Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..ceb59d7
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,2 @@
+# Classify all '.function' files as C for syntax highlighting purposes
+*.function linguist-language=C
diff --git a/ChangeLog.d/driver-only-hashes.txt b/ChangeLog.d/driver-only-hashes.txt
new file mode 100644
index 0000000..2062bcb
--- /dev/null
+++ b/ChangeLog.d/driver-only-hashes.txt
@@ -0,0 +1,20 @@
+Features
+ * Some crypto modules that previously depended on MD or a low-level hash
+ module, either unconditionally (RSA, PK, PKCS5, PKCS12, EC J-PAKE), or
+ for some features (PEM for encrypted files), are now able to use PSA
+ Crypto instead when the legacy API is not available. This means it is
+ now possible to use all features from those modules in configurations
+ where the built-in implementations of hashes are excluded and the hashes
+ are only provided by PSA drivers. In these configurations, you need to
+ call `psa_crypto_init()` before you call any function from those
+ modules; this is not required in configurations where the built-in
+ implementation is still available. Note that some crypto modules and
+ features still depend on the built-in implementation of hashes:
+ MBEDTLS_HKDF_C (but the PSA HKDF function do not depend on it),
+ MBEDTLS_ENTROPY_C, MBEDTLS_HMAC_DRBG_C and MBEDTLS_ECDSA_DETERMINISTIC.
+ In particular, for now, compiling without built-in hashes requires use
+ of MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
+ * When MBEDTLS_USE_PSA_CRYPTO is enabled, X.509, TLS 1.2 and TLS 1.3 no
+ longer depend on MD. This means it is now possible to use them in
+ configurations where the built-in implementations of hashes are excluded
+ and the hashes are only provided by PSA drivers.
diff --git a/docs/architecture/psa-migration/psa-limitations.md b/docs/architecture/psa-migration/psa-limitations.md
index e2efeb9..e565b28 100644
--- a/docs/architecture/psa-migration/psa-limitations.md
+++ b/docs/architecture/psa-migration/psa-limitations.md
@@ -29,11 +29,6 @@
[ffdh]: https://github.com/Mbed-TLS/mbedtls/issues/3261
-PSA Crypto has an experimental API for EC J-PAKE, but it's not implemented in
-Mbed TLS yet. See the [EC J-PAKE follow-up EPIC][ecjp] on github.
-
-[ecjp]: https://github.com/orgs/Mbed-TLS/projects/1#column-17950140
-
Arbitrary parameters for FFDH
-----------------------------
diff --git a/docs/architecture/psa-migration/strategy.md b/docs/architecture/psa-migration/strategy.md
index 8d2d59f..0ad5fa0 100644
--- a/docs/architecture/psa-migration/strategy.md
+++ b/docs/architecture/psa-migration/strategy.md
@@ -345,19 +345,29 @@
only be included in the build if it is possible to use that hash in some way.
In order to cater to these new needs, new families of macros are introduced in
-`library/legacy_or_psa.h`, see its documentation for details.
+`legacy_or_psa.h`, see its documentation for details.
It should be noted that there are currently:
- too many different ways of computing a hash (low-level, MD, PSA);
- too many different ways to configure the library that influence which of
these ways is available and will be used (`MBEDTLS_USE_PSA_CRYPTO`,
-`MBEDTLS_PSA_CRYPTO_CONFIG`, `mbedtls_config.h` + `psa/crypto_config.h`).
+ `MBEDTLS_PSA_CRYPTO_CONFIG`, `mbedtls_config.h` + `psa/crypto_config.h`).
As a result, we need more families of dependency macros than we'd like to.
This is a temporary situation until we move to a place where everything is
based on PSA Crypto. In the meantime, long and explicit names where chosen for
the new macros in the hope of avoiding confusion.
+Note: the new macros supplement but do not replace the existing macros:
+- code that always uses PSA Crypto (for example, code specific to TLS 1.3)
+ should use `PSA_WANT_xxx`;
+- code that always uses the legacy API (for example, crypto modules that have
+ not undergone step 1 yet) should use `MBEDTLS_xxx_C`;
+- code that may use one of the two APIs, either based on
+ `MBEDTLS_USE_PSA_CRYPTO` (X.509, TLS 1.2, shared between TLS 1.2 and 1.3),
+ or based on availability (crypto modules after step 1), should use one of
+ the new macros from `legacy_or_psa.h`.
+
Executing step 3 will mostly consist of using the right dependency macros in
the right places (once the previous steps are done).
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index fa70058..1038706 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -320,11 +320,20 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- ( !defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) || \
+ ( !defined(MBEDTLS_ECJPAKE_C) || \
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
#endif
+/* Use of EC J-PAKE in TLS requires SHA-256.
+ * This will be taken from MD if it is present, or from PSA if MD is absent.
+ * Note: ECJPAKE_C depends on MD_C || PSA_CRYPTO_C. */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
+ !( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) && \
+ !( !defined(MBEDTLS_MD_C) && defined(PSA_WANT_ALG_SHA_256) )
+#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
( !defined(MBEDTLS_SHA256_C) && \
diff --git a/library/legacy_or_psa.h b/include/mbedtls/legacy_or_psa.h
similarity index 87%
rename from library/legacy_or_psa.h
rename to include/mbedtls/legacy_or_psa.h
index be0f33f..2156be9 100644
--- a/library/legacy_or_psa.h
+++ b/include/mbedtls/legacy_or_psa.h
@@ -1,6 +1,6 @@
/**
- * Internal macros to express dependencies for code and tests
- * that may use either the legacy API or PSA in various builds.
+ * Macros to express dependencies for code and tests that may use either the
+ * legacy API or PSA in various builds; mostly for internal use.
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
@@ -19,6 +19,18 @@
*/
/*
+ * Note: applications that are targeting a specific configuration do not need
+ * to use these macros; instead they should directly use the functions they
+ * know are available in their configuration.
+ *
+ * Note: code that is purely based on PSA Crypto (psa_xxx() functions)
+ * does not need to use these macros; instead it should use the relevant
+ * PSA_WANT_xxx macros.
+ *
+ * Note: code that is purely based on the legacy crypto APIs (mbedtls_xxx())
+ * does not need to use these macros; instead it should use the relevant
+ * MBEDTLS_xxx macros.
+ *
* These macros are for code that wants to use <crypto feature> and will do so
* using <legacy API> or PSA depending on <condition>, where:
* - <crypto feature> will generally be an algorithm (SHA-256, ECDH) but may
@@ -36,15 +48,10 @@
* - TLS 1.2 will compute hashes using either mbedtls_md_xxx() (and
* mbedtls_sha256_xxx()) or psa_aead_xxx() depending on whether
* MBEDTLS_USE_PSA_CRYPTO is defined;
- * - RSA PKCS#1 v2.1 will, in the near future*, compute hashes (for padding)
- * using either `mbedtls_md()` if it's available, or `psa_hash_compute()`
- * otherwise;
- * - PEM decoding of PEM-encrypted keys will, in the near future*, compute MD5
- * hashes using either `mbedtls_md5_xxx()` if it's available, or
- * `psa_hash_xxx()` otherwise.
- * *See docs/architecture/psa-migration/strategy.md, section "Supporting
- * builds with drivers without the software implementation", strategy for step
- * 1 (libmbedcrypto except the RNG subsystem).
+ * - RSA PKCS#1 v2.1 will compute hashes (for padding) using either
+ * `mbedtls_md()` if it's available, or `psa_hash_compute()` otherwise;
+ * - PEM decoding of PEM-encrypted keys will compute MD5 hashes using either
+ * `mbedtls_md5_xxx()` if it's available, or `psa_hash_xxx()` otherwise.
*
* Note: the macros are essential to express test dependencies. Inside code,
* we could instead just use the equivalent pre-processor condition, but
@@ -70,9 +77,9 @@
* MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA
*
* Note: every time it's possible to use, say SHA-256, via the MD API, then
- * it's also possible to used it via the low-level API. So, code that wants to
+ * it's also possible to use it via the low-level API. So, code that wants to
* use SHA-256 via both APIs only needs to depend on the MD macro. Also, it
- * just so happens that all the choosing which API to use based on
+ * just so happens that all the code choosing which API to use based on
* MBEDTLS_USE_PSA_CRYPTO (X.509, TLS 1.2/shared), always uses the abstraction
* layer (sometimes in addition to the low-level API), so we don't need the
* MBEDTLS_HAS_feature_VIA_LOWLEVEL_OR_PSA_BASED_ON_USE_PSA macros.
@@ -89,7 +96,7 @@
#ifndef MBEDTLS_OR_PSA_HELPERS_H
#define MBEDTLS_OR_PSA_HELPERS_H
-#include "common.h"
+#include "mbedtls/build_info.h"
#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "psa/crypto.h"
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 3df1677..9e8ae37 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -958,7 +958,7 @@
* might still happen. For this reason, this is disabled by default.
*
* Requires: MBEDTLS_ECJPAKE_C
- * MBEDTLS_SHA256_C
+ * SHA-256 (via MD if present, or via PSA, see MBEDTLS_ECJPAKE_C)
* MBEDTLS_ECP_DP_SECP256R1_ENABLED
*
* This enables the following ciphersuites (if other requisites are
@@ -1492,13 +1492,14 @@
*
* Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
*
- * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
- * (Depends on ciphersuites) when MBEDTLS_USE_PSA_CRYPTO
- * is not defined, PSA_WANT_ALG_SHA_1 or PSA_WANT_ALG_SHA_256 or
- * PSA_WANT_ALG_SHA_512 when MBEDTLS_USE_PSA_CRYPTO is defined.
+ * Requires: Without MBEDTLS_USE_PSA_CRYPTO: MBEDTLS_MD_C and
+ * (MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C)
+ * With MBEDTLS_USE_PSA_CRYPTO:
+ * PSA_WANT_ALG_SHA_1 or PSA_WANT_ALG_SHA_256 or
+ * PSA_WANT_ALG_SHA_512
*
- * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
- * before doing any TLS operation.
+ * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
+ * psa_crypto_init() before doing any TLS operations.
*
* Comment this macro to disable support for TLS 1.2 / DTLS 1.2
*/
@@ -1517,11 +1518,11 @@
* Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
* Requires: MBEDTLS_PSA_CRYPTO_C
*
- * Note: even though TLS 1.3 depends on PSA Crypto, if you want it to only use
- * PSA for all crypto operations, you need to also enable
- * MBEDTLS_USE_PSA_CRYPTO; otherwise X.509 operations, and functions that are
- * common with TLS 1.2 (record protection, running handshake hash) will still
- * use non-PSA crypto.
+ * Note: even though TLS 1.3 depends on PSA Crypto, and uses it unconditonally
+ * for most operations, if you want it to only use PSA for all crypto
+ * operations, you need to also enable MBEDTLS_USE_PSA_CRYPTO; otherwise X.509
+ * operations, and functions that are common with TLS 1.2 (record protection,
+ * running handshake hash) will still use non-PSA crypto.
*
* Uncomment this macro to enable the support for TLS 1.3.
*/
@@ -2367,7 +2368,7 @@
* This module is used by the following key exchanges:
* ECJPAKE
*
- * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
+ * Requires: MBEDTLS_ECP_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C
*
* \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
* before doing any EC J-PAKE operations.
@@ -2684,7 +2685,10 @@
*
* Module: library/pkcs5.c
*
- * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ * Requires: MBEDTLS_CIPHER_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C.
+ *
+ * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
+ * before doing any PKCS5 operation.
*
* This module adds support for the PKCS#5 functions.
*/
@@ -3166,8 +3170,8 @@
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
* (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO)
*
- * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
- * before doing any X.509 operation.
+ * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
+ * psa_crypto_init() before doing any X.509 operation.
*
* This module is required for the X.509 parsing modules.
*/
@@ -3227,8 +3231,8 @@
* Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
* (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO)
*
- * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
- * before doing any X.509 create operation.
+ * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
+ * psa_crypto_init() before doing any X.509 create operation.
*
* This module is the basis for creating X.509 certificates and CSRs.
*/
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 0517e37..eda6bc2 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -52,9 +52,7 @@
#include "mbedtls/platform_time.h"
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* SSL Error codes
@@ -629,11 +627,7 @@
#define MBEDTLS_PREMASTER_SIZE sizeof( union mbedtls_ssl_premaster_secret )
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define MBEDTLS_TLS1_3_MD_MAX_SIZE PSA_HASH_MAX_SIZE
-#else
-#define MBEDTLS_TLS1_3_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Length in number of bytes of the TLS sequence number */
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 1ddc997..add6b03 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -24,6 +24,7 @@
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
+#include "mbedtls/legacy_or_psa.h"
#include "mbedtls/x509.h"
#include "mbedtls/x509_crl.h"
@@ -1108,7 +1109,7 @@
int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
int is_ca, int max_pathlen );
-#if defined(MBEDTLS_SHA1_C) || ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) )
+#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
/**
* \brief Set the subjectKeyIdentifier extension for a CRT
* Requires that mbedtls_x509write_crt_set_subject_key() has been
@@ -1130,7 +1131,7 @@
* \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
*/
int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
-#endif /* MBEDTLS_SHA1_C || (MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_1)*/
+#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */
/**
* \brief Set the Key Usage Extension flags
diff --git a/library/aes.c b/library/aes.c
index ca94e0a..03eccef 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -51,12 +51,6 @@
#if !defined(MBEDTLS_AES_ALT)
-/* Parameter validation macros based on platform_util.h */
-#define AES_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA )
-#define AES_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if defined(MBEDTLS_PADLOCK_C) && \
( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
static int aes_padlock_ace = -1;
@@ -489,8 +483,6 @@
void mbedtls_aes_init( mbedtls_aes_context *ctx )
{
- AES_VALIDATE( ctx != NULL );
-
memset( ctx, 0, sizeof( mbedtls_aes_context ) );
}
@@ -505,8 +497,6 @@
#if defined(MBEDTLS_CIPHER_MODE_XTS)
void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx )
{
- AES_VALIDATE( ctx != NULL );
-
mbedtls_aes_init( &ctx->crypt );
mbedtls_aes_init( &ctx->tweak );
}
@@ -531,9 +521,6 @@
unsigned int i;
uint32_t *RK;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( key != NULL );
-
switch( keybits )
{
case 128: ctx->nr = 10; break;
@@ -649,9 +636,6 @@
uint32_t *RK;
uint32_t *SK;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( key != NULL );
-
mbedtls_aes_init( &cty );
ctx->rk_offset = 0;
@@ -743,9 +727,6 @@
const unsigned char *key1, *key2;
unsigned int key1bits, key2bits;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( key != NULL );
-
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
&key2, &key2bits );
if( ret != 0 )
@@ -768,9 +749,6 @@
const unsigned char *key1, *key2;
unsigned int key1bits, key2bits;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( key != NULL );
-
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
&key2, &key2bits );
if( ret != 0 )
@@ -970,11 +948,8 @@
const unsigned char input[16],
unsigned char output[16] )
{
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
+ if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
@@ -1014,12 +989,8 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char temp[16];
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
- AES_VALIDATE_RET( iv != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
+ if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
if( length % 16 )
return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
@@ -1123,12 +1094,8 @@
unsigned char prev_tweak[16];
unsigned char tmp[16];
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
- AES_VALIDATE_RET( data_unit != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
+ if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
/* Data units must be at least 16 bytes long. */
if( length < 16 )
@@ -1232,13 +1199,8 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
- AES_VALIDATE_RET( iv_off != NULL );
- AES_VALIDATE_RET( iv != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
+ if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
n = *iv_off;
@@ -1301,12 +1263,8 @@
unsigned char c;
unsigned char ov[17];
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
- mode == MBEDTLS_AES_DECRYPT );
- AES_VALIDATE_RET( iv != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
+ if( mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT )
+ return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
while( length-- )
{
memcpy( ov, iv, 16 );
@@ -1345,12 +1303,6 @@
int ret = 0;
size_t n;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( iv_off != NULL );
- AES_VALIDATE_RET( iv != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
-
n = *iv_off;
if( n > 15 )
@@ -1392,13 +1344,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
- AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( nc_off != NULL );
- AES_VALIDATE_RET( nonce_counter != NULL );
- AES_VALIDATE_RET( stream_block != NULL );
- AES_VALIDATE_RET( input != NULL );
- AES_VALIDATE_RET( output != NULL );
-
n = *nc_off;
if ( n > 0x0F )
diff --git a/library/camellia.c b/library/camellia.c
index 29d730a..c29e6c1 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -43,12 +43,6 @@
#if !defined(MBEDTLS_CAMELLIA_ALT)
-/* Parameter validation macros */
-#define CAMELLIA_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA )
-#define CAMELLIA_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
static const unsigned char SIGMA_CHARS[6][8] =
{
{ 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
@@ -298,7 +292,6 @@
void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
{
- CAMELLIA_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_camellia_context ) );
}
@@ -325,9 +318,6 @@
uint32_t KC[16];
uint32_t TK[20];
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( key != NULL );
-
RK = ctx->rk;
memset( t, 0, 64 );
@@ -431,8 +421,6 @@
mbedtls_camellia_context cty;
uint32_t *RK;
uint32_t *SK;
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( key != NULL );
mbedtls_camellia_init( &cty );
@@ -480,11 +468,8 @@
{
int NR;
uint32_t *RK, X[4];
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
- mode == MBEDTLS_CAMELLIA_DECRYPT );
- CAMELLIA_VALIDATE_RET( input != NULL );
- CAMELLIA_VALIDATE_RET( output != NULL );
+ if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
+ return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
( (void) mode );
@@ -550,12 +535,8 @@
{
int i;
unsigned char temp[16];
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
- mode == MBEDTLS_CAMELLIA_DECRYPT );
- CAMELLIA_VALIDATE_RET( iv != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
+ if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
+ return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
if( length % 16 )
return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
@@ -611,13 +592,8 @@
{
int c;
size_t n;
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
- mode == MBEDTLS_CAMELLIA_DECRYPT );
- CAMELLIA_VALIDATE_RET( iv != NULL );
- CAMELLIA_VALIDATE_RET( iv_off != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
+ if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
+ return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
n = *iv_off;
if( n >= 16 )
@@ -670,12 +646,6 @@
{
int c, i;
size_t n;
- CAMELLIA_VALIDATE_RET( ctx != NULL );
- CAMELLIA_VALIDATE_RET( nonce_counter != NULL );
- CAMELLIA_VALIDATE_RET( stream_block != NULL );
- CAMELLIA_VALIDATE_RET( nc_off != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || input != NULL );
- CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
n = *nc_off;
if( n >= 16 )
diff --git a/library/chacha20.c b/library/chacha20.c
index 658f046..f6d6e25 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -48,12 +48,6 @@
#define inline __inline
#endif
-/* Parameter validation macros */
-#define CHACHA20_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
-#define CHACHA20_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
#define ROTL32( value, amount ) \
( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) )
@@ -172,8 +166,6 @@
void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
{
- CHACHA20_VALIDATE( ctx != NULL );
-
mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
@@ -192,9 +184,6 @@
int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
const unsigned char key[32] )
{
- CHACHA20_VALIDATE_RET( ctx != NULL );
- CHACHA20_VALIDATE_RET( key != NULL );
-
/* ChaCha20 constants - the string "expand 32-byte k" */
ctx->state[0] = 0x61707865;
ctx->state[1] = 0x3320646e;
@@ -218,9 +207,6 @@
const unsigned char nonce[12],
uint32_t counter )
{
- CHACHA20_VALIDATE_RET( ctx != NULL );
- CHACHA20_VALIDATE_RET( nonce != NULL );
-
/* Counter */
ctx->state[12] = counter;
@@ -245,10 +231,6 @@
size_t offset = 0U;
size_t i;
- CHACHA20_VALIDATE_RET( ctx != NULL );
- CHACHA20_VALIDATE_RET( size == 0 || input != NULL );
- CHACHA20_VALIDATE_RET( size == 0 || output != NULL );
-
/* Use leftover keystream bytes, if available */
while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES )
{
@@ -312,11 +294,6 @@
mbedtls_chacha20_context ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- CHACHA20_VALIDATE_RET( key != NULL );
- CHACHA20_VALIDATE_RET( nonce != NULL );
- CHACHA20_VALIDATE_RET( data_len == 0 || input != NULL );
- CHACHA20_VALIDATE_RET( data_len == 0 || output != NULL );
-
mbedtls_chacha20_init( &ctx );
ret = mbedtls_chacha20_setkey( &ctx, key );
diff --git a/library/cipher.c b/library/cipher.c
index 0bac4ee..752d1fe 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -70,11 +70,6 @@
#define mbedtls_free free
#endif
-#define CIPHER_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA )
-#define CIPHER_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
static int supported_init = 0;
const int *mbedtls_cipher_list( void )
@@ -143,7 +138,6 @@
void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx )
{
- CIPHER_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
}
@@ -193,7 +187,6 @@
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
if( cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -257,10 +250,8 @@
int key_bitlen,
const mbedtls_operation_t operation )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( key != NULL );
- CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT ||
- operation == MBEDTLS_DECRYPT );
+ if( operation != MBEDTLS_ENCRYPT && operation != MBEDTLS_DECRYPT )
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -356,8 +347,6 @@
{
size_t actual_iv_size;
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -453,7 +442,6 @@
int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -475,8 +463,6 @@
int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -529,10 +515,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t block_size;
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
- CIPHER_VALIDATE_RET( output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -952,9 +934,6 @@
int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
unsigned char *output, size_t *olen )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -1054,8 +1033,6 @@
int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
mbedtls_cipher_padding_t mode )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
-
if( NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
{
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -1117,8 +1094,6 @@
int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
unsigned char *tag, size_t tag_len )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -1168,8 +1143,6 @@
unsigned char check_tag[16];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
if( ctx->cipher_info == NULL )
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
@@ -1261,12 +1234,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t finish_olen;
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
- CIPHER_VALIDATE_RET( output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
-
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( ctx->psa_enabled == 1 )
{
@@ -1542,13 +1509,6 @@
unsigned char *output, size_t output_len,
size_t *olen, size_t tag_len )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
- CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
- CIPHER_VALIDATE_RET( output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
-
#if defined(MBEDTLS_NIST_KW_C)
if(
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -1598,13 +1558,6 @@
unsigned char *output, size_t output_len,
size_t *olen, size_t tag_len )
{
- CIPHER_VALIDATE_RET( ctx != NULL );
- CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
- CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
- CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
- CIPHER_VALIDATE_RET( output_len == 0 || output != NULL );
- CIPHER_VALIDATE_RET( olen != NULL );
-
#if defined(MBEDTLS_NIST_KW_C)
if(
#if defined(MBEDTLS_USE_PSA_CRYPTO)
diff --git a/library/gcm.c b/library/gcm.c
index 6d07f87..ac329e3 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -52,18 +52,11 @@
#if !defined(MBEDTLS_GCM_ALT)
-/* Parameter validation macros */
-#define GCM_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_GCM_BAD_INPUT )
-#define GCM_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
/*
* Initialize a context
*/
void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
{
- GCM_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_gcm_context ) );
}
@@ -143,9 +136,8 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( key != NULL );
- GCM_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 );
+ if( keybits != 128 && keybits != 192 && keybits != 256 )
+ return MBEDTLS_ERR_GCM_BAD_INPUT;
cipher_info = mbedtls_cipher_info_from_values( cipher, keybits,
MBEDTLS_MODE_ECB );
@@ -256,9 +248,6 @@
size_t use_len, olen = 0;
uint64_t iv_bits;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( iv != NULL );
-
/* IV is limited to 2^64 bits, so 2^61 bytes */
/* IV is not allowed to be zero length */
if( iv_len == 0 || (uint64_t) iv_len >> 61 != 0 )
@@ -334,8 +323,6 @@
const unsigned char *p;
size_t use_len, i, offset;
- GCM_VALIDATE_RET( add_len == 0 || add != NULL );
-
/* IV is limited to 2^64 bits, so 2^61 bytes */
if( (uint64_t) add_len >> 61 != 0 )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
@@ -434,7 +421,6 @@
if( output_size < input_length )
return( MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL );
- GCM_VALIDATE_RET( output_length != NULL );
*output_length = input_length;
/* Exit early if input_length==0 so that we don't do any pointer arithmetic
@@ -444,10 +430,6 @@
if( input_length == 0 )
return( 0 );
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( input != NULL );
- GCM_VALIDATE_RET( output != NULL );
-
if( output > input && (size_t) ( output - input ) < input_length )
return( MBEDTLS_ERR_GCM_BAD_INPUT );
@@ -519,9 +501,6 @@
uint64_t orig_len;
uint64_t orig_add_len;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( tag != NULL );
-
/* We never pass any output in finish(). The output parameter exists only
* for the sake of alternative implementations. */
(void) output;
@@ -580,13 +559,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( iv != NULL );
- GCM_VALIDATE_RET( add_len == 0 || add != NULL );
- GCM_VALIDATE_RET( length == 0 || input != NULL );
- GCM_VALIDATE_RET( length == 0 || output != NULL );
- GCM_VALIDATE_RET( tag != NULL );
-
if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len ) ) != 0 )
return( ret );
@@ -619,13 +591,6 @@
size_t i;
int diff;
- GCM_VALIDATE_RET( ctx != NULL );
- GCM_VALIDATE_RET( iv != NULL );
- GCM_VALIDATE_RET( add_len == 0 || add != NULL );
- GCM_VALIDATE_RET( tag != NULL );
- GCM_VALIDATE_RET( length == 0 || input != NULL );
- GCM_VALIDATE_RET( length == 0 || output != NULL );
-
if( ( ret = mbedtls_gcm_crypt_and_tag( ctx, MBEDTLS_GCM_DECRYPT, length,
iv, iv_len, add, add_len,
input, output, tag_len, check_tag ) ) != 0 )
diff --git a/library/hash_info.c b/library/hash_info.c
index 366ca3f..cd7d70e 100644
--- a/library/hash_info.c
+++ b/library/hash_info.c
@@ -21,7 +21,7 @@
*/
#include "hash_info.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#include "mbedtls/error.h"
typedef struct
diff --git a/library/oid.c b/library/oid.c
index 4ecf621..dcd1815 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -27,7 +27,7 @@
#include "mbedtls/rsa.h"
#include "mbedtls/error.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#include <stdio.h>
#include <string.h>
diff --git a/library/pem.c b/library/pem.c
index f2ee5ca..e4101e8 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -45,12 +45,14 @@
#include "psa/crypto.h"
#endif
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
-#if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && defined(MBEDTLS_CIPHER_MODE_CBC) && \
+#if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
+ defined(MBEDTLS_CIPHER_MODE_CBC) && \
( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
#define PEM_RFC1421
-#endif /* MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA && MBEDTLS_CIPHER_MODE_CBC &&
+#endif /* MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA &&
+ MBEDTLS_CIPHER_MODE_CBC &&
( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
#if defined(MBEDTLS_PEM_PARSE_C)
diff --git a/library/sha1.c b/library/sha1.c
index 6fc9371..56532b1 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -41,17 +41,10 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
-#define SHA1_VALIDATE_RET(cond) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA )
-
-#define SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if !defined(MBEDTLS_SHA1_ALT)
void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
{
- SHA1_VALIDATE( ctx != NULL );
-
memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
}
@@ -66,9 +59,6 @@
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
const mbedtls_sha1_context *src )
{
- SHA1_VALIDATE( dst != NULL );
- SHA1_VALIDATE( src != NULL );
-
*dst = *src;
}
@@ -77,8 +67,6 @@
*/
int mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
{
- SHA1_VALIDATE_RET( ctx != NULL );
-
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -100,9 +88,6 @@
uint32_t temp, W[16], A, B, C, D, E;
} local;
- SHA1_VALIDATE_RET( ctx != NULL );
- SHA1_VALIDATE_RET( (const unsigned char *)data != NULL );
-
local.W[ 0] = MBEDTLS_GET_UINT32_BE( data, 0 );
local.W[ 1] = MBEDTLS_GET_UINT32_BE( data, 4 );
local.W[ 2] = MBEDTLS_GET_UINT32_BE( data, 8 );
@@ -277,9 +262,6 @@
size_t fill;
uint32_t left;
- SHA1_VALIDATE_RET( ctx != NULL );
- SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
-
if( ilen == 0 )
return( 0 );
@@ -329,9 +311,6 @@
uint32_t used;
uint32_t high, low;
- SHA1_VALIDATE_RET( ctx != NULL );
- SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
-
/*
* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
*/
@@ -392,9 +371,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_sha1_context ctx;
- SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
- SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
-
mbedtls_sha1_init( &ctx );
if( ( ret = mbedtls_sha1_starts( &ctx ) ) != 0 )
diff --git a/library/sha256.c b/library/sha256.c
index ac15ef8..4819ba3 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -149,18 +149,12 @@
#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT */
-#define SHA256_VALIDATE_RET(cond) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
-#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if !defined(MBEDTLS_SHA256_ALT)
#define SHA256_BLOCK_SIZE 64
void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
{
- SHA256_VALIDATE( ctx != NULL );
-
memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
}
@@ -175,9 +169,6 @@
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
const mbedtls_sha256_context *src )
{
- SHA256_VALIDATE( dst != NULL );
- SHA256_VALIDATE( src != NULL );
-
*dst = *src;
}
@@ -186,12 +177,12 @@
*/
int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
{
- SHA256_VALIDATE_RET( ctx != NULL );
-
#if defined(MBEDTLS_SHA224_C)
- SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+ if( is224 != 0 && is224 != 1 )
+ return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
#else
- SHA256_VALIDATE_RET( is224 == 0 );
+ if( is224 != 0 )
+ return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
#endif
ctx->total[0] = 0;
@@ -427,9 +418,6 @@
unsigned int i;
- SHA256_VALIDATE_RET( ctx != NULL );
- SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
-
for( i = 0; i < 8; i++ )
local.A[i] = ctx->state[i];
@@ -579,9 +567,6 @@
size_t fill;
uint32_t left;
- SHA256_VALIDATE_RET( ctx != NULL );
- SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
-
if( ilen == 0 )
return( 0 );
@@ -633,9 +618,6 @@
uint32_t used;
uint32_t high, low;
- SHA256_VALIDATE_RET( ctx != NULL );
- SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
-
/*
* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
*/
@@ -705,14 +687,13 @@
mbedtls_sha256_context ctx;
#if defined(MBEDTLS_SHA224_C)
- SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+ if( is224 != 0 && is224 != 1 )
+ return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
#else
- SHA256_VALIDATE_RET( is224 == 0 );
+ if( is224 != 0 )
+ return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
#endif
- SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
- SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
-
mbedtls_sha256_init( &ctx );
if( ( ret = mbedtls_sha256_starts( &ctx, is224 ) ) != 0 )
diff --git a/library/sha512.c b/library/sha512.c
index be03ec3..f96580d 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -164,10 +164,6 @@
#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT */
-#define SHA512_VALIDATE_RET(cond) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA )
-#define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if !defined(MBEDTLS_SHA512_ALT)
#define SHA512_BLOCK_SIZE 128
@@ -183,8 +179,6 @@
void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
{
- SHA512_VALIDATE( ctx != NULL );
-
memset( ctx, 0, sizeof( mbedtls_sha512_context ) );
}
@@ -199,9 +193,6 @@
void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
const mbedtls_sha512_context *src )
{
- SHA512_VALIDATE( dst != NULL );
- SHA512_VALIDATE( src != NULL );
-
*dst = *src;
}
@@ -210,11 +201,12 @@
*/
int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
{
- SHA512_VALIDATE_RET( ctx != NULL );
#if defined(MBEDTLS_SHA384_C)
- SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
+ if( is384 != 0 && is384 != 1 )
+ return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#else
- SHA512_VALIDATE_RET( is384 == 0 );
+ if( is384 != 0 )
+ return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#endif
ctx->total[0] = 0;
@@ -569,9 +561,6 @@
uint64_t A[8];
} local;
- SHA512_VALIDATE_RET( ctx != NULL );
- SHA512_VALIDATE_RET( (const unsigned char *)data != NULL );
-
#define SHR(x,n) ((x) >> (n))
#define ROTR(x,n) (SHR((x),(n)) | ((x) << (64 - (n))))
@@ -735,9 +724,6 @@
size_t fill;
unsigned int left;
- SHA512_VALIDATE_RET( ctx != NULL );
- SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
-
if( ilen == 0 )
return( 0 );
@@ -788,9 +774,6 @@
unsigned used;
uint64_t high, low;
- SHA512_VALIDATE_RET( ctx != NULL );
- SHA512_VALIDATE_RET( (unsigned char *)output != NULL );
-
/*
* Add padding: 0x80 then 0x00 until 16 bytes remain for the length
*/
@@ -862,12 +845,12 @@
mbedtls_sha512_context ctx;
#if defined(MBEDTLS_SHA384_C)
- SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
+ if( is384 != 0 && is384 != 1 )
+ return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#else
- SHA512_VALIDATE_RET( is384 == 0 );
+ if( is384 != 0 )
+ return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#endif
- SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
- SHA512_VALIDATE_RET( (unsigned char *)output != NULL );
mbedtls_sha512_init( &ctx );
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index dc50449..808aa9e 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -33,7 +33,7 @@
#include "mbedtls/ssl.h"
#include "ssl_misc.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#include <string.h>
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 8777833..b6a8add 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -38,7 +38,7 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/constant_time.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#include <string.h>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index e2546ff..afacb76 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -32,7 +32,7 @@
#include "mbedtls/psa_util.h"
#include "hash_info.h"
#endif
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#if defined(MBEDTLS_MD5_C)
#include "mbedtls/md5.h"
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c9aea48..f0615ea 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -54,7 +54,7 @@
#include "mbedtls/psa_util.h"
#include "psa/crypto.h"
#endif
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#include "mbedtls/oid.h"
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 667e596..bf281bf 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -2111,7 +2111,7 @@
}
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if( mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
+ if( !is_hrr && mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
{
ret = ssl_tls13_write_server_pre_shared_key_ext( ssl, p, end, &output_len );
if( ret != 0 )
diff --git a/library/x509.c b/library/x509.c
index aa39517..f1d988a 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -62,7 +62,7 @@
#include <time.h>
#endif
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#define CHECK(code) if( ( ret = ( code ) ) != 0 ){ return( ret ); }
#define CHECK_RANGE(min, max, val) \
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index e51a385..52942a9 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -46,7 +46,7 @@
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#include "hash_info.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
{
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 3550c67..64baa19 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1478,11 +1478,11 @@
if( opt.psk_opaque != 0 )
{
/* Determine KDF algorithm the opaque PSK will be used in. */
-#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
else
-#endif /* HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index ff63fdd..a129de6 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2261,11 +2261,11 @@
if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 )
{
/* Determine KDF algorithm the opaque PSK will be used in. */
-#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
else
-#endif /* HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index 7ff3345..42d8d11 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -297,49 +297,23 @@
#define MBEDTLS_SSL_SIG_ALG( hash )
#endif
-#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_1) )
-#define HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_224) )
-#define HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_256) )
-#define HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_384) )
-#define HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
- defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \
- ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_512) )
-#define HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-#endif
-
uint16_t ssl_sig_algs_for_test[] = {
-#if defined(HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 )
#endif
-#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 )
#endif
-#if defined(HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 )
#endif
-#if defined(HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA224 )
#endif
-#if defined(MBEDTLS_RSA_C) && defined(HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */
-#if defined(HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
/* Allow SHA-1 as we use it extensively in tests. */
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA1 )
#endif
diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh
index 9811cb3..eda2de9 100755
--- a/tests/opt-testcases/tls13-kex-modes.sh
+++ b/tests/opt-testcases/tls13-kex-modes.sh
@@ -1599,3 +1599,33 @@
-S "key exchange mode: psk$" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_openssl_tls1_3
+run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef curves=secp384r1" \
+ "$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \
+ 0 \
+ -s "write selected_group: secp384r1" \
+ -s "HRR selected_group: secp384r1" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
+
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef curves=secp384r1" \
+ "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \
+ 0 \
+ -s "write selected_group: secp384r1" \
+ -s "HRR selected_group: secp384r1" \
+ -S "key exchange mode: psk$" \
+ -s "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: ephemeral"
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 0752f7b..961577c 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1715,7 +1715,7 @@
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+ make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
not grep mbedtls_ecdsa_ library/ecdsa.o
@@ -1797,7 +1797,7 @@
scripts/config.py unset MBEDTLS_SSL_CBC_RECORD_SPLITTING
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+ make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
not grep mbedtls_rsa_rsassa_pkcs1_v15_sign library/rsa.o
not grep mbedtls_rsa_rsassa_pss_sign_ext library/rsa.o
@@ -1827,7 +1827,7 @@
scripts/config.py unset MBEDTLS_SHA384_C
scripts/config.py unset MBEDTLS_SHA512_C
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+ make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
not grep mbedtls_sha512_init library/sha512.o
not grep mbedtls_sha1_init library/sha1.o
@@ -1848,21 +1848,28 @@
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
+ # start with config full for maximum coverage (also enables USE_PSA)
+ scripts/config.py full
+ # enable support for drivers and configuring PSA-only algorithms
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+ # disable the built-in implementation of hashes
scripts/config.py unset MBEDTLS_MD5_C
scripts/config.py unset MBEDTLS_RIPEMD160_C
scripts/config.py unset MBEDTLS_SHA1_C
scripts/config.py unset MBEDTLS_SHA224_C
scripts/config.py unset MBEDTLS_SHA256_C # see external RNG below
+ scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
scripts/config.py unset MBEDTLS_SHA384_C
scripts/config.py unset MBEDTLS_SHA512_C
+ scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
# Use an external RNG as currently internal RNGs depend on entropy.c
# which in turn hard-depends on SHA256_C (or SHA512_C).
# See component_test_psa_external_rng_no_drbg_use_psa.
scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
scripts/config.py unset MBEDTLS_ENTROPY_C
+ scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED # depends on ENTROPY_C
+ scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT # depends on former
# Also unset MD_C and things that depend on it;
# see component_test_crypto_full_no_md.
scripts/config.py unset MBEDTLS_MD_C
@@ -1870,10 +1877,6 @@
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
- # Enable TLS 1.3: use PSA implementation for hashes
- scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
- scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" all
@@ -1925,7 +1928,7 @@
scripts/config.py unset MBEDTLS_DES_C
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+ make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
not grep mbedtls_des* library/des.o
diff --git a/tests/src/certs.c b/tests/src/certs.c
index 5516026..ca03b29 100644
--- a/tests/src/certs.c
+++ b/tests/src/certs.c
@@ -23,7 +23,7 @@
#include "mbedtls/build_info.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/*
* Test CA Certificates
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 5ab265a..10e53c2 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -358,7 +358,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
void aes_invalid_mode( )
{
mbedtls_aes_context aes_ctx;
diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function
index cc18d5b..3d318c8 100644
--- a/tests/suites/test_suite_camellia.function
+++ b/tests/suites/test_suite_camellia.function
@@ -7,7 +7,7 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
void camellia_invalid_param( )
{
mbedtls_camellia_context ctx;
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index dd5226c..37468df 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -304,7 +304,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
void cipher_invalid_param_conditional( )
{
mbedtls_cipher_context_t valid_ctx;
@@ -313,8 +313,6 @@
unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
int valid_size = sizeof(valid_buffer);
int valid_bitlen = valid_size * 8;
- const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type(
- *( mbedtls_cipher_list() ) );
TEST_EQUAL(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 7e1daa2..e82f39d 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -1,7 +1,7 @@
/* BEGIN_HEADER */
#include "mbedtls/ecdsa.h"
#include "hash_info.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#if ( defined(MBEDTLS_ECDSA_DETERMINISTIC) && defined(MBEDTLS_SHA256_C) ) || \
( !defined(MBEDTLS_ECDSA_DETERMINISTIC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA) )
#define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_IF_DETERMINISTIC
diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function
index 449b368..47c25e3 100644
--- a/tests/suites/test_suite_ecjpake.function
+++ b/tests/suites/test_suite_ecjpake.function
@@ -1,6 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/ecjpake.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA)
static const unsigned char ecjpake_test_x1[] = {
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 5332c07..4c0ed1c 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -309,6 +309,58 @@
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecp_tls_write_read_point:MBEDTLS_ECP_DP_SECP521R1
+Check ECP group metadata #1 secp192k1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP192K1:192:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffffffffffeffffee37":"000000000000000000000000000000000000000000000000":"000000000000000000000000000000000000000000000003":"db4ff10ec057e9ae26b07d0280b7f4341da5d1b1eae06c7d":"9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d":"fffffffffffffffffffffffe26f2fc170f69466a74defd8d":18
+
+Check ECP group metadata #2 secp192r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP192R1:192:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffeffffffffffffffff":"":"64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1":"188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012":"07192b95ffc8da78631011ed6b24cdd573f977a11e794811":"ffffffffffffffffffffffff99def836146bc9b1b4d22831":19
+
+Check ECP group metadata #3 secp224k1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP224K1:224:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffffffffffffffffffeffffe56d":"00000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000000000000000000000000005":"a1455b334df099df30fc28a169a467e9e47075a90f7e650eb6b7a45c":"7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5":"010000000000000000000000000001dce8d2ec6184caf0a971769fb1f7":20
+
+Check ECP group metadata #4 secp224r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP224R1:224:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"ffffffffffffffffffffffffffffffff000000000000000000000001":"":"b4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4":"b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21":"bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34":"ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d":21
+
+Check ECP group metadata #5 secp256k1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP256K1:256:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f":"0000000000000000000000000000000000000000000000000000000000000000":"0000000000000000000000000000000000000000000000000000000000000007":"79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798":"483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8":"fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141":22
+
+Check ECP group metadata #6 secp256r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP256R1:256:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"ffffffff00000001000000000000000000000000ffffffffffffffffffffffff":"":"5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b":"6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296":"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5":"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551":23
+
+Check ECP group metadata #7 secp384r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP384R1:384:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff":"":"b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef":"aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7":"3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f":"ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973":24
+
+Check ECP group metadata #8 secp521r1 (SEC 2)
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_SECP521R1:521:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"":"0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00":"00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66":"011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650":"01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409":25
+
+Check ECP group metadata #9 bp256r1 (RFC 5639)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_BP256R1:256:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377":"7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9":"26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6":"8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262":"547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997":"a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7":26
+
+Check ECP group metadata #10 bp384r1 (RFC 5639)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_BP384R1:384:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53":"7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826":"04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11":"1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e":"8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315":"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565":27
+
+Check ECP group metadata #11 bp512r1 (RFC 5639)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_BP512R1:512:MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3":"7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca":"3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723":"81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822":"7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892":"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069":28
+
+Check ECP group metadata #12 curve25519 (RFC 7748)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_CURVE25519:256:MBEDTLS_ECP_TYPE_MONTGOMERY:"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed":"76d06":"":"9":"":"1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed":29
+
+Check ECP group metadata #13 curve448 (RFC 7748)
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+mbedtls_ecp_group_metadata:MBEDTLS_ECP_DP_CURVE448:448:MBEDTLS_ECP_TYPE_MONTGOMERY:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"262a6":"":"5":"":"3fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3":30
+
ECP tls read group #1 (record too short)
mbedtls_ecp_tls_read_group:"0313":MBEDTLS_ERR_ECP_BAD_INPUT_DATA:0:0
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 65c7067..42d69b4 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -1,5 +1,7 @@
/* BEGIN_HEADER */
#include "mbedtls/ecp.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/ecdh.h"
#include "ecp_invasive.h"
@@ -788,6 +790,124 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_ECDH_C:MBEDTLS_ECDSA_C */
+void mbedtls_ecp_group_metadata( int id, int bit_size, int crv_type,
+ char* P, char* A, char* B,
+ char* G_x, char* G_y, char* N,
+ int tls_id )
+{
+ mbedtls_ecp_group grp, grp_read, grp_cpy;
+ const mbedtls_ecp_group_id *g_id;
+ mbedtls_ecp_group_id read_g_id;
+ const mbedtls_ecp_curve_info *crv, *crv_tls_id, *crv_name;
+
+ mbedtls_mpi exp_P, exp_A, exp_B, exp_G_x, exp_G_y, exp_N;
+
+ unsigned char buf[3], ecparameters[3] = { 3, 0, tls_id };
+ const unsigned char *vbuf = buf;
+ size_t olen;
+
+ mbedtls_ecp_group_init( &grp );
+ mbedtls_ecp_group_init( &grp_read );
+ mbedtls_ecp_group_init( &grp_cpy );
+
+ mbedtls_mpi_init( &exp_P );
+ mbedtls_mpi_init( &exp_A );
+ mbedtls_mpi_init( &exp_B );
+ mbedtls_mpi_init( &exp_G_x );
+ mbedtls_mpi_init( &exp_G_y );
+ mbedtls_mpi_init( &exp_N );
+
+ // Read expected parameters
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_P, P ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_A, A ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_G_x, G_x ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_N, N ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_B, B ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &exp_G_y, G_y ), 0 );
+
+ // Convert exp_A to internal representation (A+2)/4
+ if( crv_type == MBEDTLS_ECP_TYPE_MONTGOMERY )
+ {
+ TEST_EQUAL( mbedtls_mpi_add_int( &exp_A, &exp_A, 2 ), 0 );
+ TEST_EQUAL( mbedtls_mpi_div_int( &exp_A, NULL, &exp_A, 4 ), 0 );
+ }
+
+ // Load group
+ TEST_EQUAL( mbedtls_ecp_group_load( &grp, id ), 0 );
+
+ // Compare group with expected parameters
+ // A is NULL for SECPxxxR1 curves
+ // B and G_y are NULL for curve25519 and curve448
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_P, &grp.P ), 0 );
+ if( *A != 0 )
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_A, &grp.A ), 0 );
+ if( *B != 0 )
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_B, &grp.B ), 0 );
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_G_x, &grp.G.X ), 0 );
+ if( *G_y != 0 )
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_G_y, &grp.G.Y ), 0 );
+ TEST_EQUAL( mbedtls_mpi_cmp_mpi( &exp_N, &grp.N ), 0 );
+
+ // Load curve info and compare with known values
+ crv = mbedtls_ecp_curve_info_from_grp_id( id );
+ TEST_EQUAL( crv->grp_id, id );
+ TEST_EQUAL( crv->bit_size, bit_size );
+ TEST_EQUAL( crv->tls_id, tls_id );
+
+ // Load curve from TLS ID and name, and compare IDs
+ crv_tls_id = mbedtls_ecp_curve_info_from_tls_id( crv->tls_id );
+ crv_name = mbedtls_ecp_curve_info_from_name( crv->name );
+ TEST_EQUAL( crv_tls_id->grp_id, id );
+ TEST_EQUAL( crv_name->grp_id, id );
+
+ // Validate write_group against test data
+ TEST_EQUAL( mbedtls_ecp_tls_write_group( &grp, &olen,
+ buf, sizeof( buf ) ),
+ 0 );
+ TEST_EQUAL( mbedtls_test_hexcmp( buf, ecparameters, olen,
+ sizeof( ecparameters ) ),
+ 0 );
+
+ // Read group from buffer and compare with expected ID
+ TEST_EQUAL( mbedtls_ecp_tls_read_group_id( &read_g_id, &vbuf, olen ),
+ 0 );
+ TEST_EQUAL( read_g_id, id );
+ vbuf = buf;
+ TEST_EQUAL( mbedtls_ecp_tls_read_group( &grp_read, &vbuf, olen ),
+ 0 );
+ TEST_EQUAL( grp_read.id, id );
+
+ // Check curve type, and if it can be used for ECDH/ECDSA
+ TEST_EQUAL( mbedtls_ecp_get_type( &grp ), crv_type );
+ TEST_EQUAL( mbedtls_ecdh_can_do( id ), 1 );
+ TEST_EQUAL( mbedtls_ecdsa_can_do( id ),
+ crv_type == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS );
+
+ // Copy group and compare with original
+ TEST_EQUAL( mbedtls_ecp_group_copy( &grp_cpy, &grp ), 0 );
+ TEST_EQUAL( mbedtls_ecp_group_cmp( &grp, &grp_cpy ), 0 );
+
+ // Check curve is in curve list and group ID list
+ for( crv = mbedtls_ecp_curve_list( );
+ crv->grp_id != MBEDTLS_ECP_DP_NONE &&
+ crv->grp_id != (unsigned) id;
+ crv++ );
+ TEST_EQUAL( crv->grp_id, id );
+ for( g_id = mbedtls_ecp_grp_id_list( );
+ *g_id != MBEDTLS_ECP_DP_NONE && *g_id != (unsigned) id;
+ g_id++ );
+ TEST_EQUAL( *g_id, (unsigned) id );
+
+exit:
+ mbedtls_ecp_group_free( &grp ); mbedtls_ecp_group_free( &grp_cpy );
+ mbedtls_ecp_group_free( &grp_read );
+ mbedtls_mpi_free( &exp_P ); mbedtls_mpi_free( &exp_A );
+ mbedtls_mpi_free( &exp_B ); mbedtls_mpi_free( &exp_G_x );
+ mbedtls_mpi_free( &exp_G_y ); mbedtls_mpi_free( &exp_N );
+}
+/* END_CASE */
+
/* BEGIN_CASE */
void mbedtls_ecp_check_privkey( int id, char * key_hex, int ret )
{
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 5696679..ea8d6a0 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -411,7 +411,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
void gcm_invalid_param( )
{
mbedtls_gcm_context ctx;
diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function
index 33a9131..b06f524 100644
--- a/tests/suites/test_suite_oid.function
+++ b/tests/suites/test_suite_oid.function
@@ -3,7 +3,7 @@
#include "mbedtls/asn1.h"
#include "mbedtls/asn1write.h"
#include "string.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function
index f4ac368..6328247 100644
--- a/tests/suites/test_suite_pem.function
+++ b/tests/suites/test_suite_pem.function
@@ -3,7 +3,7 @@
#include "mbedtls/pem.h"
#include "mbedtls/des.h"
#include "mbedtls/aes.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 9c04560..91fe869 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -8,7 +8,7 @@
#include "mbedtls/rsa.h"
#include "hash_info.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#include <limits.h>
#include <stdint.h>
diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function
index 34ef090..841bd1d 100644
--- a/tests/suites/test_suite_pkcs12.function
+++ b/tests/suites/test_suite_pkcs12.function
@@ -2,7 +2,7 @@
#include "mbedtls/pkcs12.h"
#include "common.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
typedef enum
{
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index 463e401..0fad7c6 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -2,7 +2,7 @@
#include "mbedtls/rsa.h"
#include "mbedtls/md.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index a7e93aa..593c047 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -1,6 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/rsa.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index fcbf9b1..7b7ed3d 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -1,6 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/pkcs5.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 8ca3aca..c5e60ee 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -2,7 +2,7 @@
#include "mbedtls/pk.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 0c8887a..a866d43 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -2,7 +2,7 @@
#include "mbedtls/rsa.h"
#include "rsa_alt_helpers.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function
index 95d45ba..aebfd84 100644
--- a/tests/suites/test_suite_shax.function
+++ b/tests/suites/test_suite_shax.function
@@ -18,13 +18,12 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:NOT_DEFINED */
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
void sha256_invalid_param( )
{
mbedtls_sha256_context ctx;
unsigned char buf[64] = { 0 };
size_t const buflen = sizeof( buf );
- int valid_type = 0;
int invalid_type = 42;
TEST_EQUAL( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
@@ -67,13 +66,12 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:NOT_DEFINED */
+/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
void sha512_invalid_param( )
{
mbedtls_sha512_context ctx;
unsigned char buf[64] = { 0 };
size_t const buflen = sizeof( buf );
- int valid_type = 0;
int invalid_type = 42;
TEST_EQUAL( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 26855a6..f24d1a4 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -11,7 +11,7 @@
#include "mbedtls/ssl_cache.h"
#endif
-#include <legacy_or_psa.h>
+#include <mbedtls/legacy_or_psa.h>
#include "hash_info.h"
#include <constant_time_internal.h>
@@ -5439,7 +5439,7 @@
size_t min_in_len, in_len, max_in_len, i;
/* TLS additional data is 13 bytes (hence the "lucky 13" name) */
unsigned char add_data[13];
- unsigned char ref_out[MBEDTLS_MD_MAX_SIZE];
+ unsigned char ref_out[MBEDTLS_HASH_MAX_SIZE];
unsigned char *data = NULL;
unsigned char *out = NULL;
unsigned char rec_num = 0;
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index b650afd..60e703a 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -10,7 +10,7 @@
#include "mbedtls/error.h"
#include "string.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 5a97240..1120bee 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -7,7 +7,7 @@
#include "mbedtls/rsa.h"
#include "hash_info.h"
-#include "legacy_or_psa.h"
+#include "mbedtls/legacy_or_psa.h"
#if defined(MBEDTLS_RSA_C)
int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen,