Merge pull request #10212 from bjwtaylor/remove-hkdf
Remove hkdf
diff --git a/BRANCHES.md b/BRANCHES.md
index 49f7e28..8066297 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -25,8 +25,9 @@
We will make regular LTS releases on an 18-month cycle, each of which will have
a 3 year support lifetime. On this basis, 3.6 LTS (released March 2024) will be
-supported until March 2027. The next LTS release will be a 4.x release, which is
-planned for September 2025.
+supported until March 2027. The next LTS release will be a 4.x release. Due to
+the size and scope of the 4.0 release, the release date of the first 4.x LTS is
+yet to be determined.
## Backwards Compatibility for application code
@@ -106,6 +107,6 @@
- [`development`](https://github.com/Mbed-TLS/mbedtls/)
- [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6)
maintained until March 2027, see
- <https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0>.
+ <https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.4>.
Users are urged to always use the latest version of a maintained branch.
diff --git a/CMakeLists.txt b/CMakeLists.txt
index a099356..1623731 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -376,15 +376,11 @@
endif()
set(tf_psa_crypto_library_targets
- ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto
- ${TF_PSA_CRYPTO_TARGET_PREFIX}builtin
- ${TF_PSA_CRYPTO_TARGET_PREFIX}everest
- ${TF_PSA_CRYPTO_TARGET_PREFIX}p256m)
+ ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto)
if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
list(APPEND tf_psa_crypto_library_targets
- ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto_static
- ${TF_PSA_CRYPTO_TARGET_PREFIX}builtin_static)
+ ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto_static)
endif()
foreach(target IN LISTS tf_psa_crypto_library_targets)
diff --git a/ChangeLog b/ChangeLog
index 1c48958..912a178 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,330 @@
Mbed TLS ChangeLog (Sorted per branch, date)
+= Mbed TLS 4.0.0-beta branch released 2025-07-04
+
+API changes
+ * The experimental functions psa_generate_key_ext() and
+ psa_key_derivation_output_key_ext() have been replaced by
+ psa_generate_key_custom() and psa_key_derivation_output_key_custom().
+ They have almost exactly the same interface, but the variable-length
+ data is passed in a separate parameter instead of a flexible array
+ member. This resolves a build failure under C++ compilers that do not
+ support flexible array members (a C99 feature not adopted by C++).
+ Fixes #9020.
+ * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API.
+ Instead of taking a mbedtls_cipher_type_t as an argument, this function
+ now takes 3 new arguments: a PSA algorithm, key type and key size, to
+ specify the AEAD for ticket protection.
+ * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx()
+ functions can now return PSA_ERROR_xxx values.
+ There is no longer a distinction between "low-level" and "high-level"
+ Mbed TLS error codes.
+ This will not affect most applications since the error values are
+ between -32767 and -1 as before.
+ * All API functions now use the PSA random generator psa_generate_random()
+ internally. As a consequence, functions no longer take RNG parameters.
+ Please refer to the migration guide at :
+ tf-psa-crypto/docs/4.0-migration-guide.md.
+
+Default behavior changes
+ * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT &&
+ !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the
+ corresponding PSA mechanism is enabled, since the server provides the
+ crypto. Fixes #9126.
+ * The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem
+ to perform cryptographic operations, with a few exceptions documented
+ in docs/architecture/psa-migration/psa-limitations.md. This
+ corresponds to the behavior of Mbed TLS 3.x when
+ MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO
+ is now always enabled.
+ * psa_crypto_init() must be called before performing any cryptographic
+ operation, including indirect requests such as parsing a key or
+ certificate or starting a TLS handshake.
+ * The `PSA_WANT_XXX` symbols as defined in
+ tf-psa-crypto/include/psa/crypto_config.h are now always used in the
+ configuration of the cryptographic mechanisms exposed by the PSA API.
+ This corresponds to the configuration behavior of Mbed TLS 3.x when
+ MBEDTLS_PSA_CRYPTO_CONFIG is enabled. In effect, MBEDTLS_PSA_CRYPTO_CONFIG
+ is now always enabled and the configuration option has been removed.
+ * In TLS clients, if mbedtls_ssl_set_hostname() has not been called,
+ mbedtls_ssl_handshake() now fails with
+ MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ if certificate-based authentication of the server is attempted.
+ This is because authenticating a server without knowing what name
+ to expect is usually insecure.
+
+Removals
+ * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C.
+ Fixes #5903.
+ * Drop support for crypto alt interface. Removes MBEDTLS_XXX_ALT options
+ at the module and function level for crypto mechanisms only. The remaining
+ alt interfaces for platform, threading and timing are unchanged.
+ Fixes #8149.
+ * Remove support for the RSA-PSK key exchange in TLS 1.2.
+ * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was
+ already deprecated and superseded by
+ mbedtls_x509write_crt_set_serial_raw().
+ * Remove the function mbedtls_ssl_conf_curves() which had been deprecated
+ in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1.
+ * Remove support for the DHE-PSK key exchange in TLS 1.2.
+ * Remove support for the DHE-RSA key exchange in TLS 1.2.
+ * Following the removal of DHM module (#9972 and TF-PSA-Crypto#175) the
+ following SSL functions are removed:
+ - mbedtls_ssl_conf_dh_param_bin
+ - mbedtls_ssl_conf_dh_param_ctx
+ - mbedtls_ssl_conf_dhm_min_bitlen
+ * Remove support for the RSA key exchange in TLS 1.2.
+ * Remove mbedtls_low_level_strerr() and mbedtls_high_level_strerr(),
+ since these concepts no longer exists. There is just mbedtls_strerror().
+ * Sample programs for the legacy crypto API have been removed.
+ pkey/rsa_genkey.c
+ pkey/pk_decrypt.c
+ pkey/dh_genprime.c
+ pkey/rsa_verify.c
+ pkey/mpi_demo.c
+ pkey/rsa_decrypt.c
+ pkey/key_app.c
+ pkey/dh_server.c
+ pkey/ecdh_curve25519.c
+ pkey/pk_encrypt.c
+ pkey/rsa_sign.c
+ pkey/key_app_writer.c
+ pkey/dh_client.c
+ pkey/ecdsa.c
+ pkey/rsa_encrypt.c
+ wince_main.c
+ aes/crypt_and_hash.c
+ random/gen_random_ctr_drbg.c
+ random/gen_entropy.c
+ hash/md_hmac_demo.c
+ hash/hello.c
+ hash/generic_sum.c
+ cipher/cipher_aead_demo.c
+ * Remove compat-2-x.h header from mbedtls.
+ * The library no longer offers interfaces to look up values by OID
+ or OID by enum values.
+ The header <mbedtls/oid.h> now only defines functions to convert
+ between binary and dotted string OID representations, and macros
+ for OID strings that are relevant to X.509.
+ The compilation option MBEDTLS_OID_C no longer
+ exists. OID tables are included in the build automatically as needed.
+
+Features
+ * When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled,
+ the number of volatile PSA keys is virtually unlimited, at the expense
+ of increased code size. This option is off by default, but enabled in
+ the default mbedtls_config.h. Fixes #9216.
+ * Add a new psa_key_agreement() PSA API to perform key agreement and return
+ an identifier for the newly created key.
+ * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which
+ uses static storage for keys, enabling malloc-less use of key slots.
+ The size of each buffer is given by the option
+ MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the
+ largest PSA key enabled in the build.
+ * Add an interruptible version of key agreement to the PSA interface.
+ See psa_key_agreement_iop_setup() and related functions.
+ * Add an interruptible version of generate key to the PSA interface.
+ See psa_generate_key_iop_setup() and related functions.
+ * Add the function mbedtls_ssl_export_keying_material() which allows the
+ client and server to extract additional shared symmetric keys from an SSL
+ session, according to the TLS-Exporter specification in RFC 8446 and 5705.
+ This requires MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to be defined in
+ mbedtls_config.h.
+
+Security
+ * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does
+ not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when
+ MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
+ CVE-2024-45157
+ * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and
+ mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the
+ largest supported curve. In some configurations with PSA disabled,
+ all values of bits are affected. This never happens in internal library
+ calls, but can affect applications that call these functions directly.
+ CVE-2024-45158
+ * With TLS 1.3, when a server enables optional authentication of the
+ client, if the client-provided certificate does not have appropriate values
+ in keyUsage or extKeyUsage extensions, then the return value of
+ mbedtls_ssl_get_verify_result() would incorrectly have the
+ MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits
+ clear. As a result, an attacker that had a certificate valid for uses other
+ than TLS client authentication could be able to use it for TLS client
+ authentication anyway. Only TLS 1.3 servers were affected, and only with
+ optional authentication (required would abort the handshake with a fatal
+ alert).
+ CVE-2024-45159
+ * Fix a buffer underrun in mbedtls_pk_write_key_der() when
+ called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled,
+ and the output buffer is smaller than the actual output.
+ Fix a related buffer underrun in mbedtls_pk_write_key_pem()
+ when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled
+ and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key.
+ CVE-2024-49195
+ * Note that TLS clients should generally call mbedtls_ssl_set_hostname()
+ if they use certificate authentication (i.e. not pre-shared keys).
+ Otherwise, in many scenarios, the server could be impersonated.
+ The library will now prevent the handshake and return
+ MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ if mbedtls_ssl_set_hostname() has not been called.
+ Reported by Daniel Stenberg.
+ CVE-2025-27809
+ * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed
+ or there was a cryptographic hardware failure when calculating the
+ Finished message, it could be calculated incorrectly. This would break
+ the security guarantees of the TLS handshake.
+ CVE-2025-27810
+ * Fix possible use-after-free or double-free in code calling
+ mbedtls_x509_string_to_names(). This was caused by the function calling
+ mbedtls_asn1_free_named_data_list() on its head argument, while the
+ documentation did no suggest it did, making it likely for callers relying
+ on the documented behaviour to still hold pointers to memory blocks after
+ they were free()d, resulting in high risk of use-after-free or double-free,
+ with consequences ranging up to arbitrary code execution.
+ In particular, the two sample programs x509/cert_write and x509/cert_req
+ were affected (use-after-free if the san string contains more than one DN).
+ Code that does not call mbedtls_string_to_names() directly is not affected.
+ Found by Linh Le and Ngan Nguyen from Calif.
+ CVE-2025-47917
+ * Fix a bug in mbedtls_x509_string_to_names() and the
+ mbedtls_x509write_{crt,csr}_set_{subject,issuer}_name() functions,
+ where some inputs would cause an inconsistent state to be reached, causing
+ a NULL dereference either in the function itself, or in subsequent
+ users of the output structure, such as mbedtls_x509_write_names(). This
+ only affects applications that create (as opposed to consume) X.509
+ certificates, CSRs or CRLs. Found by Linh Le and Ngan Nguyen from Calif.
+ CVE-2025-48965
+
+Bugfix
+ * Fix TLS 1.3 client build and runtime when support for session tickets is
+ disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395.
+ * Fix compilation error when memcpy() is a function-like macros. Fixes #8994.
+ * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled
+ as soon as MBEDTLS_RSA_C is enabled. Fixes #9041.
+ * Fix undefined behaviour (incrementing a NULL pointer by zero length) when
+ passing in zero length additional data to multipart AEAD.
+ * Fix rare concurrent access bug where attempting to operate on a
+ non-existent key while concurrently creating a new key could potentially
+ corrupt the key store.
+ * Fix error handling when creating a key in a dynamic secure element
+ (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition,
+ the creation could return PSA_SUCCESS but using or destroying the key
+ would not work. Fixes #8537.
+ * Fix issue of redefinition warning messages for _GNU_SOURCE in
+ entropy_poll.c and sha_256.c. There was a build warning during
+ building for linux platform.
+ Resolves #9026
+ * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled.
+ * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in
+ CMAC is enabled, but no built-in unauthenticated cipher is enabled.
+ Fixes #9209.
+ * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled.
+ Fixes #9029.
+ * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes
+ long. Credit to Cryptofuzz. Fixes #9314.
+ * Fix interference between PSA volatile keys and built-in keys
+ when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and
+ MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096.
+ * Document and enforce the limitation of mbedtls_psa_register_se_key()
+ to persistent keys. Resolves #9253.
+ * Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled
+ but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188.
+ * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but
+ MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186.
+ * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled,
+ some code was defining 0-size arrays, resulting in compilation errors.
+ Fixed by disabling the offending code in configurations without PSA
+ Crypto, where it never worked. Fixes #9311.
+ * Fixes an issue where some TLS 1.2 clients could not connect to an
+ Mbed TLS 3.6.0 server, due to incorrect handling of
+ legacy_compression_methods in the ClientHello.
+ fixes #8995, #9243.
+ * Fix a memory leak that could occur when failing to process an RSA
+ key through some PSA functions due to low memory conditions.
+ * Fixed a regression introduced in 3.6.0 where the CA callback set with
+ mbedtls_ssl_conf_ca_cb() would stop working when connections were
+ upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS
+ 1.3.
+ * Fixed a regression introduced in 3.6.0 where clients that relied on
+ optional/none authentication mode, by calling mbedtls_ssl_conf_authmode()
+ with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop
+ working when connections were upgraded to TLS 1.3. Fixed by adding
+ support for optional/none with TLS 1.3 as well. Note that the TLS 1.3
+ standard makes server authentication mandatory; users are advised not to
+ use authmode none, and to carefully check the results when using optional
+ mode.
+ * Fixed a regression introduced in 3.6.0 where context-specific certificate
+ verify callbacks, set with mbedtls_ssl_set_verify() as opposed to
+ mbedtls_ssl_conf_verify(), would stop working when connections were
+ upgraded to TLS 1.3. Fixed by adding support for context-specific verify
+ callback in TLS 1.3.
+ * Fix unintended performance regression when using short RSA public keys.
+ Fixes #9232.
+ * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with
+ peers that have middlebox compatibility enabled, as long as no
+ problematic middlebox is in the way. Fixes #9551.
+ * Fix invalid JSON schemas for driver descriptions used by
+ generate_driver_wrappers.py.
+ * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind'
+ and 'mbedtls_net_connect' to prevent possible double close fd
+ problems. Fixes #9711.
+ * Fix undefined behavior in some cases when mbedtls_psa_raw_to_der() or
+ mbedtls_psa_der_to_raw() is called with bits=0.
+ * Fix compilation on MS-DOS DJGPP. Fixes #9813.
+ * Fix missing constraints on the AES-NI inline assembly which is used on
+ GCC-like compilers when building AES for generic x86_64 targets. This
+ may have resulted in incorrect code with some compilers, depending on
+ optimizations. Fixes #9819.
+ * Support re-assembly of fragmented handshake messages in TLS (both
+ 1.2 and 1.3). The lack of support was causing handshake failures with
+ some servers, especially with TLS 1.3 in practice. There are a few
+ limitations, notably a fragmented ClientHello is only supported when
+ TLS 1.3 support is enabled. See the documentation of
+ mbedtls_ssl_handshake() for details.
+ * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that
+ occurred whenever SSL debugging was enabled on a copy of Mbed TLS built
+ with Visual Studio 2013 or MinGW.
+ Fixes #10017.
+ * Silence spurious -Wunterminated-string-initialization warnings introduced
+ by GCC 15. Fixes #9944.
+
+Changes
+ * Warn if mbedtls/check_config.h is included manually, as this can
+ lead to spurious errors. Error if a *adjust*.h header is included
+ manually, as this can lead to silently inconsistent configurations,
+ potentially resulting in buffer overflows.
+ When migrating from Mbed TLS 2.x, if you had a custom config.h that
+ included check_config.h, remove this inclusion from the Mbed TLS 3.x
+ configuration file (renamed to mbedtls_config.h). This change was made
+ in Mbed TLS 3.0, but was not announced in a changelog entry at the time.
+ * Functions regarding numeric string conversions for OIDs have been moved
+ from the OID module and now reside in X.509 module. This helps to reduce
+ the code size as these functions are not commonly used outside of X.509.
+ * Improve performance of PSA key generation with ECC keys: it no longer
+ computes the public key (which was immediately discarded). Fixes #9732.
+ * Cryptography and platform configuration options have been migrated
+ from the Mbed TLS library configuration file mbedtls_config.h to
+ crypto_config.h that will become the TF-PSA-Crypto configuration file,
+ see config-split.md for more information. The reference and test custom
+ configuration files respectively in configs/ and tests/configs/ have
+ been updated accordingly.
+ To migrate custom Mbed TLS configurations where
+ MBEDTLS_PSA_CRYPTO_CONFIG is disabled, you should first adapt them
+ to the PSA configuration scheme based on PSA_WANT_XXX symbols
+ (see psa-conditional-inclusion-c.md for more information).
+ To migrate custom Mbed TLS configurations where
+ MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you should migrate the
+ cryptographic and platform configuration options from mbedtls_config.h
+ to crypto_config.h (see config-split.md for more information and configs/
+ for examples).
+ * Move the crypto part of the library (content of tf-psa-crypto directory)
+ from the Mbed TLS to the TF-PSA-Crypto repository. The crypto code and
+ tests development will now occur in TF-PSA-Crypto, which Mbed TLS
+ references as a Git submodule.
+ * The function mbedtls_x509_string_to_names() now requires its head argument
+ to point to NULL on entry. This makes it likely that existing risky uses of
+ this function (see the entry in the Security section) will be detected and
+ fixed.
+
= Mbed TLS 3.6.0 branch released 2024-03-28
API changes
diff --git a/ChangeLog.d/9126.txt b/ChangeLog.d/9126.txt
deleted file mode 100644
index 22939df..0000000
--- a/ChangeLog.d/9126.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Default behavior changes
- * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT &&
- !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the
- corresponding PSA mechanism is enabled, since the server provides the
- crypto. Fixes #9126.
diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/9302.txt
deleted file mode 100644
index d61ba19..0000000
--- a/ChangeLog.d/9302.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which
- uses static storage for keys, enabling malloc-less use of key slots.
- The size of each buffer is given by the option
- MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the
- largest PSA key enabled in the build.
diff --git a/ChangeLog.d/9684.txt b/ChangeLog.d/9684.txt
deleted file mode 100644
index 115ded8..0000000
--- a/ChangeLog.d/9684.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Removals
- * Remove support for the DHE-PSK key exchange in TLS 1.2.
diff --git a/ChangeLog.d/9685.txt b/ChangeLog.d/9685.txt
deleted file mode 100644
index 9820aff..0000000
--- a/ChangeLog.d/9685.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Removals
- * Remove support for the DHE-RSA key exchange in TLS 1.2.
diff --git a/ChangeLog.d/9690.txt b/ChangeLog.d/9690.txt
deleted file mode 100644
index d00eb16..0000000
--- a/ChangeLog.d/9690.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Security
- * Fix a buffer underrun in mbedtls_pk_write_key_der() when
- called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled,
- and the output buffer is smaller than the actual output.
- Fix a related buffer underrun in mbedtls_pk_write_key_pem()
- when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled
- and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key.
- CVE-2024-49195
diff --git a/ChangeLog.d/9874.txt b/ChangeLog.d/9874.txt
deleted file mode 100644
index a4d2e03..0000000
--- a/ChangeLog.d/9874.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-API changes
- * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API.
- Instead of taking a mbedtls_cipher_type_t as an argument, this function
- now takes 3 new arguments: a PSA algorithm, key type and key size, to
- specify the AEAD for ticket protection.
diff --git a/ChangeLog.d/9892.txt b/ChangeLog.d/9892.txt
deleted file mode 100644
index cf9f9dc..0000000
--- a/ChangeLog.d/9892.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Removals
- * Remove deprecated mbedtls_x509write_crt_set_serial(). The function was
- already deprecated and superseded by
- mbedtls_x509write_crt_set_serial_raw().
diff --git a/ChangeLog.d/9956.txt b/ChangeLog.d/9956.txt
deleted file mode 100644
index cea4af1..0000000
--- a/ChangeLog.d/9956.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Removals
- * Following the removal of DHM module (#9972 and TF-PSA-Crypto#175) the
- following SSL functions are removed:
- - mbedtls_ssl_conf_dh_param_bin
- - mbedtls_ssl_conf_dh_param_ctx
- - mbedtls_ssl_conf_dhm_min_bitlen
diff --git a/ChangeLog.d/9964.txt b/ChangeLog.d/9964.txt
deleted file mode 100644
index 30029f2..0000000
--- a/ChangeLog.d/9964.txt
+++ /dev/null
@@ -1,25 +0,0 @@
-Removals
- * Sample programs for the legacy crypto API have been removed.
- pkey/rsa_genkey.c
- pkey/pk_decrypt.c
- pkey/dh_genprime.c
- pkey/rsa_verify.c
- pkey/mpi_demo.c
- pkey/rsa_decrypt.c
- pkey/key_app.c
- pkey/dh_server.c
- pkey/ecdh_curve25519.c
- pkey/pk_encrypt.c
- pkey/rsa_sign.c
- pkey/key_app_writer.c
- pkey/dh_client.c
- pkey/ecdsa.c
- pkey/rsa_encrypt.c
- wince_main.c
- aes/crypt_and_hash.c
- random/gen_random_ctr_drbg.c
- random/gen_entropy.c
- hash/md_hmac_demo.c
- hash/hello.c
- hash/generic_sum.c
- cipher/cipher_aead_demo.c
diff --git a/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt b/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt
deleted file mode 100644
index 079cd74..0000000
--- a/ChangeLog.d/MBEDTLS_PSA_HMAC_DRBG_MD_TYPE.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Security
- * Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does
- not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when
- MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
diff --git a/ChangeLog.d/add-psa-iop-generate-key.txt b/ChangeLog.d/add-psa-iop-generate-key.txt
deleted file mode 100644
index 0f586ee..0000000
--- a/ChangeLog.d/add-psa-iop-generate-key.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add an interruptible version of generate key to the PSA interface.
- See psa_generate_key_iop_setup() and related functions.
diff --git a/ChangeLog.d/add-psa-iop-key-agreement.txt b/ChangeLog.d/add-psa-iop-key-agreement.txt
deleted file mode 100644
index 92dfde1..0000000
--- a/ChangeLog.d/add-psa-iop-key-agreement.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * Add an interruptible version of key agreement to the PSA interface.
- See psa_key_agreement_iop_setup() and related functions.
-
diff --git a/ChangeLog.d/add-psa-key-agreement.txt b/ChangeLog.d/add-psa-key-agreement.txt
deleted file mode 100644
index 771e6e2..0000000
--- a/ChangeLog.d/add-psa-key-agreement.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add a new psa_key_agreement() PSA API to perform key agreement and return
- an identifier for the newly created key.
diff --git a/ChangeLog.d/add-tls-exporter.txt b/ChangeLog.d/add-tls-exporter.txt
deleted file mode 100644
index 1aea653..0000000
--- a/ChangeLog.d/add-tls-exporter.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Features
- * Add the function mbedtls_ssl_export_keying_material() which allows the
- client and server to extract additional shared symmetric keys from an SSL
- session, according to the TLS-Exporter specification in RFC 8446 and 5705.
- This requires MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to be defined in
- mbedtls_config.h.
diff --git a/ChangeLog.d/asn1-missing-guard-in-rsa.txt b/ChangeLog.d/asn1-missing-guard-in-rsa.txt
deleted file mode 100644
index bb5b470..0000000
--- a/ChangeLog.d/asn1-missing-guard-in-rsa.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled
- as soon as MBEDTLS_RSA_C is enabled. Fixes #9041.
diff --git a/ChangeLog.d/check-config.txt b/ChangeLog.d/check-config.txt
deleted file mode 100644
index 8570a11..0000000
--- a/ChangeLog.d/check-config.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-Changes
- * Warn if mbedtls/check_config.h is included manually, as this can
- lead to spurious errors. Error if a *adjust*.h header is included
- manually, as this can lead to silently inconsistent configurations,
- potentially resulting in buffer overflows.
- When migrating from Mbed TLS 2.x, if you had a custom config.h that
- included check_config.h, remove this inclusion from the Mbed TLS 3.x
- configuration file (renamed to mbedtls_config.h). This change was made
- in Mbed TLS 3.0, but was not announced in a changelog entry at the time.
diff --git a/ChangeLog.d/configuration-split.txt b/ChangeLog.d/configuration-split.txt
deleted file mode 100644
index f4d9bc6..0000000
--- a/ChangeLog.d/configuration-split.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-Changes
- * Cryptography and platform configuration options have been migrated
- from the Mbed TLS library configuration file mbedtls_config.h to
- crypto_config.h that will become the TF-PSA-Crypto configuration file,
- see config-split.md for more information. The reference and test custom
- configuration files respectively in configs/ and tests/configs/ have
- been updated accordingly.
- To migrate custom Mbed TLS configurations where
- MBEDTLS_PSA_CRYPTO_CONFIG is disabled, you should first adapt them
- to the PSA configuration scheme based on PSA_WANT_XXX symbols
- (see psa-conditional-inclusion-c.md for more information).
- To migrate custom Mbed TLS configurations where
- MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you should migrate the
- cryptographic and platform configuration options from mbedtls_config.h
- to crypto_config.h (see config-split.md for more information and configs/
- for examples).
diff --git a/ChangeLog.d/dynamic-keystore.txt b/ChangeLog.d/dynamic-keystore.txt
deleted file mode 100644
index c6aac3c..0000000
--- a/ChangeLog.d/dynamic-keystore.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Features
- * When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled,
- the number of volatile PSA keys is virtually unlimited, at the expense
- of increased code size. This option is off by default, but enabled in
- the default mbedtls_config.h. Fixes #9216.
-
-Bugfix
- * Fix interference between PSA volatile keys and built-in keys
- when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and
- MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096.
diff --git a/ChangeLog.d/ecdsa-conversion-overflow.txt b/ChangeLog.d/ecdsa-conversion-overflow.txt
deleted file mode 100644
index 83b7f2f..0000000
--- a/ChangeLog.d/ecdsa-conversion-overflow.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Security
- * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and
- mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the
- largest supported curve. In some configurations with PSA disabled,
- all values of bits are affected. This never happens in internal library
- calls, but can affect applications that call these functions directly.
diff --git a/ChangeLog.d/error-unification.txt b/ChangeLog.d/error-unification.txt
deleted file mode 100644
index eddd42c..0000000
--- a/ChangeLog.d/error-unification.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-API changes
- * The PSA and Mbed TLS error spaces are now unified. mbedtls_xxx()
- functions can now return PSA_ERROR_xxx values.
- There is no longer a distinction between "low-level" and "high-level"
- Mbed TLS error codes.
- This will not affect most applications since the error values are
- between -32767 and -1 as before.
-
-Removals
- * Remove mbedtls_low_level_strerr() and mbedtls_high_level_strerr(),
- since these concepts no longer exists. There is just mbedtls_strerror().
diff --git a/ChangeLog.d/fix-aesni-asm-clobbers.txt b/ChangeLog.d/fix-aesni-asm-clobbers.txt
deleted file mode 100644
index 538f0c5..0000000
--- a/ChangeLog.d/fix-aesni-asm-clobbers.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix missing constraints on the AES-NI inline assembly which is used on
- GCC-like compilers when building AES for generic x86_64 targets. This
- may have resulted in incorrect code with some compilers, depending on
- optimizations. Fixes #9819.
diff --git a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt
deleted file mode 100644
index 7ae1c68..0000000
--- a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled
- but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188.
diff --git a/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt b/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt
deleted file mode 100644
index 11e7d25..0000000
--- a/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix compilation error when memcpy() is a function-like macros. Fixes #8994.
diff --git a/ChangeLog.d/fix-compilation-with-djgpp.txt b/ChangeLog.d/fix-compilation-with-djgpp.txt
deleted file mode 100644
index 5b79fb6..0000000
--- a/ChangeLog.d/fix-compilation-with-djgpp.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix compilation on MS-DOS DJGPP. Fixes #9813.
diff --git a/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt b/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt
deleted file mode 100644
index 8a406a1..0000000
--- a/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix rare concurrent access bug where attempting to operate on a
- non-existent key while concurrently creating a new key could potentially
- corrupt the key store.
diff --git a/ChangeLog.d/fix-driver-schema-check.txt b/ChangeLog.d/fix-driver-schema-check.txt
deleted file mode 100644
index 9b6d8ac..0000000
--- a/ChangeLog.d/fix-driver-schema-check.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix invalid JSON schemas for driver descriptions used by
- generate_driver_wrappers.py.
diff --git a/ChangeLog.d/fix-legacy-compression-issue.txt b/ChangeLog.d/fix-legacy-compression-issue.txt
deleted file mode 100644
index 2549af8..0000000
--- a/ChangeLog.d/fix-legacy-compression-issue.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Bugfix
- * Fixes an issue where some TLS 1.2 clients could not connect to an
- Mbed TLS 3.6.0 server, due to incorrect handling of
- legacy_compression_methods in the ClientHello.
- fixes #8995, #9243.
-
diff --git a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt
deleted file mode 100644
index eefda61..0000000
--- a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that
- occurred whenever SSL debugging was enabled on a copy of Mbed TLS built
- with Visual Studio 2013 or MinGW.
- Fixes #10017.
diff --git a/ChangeLog.d/fix-psa-cmac.txt b/ChangeLog.d/fix-psa-cmac.txt
deleted file mode 100644
index e3c8aec..0000000
--- a/ChangeLog.d/fix-psa-cmac.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in
- CMAC is enabled, but no built-in unauthenticated cipher is enabled.
- Fixes #9209.
diff --git a/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt b/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt
deleted file mode 100644
index b5c2650..0000000
--- a/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix issue of redefinition warning messages for _GNU_SOURCE in
- entropy_poll.c and sha_256.c. There was a build warning during
- building for linux platform.
- Resolves #9026
diff --git a/ChangeLog.d/fix-rsa-performance-regression.txt b/ChangeLog.d/fix-rsa-performance-regression.txt
deleted file mode 100644
index 603612a..0000000
--- a/ChangeLog.d/fix-rsa-performance-regression.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix unintended performance regression when using short RSA public keys.
- Fixes #9232.
diff --git a/ChangeLog.d/fix-secure-element-key-creation.txt b/ChangeLog.d/fix-secure-element-key-creation.txt
deleted file mode 100644
index 23a46c0..0000000
--- a/ChangeLog.d/fix-secure-element-key-creation.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix error handling when creating a key in a dynamic secure element
- (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition,
- the creation could return PSA_SUCCESS but using or destroying the key
- would not work. Fixes #8537.
diff --git a/ChangeLog.d/fix-server-mode-only-build.txt b/ChangeLog.d/fix-server-mode-only-build.txt
deleted file mode 100644
index d1d8341..0000000
--- a/ChangeLog.d/fix-server-mode-only-build.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but
- MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186.
diff --git a/ChangeLog.d/fix-test-suite-pk-warnings.txt b/ChangeLog.d/fix-test-suite-pk-warnings.txt
deleted file mode 100644
index 2604219..0000000
--- a/ChangeLog.d/fix-test-suite-pk-warnings.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled.
- Fixes #9029.
diff --git a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt b/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
deleted file mode 100644
index b81fb42..0000000
--- a/ChangeLog.d/fix_reporting_of_key_usage_issues.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-Security
- * With TLS 1.3, when a server enables optional authentication of the
- client, if the client-provided certificate does not have appropriate values
- in keyUsage or extKeyUsage extensions, then the return value of
- mbedtls_ssl_get_verify_result() would incorrectly have the
- MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits
- clear. As a result, an attacker that had a certificate valid for uses other
- than TLS client authentication could be able to use it for TLS client
- authentication anyway. Only TLS 1.3 servers were affected, and only with
- optional authentication (required would abort the handshake with a fatal
- alert).
diff --git a/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt b/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt
deleted file mode 100644
index e4726a4..0000000
--- a/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix undefined behaviour (incrementing a NULL pointer by zero length) when
- passing in zero length additional data to multipart AEAD.
diff --git a/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt b/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt
deleted file mode 100644
index 69c00e1..0000000
--- a/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * Improve performance of PSA key generation with ECC keys: it no longer
- computes the public key (which was immediately discarded). Fixes #9732.
diff --git a/ChangeLog.d/mbedtls_psa_register_se_key.txt b/ChangeLog.d/mbedtls_psa_register_se_key.txt
deleted file mode 100644
index 2fc2751..0000000
--- a/ChangeLog.d/mbedtls_psa_register_se_key.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Document and enforce the limitation of mbedtls_psa_register_se_key()
- to persistent keys. Resolves #9253.
diff --git a/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt b/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt
deleted file mode 100644
index dba25af..0000000
--- a/ChangeLog.d/mbedtls_psa_rsa_load_representation-memory_leak.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a memory leak that could occur when failing to process an RSA
- key through some PSA functions due to low memory conditions.
diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt
deleted file mode 100644
index 250a5ba..0000000
--- a/ChangeLog.d/mbedtls_ssl_set_hostname.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-Default behavior changes
- * In TLS clients, if mbedtls_ssl_set_hostname() has not been called,
- mbedtls_ssl_handshake() now fails with
- MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
- if certificate-based authentication of the server is attempted.
- This is because authenticating a server without knowing what name
- to expect is usually insecure.
-
-Security
- * Note that TLS clients should generally call mbedtls_ssl_set_hostname()
- if they use certificate authentication (i.e. not pre-shared keys).
- Otherwise, in many scenarios, the server could be impersonated.
- The library will now prevent the handshake and return
- MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
- if mbedtls_ssl_set_hostname() has not been called.
- Reported by Daniel Stenberg.
diff --git a/ChangeLog.d/oid.txt b/ChangeLog.d/oid.txt
deleted file mode 100644
index 53828d8..0000000
--- a/ChangeLog.d/oid.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Removals
- * The library no longer offers interfaces to look up values by OID
- or OID by enum values.
- The header <mbedtls/oid.h> now only defines functions to convert
- between binary and dotted string OID representations, and macros
- for OID strings that are relevant to X.509.
- The compilation option MBEDTLS_OID_C no longer
- exists. OID tables are included in the build automatically as needed.
diff --git a/ChangeLog.d/pk-norsa-warning.txt b/ChangeLog.d/pk-norsa-warning.txt
deleted file mode 100644
index d00aa8a..0000000
--- a/ChangeLog.d/pk-norsa-warning.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled.
diff --git a/ChangeLog.d/psa-always-on.txt b/ChangeLog.d/psa-always-on.txt
deleted file mode 100644
index 45f4d9b..0000000
--- a/ChangeLog.d/psa-always-on.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Default behavior changes
- * The PK, X.509, PKCS7 and TLS modules now always use the PSA subsystem
- to perform cryptographic operations, with a few exceptions documented
- in docs/architecture/psa-migration/psa-limitations.md. This
- corresponds to the behavior of Mbed TLS 3.x when
- MBEDTLS_USE_PSA_CRYPTO is enabled. In effect, MBEDTLS_USE_PSA_CRYPTO
- is now always enabled.
- * psa_crypto_init() must be called before performing any cryptographic
- operation, including indirect requests such as parsing a key or
- certificate or starting a TLS handshake.
diff --git a/ChangeLog.d/psa-crypto-config-always-on.txt b/ChangeLog.d/psa-crypto-config-always-on.txt
deleted file mode 100644
index d255f8c..0000000
--- a/ChangeLog.d/psa-crypto-config-always-on.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Default behavior changes
- * The `PSA_WANT_XXX` symbols as defined in
- tf-psa-crypto/include/psa/crypto_config.h are now always used in the
- configuration of the cryptographic mechanisms exposed by the PSA API.
- This corresponds to the configuration behavior of Mbed TLS 3.x when
- MBEDTLS_PSA_CRYPTO_CONFIG is enabled. In effect, MBEDTLS_PSA_CRYPTO_CONFIG
- is now always enabled and the configuration option has been removed.
diff --git a/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt b/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt
deleted file mode 100644
index 39e03b9..0000000
--- a/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes
- long. Credit to Cryptofuzz. Fixes #9314.
diff --git a/ChangeLog.d/psa_generate_key_custom.txt b/ChangeLog.d/psa_generate_key_custom.txt
deleted file mode 100644
index 3fc1bd7..0000000
--- a/ChangeLog.d/psa_generate_key_custom.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-API changes
- * The experimental functions psa_generate_key_ext() and
- psa_key_derivation_output_key_ext() have been replaced by
- psa_generate_key_custom() and psa_key_derivation_output_key_custom().
- They have almost exactly the same interface, but the variable-length
- data is passed in a separate parameter instead of a flexible array
- member. This resolves a build failure under C++ compilers that do not
- support flexible array members (a C99 feature not adopted by C++).
- Fixes #9020.
diff --git a/ChangeLog.d/psa_util-bits-0.txt b/ChangeLog.d/psa_util-bits-0.txt
deleted file mode 100644
index 9aa70ad..0000000
--- a/ChangeLog.d/psa_util-bits-0.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix undefined behavior in some cases when mbedtls_psa_raw_to_der() or
- mbedtls_psa_der_to_raw() is called with bits=0.
diff --git a/ChangeLog.d/psa_util_in_builds_without_psa.txt b/ChangeLog.d/psa_util_in_builds_without_psa.txt
deleted file mode 100644
index 7c0866d..0000000
--- a/ChangeLog.d/psa_util_in_builds_without_psa.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled,
- some code was defining 0-size arrays, resulting in compilation errors.
- Fixed by disabling the offending code in configurations without PSA
- Crypto, where it never worked. Fixes #9311.
diff --git a/ChangeLog.d/removal-of-rng.txt b/ChangeLog.d/removal-of-rng.txt
deleted file mode 100644
index c7357e6..0000000
--- a/ChangeLog.d/removal-of-rng.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-API changes
- * All API functions now use the PSA random generator psa_generate_random()
- internally. As a consequence, functions no longer take RNG parameters.
- Please refer to the migration guide at :
- tf-psa-crypto/docs/4.0-migration-guide.md.
diff --git a/ChangeLog.d/remove-compat-2.x.txt b/ChangeLog.d/remove-compat-2.x.txt
deleted file mode 100644
index 37f012c..0000000
--- a/ChangeLog.d/remove-compat-2.x.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Removals
- * Remove compat-2-x.h header from mbedtls.
diff --git a/ChangeLog.d/remove_RSA_key_exchange.txt b/ChangeLog.d/remove_RSA_key_exchange.txt
deleted file mode 100644
index f9baaf1..0000000
--- a/ChangeLog.d/remove_RSA_key_exchange.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Removals
- * Remove support for the RSA key exchange in TLS 1.2.
diff --git a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt b/ChangeLog.d/replace-close-with-mbedtls_net_close.txt
deleted file mode 100644
index 213cf55..0000000
--- a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind'
- and 'mbedtls_net_connect' to prevent possible double close fd
- problems. Fixes #9711.
diff --git a/ChangeLog.d/repo-split.txt b/ChangeLog.d/repo-split.txt
deleted file mode 100644
index f03b5ed..0000000
--- a/ChangeLog.d/repo-split.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Changes
- * Move the crypto part of the library (content of tf-psa-crypto directory)
- from the Mbed TLS to the TF-PSA-Crypto repository. The crypto code and
- tests development will now occur in TF-PSA-Crypto, which Mbed TLS
- references as a Git submodule.
diff --git a/ChangeLog.d/rm-ssl-conf-curves.txt b/ChangeLog.d/rm-ssl-conf-curves.txt
deleted file mode 100644
index 4b29adc..0000000
--- a/ChangeLog.d/rm-ssl-conf-curves.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Removals
- * Remove the function mbedtls_ssl_conf_curves() which had been deprecated
- in favour of mbedtls_ssl_conf_groups() since Mbed TLS 3.1.
-
diff --git a/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt b/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt
deleted file mode 100644
index 938e9ec..0000000
--- a/ChangeLog.d/split-numeric-string-conversions-out-of-the-oid-module.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Changes
- * Functions regarding numeric string conversions for OIDs have been moved
- from the OID module and now reside in X.509 module. This helps to reduce
- the code size as these functions are not commonly used outside of X.509.
diff --git a/ChangeLog.d/tls-hs-defrag-in.txt b/ChangeLog.d/tls-hs-defrag-in.txt
deleted file mode 100644
index 6bab02a..0000000
--- a/ChangeLog.d/tls-hs-defrag-in.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Bugfix
- * Support re-assembly of fragmented handshake messages in TLS (both
- 1.2 and 1.3). The lack of support was causing handshake failures with
- some servers, especially with TLS 1.3 in practice. There are a few
- limitations, notably a fragmented ClientHello is only supported when
- TLS 1.3 support is enabled. See the documentation of
- mbedtls_ssl_handshake() for details.
diff --git a/ChangeLog.d/tls-key-exchange-rsa.txt b/ChangeLog.d/tls-key-exchange-rsa.txt
deleted file mode 100644
index 4df6b3e..0000000
--- a/ChangeLog.d/tls-key-exchange-rsa.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Removals
- * Remove support for the RSA-PSK key exchange in TLS 1.2.
diff --git a/ChangeLog.d/tls12-check-finished-calc.txt b/ChangeLog.d/tls12-check-finished-calc.txt
deleted file mode 100644
index cd52d32..0000000
--- a/ChangeLog.d/tls12-check-finished-calc.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Security
- * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed
- or there was a cryptographic hardware failure when calculating the
- Finished message, it could be calculated incorrectly. This would break
- the security guarantees of the TLS handshake.
- CVE-2025-27810
diff --git a/ChangeLog.d/tls13-cert-regressions.txt b/ChangeLog.d/tls13-cert-regressions.txt
deleted file mode 100644
index 8dd8a32..0000000
--- a/ChangeLog.d/tls13-cert-regressions.txt
+++ /dev/null
@@ -1,18 +0,0 @@
-Bugfix
- * Fixed a regression introduced in 3.6.0 where the CA callback set with
- mbedtls_ssl_conf_ca_cb() would stop working when connections were
- upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS
- 1.3.
- * Fixed a regression introduced in 3.6.0 where clients that relied on
- optional/none authentication mode, by calling mbedtls_ssl_conf_authmode()
- with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop
- working when connections were upgraded to TLS 1.3. Fixed by adding
- support for optional/none with TLS 1.3 as well. Note that the TLS 1.3
- standard makes server authentication mandatory; users are advised not to
- use authmode none, and to carefully check the results when using optional
- mode.
- * Fixed a regression introduced in 3.6.0 where context-specific certificate
- verify callbacks, set with mbedtls_ssl_set_verify() as opposed to
- mbedtls_ssl_conf_verify(), would stop working when connections were
- upgraded to TLS 1.3. Fixed by adding support for context-specific verify
- callback in TLS 1.3.
diff --git a/ChangeLog.d/tls13-middlebox-compat-disabled.txt b/ChangeLog.d/tls13-middlebox-compat-disabled.txt
deleted file mode 100644
index f5331bc..0000000
--- a/ChangeLog.d/tls13-middlebox-compat-disabled.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * When MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is disabled, work with
- peers that have middlebox compatibility enabled, as long as no
- problematic middlebox is in the way. Fixes #9551.
diff --git a/ChangeLog.d/tls13-without-tickets.txt b/ChangeLog.d/tls13-without-tickets.txt
deleted file mode 100644
index 8ceef21..0000000
--- a/ChangeLog.d/tls13-without-tickets.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix TLS 1.3 client build and runtime when support for session tickets is
- disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395.
diff --git a/ChangeLog.d/unterminated-string-initialization.txt b/ChangeLog.d/unterminated-string-initialization.txt
deleted file mode 100644
index 75a72ca..0000000
--- a/ChangeLog.d/unterminated-string-initialization.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Silence spurious -Wunterminated-string-initialization warnings introduced
- by GCC 15. Fixes #9944.
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 4eda5ba..c1d0f36 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -10,7 +10,7 @@
*/
/**
- * @mainpage Mbed TLS v4.0.0 API Documentation
+ * @mainpage Mbed TLS v4.0.0-beta API Documentation
*
* This documentation describes the application programming interface (API)
* of Mbed TLS.
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index cc2c51e..04a4f17 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -1,4 +1,4 @@
-PROJECT_NAME = "Mbed TLS v4.0.0"
+PROJECT_NAME = "Mbed TLS v4.0.0-beta"
OUTPUT_DIRECTORY = ../apidoc/
FULL_PATH_NAMES = NO
OPTIMIZE_OUTPUT_FOR_C = YES
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 22ddaa8..5e5a5b3 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -64,7 +64,7 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
- ( !defined(MBEDTLS_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \
+ ( !defined(MBEDTLS_CAN_ECDH) || !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) )
#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
#endif
@@ -75,8 +75,8 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
- ( !defined(MBEDTLS_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
+ ( !defined(MBEDTLS_CAN_ECDH) || !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) || !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) )
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
#endif
@@ -109,7 +109,7 @@
#endif
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
- ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
+ ( !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || !defined(PSA_WANT_ALG_RSA_OAEP) )
#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
#endif
@@ -130,7 +130,7 @@
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
#if !( (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \
defined(MBEDTLS_X509_CRT_PARSE_C) && \
- ( defined(PSA_HAVE_ALG_ECDSA_SIGN) || defined(MBEDTLS_PKCS1_V21) ) )
+ ( defined(PSA_HAVE_ALG_ECDSA_SIGN) || defined(PSA_WANT_ALG_RSA_OAEP) ) )
#error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites"
#endif
#endif
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 637f9d3..718e99e 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -1,5 +1,5 @@
/**
- * \file version.h
+ * \file mbedtls/version.h
*
* \brief Run-time version information
*/
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 2afcfb2..b1a80e3 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -329,7 +329,8 @@
* call to mbedtls_asn1_free_named_data_list().
*
* \param[out] head Address in which to store the pointer to the head of the
- * allocated list of mbedtls_x509_name
+ * allocated list of mbedtls_x509_name. Must point to NULL on
+ * entry.
* \param[in] name The string representation of a DN to convert
*
* \return 0 on success, or a negative error code.
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index f896850..451dbfd 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -171,7 +171,7 @@
add_library(${mbedx509_target} SHARED ${src_x509})
set_base_compile_options(${mbedx509_target})
target_compile_options(${mbedx509_target} PRIVATE ${LIBS_C_FLAGS})
- set_target_properties(${mbedx509_target} PROPERTIES VERSION 4.0.0 SOVERSION 7)
+ set_target_properties(${mbedx509_target} PROPERTIES VERSION 4.0.0 SOVERSION 8)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${tfpsacrypto_target})
add_library(${mbedtls_target} SHARED ${src_tls})
diff --git a/library/Makefile b/library/Makefile
index 2f695c6..a880f26 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -82,7 +82,7 @@
endif
SOEXT_TLS?=so.21
-SOEXT_X509?=so.7
+SOEXT_X509?=so.8
SOEXT_CRYPTO?=so.16
# Set AR_DASH= (empty string) to use an ar implementation that does not accept
diff --git a/library/x509_create.c b/library/x509_create.c
index e5ade5d..17fc8fb 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -468,8 +468,12 @@
unsigned char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
size_t data_len = 0;
- /* Clear existing chain if present */
- mbedtls_asn1_free_named_data_list(head);
+ /* Ensure the output parameter is not already populated.
+ * (If it were, overwriting it would likely cause a memory leak.)
+ */
+ if (*head != NULL) {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ }
while (c <= end) {
if (in_attr_type && *c == '=') {
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index e530ae8..09c2328 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -82,12 +82,14 @@
int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx,
const char *subject_name)
{
+ mbedtls_asn1_free_named_data_list(&ctx->subject);
return mbedtls_x509_string_to_names(&ctx->subject, subject_name);
}
int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx,
const char *issuer_name)
{
+ mbedtls_asn1_free_named_data_list(&ctx->issuer);
return mbedtls_x509_string_to_names(&ctx->issuer, issuer_name);
}
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index b353d37..88adf79 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -64,6 +64,7 @@
int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx,
const char *subject_name)
{
+ mbedtls_asn1_free_named_data_list(&ctx->subject);
return mbedtls_x509_string_to_names(&ctx->subject, subject_name);
}
diff --git a/pkgconfig/mbedcrypto.pc.in b/pkgconfig/mbedcrypto.pc.in
index 28b9716..303f885 100644
--- a/pkgconfig/mbedcrypto.pc.in
+++ b/pkgconfig/mbedcrypto.pc.in
@@ -7,4 +7,4 @@
URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
Version: @PROJECT_VERSION@
Cflags: -I"${includedir}"
-Libs: -L"${libdir}" -ltfpsacrypto -lbuiltin -leverest -lp256m
+Libs: -L"${libdir}" -ltfpsacrypto
diff --git a/programs/fuzz/.gitignore b/programs/fuzz/.gitignore
index 34e3ed0..9b8da61 100644
--- a/programs/fuzz/.gitignore
+++ b/programs/fuzz/.gitignore
@@ -2,8 +2,6 @@
fuzz_dtlsclient
fuzz_dtlsserver
fuzz_pkcs7
-fuzz_privkey
-fuzz_pubkey
fuzz_server
fuzz_x509crl
fuzz_x509crt
diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt
index 8f46317..54b07b4 100644
--- a/programs/fuzz/CMakeLists.txt
+++ b/programs/fuzz/CMakeLists.txt
@@ -9,7 +9,6 @@
endif()
set(executables_no_common_c
- fuzz_pubkey
fuzz_x509crl
fuzz_x509crt
fuzz_x509csr
@@ -18,7 +17,6 @@
add_dependencies(${programs_target} ${executables_no_common_c})
set(executables_with_common_c
- fuzz_privkey
fuzz_client
fuzz_dtlsclient
fuzz_dtlsserver
diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile
index 71cba0b..29483ea 100644
--- a/programs/fuzz/Makefile
+++ b/programs/fuzz/Makefile
@@ -3,12 +3,16 @@
MBEDTLS_PATH := ../..
include ../../scripts/common.make
+PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/programs/fuzz
+
DEP=${MBEDLIBS}
ifdef FUZZINGENGINE
LOCAL_LDFLAGS += -lFuzzingEngine
endif
+LOCAL_CFLAGS += -I$(PROGRAM_FUZZ_PATH)
+
# A test application is built for each fuzz_*.c file.
APPS = $(basename $(wildcard fuzz_*.c))
@@ -28,19 +32,21 @@
ifdef FUZZINGENGINE
-$(BINARIES): %$(EXEXT): %.o common.o $(DEP)
- echo " $(CC) common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@"
- $(CXX) common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/common.o $(DEP)
+ echo " $(PROGRAM_FUZZ_PATH)/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@"
+ $(CXX) $(PROGRAM_FUZZ_PATH)/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
else
-$(BINARIES): %$(EXEXT): %.o common.o onefile.o $(DEP)
- echo " $(CC) common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@"
- $(CC) common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/common.o $(PROGRAM_FUZZ_PATH)/onefile.o $(DEP)
+ echo " $(CC) $(PROGRAM_FUZZ_PATH)/common.o $(PROGRAM_FUZZ_PATH)/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@"
+ $(CC) $(PROGRAM_FUZZ_PATH)/common.o $(PROGRAM_FUZZ_PATH)/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
endif
clean:
ifndef WINDOWS
rm -rf $(BINARIES) *.o
+ rm -rf $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o
else
if exist *.o del /Q /F *.o
if exist *.exe del /Q /F *.exe
+ if exist $(MBEDTLS_PATH)\tf-psa-crypto\programs\fuzz\*.o del /Q /F $(MBEDTLS_PATH)\tf-psa-crypto\programs\fuzz\*.o
endif
diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c
deleted file mode 100644
index 8055603..0000000
--- a/programs/fuzz/fuzz_privkey.c
+++ /dev/null
@@ -1,105 +0,0 @@
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-#include "mbedtls/pk.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-#include "common.h"
-
-//4 Kb should be enough for every bug ;-)
-#define MAX_LEN 0x1000
-
-#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C)
-const char *pers = "fuzz_privkey";
-#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C
-
-int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
-{
-#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C)
- int ret;
- mbedtls_pk_context pk;
- mbedtls_ctr_drbg_context ctr_drbg;
- mbedtls_entropy_context entropy;
-
- if (Size > MAX_LEN) {
- //only work on small inputs
- Size = MAX_LEN;
- }
-
- mbedtls_ctr_drbg_init(&ctr_drbg);
- mbedtls_entropy_init(&entropy);
- mbedtls_pk_init(&pk);
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_status_t status = psa_crypto_init();
- if (status != PSA_SUCCESS) {
- goto exit;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
- if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
- (const unsigned char *) pers, strlen(pers)) != 0) {
- goto exit;
- }
-
- ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0);
- if (ret == 0) {
-#if defined(MBEDTLS_RSA_C)
- if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
- mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
- mbedtls_rsa_context *rsa;
-
- mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
- mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
- mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
-
- rsa = mbedtls_pk_rsa(pk);
- if (mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E) != 0) {
- abort();
- }
- if (mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP) != 0) {
- abort();
- }
-
- mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
- mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
- mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
- } else
-#endif
-#if defined(MBEDTLS_ECP_C)
- if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY ||
- mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) {
- mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk);
- mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp);
- const mbedtls_ecp_curve_info *curve_info =
- mbedtls_ecp_curve_info_from_grp_id(grp_id);
-
- /* If the curve is not supported, the key should not have been
- * accepted. */
- if (curve_info == NULL) {
- abort();
- }
- } else
-#endif
- {
- /* The key is valid but is not of a supported type.
- * This should not happen. */
- abort();
- }
- }
-exit:
- mbedtls_entropy_free(&entropy);
- mbedtls_ctr_drbg_free(&ctr_drbg);
- mbedtls_pk_free(&pk);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#else
- (void) Data;
- (void) Size;
-#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C
-
- return 0;
-}
diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c
deleted file mode 100644
index 69e85e0..0000000
--- a/programs/fuzz/fuzz_pubkey.c
+++ /dev/null
@@ -1,93 +0,0 @@
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include <stdint.h>
-#include <stdlib.h>
-#include "mbedtls/pk.h"
-#include "common.h"
-
-int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
-{
-#ifdef MBEDTLS_PK_PARSE_C
- int ret;
- mbedtls_pk_context pk;
-
- mbedtls_pk_init(&pk);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_status_t status = psa_crypto_init();
- if (status != PSA_SUCCESS) {
- goto exit;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- ret = mbedtls_pk_parse_public_key(&pk, Data, Size);
- if (ret == 0) {
-#if defined(MBEDTLS_RSA_C)
- if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
- mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
- mbedtls_rsa_context *rsa;
-
- mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
- mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
- mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
-
- rsa = mbedtls_pk_rsa(pk);
- if (mbedtls_rsa_export(rsa, &N, NULL, NULL, NULL, &E) != 0) {
- abort();
- }
- if (mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) {
- abort();
- }
- if (mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) {
- abort();
- }
-
- mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
- mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
- mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
-
- } else
-#endif
-#if defined(MBEDTLS_ECP_C)
- if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY ||
- mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) {
- mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk);
- mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp);
- const mbedtls_ecp_curve_info *curve_info =
- mbedtls_ecp_curve_info_from_grp_id(grp_id);
-
- /* If the curve is not supported, the key should not have been
- * accepted. */
- if (curve_info == NULL) {
- abort();
- }
-
- /* It's a public key, so the private value should not have
- * been changed from its initialization to 0. */
- mbedtls_mpi d;
- mbedtls_mpi_init(&d);
- if (mbedtls_ecp_export(ecp, NULL, &d, NULL) != 0) {
- abort();
- }
- if (mbedtls_mpi_cmp_int(&d, 0) != 0) {
- abort();
- }
- mbedtls_mpi_free(&d);
- } else
-#endif
- {
- /* The key is valid but is not of a supported type.
- * This should not happen. */
- abort();
- }
- }
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-exit:
- mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- mbedtls_pk_free(&pk);
-#else
- (void) Data;
- (void) Size;
-#endif //MBEDTLS_PK_PARSE_C
-
- return 0;
-}
diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c
index bb7fba8..58a6af5 100644
--- a/programs/test/dlopen.c
+++ b/programs/test/dlopen.c
@@ -98,16 +98,41 @@
* "gcc -std=c99 -pedantic" complains about it, but it is perfectly
* fine on platforms that have dlsym(). */
#pragma GCC diagnostic ignored "-Wpedantic"
- const int *(*md_list)(void) =
- dlsym(crypto_so, "mbedtls_md_list");
+ psa_status_t (*dyn_psa_crypto_init)(void) =
+ dlsym(crypto_so, "psa_crypto_init");
+ psa_status_t (*dyn_psa_hash_compute)(psa_algorithm_t, const uint8_t *, size_t, uint8_t *,
+ size_t, size_t *) =
+ dlsym(crypto_so, "psa_hash_compute");
+
#pragma GCC diagnostic pop
- CHECK_DLERROR("dlsym", "mbedtls_md_list");
- const int *mds = md_list();
- for (n = 0; mds[n] != 0; n++) {/* nothing to do, we're just counting */
- ;
+ /* Demonstrate hashing a message with PSA Crypto */
+
+ CHECK_DLERROR("dlsym", "psa_crypto_init");
+ CHECK_DLERROR("dlsym", "psa_hash_compute");
+
+ psa_status_t status = dyn_psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "psa_crypto_init failed: %d\n", (int) status);
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
}
- mbedtls_printf("dlopen(%s): %u hashes\n",
- crypto_so_filename, n);
+
+ const uint8_t input[] = "hello world";
+ uint8_t hash[32]; // Buffer to hold the output hash
+ size_t hash_len = 0;
+
+ status = dyn_psa_hash_compute(PSA_ALG_SHA_256,
+ input, sizeof(input) - 1,
+ hash, sizeof(hash),
+ &hash_len);
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "psa_hash_compute failed: %d\n", (int) status);
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+ }
+
+ mbedtls_printf("dlopen(%s): psa_hash_compute succeeded. SHA-256 output length: %zu\n",
+ crypto_so_filename, hash_len);
+
+
dlclose(crypto_so);
CHECK_DLERROR("dlclose", crypto_so_filename);
#endif /* MBEDTLS_MD_C */
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 8516f3a..372a84d 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -21,7 +21,6 @@
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
#include "mbedtls/sha3.h"
-#include "mbedtls/des.h"
#include "mbedtls/aes.h"
#include "mbedtls/camellia.h"
#include "mbedtls/aria.h"
@@ -296,9 +295,6 @@
defined(PSA_WANT_ALG_SHA3_512)
{ "sha3", mbedtls_sha3_self_test },
#endif
-#if defined(MBEDTLS_DES_C)
- { "des", mbedtls_des_self_test },
-#endif
#if defined(MBEDTLS_AES_C)
{ "aes", mbedtls_aes_self_test },
#endif
@@ -448,7 +444,8 @@
} \
} else { \
mbedtls_printf("Padding checks only implemented for types of size 2, 4 or 8" \
- " - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET "\n", \
+ " - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET \
+ "\n", \
sizeof(TYPE)); \
mbedtls_exit(MBEDTLS_EXIT_FAILURE); \
} \
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index f09e938..e59772f 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -150,7 +150,6 @@
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "csr example app";
mbedtls_x509_san_list *cur, *prev;
- mbedtls_asn1_named_data *ext_san_dirname = NULL;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
uint8_t ip[4] = { 0 };
#endif
@@ -274,7 +273,15 @@
cur->node.san.unstructured_name.len = sizeof(ip);
} else if (strcmp(q, "DN") == 0) {
cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME;
- if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname,
+ /* Work around an API mismatch between string_to_names() and
+ * mbedtls_x509_subject_alternative_name, which holds an
+ * actual mbedtls_x509_name while a pointer to one would be
+ * more convenient here. (Note mbedtls_x509_name and
+ * mbedtls_asn1_named_data are synonymous, again
+ * string_to_names() uses one while
+ * cur->node.san.directory_name is nominally the other.) */
+ mbedtls_asn1_named_data *tmp_san_dirname = NULL;
+ if ((ret = mbedtls_x509_string_to_names(&tmp_san_dirname,
subtype_value)) != 0) {
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(
@@ -283,7 +290,9 @@
(unsigned int) -ret, buf);
goto exit;
}
- cur->node.san.directory_name = *ext_san_dirname;
+ cur->node.san.directory_name = *tmp_san_dirname;
+ mbedtls_free(tmp_san_dirname);
+ tmp_san_dirname = NULL;
} else {
mbedtls_free(cur);
goto usage;
@@ -490,7 +499,6 @@
}
mbedtls_x509write_csr_free(&req);
- mbedtls_asn1_free_named_data_list(&ext_san_dirname);
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
@@ -500,12 +508,21 @@
cur = opt.san_list;
while (cur != NULL) {
- prev = cur;
- cur = cur->next;
- mbedtls_free(prev);
+ mbedtls_x509_san_list *next = cur->next;
+ /* Note: mbedtls_x509_free_subject_alt_name() is not what we want here.
+ * It's the right thing for entries that were parsed from a certificate,
+ * where pointers are to the raw certificate, but here all the
+ * pointers were allocated while parsing from a user-provided string. */
+ if (cur->node.type == MBEDTLS_X509_SAN_DIRECTORY_NAME) {
+ mbedtls_x509_name *dn = &cur->node.san.directory_name;
+ mbedtls_free(dn->oid.p);
+ mbedtls_free(dn->val.p);
+ mbedtls_asn1_free_named_data_list(&dn->next);
+ }
+ mbedtls_free(cur);
+ cur = next;
}
-
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 9776dc1..3cabff4 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -310,7 +310,6 @@
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "crt example app";
mbedtls_x509_san_list *cur, *prev;
- mbedtls_asn1_named_data *ext_san_dirname = NULL;
uint8_t ip[4] = { 0 };
/*
* Set to sane values
@@ -593,7 +592,15 @@
cur->node.san.unstructured_name.len = sizeof(ip);
} else if (strcmp(q, "DN") == 0) {
cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME;
- if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname,
+ /* Work around an API mismatch between string_to_names() and
+ * mbedtls_x509_subject_alternative_name, which holds an
+ * actual mbedtls_x509_name while a pointer to one would be
+ * more convenient here. (Note mbedtls_x509_name and
+ * mbedtls_asn1_named_data are synonymous, again
+ * string_to_names() uses one while
+ * cur->node.san.directory_name is nominally the other.) */
+ mbedtls_asn1_named_data *tmp_san_dirname = NULL;
+ if ((ret = mbedtls_x509_string_to_names(&tmp_san_dirname,
subtype_value)) != 0) {
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(
@@ -602,7 +609,9 @@
(unsigned int) -ret, buf);
goto exit;
}
- cur->node.san.directory_name = *ext_san_dirname;
+ cur->node.san.directory_name = *tmp_san_dirname;
+ mbedtls_free(tmp_san_dirname);
+ tmp_san_dirname = NULL;
} else {
mbedtls_free(cur);
goto usage;
@@ -991,10 +1000,26 @@
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
+ cur = opt.san_list;
+ while (cur != NULL) {
+ mbedtls_x509_san_list *next = cur->next;
+ /* Note: mbedtls_x509_free_subject_alt_name() is not what we want here.
+ * It's the right thing for entries that were parsed from a certificate,
+ * where pointers are to the raw certificate, but here all the
+ * pointers were allocated while parsing from a user-provided string. */
+ if (cur->node.type == MBEDTLS_X509_SAN_DIRECTORY_NAME) {
+ mbedtls_x509_name *dn = &cur->node.san.directory_name;
+ mbedtls_free(dn->oid.p);
+ mbedtls_free(dn->val.p);
+ mbedtls_asn1_free_named_data_list(&dn->next);
+ }
+ mbedtls_free(cur);
+ cur = next;
+ }
+
#if defined(MBEDTLS_X509_CSR_PARSE_C)
mbedtls_x509_csr_free(&csr);
#endif /* MBEDTLS_X509_CSR_PARSE_C */
- mbedtls_asn1_free_named_data_list(&ext_san_dirname);
mbedtls_x509_crt_free(&issuer_crt);
mbedtls_x509write_crt_free(&crt);
mbedtls_pk_free(&loaded_subject_key);
diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt
index fc10c63..2ab7ba9 100644
--- a/scripts/ci.requirements.txt
+++ b/scripts/ci.requirements.txt
@@ -2,10 +2,12 @@
-r driver.requirements.txt
+# The dependencies below are only used in scripts that we run on the Linux CI.
+
# Use a known version of Pylint, because new versions tend to add warnings
# that could start rejecting our code.
# 2.4.4 is the version in Ubuntu 20.04. It supports Python >=3.5.
-pylint == 2.4.4
+pylint == 2.4.4; platform_system == 'Linux'
# Use a version of mypy that is compatible with our code base.
# mypy <0.940 is known not to work: see commit
@@ -13,16 +15,14 @@
# mypy >=0.960 is known not to work:
# https://github.com/Mbed-TLS/mbedtls-framework/issues/50
# mypy 0.942 is the version in Ubuntu 22.04.
-mypy == 0.942
+mypy == 0.942; platform_system == 'Linux'
# At the time of writing, only needed for tests/scripts/audit-validity-dates.py.
-# It needs >=35.0.0 for correct operation, and that requires Python >=3.6,
-# but our CI has Python 3.5. So let pip install the newest version that's
-# compatible with the running Python: this way we get something good enough
-# for mypy and pylint under Python 3.5, and we also get something good enough
-# to run audit-validity-dates.py on Python >=3.6.
-cryptography # >= 35.0.0
+# It needs >=35.0.0 for correct operation, and that requires Python >=3.6.
+# >=35.0.0 also requires Rust to build from source, which we are forced to do on
+# FreeBSD, since PyPI doesn't carry binary wheels for the BSDs.
+cryptography >= 35.0.0; platform_system == 'Linux'
# For building `framework/data_files/server9-bad-saltlen.crt` and check python
# files.
-asn1crypto
+asn1crypto; platform_system == 'Linux'
diff --git a/scripts/config.py b/scripts/config.py
index e5182a6..a61e9f6 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -75,7 +75,7 @@
#pylint: disable=line-too-long
'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY
'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency
- 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES
+ 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW
'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256
'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options
'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index 6912679..dab3a0c 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -52,6 +52,10 @@
my @files = glob qq("$crypto_include_dir/*.h");
push(@files, glob qq("$tls_include_dir/*.h"));
+
+push(@files, glob qq("$crypto_include_dir/private/*.h"));
+push(@files, glob qq("$tls_include_dir/private/*.h"));
+
my @necessary_include_files;
my @matches;
foreach my $file (@files) {
@@ -85,7 +89,7 @@
$description =~ s/^\s+//;
$description =~ s/\n( *\*)? */ /g;
$description =~ s/\.?\s+$//;
- push @matches, [$name, $value, $description];
+ push @matches, [$name, $value, $description, scalar($file =~ /^.*private\/[^\/]+$/)];
++$found;
}
if ($found) {
@@ -109,7 +113,7 @@
foreach my $match (@matches)
{
- my ($error_name, $error_code, $description) = @$match;
+ my ($error_name, $error_code, $description, $is_private_header) = @$match;
die "Duplicated error code: $error_code ($error_name)\n"
if( $error_codes_seen{$error_code}++ );
@@ -203,6 +207,11 @@
if ($include_name ne "");
}
${$code_check} .= "\n";
+
+ if ($is_private_header) {
+ $include_name = "private/" . $include_name;
+ }
+
$headers .= "\n#include \"mbedtls/${include_name}.h\"\n".
"#endif\n\n" if ($include_name ne "");
${$old_define_name} = $define_name;
diff --git a/tests/compat.sh b/tests/compat.sh
index 975d8dc..a11fffd 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -599,11 +599,6 @@
*) O_SUPPORT_STATIC_ECDH="NO";;
esac
- case $($OPENSSL ciphers ALL) in
- *DES-CBC-*) O_SUPPORT_SINGLE_DES="YES";;
- *) O_SUPPORT_SINGLE_DES="NO";;
- esac
-
# OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL
# supports -dtls1_2 from the s_server help. (The s_client
# help isn't accurate as of 1.0.2g: it supports DTLS 1.2
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 429a04f..132d53e 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -292,15 +292,15 @@
IGNORED_SUITES = [
# low-level (block/stream) cipher modules
'aes', 'aria', 'camellia', 'des', 'chacha20',
- # AEAD modes and CMAC
- 'ccm', 'chachapoly', 'cmac', 'gcm',
+ # AEAD modes, CMAC and POLY1305
+ 'ccm', 'chachapoly', 'cmac', 'gcm', 'poly1305',
# The Cipher abstraction layer
'cipher',
]
IGNORED_TESTS = {
'test_suite_config': [
re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA|CHACHA20|DES)_.*'),
- re.compile(r'.*\bMBEDTLS_(CCM|CHACHAPOLY|CMAC|GCM)_.*'),
+ re.compile(r'.*\bMBEDTLS_(CCM|CHACHAPOLY|CMAC|GCM|POLY1305)_.*'),
re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'),
re.compile(r'.*\bMBEDTLS_CIPHER_.*'),
],
@@ -568,6 +568,10 @@
'pk', 'pkwrite', 'pkparse'
]
IGNORED_TESTS = {
+ 'test_suite_bignum.misc': [
+ re.compile(r'.*\bmbedtls_mpi_is_prime.*'),
+ re.compile(r'.*\bmbedtls_mpi_gen_prime.*'),
+ ],
'test_suite_config': [
re.compile(r'.*\bMBEDTLS_(PKCS1|RSA)_.*'),
re.compile(r'.*\bMBEDTLS_GENPRIME\b.*')
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 9de7597..bb0375a 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -1429,6 +1429,7 @@
scripts/config.py unset MBEDTLS_RSA_C
scripts/config.py unset MBEDTLS_PKCS1_V15
scripts/config.py unset MBEDTLS_PKCS1_V21
+ scripts/config.py unset MBEDTLS_GENPRIME
# We need PEM parsing in the test library as well to support the import
# of PEM encoded RSA keys.
@@ -1734,53 +1735,6 @@
make test
}
-component_test_psa_crypto_config_accel_des () {
- msg "test: accelerated DES"
-
- # Albeit this components aims at accelerating DES which should only support
- # CBC and ECB modes, we need to accelerate more than that otherwise DES_C
- # would automatically be re-enabled by "config_adjust_legacy_from_psa.c"
- loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 \
- ALG_CTR ALG_CFB ALG_OFB ALG_XTS ALG_CMAC \
- KEY_TYPE_DES"
-
- # Note: we cannot accelerate all ciphers' key types otherwise we would also
- # have to either disable CCM/GCM or accelerate them, but that's out of scope
- # of this component. This limitation will be addressed by #8598.
-
- # Configure
- # ---------
-
- # Start from the full config
- helper_libtestdriver1_adjust_config "full"
-
- # Disable the things that are being accelerated
- scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
- scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7
- scripts/config.py unset MBEDTLS_CIPHER_MODE_CTR
- scripts/config.py unset MBEDTLS_CIPHER_MODE_CFB
- scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB
- scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
- scripts/config.py unset MBEDTLS_DES_C
- scripts/config.py unset MBEDTLS_CMAC_C
-
- # Build
- # -----
-
- helper_libtestdriver1_make_drivers "$loc_accel_list"
-
- helper_libtestdriver1_make_main "$loc_accel_list"
-
- # Make sure this was not re-enabled by accident (additive config)
- not grep mbedtls_des ${BUILTIN_SRC_PATH}/des.o
-
- # Run the tests
- # -------------
-
- msg "test: accelerated DES"
- make test
-}
-
component_test_psa_crypto_config_accel_aead () {
msg "test: accelerated AEAD"
@@ -1841,7 +1795,7 @@
loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \
ALG_OFB ALG_XTS ALG_STREAM_CIPHER ALG_CCM_STAR_NO_TAG \
ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 ALG_CMAC \
- KEY_TYPE_DES KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA"
+ KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA"
# Configure
# ---------
@@ -1864,6 +1818,11 @@
scripts/config.py unset MBEDTLS_ARIA_C
scripts/config.py unset MBEDTLS_CHACHA20_C
scripts/config.py unset MBEDTLS_CAMELLIA_C
+ scripts/config.py unset MBEDTLS_POLY1305_C
+
+ # Disable DES, if it still exists.
+ # This can be removed once we remove DES from the library.
+ scripts/config.py unset PSA_WANT_KEY_TYPE_DES
# Disable CIPHER_C entirely as all ciphers/AEADs are accelerated and PSA
# does not depend on it.
@@ -1878,7 +1837,6 @@
# Make sure this was not re-enabled by accident (additive config)
not grep mbedtls_cipher ${BUILTIN_SRC_PATH}/cipher.o
- not grep mbedtls_des ${BUILTIN_SRC_PATH}/des.o
not grep mbedtls_aes ${BUILTIN_SRC_PATH}/aes.o
not grep mbedtls_aria ${BUILTIN_SRC_PATH}/aria.o
not grep mbedtls_camellia ${BUILTIN_SRC_PATH}/camellia.o
@@ -1886,6 +1844,7 @@
not grep mbedtls_gcm ${BUILTIN_SRC_PATH}/gcm.o
not grep mbedtls_chachapoly ${BUILTIN_SRC_PATH}/chachapoly.o
not grep mbedtls_cmac ${BUILTIN_SRC_PATH}/cmac.o
+ not grep mbedtls_poly1305 ${BUILTIN_SRC_PATH}/poly1305.o
# Run the tests
# -------------
@@ -1894,7 +1853,8 @@
make test
msg "ssl-opt: full config with accelerated cipher inc. AEAD and CMAC"
- tests/ssl-opt.sh
+ # Exclude password-protected key tests — they require built-in CBC and AES.
+ tests/ssl-opt.sh -e "TLS: password protected"
msg "compat.sh: full config with accelerated cipher inc. AEAD and CMAC"
tests/compat.sh -V NO -p mbedTLS
@@ -1904,13 +1864,18 @@
msg "build: full config with non-accelerated cipher inc. AEAD and CMAC"
common_psa_crypto_config_accel_cipher_aead_cmac
+ # Disable DES, if it still exists.
+ # This can be removed once we remove DES from the library.
+ scripts/config.py unset PSA_WANT_KEY_TYPE_DES
+
make
msg "test: full config with non-accelerated cipher inc. AEAD and CMAC"
make test
msg "ssl-opt: full config with non-accelerated cipher inc. AEAD and CMAC"
- tests/ssl-opt.sh
+ # Exclude password-protected key tests as in test_psa_crypto_config_accel_cipher_aead_cmac.
+ tests/ssl-opt.sh -e "TLS: password protected"
msg "compat.sh: full config with non-accelerated cipher inc. AEAD and CMAC"
tests/compat.sh -V NO -p mbedTLS
@@ -2168,7 +2133,7 @@
cd "$MBEDTLS_ROOT_DIR"
msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT"
- # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES,
+ # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW,
# manually set or unset those configurations to check
# MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o.
scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
@@ -2539,7 +2504,7 @@
echo '#error "TF_PSA_CRYPTO_CONFIG_FILE is not working"' >"$CRYPTO_CONFIG_H"
make CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"'"
# Make sure this feature is enabled. We'll disable it in the next phase.
- programs/test/query_compile_time_config MBEDTLS_CMAC_C
+ programs/test/query_compile_time_config PSA_WANT_ALG_CMAC
make clean
msg "build: make with TF_PSA_CRYPTO_CONFIG_FILE + TF_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s
@@ -2550,7 +2515,7 @@
echo '#undef PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128' >> psa_user_config.h
echo '#undef MBEDTLS_CMAC_C' >> psa_user_config.h
make CFLAGS="-I '$PWD' -DTF_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DTF_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'"
- not programs/test/query_compile_time_config MBEDTLS_CMAC_C
+ not programs/test/query_compile_time_config PSA_WANT_ALG_CMAC
rm -f psa_test_config.h psa_user_config.h
}
@@ -2585,3 +2550,18 @@
msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s
make test
}
+
+component_test_xts () {
+ # Component dedicated to run XTS unit test cases while XTS is not
+ # supported through the PSA API.
+ msg "build: Default + MBEDTLS_CIPHER_MODE_XTS"
+
+ echo "#define MBEDTLS_CIPHER_MODE_XTS" > psa_user_config.h
+ cmake -DTF_PSA_CRYPTO_USER_CONFIG_FILE="psa_user_config.h"
+ make
+
+ rm -f psa_user_config.h
+
+ msg "test: Default + MBEDTLS_CIPHER_MODE_XTS"
+ make test
+}
diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh
index 6b3f9c2..ff83157 100644
--- a/tests/scripts/components-configuration-tls.sh
+++ b/tests/scripts/components-configuration-tls.sh
@@ -63,7 +63,7 @@
# Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
- # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia))
# Note: The unset below is to be removed for 4.0
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
@@ -96,7 +96,7 @@
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
#Disable TLS 1.3 (as no AEAD)
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia))
scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
@@ -129,7 +129,7 @@
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
#Disable TLS 1.3 (as no AEAD)
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia))
scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING
# Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 0cb5537..7fccb20 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -109,6 +109,12 @@
value can be either True/False (set/unset config option), or a string,
which will make a symbol defined with a certain value."""
if not option_exists(conf, option):
+ if value is False:
+ log_line(
+ f'Warning, disabling {option} that does not exist in {conf.filename}',
+ color=colors.cyan
+ )
+ return True
log_line('Symbol {} was not found in {}'.format(option, conf.filename), color=colors.red)
return False
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 5b2425b..c667cd1 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -559,7 +559,7 @@
# we aren't currently running ssl-opt.sh in configurations
# where partial RSA support is a problem, so generically, we
# just require RSA and it works out for our tests so far.
- requires_config_enabled "MBEDTLS_RSA_C"
+ requires_config_enabled "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC"
esac
unset tmp
@@ -2201,8 +2201,7 @@
# - the expected parameters are selected
requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
requires_hash_alg SHA_512 # "signature_algorithm ext: 6"
-requires_any_configs_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED \
- PSA_WANT_ECC_MONTGOMERY_255
+requires_config_enabled PSA_WANT_ECC_MONTGOMERY_255
run_test "Default, TLS 1.2" \
"$P_SRV debug_level=3" \
"$P_CLI force_version=tls12" \
@@ -2245,9 +2244,10 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM
-# module does not support PSA dispatching so we need builtin support.
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_AES_C
+# module does not support PSA dispatching so we need builtin support. With the
+# removal of the legacy cryptography configuration options, there is currently
+# no way to express this dependency. This test fails if run in a configuration
+# where the built-in implementation of CBC or AES is not present.
requires_hash_alg MD5
requires_hash_alg SHA_256
run_test "TLS: password protected client key" \
@@ -2257,9 +2257,10 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM
-# module does not support PSA dispatching so we need builtin support.
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_AES_C
+# module does not support PSA dispatching so we need builtin support. With the
+# removal of the legacy cryptography configuration options, there is currently
+# no way to express this dependency. This test fails if run in a configuration
+# where the built-in implementation of CBC or AES is not present.
requires_hash_alg MD5
requires_hash_alg SHA_256
run_test "TLS: password protected server key" \
@@ -2268,11 +2269,12 @@
0
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM
-# module does not support PSA dispatching so we need builtin support.
-requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
-requires_config_enabled MBEDTLS_AES_C
+# module does not support PSA dispatching so we need builtin support. With the
+# removal of the legacy cryptography configuration options, there is currently
+# no way to express this dependency. This test fails if run in a configuration
+# where the built-in implementation of CBC or AES is not present.
requires_hash_alg MD5
requires_hash_alg SHA_256
run_test "TLS: password protected server key, two certificates" \
@@ -2321,7 +2323,7 @@
# Test using a RSA opaque private key for client authentication
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
requires_hash_alg SHA_256
run_test "Opaque key for client authentication: ECDHE-RSA" \
@@ -2370,7 +2372,7 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \
@@ -2385,7 +2387,7 @@
-c "Public key type mismatch"
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \
@@ -2468,7 +2470,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3 opaque key: no suitable algorithm found" \
@@ -2481,7 +2483,7 @@
-s "no suitable signature algorithm"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3 opaque key: suitable algorithm found" \
@@ -2494,7 +2496,7 @@
-S "error"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3 opaque key: first client sig alg not suitable" \
@@ -2508,7 +2510,7 @@
-S "error" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \
@@ -2522,7 +2524,7 @@
# Test using a RSA opaque private key for server authentication
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: ECDHE-RSA" \
@@ -2538,7 +2540,7 @@
-C "error"
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
run_test "Opaque key for server authentication: ECDHE-RSA, PSS instead of PKCS1" \
@@ -2553,7 +2555,7 @@
-c "error"
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_hash_alg SHA_256
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@@ -2573,7 +2575,7 @@
-C "error"
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
requires_hash_alg SHA_384
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
@@ -2613,7 +2615,7 @@
# Test using a RSA opaque private key for client/server authentication
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
run_test "Opaque key for client/server authentication: ECDHE-RSA" \
@@ -2682,8 +2684,7 @@
-U "IV used"
# Test for correctness of sent single supported algorithm
-requires_any_configs_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED \
- PSA_WANT_ECC_SECP_R1_256
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_SRV_C
@@ -2698,8 +2699,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_any_configs_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED \
- PSA_WANT_ECC_SECP_R1_256
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
requires_hash_alg SHA_256
run_test "Single supported algorithm sending: openssl client" \
"$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \
@@ -2748,7 +2748,7 @@
0
requires_hash_alg SHA_1
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
run_test "SHA-1 forbidden by default in client certificate" \
"$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \
"$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha1.crt" \
@@ -2756,13 +2756,13 @@
-s "The certificate is signed with an unacceptable hash"
requires_hash_alg SHA_1
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
run_test "SHA-1 explicitly allowed in client certificate" \
"$P_SRV force_version=tls12 auth_mode=required allow_sha1=1" \
"$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha1.crt" \
0
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_hash_alg SHA_256
run_test "SHA-256 allowed by default in client certificate" \
"$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \
@@ -9405,7 +9405,7 @@
# Force the use of a curve that supports restartable ECC (secp256r1).
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: TLS, default" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -9418,7 +9418,7 @@
-C "mbedtls_pk_sign.*\(4b00\|-248\)"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: TLS, max_ops=0" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -9431,7 +9431,7 @@
-C "mbedtls_pk_sign.*\(4b00\|-248\)"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: TLS, max_ops=65535" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -9458,7 +9458,7 @@
# With USE_PSA disabled we expect full restartable behaviour.
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
skip_next_test
run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required" \
@@ -9474,7 +9474,7 @@
# With USE_PSA enabled we expect only partial restartable behaviour:
# everything except ECDH (where TLS calls PSA directly).
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -9489,7 +9489,7 @@
# This works the same with & without USE_PSA as we never get to ECDH:
# we abort as soon as we determined the cert is bad.
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: TLS, max_ops=1000, badsign" \
"$P_SRV groups=secp256r1 auth_mode=required \
crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -9508,7 +9508,7 @@
# With USE_PSA disabled we expect full restartable behaviour.
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
skip_next_test
run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required \
@@ -9529,7 +9529,7 @@
# With USE_PSA enabled we expect only partial restartable behaviour:
# everything except ECDH (where TLS calls PSA directly).
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required \
crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -9548,7 +9548,7 @@
# With USE_PSA disabled we expect full restartable behaviour.
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
skip_next_test
run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required \
@@ -9569,7 +9569,7 @@
# With USE_PSA enabled we expect only partial restartable behaviour:
# everything except ECDH (where TLS calls PSA directly).
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required \
crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -9588,7 +9588,7 @@
# With USE_PSA disabled we expect full restartable behaviour.
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
skip_next_test
run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
@@ -9604,7 +9604,7 @@
# With USE_PSA enabled we expect only partial restartable behaviour:
# everything except ECDH (where TLS calls PSA directly).
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -9618,7 +9618,7 @@
# With USE_PSA disabled we expect full restartable behaviour.
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
skip_next_test
run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \
"$P_SRV groups=secp256r1" \
@@ -9634,7 +9634,7 @@
# With USE_PSA enabled we expect only partial restartable behaviour:
# everything except ECDH (where TLS calls PSA directly).
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \
"$P_SRV groups=secp256r1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -9650,7 +9650,7 @@
# This is the same as "EC restart: TLS, max_ops=1000" except with ECDHE-RSA,
# and all 4 assertions negated.
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
@@ -10187,7 +10187,7 @@
# All those tests assume MAX_CONTENT_LEN is at least 2048
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@@ -10208,7 +10208,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@@ -10233,7 +10233,7 @@
# test can't be replicated with an MTU proxy such as the one
# `client-initiated, server only (max_frag_len)` below.
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@@ -10254,7 +10254,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@@ -10282,7 +10282,7 @@
# The next test checks that no datagrams significantly larger than the
# negotiated MFL are sent.
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@@ -10304,7 +10304,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@@ -10332,7 +10332,7 @@
# The next test checks that no datagrams significantly larger than the
# negotiated MFL are sent.
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@@ -10354,7 +10354,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: none (for reference) (MTU)" \
@@ -10374,7 +10374,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: client (MTU)" \
@@ -10394,7 +10394,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: server (MTU)" \
@@ -10414,7 +10414,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: both (MTU=1024)" \
@@ -10436,7 +10436,7 @@
# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_hash_alg SHA_256
requires_max_content_len 2048
run_test "DTLS fragmenting: both (MTU=512)" \
@@ -10465,7 +10465,7 @@
# hence the ratio of 8.
not_with_valgrind
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \
-p "$P_PXY mtu=508" \
@@ -10486,7 +10486,7 @@
# Forcing ciphersuite for this test to fit the MTU of 508 with full config.
only_with_valgrind
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \
-p "$P_PXY mtu=508" \
@@ -10509,7 +10509,7 @@
# a HelloVerifyRequest, so only check for no retransmission server-side
not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \
@@ -10536,7 +10536,7 @@
# a HelloVerifyRequest, so only check for no retransmission server-side
not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
-p "$P_PXY mtu=512" \
@@ -10559,7 +10559,7 @@
not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \
@@ -10583,7 +10583,7 @@
# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
-p "$P_PXY mtu=512" \
@@ -10616,7 +10616,7 @@
# resumed listening, which would result in a spurious autoreduction.
not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
-p "$P_PXY mtu=1450" \
@@ -10641,7 +10641,7 @@
# slow to reset, therefore omitting '-C "autoreduction"' below.
not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_max_content_len 2048
@@ -10670,7 +10670,7 @@
# slow to reset, therefore omitting '-C "autoreduction"' below.
not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_max_content_len 2048
@@ -10699,7 +10699,7 @@
# slow to reset, therefore omitting '-C "autoreduction"' below.
not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_max_content_len 2048
@@ -10728,7 +10728,7 @@
# slow to reset, therefore omitting '-C "autoreduction"' below.
not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
@@ -10758,7 +10758,7 @@
# slow to reset, therefore omitting '-C "autoreduction"' below.
not_with_valgrind # spurious autoreduction due to timeout
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_max_content_len 2048
@@ -10785,7 +10785,7 @@
# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 2
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU + 3d" \
@@ -10806,7 +10806,7 @@
# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 2
requires_max_content_len 2048
run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
@@ -10830,7 +10830,7 @@
# here and below we just want to test that the we fragment in a way that
# pleases other implementations, so we don't need the peer to fragment
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_gnutls
requires_max_content_len 2048
run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
@@ -10851,7 +10851,7 @@
# certificate validation fail, but passing --insecure makes
# GnuTLS continue the connection nonetheless.
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_gnutls
requires_not_i686
requires_max_content_len 2048
@@ -10865,7 +10865,7 @@
-s "fragmenting handshake message"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048
run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
"$O_SRV -dtls1_2 -verify 10" \
@@ -10878,7 +10878,7 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_max_content_len 2048
run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
@@ -10895,7 +10895,7 @@
# pleases other implementations, so we don't need the peer to fragment
requires_gnutls_next
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
@@ -10911,7 +10911,7 @@
requires_gnutls_next
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
@@ -10928,7 +10928,7 @@
## it might trigger a bug due to openssl server (https://github.com/openssl/openssl/issues/6902)
requires_openssl_next
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
@@ -10946,7 +10946,7 @@
## The cause is an openssl bug (https://github.com/openssl/openssl/issues/18887)
skip_next_test
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
client_needs_more_time 4
requires_max_content_len 2048
run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
@@ -12466,7 +12466,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
@@ -12482,7 +12482,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
@@ -12497,7 +12497,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
@@ -12513,7 +12513,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
@@ -12528,7 +12528,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
@@ -12544,7 +12544,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
@@ -12559,7 +12559,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10
@@ -12576,7 +12576,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \
@@ -12707,7 +12707,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
@@ -12723,7 +12723,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
@@ -12738,7 +12738,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
@@ -12754,7 +12754,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
@@ -12769,7 +12769,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
@@ -12785,7 +12785,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
@@ -12800,7 +12800,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10
@@ -12817,7 +12817,7 @@
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index e4e08da..4dcd967 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -254,6 +254,27 @@
X509 String to Names #20 (Reject empty AttributeValue)
mbedtls_x509_string_to_names:"C=NL, O=, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME:0
+# Note: the behaviour is incorrect, output from string->names->string should be
+# the same as the input, rather than just the last component, see
+# https://github.com/Mbed-TLS/mbedtls/issues/10189
+# Still including tests for the current incorrect behaviour because of the
+# variants below where we want to ensure at least that no memory corruption
+# happens (which would be a lot worse than just a functional bug).
+X509 String to Names (repeated OID)
+mbedtls_x509_string_to_names:"CN=ab,CN=cd,CN=ef":"CN=ef":0:0
+
+# Note: when a value starts with a # sign, it's treated as the hex encoding of
+# the DER encoding of the value. Here, 0400 is a zero-length OCTET STRING.
+# The tag actually doesn't matter for our purposes, only the length.
+X509 String to Names (repeated OID, 1st is zero-length)
+mbedtls_x509_string_to_names:"CN=#0400,CN=cd,CN=ef":"CN=ef":0:0
+
+X509 String to Names (repeated OID, middle is zero-length)
+mbedtls_x509_string_to_names:"CN=ab,CN=#0400,CN=ef":"CN=ef":0:0
+
+X509 String to Names (repeated OID, last is zero-length)
+mbedtls_x509_string_to_names:"CN=ab,CN=cd,CN=#0400":"CN=#0000":0:MAY_FAIL_GET_NAME
+
X509 Round trip test (Escaped characters)
mbedtls_x509_string_to_names:"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":0:0
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 51a5d37..224768a 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -670,6 +670,11 @@
TEST_LE_S(1, ret);
TEST_ASSERT(strcmp((char *) out, parsed_name) == 0);
+ /* Check that calling a 2nd time with the same param (now non-NULL)
+ * returns an error as expected. */
+ ret = mbedtls_x509_string_to_names(&names, name);
+ TEST_EQUAL(ret, MBEDTLS_ERR_X509_BAD_INPUT_DATA);
+
exit:
mbedtls_asn1_free_named_data_list(&names);
diff --git a/tf-psa-crypto b/tf-psa-crypto
index 3308677..b1c98eb 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit 3308677734bdb15d51abc652c2930b16d218470f
+Subproject commit b1c98ebee82c1056cec0f64e24f1b780a5889a0d