From d381d2d5fccf17d87822ac85ac7f37c22697f072 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 14 Apr 2023 09:26:39 +0200 Subject: [PATCH 01/10] Init PSA in ssl and x509 programs Signed-off-by: Przemek Stekiel --- programs/ssl/dtls_client.c | 10 ++++++++++ programs/ssl/dtls_server.c | 10 ++++++++++ programs/ssl/mini_client.c | 10 ++++++++++ programs/ssl/ssl_client1.c | 9 +++++++++ programs/ssl/ssl_context_info.c | 10 ++++++++++ programs/ssl/ssl_fork_server.c | 9 +++++++++ programs/ssl/ssl_mail_client.c | 9 +++++++++ programs/ssl/ssl_pthread_server.c | 10 ++++++++++ programs/ssl/ssl_server.c | 10 ++++++++++ programs/x509/cert_app.c | 9 +++++++++ programs/x509/cert_req.c | 9 +++++++++ programs/x509/cert_write.c | 9 +++++++++ programs/x509/crl_app.c | 9 +++++++++ programs/x509/load_roots.c | 9 +++++++++ programs/x509/req_app.c | 9 +++++++++ 15 files changed, 141 insertions(+) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index ad51cbeed..01f6cd872 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -101,6 +101,16 @@ int main(int argc, char *argv[]) ((void) argc); ((void) argv); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 4310f4e6f..93d5bfed0 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -111,6 +111,16 @@ int main(void) mbedtls_ssl_cache_context cache; #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 688c9fc76..58e3d787b 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -170,6 +170,16 @@ int main(void) mbedtls_ssl_config conf; mbedtls_ctr_drbg_init(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * 0. Initialize and setup stuff */ diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index ffdef3b42..1c68d1cd8 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -87,6 +87,15 @@ int main(void) mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * 0. Initialize the RNG and the session data */ diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index a8b2b470e..3c61fc0ee 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -23,6 +23,7 @@ #include MBEDTLS_CONFIG_FILE #endif #include "mbedtls/debug.h" +#include "mbedtls/platform.h" #include #include @@ -939,6 +940,15 @@ int main(int argc, char *argv[]) size_t ssl_max_len = SSL_INIT_LEN; size_t ssl_len = 0; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* The 'b64_file' is opened when parsing arguments to check that the * file name is correct */ parse_arguments(argc, argv); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 5a4ac3eed..df8da055d 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -100,6 +100,15 @@ int main(void) mbedtls_x509_crt srvcert; mbedtls_pk_context pkey; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 6f1dc1cd8..decbdbb3f 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -355,6 +355,15 @@ int main(int argc, char *argv[]) char *p, *q; const int *list; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Make sure memory references are valid in case we exit early. */ diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 4d7e64842..ba28b254e 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -311,6 +311,16 @@ int main(void) mbedtls_ssl_cache_context cache; #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); #endif diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 8f6a5730d..c0a09a233 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -97,6 +97,16 @@ int main(void) mbedtls_ssl_cache_context cache; #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index b14b084b9..5fc1370a5 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -149,6 +149,15 @@ int main(int argc, char *argv[]) char *p, *q; const char *pers = "cert_app"; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Set to sane values */ diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index d7818d751..2f4bd0e12 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -155,6 +155,15 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "csr example app"; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Set to sane values */ diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index ea20144e9..18a05caef 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -226,6 +226,15 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "crt example app"; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Set to sane values */ diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index b00f9f3b7..5a0796377 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -67,6 +67,15 @@ int main(int argc, char *argv[]) int i; char *p, *q; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Set to sane values */ diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index faf4ba90c..87187e691 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -132,6 +132,15 @@ int main(int argc, char *argv[]) goto exit; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + opt.filenames = NULL; opt.iterations = DFL_ITERATIONS; opt.prime_cache = DFL_PRIME_CACHE; diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index dd7fac74d..a5fb1b6ac 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -67,6 +67,15 @@ int main(int argc, char *argv[]) int i; char *p, *q; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Set to sane values */ From 0c9d048d26680722d58097380699e251110139ac Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 14 Apr 2023 12:28:16 +0200 Subject: [PATCH 02/10] cert_app: init entropy unconditionally When mbedtls_entropy_free() is called without mbedtls_entropy_init() entropy is uninitialized and contains garbage which may lead to segmentation fault. Signed-off-by: Przemek Stekiel --- programs/x509/cert_app.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 5fc1370a5..4fae3b2d9 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -166,6 +166,7 @@ int main(int argc, char *argv[]) mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); mbedtls_x509_crt_init(&cacert); + mbedtls_entropy_init(&entropy); #if defined(MBEDTLS_X509_CRL_PARSE_C) mbedtls_x509_crl_init(&cacrl); #else @@ -351,7 +352,6 @@ usage: mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - mbedtls_entropy_init(&entropy); if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers))) != 0) { From b00688fb1472259a9ddf67b761d741eda5dfaa2a Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 17 Apr 2023 11:10:05 +0200 Subject: [PATCH 03/10] Move psa_crypto_init() after other init calls Signed-off-by: Przemek Stekiel --- programs/ssl/dtls_client.c | 22 +++++++++++----------- programs/ssl/dtls_server.c | 20 ++++++++++---------- programs/ssl/mini_client.c | 22 +++++++++++----------- programs/ssl/ssl_client1.c | 21 +++++++++++---------- programs/ssl/ssl_fork_server.c | 18 +++++++++--------- programs/ssl/ssl_mail_client.c | 20 ++++++++++---------- programs/ssl/ssl_pthread_server.c | 20 ++++++++++---------- programs/ssl/ssl_server.c | 20 ++++++++++---------- programs/x509/cert_app.c | 18 +++++++++--------- programs/x509/cert_req.c | 18 +++++++++--------- programs/x509/cert_write.c | 18 +++++++++--------- programs/x509/crl_app.c | 10 +++++----- programs/x509/req_app.c | 10 +++++----- 13 files changed, 119 insertions(+), 118 deletions(-) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 01f6cd872..d69693224 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -101,16 +101,6 @@ int main(int argc, char *argv[]) ((void) argc); ((void) argv); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif @@ -123,11 +113,21 @@ int main(int argc, char *argv[]) mbedtls_ssl_config_init(&conf); mbedtls_x509_crt_init(&cacert); mbedtls_ctr_drbg_init(&ctr_drbg); + mbedtls_entropy_init(&entropy); + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - mbedtls_entropy_init(&entropy); if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers))) != 0) { diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 93d5bfed0..631cfcdbc 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -111,16 +111,6 @@ int main(void) mbedtls_ssl_cache_context cache; #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); @@ -134,6 +124,16 @@ int main(void) mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 58e3d787b..3a629b025 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -170,6 +170,17 @@ int main(void) mbedtls_ssl_config conf; mbedtls_ctr_drbg_init(&ctr_drbg); + /* + * 0. Initialize and setup stuff + */ + mbedtls_net_init(&server_fd); + mbedtls_ssl_init(&ssl); + mbedtls_ssl_config_init(&conf); +#if defined(MBEDTLS_X509_CRT_PARSE_C) + mbedtls_x509_crt_init(&ca); +#endif + mbedtls_entropy_init(&entropy); + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -180,17 +191,6 @@ int main(void) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * 0. Initialize and setup stuff - */ - mbedtls_net_init(&server_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); -#if defined(MBEDTLS_X509_CRT_PARSE_C) - mbedtls_x509_crt_init(&ca); -#endif - - mbedtls_entropy_init(&entropy); if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { ret = ctr_drbg_seed_failed; diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 1c68d1cd8..c30f7b8ab 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -87,6 +87,16 @@ int main(void) mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif + /* + * 0. Initialize the RNG and the session data + */ + mbedtls_net_init(&server_fd); + mbedtls_ssl_init(&ssl); + mbedtls_ssl_config_init(&conf); + mbedtls_x509_crt_init(&cacert); + mbedtls_ctr_drbg_init(&ctr_drbg); + mbedtls_entropy_init(&entropy); + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -96,19 +106,10 @@ int main(void) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * 0. Initialize the RNG and the session data - */ - mbedtls_net_init(&server_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_x509_crt_init(&cacert); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - mbedtls_entropy_init(&entropy); + if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers))) != 0) { diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index df8da055d..d75bb3c59 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -100,15 +100,6 @@ int main(void) mbedtls_x509_crt srvcert; mbedtls_pk_context pkey; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); @@ -118,6 +109,15 @@ int main(void) mbedtls_x509_crt_init(&srvcert); mbedtls_ctr_drbg_init(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + signal(SIGCHLD, SIG_IGN); /* diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index decbdbb3f..a9742a2eb 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -355,15 +355,6 @@ int main(int argc, char *argv[]) char *p, *q; const int *list; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* * Make sure memory references are valid in case we exit early. */ @@ -375,6 +366,16 @@ int main(int argc, char *argv[]) mbedtls_x509_crt_init(&clicert); mbedtls_pk_init(&pkey); mbedtls_ctr_drbg_init(&ctr_drbg); + mbedtls_entropy_init(&entropy); + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -464,7 +465,6 @@ usage: mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - mbedtls_entropy_init(&entropy); if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers))) != 0) { diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index ba28b254e..14fc6a463 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -311,16 +311,6 @@ int main(void) mbedtls_ssl_cache_context cache; #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); #endif @@ -347,6 +337,16 @@ int main(void) */ mbedtls_entropy_init(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * 1. Load the certificates and private RSA key */ diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index c0a09a233..d4e0dbc56 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -97,16 +97,6 @@ int main(void) mbedtls_ssl_cache_context cache; #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); @@ -119,6 +109,16 @@ int main(void) mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 4fae3b2d9..07016e49f 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -149,15 +149,6 @@ int main(int argc, char *argv[]) char *p, *q; const char *pers = "cert_app"; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* * Set to sane values */ @@ -175,6 +166,15 @@ int main(int argc, char *argv[]) memset(&cacrl, 0, sizeof(mbedtls_x509_crl)); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc < 2) { usage: mbedtls_printf(USAGE); diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 2f4bd0e12..a3fd6e2dc 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -155,6 +155,15 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "csr example app"; + /* + * Set to sane values + */ + mbedtls_x509write_csr_init(&req); + mbedtls_pk_init(&key); + mbedtls_ctr_drbg_init(&ctr_drbg); + memset(buf, 0, sizeof(buf)); + mbedtls_entropy_init(&entropy); + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -164,14 +173,6 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * Set to sane values - */ - mbedtls_x509write_csr_init(&req); - mbedtls_pk_init(&key); - mbedtls_ctr_drbg_init(&ctr_drbg); - memset(buf, 0, sizeof(buf)); - if (argc < 2) { usage: mbedtls_printf(USAGE); @@ -303,7 +304,6 @@ usage: mbedtls_printf(" . Seeding the random number generator..."); fflush(stdout); - mbedtls_entropy_init(&entropy); if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers))) != 0) { diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 18a05caef..f7cf7121c 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -226,15 +226,6 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "crt example app"; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* * Set to sane values */ @@ -250,6 +241,15 @@ int main(int argc, char *argv[]) mbedtls_x509_crt_init(&issuer_crt); memset(buf, 0, 1024); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc < 2) { usage: mbedtls_printf(USAGE); diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index 5a0796377..1208f040f 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -67,6 +67,11 @@ int main(int argc, char *argv[]) int i; char *p, *q; + /* + * Set to sane values + */ + mbedtls_x509_crl_init(&crl); + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -76,11 +81,6 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * Set to sane values - */ - mbedtls_x509_crl_init(&crl); - if (argc < 2) { usage: mbedtls_printf(USAGE); diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index a5fb1b6ac..07cbd4fb7 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -67,6 +67,11 @@ int main(int argc, char *argv[]) int i; char *p, *q; + /* + * Set to sane values + */ + mbedtls_x509_csr_init(&csr); + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -76,11 +81,6 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * Set to sane values - */ - mbedtls_x509_csr_init(&csr); - if (argc < 2) { usage: mbedtls_printf(USAGE); From af48f3cf8e4a0ae39c847d809b7b59a2e91c481b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 17 Apr 2023 11:11:01 +0200 Subject: [PATCH 04/10] Remove print from mini_client Signed-off-by: Przemek Stekiel --- programs/ssl/mini_client.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 3a629b025..d7deca2b6 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -184,8 +184,6 @@ int main(void) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto exit; } From c4ddf92986f189fb992c3cfcbdea29ee4e0a2545 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 19 Apr 2023 10:15:26 +0200 Subject: [PATCH 05/10] Free psa crypto at the end of programs when initialized Signed-off-by: Przemek Stekiel --- programs/ssl/dtls_client.c | 2 +- programs/ssl/dtls_server.c | 1 + programs/ssl/mini_client.c | 2 +- programs/ssl/ssl_client1.c | 2 +- programs/ssl/ssl_context_info.c | 2 ++ programs/ssl/ssl_fork_server.c | 2 +- programs/ssl/ssl_mail_client.c | 1 + programs/ssl/ssl_pthread_server.c | 4 +--- programs/ssl/ssl_server.c | 2 +- programs/x509/cert_app.c | 1 + programs/x509/cert_req.c | 1 + programs/x509/cert_write.c | 1 + programs/x509/crl_app.c | 1 + programs/x509/load_roots.c | 11 ++++++----- programs/x509/req_app.c | 1 + 15 files changed, 21 insertions(+), 13 deletions(-) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index d69693224..c35c4e265 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -334,12 +334,12 @@ exit: #endif mbedtls_net_free(&server_fd); - mbedtls_x509_crt_free(&cacert); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 631cfcdbc..568ef1fe1 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -404,6 +404,7 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) printf(" Press Enter to exit this program.\n"); diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index d7deca2b6..620885963 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -274,7 +274,6 @@ int main(void) exit: mbedtls_net_free(&server_fd); - mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); @@ -282,6 +281,7 @@ exit: #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_free(&ca); #endif + mbedtls_psa_crypto_free(); mbedtls_exit(ret); } diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index c30f7b8ab..6d8ff0bb8 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -284,12 +284,12 @@ exit: #endif mbedtls_net_free(&server_fd); - mbedtls_x509_crt_free(&cacert); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 3c61fc0ee..be8dee525 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -1017,6 +1017,8 @@ int main(int argc, char *argv[]) printf("Finished. No valid base64 code found\n"); } + mbedtls_psa_crypto_free(); + return 0; } diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index d75bb3c59..efa9ad1e0 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -378,13 +378,13 @@ int main(void) exit: mbedtls_net_free(&client_fd); mbedtls_net_free(&listen_fd); - mbedtls_x509_crt_free(&srvcert); mbedtls_pk_free(&pkey); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" Press Enter to exit this program.\n"); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index a9742a2eb..27bf137be 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -801,6 +801,7 @@ exit: mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 14fc6a463..e57c63ec8 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -487,14 +487,12 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); mbedtls_ssl_config_free(&conf); - mbedtls_net_free(&listen_fd); - mbedtls_mutex_free(&debug_mutex); - #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_free(); #endif + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" Press Enter to exit this program.\n"); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index d4e0dbc56..0da0f8705 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -357,7 +357,6 @@ exit: mbedtls_net_free(&client_fd); mbedtls_net_free(&listen_fd); - mbedtls_x509_crt_free(&srvcert); mbedtls_pk_free(&pkey); mbedtls_ssl_free(&ssl); @@ -367,6 +366,7 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" Press Enter to exit this program.\n"); diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 07016e49f..721de84a9 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -461,6 +461,7 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index a3fd6e2dc..43b1eb1e9 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -374,6 +374,7 @@ exit: mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index f7cf7121c..bf46799a0 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -726,6 +726,7 @@ exit: mbedtls_mpi_free(&serial); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index 1208f040f..f99d9ac68 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -136,6 +136,7 @@ usage: exit: mbedtls_x509_crl_free(&crl); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index 87187e691..bca6e883a 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -127,11 +127,6 @@ int main(int argc, char *argv[]) struct mbedtls_timing_hr_time timer; unsigned long ms; - if (argc <= 1) { - mbedtls_printf(USAGE); - goto exit; - } - #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -141,6 +136,11 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc <= 1) { + mbedtls_printf(USAGE); + goto exit; + } + opt.filenames = NULL; opt.iterations = DFL_ITERATIONS; opt.prime_cache = DFL_PRIME_CACHE; @@ -200,6 +200,7 @@ int main(int argc, char *argv[]) exit_code = MBEDTLS_EXIT_SUCCESS; exit: + mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } #endif /* necessary configuration */ diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index 07cbd4fb7..b1fc98ca7 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -136,6 +136,7 @@ usage: exit: mbedtls_x509_csr_free(&csr); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); From 9c0fc2ddbefe78e3b2561851f2135c287db68fc9 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 19 Apr 2023 09:38:12 +0200 Subject: [PATCH 06/10] Init PSA in pkey programs Signed-off-by: Przemek Stekiel --- programs/pkey/gen_key.c | 10 ++++++++++ programs/pkey/key_app.c | 10 ++++++++++ programs/pkey/key_app_writer.c | 10 ++++++++++ programs/pkey/pk_decrypt.c | 10 ++++++++++ programs/pkey/pk_encrypt.c | 10 ++++++++++ programs/pkey/pk_sign.c | 10 ++++++++++ programs/pkey/pk_verify.c | 10 ++++++++++ programs/pkey/rsa_sign_pss.c | 10 ++++++++++ programs/pkey/rsa_verify_pss.c | 10 ++++++++++ 9 files changed, 90 insertions(+) diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 1a6463d8a..20fc17f90 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -204,6 +204,15 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_init(&ctr_drbg); memset(buf, 0, sizeof(buf)); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc < 2) { usage: mbedtls_printf(USAGE); @@ -411,6 +420,7 @@ exit: mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index a757cb3e7..82a4de12a 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -91,6 +91,15 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); memset(buf, 0, sizeof(buf)); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto cleanup; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); @@ -275,6 +284,7 @@ cleanup: #endif mbedtls_pk_free(&pk); + mbedtls_psa_crypto_free(); mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 0009d9159..4da4f653a 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -205,6 +205,15 @@ int main(int argc, char *argv[]) memset(buf, 0, sizeof(buf)); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); @@ -400,6 +409,7 @@ exit: mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); mbedtls_pk_free(&key); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 1dff75c55..9ab01ecc9 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -71,6 +71,15 @@ int main(int argc, char *argv[]) memset(result, 0, sizeof(result)); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc != 2) { mbedtls_printf("usage: mbedtls_pk_decrypt \n"); @@ -142,6 +151,7 @@ exit: mbedtls_pk_free(&pk); mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); + mbedtls_psa_crypto_free(); #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 9a2549a94..f3c327465 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -67,6 +67,15 @@ int main(int argc, char *argv[]) mbedtls_entropy_init(&entropy); mbedtls_pk_init(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc != 3) { mbedtls_printf("usage: mbedtls_pk_encrypt \n"); @@ -144,6 +153,7 @@ exit: mbedtls_pk_free(&pk); mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); + mbedtls_psa_crypto_free(); #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 19a855b2b..a52584a38 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -66,6 +66,15 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_pk_init(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc != 3) { mbedtls_printf("usage: mbedtls_pk_sign \n"); @@ -141,6 +150,7 @@ exit: mbedtls_pk_free(&pk); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index f816e927c..49b520489 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -58,6 +58,15 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc != 3) { mbedtls_printf("usage: mbedtls_pk_verify \n"); @@ -117,6 +126,7 @@ int main(int argc, char *argv[]) exit: mbedtls_pk_free(&pk); + mbedtls_psa_crypto_free(); #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index d1afdeef0..63bc755f3 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -67,6 +67,15 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); mbedtls_ctr_drbg_init(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc != 3) { mbedtls_printf("usage: rsa_sign_pss \n"); @@ -149,6 +158,7 @@ exit: mbedtls_pk_free(&pk); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 1718872d3..9fb0401d1 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -61,6 +61,15 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc != 3) { mbedtls_printf("usage: rsa_verify_pss \n"); @@ -127,6 +136,7 @@ int main(int argc, char *argv[]) exit: mbedtls_pk_free(&pk); + mbedtls_psa_crypto_free(); #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); From 9dd2167ea42c95e0211cbedf00ca6250e50458db Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 19 Apr 2023 09:41:02 +0200 Subject: [PATCH 07/10] Add changelog entry (PSA initialization in sample programs) Signed-off-by: Przemek Stekiel --- ChangeLog.d/programs_psa_fix.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/programs_psa_fix.txt diff --git a/ChangeLog.d/programs_psa_fix.txt b/ChangeLog.d/programs_psa_fix.txt new file mode 100644 index 000000000..fe2099ecc --- /dev/null +++ b/ChangeLog.d/programs_psa_fix.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix missing PSA initialization in sample programs when + MBEDTLS_USE_PSA_CRYPTO is enabled. From 8fa17b64f26648c931bffc2ea805ce012427085f Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 19 Apr 2023 11:47:01 +0200 Subject: [PATCH 08/10] Init PSA in fuzz programs Signed-off-by: Przemek Stekiel --- programs/fuzz/fuzz_client.c | 8 ++++++++ programs/fuzz/fuzz_dtlsclient.c | 8 ++++++++ programs/fuzz/fuzz_dtlsserver.c | 12 ++++++++++++ programs/fuzz/fuzz_privkey.c | 10 ++++++++++ programs/fuzz/fuzz_pubkey.c | 8 ++++++++ programs/fuzz/fuzz_server.c | 15 ++++++++++++++- programs/fuzz/fuzz_x509crl.c | 8 ++++++++ programs/fuzz/fuzz_x509crt.c | 8 ++++++++ programs/fuzz/fuzz_x509csr.c | 8 ++++++++ 9 files changed, 84 insertions(+), 1 deletion(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index a415874b2..3776b8ae9 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -77,6 +77,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { goto exit; @@ -184,6 +191,7 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); + mbedtls_psa_crypto_free(); #else (void) Data; diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index 1fcbc92ef..f8f5840d8 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -61,6 +61,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + srand(1); if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { @@ -119,6 +126,7 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); + mbedtls_psa_crypto_free(); #else (void) Data; diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 529fbbf81..9b8ebe7ac 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -74,6 +74,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_entropy_init(&entropy); mbedtls_ssl_cookie_init(&cookie_ctx); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { goto exit; @@ -152,9 +159,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) exit: mbedtls_ssl_cookie_free(&cookie_ctx); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) + mbedtls_pk_free(&pkey); + mbedtls_x509_crt_free(&srvcert); +#endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); + mbedtls_psa_crypto_free(); #else (void) Data; diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index c24f27596..e51ee3010 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -18,6 +18,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) } mbedtls_pk_init(&pk); + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0); if (ret == 0) { #if defined(MBEDTLS_RSA_C) @@ -63,7 +71,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) abort(); } } +exit: mbedtls_pk_free(&pk); + mbedtls_psa_crypto_free(); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index 388b4c586..16d9d8356 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -9,6 +9,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_pk_context pk; mbedtls_pk_init(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_pk_parse_public_key(&pk, Data, Size); if (ret == 0) { #if defined(MBEDTLS_RSA_C) @@ -64,7 +70,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) abort(); } } +exit: mbedtls_pk_free(&pk); + mbedtls_psa_crypto_free(); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index e161d7ee9..06aeb5e63 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -89,6 +89,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ssl_ticket_init(&ticket_ctx); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { goto exit; @@ -195,8 +202,14 @@ exit: mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); +#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) + mbedtls_x509_crt_free(&srvcert); + mbedtls_pk_free(&pkey); +#endif mbedtls_ssl_free(&ssl); - +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_psa_crypto_free(); +#endif #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 3aaa8e5ff..21d9700b5 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -9,11 +9,19 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) unsigned char buf[4096]; mbedtls_x509_crl_init(&crl); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_x509_crl_parse(&crl, Data, Size); if (ret == 0) { ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl); } +exit: mbedtls_x509_crl_free(&crl); + mbedtls_psa_crypto_free(); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index a5cb7ecde..f3175796b 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -9,11 +9,19 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) unsigned char buf[4096]; mbedtls_x509_crt_init(&crt); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_x509_crt_parse(&crt, Data, Size); if (ret == 0) { ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ", &crt); } +exit: mbedtls_x509_crt_free(&crt); + mbedtls_psa_crypto_free(); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index afd20315b..6ac695f9d 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -9,11 +9,19 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) unsigned char buf[4096]; mbedtls_x509_csr_init(&csr); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_x509_csr_parse(&csr, Data, Size); if (ret == 0) { ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr); } +exit: mbedtls_x509_csr_free(&csr); + mbedtls_psa_crypto_free(); #else (void) Data; (void) Size; From d4d049b88fba28ee6397d063e34b08d3837b42b6 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 19 Apr 2023 13:47:43 +0200 Subject: [PATCH 09/10] Add guards for mbedtls_psa_crypto_free() Signed-off-by: Przemek Stekiel --- programs/fuzz/fuzz_client.c | 2 ++ programs/fuzz/fuzz_dtlsclient.c | 2 ++ programs/fuzz/fuzz_dtlsserver.c | 2 ++ programs/fuzz/fuzz_privkey.c | 4 +++- programs/fuzz/fuzz_pubkey.c | 4 +++- programs/fuzz/fuzz_x509crl.c | 4 +++- programs/fuzz/fuzz_x509crt.c | 4 +++- programs/fuzz/fuzz_x509csr.c | 4 +++- programs/pkey/gen_key.c | 2 ++ programs/pkey/key_app.c | 2 ++ programs/pkey/key_app_writer.c | 2 ++ programs/pkey/pk_decrypt.c | 2 ++ programs/pkey/pk_encrypt.c | 2 ++ programs/pkey/pk_sign.c | 2 ++ programs/pkey/pk_verify.c | 2 ++ programs/pkey/rsa_sign_pss.c | 2 ++ programs/pkey/rsa_verify_pss.c | 2 ++ programs/ssl/dtls_client.c | 2 ++ programs/ssl/dtls_server.c | 2 ++ programs/ssl/mini_client.c | 2 ++ programs/ssl/ssl_client1.c | 2 ++ programs/ssl/ssl_context_info.c | 2 ++ programs/ssl/ssl_fork_server.c | 2 ++ programs/ssl/ssl_mail_client.c | 2 ++ programs/ssl/ssl_pthread_server.c | 2 ++ programs/ssl/ssl_server.c | 2 ++ programs/x509/cert_app.c | 2 ++ programs/x509/cert_req.c | 2 ++ programs/x509/cert_write.c | 2 ++ programs/x509/crl_app.c | 2 ++ programs/x509/load_roots.c | 2 ++ programs/x509/req_app.c | 2 ++ 32 files changed, 69 insertions(+), 5 deletions(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 3776b8ae9..2de51a6e9 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -191,7 +191,9 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index f8f5840d8..d414bb3b0 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -126,7 +126,9 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 9b8ebe7ac..df4087a15 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -166,7 +166,9 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index e51ee3010..d1da5890a 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -71,9 +71,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) abort(); } } +#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: - mbedtls_pk_free(&pk); mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_pk_free(&pk); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index 16d9d8356..199f8e689 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -70,9 +70,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) abort(); } } +#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: - mbedtls_pk_free(&pk); mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ +mbedtls_pk_free(&pk); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 21d9700b5..1140c3d7d 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -19,9 +19,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) if (ret == 0) { ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: - mbedtls_x509_crl_free(&crl); mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_x509_crl_free(&crl); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index f3175796b..359323614 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -19,9 +19,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) if (ret == 0) { ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ", &crt); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: - mbedtls_x509_crt_free(&crt); mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_x509_crt_free(&crt); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 6ac695f9d..25d68b033 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -19,9 +19,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) if (ret == 0) { ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: - mbedtls_x509_csr_free(&csr); mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ +mbedtls_x509_csr_free(&csr); #else (void) Data; (void) Size; diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 20fc17f90..cd21743fb 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -420,7 +420,9 @@ exit: mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 82a4de12a..2f308304b 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -284,7 +284,9 @@ cleanup: #endif mbedtls_pk_free(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 4da4f653a..e986ada82 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -409,7 +409,9 @@ exit: mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); mbedtls_pk_free(&key); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 9ab01ecc9..c3ff53d9f 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -151,7 +151,9 @@ exit: mbedtls_pk_free(&pk); mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index f3c327465..5f5a424fe 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -153,7 +153,9 @@ exit: mbedtls_pk_free(&pk); mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index a52584a38..2a8b7a4cf 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -150,7 +150,9 @@ exit: mbedtls_pk_free(&pk); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 49b520489..96a5d28f1 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -126,7 +126,9 @@ int main(int argc, char *argv[]) exit: mbedtls_pk_free(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 63bc755f3..effff259b 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -158,7 +158,9 @@ exit: mbedtls_pk_free(&pk); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 9fb0401d1..a9c75ef70 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -136,7 +136,9 @@ int main(int argc, char *argv[]) exit: mbedtls_pk_free(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index c35c4e265..beac5d5d9 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -339,7 +339,9 @@ exit: mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 568ef1fe1..2128d02c9 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -404,7 +404,9 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) printf(" Press Enter to exit this program.\n"); diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 620885963..27154d8f8 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -281,7 +281,9 @@ exit: #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_free(&ca); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(ret); } diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 6d8ff0bb8..933ae7555 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -289,7 +289,9 @@ exit: mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index be8dee525..d503fab56 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -1017,7 +1017,9 @@ int main(int argc, char *argv[]) printf("Finished. No valid base64 code found\n"); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ return 0; } diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index efa9ad1e0..adba12aab 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -384,7 +384,9 @@ exit: mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" Press Enter to exit this program.\n"); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 27bf137be..89a26fc70 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -801,7 +801,9 @@ exit: mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index e57c63ec8..b4a718d7a 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -492,7 +492,9 @@ exit: #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_free(); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" Press Enter to exit this program.\n"); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 0da0f8705..69fd0bb06 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -366,7 +366,9 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" Press Enter to exit this program.\n"); diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 721de84a9..294e994c7 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -461,7 +461,9 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 43b1eb1e9..db200d9b1 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -374,7 +374,9 @@ exit: mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index bf46799a0..02ff836aa 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -726,7 +726,9 @@ exit: mbedtls_mpi_free(&serial); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index f99d9ac68..e3e057773 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -136,7 +136,9 @@ usage: exit: mbedtls_x509_crl_free(&crl); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index bca6e883a..e28f35a79 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -200,7 +200,9 @@ int main(int argc, char *argv[]) exit_code = MBEDTLS_EXIT_SUCCESS; exit: +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } #endif /* necessary configuration */ diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index b1fc98ca7..b447c6aa1 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -136,7 +136,9 @@ usage: exit: mbedtls_x509_csr_free(&csr); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(_WIN32) mbedtls_printf(" + Press Enter to exit this program.\n"); From 44f2694ad79667e7b64c90e7b7400399f23f2586 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 24 Apr 2023 09:00:14 +0200 Subject: [PATCH 10/10] Fix code-style Signed-off-by: Przemek Stekiel --- programs/fuzz/fuzz_pubkey.c | 2 +- programs/fuzz/fuzz_x509csr.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index 199f8e689..daca2b3d5 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -74,7 +74,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) exit: mbedtls_psa_crypto_free(); #endif /* MBEDTLS_USE_PSA_CRYPTO */ -mbedtls_pk_free(&pk); + mbedtls_pk_free(&pk); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 25d68b033..0ca9b870b 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -23,7 +23,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) exit: mbedtls_psa_crypto_free(); #endif /* MBEDTLS_USE_PSA_CRYPTO */ -mbedtls_x509_csr_free(&csr); + mbedtls_x509_csr_free(&csr); #else (void) Data; (void) Size;