Commit graph

16479 commits

Author SHA1 Message Date
Daniel Axtens 301db66954 Do not include time.h without MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 15:25:42 -05:00
Daniel Axtens b3f25b06e0 Add header guard around malloc(0) returning NULL implementation
Make it safe to import the config multiple times without having
multiple definition errors.

(This prevents errors in the fuzzers in a later patch.)

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 15:25:42 -05:00
Gilles Peskine 23ea2c6c00
Merge pull request #5593 from tom-daubney-arm/2-28_bp_fix_uninitialised_buffers_in_tests
Backport 2.28: Fix uninitialised buffers in tests - Coverity issue
2022-03-03 13:31:01 +01:00
Thomas Daubney 53a07dc924 Modifies data files to match new test function name
This commit alters the relevant .data files
such that the new function name change of check_iv
to iv_len_validity is reflected there.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-03-02 16:54:41 +00:00
Thomas Daubney 755cb9bf4f Changes name of check_iv to iv_len_validity
Commit changes name of check_iv to
iv_len_vlaidity as this seems to better describe
its functionality.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-03-02 16:49:38 +00:00
Thomas Daubney 7c4a486081 Initialise buffer before use
Commit initialises buf before it is used.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-03-02 16:47:49 +00:00
Thomas Daubney ac72f9c213 Initialise iv buffer before use
Commit initialises the iv buffer before
it ias passed to mbedtls_cipher_set_iv().

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-03-02 16:44:51 +00:00
Gilles Peskine 757464c865
Merge pull request #5592 from Tachi107/2.28-msvc-utf-8
2.28 backport - build(msvc): always assume source files are in UTF-8
2022-03-02 16:42:35 +01:00
Gilles Peskine 9a0b482e98
Merge pull request #5589 from gilles-peskine-arm/mypy-on-jenkins-2.28
Backport 2.28: Make mypy unconditional
2022-03-01 20:48:46 +01:00
Andrea Pappacoda 24f20af0cd
build(msvc): always assume source files are in UTF-8
Fixes https://github.com/ARMmbed/mbedtls/issues/4205

Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it>
(cherry picked from commit 9202909d071e708770fc61437d11e3a9be2b04b9)
2022-03-01 18:00:20 +01:00
Gilles Peskine 1eba24a6ce
Merge pull request #5543 from AndrzejKurek/doxygen-fixes-compact-doxyfile-2-28
Backport 2.28: Remove default values and comments from mbedtls.doxyfile
2022-02-28 23:49:11 +01:00
Gilles Peskine e2279e02ea
Merge pull request #5503 from AndrzejKurek/doxygen-duplicate-parameter-docs-2-28
Backport 2.28: doxygen: merge multiple descriptions of the same return codes
2022-02-28 17:09:49 +01:00
Gilles Peskine e69324458a
Merge pull request #5540 from gilles-peskine-arm/check_config-chachapoly-2.28
Backport 2.28: Add check_config checks for AEAD
2022-02-28 17:07:53 +01:00
Gilles Peskine df57835a76 Make mypy unconditional
Running mypy was optional for a transition period when it wasn't installed
on the CI. Now that it is, make it mandatory, to avoid silently skipping an
expected check if mypy doesn't work for some reason.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-28 16:11:58 +01:00
Gilles Peskine f70ccb0038
Merge pull request #5577 from AndrzejKurek/raw-key-agreement-destroy-missing-2-28
Backport 2.28: Add missing key destruction calls in ssl_write_client_key_exchange
2022-02-25 13:34:06 +01:00
Andrzej Kurek 4b1216b003 Add missing key destruction calls in ssl_write_client_key_exchange
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-25 04:42:03 -05:00
Manuel Pégourié-Gonnard 4e921870b1
Merge pull request #5546 from SiliconLabs/mbedtls-2.28/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0
Backport 2.28: feat: Update test_suite_psa_its to NOT use UID=0
2022-02-17 11:49:41 +01:00
PeterSpace 9be61680b1 Update library/psa_its_file.c
Signed-off-by: pespacek <peter.spacek@silabs.com>
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
2022-02-16 15:49:29 +01:00
pespacek 55dfd8bb0a BUGFIX: PSA test vectors use UID 1 instead of 0.
Test vector to test rejection of uid = 0 was added.

Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-16 15:48:40 +01:00
pespacek ecaca12612 TEST: added psa_its_set expected failure test
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-16 15:48:00 +01:00
pespacek 55f15c7e6c BUGFIX: psa_its_set now rejects UID = 0
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-16 15:47:21 +01:00
Ronald Cron 8e1ca4df2e
Merge pull request #5459 from gilles-peskine-arm/check_test_cases-list-2.28
Backport 2.28: check_test_cases.py --list
2022-02-15 13:52:37 +01:00
Andrzej Kurek ef3f27b4ba doxygen: enable the search engine
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 06:56:16 -05:00
Andrzej Kurek b3fca7bbce doxygen: remove irrelevant options
None of these options had any impact on the generated output.
Checked after turning off the HTML_TIMESTAMP option
and running sha256sum <(find . -type f -exec sha256sum {} \; | sort) in
the apidoc directory.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 06:55:11 -05:00
Andrzej Kurek 4d6ed1142c Remove default values and comments from mbedtls.doxyfile
Use the 1.8.17 generated version for comparison
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 06:44:05 -05:00
Gilles Peskine fa21dda04a Fix indentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-15 10:59:53 +01:00
Gilles Peskine 9130b5b774 Add check_config checks for AEAD
CCM requires one of the 128-bit-block block ciphers to be useful, just like GCM.

GCM and CCM need the cipher module.

ChaChaPoly needs ChaCha20 and Poly1305.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-15 10:59:44 +01:00
Manuel Pégourié-Gonnard 05b6125f69
Merge pull request #5449 from gilles-peskine-arm/pip-requirements-no-maintainer-2.28
2.28 only: Any package used in a script must be listed in ci.requirements.txt
2022-02-15 10:18:08 +01:00
Manuel Pégourié-Gonnard 617fb004fd
Merge pull request #5536 from mpg/fix-ecdh-psa-2.28
[Backport 2.28] Fix PSA-based ECDH in TLS 1.2
2022-02-15 09:09:13 +01:00
Manuel Pégourié-Gonnard 0178487fb2 Fix missing check on server-chosen curve
We had this check in the non-PSA case, but it was missing in the PSA
case.

Backport of 141be6cc7faeb68296625670b851670542481ab6 with just the
error code change to adapt to 2.28.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-14 13:00:42 +01:00
Manuel Pégourié-Gonnard 298d6cc397 Add mbedtls_ssl_check_curve_tls_id() (internal)
This can be used to validate the server's choice of group in the PSA
case (this will be done in the next commit).

Backport of 0d63b84fa49ecb758dbec4fd7a94df59fe8367ab with a very
different implementation, as 2.28 still stores the list of allowed
groups with their mbedtls_ecp group IDs, not the IANA/TLS group IDs
(changed by https://github.com/ARMmbed/mbedtls/pull/4859/ in 3.x).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-14 13:00:32 +01:00
Ronald Cron 97f188289d
Merge pull request #5502 from AndrzejKurek/backport-2-18-import-opaque-driver-wrappers
Backport 2.28 - Add tests for an opaque import in the driver wrappers
2022-02-07 11:14:02 +01:00
Manuel Pégourié-Gonnard 8b8760885e
Merge pull request #5465 from gilles-peskine-arm/cmake-test-suite-enumeration-2.28
Backport 2.28: CMake: generate the list of test suites automatically
2022-02-07 09:48:24 +01:00
Andrzej Kurek d0c6a84dca Test driver: keep variable declarations first
Followed by hook calls, and sanity checks last.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-04 09:14:39 -05:00
Andrzej Kurek 28a7c06281 Test drivers: rename import call source to driver location
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-04 09:14:39 -05:00
Andrzej Kurek 981a0ceeee Formatting and documentation fixes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-04 09:14:39 -05:00
Andrzej Kurek 96c8f9e89d Add tests for import hooks in the driver wrappers
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-04 09:14:39 -05:00
Andrzej Kurek fcaef2ee4d doxygen: merge multiple descriptions of the same return codes
Organize some of the errors in a better way.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-04 07:54:59 -05:00
Gilles Peskine d4c5c3d231 Remove obsolete calls to if_build_succeeded
This is now a no-op.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:37:49 +01:00
Gilles Peskine fdddb9de8f Remove obsolete variable restoration or unset at the end of a component
This is no longer useful now that components run in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:36:23 +01:00
Gilles Peskine 717d55edbe Remove obsolete cd at the end of a component
This is no longer useful now that components run in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:36:14 +01:00
Gilles Peskine ca9cfcaed9 Stop CMake out of source tests running on 16.04 (continued)
The race condition mentioned in the previous commit
"Stop CMake out of source tests running on 16.04"
has also been observed with test_cmake_as_subdirectory on 3.1 and can
presumably happen on 2.28 as well. So skip it on Ubuntu 16.04 as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:35:14 +01:00
Manuel Pégourié-Gonnard 349a059f5f
Merge pull request #5461 from gilles-peskine-arm/ssl-opt-self-signed-positive-2.28
Backport 2.28: Add positive test case with self-signed certificates
2022-02-03 11:33:59 +01:00
Manuel Pégourié-Gonnard ca664c74a6
Merge pull request #5255 from AndrzejKurek/chacha-iv-len-16-fixes-2.x
Backport 2.28: Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
2022-02-03 11:31:34 +01:00
Manuel Pégourié-Gonnard 92d54fb41d
Merge pull request #5444 from AndrzejKurek/use-psa-crypto-reduced-configs-2.28
Backport 2.28: Resolve problems with reduced configs using USE_PSA_CRYPTO
2022-02-02 10:20:35 +01:00
Manuel Pégourié-Gonnard b72ecfd5a0
Merge pull request #5468 from Unity-Technologies/mbedtls-2.28-windows-arm64-workaround
Backport 2.28: Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug
2022-02-01 09:21:37 +01:00
Tautvydas Žilys 61156f8a6a Cap the workaround for mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to MSVC versions prior to 17.1.
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
2022-01-31 13:37:47 -08:00
Andrzej Kurek a16ffaf811 Add a check in check_config.h for PK_WRITE_C when RSA is enabled
This is required for importing RSA keys, as 
mbedtls_psa_rsa_export_key is used internally.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-31 09:52:33 -05:00
Andrzej Kurek 699290de04 Fix config-mini-tls1_1 PK_WRITE requirement when USA_PSA_CRYPTO is used
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-31 09:51:44 -05:00
Andrzej Kurek d08ed95419 Formatting: remove tabs from check_config.h
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-27 11:03:09 -05:00