initial remove of MBEDTLS_USE_PSA_CRYPTO
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d5e7fdf..b76055e 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -9,9 +9,7 @@
#include "ssl_test_lib.h"
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "test/psa_crypto_helpers.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
int main(void)
@@ -145,7 +143,7 @@
#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#define USAGE_IO ""
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#define USAGE_KEY_OPAQUE \
" key_opaque=%%d Handle your private key as if it were opaque\n" \
" default: 0 (disabled)\n"
@@ -172,7 +170,6 @@
" psk=%%s default: \"\" (disabled)\n" \
" The PSK values are in hex, without 0x.\n" \
" psk_identity=%%s default: \"Client_identity\"\n"
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define USAGE_PSK_SLOT \
" psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
" Enable this to store the PSK configured through command line\n" \
@@ -185,7 +182,6 @@
" with prepopulated key slots instead of importing raw key material.\n"
#else
#define USAGE_PSK_SLOT ""
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
#else
#define USAGE_PSK ""
@@ -309,14 +305,9 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define USAGE_ECJPAKE \
" ecjpake_pw=%%s default: none (disabled)\n" \
" ecjpake_pw_opaque=%%d default: 0 (disabled)\n"
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-#define USAGE_ECJPAKE \
- " ecjpake_pw=%%s default: none (disabled)\n"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#define USAGE_ECJPAKE ""
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
@@ -488,9 +479,7 @@
const char *crt_file; /* the file with the client certificate */
const char *key_file; /* the file with the client key */
int key_opaque; /* handle private key as if it were opaque */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
int psk_opaque;
-#endif
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback; /* Use callback for trusted certificate list */
#endif
@@ -498,9 +487,7 @@
const char *psk; /* the pre-shared key */
const char *psk_identity; /* the pre-shared key identity */
const char *ecjpake_pw; /* the EC J-PAKE password */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */
-#endif
int ec_max_ops; /* EC consecutive operations limit */
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -824,16 +811,12 @@
const char *pers = "ssl_client2";
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = 0;
psa_key_attributes_t key_attributes;
#endif
psa_status_t status;
-#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
- psa_status_t status;
-#endif
rng_context_t rng;
mbedtls_ssl_context ssl;
@@ -850,9 +833,7 @@
mbedtls_x509_crt clicert;
mbedtls_pk_context pkey;
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
-#endif
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
char *p, *q;
const int *list;
@@ -877,10 +858,9 @@
MBEDTLS_TLS_SRTP_UNSET
};
#endif /* MBEDTLS_SSL_DTLS_SRTP */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
-#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
@@ -907,7 +887,6 @@
memset((void *) alpn_list, 0, sizeof(alpn_list));
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
@@ -915,7 +894,6 @@
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
mbedtls_test_enable_insecure_external_rng();
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
@@ -942,17 +920,13 @@
opt.key_opaque = DFL_KEY_OPAQUE;
opt.key_pwd = DFL_KEY_PWD;
opt.psk = DFL_PSK;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
opt.psk_opaque = DFL_PSK_OPAQUE;
-#endif
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
opt.ca_callback = DFL_CA_CALLBACK;
#endif
opt.psk_identity = DFL_PSK_IDENTITY;
opt.ecjpake_pw = DFL_ECJPAKE_PW;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE;
-#endif
opt.ec_max_ops = DFL_EC_MAX_OPS;
opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -1127,7 +1101,7 @@
} else if (strcmp(p, "key_pwd") == 0) {
opt.key_pwd = q;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
else if (strcmp(p, "key_opaque") == 0) {
opt.key_opaque = atoi(q);
}
@@ -1152,11 +1126,9 @@
else if (strcmp(p, "psk") == 0) {
opt.psk = q;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
else if (strcmp(p, "psk_opaque") == 0) {
opt.psk_opaque = atoi(q);
}
-#endif
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
else if (strcmp(p, "ca_callback") == 0) {
opt.ca_callback = atoi(q);
@@ -1167,11 +1139,9 @@
} else if (strcmp(p, "ecjpake_pw") == 0) {
opt.ecjpake_pw = q;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
opt.ecjpake_pw_opaque = atoi(q);
}
-#endif
else if (strcmp(p, "ec_max_ops") == 0) {
opt.ec_max_ops = atoi(q);
} else if (strcmp(p, "force_ciphersuite") == 0) {
@@ -1500,7 +1470,6 @@
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (opt.psk_opaque != 0) {
if (opt.psk == NULL) {
mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
@@ -1515,7 +1484,6 @@
goto usage;
}
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (opt.force_ciphersuite[0] > 0) {
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@@ -1550,7 +1518,6 @@
}
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
if (opt.psk_opaque != 0) {
/* Determine KDF algorithm the opaque PSK will be used in. */
@@ -1562,7 +1529,6 @@
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -1786,7 +1752,6 @@
goto exit;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (opt.key_opaque != 0) {
psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
psa_key_usage_t usage = 0;
@@ -1805,7 +1770,6 @@
}
}
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_printf(" ok (key type: %s)\n",
strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ?
@@ -2006,7 +1970,6 @@
#endif
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (opt.psk_opaque != 0) {
key_attributes = psa_key_attributes_init();
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
@@ -2027,7 +1990,6 @@
goto exit;
}
} else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (psk_len > 0) {
ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
(const unsigned char *) opt.psk_identity,
@@ -2098,7 +2060,6 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -2124,7 +2085,6 @@
}
mbedtls_printf("using opaque password\n");
} else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
(const unsigned char *) opt.ecjpake_pw,
@@ -3206,13 +3166,10 @@
mbedtls_x509_crt_free(&clicert);
mbedtls_x509_crt_free(&cacert);
mbedtls_pk_free(&pkey);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key(key_slot);
-#endif
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
- defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
if (opt.psk_opaque != 0) {
/* This is ok even if the slot hasn't been
* initialized (we might have jumed here
@@ -3229,11 +3186,9 @@
}
}
}
-#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
- MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/*
* In case opaque keys it's the user responsibility to keep the key valid
* for the duration of the handshake and destroy it at the end
@@ -3252,9 +3207,8 @@
psa_destroy_key(ecjpake_pw_slot);
}
}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
const char *message = mbedtls_test_helper_is_psa_leaking();
if (message) {
if (ret == 0) {
@@ -3262,14 +3216,11 @@
}
mbedtls_printf("PSA memory leak detected: %s\n", message);
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
/* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
* resources are freed by rng_free(). */
-#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \
!defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
mbedtls_psa_crypto_free();
-#endif
rng_free(&rng);