Merge pull request #10183 from felixc-arm/fix-ssl-opt-error-codes
Change hardcoded error values in ssl-opt to take in the PSA error alias
diff --git a/ChangeLog.d/remove-compat-2.x.txt b/ChangeLog.d/remove-compat-2.x.txt
new file mode 100644
index 0000000..37f012c
--- /dev/null
+++ b/ChangeLog.d/remove-compat-2.x.txt
@@ -0,0 +1,2 @@
+Removals
+ * Remove compat-2-x.h header from mbedtls.
diff --git a/include/mbedtls/compat-2.x.h b/include/mbedtls/compat-2.x.h
deleted file mode 100644
index 096341b..0000000
--- a/include/mbedtls/compat-2.x.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * \file compat-2.x.h
- *
- * \brief Compatibility definitions
- *
- * \deprecated Use the new names directly instead
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "Including compat-2.x.h is deprecated"
-#endif
-
-#ifndef MBEDTLS_COMPAT2X_H
-#define MBEDTLS_COMPAT2X_H
-
-/*
- * Macros for renamed functions
- */
-#define mbedtls_ctr_drbg_update_ret mbedtls_ctr_drbg_update
-#define mbedtls_hmac_drbg_update_ret mbedtls_hmac_drbg_update
-#define mbedtls_md5_starts_ret mbedtls_md5_starts
-#define mbedtls_md5_update_ret mbedtls_md5_update
-#define mbedtls_md5_finish_ret mbedtls_md5_finish
-#define mbedtls_md5_ret mbedtls_md5
-#define mbedtls_ripemd160_starts_ret mbedtls_ripemd160_starts
-#define mbedtls_ripemd160_update_ret mbedtls_ripemd160_update
-#define mbedtls_ripemd160_finish_ret mbedtls_ripemd160_finish
-#define mbedtls_ripemd160_ret mbedtls_ripemd160
-#define mbedtls_sha1_starts_ret mbedtls_sha1_starts
-#define mbedtls_sha1_update_ret mbedtls_sha1_update
-#define mbedtls_sha1_finish_ret mbedtls_sha1_finish
-#define mbedtls_sha1_ret mbedtls_sha1
-#define mbedtls_sha256_starts_ret mbedtls_sha256_starts
-#define mbedtls_sha256_update_ret mbedtls_sha256_update
-#define mbedtls_sha256_finish_ret mbedtls_sha256_finish
-#define mbedtls_sha256_ret mbedtls_sha256
-#define mbedtls_sha512_starts_ret mbedtls_sha512_starts
-#define mbedtls_sha512_update_ret mbedtls_sha512_update
-#define mbedtls_sha512_finish_ret mbedtls_sha512_finish
-#define mbedtls_sha512_ret mbedtls_sha512
-
-#endif /* MBEDTLS_COMPAT2X_H */
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index e6f5dad..b6c4e0e 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -51,11 +51,6 @@
#endif /* MBEDTLS_X509_REMOVE_INFO */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
-#if defined(MBEDTLS_ECDH_C)
-#define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) \
- mbedtls_debug_printf_ecdh(ssl, level, __FILE__, __LINE__, ecdh, attr)
-#endif
-
#else /* MBEDTLS_DEBUG_C */
#define MBEDTLS_SSL_DEBUG_MSG(level, args) do { } while (0)
@@ -64,7 +59,6 @@
#define MBEDTLS_SSL_DEBUG_MPI(level, text, X) do { } while (0)
#define MBEDTLS_SSL_DEBUG_ECP(level, text, X) do { } while (0)
#define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) do { } while (0)
-#define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) do { } while (0)
#endif /* MBEDTLS_DEBUG_C */
diff --git a/library/debug.c b/library/debug.c
index a486353..71e0642 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -230,9 +230,9 @@
}
}
-void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const char *text, const mbedtls_pk_context *pk)
+static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, const mbedtls_pk_context *pk)
{
char str[DEBUG_BUF_SIZE];
const uint8_t *coord_start;
@@ -412,54 +412,4 @@
}
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_REMOVE_INFO */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \
- defined(MBEDTLS_ECDH_C)
-static void mbedtls_debug_printf_ecdh_internal(const mbedtls_ssl_context *ssl,
- int level, const char *file,
- int line,
- const mbedtls_ecdh_context *ecdh,
- mbedtls_debug_ecdh_attr attr)
-{
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- const mbedtls_ecdh_context *ctx = ecdh;
-#else
- const mbedtls_ecdh_context_mbed *ctx = &ecdh->ctx.mbed_ecdh;
-#endif
-
- switch (attr) {
- case MBEDTLS_DEBUG_ECDH_Q:
- mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Q",
- &ctx->Q);
- break;
- case MBEDTLS_DEBUG_ECDH_QP:
- mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Qp",
- &ctx->Qp);
- break;
- case MBEDTLS_DEBUG_ECDH_Z:
- mbedtls_debug_print_mpi(ssl, level, file, line, "ECDH: z",
- &ctx->z);
- break;
- default:
- break;
- }
-}
-
-void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const mbedtls_ecdh_context *ecdh,
- mbedtls_debug_ecdh_attr attr)
-{
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh, attr);
-#else
- switch (ecdh->var) {
- default:
- mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh,
- attr);
- }
-#endif
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED &&
- MBEDTLS_ECDH_C */
-
#endif /* MBEDTLS_DEBUG_C */
diff --git a/library/debug_internal.h b/library/debug_internal.h
index 4523b46..31dd08d 100644
--- a/library/debug_internal.h
+++ b/library/debug_internal.h
@@ -136,37 +136,4 @@
const char *text, const mbedtls_x509_crt *crt);
#endif
-/* Note: the MBEDTLS_ECDH_C guard here is mandatory because this debug function
- only works for the built-in implementation. */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \
- defined(MBEDTLS_ECDH_C)
-typedef enum {
- MBEDTLS_DEBUG_ECDH_Q,
- MBEDTLS_DEBUG_ECDH_QP,
- MBEDTLS_DEBUG_ECDH_Z,
-} mbedtls_debug_ecdh_attr;
-
-/**
- * \brief Print a field of the ECDH structure in the SSL context to the debug
- * output. This function is always used through the
- * MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file
- * and line number parameters.
- *
- * \param ssl SSL context
- * \param level error level of the debug message
- * \param file file the error has occurred in
- * \param line line number the error has occurred in
- * \param ecdh the ECDH context
- * \param attr the identifier of the attribute being output
- *
- * \attention This function is intended for INTERNAL usage within the
- * library only.
- */
-void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level,
- const char *file, int line,
- const mbedtls_ecdh_context *ecdh,
- mbedtls_debug_ecdh_attr attr);
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED &&
- MBEDTLS_ECDH_C */
-
#endif /* MBEDTLS_DEBUG_INTERNAL_H */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 3c9fb7e..42fa8d6 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1140,7 +1140,6 @@
typedef enum {
ASYNC_OP_SIGN,
- ASYNC_OP_DECRYPT,
} ssl_async_operation_type_t;
typedef struct {
@@ -1160,7 +1159,6 @@
static const char *const ssl_async_operation_names[] =
{
"sign",
- "decrypt",
};
static int ssl_async_start(mbedtls_ssl_context *ssl,
@@ -1261,11 +1259,6 @@
}
switch (ctx->operation_type) {
- case ASYNC_OP_DECRYPT:
- ret = mbedtls_pk_decrypt(key_slot->pk,
- ctx->input, ctx->input_len,
- output, output_len, output_size);
- break;
case ASYNC_OP_SIGN:
ret = mbedtls_pk_sign(key_slot->pk,
ctx->md_alg,
diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh
index 52ba8bf..6f311ac 100644
--- a/tests/scripts/components-compiler.sh
+++ b/tests/scripts/components-compiler.sh
@@ -93,10 +93,7 @@
scripts/config.py full
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS"
loc_cflags="${loc_cflags} -I../framework/tests/include -O2"
- # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed,
- # disable the new problematic optimization.
- loc_cflags="${loc_cflags} -fzero-init-padding-bits=unions"
- # Also allow a warning that we don't yet comply to.
+ # Allow a warning that we don't yet comply to.
# https://github.com/Mbed-TLS/mbedtls/issues/9944
loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization"
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index fae3657..7bcac86 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -679,6 +679,7 @@
TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
+ psa_interruptible_set_max_ops(max_ops);
mbedtls_ecp_set_max_ops(max_ops);
cnt_restart = 0;
diff --git a/tf-psa-crypto b/tf-psa-crypto
index dc6c602..35ae18c 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit dc6c60204bbf841f0b118840813e561a399e4d73
+Subproject commit 35ae18cf891d3675584da41f7e830f1de5f87f07