Merge pull request #10192 from valeriosetti/fixes-for-ecp-restartable-part2
[development] Some pre-requisites for psa#299
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index b6c4e0e..b6d4e27 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -37,11 +37,6 @@
mbedtls_debug_print_mpi(ssl, level, __FILE__, __LINE__, text, X)
#endif
-#if defined(MBEDTLS_ECP_C)
-#define MBEDTLS_SSL_DEBUG_ECP(level, text, X) \
- mbedtls_debug_print_ecp(ssl, level, __FILE__, __LINE__, text, X)
-#endif
-
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if !defined(MBEDTLS_X509_REMOVE_INFO)
#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \
diff --git a/library/debug.c b/library/debug.c
index 71e0642..8d55b41 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -167,10 +167,62 @@
}
}
-#if defined(MBEDTLS_ECP_LIGHT)
-void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level,
+#if defined(MBEDTLS_BIGNUM_C)
+void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
- const char *text, const mbedtls_ecp_point *X)
+ const char *text, const mbedtls_mpi *X)
+{
+ char str[DEBUG_BUF_SIZE];
+ size_t bitlen;
+ size_t idx = 0;
+
+ if (NULL == ssl ||
+ NULL == ssl->conf ||
+ NULL == ssl->conf->f_dbg ||
+ NULL == X ||
+ level > debug_threshold) {
+ return;
+ }
+
+ bitlen = mbedtls_mpi_bitlen(X);
+
+ mbedtls_snprintf(str, sizeof(str), "value of '%s' (%u bits) is:\n",
+ text, (unsigned) bitlen);
+ debug_send_line(ssl, level, file, line, str);
+
+ if (bitlen == 0) {
+ str[0] = ' '; str[1] = '0'; str[2] = '0';
+ idx = 3;
+ } else {
+ int n;
+ for (n = (int) ((bitlen - 1) / 8); n >= 0; n--) {
+ size_t limb_offset = n / sizeof(mbedtls_mpi_uint);
+ size_t offset_in_limb = n % sizeof(mbedtls_mpi_uint);
+ unsigned char octet =
+ (X->p[limb_offset] >> (offset_in_limb * 8)) & 0xff;
+ mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", octet);
+ idx += 3;
+ /* Wrap lines after 16 octets that each take 3 columns */
+ if (idx >= 3 * 16) {
+ mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
+ debug_send_line(ssl, level, file, line, str);
+ idx = 0;
+ }
+ }
+ }
+
+ if (idx != 0) {
+ mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
+ debug_send_line(ssl, level, file, line, str);
+ }
+}
+#endif /* MBEDTLS_BIGNUM_C */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
+#if defined(MBEDTLS_ECP_LIGHT)
+static void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, const mbedtls_ecp_point *X)
{
char str[DEBUG_BUF_SIZE];
@@ -261,58 +313,6 @@
}
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-#if defined(MBEDTLS_BIGNUM_C)
-void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_mpi *X)
-{
- char str[DEBUG_BUF_SIZE];
- size_t bitlen;
- size_t idx = 0;
-
- if (NULL == ssl ||
- NULL == ssl->conf ||
- NULL == ssl->conf->f_dbg ||
- NULL == X ||
- level > debug_threshold) {
- return;
- }
-
- bitlen = mbedtls_mpi_bitlen(X);
-
- mbedtls_snprintf(str, sizeof(str), "value of '%s' (%u bits) is:\n",
- text, (unsigned) bitlen);
- debug_send_line(ssl, level, file, line, str);
-
- if (bitlen == 0) {
- str[0] = ' '; str[1] = '0'; str[2] = '0';
- idx = 3;
- } else {
- int n;
- for (n = (int) ((bitlen - 1) / 8); n >= 0; n--) {
- size_t limb_offset = n / sizeof(mbedtls_mpi_uint);
- size_t offset_in_limb = n % sizeof(mbedtls_mpi_uint);
- unsigned char octet =
- (X->p[limb_offset] >> (offset_in_limb * 8)) & 0xff;
- mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", octet);
- idx += 3;
- /* Wrap lines after 16 octets that each take 3 columns */
- if (idx >= 3 * 16) {
- mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
- debug_send_line(ssl, level, file, line, str);
- idx = 0;
- }
- }
- }
-
- if (idx != 0) {
- mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
- debug_send_line(ssl, level, file, line, str);
- }
-}
-#endif /* MBEDTLS_BIGNUM_C */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
static void debug_print_pk(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_pk_context *pk)
diff --git a/library/debug_internal.h b/library/debug_internal.h
index 31dd08d..3ffcee1 100644
--- a/library/debug_internal.h
+++ b/library/debug_internal.h
@@ -93,28 +93,6 @@
const char *text, const mbedtls_mpi *X);
#endif
-#if defined(MBEDTLS_ECP_LIGHT)
-/**
- * \brief Print an ECP point to the debug output. This function is always
- * used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
- * ssl context, file and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param text a name or label for the ECP point being output. Normally the
- * variable name
- * \param X the ECP point
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_ecp_point *X);
-#endif
-
#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
/**
* \brief Print a X.509 certificate structure to the debug output. This
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index bb67c40..4b5ea7c 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2172,6 +2172,7 @@
#if defined(MBEDTLS_ECP_RESTARTABLE)
if (opt.ec_max_ops != DFL_EC_MAX_OPS) {
+ psa_interruptible_set_max_ops(opt.ec_max_ops);
mbedtls_ecp_set_max_ops(opt.ec_max_ops);
}
#endif
diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function
index e5dc4bd..0c4a00b 100644
--- a/tests/suites/test_suite_pkcs7.function
+++ b/tests/suites/test_suite_pkcs7.function
@@ -33,9 +33,17 @@
void pkcs7_asn1_fail(data_t *pkcs7_buf)
{
int res;
+
+ /* PKCS7 uses X509 which itself relies on PK under the hood and the latter
+ * can use PSA to store keys and perform operations so psa_crypto_init()
+ * must be called before. */
+ USE_PSA_INIT();
+
res = pkcs7_parse_buffer(pkcs7_buf->x, pkcs7_buf->len);
TEST_ASSERT(res != MBEDTLS_PKCS7_SIGNED_DATA);
+exit:
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -46,6 +54,11 @@
size_t buflen;
int res;
+ /* PKCS7 uses X509 which itself relies on PK under the hood and the latter
+ * can use PSA to store keys and perform operations so psa_crypto_init()
+ * must be called before. */
+ USE_PSA_INIT();
+
res = mbedtls_pk_load_file(pkcs7_file, &pkcs7_buf, &buflen);
TEST_EQUAL(res, 0);
@@ -54,6 +67,7 @@
exit:
mbedtls_free(pkcs7_buf);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -77,7 +91,7 @@
mbedtls_pkcs7 pkcs7;
mbedtls_x509_crt **crts = NULL;
- MD_OR_USE_PSA_INIT();
+ USE_PSA_INIT();
mbedtls_pkcs7_init(&pkcs7);
@@ -166,6 +180,6 @@
mbedtls_free(crts);
mbedtls_free(data);
mbedtls_free(pkcs7_buf);
- MD_OR_USE_PSA_DONE();
+ USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 9ee693e..1276941 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -1669,6 +1669,9 @@
mbedtls_x509_crt crt;
mbedtls_x509_crt_init(&crt);
+ /* X509 relies on PK under the hood and the latter can use PSA to store keys
+ * and perform operations so psa_crypto_init() must be called before. */
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret);
@@ -1683,6 +1686,7 @@
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1698,6 +1702,9 @@
char name_buf[128];
mbedtls_x509_crt_init(&crt);
+ /* X509 relies on PK under the hood and the latter can use PSA to store keys
+ * and perform operations so psa_crypto_init() must be called before. */
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret);
@@ -1749,6 +1756,7 @@
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */