Merge pull request #10192 from valeriosetti/fixes-for-ecp-restartable-part2

[development] Some pre-requisites for psa#299

include/mbedtls/debug.h

@@ -37,11 +37,6 @@
     mbedtls_debug_print_mpi(ssl, level, __FILE__, __LINE__, text, X)
 #endif
 
-#if defined(MBEDTLS_ECP_C)
-#define MBEDTLS_SSL_DEBUG_ECP(level, text, X)                  \
-    mbedtls_debug_print_ecp(ssl, level, __FILE__, __LINE__, text, X)
-#endif
-
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
 #define MBEDTLS_SSL_DEBUG_CRT(level, text, crt)                \

library/debug.c

@@ -167,10 +167,62 @@ void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level,
     }
 }
 
-#if defined(MBEDTLS_ECP_LIGHT)
-void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level,
+#if defined(MBEDTLS_BIGNUM_C)
+void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
                              const char *file, int line,
-                             const char *text, const mbedtls_ecp_point *X)
+                             const char *text, const mbedtls_mpi *X)
+{
+    char str[DEBUG_BUF_SIZE];
+    size_t bitlen;
+    size_t idx = 0;
+
+    if (NULL == ssl              ||
+        NULL == ssl->conf        ||
+        NULL == ssl->conf->f_dbg ||
+        NULL == X                ||
+        level > debug_threshold) {
+        return;
+    }
+
+    bitlen = mbedtls_mpi_bitlen(X);
+
+    mbedtls_snprintf(str, sizeof(str), "value of '%s' (%u bits) is:\n",
+                     text, (unsigned) bitlen);
+    debug_send_line(ssl, level, file, line, str);
+
+    if (bitlen == 0) {
+        str[0] = ' '; str[1] = '0'; str[2] = '0';
+        idx = 3;
+    } else {
+        int n;
+        for (n = (int) ((bitlen - 1) / 8); n >= 0; n--) {
+            size_t limb_offset = n / sizeof(mbedtls_mpi_uint);
+            size_t offset_in_limb = n % sizeof(mbedtls_mpi_uint);
+            unsigned char octet =
+                (X->p[limb_offset] >> (offset_in_limb * 8)) & 0xff;
+            mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", octet);
+            idx += 3;
+            /* Wrap lines after 16 octets that each take 3 columns */
+            if (idx >= 3 * 16) {
+                mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
+                debug_send_line(ssl, level, file, line, str);
+                idx = 0;
+            }
+        }
+    }
+
+    if (idx != 0) {
+        mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
+        debug_send_line(ssl, level, file, line, str);
+    }
+}
+#endif /* MBEDTLS_BIGNUM_C */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
+#if defined(MBEDTLS_ECP_LIGHT)
+static void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level,
+                                    const char *file, int line,
+                                    const char *text, const mbedtls_ecp_point *X)
 {
     char str[DEBUG_BUF_SIZE];
 
@@ -261,58 +313,6 @@ static void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level
 }
 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
 
-#if defined(MBEDTLS_BIGNUM_C)
-void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
-                             const char *file, int line,
-                             const char *text, const mbedtls_mpi *X)
-{
-    char str[DEBUG_BUF_SIZE];
-    size_t bitlen;
-    size_t idx = 0;
-
-    if (NULL == ssl              ||
-        NULL == ssl->conf        ||
-        NULL == ssl->conf->f_dbg ||
-        NULL == X                ||
-        level > debug_threshold) {
-        return;
-    }
-
-    bitlen = mbedtls_mpi_bitlen(X);
-
-    mbedtls_snprintf(str, sizeof(str), "value of '%s' (%u bits) is:\n",
-                     text, (unsigned) bitlen);
-    debug_send_line(ssl, level, file, line, str);
-
-    if (bitlen == 0) {
-        str[0] = ' '; str[1] = '0'; str[2] = '0';
-        idx = 3;
-    } else {
-        int n;
-        for (n = (int) ((bitlen - 1) / 8); n >= 0; n--) {
-            size_t limb_offset = n / sizeof(mbedtls_mpi_uint);
-            size_t offset_in_limb = n % sizeof(mbedtls_mpi_uint);
-            unsigned char octet =
-                (X->p[limb_offset] >> (offset_in_limb * 8)) & 0xff;
-            mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", octet);
-            idx += 3;
-            /* Wrap lines after 16 octets that each take 3 columns */
-            if (idx >= 3 * 16) {
-                mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
-                debug_send_line(ssl, level, file, line, str);
-                idx = 0;
-            }
-        }
-    }
-
-    if (idx != 0) {
-        mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
-        debug_send_line(ssl, level, file, line, str);
-    }
-}
-#endif /* MBEDTLS_BIGNUM_C */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
 static void debug_print_pk(const mbedtls_ssl_context *ssl, int level,
                            const char *file, int line,
                            const char *text, const mbedtls_pk_context *pk)

library/debug_internal.h

@@ -93,28 +93,6 @@ void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
                              const char *text, const mbedtls_mpi *X);
 #endif
 
-#if defined(MBEDTLS_ECP_LIGHT)
-/**
- * \brief   Print an ECP point to the debug output. This function is always
- *          used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
- *          ssl context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the error has occurred in
- * \param line      line number the error has occurred in
- * \param text      a name or label for the ECP point being output. Normally the
- *                  variable name
- * \param X         the ECP point
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level,
-                             const char *file, int line,
-                             const char *text, const mbedtls_ecp_point *X);
-#endif
-
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
 /**
  * \brief   Print a X.509 certificate structure to the debug output. This

programs/ssl/ssl_client2.c

@@ -2172,6 +2172,7 @@ usage:
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
     if (opt.ec_max_ops != DFL_EC_MAX_OPS) {
+        psa_interruptible_set_max_ops(opt.ec_max_ops);
         mbedtls_ecp_set_max_ops(opt.ec_max_ops);
     }
 #endif

tests/suites/test_suite_pkcs7.function

@@ -33,9 +33,17 @@ static int pkcs7_parse_buffer(unsigned char *pkcs7_buf, int buflen)
 void pkcs7_asn1_fail(data_t *pkcs7_buf)
 {
     int res;
+
+    /* PKCS7 uses X509 which itself relies on PK under the hood and the latter
+     * can use PSA to store keys and perform operations so psa_crypto_init()
+     * must be called before. */
+    USE_PSA_INIT();
+
     res = pkcs7_parse_buffer(pkcs7_buf->x, pkcs7_buf->len);
     TEST_ASSERT(res != MBEDTLS_PKCS7_SIGNED_DATA);
 
+exit:
+    USE_PSA_DONE();
 }
 /* END_CASE */
 
@@ -46,6 +54,11 @@ void pkcs7_parse(char *pkcs7_file, int res_expect)
     size_t buflen;
     int res;
 
+    /* PKCS7 uses X509 which itself relies on PK under the hood and the latter
+     * can use PSA to store keys and perform operations so psa_crypto_init()
+     * must be called before. */
+    USE_PSA_INIT();
+
     res = mbedtls_pk_load_file(pkcs7_file, &pkcs7_buf, &buflen);
     TEST_EQUAL(res, 0);
 
@@ -54,6 +67,7 @@ void pkcs7_parse(char *pkcs7_file, int res_expect)
 
 exit:
     mbedtls_free(pkcs7_buf);
+    USE_PSA_DONE();
 }
 /* END_CASE */
 
@@ -77,7 +91,7 @@ void pkcs7_verify(char *pkcs7_file,
     mbedtls_pkcs7 pkcs7;
     mbedtls_x509_crt **crts = NULL;
 
-    MD_OR_USE_PSA_INIT();
+    USE_PSA_INIT();
 
     mbedtls_pkcs7_init(&pkcs7);
 
@@ -166,6 +180,6 @@ exit:
     mbedtls_free(crts);
     mbedtls_free(data);
     mbedtls_free(pkcs7_buf);
-    MD_OR_USE_PSA_DONE();
+    USE_PSA_DONE();
 }
 /* END_CASE */

tests/suites/test_suite_x509parse.function

@@ -1669,6 +1669,9 @@ void x509_crt_parse_subjectkeyid(char *file, data_t *subjectKeyId, int ref_ret)
     mbedtls_x509_crt crt;
 
     mbedtls_x509_crt_init(&crt);
+    /* X509 relies on PK under the hood and the latter can use PSA to store keys
+     * and perform operations so psa_crypto_init() must be called before. */
+    USE_PSA_INIT();
 
     TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret);
 
@@ -1683,6 +1686,7 @@ void x509_crt_parse_subjectkeyid(char *file, data_t *subjectKeyId, int ref_ret)
 
 exit:
     mbedtls_x509_crt_free(&crt);
+    USE_PSA_DONE();
 }
 /* END_CASE */
 
@@ -1698,6 +1702,9 @@ void x509_crt_parse_authoritykeyid(char *file,
     char name_buf[128];
 
     mbedtls_x509_crt_init(&crt);
+    /* X509 relies on PK under the hood and the latter can use PSA to store keys
+     * and perform operations so psa_crypto_init() must be called before. */
+    USE_PSA_INIT();
 
     TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret);
 
@@ -1749,6 +1756,7 @@ void x509_crt_parse_authoritykeyid(char *file,
 
 exit:
     mbedtls_x509_crt_free(&crt);
+    USE_PSA_DONE();
 }
 /* END_CASE */