From abcfd4c160d6269a8b84f1d8e5e1c1a95753d238 Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Tue, 17 Jun 2025 15:18:20 +0100 Subject: [PATCH 1/3] Modified dlopen.c and tfpsacrypto_dlopen.c so that they use PSA API-only dynamic loading - Replaced soon-deprecated mbedtls_md_list() in dlopen.c with psa_hash_compute() - Added tfpsacrypto_dlopen.c as a PSA-only shared-library loading test - Enabled -fPIC for tf-psa-crypto builtins to support shared linking - Confirmed clean builds and successful dlopen() test execution. Signed-off-by: Ari Weiler-Ofek --- programs/test/dlopen.c | 42 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 8 deletions(-) diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index bb7fba88af..9aba73308c 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -98,16 +98,42 @@ int main(void) * "gcc -std=c99 -pedantic" complains about it, but it is perfectly * fine on platforms that have dlsym(). */ #pragma GCC diagnostic ignored "-Wpedantic" - const int *(*md_list)(void) = - dlsym(crypto_so, "mbedtls_md_list"); + psa_status_t (*dyn_psa_crypto_init)(void) = + dlsym(crypto_so, "psa_crypto_init"); + psa_status_t (*dyn_psa_hash_compute)(psa_algorithm_t, const uint8_t *, size_t, uint8_t *, + size_t, size_t *) = + dlsym(crypto_so, "psa_hash_compute"); + #pragma GCC diagnostic pop - CHECK_DLERROR("dlsym", "mbedtls_md_list"); - const int *mds = md_list(); - for (n = 0; mds[n] != 0; n++) {/* nothing to do, we're just counting */ - ; + /* Use psa_hash_compute from PSA Crypto API instead of deprecated mbedtls_md_list() + * to demonstrate runtime linking of libmbedcrypto / libtfpsacrypto */ + + CHECK_DLERROR("dlsym", "psa_crypto_init"); + CHECK_DLERROR("dlsym", "psa_hash_compute"); + + psa_status_t status = dyn_psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "psa_crypto_init failed: %d\n", (int) status); + mbedtls_exit(MBEDTLS_EXIT_FAILURE); } - mbedtls_printf("dlopen(%s): %u hashes\n", - crypto_so_filename, n); + + const uint8_t input[] = "hello world"; + uint8_t hash[32]; // Buffer to hold the output hash + size_t hash_len = 0; + + status = dyn_psa_hash_compute(PSA_ALG_SHA_256, + input, sizeof(input) - 1, + hash, sizeof(hash), + &hash_len); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "psa_hash_compute failed: %d\n", (int) status); + mbedtls_exit(MBEDTLS_EXIT_FAILURE); + } + + mbedtls_printf("dlopen(%s): psa_hash_compute succeeded. SHA-256 output length: %zu\n", + crypto_so_filename, hash_len); + + dlclose(crypto_so); CHECK_DLERROR("dlclose", crypto_so_filename); #endif /* MBEDTLS_MD_C */ From c3d54b619e63f7042a1094a5d000d7b0ba3c7c7b Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Tue, 15 Jul 2025 14:08:24 +0100 Subject: [PATCH 2/3] Fix comment in dlopen.c to remove reference to deprecated API Signed-off-by: Ari Weiler-Ofek --- programs/test/dlopen.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index 9aba73308c..58a6af52e7 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -105,8 +105,7 @@ int main(void) dlsym(crypto_so, "psa_hash_compute"); #pragma GCC diagnostic pop - /* Use psa_hash_compute from PSA Crypto API instead of deprecated mbedtls_md_list() - * to demonstrate runtime linking of libmbedcrypto / libtfpsacrypto */ + /* Demonstrate hashing a message with PSA Crypto */ CHECK_DLERROR("dlsym", "psa_crypto_init"); CHECK_DLERROR("dlsym", "psa_hash_compute"); From 30a53fe5a494b68a5517c968de68eed72cb7583c Mon Sep 17 00:00:00 2001 From: Ari Weiler-Ofek Date: Tue, 15 Jul 2025 14:16:11 +0100 Subject: [PATCH 3/3] Update TF-PSA-Crypto submodule to PSA-only dynamic loading Signed-off-by: Ari Weiler-Ofek --- tf-psa-crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto b/tf-psa-crypto index 110b9a44d7..b1c98ebee8 160000 --- a/tf-psa-crypto +++ b/tf-psa-crypto @@ -1 +1 @@ -Subproject commit 110b9a44d79975c0eab61f46c65837abc5c9309a +Subproject commit b1c98ebee82c1056cec0f64e24f1b780a5889a0d