From 0d8287c062ff092b03daa25a4848f595eb977f1c Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 26 Jul 2024 18:01:04 +0100 Subject: [PATCH 1/6] Align tests/src and include/src with 3.6 version Allow tests/src and include/src to be Mbed TLS version-agnostic by: * Sometimes accepting both an MBEDTLS_ and a PSA_ config option * Sometimes using the version number to gate alternatives Signed-off-by: David Horstmann --- tests/include/test/psa_crypto_helpers.h | 7 +++++-- tests/src/drivers/hash.c | 4 ++++ tests/src/drivers/test_driver_aead.c | 4 ++++ tests/src/drivers/test_driver_asymmetric_encryption.c | 4 ++++ tests/src/drivers/test_driver_cipher.c | 4 ++++ tests/src/drivers/test_driver_key_agreement.c | 6 ++++++ tests/src/drivers/test_driver_key_management.c | 6 ++++++ tests/src/drivers/test_driver_mac.c | 4 ++++ tests/src/drivers/test_driver_pake.c | 4 ++++ tests/src/drivers/test_driver_signature.c | 6 ++++++ tests/src/psa_exercise_key.c | 6 ++++-- 11 files changed, 51 insertions(+), 4 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 30f2e0f53..233dbe6ad 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -253,7 +253,9 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); * \param key_type Key type * \param key_bits Key length in number of bits. */ -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) +#if defined(MBEDTLS_AES_ALT) || \ + defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #define MBEDTLS_TEST_HAVE_ALT_AES 1 #else #define MBEDTLS_TEST_HAVE_ALT_AES 0 @@ -295,7 +297,8 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); * \param nonce_length The nonce length in number of bytes. */ -#if defined(MBEDTLS_PSA_ACCEL_ALG_GCM) +#if defined(MBEDTLS_GCM_ALT) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_GCM) #define MBEDTLS_TEST_HAVE_ACCEL_GCM 1 #else #define MBEDTLS_TEST_HAVE_ACCEL_GCM 0 diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c index 5d938ea57..54aec9322 100644 --- a/tests/src/drivers/hash.c +++ b/tests/src/drivers/hash.c @@ -13,8 +13,12 @@ #include "test/drivers/hash.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#if MBEDTLS_VERSION_MAJOR < 4 +#include "libtestdriver1/library/psa_crypto_hash.h" +#else #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.h" #endif +#endif mbedtls_test_driver_hash_hooks_t mbedtls_test_driver_hash_hooks = MBEDTLS_TEST_DRIVER_HASH_INIT; diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index 9c0677a7e..6992a066d 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -16,8 +16,12 @@ #include "mbedtls/constant_time.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#if MBEDTLS_VERSION_MAJOR < 4 +#include "libtestdriver1/library/psa_crypto_aead.h" +#else #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_aead.h" #endif +#endif mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks = MBEDTLS_TEST_DRIVER_AEAD_INIT; diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c index 32644009e..6fdbe43ae 100644 --- a/tests/src/drivers/test_driver_asymmetric_encryption.c +++ b/tests/src/drivers/test_driver_asymmetric_encryption.c @@ -16,8 +16,12 @@ #include "test/drivers/key_management.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#if MBEDTLS_VERSION_MAJOR < 4 +#include "libtestdriver1/library/psa_crypto_rsa.h" +#else #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h" #endif +#endif #define PSA_RSA_KEY_PAIR_MAX_SIZE \ PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index 136610b36..90256fc4e 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -19,8 +19,12 @@ #include "test/random.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#if MBEDTLS_VERSION_MAJOR < 4 +#include "libtestdriver1/library/psa_crypto_cipher.h" +#else #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_cipher.h" #endif +#endif #include diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c index b99d7cdba..8a7a9ea52 100644 --- a/tests/src/drivers/test_driver_key_agreement.c +++ b/tests/src/drivers/test_driver_key_agreement.c @@ -20,10 +20,16 @@ #include #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#if MBEDTLS_VERSION_MAJOR < 4 +#include "libtestdriver1/include/psa/crypto.h" +#include "libtestdriver1/library/psa_crypto_ecp.h" +#include "libtestdriver1/library/psa_crypto_ffdh.h" +#else #include "libtestdriver1/tf-psa-crypto/include/psa/crypto.h" #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h" #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.h" #endif +#endif mbedtls_test_driver_key_agreement_hooks_t mbedtls_test_driver_key_agreement_hooks = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT; diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 337c25473..d2ca157b8 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -23,10 +23,16 @@ #include "test/random.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#if MBEDTLS_VERSION_MAJOR < 4 +#include "libtestdriver1/library/psa_crypto_ecp.h" +#include "libtestdriver1/library/psa_crypto_rsa.h" +#include "libtestdriver1/library/psa_crypto_ffdh.h" +#else #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h" #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h" #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.h" #endif +#endif #include diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c index 9b671b867..f1cf50430 100644 --- a/tests/src/drivers/test_driver_mac.c +++ b/tests/src/drivers/test_driver_mac.c @@ -13,8 +13,12 @@ #include "test/drivers/mac.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#if MBEDTLS_VERSION_MAJOR < 4 +#include "libtestdriver1/library/psa_crypto_mac.h" +#else #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_mac.h" #endif +#endif mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks = MBEDTLS_TEST_DRIVER_MAC_INIT; diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index bcef6b5f4..c3ce326fe 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -14,8 +14,12 @@ #include "string.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#if MBEDTLS_VERSION_MAJOR < 4 +#include "libtestdriver1/library/psa_crypto_pake.h" +#else #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_pake.h" #endif +#endif mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks = MBEDTLS_TEST_DRIVER_PAKE_INIT; diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c index 92ec93bec..a6eef573b 100644 --- a/tests/src/drivers/test_driver_signature.c +++ b/tests/src/drivers/test_driver_signature.c @@ -26,10 +26,16 @@ #include "test/random.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#if MBEDTLS_VERSION_MAJOR < 4 +#include "libtestdriver1/library/psa_crypto_ecp.h" +#include "libtestdriver1/library/psa_crypto_hash.h" +#include "libtestdriver1/library/psa_crypto_rsa.h" +#else #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h" #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.h" #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h" #endif +#endif #include diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index ee8399722..a496de021 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -11,7 +11,9 @@ #include #include -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) +#if ((MBEDTLS_VERSION_MAJOR < 4) \ + && defined(MBEDTLS_PSA_CRYPTO_C)) \ + || defined(MBEDTLS_PSA_CRYPTO_CLIENT) #include #include @@ -1332,4 +1334,4 @@ exit: } #endif /* MBEDTLS_PK_C */ -#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ +#endif /* MBEDTLS_PSA_CRYPTO_C || MBEDTLS_PSA_CRYPTO_CLIENT */ From 34d79ce73d00042b3552386e40c3636039b819e3 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 27 Sep 2024 15:13:32 +0100 Subject: [PATCH 2/6] Only guard with CRYPTO_CLIENT when version >= 4 In 4.x the semantics of MBEDTLS_PSA_CRYPTO_C and MBEDTLS_PSA_CRYPTO_CLIENT are different compared with 3.6. Where this is a problem, make guards more version-specific so that we are guarding with MBEDTLS_PSA_CRYPTO_C for 3.6 and MBEDTLS_PSA_CRYPTO_CLIENT for 4.x, keeping each branch the same as it was formerly. Signed-off-by: David Horstmann --- tests/include/test/psa_crypto_helpers.h | 15 +++++++++++---- tests/src/psa_exercise_key.c | 3 ++- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 233dbe6ad..483c3203c 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -11,7 +11,10 @@ #include "test/helpers.h" -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) +#if ((MBEDTLS_VERSION_MAJOR < 4) \ + && defined(MBEDTLS_PSA_CRYPTO_C)) \ + || (MBEDTLS_VERSION_MAJOR >= 4 \ + && defined(MBEDTLS_PSA_CRYPTO_CLIENT)) #include "test/psa_helpers.h" #include #endif @@ -40,7 +43,8 @@ mbedtls_psa_crypto_free(); \ } \ while (0) -#elif defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ +#elif MBEDTLS_VERSION_MAJOR >= 4 && \ + defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ #define PSA_INIT() PSA_ASSERT(psa_crypto_init()) #define PSA_DONE() mbedtls_psa_crypto_free(); #else /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ @@ -48,7 +52,10 @@ #define PSA_DONE() ((void) 0) #endif /* MBEDTLS_PSA_CRYPTO_C */ -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) +#if ((MBEDTLS_VERSION_MAJOR < 4) \ + && defined(MBEDTLS_PSA_CRYPTO_C)) \ + || (MBEDTLS_VERSION_MAJOR >= 4 \ + && defined(MBEDTLS_PSA_CRYPTO_CLIENT)) #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) @@ -319,7 +326,7 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); } \ while (0) -#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT || MBEDTLS_PSA_CRYPTO_C */ /** \def USE_PSA_INIT * diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index a496de021..5c821e2f8 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -13,7 +13,8 @@ #if ((MBEDTLS_VERSION_MAJOR < 4) \ && defined(MBEDTLS_PSA_CRYPTO_C)) \ - || defined(MBEDTLS_PSA_CRYPTO_CLIENT) + || (MBEDTLS_VERSION_MAJOR >= 4 \ + && defined(MBEDTLS_PSA_CRYPTO_CLIENT)) #include #include From 19bc246aface590c3d297e72ce83ebeb314f3e27 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 18 Oct 2024 20:00:27 +0100 Subject: [PATCH 3/6] Re-add special case for 3.6 Take into account the fact that TLS 1.3 auto-calls psa_crypto_init() Signed-off-by: David Horstmann --- tests/include/test/psa_crypto_helpers.h | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 483c3203c..dc2f4ebdb 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -345,9 +345,19 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); * This is like #PSA_DONE except it does nothing under the same conditions as * #USE_PSA_INIT. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_USE_PSA_CRYPTO) \ + || (MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_SSL_PROTO_TLS1_3)) #define USE_PSA_INIT() PSA_INIT() #define USE_PSA_DONE() PSA_DONE() +#elif (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_SSL_PROTO_TLS1_3)) +/* TLS 1.3 must work without having called psa_crypto_init(), for backward + * compatibility with Mbed TLS <= 3.5 when connecting with a peer that + * supports both TLS 1.2 and TLS 1.3. See mbedtls_ssl_tls13_crypto_init() + * and https://github.com/Mbed-TLS/mbedtls/issues/9072 . */ +#define USE_PSA_INIT() ((void) 0) +/* TLS 1.3 may have initialized the PSA subsystem. Shut it down cleanly, + * otherwise Asan and Valgrind would notice a resource leak. */ +#define USE_PSA_DONE() PSA_DONE() #else /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ /* Define empty macros so that we can use them in the preamble and teardown * of every test function that uses PSA conditionally based on From 08ccf6ac9b9ed1fae9f2f29c89a9374be2f6fee7 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 23 Oct 2024 16:55:20 +0100 Subject: [PATCH 4/6] Tidy up header guards Signed-off-by: David Horstmann --- tests/include/test/psa_crypto_helpers.h | 15 +++++---------- tests/src/psa_exercise_key.c | 6 ++---- 2 files changed, 7 insertions(+), 14 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index dc2f4ebdb..9d5da0248 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -11,10 +11,8 @@ #include "test/helpers.h" -#if ((MBEDTLS_VERSION_MAJOR < 4) \ - && defined(MBEDTLS_PSA_CRYPTO_C)) \ - || (MBEDTLS_VERSION_MAJOR >= 4 \ - && defined(MBEDTLS_PSA_CRYPTO_CLIENT)) +#if (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_PSA_CRYPTO_C)) || \ + (MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT)) #include "test/psa_helpers.h" #include #endif @@ -43,8 +41,7 @@ mbedtls_psa_crypto_free(); \ } \ while (0) -#elif MBEDTLS_VERSION_MAJOR >= 4 && \ - defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ +#elif MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT) #define PSA_INIT() PSA_ASSERT(psa_crypto_init()) #define PSA_DONE() mbedtls_psa_crypto_free(); #else /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ @@ -52,10 +49,8 @@ #define PSA_DONE() ((void) 0) #endif /* MBEDTLS_PSA_CRYPTO_C */ -#if ((MBEDTLS_VERSION_MAJOR < 4) \ - && defined(MBEDTLS_PSA_CRYPTO_C)) \ - || (MBEDTLS_VERSION_MAJOR >= 4 \ - && defined(MBEDTLS_PSA_CRYPTO_CLIENT)) +#if (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_PSA_CRYPTO_C)) || \ + (MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT)) #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 5c821e2f8..032c48920 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -11,10 +11,8 @@ #include #include -#if ((MBEDTLS_VERSION_MAJOR < 4) \ - && defined(MBEDTLS_PSA_CRYPTO_C)) \ - || (MBEDTLS_VERSION_MAJOR >= 4 \ - && defined(MBEDTLS_PSA_CRYPTO_CLIENT)) +#if (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_PSA_CRYPTO_C)) || \ + (MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT)) #include #include From c46f8fb92f56d7625abb6394f0d564c5bd0517a0 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 23 Oct 2024 16:58:21 +0100 Subject: [PATCH 5/6] Harmonise names of MBEDTLS_TEST_HAVE_ macros ACCEL is better than ALT as the ALT interfaces are going away. Signed-off-by: David Horstmann --- tests/include/test/psa_crypto_helpers.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 9d5da0248..986221e09 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -258,15 +258,15 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #if defined(MBEDTLS_AES_ALT) || \ defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) -#define MBEDTLS_TEST_HAVE_ALT_AES 1 +#define MBEDTLS_TEST_HAVE_ACCEL_AES 1 #else -#define MBEDTLS_TEST_HAVE_ALT_AES 0 +#define MBEDTLS_TEST_HAVE_ACCEL_AES 0 #endif #define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_bits) \ do \ { \ - if ((MBEDTLS_TEST_HAVE_ALT_AES) && \ + if ((MBEDTLS_TEST_HAVE_ACCEL_AES) && \ ((key_type) == PSA_KEY_TYPE_AES) && \ (key_bits == 192)) \ { \ From fd38fdf501eff4562a1f5491ea64a27fa40448f0 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 25 Oct 2024 15:00:55 +0100 Subject: [PATCH 6/6] Disentangle 3.6/4.0 *_PSA_INIT/DONE variants Since PSA is always on in 4.x, *_PSA_INIT() and *_PSA_DONE() can be simply aliased to PSA_INIT() and PSA_DONE() until such a time as we remove them. Simplify the login of these PSA_INIT/DONE variants by aliasing them in 4.x and keeping the more complex 3.6 logic entirely separate. Signed-off-by: David Horstmann --- tests/include/test/psa_crypto_helpers.h | 29 +++++++++++++++++++------ 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 986221e09..89ab57085 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -323,6 +323,21 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #endif /* MBEDTLS_PSA_CRYPTO_CLIENT || MBEDTLS_PSA_CRYPTO_C */ +#if MBEDTLS_VERSION_MAJOR >= 4 +/* Legacy PSA_INIT() / PSA_DONE() variants from 3.6 */ +#define USE_PSA_INIT() PSA_INIT() +#define USE_PSA_DONE() PSA_DONE() +#define MD_PSA_INIT() PSA_INIT() +#define MD_PSA_DONE() PSA_DONE() +#define BLOCK_CIPHER_PSA_INIT() PSA_INIT() +#define BLOCK_CIPHER_PSA_DONE() PSA_DONE() +#define MD_OR_USE_PSA_INIT() PSA_INIT() +#define MD_OR_USE_PSA_DONE() PSA_DONE() +#define AES_PSA_INIT() PSA_INIT() +#define AES_PSA_DONE() PSA_DONE() + +#else /* MBEDTLS_VERSION_MAJOR < 4 */ + /** \def USE_PSA_INIT * * Call this macro to initialize the PSA subsystem if #MBEDTLS_USE_PSA_CRYPTO @@ -340,11 +355,10 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); * This is like #PSA_DONE except it does nothing under the same conditions as * #USE_PSA_INIT. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) \ - || (MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_SSL_PROTO_TLS1_3)) +#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USE_PSA_INIT() PSA_INIT() #define USE_PSA_DONE() PSA_DONE() -#elif (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_SSL_PROTO_TLS1_3)) +#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) /* TLS 1.3 must work without having called psa_crypto_init(), for backward * compatibility with Mbed TLS <= 3.5 when connecting with a peer that * supports both TLS 1.2 and TLS 1.3. See mbedtls_ssl_tls13_crypto_init() @@ -424,13 +438,12 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); * This is like #PSA_DONE except it does nothing under the same conditions as * #MD_OR_USE_PSA_INIT. */ -#if defined(MBEDTLS_MD_SOME_PSA) || \ - defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_MD_SOME_PSA) #define MD_OR_USE_PSA_INIT() PSA_INIT() #define MD_OR_USE_PSA_DONE() PSA_DONE() #else -#define MD_OR_USE_PSA_INIT() ((void) 0) -#define MD_OR_USE_PSA_DONE() ((void) 0) +#define MD_OR_USE_PSA_INIT() USE_PSA_INIT() +#define MD_OR_USE_PSA_DONE() USE_PSA_DONE() #endif /** \def AES_PSA_INIT @@ -456,6 +469,8 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #define AES_PSA_DONE() ((void) 0) #endif /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_VERSION_MAJOR >= 4 */ + #if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \ defined(MBEDTLS_CTR_DRBG_C) && \ defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)