This will let us use bash features that are not found in some other sh
implementations, such as DEBUG and ERR traps, "set -o pipefail", etc.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
* There's no compat-2.x.h in Mbed TLS 2.x, but there's a compat-1.3.h which
similarly needs to be excluded.
* mbedtls_config.h is called config.h.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Don't try to enumerate excluded files. List included files, and remove names
from the list if they match an excluded-file pattern.
This resolves the problem that the script could get into an infinite loop
due to the use of recursive globbing. Unfortunately, Python's recursive
globs follows symbolic links to directories, which leads to an infinite loop
if a symbolic link points to an ancestor of the directory that contains it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Copy the following files:
tests/scripts/check_names.py
tests/scripts/list_internal_identifiers.py
tests/scripts/list-identifiers.sh
Copy the version from b19be6b5f3c9a92b5b17fa27e16901f132f1a310, which is the
result of merging https://github.com/ARMmbed/mbedtls/pull/1638 into the
development branch.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Don't mention "TLS 1.2 only" for PSK, as that could give the impression
that the other things about TLS are supported beyond 1.2, which isn't
the case currently.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The section is about things that are not covered, but some lists are
about things that are covered, which was very confusing.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Also, remove the section about design considerations for now. It's
probably more suitable for a developer-oriented document that would also
include considerations about possible paths for the future, which would
better be separated from user documentation (separating the certain that
is now, from the uncertain that might or might not be later).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The API reached 1.0.0 some time ago, and we've caught up with the
incompatible changes already.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Combine the changelog entries for the memory constraints fix on
aarch64 and amd64, since these are essentially fixing the same
issue.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Add memory constraints to the aarch64 inline assembly in MULADDC_STOP.
This fixes an issue where Clang 12 and 13 were generating
non-functional code on aarch64 platforms. See #4962, #4943
for further details.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
MULADDC_CORE reads from (%%rsi) and writes to (%%rdi). This fragment is
repeated up to 16 times, and %%rsi and %%rdi are s and d on entry
respectively. Hence the complete asm statement reads 16 64-bit words
from memory starting at s, and writes 16 64-bit words starting at d.
Without any declaration of modified memory, Clang 12 and Clang 13 generated
non-working code for mbedtls_mpi_mod_exp. The constraints make the unit
tests pass with Clang 12.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This parameter was set but not used, which was pointless. Clang 14 detects
this and legitimately complains.
Remove the parameter. This is an internal function, only called once. The
caller already has a sufficient check on the output buffer size which
applies in more cases, so there is no real gain in robustness in adding the
same check inside the internal function.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The psa_open_key API depends on MBEDTLS_PSA_CRYPTO_STORAGE_C.
This is unnecessary for builtin keys and so is fixed.
Updated an open_fail test vector keeping with the same.
Signed-off-by: Archana <archana.madhavan@silabs.com>
Warning reported with IAR compiler:
"mbedtls\library\pkparse.c",1167 Warning[Pe550]: variable "ret" was set but never used
Signed-off-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
exchange groups of the byte reading macros with MBEDTLS_PUT_UINTxyz
and then shift the pointer afterwards. Easier to read as you can
see how big the data is that you are putting in, and in the case of
UINT32 AND UINT64 it saves some vertical space.
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
exchange groups of the byte reading macros with MBEDTLS_PUT_UINTxyz
and then shift the pointer afterwards. Easier to read as you can
see how big the data is that you are putting in, and in the case of
UINT32 AND UINT64 it saves some vertical space.
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
After removing config.h, the inclusion of it in common.h would be too late
in the code. Therefore common.h has been moved to where config.h used to
be included.
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
common.h already includes config.h, so a a file uses common.h
it no longer requires the definition/inclusion of config.h
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
added more uses of byte reading macros where appropriate.
changed the positioning of some brackets for consitancy in
coding style
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
MBEDTLS_ALLOW_PRIVATE_ACCESS existed in development and was copied
over whilst cherry-picking commits.
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>