From 89c636e6cf3c623771f23adec4a48e705a944d31 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 14 Apr 2023 09:26:39 +0200 Subject: [PATCH 01/10] Init PSA in ssl and x509 programs Signed-off-by: Przemek Stekiel --- programs/ssl/dtls_client.c | 10 ++++++++++ programs/ssl/dtls_server.c | 10 ++++++++++ programs/ssl/mini_client.c | 10 ++++++++++ programs/ssl/ssl_client1.c | 9 +++++++++ programs/ssl/ssl_context_info.c | 10 ++++++++++ programs/ssl/ssl_fork_server.c | 9 +++++++++ programs/ssl/ssl_mail_client.c | 9 +++++++++ programs/ssl/ssl_pthread_server.c | 10 ++++++++++ programs/ssl/ssl_server.c | 10 ++++++++++ programs/x509/cert_app.c | 9 +++++++++ programs/x509/cert_req.c | 9 +++++++++ programs/x509/cert_write.c | 9 +++++++++ programs/x509/crl_app.c | 9 +++++++++ programs/x509/load_roots.c | 9 +++++++++ programs/x509/req_app.c | 9 +++++++++ 15 files changed, 141 insertions(+) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 44a135f3e..f8bde8f8d 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -97,6 +97,16 @@ int main(int argc, char *argv[]) ((void) argc); ((void) argv); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 6f8c8415f..14c714128 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -106,6 +106,16 @@ int main(void) mbedtls_ssl_cache_context cache; #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 6dbbc6d20..4cecd2655 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -166,6 +166,16 @@ int main(void) mbedtls_ssl_config conf; mbedtls_ctr_drbg_init(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * 0. Initialize and setup stuff */ diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index ea96a4d61..a497c60f5 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -83,6 +83,15 @@ int main(void) mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * 0. Initialize the RNG and the session data */ diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 0ba0d2c04..58ee91995 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -21,6 +21,7 @@ #include "mbedtls/build_info.h" #include "mbedtls/debug.h" +#include "mbedtls/platform.h" #include #include @@ -933,6 +934,15 @@ int main(int argc, char *argv[]) size_t ssl_max_len = SSL_INIT_LEN; size_t ssl_len = 0; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* The 'b64_file' is opened when parsing arguments to check that the * file name is correct */ parse_arguments(argc, argv); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 7ee880d38..34dadbdeb 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -96,6 +96,15 @@ int main(void) mbedtls_x509_crt srvcert; mbedtls_pk_context pkey; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 3b040aaab..182eae923 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -358,6 +358,15 @@ int main(int argc, char *argv[]) char *p, *q; const int *list; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Make sure memory references are valid in case we exit early. */ diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 2b3baffa4..957606222 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -306,6 +306,16 @@ int main(void) mbedtls_ssl_cache_context cache; #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); #endif diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 7dabda8ae..22bfd42a6 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -92,6 +92,16 @@ int main(void) mbedtls_ssl_cache_context cache; #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index a9656c6c1..042b80e43 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -145,6 +145,15 @@ int main(int argc, char *argv[]) char *p, *q; const char *pers = "cert_app"; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Set to sane values */ diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 396aaf3f8..0d71f4d90 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -172,6 +172,15 @@ int main(int argc, char *argv[]) const char *pers = "csr example app"; mbedtls_x509_san_list *cur, *prev; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Set to sane values */ diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index a82268424..bdcae9e42 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -315,6 +315,15 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "crt example app"; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Set to sane values */ diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index d74a4887e..840f74e74 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -65,6 +65,15 @@ int main(int argc, char *argv[]) int i; char *p, *q; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Set to sane values */ diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index 237bd7cab..858a38246 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -128,6 +128,15 @@ int main(int argc, char *argv[]) goto exit; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + opt.filenames = NULL; opt.iterations = DFL_ITERATIONS; opt.prime_cache = DFL_PRIME_CACHE; diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index 83e2546ed..b866c8ed3 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -65,6 +65,15 @@ int main(int argc, char *argv[]) int i; char *p, *q; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * Set to sane values */ From 6260ee9cabfe6b80867d67762a0fc7c0b6ac62ba Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 14 Apr 2023 12:28:16 +0200 Subject: [PATCH 02/10] cert_app: init entropy unconditionally When mbedtls_entropy_free() is called without mbedtls_entropy_init() entropy is uninitialized and contains garbage which may lead to segmentation fault. Signed-off-by: Przemek Stekiel --- programs/x509/cert_app.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 042b80e43..b212ac305 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -162,6 +162,7 @@ int main(int argc, char *argv[]) mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); mbedtls_x509_crt_init(&cacert); + mbedtls_entropy_init(&entropy); #if defined(MBEDTLS_X509_CRL_PARSE_C) mbedtls_x509_crl_init(&cacrl); #else @@ -347,7 +348,6 @@ usage: mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - mbedtls_entropy_init(&entropy); if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers))) != 0) { From a0a1c1eab514b4b2a12cdcc03d0c3631ee4f468d Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 17 Apr 2023 11:10:05 +0200 Subject: [PATCH 03/10] Move psa_crypto_init() after other init calls Signed-off-by: Przemek Stekiel --- programs/ssl/dtls_client.c | 22 +++++++++++----------- programs/ssl/dtls_server.c | 20 ++++++++++---------- programs/ssl/mini_client.c | 22 +++++++++++----------- programs/ssl/ssl_client1.c | 21 +++++++++++---------- programs/ssl/ssl_fork_server.c | 18 +++++++++--------- programs/ssl/ssl_mail_client.c | 20 ++++++++++---------- programs/ssl/ssl_pthread_server.c | 20 ++++++++++---------- programs/ssl/ssl_server.c | 20 ++++++++++---------- programs/x509/cert_app.c | 18 +++++++++--------- programs/x509/cert_req.c | 18 +++++++++--------- programs/x509/cert_write.c | 18 +++++++++--------- programs/x509/crl_app.c | 10 +++++----- programs/x509/req_app.c | 10 +++++----- 13 files changed, 119 insertions(+), 118 deletions(-) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index f8bde8f8d..240e7ae54 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -97,16 +97,6 @@ int main(int argc, char *argv[]) ((void) argc); ((void) argv); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif @@ -119,11 +109,21 @@ int main(int argc, char *argv[]) mbedtls_ssl_config_init(&conf); mbedtls_x509_crt_init(&cacert); mbedtls_ctr_drbg_init(&ctr_drbg); + mbedtls_entropy_init(&entropy); + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - mbedtls_entropy_init(&entropy); if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers))) != 0) { diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 14c714128..a72eb1547 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -106,16 +106,6 @@ int main(void) mbedtls_ssl_cache_context cache; #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); @@ -129,6 +119,16 @@ int main(void) mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 4cecd2655..98052da30 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -166,6 +166,17 @@ int main(void) mbedtls_ssl_config conf; mbedtls_ctr_drbg_init(&ctr_drbg); + /* + * 0. Initialize and setup stuff + */ + mbedtls_net_init(&server_fd); + mbedtls_ssl_init(&ssl); + mbedtls_ssl_config_init(&conf); +#if defined(MBEDTLS_X509_CRT_PARSE_C) + mbedtls_x509_crt_init(&ca); +#endif + mbedtls_entropy_init(&entropy); + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -176,17 +187,6 @@ int main(void) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * 0. Initialize and setup stuff - */ - mbedtls_net_init(&server_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); -#if defined(MBEDTLS_X509_CRT_PARSE_C) - mbedtls_x509_crt_init(&ca); -#endif - - mbedtls_entropy_init(&entropy); if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { ret = ctr_drbg_seed_failed; diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index a497c60f5..c7aaf49fe 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -83,6 +83,16 @@ int main(void) mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif + /* + * 0. Initialize the RNG and the session data + */ + mbedtls_net_init(&server_fd); + mbedtls_ssl_init(&ssl); + mbedtls_ssl_config_init(&conf); + mbedtls_x509_crt_init(&cacert); + mbedtls_ctr_drbg_init(&ctr_drbg); + mbedtls_entropy_init(&entropy); + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -92,19 +102,10 @@ int main(void) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * 0. Initialize the RNG and the session data - */ - mbedtls_net_init(&server_fd); - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_x509_crt_init(&cacert); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - mbedtls_entropy_init(&entropy); + if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers))) != 0) { diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 34dadbdeb..123091d25 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -96,15 +96,6 @@ int main(void) mbedtls_x509_crt srvcert; mbedtls_pk_context pkey; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); @@ -114,6 +105,15 @@ int main(void) mbedtls_x509_crt_init(&srvcert); mbedtls_ctr_drbg_init(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + signal(SIGCHLD, SIG_IGN); /* diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 182eae923..5ac726f2f 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -358,15 +358,6 @@ int main(int argc, char *argv[]) char *p, *q; const int *list; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* * Make sure memory references are valid in case we exit early. */ @@ -378,6 +369,16 @@ int main(int argc, char *argv[]) mbedtls_x509_crt_init(&clicert); mbedtls_pk_init(&pkey); mbedtls_ctr_drbg_init(&ctr_drbg); + mbedtls_entropy_init(&entropy); + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (argc < 2) { usage: @@ -467,7 +468,6 @@ usage: mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - mbedtls_entropy_init(&entropy); if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers))) != 0) { diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 957606222..206d8f336 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -306,16 +306,6 @@ int main(void) mbedtls_ssl_cache_context cache; #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); #endif @@ -342,6 +332,16 @@ int main(void) */ mbedtls_entropy_init(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + /* * 1a. Seed the random number generator */ diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 22bfd42a6..d70fdb1ee 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -92,16 +92,6 @@ int main(void) mbedtls_ssl_cache_context cache; #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); mbedtls_ssl_init(&ssl); @@ -114,6 +104,16 @@ int main(void) mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold(DEBUG_LEVEL); #endif diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index b212ac305..13d96ea55 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -145,15 +145,6 @@ int main(int argc, char *argv[]) char *p, *q; const char *pers = "cert_app"; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* * Set to sane values */ @@ -171,6 +162,15 @@ int main(int argc, char *argv[]) memset(&cacrl, 0, sizeof(mbedtls_x509_crl)); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc < 2) { usage: mbedtls_printf(USAGE); diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 0d71f4d90..a3eafff31 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -172,6 +172,15 @@ int main(int argc, char *argv[]) const char *pers = "csr example app"; mbedtls_x509_san_list *cur, *prev; + /* + * Set to sane values + */ + mbedtls_x509write_csr_init(&req); + mbedtls_pk_init(&key); + mbedtls_ctr_drbg_init(&ctr_drbg); + memset(buf, 0, sizeof(buf)); + mbedtls_entropy_init(&entropy); + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -181,14 +190,6 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * Set to sane values - */ - mbedtls_x509write_csr_init(&req); - mbedtls_pk_init(&key); - mbedtls_ctr_drbg_init(&ctr_drbg); - memset(buf, 0, sizeof(buf)); - if (argc < 2) { usage: mbedtls_printf(USAGE); @@ -397,7 +398,6 @@ usage: mbedtls_printf(" . Seeding the random number generator..."); fflush(stdout); - mbedtls_entropy_init(&entropy); if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers))) != 0) { diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index bdcae9e42..7b47e5485 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -315,15 +315,6 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "crt example app"; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* * Set to sane values */ @@ -339,6 +330,15 @@ int main(int argc, char *argv[]) memset(buf, 0, sizeof(buf)); memset(serial, 0, sizeof(serial)); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc < 2) { usage: mbedtls_printf(USAGE); diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index 840f74e74..f45d0b891 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -65,6 +65,11 @@ int main(int argc, char *argv[]) int i; char *p, *q; + /* + * Set to sane values + */ + mbedtls_x509_crl_init(&crl); + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -74,11 +79,6 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * Set to sane values - */ - mbedtls_x509_crl_init(&crl); - if (argc < 2) { usage: mbedtls_printf(USAGE); diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index b866c8ed3..c63f896f1 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -65,6 +65,11 @@ int main(int argc, char *argv[]) int i; char *p, *q; + /* + * Set to sane values + */ + mbedtls_x509_csr_init(&csr); + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -74,11 +79,6 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * Set to sane values - */ - mbedtls_x509_csr_init(&csr); - if (argc < 2) { usage: mbedtls_printf(USAGE); From e296868b25377bb7adfb31ea08cb5da6ec2ff165 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 17 Apr 2023 11:11:01 +0200 Subject: [PATCH 04/10] Remove print from mini_client Signed-off-by: Przemek Stekiel --- programs/ssl/mini_client.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 98052da30..6454ede4f 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -180,8 +180,6 @@ int main(void) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto exit; } From a8c560a799b27f87568f1f3b52fbab6a03f4f915 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 19 Apr 2023 10:15:26 +0200 Subject: [PATCH 05/10] Free psa crypto at the end of programs when initialized Signed-off-by: Przemek Stekiel --- programs/ssl/dtls_client.c | 2 +- programs/ssl/dtls_server.c | 1 + programs/ssl/mini_client.c | 2 +- programs/ssl/ssl_client1.c | 2 +- programs/ssl/ssl_context_info.c | 2 ++ programs/ssl/ssl_fork_server.c | 2 +- programs/ssl/ssl_mail_client.c | 1 + programs/ssl/ssl_pthread_server.c | 4 +--- programs/ssl/ssl_server.c | 2 +- programs/x509/cert_app.c | 1 + programs/x509/cert_req.c | 1 + programs/x509/cert_write.c | 1 + programs/x509/crl_app.c | 1 + programs/x509/load_roots.c | 11 ++++++----- programs/x509/req_app.c | 1 + 15 files changed, 21 insertions(+), 13 deletions(-) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 240e7ae54..030bc971e 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -334,12 +334,12 @@ exit: #endif mbedtls_net_free(&server_fd); - mbedtls_x509_crt_free(&cacert); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); /* Shell can not handle large exit numbers -> 1 for errors */ if (ret < 0) { diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index a72eb1547..08f836813 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -404,6 +404,7 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); /* Shell can not handle large exit numbers -> 1 for errors */ if (ret < 0) { diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 6454ede4f..91bc9e0f9 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -270,7 +270,6 @@ int main(void) exit: mbedtls_net_free(&server_fd); - mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); @@ -278,6 +277,7 @@ exit: #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_free(&ca); #endif + mbedtls_psa_crypto_free(); mbedtls_exit(ret); } diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index c7aaf49fe..b52ad2fc8 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -284,12 +284,12 @@ exit: #endif mbedtls_net_free(&server_fd); - mbedtls_x509_crt_free(&cacert); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 58ee91995..e2c4333ae 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -1011,6 +1011,8 @@ int main(int argc, char *argv[]) printf("Finished. No valid base64 code found\n"); } + mbedtls_psa_crypto_free(); + return 0; } diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 123091d25..d8cc85b2d 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -375,13 +375,13 @@ int main(void) exit: mbedtls_net_free(&client_fd); mbedtls_net_free(&listen_fd); - mbedtls_x509_crt_free(&srvcert); mbedtls_pk_free(&pkey); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 5ac726f2f..ae5165c20 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -805,6 +805,7 @@ exit: mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 206d8f336..a4325fb5f 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -483,14 +483,12 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); mbedtls_ssl_config_free(&conf); - mbedtls_net_free(&listen_fd); - mbedtls_mutex_free(&debug_mutex); - #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_free(); #endif + mbedtls_psa_crypto_free(); mbedtls_exit(ret); } diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index d70fdb1ee..e8ac67bea 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -353,7 +353,6 @@ exit: mbedtls_net_free(&client_fd); mbedtls_net_free(&listen_fd); - mbedtls_x509_crt_free(&srvcert); mbedtls_pk_free(&pkey); mbedtls_ssl_free(&ssl); @@ -363,6 +362,7 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); mbedtls_exit(ret); } diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 13d96ea55..83a31ad35 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -457,6 +457,7 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index a3eafff31..1ca836241 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -469,6 +469,7 @@ exit: mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); cur = opt.san_list; while (cur != NULL) { diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 7b47e5485..e3bd69ae6 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -894,6 +894,7 @@ exit: mbedtls_pk_free(&loaded_issuer_key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index f45d0b891..aa2e711a9 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -134,6 +134,7 @@ usage: exit: mbedtls_x509_crl_free(&crl); + mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index 858a38246..43ca0be16 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -123,11 +123,6 @@ int main(int argc, char *argv[]) struct mbedtls_timing_hr_time timer; unsigned long ms; - if (argc <= 1) { - mbedtls_printf(USAGE); - goto exit; - } - #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { @@ -137,6 +132,11 @@ int main(int argc, char *argv[]) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc <= 1) { + mbedtls_printf(USAGE); + goto exit; + } + opt.filenames = NULL; opt.iterations = DFL_ITERATIONS; opt.prime_cache = DFL_PRIME_CACHE; @@ -196,6 +196,7 @@ int main(int argc, char *argv[]) exit_code = MBEDTLS_EXIT_SUCCESS; exit: + mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } #endif /* necessary configuration */ diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index c63f896f1..f5fbc799d 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -134,6 +134,7 @@ usage: exit: mbedtls_x509_csr_free(&csr); + mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } From 2c1ef0967c6283278a9fa63818995cab545defad Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 19 Apr 2023 09:38:12 +0200 Subject: [PATCH 06/10] Init PSA in pkey programs Signed-off-by: Przemek Stekiel --- programs/pkey/gen_key.c | 10 ++++++++++ programs/pkey/key_app.c | 11 ++++++++++- programs/pkey/key_app_writer.c | 10 ++++++++++ programs/pkey/pk_decrypt.c | 10 ++++++++++ programs/pkey/pk_encrypt.c | 10 ++++++++++ programs/pkey/pk_sign.c | 10 ++++++++++ programs/pkey/pk_verify.c | 10 ++++++++++ programs/pkey/rsa_sign_pss.c | 10 ++++++++++ programs/pkey/rsa_verify_pss.c | 10 ++++++++++ 9 files changed, 90 insertions(+), 1 deletion(-) diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 029558d81..464c38144 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -200,6 +200,15 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_init(&ctr_drbg); memset(buf, 0, sizeof(buf)); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc < 2) { usage: mbedtls_printf(USAGE); @@ -407,6 +416,7 @@ exit: mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index c80dcd0a1..3ebade2d2 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -99,6 +99,15 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); memset(buf, 0, sizeof(buf)); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto cleanup; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); @@ -305,8 +314,8 @@ cleanup: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); - mbedtls_pk_free(&pk); + mbedtls_psa_crypto_free(); mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 862c93f4c..69fa7f32c 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -216,6 +216,15 @@ int main(int argc, char *argv[]) memset(buf, 0, sizeof(buf)); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); @@ -422,6 +431,7 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 88626364e..2ba66e8e6 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -67,6 +67,15 @@ int main(int argc, char *argv[]) memset(result, 0, sizeof(result)); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc != 2) { mbedtls_printf("usage: mbedtls_pk_decrypt \n"); @@ -139,6 +148,7 @@ exit: mbedtls_pk_free(&pk); mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); + mbedtls_psa_crypto_free(); #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index eab3f086a..58d6d706b 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -63,6 +63,15 @@ int main(int argc, char *argv[]) mbedtls_entropy_init(&entropy); mbedtls_pk_init(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc != 3) { mbedtls_printf("usage: mbedtls_pk_encrypt \n"); @@ -140,6 +149,7 @@ exit: mbedtls_pk_free(&pk); mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); + mbedtls_psa_crypto_free(); #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 82cb6a1d6..4179ff5ba 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -63,6 +63,15 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_pk_init(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc != 3) { mbedtls_printf("usage: mbedtls_pk_sign \n"); @@ -140,6 +149,7 @@ exit: mbedtls_pk_free(&pk); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 0c549e06e..dd60ac69b 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -55,6 +55,15 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc != 3) { mbedtls_printf("usage: mbedtls_pk_verify \n"); @@ -114,6 +123,7 @@ int main(int argc, char *argv[]) exit: mbedtls_pk_free(&pk); + mbedtls_psa_crypto_free(); #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 03882cd2f..16dca8b54 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -64,6 +64,15 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); mbedtls_ctr_drbg_init(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc != 3) { mbedtls_printf("usage: rsa_sign_pss \n"); @@ -153,6 +162,7 @@ exit: mbedtls_pk_free(&pk); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index e21e92749..1637c3183 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -58,6 +58,15 @@ int main(int argc, char *argv[]) mbedtls_pk_init(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (argc != 3) { mbedtls_printf("usage: rsa_verify_pss \n"); @@ -129,6 +138,7 @@ int main(int argc, char *argv[]) exit: mbedtls_pk_free(&pk); + mbedtls_psa_crypto_free(); mbedtls_exit(exit_code); } From 6cec5e9d9e2d61ec8a612e02fe1db57c4b69cc89 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 19 Apr 2023 09:41:02 +0200 Subject: [PATCH 07/10] Add changelog entry (PSA initialization in sample programs) Signed-off-by: Przemek Stekiel --- ChangeLog.d/programs_psa_fix.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/programs_psa_fix.txt diff --git a/ChangeLog.d/programs_psa_fix.txt b/ChangeLog.d/programs_psa_fix.txt new file mode 100644 index 000000000..fe2099ecc --- /dev/null +++ b/ChangeLog.d/programs_psa_fix.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix missing PSA initialization in sample programs when + MBEDTLS_USE_PSA_CRYPTO is enabled. From 774f9debf290e80a05e7dc6d59e12a7538fbfd74 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 19 Apr 2023 11:47:01 +0200 Subject: [PATCH 08/10] Init PSA in fuzz programs Signed-off-by: Przemek Stekiel --- programs/fuzz/fuzz_client.c | 8 ++++++++ programs/fuzz/fuzz_dtlsclient.c | 8 ++++++++ programs/fuzz/fuzz_dtlsserver.c | 25 ++++++++++++++++++++----- programs/fuzz/fuzz_privkey.c | 15 +++++++++++++-- programs/fuzz/fuzz_pubkey.c | 8 ++++++++ programs/fuzz/fuzz_server.c | 30 ++++++++++++++++++++++-------- programs/fuzz/fuzz_x509crl.c | 8 ++++++++ programs/fuzz/fuzz_x509crt.c | 8 ++++++++ programs/fuzz/fuzz_x509csr.c | 8 ++++++++ 9 files changed, 103 insertions(+), 15 deletions(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 56a5efe78..4a0f6df44 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -78,6 +78,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { goto exit; @@ -175,6 +182,7 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); + mbedtls_psa_crypto_free(); #else (void) Data; diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index a58f6f45b..f21510cd7 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -61,6 +61,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + srand(1); if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { @@ -119,6 +126,7 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); + mbedtls_psa_crypto_free(); #else (void) Data; diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index cdd69c070..bda8c77e1 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -50,6 +50,20 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); +#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) + mbedtls_x509_crt_init(&srvcert); + mbedtls_pk_init(&pkey); +#endif + mbedtls_ssl_init(&ssl); + mbedtls_ssl_config_init(&conf); + mbedtls_ssl_cookie_init(&cookie_ctx); + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { @@ -58,8 +72,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) if (initialized == 0) { #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_x509_crt_init(&srvcert); - mbedtls_pk_init(&pkey); + if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt, mbedtls_test_srv_crt_len) != 0) { return 1; @@ -78,9 +91,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) initialized = 1; } - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); - mbedtls_ssl_cookie_init(&cookie_ctx); if (mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER, @@ -154,9 +164,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) exit: mbedtls_ssl_cookie_free(&cookie_ctx); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) + mbedtls_pk_free(&pkey); + mbedtls_x509_crt_free(&srvcert); +#endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); + mbedtls_psa_crypto_free(); #else (void) Data; diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index 39c23e21e..622c34554 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -30,13 +30,20 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); + mbedtls_pk_init(&pk); + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { - return 1; + goto exit; } - mbedtls_pk_init(&pk); ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0, dummy_random, &ctr_drbg); if (ret == 0) { @@ -83,7 +90,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) abort(); } } +exit: + mbedtls_entropy_free(&entropy); + mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_pk_free(&pk); + mbedtls_psa_crypto_free(); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index 7f5e4aa0b..894697365 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -11,6 +11,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_pk_context pk; mbedtls_pk_init(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_pk_parse_public_key(&pk, Data, Size); if (ret == 0) { #if defined(MBEDTLS_RSA_C) @@ -66,7 +72,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) abort(); } } +exit: mbedtls_pk_free(&pk); + mbedtls_psa_crypto_free(); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index cd021e1b4..e7678590a 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -58,6 +58,21 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); +#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) + mbedtls_x509_crt_init(&srvcert); + mbedtls_pk_init(&pkey); +#endif + mbedtls_ssl_init(&ssl); + mbedtls_ssl_config_init(&conf); +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) + mbedtls_ssl_ticket_init(&ticket_ctx); +#endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, (const unsigned char *) pers, strlen(pers)) != 0) { @@ -67,8 +82,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) if (initialized == 0) { #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_x509_crt_init(&srvcert); - mbedtls_pk_init(&pkey); if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt, mbedtls_test_srv_crt_len) != 0) { return 1; @@ -92,11 +105,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) initialized = 1; } - mbedtls_ssl_init(&ssl); - mbedtls_ssl_config_init(&conf); -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) - mbedtls_ssl_ticket_init(&ticket_ctx); -#endif if (mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER, @@ -193,8 +201,14 @@ exit: mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); +#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) + mbedtls_x509_crt_free(&srvcert); + mbedtls_pk_free(&pkey); +#endif mbedtls_ssl_free(&ssl); - +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_psa_crypto_free(); +#endif #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 6ff0c05b2..df0abb2a3 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -11,6 +11,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) unsigned char buf[4096]; mbedtls_x509_crl_init(&crl); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_x509_crl_parse(&crl, Data, Size); #if !defined(MBEDTLS_X509_REMOVE_INFO) if (ret == 0) { @@ -20,7 +26,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) ((void) ret); ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ +exit: mbedtls_x509_crl_free(&crl); + mbedtls_psa_crypto_free(); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index 858c1ffe3..157456cb3 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -11,6 +11,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) unsigned char buf[4096]; mbedtls_x509_crt_init(&crt); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_x509_crt_parse(&crt, Data, Size); #if !defined(MBEDTLS_X509_REMOVE_INFO) if (ret == 0) { @@ -20,7 +26,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) ((void) ret); ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ +exit: mbedtls_x509_crt_free(&crt); + mbedtls_psa_crypto_free(); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 39fb4cb0d..7c9855792 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -11,6 +11,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) unsigned char buf[4096]; mbedtls_x509_csr_init(&csr); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ret = mbedtls_x509_csr_parse(&csr, Data, Size); #if !defined(MBEDTLS_X509_REMOVE_INFO) if (ret == 0) { @@ -20,7 +26,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) ((void) ret); ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ +exit: mbedtls_x509_csr_free(&csr); + mbedtls_psa_crypto_free(); #else (void) Data; (void) Size; From 758aef60c59a9811cd96117dd7c67582e093b946 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 19 Apr 2023 13:47:43 +0200 Subject: [PATCH 09/10] Add guards for mbedtls_psa_crypto_free() Signed-off-by: Przemek Stekiel --- programs/fuzz/fuzz_client.c | 2 ++ programs/fuzz/fuzz_dtlsclient.c | 2 ++ programs/fuzz/fuzz_dtlsserver.c | 2 ++ programs/fuzz/fuzz_privkey.c | 2 ++ programs/fuzz/fuzz_pubkey.c | 4 +++- programs/fuzz/fuzz_x509crl.c | 5 ++++- programs/fuzz/fuzz_x509crt.c | 5 ++++- programs/fuzz/fuzz_x509csr.c | 5 ++++- programs/pkey/gen_key.c | 2 ++ programs/pkey/key_app.c | 2 ++ programs/pkey/key_app_writer.c | 2 ++ programs/pkey/pk_decrypt.c | 2 ++ programs/pkey/pk_encrypt.c | 2 ++ programs/pkey/pk_sign.c | 2 ++ programs/pkey/pk_verify.c | 2 ++ programs/pkey/rsa_sign_pss.c | 2 ++ programs/pkey/rsa_verify_pss.c | 2 ++ programs/ssl/dtls_client.c | 2 ++ programs/ssl/dtls_server.c | 2 ++ programs/ssl/mini_client.c | 2 ++ programs/ssl/ssl_client1.c | 2 ++ programs/ssl/ssl_context_info.c | 2 ++ programs/ssl/ssl_fork_server.c | 2 ++ programs/ssl/ssl_mail_client.c | 2 ++ programs/ssl/ssl_pthread_server.c | 2 ++ programs/ssl/ssl_server.c | 2 ++ programs/x509/cert_app.c | 2 ++ programs/x509/cert_req.c | 2 ++ programs/x509/cert_write.c | 2 ++ programs/x509/crl_app.c | 2 ++ programs/x509/load_roots.c | 2 ++ programs/x509/req_app.c | 2 ++ 32 files changed, 71 insertions(+), 4 deletions(-) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 4a0f6df44..d4e1d74cd 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -182,7 +182,9 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index f21510cd7..365902684 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -126,7 +126,9 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index bda8c77e1..1632e9df6 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -171,7 +171,9 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ssl_config_free(&conf); mbedtls_ssl_free(&ssl); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index 622c34554..ce7562488 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -94,7 +94,9 @@ exit: mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_pk_free(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index 894697365..63c57b698 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -72,9 +72,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) abort(); } } +#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: - mbedtls_pk_free(&pk); mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ +mbedtls_pk_free(&pk); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index df0abb2a3..313540d76 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -26,9 +26,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) ((void) ret); ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: - mbedtls_x509_crl_free(&crl); mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_x509_crl_free(&crl); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index 157456cb3..8442090cd 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -26,9 +26,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) ((void) ret); ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: - mbedtls_x509_crt_free(&crt); mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_x509_crt_free(&crt); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 7c9855792..5da0b9e78 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -26,9 +26,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) ((void) ret); ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) exit: - mbedtls_x509_csr_free(&csr); mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ +mbedtls_x509_csr_free(&csr); #else (void) Data; (void) Size; diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 464c38144..9bee27505 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -416,7 +416,9 @@ exit: mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 3ebade2d2..cd16e3320 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -315,7 +315,9 @@ cleanup: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); mbedtls_pk_free(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 69fa7f32c..e8f3e85a9 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -431,7 +431,9 @@ exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 2ba66e8e6..f60c946ed 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -148,7 +148,9 @@ exit: mbedtls_pk_free(&pk); mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 58d6d706b..04e5cc702 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -149,7 +149,9 @@ exit: mbedtls_pk_free(&pk); mbedtls_entropy_free(&entropy); mbedtls_ctr_drbg_free(&ctr_drbg); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 4179ff5ba..57bd796c8 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -149,7 +149,9 @@ exit: mbedtls_pk_free(&pk); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index dd60ac69b..bca985b14 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -123,7 +123,9 @@ int main(int argc, char *argv[]) exit: mbedtls_pk_free(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ERROR_C) if (exit_code != MBEDTLS_EXIT_SUCCESS) { diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 16dca8b54..999669e66 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -162,7 +162,9 @@ exit: mbedtls_pk_free(&pk); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 1637c3183..8a1fb5908 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -138,7 +138,9 @@ int main(int argc, char *argv[]) exit: mbedtls_pk_free(&pk); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 030bc971e..e47715c00 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -339,7 +339,9 @@ exit: mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Shell can not handle large exit numbers -> 1 for errors */ if (ret < 0) { diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 08f836813..f2181302e 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -404,7 +404,9 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Shell can not handle large exit numbers -> 1 for errors */ if (ret < 0) { diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 91bc9e0f9..e8f4797b8 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -277,7 +277,9 @@ exit: #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_free(&ca); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(ret); } diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index b52ad2fc8..259b8f930 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -289,7 +289,9 @@ exit: mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index e2c4333ae..a5f065032 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -1011,7 +1011,9 @@ int main(int argc, char *argv[]) printf("Finished. No valid base64 code found\n"); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ return 0; } diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index d8cc85b2d..4777ee0d9 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -381,7 +381,9 @@ exit: mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index ae5165c20..fb6f37135 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -805,7 +805,9 @@ exit: mbedtls_ssl_config_free(&conf); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index a4325fb5f..9416c3cf2 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -488,7 +488,9 @@ exit: #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_free(); #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(ret); } diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index e8ac67bea..bb4915516 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -362,7 +362,9 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(ret); } diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 83a31ad35..51a79ecb5 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -457,7 +457,9 @@ exit: #endif mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 1ca836241..1772f87d9 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -469,7 +469,9 @@ exit: mbedtls_pk_free(&key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ cur = opt.san_list; while (cur != NULL) { diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index e3bd69ae6..51b09f3d6 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -894,7 +894,9 @@ exit: mbedtls_pk_free(&loaded_issuer_key); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index aa2e711a9..6c671ff3f 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -134,7 +134,9 @@ usage: exit: mbedtls_x509_crl_free(&crl); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index 43ca0be16..d024e9822 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -196,7 +196,9 @@ int main(int argc, char *argv[]) exit_code = MBEDTLS_EXIT_SUCCESS; exit: +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } #endif /* necessary configuration */ diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index f5fbc799d..64b9f0bb2 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -134,7 +134,9 @@ usage: exit: mbedtls_x509_csr_free(&csr); +#if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_exit(exit_code); } From 5346396c486c3fa33c6a95e5cb50ed3b8fafe13b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 24 Apr 2023 09:00:14 +0200 Subject: [PATCH 10/10] Fix code-style Signed-off-by: Przemek Stekiel --- programs/fuzz/fuzz_pubkey.c | 2 +- programs/fuzz/fuzz_x509csr.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index 63c57b698..9203b4e61 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -76,7 +76,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) exit: mbedtls_psa_crypto_free(); #endif /* MBEDTLS_USE_PSA_CRYPTO */ -mbedtls_pk_free(&pk); + mbedtls_pk_free(&pk); #else (void) Data; (void) Size; diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 5da0b9e78..395d3c28e 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -31,7 +31,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) exit: mbedtls_psa_crypto_free(); #endif /* MBEDTLS_USE_PSA_CRYPTO */ -mbedtls_x509_csr_free(&csr); + mbedtls_x509_csr_free(&csr); #else (void) Data; (void) Size;