initial remove of MBEDTLS_USE_PSA_CRYPTO
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
index 440c024..1840570 100644
--- a/programs/fuzz/fuzz_client.c
+++ b/programs/fuzz/fuzz_client.c
@@ -78,12 +78,10 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
@@ -179,9 +177,7 @@
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c
index 7a1da13..ca7626d 100644
--- a/programs/fuzz/fuzz_dtlsclient.c
+++ b/programs/fuzz/fuzz_dtlsclient.c
@@ -61,12 +61,10 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
@@ -124,9 +122,7 @@
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index 98a7021..4f159fb 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -58,12 +58,10 @@
mbedtls_ssl_config_init(&conf);
mbedtls_ssl_cookie_init(&cookie_ctx);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
@@ -166,9 +164,7 @@
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 05b7480..40fd9ca 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -67,12 +67,10 @@
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
mbedtls_ssl_ticket_init(&ticket_ctx);
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
@@ -194,19 +192,17 @@
exit:
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
mbedtls_ssl_ticket_free(&ticket_ctx);
-#endif
+#endif /* (MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) */
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_x509_crt_free(&srvcert);
mbedtls_pk_free(&pkey);
-#endif
+#endif /* (MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) */
mbedtls_ssl_free(&ssl);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif
-#else
+#else /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
(void) Data;
(void) Size;
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c
index 92e0f5d..ae0f852 100644
--- a/programs/fuzz/fuzz_x509crl.c
+++ b/programs/fuzz/fuzz_x509crl.c
@@ -12,31 +12,27 @@
unsigned char buf[4096];
mbedtls_x509_crl_init(&crl);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
ret = mbedtls_x509_crl_parse(&crl, Data, Size);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if (ret == 0) {
ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl);
}
-#else
+#else /* MBEDTLS_X509_REMOVE_INFO */
((void) ret);
((void) buf);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
exit:
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_x509_crl_free(&crl);
-#else
+#else /* MBEDTLS_X509_CRL_PARSE_C */
(void) Data;
(void) Size;
-#endif
+#endif /* MBEDTLS_X509_CRL_PARSE_C */
return 0;
}
diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c
index c99ae2e..709fd20 100644
--- a/programs/fuzz/fuzz_x509crt.c
+++ b/programs/fuzz/fuzz_x509crt.c
@@ -12,12 +12,10 @@
unsigned char buf[4096];
mbedtls_x509_crt_init(&crt);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
ret = mbedtls_x509_crt_parse(&crt, Data, Size);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if (ret == 0) {
@@ -28,15 +26,13 @@
((void) buf);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
exit:
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_x509_crt_free(&crt);
-#else
+#else /* MBEDTLS_X509_CRT_PARSE_C */
(void) Data;
(void) Size;
-#endif
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
return 0;
}
diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c
index 4ab071f..1c26e6f 100644
--- a/programs/fuzz/fuzz_x509csr.c
+++ b/programs/fuzz/fuzz_x509csr.c
@@ -12,31 +12,27 @@
unsigned char buf[4096];
mbedtls_x509_csr_init(&csr);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
ret = mbedtls_x509_csr_parse(&csr, Data, Size);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if (ret == 0) {
ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr);
}
-#else
+#else /* !MBEDTLS_X509_REMOVE_INFO */
((void) ret);
((void) buf);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
exit:
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_x509_csr_free(&csr);
-#else
+#else /* MBEDTLS_X509_CSR_PARSE_C */
(void) Data;
(void) Size;
-#endif
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
return 0;
}
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 94604ce..ba35534 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -257,14 +257,12 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc < 2) {
usage:
@@ -473,9 +471,7 @@
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 551173e..4ddb473 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -55,14 +55,12 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_pk_init(&pk);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc != 3) {
mbedtls_printf("usage: mbedtls_pk_sign <key_file> <filename>\n");
@@ -139,9 +137,7 @@
mbedtls_pk_free(&pk);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ERROR_C)
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index 507812e..27aff44 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -47,14 +47,12 @@
mbedtls_pk_init(&pk);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc != 3) {
mbedtls_printf("usage: mbedtls_pk_verify <key_file> <filename>\n");
@@ -115,9 +113,7 @@
exit:
mbedtls_pk_free(&pk);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ERROR_C)
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 8f605b5..d94daf3 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -57,14 +57,12 @@
mbedtls_pk_init(&pk);
mbedtls_ctr_drbg_init(&ctr_drbg);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc != 3) {
mbedtls_printf("usage: rsa_sign_pss <key_file> <filename>\n");
@@ -153,9 +151,7 @@
mbedtls_pk_free(&pk);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 97f9d18..1504920 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -51,14 +51,12 @@
mbedtls_pk_init(&pk);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc != 3) {
mbedtls_printf("usage: rsa_verify_pss <key_file> <filename>\n");
@@ -131,9 +129,7 @@
exit:
mbedtls_pk_free(&pk);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d5e7fdf..b76055e 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -9,9 +9,7 @@
#include "ssl_test_lib.h"
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "test/psa_crypto_helpers.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
int main(void)
@@ -145,7 +143,7 @@
#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#define USAGE_IO ""
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#define USAGE_KEY_OPAQUE \
" key_opaque=%%d Handle your private key as if it were opaque\n" \
" default: 0 (disabled)\n"
@@ -172,7 +170,6 @@
" psk=%%s default: \"\" (disabled)\n" \
" The PSK values are in hex, without 0x.\n" \
" psk_identity=%%s default: \"Client_identity\"\n"
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define USAGE_PSK_SLOT \
" psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
" Enable this to store the PSK configured through command line\n" \
@@ -185,7 +182,6 @@
" with prepopulated key slots instead of importing raw key material.\n"
#else
#define USAGE_PSK_SLOT ""
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
#else
#define USAGE_PSK ""
@@ -309,14 +305,9 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define USAGE_ECJPAKE \
" ecjpake_pw=%%s default: none (disabled)\n" \
" ecjpake_pw_opaque=%%d default: 0 (disabled)\n"
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-#define USAGE_ECJPAKE \
- " ecjpake_pw=%%s default: none (disabled)\n"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#define USAGE_ECJPAKE ""
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
@@ -488,9 +479,7 @@
const char *crt_file; /* the file with the client certificate */
const char *key_file; /* the file with the client key */
int key_opaque; /* handle private key as if it were opaque */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
int psk_opaque;
-#endif
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback; /* Use callback for trusted certificate list */
#endif
@@ -498,9 +487,7 @@
const char *psk; /* the pre-shared key */
const char *psk_identity; /* the pre-shared key identity */
const char *ecjpake_pw; /* the EC J-PAKE password */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */
-#endif
int ec_max_ops; /* EC consecutive operations limit */
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -824,16 +811,12 @@
const char *pers = "ssl_client2";
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT;
psa_algorithm_t alg = 0;
psa_key_attributes_t key_attributes;
#endif
psa_status_t status;
-#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
- psa_status_t status;
-#endif
rng_context_t rng;
mbedtls_ssl_context ssl;
@@ -850,9 +833,7 @@
mbedtls_x509_crt clicert;
mbedtls_pk_context pkey;
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
-#endif
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
char *p, *q;
const int *list;
@@ -877,10 +858,9 @@
MBEDTLS_TLS_SRTP_UNSET
};
#endif /* MBEDTLS_SSL_DTLS_SRTP */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
-#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
@@ -907,7 +887,6 @@
memset((void *) alpn_list, 0, sizeof(alpn_list));
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
@@ -915,7 +894,6 @@
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
mbedtls_test_enable_insecure_external_rng();
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
@@ -942,17 +920,13 @@
opt.key_opaque = DFL_KEY_OPAQUE;
opt.key_pwd = DFL_KEY_PWD;
opt.psk = DFL_PSK;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
opt.psk_opaque = DFL_PSK_OPAQUE;
-#endif
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
opt.ca_callback = DFL_CA_CALLBACK;
#endif
opt.psk_identity = DFL_PSK_IDENTITY;
opt.ecjpake_pw = DFL_ECJPAKE_PW;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE;
-#endif
opt.ec_max_ops = DFL_EC_MAX_OPS;
opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -1127,7 +1101,7 @@
} else if (strcmp(p, "key_pwd") == 0) {
opt.key_pwd = q;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
else if (strcmp(p, "key_opaque") == 0) {
opt.key_opaque = atoi(q);
}
@@ -1152,11 +1126,9 @@
else if (strcmp(p, "psk") == 0) {
opt.psk = q;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
else if (strcmp(p, "psk_opaque") == 0) {
opt.psk_opaque = atoi(q);
}
-#endif
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
else if (strcmp(p, "ca_callback") == 0) {
opt.ca_callback = atoi(q);
@@ -1167,11 +1139,9 @@
} else if (strcmp(p, "ecjpake_pw") == 0) {
opt.ecjpake_pw = q;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
opt.ecjpake_pw_opaque = atoi(q);
}
-#endif
else if (strcmp(p, "ec_max_ops") == 0) {
opt.ec_max_ops = atoi(q);
} else if (strcmp(p, "force_ciphersuite") == 0) {
@@ -1500,7 +1470,6 @@
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (opt.psk_opaque != 0) {
if (opt.psk == NULL) {
mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
@@ -1515,7 +1484,6 @@
goto usage;
}
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (opt.force_ciphersuite[0] > 0) {
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@@ -1550,7 +1518,6 @@
}
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
if (opt.psk_opaque != 0) {
/* Determine KDF algorithm the opaque PSK will be used in. */
@@ -1562,7 +1529,6 @@
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -1786,7 +1752,6 @@
goto exit;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (opt.key_opaque != 0) {
psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
psa_key_usage_t usage = 0;
@@ -1805,7 +1770,6 @@
}
}
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_printf(" ok (key type: %s)\n",
strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ?
@@ -2006,7 +1970,6 @@
#endif
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (opt.psk_opaque != 0) {
key_attributes = psa_key_attributes_init();
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
@@ -2027,7 +1990,6 @@
goto exit;
}
} else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (psk_len > 0) {
ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
(const unsigned char *) opt.psk_identity,
@@ -2098,7 +2060,6 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -2124,7 +2085,6 @@
}
mbedtls_printf("using opaque password\n");
} else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
(const unsigned char *) opt.ecjpake_pw,
@@ -3206,13 +3166,10 @@
mbedtls_x509_crt_free(&clicert);
mbedtls_x509_crt_free(&cacert);
mbedtls_pk_free(&pkey);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key(key_slot);
-#endif
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
- defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
if (opt.psk_opaque != 0) {
/* This is ok even if the slot hasn't been
* initialized (we might have jumed here
@@ -3229,11 +3186,9 @@
}
}
}
-#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
- MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/*
* In case opaque keys it's the user responsibility to keep the key valid
* for the duration of the handshake and destroy it at the end
@@ -3252,9 +3207,8 @@
psa_destroy_key(ecjpake_pw_slot);
}
}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
const char *message = mbedtls_test_helper_is_psa_leaking();
if (message) {
if (ret == 0) {
@@ -3262,14 +3216,11 @@
}
mbedtls_printf("PSA memory leak detected: %s\n", message);
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
/* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
* resources are freed by rng_free(). */
-#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \
!defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
mbedtls_psa_crypto_free();
-#endif
rng_free(&rng);
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 639fe56..cb933e7 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -53,9 +53,7 @@
#include <windows.h>
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "test/psa_crypto_helpers.h"
-#endif
#include "mbedtls/pk.h"
#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
@@ -205,7 +203,7 @@
#else
#define USAGE_IO ""
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
#define USAGE_KEY_OPAQUE \
" key_opaque=%%d Handle your private keys as if they were opaque\n" \
" default: 0 (disabled)\n"
@@ -248,7 +246,6 @@
" The PSK values are in hex, without 0x.\n" \
" id1,psk1[,id2,psk2[,...]]\n" \
" psk_identity=%%s default: \"Client_identity\"\n"
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define USAGE_PSK_SLOT \
" psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
" Enable this to store the PSK configured through command line\n" \
@@ -270,7 +267,6 @@
" with prepopulated key slots instead of importing raw key material.\n"
#else
#define USAGE_PSK_SLOT ""
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
#else
#define USAGE_PSK ""
@@ -419,14 +415,9 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define USAGE_ECJPAKE \
" ecjpake_pw=%%s default: none (disabled)\n" \
" ecjpake_pw_opaque=%%d default: 0 (disabled)\n"
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-#define USAGE_ECJPAKE \
- " ecjpake_pw=%%s default: none (disabled)\n"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#define USAGE_ECJPAKE ""
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
@@ -641,10 +632,8 @@
int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */
int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */
int async_private_error; /* inject error in async private callback */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
int psk_opaque;
int psk_list_opaque;
-#endif
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback; /* Use callback for trusted certificate list */
#endif
@@ -652,9 +641,7 @@
const char *psk_identity; /* the pre-shared key identity */
char *psk_list; /* list of PSK id/key pairs for callback */
const char *ecjpake_pw; /* the EC J-PAKE password */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */
-#endif
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */
@@ -962,9 +949,7 @@
const char *name;
size_t key_len;
unsigned char key[MBEDTLS_PSK_MAX_LEN];
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t slot;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
psk_entry *next;
};
@@ -976,7 +961,6 @@
psk_entry *next;
while (head != NULL) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
mbedtls_svc_key_id_t const slot = head->slot;
@@ -986,7 +970,6 @@
return status;
}
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
next = head->next;
mbedtls_free(head);
@@ -1052,11 +1035,9 @@
while (cur != NULL) {
if (name_len == strlen(cur->name) &&
memcmp(name, cur->name, name_len) == 0) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) {
return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot);
} else
-#endif
return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len);
}
@@ -1302,7 +1283,6 @@
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot,
psa_algorithm_t alg,
@@ -1326,7 +1306,6 @@
return PSA_SUCCESS;
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
static int report_cid_usage(mbedtls_ssl_context *ssl,
@@ -1543,10 +1522,8 @@
io_ctx_t io_ctx;
unsigned char *buf = 0;
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t alg = 0;
mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
size_t psk_len = 0;
psk_entry *psk_info = NULL;
@@ -1574,10 +1551,8 @@
mbedtls_x509_crt srvcert2;
mbedtls_pk_context pkey2;
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
-#endif
int key_cert_init = 0, key_cert_init2 = 0;
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@@ -1609,10 +1584,9 @@
unsigned char *context_buf = NULL;
size_t context_buf_len = 0;
#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
-#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
@@ -1621,9 +1595,7 @@
int i;
char *p, *q;
const int *list;
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
psa_status_t status;
-#endif
unsigned char eap_tls_keymaterial[16];
unsigned char eap_tls_iv[8];
const char *eap_tls_label = "client EAP encryption";
@@ -1684,7 +1656,6 @@
mbedtls_ssl_cookie_init(&cookie_ctx);
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
@@ -1692,7 +1663,6 @@
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
mbedtls_test_enable_insecure_external_rng();
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
@@ -1731,19 +1701,15 @@
opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2;
opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR;
opt.psk = DFL_PSK;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
opt.psk_opaque = DFL_PSK_OPAQUE;
opt.psk_list_opaque = DFL_PSK_LIST_OPAQUE;
-#endif
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
opt.ca_callback = DFL_CA_CALLBACK;
#endif
opt.psk_identity = DFL_PSK_IDENTITY;
opt.psk_list = DFL_PSK_LIST;
opt.ecjpake_pw = DFL_ECJPAKE_PW;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE;
-#endif
opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES;
@@ -1924,7 +1890,7 @@
} else if (strcmp(p, "key_pwd") == 0) {
opt.key_pwd = q;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
else if (strcmp(p, "key_opaque") == 0) {
opt.key_opaque = atoi(q);
}
@@ -1973,13 +1939,11 @@
else if (strcmp(p, "psk") == 0) {
opt.psk = q;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
else if (strcmp(p, "psk_opaque") == 0) {
opt.psk_opaque = atoi(q);
} else if (strcmp(p, "psk_list_opaque") == 0) {
opt.psk_list_opaque = atoi(q);
}
-#endif
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
else if (strcmp(p, "ca_callback") == 0) {
opt.ca_callback = atoi(q);
@@ -1992,11 +1956,9 @@
} else if (strcmp(p, "ecjpake_pw") == 0) {
opt.ecjpake_pw = q;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
opt.ecjpake_pw_opaque = atoi(q);
}
-#endif
else if (strcmp(p, "force_ciphersuite") == 0) {
opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
@@ -2367,7 +2329,6 @@
goto exit;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (opt.psk_opaque != 0) {
if (strlen(opt.psk) == 0) {
mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
@@ -2397,7 +2358,6 @@
goto usage;
}
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (opt.force_ciphersuite[0] > 0) {
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@@ -2427,7 +2387,6 @@
opt.min_version = ciphersuite_info->min_tls_version;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) {
/* Determine KDF algorithm the opaque PSK will be used in. */
@@ -2439,7 +2398,6 @@
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -2732,7 +2690,6 @@
#endif /* PSA_HAVE_ALG_SOME_ECDSA && PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (opt.key_opaque != 0) {
psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
psa_key_usage_t psa_usage = 0;
@@ -2768,7 +2725,6 @@
}
}
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_printf(" ok (key types: %s, %s)\n",
key_cert_init ? mbedtls_pk_get_name(&pkey) : "none",
@@ -3182,7 +3138,6 @@
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
if (strlen(opt.psk) != 0 && strlen(opt.psk_identity) != 0) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (opt.psk_opaque != 0) {
/* The algorithm has already been determined earlier. */
status = psa_setup_psk_key_slot(&psk_slot, alg, psk, psk_len);
@@ -3199,7 +3154,6 @@
goto exit;
}
} else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (psk_len > 0) {
ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
(const unsigned char *) opt.psk_identity,
@@ -3213,7 +3167,6 @@
}
if (opt.psk_list != NULL) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (opt.psk_list_opaque != 0) {
psk_entry *cur_psk;
for (cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next) {
@@ -3227,7 +3180,6 @@
}
}
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_ssl_conf_psk_cb(&conf, psk_callback, psk_info);
}
@@ -3384,7 +3336,6 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -3410,7 +3361,6 @@
}
mbedtls_printf("using opaque password\n");
} else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
(const unsigned char *) opt.ecjpake_pw,
@@ -4253,11 +4203,9 @@
mbedtls_pk_free(&pkey);
mbedtls_x509_crt_free(&srvcert2);
mbedtls_pk_free(&pkey2);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key(key_slot);
psa_destroy_key(key_slot2);
#endif
-#endif
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) {
@@ -4269,8 +4217,7 @@
}
#endif
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
- defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
if (opt.psk_opaque != 0) {
/* This is ok even if the slot hasn't been
* initialized (we might have jumed here
@@ -4284,11 +4231,9 @@
(int) status);
}
}
-#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
- MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
- defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/*
* In case opaque keys it's the user responsibility to keep the key valid
* for the duration of the handshake and destroy it at the end
@@ -4307,9 +4252,8 @@
psa_destroy_key(ecjpake_pw_slot);
}
}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
const char *message = mbedtls_test_helper_is_psa_leaking();
if (message) {
if (ret == 0) {
@@ -4317,12 +4261,10 @@
}
mbedtls_printf("PSA memory leak detected: %s\n", message);
}
-#endif
/* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
* resources are freed by rng_free(). */
-#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) \
- && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
mbedtls_psa_crypto_free();
#endif
diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c
index f9a6402..ad3feb6 100644
--- a/programs/ssl/ssl_test_lib.c
+++ b/programs/ssl/ssl_test_lib.c
@@ -83,13 +83,11 @@
int rng_seed(rng_context_t *rng, int reproducible, const char *pers)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (reproducible) {
mbedtls_fprintf(stderr,
- "MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n");
+ "reproducible mode is not supported.\n");
return -1;
}
-#endif
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
/* The PSA crypto RNG does its own seeding. */
(void) rng;
@@ -217,7 +215,6 @@
return 0;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
psa_algorithm_t *psa_alg1,
psa_algorithm_t *psa_alg2,
@@ -301,7 +298,6 @@
return 0;
}
#endif /* MBEDTLS_PK_C */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback(void *data, mbedtls_x509_crt const *child,
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index c001a2a..ea5dbec 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -14,9 +14,8 @@
#include "mbedtls/md.h"
#undef HAVE_RNG
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \
- (defined(MBEDTLS_USE_PSA_CRYPTO) || \
- defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG))
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) || \
+ defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
#define HAVE_RNG
#elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
#define HAVE_RNG
@@ -55,10 +54,8 @@
#include "mbedtls/base64.h"
#include "test/certs.h"
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
-#endif
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
#include "mbedtls/memory_buffer_alloc.h"
@@ -108,7 +105,7 @@
mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
/* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use
* mbedtls_psa_get_random() rather than entropy+DRBG as a random generator.
*
@@ -121,14 +118,6 @@
* where the test programs use the PSA RNG while the PSA RNG is itself based
* on entropy+DRBG, and at least one configuration where the test programs
* do not use the PSA RNG even though it's there.
- *
- * A simple choice that meets the constraints is to use the PSA RNG whenever
- * MBEDTLS_USE_PSA_CRYPTO is enabled. There's no real technical reason the
- * choice to use the PSA RNG in the test programs and the choice to use
- * PSA crypto when TLS code needs crypto have to be tied together, but it
- * happens to be a good match. It's also a good match from an application
- * perspective: either PSA is preferred for TLS (both for crypto and for
- * random generation) or it isn't.
*/
#define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG
#endif
@@ -213,7 +202,6 @@
*/
int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
/** Parse given opaque key algorithms to obtain psa algs and usage
* that will be passed to mbedtls_pk_wrap_as_opaque().
*
@@ -259,9 +247,8 @@
int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2,
psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id);
#endif /* MBEDTLS_PK_C */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
/* The test implementation of the PSA external RNG is insecure. When
* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto
* function that makes use of an RNG, you must call
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index d9d5bb6..c747505 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -152,14 +152,12 @@
memset(&cacrl, 0, sizeof(mbedtls_x509_crl));
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc < 2) {
usage:
@@ -446,9 +444,7 @@
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index e59772f..02fd567 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -162,14 +162,12 @@
memset(buf, 0, sizeof(buf));
mbedtls_entropy_init(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc < 2) {
usage:
@@ -502,9 +500,7 @@
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
cur = opt.san_list;
while (cur != NULL) {
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 3cabff4..fb55c3f 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -326,14 +326,12 @@
memset(buf, 0, sizeof(buf));
memset(serial, 0, sizeof(serial));
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc < 2) {
usage:
@@ -1026,9 +1024,7 @@
mbedtls_pk_free(&loaded_issuer_key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index fee8b69..bb518ad 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -60,14 +60,12 @@
*/
mbedtls_x509_crl_init(&crl);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc < 2) {
usage:
@@ -124,9 +122,7 @@
exit:
mbedtls_x509_crl_free(&crl);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c
index 2ae7c9b..34d3508 100644
--- a/programs/x509/load_roots.c
+++ b/programs/x509/load_roots.c
@@ -86,14 +86,12 @@
struct mbedtls_timing_hr_time timer;
unsigned long ms;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc <= 1) {
mbedtls_printf(USAGE);
@@ -159,9 +157,7 @@
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
#endif /* necessary configuration */
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 2929d68..b960818 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -60,14 +60,12 @@
*/
mbedtls_x509_csr_init(&csr);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto exit;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc < 2) {
usage:
@@ -124,9 +122,7 @@
exit:
mbedtls_x509_csr_free(&csr);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index 5bfdeda..d019c50 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -31,11 +31,9 @@
#include "mbedtls/ssl_cache.h"
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
psa_generic_status_to_mbedtls)
-#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(PSA_WANT_KEY_TYPE_AES)
@@ -751,18 +749,11 @@
#define ECJPAKE_TEST_PWD "bla"
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \
ret = (use_opaque_arg) ? \
mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl, pwd_slot) : \
mbedtls_ssl_set_hs_ecjpake_password(&ssl, pwd_string, pwd_len); \
TEST_EQUAL(ret, exp_ret_val)
-#else
-#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val) \
- ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl, \
- pwd_string, pwd_len); \
- TEST_EQUAL(ret, exp_ret_val)
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#define TEST_AVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_) \
TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_), \
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 1eca6e4..83dac17 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -644,11 +644,9 @@
ep->cert = NULL;
}
if (ep->pkey != NULL) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (mbedtls_pk_get_type(ep->pkey) == MBEDTLS_PK_OPAQUE) {
psa_destroy_key(ep->pkey->priv_id);
}
-#endif
mbedtls_pk_free(ep->pkey);
mbedtls_free(ep->pkey);
ep->pkey = NULL;
@@ -725,9 +723,7 @@
int i = 0;
int ret = -1;
int ok = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT;
-#endif
if (ep == NULL) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -759,7 +755,6 @@
TEST_EQUAL(load_endpoint_ecc(ep), 0);
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (opaque_alg != 0) {
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
/* Use a fake key usage to get a successful initial guess for the PSA attributes. */
@@ -776,11 +771,6 @@
mbedtls_pk_init(ep->pkey);
TEST_EQUAL(mbedtls_pk_wrap_psa(ep->pkey, key_slot), 0);
}
-#else
- (void) opaque_alg;
- (void) opaque_alg2;
- (void) opaque_usage;
-#endif
mbedtls_ssl_conf_ca_chain(&(ep->conf), ep->ca_chain, NULL);
@@ -1212,7 +1202,6 @@
unsigned char *output,
size_t *olen)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
size_t part_len;
@@ -1246,10 +1235,6 @@
*olen += part_len;
return 0;
-#else
- return mbedtls_cipher_crypt(&transform->cipher_ctx_enc,
- iv, iv_len, input, ilen, output, olen);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && PSA_WANT_ALG_CBC_NO_PADDING &&
PSA_WANT_KEY_TYPE_AES */
@@ -1383,14 +1368,10 @@
size_t key_bits = 0;
int ret = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t key_type;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-#else
- mbedtls_cipher_info_t const *cipher_info;
-#endif
size_t keylen, maclen, ivlen = 0;
unsigned char *key0 = NULL, *key1 = NULL;
@@ -1422,58 +1403,10 @@
memset(key0, 0x1, keylen);
memset(key1, 0x2, keylen);
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- /* Pick cipher */
- cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type);
- CHK(cipher_info != NULL);
- CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16);
- CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0);
-
- /* Setup cipher contexts */
- CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0);
- CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0);
- CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0);
- CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0);
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
- if (cipher_mode == MBEDTLS_MODE_CBC) {
- CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc,
- MBEDTLS_PADDING_NONE) == 0);
- CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec,
- MBEDTLS_PADDING_NONE) == 0);
- CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc,
- MBEDTLS_PADDING_NONE) == 0);
- CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec,
- MBEDTLS_PADDING_NONE) == 0);
- }
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
- CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0,
- (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
- MBEDTLS_ENCRYPT)
- == 0);
- CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1,
- (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
- MBEDTLS_DECRYPT)
- == 0);
- CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1,
- (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
- MBEDTLS_ENCRYPT)
- == 0);
- CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0,
- (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
- MBEDTLS_DECRYPT)
- == 0);
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
-
/* Setup MAC contexts */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
if (cipher_mode == MBEDTLS_MODE_CBC ||
cipher_mode == MBEDTLS_MODE_STREAM) {
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id);
- CHK(md_info != NULL);
-#endif
maclen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) hash_id);
CHK(maclen != 0);
/* Pick hash keys */
@@ -1482,7 +1415,6 @@
memset(md0, 0x5, maclen);
memset(md1, 0x6, maclen);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
alg = mbedtls_md_psa_alg_from_type(hash_id);
CHK(alg != 0);
@@ -1523,21 +1455,6 @@
CHK(psa_import_key(&attributes,
md0, maclen,
&t_out->psa_mac_dec) == PSA_SUCCESS);
-#else
- CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0);
- CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0);
- CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0);
- CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0);
-
- CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc,
- md0, maclen) == 0);
- CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec,
- md1, maclen) == 0);
- CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc,
- md1, maclen) == 0);
- CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec,
- md0, maclen) == 0);
-#endif
}
#else
((void) hash_id);
@@ -1657,7 +1574,6 @@
t_out->out_cid_len = (uint8_t) cid0_len;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = mbedtls_ssl_cipher_to_psa(cipher_type,
t_in->taglen,
&alg,
@@ -1720,7 +1636,6 @@
goto cleanup;
}
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
cleanup:
@@ -1737,9 +1652,7 @@
int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record,
mbedtls_ssl_transform *transform_out)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
-#endif
/* Serialized version of record header for MAC purposes */
unsigned char add_data[13];
@@ -1751,7 +1664,6 @@
add_data[12] = (record->data_len >> 0) & 0xff;
/* MAC with additional data */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t sign_mac_length = 0;
TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation,
transform_out->psa_mac_enc,
@@ -1767,26 +1679,13 @@
TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation,
mac, sizeof(mac),
&sign_mac_length));
-#else
- TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13));
- TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc,
- record->buf + record->data_offset,
- record->data_len));
- /* Use a temporary buffer for the MAC, because with the truncated HMAC
- * extension, there might not be enough room in the record for the
- * full-length MAC. */
- unsigned char mac[MBEDTLS_MD_MAX_SIZE];
- TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac));
-#endif
memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen);
record->data_len += transform_out->maclen;
return 0;
exit:
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_mac_abort(&operation);
-#endif
return -1;
}
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
@@ -1840,7 +1739,6 @@
return -1;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type(
MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE);
size_t hash_size = 0;
@@ -1851,12 +1749,6 @@
MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN,
&hash_size);
ret = PSA_TO_MBEDTLS_ERR(status);
-#else
- ret = mbedtls_md(mbedtls_md_info_from_type(
- MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE),
- tmp_crt.raw.p, tmp_crt.raw.len,
- session->peer_cert_digest);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (ret != 0) {
return ret;
}