipher_no_decrypt_build_test # [-s set_opts] [-u unset_opts] [-c cflags] [-l ldflags] [option [...]] @@ -1285,8 +1281,6 @@ helper_block_cipher_no_decrypt_build_test () { msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" ctest - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" - programs/test/selftest cmake --build . --target clean } From f5bec0db4bcc1a5ad094a6a126734271b3c2650b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 17 Apr 2026 15:39:00 +0200 Subject: [PATCH 1546/1548] Fix armcc support check Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 726180c823..85af8673bf 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1118,7 +1118,7 @@ component_test_ccm_aes_sha256 () { } support_build_aes_aesce_armcc () { - support_build_armcc + support_build_tf_psa_crypto_armcc } # For timebeing, no aarch64 gcc available in CI and no arm64 CI node. @@ -1326,7 +1326,7 @@ component_test_block_cipher_no_decrypt_aesni () { } support_test_block_cipher_no_decrypt_aesce_armcc () { - support_build_armcc + support_build_tf_psa_crypto_armcc } component_test_block_cipher_no_decrypt_aesce_armcc () { From 1a306818fd376629a629983f2a4da8476a55ded7 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 17 Apr 2026 15:40:07 +0200 Subject: [PATCH 1547/1548] Fix armc6 build helper Signed-off-by: Ronald Cron --- tests/scripts/components-configuration-crypto.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 85af8673bf..1a63b51b3e 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -1141,12 +1141,12 @@ component_build_aes_aesce_armcc () { msg "AESCE, build with default configuration." scripts/config.py set MBEDTLS_AESCE_C scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto" + helper_armc6_cmake_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto" msg "AESCE, build AESCE only" scripts/config.py set MBEDTLS_AESCE_C scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY - helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto" + helper_armc6_cmake_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto" } component_test_aes_only_128_bit_keys () { @@ -1349,7 +1349,7 @@ component_test_block_cipher_no_decrypt_aesce_armcc () { # test AESCE baremetal build scripts/config.py set MBEDTLS_AESCE_C msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESCE" - helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra" + helper_armc6_cmake_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra" # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec ${CMAKE_BUILTIN_BUILD_DIR}/aes.c.o From c0ea3da20676344c1926ef5697b1412d268cae65 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 17 Apr 2026 17:50:30 +0200 Subject: [PATCH 1548/1548] analyze_outcomes.py: Update IGNORED_TESTS Signed-off-by: Ronald Cron --- tests/scripts/analyze_outcomes.py | 67 ++++--------------------------- 1 file changed, 8 insertions(+), 59 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 293695837f..b4ba40babb 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -25,35 +25,17 @@ class CoverageTask(outcome_analysis.CoverageTask): # covered by Mbed TLS testing. # https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/740 IGNORED_TESTS = { - 'test_suite_aes.xts': [ - re.compile('.*'), - ], - 'test_suite_block_cipher': [ - re.compile('.*'), - ], - 'test_suite_cipher.aes': [ - re.compile('.*XTS.*'), - ], 'test_suite_config.psa_boolean': [ - re.compile('.* !.*'), - 'Config: MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', - 'Config: MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', + 'Config: !MBEDTLS_PLATFORM_C', + 'Config: !MBEDTLS_PSA_CRYPTO_C', + 'Config: !PSA_WANT_ALG_HKDF', + 'Config: !PSA_WANT_ALG_SHA_224', + 'Config: !PSA_WANT_ALG_SHA_256', + 'Config: !PSA_WANT_ALG_TLS12_PRF', + 'Config: !PSA_WANT_ALG_TLS12_PSK_TO_MS', + 'Config: !PSA_WANT_KEY_TYPE_AES', 'Config: MBEDTLS_DEPRECATED_WARNING', - 'Config: MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', - 'Config: MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS', 'Config: MBEDTLS_PSA_CRYPTO_CLIENT', - 'Config: MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', - 'Config: MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', - 'Config: MBEDTLS_PSA_P256M_DRIVER_ENABLED', - 'Config: MBEDTLS_PSA_STATIC_KEY_SLOTS', - 'Config: MBEDTLS_RSA_NO_CRT', - ], - 'test_suite_config.psa_combinations': [ - 'Config: PSA_WANT_ALG_ECDSA without PSA_WANT_ALG_DETERMINISTIC_ECDSA', - ], - 'test_suite_ctr_drbg': [ - re.compile('.*AES-128.*'), - 'CTR_DRBG entropy strength: 128 bits', ], 'test_suite_pk': [ 'PK size macro: MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES: only curve is P-256', @@ -61,19 +43,8 @@ class CoverageTask(outcome_analysis.CoverageTask): 'PK size macro: MBEDTLS_PK_MAX_PUBKEY_RAW_LEN: RSA, !ECC', ], 'test_suite_psa_crypto': [ - 'PSA MAC setup: algorithm known but not supported, long key', - 'PSA MAC setup: algorithm known but not supported, short key', - 'PSA MAC setup: bad algorithm (unsupported HMAC hash algorithm)', 'PSA generate key custom: RSA, e=3 with driver and no fallback (not yet supported)', - 'PSA generate key: RSA, key pair size does not fit in static key buffer', - 'PSA generate key: RSA, key pair size fits in static key buffer', - 'PSA sign hash int (ops=inf): det ECDSA not supported', - 'PSA sign hash int (ops=min): det ECDSA not supported', 'PSA sign hash int: ECDSA not supported', - 'PSA sign hash: deterministic ECDSA not supported', - 'PSA sign message: deterministic ECDSA not supported', - 'PSA verify hash with keypair: deterministic ECDSA SECP256R1, only randomized supported', #pylint: disable=line-too-long - 'PSA verify hash: deterministic ECDSA SECP256R1, only randomized supported', ], 'test_suite_psa_crypto_driver_wrappers': [ re.compile('PSA MAC .*'), @@ -81,12 +52,6 @@ class CoverageTask(outcome_analysis.CoverageTask): re.compile('PSA encrypt transparent driver: .*'), re.compile('PSA encrypt-decrypt transparent driver: .*'), ], - 'test_suite_psa_crypto_entropy': [ - 'Fake entropy: more than one block in two steps', - 'Fake entropy: one block eventually', - 'Fake entropy: one block in two steps', - re.compile('PSA external RNG failure: .*'), - ], 'test_suite_psa_crypto_not_supported.generated': [ re.compile('.*'), ], @@ -94,24 +59,8 @@ class CoverageTask(outcome_analysis.CoverageTask): re.compile('.* !.*'), ], 'test_suite_psa_crypto_op_fail.misc': [ - 'PSA sign DETERMINISTIC_ECDSA(SHA_256): !DETERMINISTIC_ECDSA but ECDSA with ECC_KEY_PAIR(SECP_R1)', #pylint: disable=line-too-long 'PSA sign RSA_PSS(SHA_256): RSA_PSS not enabled, key pair', ], - 'test_suite_psa_crypto_persistent_key': [ - re.compile('Load key: owner=[^0].*'), - ], - 'test_suite_psa_crypto_slot_management': [ - 'Copy persistent to persistent, same id but different owner', - 'Create not supported', - 'Non reusable key slots integrity in case of key slot starvation', - ], - 'test_suite_psa_crypto_storage_format.misc': [ - 'PSA storage read: key larger than MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE', - ], - 'test_suite_random': [ - 'PSA classic wrapper: HMAC_DRBG max', - 'PSA classic wrapper: external RNG large', - ], } # Tests that are not covered for a tracked reason, and that