Daniel Axtens
301db66954
Do not include time.h without MBEDTLS_HAVE_TIME
...
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."
If that is not defined, do not attempt to include time.h.
A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.
Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 15:25:42 -05:00
Daniel Axtens
b3f25b06e0
Add header guard around malloc(0) returning NULL implementation
...
Make it safe to import the config multiple times without having
multiple definition errors.
(This prevents errors in the fuzzers in a later patch.)
Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 15:25:42 -05:00
Gilles Peskine
23ea2c6c00
Merge pull request #5593 from tom-daubney-arm/2-28_bp_fix_uninitialised_buffers_in_tests
...
Backport 2.28: Fix uninitialised buffers in tests - Coverity issue
2022-03-03 13:31:01 +01:00
Thomas Daubney
53a07dc924
Modifies data files to match new test function name
...
This commit alters the relevant .data files
such that the new function name change of check_iv
to iv_len_validity is reflected there.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-03-02 16:54:41 +00:00
Thomas Daubney
755cb9bf4f
Changes name of check_iv to iv_len_validity
...
Commit changes name of check_iv to
iv_len_vlaidity as this seems to better describe
its functionality.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-03-02 16:49:38 +00:00
Thomas Daubney
7c4a486081
Initialise buffer before use
...
Commit initialises buf before it is used.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-03-02 16:47:49 +00:00
Thomas Daubney
ac72f9c213
Initialise iv buffer before use
...
Commit initialises the iv buffer before
it ias passed to mbedtls_cipher_set_iv().
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-03-02 16:44:51 +00:00
Gilles Peskine
757464c865
Merge pull request #5592 from Tachi107/2.28-msvc-utf-8
...
2.28 backport - build(msvc): always assume source files are in UTF-8
2022-03-02 16:42:35 +01:00
Gilles Peskine
9a0b482e98
Merge pull request #5589 from gilles-peskine-arm/mypy-on-jenkins-2.28
...
Backport 2.28: Make mypy unconditional
2022-03-01 20:48:46 +01:00
Andrea Pappacoda
24f20af0cd
build(msvc): always assume source files are in UTF-8
...
Fixes https://github.com/ARMmbed/mbedtls/issues/4205
Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it>
(cherry picked from commit 9202909d071e708770fc61437d11e3a9be2b04b9)
2022-03-01 18:00:20 +01:00
Gilles Peskine
1eba24a6ce
Merge pull request #5543 from AndrzejKurek/doxygen-fixes-compact-doxyfile-2-28
...
Backport 2.28: Remove default values and comments from mbedtls.doxyfile
2022-02-28 23:49:11 +01:00
Gilles Peskine
e2279e02ea
Merge pull request #5503 from AndrzejKurek/doxygen-duplicate-parameter-docs-2-28
...
Backport 2.28: doxygen: merge multiple descriptions of the same return codes
2022-02-28 17:09:49 +01:00
Gilles Peskine
e69324458a
Merge pull request #5540 from gilles-peskine-arm/check_config-chachapoly-2.28
...
Backport 2.28: Add check_config checks for AEAD
2022-02-28 17:07:53 +01:00
Gilles Peskine
df57835a76
Make mypy unconditional
...
Running mypy was optional for a transition period when it wasn't installed
on the CI. Now that it is, make it mandatory, to avoid silently skipping an
expected check if mypy doesn't work for some reason.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-28 16:11:58 +01:00
Gilles Peskine
f70ccb0038
Merge pull request #5577 from AndrzejKurek/raw-key-agreement-destroy-missing-2-28
...
Backport 2.28: Add missing key destruction calls in ssl_write_client_key_exchange
2022-02-25 13:34:06 +01:00
Andrzej Kurek
4b1216b003
Add missing key destruction calls in ssl_write_client_key_exchange
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-25 04:42:03 -05:00
Manuel Pégourié-Gonnard
4e921870b1
Merge pull request #5546 from SiliconLabs/mbedtls-2.28/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0
...
Backport 2.28: feat: Update test_suite_psa_its to NOT use UID=0
2022-02-17 11:49:41 +01:00
PeterSpace
9be61680b1
Update library/psa_its_file.c
...
Signed-off-by: pespacek <peter.spacek@silabs.com>
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
2022-02-16 15:49:29 +01:00
pespacek
55dfd8bb0a
BUGFIX: PSA test vectors use UID 1 instead of 0.
...
Test vector to test rejection of uid = 0 was added.
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-16 15:48:40 +01:00
pespacek
ecaca12612
TEST: added psa_its_set expected failure test
...
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-16 15:48:00 +01:00
pespacek
55f15c7e6c
BUGFIX: psa_its_set now rejects UID = 0
...
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-16 15:47:21 +01:00
Ronald Cron
8e1ca4df2e
Merge pull request #5459 from gilles-peskine-arm/check_test_cases-list-2.28
...
Backport 2.28: check_test_cases.py --list
2022-02-15 13:52:37 +01:00
Andrzej Kurek
ef3f27b4ba
doxygen: enable the search engine
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 06:56:16 -05:00
Andrzej Kurek
b3fca7bbce
doxygen: remove irrelevant options
...
None of these options had any impact on the generated output.
Checked after turning off the HTML_TIMESTAMP option
and running sha256sum <(find . -type f -exec sha256sum {} \; | sort) in
the apidoc directory.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 06:55:11 -05:00
Andrzej Kurek
4d6ed1142c
Remove default values and comments from mbedtls.doxyfile
...
Use the 1.8.17 generated version for comparison
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 06:44:05 -05:00
Gilles Peskine
fa21dda04a
Fix indentation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-15 10:59:53 +01:00
Gilles Peskine
9130b5b774
Add check_config checks for AEAD
...
CCM requires one of the 128-bit-block block ciphers to be useful, just like GCM.
GCM and CCM need the cipher module.
ChaChaPoly needs ChaCha20 and Poly1305.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-15 10:59:44 +01:00
Manuel Pégourié-Gonnard
05b6125f69
Merge pull request #5449 from gilles-peskine-arm/pip-requirements-no-maintainer-2.28
...
2.28 only: Any package used in a script must be listed in ci.requirements.txt
2022-02-15 10:18:08 +01:00
Manuel Pégourié-Gonnard
617fb004fd
Merge pull request #5536 from mpg/fix-ecdh-psa-2.28
...
[Backport 2.28] Fix PSA-based ECDH in TLS 1.2
2022-02-15 09:09:13 +01:00
Manuel Pégourié-Gonnard
0178487fb2
Fix missing check on server-chosen curve
...
We had this check in the non-PSA case, but it was missing in the PSA
case.
Backport of 141be6cc7faeb68296625670b851670542481ab6 with just the
error code change to adapt to 2.28.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-14 13:00:42 +01:00
Manuel Pégourié-Gonnard
298d6cc397
Add mbedtls_ssl_check_curve_tls_id() (internal)
...
This can be used to validate the server's choice of group in the PSA
case (this will be done in the next commit).
Backport of 0d63b84fa49ecb758dbec4fd7a94df59fe8367ab with a very
different implementation, as 2.28 still stores the list of allowed
groups with their mbedtls_ecp group IDs, not the IANA/TLS group IDs
(changed by https://github.com/ARMmbed/mbedtls/pull/4859/ in 3.x).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-14 13:00:32 +01:00
Ronald Cron
97f188289d
Merge pull request #5502 from AndrzejKurek/backport-2-18-import-opaque-driver-wrappers
...
Backport 2.28 - Add tests for an opaque import in the driver wrappers
2022-02-07 11:14:02 +01:00
Manuel Pégourié-Gonnard
8b8760885e
Merge pull request #5465 from gilles-peskine-arm/cmake-test-suite-enumeration-2.28
...
Backport 2.28: CMake: generate the list of test suites automatically
2022-02-07 09:48:24 +01:00
Andrzej Kurek
d0c6a84dca
Test driver: keep variable declarations first
...
Followed by hook calls, and sanity checks last.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-04 09:14:39 -05:00
Andrzej Kurek
28a7c06281
Test drivers: rename import call source to driver location
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-04 09:14:39 -05:00
Andrzej Kurek
981a0ceeee
Formatting and documentation fixes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-04 09:14:39 -05:00
Andrzej Kurek
96c8f9e89d
Add tests for import hooks in the driver wrappers
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-04 09:14:39 -05:00
Andrzej Kurek
fcaef2ee4d
doxygen: merge multiple descriptions of the same return codes
...
Organize some of the errors in a better way.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-04 07:54:59 -05:00
Gilles Peskine
d4c5c3d231
Remove obsolete calls to if_build_succeeded
...
This is now a no-op.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:37:49 +01:00
Gilles Peskine
fdddb9de8f
Remove obsolete variable restoration or unset at the end of a component
...
This is no longer useful now that components run in a subshell.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:36:23 +01:00
Gilles Peskine
717d55edbe
Remove obsolete cd at the end of a component
...
This is no longer useful now that components run in a subshell.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:36:14 +01:00
Gilles Peskine
ca9cfcaed9
Stop CMake out of source tests running on 16.04 (continued)
...
The race condition mentioned in the previous commit
"Stop CMake out of source tests running on 16.04"
has also been observed with test_cmake_as_subdirectory on 3.1 and can
presumably happen on 2.28 as well. So skip it on Ubuntu 16.04 as well.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:35:14 +01:00
Manuel Pégourié-Gonnard
349a059f5f
Merge pull request #5461 from gilles-peskine-arm/ssl-opt-self-signed-positive-2.28
...
Backport 2.28: Add positive test case with self-signed certificates
2022-02-03 11:33:59 +01:00
Manuel Pégourié-Gonnard
ca664c74a6
Merge pull request #5255 from AndrzejKurek/chacha-iv-len-16-fixes-2.x
...
Backport 2.28: Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
2022-02-03 11:31:34 +01:00
Manuel Pégourié-Gonnard
92d54fb41d
Merge pull request #5444 from AndrzejKurek/use-psa-crypto-reduced-configs-2.28
...
Backport 2.28: Resolve problems with reduced configs using USE_PSA_CRYPTO
2022-02-02 10:20:35 +01:00
Manuel Pégourié-Gonnard
b72ecfd5a0
Merge pull request #5468 from Unity-Technologies/mbedtls-2.28-windows-arm64-workaround
...
Backport 2.28: Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug
2022-02-01 09:21:37 +01:00
Tautvydas Žilys
61156f8a6a
Cap the workaround for mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to MSVC versions prior to 17.1.
...
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
2022-01-31 13:37:47 -08:00
Andrzej Kurek
a16ffaf811
Add a check in check_config.h for PK_WRITE_C when RSA is enabled
...
This is required for importing RSA keys, as
mbedtls_psa_rsa_export_key is used internally.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-31 09:52:33 -05:00
Andrzej Kurek
699290de04
Fix config-mini-tls1_1 PK_WRITE requirement when USA_PSA_CRYPTO is used
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-31 09:51:44 -05:00
Andrzej Kurek
d08ed95419
Formatting: remove tabs from check_config.h
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-27 11:03:09 -05:00