Merge pull request #10364 from felixc-arm/doxygen-minor-fix
Remove `tf-psa-crypto/include/mbedtls/private` from Doxygen
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 1623731..12ddc27 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -100,17 +100,6 @@
option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF)
option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF)
-# Warning string - created as a list for compatibility with CMake 2.8
-set(CTR_DRBG_128_BIT_KEY_WARN_L1 "**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!\n")
-set(CTR_DRBG_128_BIT_KEY_WARN_L2 "**** Using 128-bit keys for CTR_DRBG limits the security of generated\n")
-set(CTR_DRBG_128_BIT_KEY_WARN_L3 "**** keys and operations that use random values generated to 128-bit security\n")
-
-set(CTR_DRBG_128_BIT_KEY_WARNING "${WARNING_BORDER}"
- "${CTR_DRBG_128_BIT_KEY_WARN_L1}"
- "${CTR_DRBG_128_BIT_KEY_WARN_L2}"
- "${CTR_DRBG_128_BIT_KEY_WARN_L3}"
- "${WARNING_BORDER}")
-
# Python 3 is only needed here to check for configuration warnings.
if(NOT CMAKE_VERSION VERSION_LESS 3.15.0)
set(Python3_FIND_STRATEGY LOCATION)
@@ -124,16 +113,6 @@
set(MBEDTLS_PYTHON_EXECUTABLE ${PYTHON_EXECUTABLE})
endif()
endif()
-if(MBEDTLS_PYTHON_EXECUTABLE)
-
- # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
- execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/mbedtls_config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
- RESULT_VARIABLE result)
- if(${result} EQUAL 0)
- message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING})
- endif()
-
-endif()
# We now potentially need to link all executables against PThreads, if available
set(CMAKE_THREAD_PREFER_PTHREAD TRUE)
diff --git a/ChangeLog.d/10285.txt b/ChangeLog.d/10285.txt
new file mode 100644
index 0000000..2ac05ab
--- /dev/null
+++ b/ChangeLog.d/10285.txt
@@ -0,0 +1,3 @@
+Removals
+ * Removed all public key sample programs from the programs/pkey
+ directory.
diff --git a/ChangeLog.d/runtime-version-interface.txt b/ChangeLog.d/runtime-version-interface.txt
new file mode 100644
index 0000000..1cf4266
--- /dev/null
+++ b/ChangeLog.d/runtime-version-interface.txt
@@ -0,0 +1,9 @@
+API changes
+ * Change the signature of the runtime version information methods that took
+ a char* as an argument to take zero arguments and return a const char*
+ instead. This aligns us with the interface used in TF PSA Crypto 1.0.
+ If you need to support linking against both Mbed TLS 3.x and 4.x, please
+ use the build-time version macros or mbedtls_version_get_number() to
+ determine the correct signature for mbedtls_version_get_string() and
+ mbedtls_version_get_string_full() before calling them.
+ Fixes issue #10308.
diff --git a/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt b/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt
new file mode 100644
index 0000000..e04f45a
--- /dev/null
+++ b/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt
@@ -0,0 +1,3 @@
+API changes
+ * Change the serial argument of the mbedtls_x509write_crt_set_serial_raw
+ function to a const to align with the rest of the API.
diff --git a/Makefile b/Makefile
index a580736..6706143 100644
--- a/Makefile
+++ b/Makefile
@@ -26,7 +26,6 @@
.PHONY: all no_test programs lib tests install uninstall clean test check lcov apidoc apidoc_clean
all: programs tests
- $(MAKE) post_build
no_test: programs
@@ -146,24 +145,6 @@
done
endif
-
-WARNING_BORDER_LONG =**********************************************************************************\n
-CTR_DRBG_128_BIT_KEY_WARN_L1=**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined! ****\n
-CTR_DRBG_128_BIT_KEY_WARN_L2=**** Using 128-bit keys for CTR_DRBG limits the security of generated ****\n
-CTR_DRBG_128_BIT_KEY_WARN_L3=**** keys and operations that use random values generated to 128-bit security ****\n
-
-CTR_DRBG_128_BIT_KEY_WARNING=\n$(WARNING_BORDER_LONG)$(CTR_DRBG_128_BIT_KEY_WARN_L1)$(CTR_DRBG_128_BIT_KEY_WARN_L2)$(CTR_DRBG_128_BIT_KEY_WARN_L3)$(WARNING_BORDER_LONG)
-
-# Post build steps
-post_build:
-ifndef WINDOWS
-
- # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
- -scripts/config.py get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \
- echo '$(CTR_DRBG_128_BIT_KEY_WARNING)'
-
-endif
-
clean: clean_more_on_top
$(MAKE) -C library clean
$(MAKE) -C programs clean
diff --git a/README.md b/README.md
index fc1536e..7981a02 100644
--- a/README.md
+++ b/README.md
@@ -72,7 +72,13 @@
Depending on your Python installation, you may need to invoke `python` instead of `python3`. To install the packages system-wide, omit the `--user` option.
* A C compiler for the host platform, for some test data.
-If you are cross-compiling, you must set the `CC` environment variable to a C compiler for the host platform when generating the configuration-independent files.
+The scripts that generate the configuration-independent files will look for a host C compiler in the following places (in order of preference):
+
+1. The `HOSTCC` environment variable. This can be used if `CC` is pointing to a cross-compiler.
+2. The `CC` environment variable.
+3. An executable called `cc` in the current path.
+
+Note: If you have multiple toolchains installed, it is recommended to set `CC` or `HOSTCC` to the intended host compiler before generating the files.
Any of the following methods are available to generate the configuration-independent files:
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 837787b..4a0b216 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -32,23 +32,14 @@
unsigned int mbedtls_version_get_number(void);
/**
- * Get the version string ("x.y.z").
- *
- * \param string The string that will receive the value.
- * (Should be at least 9 bytes in size)
+ * Get a pointer to the version string ("x.y.z").
*/
-void mbedtls_version_get_string(char *string);
+const char *mbedtls_version_get_string(void);
/**
- * Get the full version string ("Mbed TLS x.y.z").
- *
- * \param string The string that will receive the value. The Mbed TLS version
- * string will use 18 bytes AT MOST including a terminating
- * null byte.
- * (So the buffer should be at least 18 bytes to receive this
- * version string).
+ * Get a pointer to the full version string ("Mbed TLS x.y.z").
*/
-void mbedtls_version_get_string_full(char *string);
+const char *mbedtls_version_get_string_full(void);
/**
* \brief Check if support for a feature was compiled into this
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index bf418a6..bbe5fc4 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -956,7 +956,7 @@
* is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN)
*/
int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx,
- unsigned char *serial, size_t serial_len);
+ const unsigned char *serial, size_t serial_len);
/**
* \brief Set the validity period for a Certificate
diff --git a/library/version.c b/library/version.c
index 2cd947d..e828673 100644
--- a/library/version.c
+++ b/library/version.c
@@ -17,16 +17,14 @@
return MBEDTLS_VERSION_NUMBER;
}
-void mbedtls_version_get_string(char *string)
+const char *mbedtls_version_get_string(void)
{
- memcpy(string, MBEDTLS_VERSION_STRING,
- sizeof(MBEDTLS_VERSION_STRING));
+ return MBEDTLS_VERSION_STRING;
}
-void mbedtls_version_get_string_full(char *string)
+const char *mbedtls_version_get_string_full(void)
{
- memcpy(string, MBEDTLS_VERSION_STRING_FULL,
- sizeof(MBEDTLS_VERSION_STRING_FULL));
+ return MBEDTLS_VERSION_STRING_FULL;
}
#endif /* MBEDTLS_VERSION_C */
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 1f8a006..663b308 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -94,7 +94,7 @@
}
int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx,
- unsigned char *serial, size_t serial_len)
+ const unsigned char *serial, size_t serial_len)
{
if (serial_len > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) {
return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
diff --git a/programs/.gitignore b/programs/.gitignore
index 7eaf38d..004dcf2 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -8,11 +8,6 @@
hash/md5sum
hash/sha1sum
hash/sha2sum
-pkey/gen_key
-pkey/pk_sign
-pkey/pk_verify
-pkey/rsa_sign_pss
-pkey/rsa_verify_pss
ssl/dtls_client
ssl/dtls_server
ssl/mini_client
diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt
index 1e5b2a4..1aba21b 100644
--- a/programs/CMakeLists.txt
+++ b/programs/CMakeLists.txt
@@ -4,7 +4,7 @@
if (NOT WIN32)
add_subdirectory(fuzz)
endif()
-add_subdirectory(pkey)
+
add_subdirectory(ssl)
add_subdirectory(test)
add_subdirectory(util)
diff --git a/programs/Makefile b/programs/Makefile
index a043fe1..f99021a 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -36,11 +36,6 @@
## Note: Variables cannot be used to define an apps path. This cannot be
## substituted by the script generate_visualc_files.pl.
APPS = \
- pkey/gen_key \
- pkey/pk_sign \
- pkey/pk_verify \
- pkey/rsa_sign_pss \
- pkey/rsa_verify_pss \
../tf-psa-crypto/programs/psa/aead_demo \
../tf-psa-crypto/programs/psa/crypto_examples \
../tf-psa-crypto/programs/psa/hmac_demo \
@@ -136,26 +131,6 @@
echo " Gen $@"
$(PERL) ../scripts/generate_query_config.pl
-pkey/gen_key$(EXEXT): pkey/gen_key.c $(DEP)
- echo " CC pkey/gen_key.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/gen_key.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-pkey/pk_sign$(EXEXT): pkey/pk_sign.c $(DEP)
- echo " CC pkey/pk_sign.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-pkey/pk_verify$(EXEXT): pkey/pk_verify.c $(DEP)
- echo " CC pkey/pk_verify.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-pkey/rsa_sign_pss$(EXEXT): pkey/rsa_sign_pss.c $(DEP)
- echo " CC pkey/rsa_sign_pss.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-pkey/rsa_verify_pss$(EXEXT): pkey/rsa_verify_pss.c $(DEP)
- echo " CC pkey/rsa_verify_pss.c"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP)
echo " CC psa/aead_demo.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
diff --git a/programs/README.md b/programs/README.md
index 9239e8a..b9260bf 100644
--- a/programs/README.md
+++ b/programs/README.md
@@ -3,16 +3,6 @@
This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs.
-### Generic public-key cryptography (`pk`) examples
-
-* [`pkey/gen_key.c`](pkey/gen_key.c): generates a key for any of the supported public-key algorithms (RSA or ECC) and writes it to a file that can be used by the other pk sample programs.
-
-* [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): loads a PEM or DER private/public key file and uses the key to sign/verify a short string.
-
-### ECDSA and RSA signature examples
-
-* [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSASSA-PSS algorithm.
-
### SSL/TLS sample applications
* [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response.
diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt
deleted file mode 100644
index a2b1836..0000000
--- a/programs/pkey/CMakeLists.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-set(executables_mbedcrypto
- gen_key
- pk_sign
- pk_verify
- rsa_sign_pss
- rsa_verify_pss
-)
-add_dependencies(${programs_target} ${executables_mbedcrypto})
-
-foreach(exe IN LISTS executables_mbedcrypto)
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
- set_base_compile_options(${exe})
- target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
-endforeach()
-
-install(TARGETS ${executables_mbedcrypto}
- DESTINATION "bin"
- PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/pkey/dh_prime.txt b/programs/pkey/dh_prime.txt
deleted file mode 100644
index de0c281..0000000
--- a/programs/pkey/dh_prime.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-P = FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF
-G = 02
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
deleted file mode 100644
index ba35534..0000000
--- a/programs/pkey/gen_key.c
+++ /dev/null
@@ -1,478 +0,0 @@
-/*
- * Key generation application
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "tf-psa-crypto/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \
- !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
- !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_BIGNUM_C)
-int main(void)
-{
- mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
- "MBEDTLS_PEM_WRITE_C and/or MBEDTLS_BIGNUM_C "
- "not defined.\n");
- mbedtls_exit(0);
-}
-#else
-
-#include "mbedtls/pk.h"
-#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
-#include <mbedtls/private/pk_private.h>
-#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
-#include "mbedtls/ecdsa.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#if !defined(_WIN32)
-#include <unistd.h>
-
-#define DEV_RANDOM_THRESHOLD 32
-
-static int dev_random_entropy_poll(void *data, unsigned char *output,
- size_t len, size_t *olen)
-{
- FILE *file;
- size_t ret, left = len;
- unsigned char *p = output;
- ((void) data);
-
- *olen = 0;
-
- file = fopen("/dev/random", "rb");
- if (file == NULL) {
- return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
- }
-
- while (left > 0) {
- /* /dev/random can return much less than requested. If so, try again */
- ret = fread(p, 1, left, file);
- if (ret == 0 && ferror(file)) {
- fclose(file);
- return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
- }
-
- p += ret;
- left -= ret;
- sleep(1);
- }
- fclose(file);
- *olen = len;
-
- return 0;
-}
-#endif /* !_WIN32 */
-
-#if defined(MBEDTLS_ECP_C)
-#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id
-#else
-#define DFL_EC_CURVE 0
-#endif
-
-#if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
-#define USAGE_DEV_RANDOM \
- " use_dev_random=0|1 default: 0\n"
-#else
-#define USAGE_DEV_RANDOM ""
-#endif /* !_WIN32 && MBEDTLS_FS_IO */
-
-#define FORMAT_PEM 0
-#define FORMAT_DER 1
-
-#define DFL_TYPE MBEDTLS_PK_RSA
-#define DFL_RSA_KEYSIZE 4096
-#define DFL_FILENAME "keyfile.key"
-#define DFL_FORMAT FORMAT_PEM
-#define DFL_USE_DEV_RANDOM 0
-
-#define USAGE \
- "\n usage: gen_key param=<>...\n" \
- "\n acceptable parameters:\n" \
- " type=rsa|ec default: rsa\n" \
- " rsa_keysize=%%d default: 4096\n" \
- " ec_curve=%%s see below\n" \
- " filename=%%s default: keyfile.key\n" \
- " format=pem|der default: pem\n" \
- USAGE_DEV_RANDOM \
- "\n"
-
-
-/*
- * global options
- */
-struct options {
- int type; /* the type of key to generate */
- int rsa_keysize; /* length of key in bits */
- int ec_curve; /* curve identifier for EC keys */
- const char *filename; /* filename of the key file */
- int format; /* the output format to use */
- int use_dev_random; /* use /dev/random as entropy source */
-} opt;
-
-static int write_private_key(mbedtls_pk_context *key, const char *output_file)
-{
- int ret;
- FILE *f;
- unsigned char output_buf[16000];
- unsigned char *c = output_buf;
- size_t len = 0;
-
- memset(output_buf, 0, 16000);
- if (opt.format == FORMAT_PEM) {
- if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) {
- return ret;
- }
-
- len = strlen((char *) output_buf);
- } else {
- if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) {
- return ret;
- }
-
- len = ret;
- c = output_buf + sizeof(output_buf) - len;
- }
-
- if ((f = fopen(output_file, "wb")) == NULL) {
- return -1;
- }
-
- if (fwrite(c, 1, len, f) != len) {
- fclose(f);
- return -1;
- }
-
- fclose(f);
-
- return 0;
-}
-
-#if defined(MBEDTLS_ECP_C)
-static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private)
-{
- int ret = 0;
-
- const mbedtls_ecp_curve_info *curve_info =
- mbedtls_ecp_curve_info_from_grp_id(
- mbedtls_ecp_keypair_get_group_id(ecp));
- mbedtls_printf("curve: %s\n", curve_info->name);
-
- mbedtls_ecp_group grp;
- mbedtls_ecp_group_init(&grp);
- mbedtls_mpi D;
- mbedtls_mpi_init(&D);
- mbedtls_ecp_point pt;
- mbedtls_ecp_point_init(&pt);
- mbedtls_mpi X, Y;
- mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
-
- MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp,
- (has_private ? &D : NULL),
- &pt));
-
- unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN];
- size_t len = 0;
- MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary(
- &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED,
- &len, point_bin, sizeof(point_bin)));
- switch (mbedtls_ecp_get_type(&grp)) {
- case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:
- if ((len & 1) == 0 || point_bin[0] != 0x04) {
- /* Point in an unxepected format. This shouldn't happen. */
- ret = -1;
- goto cleanup;
- }
- MBEDTLS_MPI_CHK(
- mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2));
- MBEDTLS_MPI_CHK(
- mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2));
- mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
- mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL);
- break;
- case MBEDTLS_ECP_TYPE_MONTGOMERY:
- MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len));
- mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
- break;
- default:
- mbedtls_printf(
- "This program does not yet support listing coordinates for this curve type.\n");
- break;
- }
-
- if (has_private) {
- mbedtls_mpi_write_file("D: ", &D, 16, NULL);
- }
-
-cleanup:
- mbedtls_ecp_group_free(&grp);
- mbedtls_mpi_free(&D);
- mbedtls_ecp_point_free(&pt);
- mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
- return ret;
-}
-#endif
-
-int main(int argc, char *argv[])
-{
- int ret = 1;
- int exit_code = MBEDTLS_EXIT_FAILURE;
- mbedtls_pk_context key;
- char buf[1024];
- int i;
- char *p, *q;
-#if defined(MBEDTLS_RSA_C)
- mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
-#endif /* MBEDTLS_RSA_C */
- mbedtls_entropy_context entropy;
- mbedtls_ctr_drbg_context ctr_drbg;
- const char *pers = "gen_key";
-#if defined(MBEDTLS_ECP_C)
- const mbedtls_ecp_curve_info *curve_info;
-#endif
-
- /*
- * Set to sane values
- */
-#if defined(MBEDTLS_RSA_C)
- mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
- mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
- mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
-#endif /* MBEDTLS_RSA_C */
-
- mbedtls_entropy_init(&entropy);
- mbedtls_pk_init(&key);
- mbedtls_ctr_drbg_init(&ctr_drbg);
- memset(buf, 0, sizeof(buf));
-
- psa_status_t status = psa_crypto_init();
- if (status != PSA_SUCCESS) {
- mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
- (int) status);
- goto exit;
- }
-
- if (argc < 2) {
-usage:
- mbedtls_printf(USAGE);
-#if defined(MBEDTLS_ECP_C)
- mbedtls_printf(" available ec_curve values:\n");
- curve_info = mbedtls_ecp_curve_list();
- mbedtls_printf(" %s (default)\n", curve_info->name);
- while ((++curve_info)->name != NULL) {
- mbedtls_printf(" %s\n", curve_info->name);
- }
-#endif /* MBEDTLS_ECP_C */
- goto exit;
- }
-
- opt.type = DFL_TYPE;
- opt.rsa_keysize = DFL_RSA_KEYSIZE;
- opt.ec_curve = DFL_EC_CURVE;
- opt.filename = DFL_FILENAME;
- opt.format = DFL_FORMAT;
- opt.use_dev_random = DFL_USE_DEV_RANDOM;
-
- for (i = 1; i < argc; i++) {
- p = argv[i];
- if ((q = strchr(p, '=')) == NULL) {
- goto usage;
- }
- *q++ = '\0';
-
- if (strcmp(p, "type") == 0) {
- if (strcmp(q, "rsa") == 0) {
- opt.type = MBEDTLS_PK_RSA;
- } else if (strcmp(q, "ec") == 0) {
- opt.type = MBEDTLS_PK_ECKEY;
- } else {
- goto usage;
- }
- } else if (strcmp(p, "format") == 0) {
- if (strcmp(q, "pem") == 0) {
- opt.format = FORMAT_PEM;
- } else if (strcmp(q, "der") == 0) {
- opt.format = FORMAT_DER;
- } else {
- goto usage;
- }
- } else if (strcmp(p, "rsa_keysize") == 0) {
- opt.rsa_keysize = atoi(q);
- if (opt.rsa_keysize < 1024 ||
- opt.rsa_keysize > MBEDTLS_MPI_MAX_BITS) {
- goto usage;
- }
- }
-#if defined(MBEDTLS_ECP_C)
- else if (strcmp(p, "ec_curve") == 0) {
- if ((curve_info = mbedtls_ecp_curve_info_from_name(q)) == NULL) {
- goto usage;
- }
- opt.ec_curve = curve_info->grp_id;
- }
-#endif
- else if (strcmp(p, "filename") == 0) {
- opt.filename = q;
- } else if (strcmp(p, "use_dev_random") == 0) {
- opt.use_dev_random = atoi(q);
- if (opt.use_dev_random < 0 || opt.use_dev_random > 1) {
- goto usage;
- }
- } else {
- goto usage;
- }
- }
-
- mbedtls_printf("\n . Seeding the random number generator...");
- fflush(stdout);
-
-#if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
- if (opt.use_dev_random) {
- if ((ret = mbedtls_entropy_add_source(&entropy, dev_random_entropy_poll,
- NULL, DEV_RANDOM_THRESHOLD,
- MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) {
- mbedtls_printf(" failed\n ! mbedtls_entropy_add_source returned -0x%04x\n",
- (unsigned int) -ret);
- goto exit;
- }
-
- mbedtls_printf("\n Using /dev/random, so can take a long time! ");
- fflush(stdout);
- }
-#endif /* !_WIN32 && MBEDTLS_FS_IO */
-
- if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen(pers))) != 0) {
- mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
- (unsigned int) -ret);
- goto exit;
- }
-
- /*
- * 1.1. Generate the key
- */
- mbedtls_printf("\n . Generating the private key ...");
- fflush(stdout);
-
- if ((ret = mbedtls_pk_setup(&key,
- mbedtls_pk_info_from_type((mbedtls_pk_type_t) opt.type))) != 0) {
- mbedtls_printf(" failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret);
- goto exit;
- }
-
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
- if (opt.type == MBEDTLS_PK_RSA) {
- ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(key), mbedtls_ctr_drbg_random, &ctr_drbg,
- opt.rsa_keysize, 65537);
- if (ret != 0) {
- mbedtls_printf(" failed\n ! mbedtls_rsa_gen_key returned -0x%04x",
- (unsigned int) -ret);
- goto exit;
- }
- } else
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
- if (opt.type == MBEDTLS_PK_ECKEY) {
- ret = mbedtls_ecp_gen_key((mbedtls_ecp_group_id) opt.ec_curve,
- mbedtls_pk_ec(key),
- mbedtls_ctr_drbg_random, &ctr_drbg);
- if (ret != 0) {
- mbedtls_printf(" failed\n ! mbedtls_ecp_gen_key returned -0x%04x",
- (unsigned int) -ret);
- goto exit;
- }
- } else
-#endif /* MBEDTLS_ECP_C */
- {
- mbedtls_printf(" failed\n ! key type not supported\n");
- goto exit;
- }
-
- /*
- * 1.2 Print the key
- */
- mbedtls_printf(" ok\n . Key information:\n");
-
-#if defined(MBEDTLS_RSA_C)
- if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
- mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
-
- if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
- (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) {
- mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
- goto exit;
- }
-
- mbedtls_mpi_write_file("N: ", &N, 16, NULL);
- mbedtls_mpi_write_file("E: ", &E, 16, NULL);
- mbedtls_mpi_write_file("D: ", &D, 16, NULL);
- mbedtls_mpi_write_file("P: ", &P, 16, NULL);
- mbedtls_mpi_write_file("Q: ", &Q, 16, NULL);
- mbedtls_mpi_write_file("DP: ", &DP, 16, NULL);
- mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL);
- mbedtls_mpi_write_file("QP: ", &QP, 16, NULL);
- } else
-#endif
-#if defined(MBEDTLS_ECP_C)
- if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
- if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) {
- mbedtls_printf(" failed\n ! could not export ECC parameters\n\n");
- goto exit;
- }
- } else
-#endif
- mbedtls_printf(" ! key type not supported\n");
-
- /*
- * 1.3 Export key
- */
- mbedtls_printf(" . Writing key to file...");
-
- if ((ret = write_private_key(&key, opt.filename)) != 0) {
- mbedtls_printf(" failed\n");
- goto exit;
- }
-
- mbedtls_printf(" ok\n");
-
- exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-
- if (exit_code != MBEDTLS_EXIT_SUCCESS) {
-#ifdef MBEDTLS_ERROR_C
- mbedtls_printf("Error code: %d", ret);
- /* mbedtls_strerror(ret, buf, sizeof(buf));
- mbedtls_printf(" - %s\n", buf); */
-#else
- mbedtls_printf("\n");
-#endif
- }
-
-#if defined(MBEDTLS_RSA_C)
- mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
- mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
- mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
-#endif /* MBEDTLS_RSA_C */
-
- mbedtls_pk_free(&key);
- mbedtls_ctr_drbg_free(&ctr_drbg);
- mbedtls_entropy_free(&entropy);
- mbedtls_psa_crypto_free();
-
- mbedtls_exit(exit_code);
-}
-#endif /* program viability conditions */
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
deleted file mode 100644
index 4ddb473..0000000
--- a/programs/pkey/pk_sign.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- * Public key-based signature creation program
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "tf-psa-crypto/build_info.h"
-
-#include "mbedtls/platform.h"
-/* md.h is included this early since MD_CAN_XXX macros are defined there. */
-#include "mbedtls/md.h"
-
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
- !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \
- !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
- !defined(MBEDTLS_CTR_DRBG_C)
-int main(void)
-{
- mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
- "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_MD_C and/or "
- "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_CTR_DRBG_C not defined.\n");
- mbedtls_exit(0);
-}
-#else
-
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/pk.h"
-#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
-#include <mbedtls/private/pk_private.h>
-#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
-
-#include <stdio.h>
-#include <string.h>
-
-int main(int argc, char *argv[])
-{
- FILE *f;
- int ret = 1;
- int exit_code = MBEDTLS_EXIT_FAILURE;
- mbedtls_pk_context pk;
- mbedtls_entropy_context entropy;
- mbedtls_ctr_drbg_context ctr_drbg;
- unsigned char hash[32];
- unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
- char filename[512];
- const char *pers = "mbedtls_pk_sign";
- size_t olen = 0;
-
- mbedtls_entropy_init(&entropy);
- mbedtls_ctr_drbg_init(&ctr_drbg);
- mbedtls_pk_init(&pk);
-
- psa_status_t status = psa_crypto_init();
- if (status != PSA_SUCCESS) {
- mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
- (int) status);
- goto exit;
- }
-
- if (argc != 3) {
- mbedtls_printf("usage: mbedtls_pk_sign <key_file> <filename>\n");
-
-#if defined(_WIN32)
- mbedtls_printf("\n");
-#endif
-
- goto exit;
- }
-
- mbedtls_printf("\n . Seeding the random number generator...");
- fflush(stdout);
-
- if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen(pers))) != 0) {
- mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
- (unsigned int) -ret);
- goto exit;
- }
-
- mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
- fflush(stdout);
-
- if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
- mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]);
- goto exit;
- }
-
- /*
- * Compute the SHA-256 hash of the input file,
- * then calculate the signature of the hash.
- */
- mbedtls_printf("\n . Generating the SHA-256 signature");
- fflush(stdout);
-
- if ((ret = mbedtls_md_file(
- mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
- argv[2], hash)) != 0) {
- mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
- goto exit;
- }
-
- if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
- buf, sizeof(buf), &olen)) != 0) {
- mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret);
- goto exit;
- }
-
- /*
- * Write the signature into <filename>.sig
- */
- mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]);
-
- if ((f = fopen(filename, "wb+")) == NULL) {
- mbedtls_printf(" failed\n ! Could not create %s\n\n", filename);
- goto exit;
- }
-
- if (fwrite(buf, 1, olen, f) != olen) {
- mbedtls_printf("failed\n ! fwrite failed\n\n");
- fclose(f);
- goto exit;
- }
-
- fclose(f);
-
- mbedtls_printf("\n . Done (created \"%s\")\n\n", filename);
-
- exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
- mbedtls_pk_free(&pk);
- mbedtls_ctr_drbg_free(&ctr_drbg);
- mbedtls_entropy_free(&entropy);
- mbedtls_psa_crypto_free();
-
-#if defined(MBEDTLS_ERROR_C)
- if (exit_code != MBEDTLS_EXIT_SUCCESS) {
- mbedtls_printf("Error code: %d", ret);
- /* mbedtls_strerror(ret, (char *) buf, sizeof(buf));
- mbedtls_printf(" ! Last error was: %s\n", buf); */
- }
-#endif
-
- mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
- PSA_WANT_ALG_SHA_256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
- MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
deleted file mode 100644
index 27aff44..0000000
--- a/programs/pkey/pk_verify.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Public key-based signature verification program
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "tf-psa-crypto/build_info.h"
-
-#include "mbedtls/platform.h"
-/* md.h is included this early since MD_CAN_XXX macros are defined there. */
-#include "mbedtls/md.h"
-
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \
- !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_PK_PARSE_C) || \
- !defined(MBEDTLS_FS_IO)
-int main(void)
-{
- mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or "
- "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_PK_PARSE_C and/or "
- "MBEDTLS_FS_IO not defined.\n");
- mbedtls_exit(0);
-}
-#else
-
-#include "mbedtls/pk.h"
-#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
-#include <mbedtls/private/pk_private.h>
-#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
-
-#include <stdio.h>
-#include <string.h>
-
-
-int main(int argc, char *argv[])
-{
- FILE *f;
- int ret = 1;
- int exit_code = MBEDTLS_EXIT_FAILURE;
- size_t i;
- mbedtls_pk_context pk;
- unsigned char hash[32];
- unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
- char filename[512];
-
- mbedtls_pk_init(&pk);
-
- psa_status_t status = psa_crypto_init();
- if (status != PSA_SUCCESS) {
- mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
- (int) status);
- goto exit;
- }
-
- if (argc != 3) {
- mbedtls_printf("usage: mbedtls_pk_verify <key_file> <filename>\n");
-
-#if defined(_WIN32)
- mbedtls_printf("\n");
-#endif
-
- goto exit;
- }
-
- mbedtls_printf("\n . Reading public key from '%s'", argv[1]);
- fflush(stdout);
-
- if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
- mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
- (unsigned int) -ret);
- goto exit;
- }
-
- /*
- * Extract the signature from the file
- */
- mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]);
-
- if ((f = fopen(filename, "rb")) == NULL) {
- mbedtls_printf("\n ! Could not open %s\n\n", filename);
- goto exit;
- }
-
- i = fread(buf, 1, sizeof(buf), f);
-
- fclose(f);
-
- /*
- * Compute the SHA-256 hash of the input file and
- * verify the signature
- */
- mbedtls_printf("\n . Verifying the SHA-256 signature");
- fflush(stdout);
-
- if ((ret = mbedtls_md_file(
- mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
- argv[2], hash)) != 0) {
- mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
- goto exit;
- }
-
- if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0,
- buf, i)) != 0) {
- mbedtls_printf(" failed\n ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret);
- goto exit;
- }
-
- mbedtls_printf("\n . OK (the signature is valid)\n\n");
-
- exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
- mbedtls_pk_free(&pk);
- mbedtls_psa_crypto_free();
-
-#if defined(MBEDTLS_ERROR_C)
- if (exit_code != MBEDTLS_EXIT_SUCCESS) {
- mbedtls_printf("Error code: %d", ret);
- /* mbedtls_strerror(ret, (char *) buf, sizeof(buf));
- mbedtls_printf(" ! Last error was: %s\n", buf); */
- }
-#endif
-
- mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_BIGNUM_C && PSA_WANT_ALG_SHA_256 &&
- MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_priv.txt b/programs/pkey/rsa_priv.txt
deleted file mode 100644
index 254fcf8..0000000
--- a/programs/pkey/rsa_priv.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211
-E = 010001
-D = 589552BB4F2F023ADDDD5586D0C8FD857512D82080436678D07F984A29D892D31F1F7000FC5A39A0F73E27D885E47249A4148C8A5653EF69F91F8F736BA9F84841C2D99CD8C24DE8B72B5C9BE0EDBE23F93D731749FEA9CFB4A48DD2B7F35A2703E74AA2D4DB7DE9CEEA7D763AF0ADA7AC176C4E9A22C4CDA65CEC0C65964401
-P = CD083568D2D46C44C40C1FA0101AF2155E59C70B08423112AF0C1202514BBA5210765E29FF13036F56C7495894D80CF8C3BAEE2839BACBB0B86F6A2965F60DB1
-Q = CA0EEEA5E710E8E9811A6B846399420E3AE4A4C16647E426DDF8BBBCB11CD3F35CE2E4B6BCAD07AE2C0EC2ECBFCC601B207CDD77B5673E16382B1130BF465261
-DP = 0D0E21C07BF434B4A83B116472C2147A11D8EB98A33CFBBCF1D275EF19D815941622435AAF3839B6C432CA53CE9E772CFBE1923A937A766FD93E96E6EDEC1DF1
-DQ = 269CEBE6305DFEE4809377F078C814E37B45AE6677114DFC4F76F5097E1F3031D592567AC55B9B98213B40ECD54A4D2361F5FAACA1B1F51F71E4690893C4F081
-QP = 97AC5BB885ABCA314375E9E4DB1BA4B2218C90619F61BD474F5785075ECA81750A735199A8C191FE2D3355E7CF601A70E5CABDE0E02C2538BB9FB4871540B3C1
diff --git a/programs/pkey/rsa_pub.txt b/programs/pkey/rsa_pub.txt
deleted file mode 100644
index 1e7ae0c..0000000
--- a/programs/pkey/rsa_pub.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211
-E = 010001
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
deleted file mode 100644
index d94daf3..0000000
--- a/programs/pkey/rsa_sign_pss.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
- * RSASSA-PSS/SHA-256 signature creation program
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "tf-psa-crypto/build_info.h"
-
-#include "mbedtls/platform.h"
-/* md.h is included this early since MD_CAN_XXX macros are defined there. */
-#include "mbedtls/md.h"
-
-#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \
- !defined(MBEDTLS_RSA_C) || !defined(PSA_WANT_ALG_SHA_256) || \
- !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
- !defined(MBEDTLS_CTR_DRBG_C)
-int main(void)
-{
- mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
- "MBEDTLS_RSA_C and/or PSA_WANT_ALG_SHA_256 and/or "
- "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_CTR_DRBG_C not defined.\n");
- mbedtls_exit(0);
-}
-#else
-
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/pk.h"
-#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
-#include <mbedtls/private/pk_private.h>
-#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
-
-#include <stdio.h>
-#include <string.h>
-
-
-int main(int argc, char *argv[])
-{
- FILE *f;
- int ret = 1;
- int exit_code = MBEDTLS_EXIT_FAILURE;
- mbedtls_pk_context pk;
- mbedtls_entropy_context entropy;
- mbedtls_ctr_drbg_context ctr_drbg;
- unsigned char hash[32];
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
- char filename[512];
- const char *pers = "rsa_sign_pss";
- size_t olen = 0;
-
- mbedtls_entropy_init(&entropy);
- mbedtls_pk_init(&pk);
- mbedtls_ctr_drbg_init(&ctr_drbg);
-
- psa_status_t status = psa_crypto_init();
- if (status != PSA_SUCCESS) {
- mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
- (int) status);
- goto exit;
- }
-
- if (argc != 3) {
- mbedtls_printf("usage: rsa_sign_pss <key_file> <filename>\n");
-
-#if defined(_WIN32)
- mbedtls_printf("\n");
-#endif
-
- goto exit;
- }
-
- mbedtls_printf("\n . Seeding the random number generator...");
- fflush(stdout);
-
- if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
- (const unsigned char *) pers,
- strlen(pers))) != 0) {
- mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
- goto exit;
- }
-
- mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
- fflush(stdout);
-
- if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
- mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]);
- mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
- goto exit;
- }
-
- if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) {
- mbedtls_printf(" failed\n ! Key is not an RSA key\n");
- goto exit;
- }
-
- if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk),
- MBEDTLS_RSA_PKCS_V21,
- MBEDTLS_MD_SHA256)) != 0) {
- mbedtls_printf(" failed\n ! Padding not supported\n");
- goto exit;
- }
-
- /*
- * Compute the SHA-256 hash of the input file,
- * then calculate the RSA signature of the hash.
- */
- mbedtls_printf("\n . Generating the RSA/SHA-256 signature");
- fflush(stdout);
-
- if ((ret = mbedtls_md_file(
- mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
- argv[2], hash)) != 0) {
- mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
- goto exit;
- }
-
- if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
- buf, sizeof(buf), &olen)) != 0) {
- mbedtls_printf(" failed\n ! mbedtls_pk_sign returned %d\n\n", ret);
- goto exit;
- }
-
- /*
- * Write the signature into <filename>.sig
- */
- mbedtls_snprintf(filename, 512, "%s.sig", argv[2]);
-
- if ((f = fopen(filename, "wb+")) == NULL) {
- mbedtls_printf(" failed\n ! Could not create %s\n\n", filename);
- goto exit;
- }
-
- if (fwrite(buf, 1, olen, f) != olen) {
- mbedtls_printf("failed\n ! fwrite failed\n\n");
- fclose(f);
- goto exit;
- }
-
- fclose(f);
-
- mbedtls_printf("\n . Done (created \"%s\")\n\n", filename);
-
- exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
- mbedtls_pk_free(&pk);
- mbedtls_ctr_drbg_free(&ctr_drbg);
- mbedtls_entropy_free(&entropy);
- mbedtls_psa_crypto_free();
-
- mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
- PSA_WANT_ALG_SHA_256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
- MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
deleted file mode 100644
index 1504920..0000000
--- a/programs/pkey/rsa_verify_pss.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * RSASSA-PSS/SHA-256 signature verification program
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "tf-psa-crypto/build_info.h"
-
-#include "mbedtls/platform.h"
-/* md.h is included this early since MD_CAN_XXX macros are defined there. */
-#include "mbedtls/md.h"
-
-#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \
- !defined(MBEDTLS_RSA_C) || !defined(PSA_WANT_ALG_SHA_256) || \
- !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
- !defined(MBEDTLS_CTR_DRBG_C)
-int main(void)
-{
- mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
- "MBEDTLS_RSA_C and/or PSA_WANT_ALG_SHA_256 and/or "
- "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
- "MBEDTLS_CTR_DRBG_C not defined.\n");
- mbedtls_exit(0);
-}
-#else
-
-#include "mbedtls/md.h"
-#include "mbedtls/pem.h"
-#include "mbedtls/pk.h"
-#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
-#include <mbedtls/private/pk_private.h>
-#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
-
-#include <stdio.h>
-#include <string.h>
-
-
-int main(int argc, char *argv[])
-{
- FILE *f;
- int ret = 1;
- int exit_code = MBEDTLS_EXIT_FAILURE;
- size_t i;
- mbedtls_pk_context pk;
- unsigned char hash[32];
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
- char filename[512];
-
- mbedtls_pk_init(&pk);
-
- psa_status_t status = psa_crypto_init();
- if (status != PSA_SUCCESS) {
- mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
- (int) status);
- goto exit;
- }
-
- if (argc != 3) {
- mbedtls_printf("usage: rsa_verify_pss <key_file> <filename>\n");
-
-#if defined(_WIN32)
- mbedtls_printf("\n");
-#endif
-
- goto exit;
- }
-
- mbedtls_printf("\n . Reading public key from '%s'", argv[1]);
- fflush(stdout);
-
- if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
- mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]);
- mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
- goto exit;
- }
-
- if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) {
- mbedtls_printf(" failed\n ! Key is not an RSA key\n");
- goto exit;
- }
-
- if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk),
- MBEDTLS_RSA_PKCS_V21,
- MBEDTLS_MD_SHA256)) != 0) {
- mbedtls_printf(" failed\n ! Invalid padding\n");
- goto exit;
- }
-
- /*
- * Extract the RSA signature from the file
- */
- mbedtls_snprintf(filename, 512, "%s.sig", argv[2]);
-
- if ((f = fopen(filename, "rb")) == NULL) {
- mbedtls_printf("\n ! Could not open %s\n\n", filename);
- goto exit;
- }
-
- i = fread(buf, 1, MBEDTLS_MPI_MAX_SIZE, f);
-
- fclose(f);
-
- /*
- * Compute the SHA-256 hash of the input file and
- * verify the signature
- */
- mbedtls_printf("\n . Verifying the RSA/SHA-256 signature");
- fflush(stdout);
-
- if ((ret = mbedtls_md_file(
- mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
- argv[2], hash)) != 0) {
- mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
- goto exit;
- }
-
- if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0,
- buf, i)) != 0) {
- mbedtls_printf(" failed\n ! mbedtls_pk_verify returned %d\n\n", ret);
- goto exit;
- }
-
- mbedtls_printf("\n . OK (the signature is valid)\n\n");
-
- exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
- mbedtls_pk_free(&pk);
- mbedtls_psa_crypto_free();
-
- mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 &&
- MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/test/cmake_package/cmake_package.c b/programs/test/cmake_package/cmake_package.c
index f7d5230..cd050e9 100644
--- a/programs/test/cmake_package/cmake_package.c
+++ b/programs/test/cmake_package/cmake_package.c
@@ -18,10 +18,7 @@
* linkage works, but that is all. */
int main()
{
- /* This version string is 18 bytes long, as advised by version.h. */
- char version[18];
-
- mbedtls_version_get_string_full(version);
+ const char *version = mbedtls_version_get_string_full();
mbedtls_printf("Built against %s\n", version);
diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt
index 0d7dbe4..60a4481 100644
--- a/programs/test/cmake_package_install/CMakeLists.txt
+++ b/programs/test/cmake_package_install/CMakeLists.txt
@@ -37,5 +37,11 @@
#
add_executable(cmake_package_install cmake_package_install.c)
+
+string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}")
+if(CMAKE_COMPILER_IS_GNU)
+ target_compile_options(cmake_package_install PRIVATE -Wall -Werror)
+endif()
+
target_link_libraries(cmake_package_install
MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto)
diff --git a/programs/test/cmake_package_install/cmake_package_install.c b/programs/test/cmake_package_install/cmake_package_install.c
index fb68883..a63f7db 100644
--- a/programs/test/cmake_package_install/cmake_package_install.c
+++ b/programs/test/cmake_package_install/cmake_package_install.c
@@ -19,10 +19,7 @@
* linkage works, but that is all. */
int main()
{
- /* This version string is 18 bytes long, as advised by version.h. */
- char version[18];
-
- mbedtls_version_get_string_full(version);
+ const char *version = mbedtls_version_get_string_full();
mbedtls_printf("Built against %s\n", version);
diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c
index efab789..69b5d0b 100644
--- a/programs/test/cmake_subproject/cmake_subproject.c
+++ b/programs/test/cmake_subproject/cmake_subproject.c
@@ -19,10 +19,7 @@
* linkage works, but that is all. */
int main()
{
- /* This version string is 18 bytes long, as advised by version.h. */
- char version[18];
-
- mbedtls_version_get_string_full(version);
+ const char *version = mbedtls_version_get_string_full();
mbedtls_printf("Built against %s\n", version);
diff --git a/scripts/config.py b/scripts/config.py
index 750ff88..20555db 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -76,12 +76,10 @@
'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY
'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency
'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW
- 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256
'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options
'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options
'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS
'MBEDTLS_ECP_WITH_MPI_UINT', # disables the default ECP and is experimental
- 'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY
'MBEDTLS_HAVE_SSE2', # hardware dependency
'MBEDTLS_MEMORY_BACKTRACE', # depends on MEMORY_BUFFER_ALLOC_C
'MBEDTLS_MEMORY_BUFFER_ALLOC_C', # makes sanitizers (e.g. ASan) less effective
diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
index 635a705..9051f20 100644
--- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
+++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
@@ -73,12 +73,12 @@
psa_status_t psa_crypto_init(void)
{
- char mbedtls_version[18];
+ const char *mbedtls_version;
uint8_t *result = NULL;
size_t result_length;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- mbedtls_version_get_string_full(mbedtls_version);
+ mbedtls_version = mbedtls_version_get_string_full();
CLIENT_PRINT("%s", mbedtls_version);
CLIENT_PRINT("My PID: %d", getpid());
diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl
index 3eec226..0f4c86f 100755
--- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl
+++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl
@@ -390,12 +390,12 @@
psa_status_t psa_crypto_init(void)
{
- char mbedtls_version[18];
+ const char *mbedtls_version;
uint8_t *result = NULL;
size_t result_length;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- mbedtls_version_get_string_full(mbedtls_version);
+ mbedtls_version = mbedtls_version_get_string_full();
CLIENT_PRINT("%s", mbedtls_version);
CLIENT_PRINT("My PID: %d", getpid());
diff --git a/tests/psa-client-server/psasim/src/server.c b/tests/psa-client-server/psasim/src/server.c
index 44939f1..aa0c75a 100644
--- a/tests/psa-client-server/psasim/src/server.c
+++ b/tests/psa-client-server/psasim/src/server.c
@@ -56,8 +56,7 @@
extern psa_status_t psa_crypto_close(void);
#if defined(MBEDTLS_VERSION_C)
- char mbedtls_version[18];
- mbedtls_version_get_string_full(mbedtls_version);
+ const char *mbedtls_version = mbedtls_version_get_string_full();
SERVER_PRINT("%s", mbedtls_version);
#endif
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index f764741..17c235b 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -2353,40 +2353,53 @@
not grep aesce_decrypt_block ${BUILTIN_SRC_PATH}/aesce.o
}
-component_test_ctr_drbg_aes_256_sha_256 () {
- msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
+component_test_ctr_drbg_aes_256_sha_512 () {
+ msg "build: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512 (ASan build)"
scripts/config.py full
scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
- scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
- msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
+ msg "test: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512 (ASan build)"
+ make test
+}
+
+component_test_ctr_drbg_aes_256_sha_256 () {
+ msg "build: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)"
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256
+ CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+
+ msg "test: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)"
make test
}
component_test_ctr_drbg_aes_128_sha_512 () {
- msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
+ msg "build: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 (ASan build)"
scripts/config.py full
scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
- scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
- msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
+ msg "test: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 (ASan build)"
make test
}
component_test_ctr_drbg_aes_128_sha_256 () {
- msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
+ msg "build: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)"
scripts/config.py full
scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
- scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
- scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
- msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
+ msg "test: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)"
make test
}
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 513c641..ae88abf 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -316,11 +316,9 @@
'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED'],
'PSA_WANT_ALG_SHA_224': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
- 'MBEDTLS_ENTROPY_FORCE_SHA256',
'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY'],
'PSA_WANT_ALG_SHA_256': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
- 'MBEDTLS_ENTROPY_FORCE_SHA256',
'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY',
'MBEDTLS_LMS_C',
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d0278b1..140409c 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -484,7 +484,8 @@
*"programs/ssl/dtls_client "*|\
*"programs/ssl/ssl_client1 "*)
requires_config_enabled MBEDTLS_CTR_DRBG_C
- requires_config_enabled MBEDTLS_ENTROPY_C
+ requires_config_enabled MBEDTLS_PSA_CRYPTO_C
+ requires_config_disabled MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
requires_config_enabled MBEDTLS_PEM_PARSE_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_certificate_authentication
@@ -494,7 +495,8 @@
*"programs/ssl/ssl_pthread_server "*|\
*"programs/ssl/ssl_server "*)
requires_config_enabled MBEDTLS_CTR_DRBG_C
- requires_config_enabled MBEDTLS_ENTROPY_C
+ requires_config_enabled MBEDTLS_PSA_CRYPTO_C
+ requires_config_disabled MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
requires_config_enabled MBEDTLS_PEM_PARSE_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_certificate_authentication
diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function
index eeae512..af0eb86 100644
--- a/tests/suites/test_suite_version.function
+++ b/tests/suites/test_suite_version.function
@@ -38,19 +38,17 @@
void check_runtime_version(char *version_str)
{
char build_str[100];
- char get_str[100];
+ const char *get_str;
char build_str_full[100];
- char get_str_full[100];
+ const char *get_str_full;
unsigned int get_int;
memset(build_str, 0, 100);
- memset(get_str, 0, 100);
memset(build_str_full, 0, 100);
- memset(get_str_full, 0, 100);
get_int = mbedtls_version_get_number();
- mbedtls_version_get_string(get_str);
- mbedtls_version_get_string_full(get_str_full);
+ get_str = mbedtls_version_get_string();
+ get_str_full = mbedtls_version_get_string_full();
mbedtls_snprintf(build_str, 100, "%u.%u.%u",
(get_int >> 24) & 0xFF,
diff --git a/tf-psa-crypto b/tf-psa-crypto
index f0b51e3..3fd4e75 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit f0b51e354bb69071d3fab28650894287fac2348e
+Subproject commit 3fd4e754b283d7b766d8f3798fe07d42b3bcf961