Commit graph

13166 commits

Author SHA1 Message Date
Gilles Peskine 3e2ee3cedc Check only files checked into Git
We're only interested in files that are committed and pushed to be
included in Mbed TLS, not in any other files that may be lying around.
So ask git for the list of file names.

This script is primarily intended to run on the CI, and there it runs
on a fresh Git checkout plus potentially some other checkouts or
leftovers from a previous part of the CI job. It should also run
reasonably well on developer machines, where there may be various
additional files. In both cases, git is available.

Ad hoc directory exclusions are no longer needed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:53:32 +02:00
Gilles Peskine d4a853dbd7 Exclude binary files from text checks
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:53:32 +02:00
Gilles Peskine 0598db84c3 Regex mechanism for check-specific exemptions
Suffixes are convenient but not always sufficient.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:53:32 +02:00
Gilles Peskine c1d1b669db Check all files by default
Have an explicit list of exemptions for specific checks rather than
whitelisting files to check. Some checks, such as permissions, should
apply to all files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:53:32 +02:00
Gilles Peskine 05a51a8a72 More accurate variable name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:53:32 +02:00
Janos Follath eee1f3b0c1
Merge pull request #3341 from paul-elliott-arm/fix-contributing
Fix contributing link to changelog howto
2020-05-27 07:44:25 +01:00
Gilles Peskine b1ccff8725
Merge pull request #2855 from irwir/fix_x509_crt.c
Remove non-working check from x509_get_subject_alt_name
2020-05-26 18:32:16 +02:00
Gilles Peskine deacf60f79
Merge pull request #3326 from kohnakagawa/fix/utf-8_encoding_bug
fix mbedtls_x509_dn_gets to show non-ASCII string properly
2020-05-25 14:18:48 +02:00
Manuel Pégourié-Gonnard 4bfa1171ae
Merge pull request #3335 from Redfoxymoon/development
midipix platform support
2020-05-22 13:04:15 +02:00
Paul Elliott 8c4fd40bf6 Change Changelog link to point at Changelog readme
Make the contributing document link to how to create a changelog rather
than just linking to the Changelog itself.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-05-21 16:25:56 +01:00
Ørjan Malde 479d8de31d Add support for midipix, a POSIX layer for Microsoft Windows
Signed-off-by: Ørjan Malde <orjan.malde@foxi.me>
2020-05-20 18:14:45 +00:00
Koh M. Nakagawa 46b8782a72 fix mbedtls_x509_dn_gets to escape non-ASCII characters
Signed-off-by: Koh M. Nakagawa <tsunekou1019@gmail.com>
2020-05-21 01:56:55 +09:00
irwir d742a2416d Add changelog entry
Signed-off-by: irwir <irwir@users.noreply.github.com>
2020-05-20 18:24:12 +03:00
Manuel Pégourié-Gonnard 5eae4dd08e
Merge pull request #3301 from Patater/inline-mbedtls_ecc_group_to_psa
psa: Define mbedtls_ecc_group_to_psa() inline
2020-05-19 09:06:04 +02:00
danh-arm 4850263bb5
Merge pull request #3319 from Kxuan/development
Fix typo in program benchmark.
2020-05-18 10:10:25 +01:00
Gilles Peskine ee61b6601e
Merge pull request #3302 from gilles-peskine-arm/psa-lifetime-persistence-indicator
Define some structure for lifetime values
2020-05-14 16:13:20 +02:00
Gilles Peskine e24fc7b0a1
Merge pull request #2595 from k-stachowiak/unified-exit-in-examples
Unify the example programs' termination
2020-05-12 10:46:47 +02:00
Gilles Peskine b88bb5fd7f Add changelog entry file
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 22:13:27 +02:00
k-stachowiak 297896e6db Remove obsolete comment 2020-05-11 22:11:10 +02:00
Gilles Peskine c39a80daee
Merge pull request #3312 from sander-visser/cleanup-nullptr-deref
Scope reduction to enable NULL check to protect dereferencing.
2020-05-11 21:59:07 +02:00
Gilles Peskine fb79dfef47 Changelog entry noting the behavior change and storage format change
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:15:26 +02:00
Gilles Peskine 344e15b010 Update SE support to pass a location when registering a driver
Now that lifetimes have structures and secure element drivers handle
all the lifetimes with a certain location, update driver registration
to take a location as argument rather than a lifetime.

This commit updates the tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:15:26 +02:00
Gilles Peskine 2b04f4683b Update SE support to pass a location when registering a driver
Now that lifetimes have structures and secure element drivers handle
all the lifetimes with a certain location, update driver registration
to take a location as argument rather than a lifetime.

This commit updates the Mbed TLS implementation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:15:26 +02:00
Gilles Peskine 52ac958d6b Update the SE interface to pass a location when registering a driver
Now that lifetimes have structures and secure element drivers handle
all the lifetimes with a certain location, update driver registration
to take a location as argument rather than a lifetime.

This commit updates the PSA specification draft.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine 4cfa443d2a Fix macros
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine e3871f8ae8 Missing word
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine c4ee2f3a87 Define a macro to construct a lifetime from persistence and location
Applications need this to combine implementation-specific values of
persistence levels and location indicators.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine aff1181d67 Document PSA_KEY_PERSISTENCE_xxx and PSA_KEY_LOCATION_xxx
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine ee04e69956 Rename and clarify the default persistent location and persistence
Call persistence "default" because that is genuinely the default that
applications should use if they don't know better. It's slightly
misleading in that the default persistence when you create a key is
volatile, not this: "default" is the default persistence for
persistent keys, not the default persistence for keys in general. But
we haven't found a better name.

Introduce the term "primary local storage" to designate the default
storage location.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine 5dcb74f02f PSA_KEY_LIFETIME_PERSISTENT is a lifetime, not just a storage area
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine bbb3c1815a Shorten type and value names for lifetime parts
Drop lifetime_ or LIFETIME_ to make the names shorter. They're still
unambiguous.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine 2d2bb1dd04 Define some structure for lifetime values
* Lower 8 bits: persistence level
    * 0: volatile
    * 1: persistent (default)
    * 2-127: persistent (reserved for future PSA specifications)
    * 128-254: persistent (reserved for vendors)
    * 255: read-only
* Upper 24 bits: location indicator
    * 0: built-in
    * 1: primary secure element
    * 2-0x7fffff: reserved for future PSA specifications
    * 0x800000-0xffffff: vendor-specific

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Janos Follath 1a4a3f5924
Merge pull request #3311 from sander-visser/validate-tls-mac-key-len
Add variable initialization to large SSL TLS function
2020-05-11 09:39:01 +01:00
Gilles Peskine f862d73df0
Merge pull request #3310 from sander-visser/fix-wrong-return-with-ssl-hw-accel-if-init-fails
Expose SSL HW record acceleration error.
2020-05-11 10:30:04 +02:00
Zhai Zhaoxuan e22da99224
Fix typo in program benchmark.
Signed-off-by: Zhai Zhaoxuan <kxuanobj@gmail.com>
2020-05-09 23:50:32 +08:00
sander-visser a65fe0b8cb Add changelog entry for #3310.
Signed-off-by: sander-visser <github@visser.se>
2020-05-07 22:06:49 +02:00
sander-visser 3888b03e31 Add variable initialization to large SSL TLS function.
change triggered by false positive reported by Cppcheck 1.89.

Signed-off-by: sander-visser <github@visser.se>
2020-05-07 20:23:05 +02:00
sander-visser c64b72394d Add Changelog entry for #3312
Signed-off-by: sander-visser <github@visser.se>
2020-05-07 20:09:30 +02:00
sander-visser b8aa2071f6 Scope reduction to enable NULL check to protect dereferencing.
Signed-off-by: sander-visser <github@visser.se>
2020-05-06 22:05:13 +02:00
sander-visser 1abe8ee554 Expose SSL HW record acceleration error.
Fix issue with variable shadowing.

Signed-off-by: sander-visser <github@visser.se>
2020-05-06 21:29:01 +02:00
Janos Follath 5435451a1a
Merge pull request #3306 from yanesca/update_contributing_discussion_link
Update link in contributing guide
2020-05-06 16:05:06 +01:00
Janos Follath a85c2b27f3 Update link in contributing guide
The link pointed to the website, this information is out of date, the
correct place to start discussions is the mailing list.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-05-06 11:11:39 +01:00
Darryl Green 2f0eb51aae psa: Define mbedtls_ecc_group_to_psa() inline
On dual world platforms, we want to run the PK module (pk.c) on the NS
side so TLS can use PSA APIs via the PK interface. PK currently has a
hard dependency on mbedtls_ecc_group_to_psa() which is declared in
crypto_extra.h, but only defined in psa_crypto.c, which is only built
for the S side.

Without this change, dual world platforms get error messages like the
following.

    [Error] @0,0: L6218E: Undefined symbol mbedtls_ecc_group_to_psa (referred from BUILD/LPC55S69_NS/ARM/mbed-os/features/mbedtls/mbed-crypto/src/pk.o)

Make mbedtls_ecc_group_to_psa() inline within crypto_extra.h so that it
is available to both NS and S world code.

Fixes #3300

Signed-off-by: Darryl Green <darryl.green@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2020-05-05 12:41:48 +01:00
Jaeden Amero 1bde9cdf71 psa: Clear bits in mbedtls_ecc_group_to_psa()
Clear bits in mbedtls_ecc_group_to_psa() to avoid static analyzers and
possibly compilers from warning that bits may be used uninitialized in
certain code paths.

For example, if mbedtls_ecc_group_to_psa() were to be inlined in
crypto_extra.h, the following compiler warning is likely.

    In file included from ../include/psa/crypto.h:3774:0,
                     from ../include/mbedtls/pk.h:49,
                     from pk.c:29:
    pk.c: In function 'mbedtls_pk_wrap_as_opaque':
    ../include/psa/crypto_struct.h:460:33: error: 'bits' may be used uninitialized in this function [-Werror=maybe-uninitialized]
             attributes->core.bits = (psa_key_bits_t) bits;
                                     ^~~~~~~~~~~~~~~~~~~~~
    pk.c:608:12: note: 'bits' was declared here
         size_t bits;
                ^~~~

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2020-05-05 12:41:41 +01:00
Gilles Peskine d9f694960f
Merge pull request #3190 from gilles-peskine-arm/config-full-clarify-development
Clarify that the full config enables everything that can be tested together
2020-05-04 12:29:09 +02:00
Manuel Pégourié-Gonnard 1d632c26a4
Merge pull request #3239 from opatomic/win2kdns
add support for win2k
2020-05-04 12:19:45 +02:00
Gilles Peskine 39461b04f6
Merge pull request #3218 from gilles-peskine-arm/travis-rationalize
Rationalize Travis builds
2020-05-04 12:10:51 +02:00
Gilles Peskine 9515d76171
Merge pull request #3219 from aggarg/err_optimization
Remove error_description variable from strerr functions
2020-05-04 09:37:13 +02:00
Gilles Peskine 907211da88 Travis: do both a Cortex-A build and a Cortex-M0+ build
The Cortex-A build is similar to Debian armel. The Cortex-M0+ is a
handy point of comparison for code size. Put that one last so that
it's easy to find in the log.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:14:08 +02:00
Gilles Peskine 18487f62d8 all.sh: on arm builds (GCC or Arm Compiler), show the code size
Just show the code size in the logs, for human consumption.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:14:08 +02:00