Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
Signed-off-by: Shaun Case <warmsocks@gmail.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Shaun Case
Dave Rodgman
parent
5479f5321a
commit
8b0ecbccf4
2
3rdparty/everest/README.md
vendored
2
3rdparty/everest/README.md
vendored
@ -2,4 +2,4 @@ The files in this directory stem from [Project Everest](https://project-everest.
|
|||||||
|
|
||||||
This is a formally verified implementation of Curve25519-based handshakes. The C code is automatically derived from the (verified) [original implementation](https://github.com/project-everest/hacl-star/tree/master/code/curve25519) in the [F* language](https://github.com/fstarlang/fstar) by [KreMLin](https://github.com/fstarlang/kremlin). In addition to the improved safety and security of the implementation, it is also significantly faster than the default implementation of Curve25519 in mbedTLS.
|
This is a formally verified implementation of Curve25519-based handshakes. The C code is automatically derived from the (verified) [original implementation](https://github.com/project-everest/hacl-star/tree/master/code/curve25519) in the [F* language](https://github.com/fstarlang/fstar) by [KreMLin](https://github.com/fstarlang/kremlin). In addition to the improved safety and security of the implementation, it is also significantly faster than the default implementation of Curve25519 in mbedTLS.
|
||||||
|
|
||||||
The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explictly supported platforms are currently `x86` and `x86_64` using gcc or clang, and Visual C (2010 and later).
|
The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explicitly supported platforms are currently `x86` and `x86_64` using gcc or clang, and Visual C (2010 and later).
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
# command but rather at the target level using the
|
# command but rather at the target level using the
|
||||||
# target_include_directories command. That way, it is easier to guarantee
|
# target_include_directories command. That way, it is easier to guarantee
|
||||||
# that targets are built using the proper list of include directories.
|
# that targets are built using the proper list of include directories.
|
||||||
# + Use the PUBLIC and PRIVATE keywords to specifiy the scope of include
|
# + Use the PUBLIC and PRIVATE keywords to specify the scope of include
|
||||||
# directories. That way, a target linking to a library (using the
|
# directories. That way, a target linking to a library (using the
|
||||||
# target_link_librairies command) inherits from the library PUBLIC include
|
# target_link_librairies command) inherits from the library PUBLIC include
|
||||||
# directories and not from the PRIVATE ones.
|
# directories and not from the PRIVATE ones.
|
||||||
|
|||||||
26
ChangeLog
26
ChangeLog
@ -709,7 +709,7 @@ Security
|
|||||||
applications calling mbedtls_mpi_sub_abs() directly are affected:
|
applications calling mbedtls_mpi_sub_abs() directly are affected:
|
||||||
all calls inside the library were safe since this function is
|
all calls inside the library were safe since this function is
|
||||||
only called with |A| >= |B|. Reported by Guido Vranken in #4042.
|
only called with |A| >= |B|. Reported by Guido Vranken in #4042.
|
||||||
* Fix an errorneous estimation for an internal buffer in
|
* Fix an erroneous estimation for an internal buffer in
|
||||||
mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd
|
mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd
|
||||||
value the function might fail to write a private RSA keys of the largest
|
value the function might fail to write a private RSA keys of the largest
|
||||||
supported size.
|
supported size.
|
||||||
@ -722,7 +722,7 @@ Security
|
|||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fix use-after-scope error in programs/ssl/ssl_client2.c and ssl_server2.c
|
* Fix use-after-scope error in programs/ssl/ssl_client2.c and ssl_server2.c
|
||||||
* Fix memory leak that occured when calling psa_close_key() on a
|
* Fix memory leak that occurred when calling psa_close_key() on a
|
||||||
wrapped key with MBEDTLS_PSA_CRYPTO_SE_C defined.
|
wrapped key with MBEDTLS_PSA_CRYPTO_SE_C defined.
|
||||||
* Fix an incorrect error code if an RSA private operation glitched.
|
* Fix an incorrect error code if an RSA private operation glitched.
|
||||||
* Fix a memory leak in an error case in psa_generate_derived_key_internal().
|
* Fix a memory leak in an error case in psa_generate_derived_key_internal().
|
||||||
@ -1149,7 +1149,7 @@ Changes
|
|||||||
executable.
|
executable.
|
||||||
* The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
|
* The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
|
||||||
`MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel
|
`MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel
|
||||||
coutermeasures. If side channels are not a concern, this dependency can
|
countermeasures. If side channels are not a concern, this dependency can
|
||||||
be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`.
|
be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`.
|
||||||
* Align MSVC error flag with GCC and Clang. Contributed by Carlos Gomes
|
* Align MSVC error flag with GCC and Clang. Contributed by Carlos Gomes
|
||||||
Martinho. #3147
|
Martinho. #3147
|
||||||
@ -1817,7 +1817,7 @@ New deprecations
|
|||||||
platform error.
|
platform error.
|
||||||
* All module specific generic hardware acceleration errors following the
|
* All module specific generic hardware acceleration errors following the
|
||||||
form MBEDTLS_ERR_XXX_HW_ACCEL_FAILED that are deprecated and are replaced
|
form MBEDTLS_ERR_XXX_HW_ACCEL_FAILED that are deprecated and are replaced
|
||||||
by the equivalent plaform error.
|
by the equivalent platform error.
|
||||||
* Deprecate the function mbedtls_mpi_is_prime() in favor of
|
* Deprecate the function mbedtls_mpi_is_prime() in favor of
|
||||||
mbedtls_mpi_is_prime_ext() which allows specifying the number of
|
mbedtls_mpi_is_prime_ext() which allows specifying the number of
|
||||||
Miller-Rabin rounds.
|
Miller-Rabin rounds.
|
||||||
@ -2637,7 +2637,7 @@ Bugfix
|
|||||||
a negative MPI. Previously the result was always negative. Found by Guido
|
a negative MPI. Previously the result was always negative. Found by Guido
|
||||||
Vranken.
|
Vranken.
|
||||||
* Fix a numerical underflow leading to stack overflow in mpi_read_file()
|
* Fix a numerical underflow leading to stack overflow in mpi_read_file()
|
||||||
that was triggered uppon reading an empty line. Found by Guido Vranken.
|
that was triggered upon reading an empty line. Found by Guido Vranken.
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Send fatal alerts in more cases. The previous behaviour was to skip
|
* Send fatal alerts in more cases. The previous behaviour was to skip
|
||||||
@ -2812,7 +2812,7 @@ Bugfix
|
|||||||
* Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf
|
* Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf
|
||||||
data structure until after error checks are successful. Found by
|
data structure until after error checks are successful. Found by
|
||||||
subramanyam-c. #622
|
subramanyam-c. #622
|
||||||
* Fix documentation and implementation missmatch for function arguments of
|
* Fix documentation and implementation mismatch for function arguments of
|
||||||
mbedtls_gcm_finish(). Found by cmiatpaar. #602
|
mbedtls_gcm_finish(). Found by cmiatpaar. #602
|
||||||
* Guarantee that P>Q at RSA key generation. Found by inestlerode. #558
|
* Guarantee that P>Q at RSA key generation. Found by inestlerode. #558
|
||||||
* Fix potential byte overread when verifying malformed SERVER_HELLO in
|
* Fix potential byte overread when verifying malformed SERVER_HELLO in
|
||||||
@ -2935,7 +2935,7 @@ Security
|
|||||||
Features
|
Features
|
||||||
* Experimental support for EC J-PAKE as defined in Thread 1.0.0.
|
* Experimental support for EC J-PAKE as defined in Thread 1.0.0.
|
||||||
Disabled by default as the specification might still change.
|
Disabled by default as the specification might still change.
|
||||||
* Added a key extraction callback to accees the master secret and key
|
* Added a key extraction callback to access the master secret and key
|
||||||
block. (Potential uses include EAP-TLS and Thread.)
|
block. (Potential uses include EAP-TLS and Thread.)
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
@ -2970,7 +2970,7 @@ Security
|
|||||||
overflow of the hostname or session ticket. Found by Guido Vranken,
|
overflow of the hostname or session ticket. Found by Guido Vranken,
|
||||||
Intelworks.
|
Intelworks.
|
||||||
* Fix potential double-free if mbedtls_ssl_set_hs_psk() is called more than
|
* Fix potential double-free if mbedtls_ssl_set_hs_psk() is called more than
|
||||||
once in the same handhake and mbedtls_ssl_conf_psk() was used.
|
once in the same handshake and mbedtls_ssl_conf_psk() was used.
|
||||||
Found and patch provided by Guido Vranken, Intelworks. Cannot be forced
|
Found and patch provided by Guido Vranken, Intelworks. Cannot be forced
|
||||||
remotely.
|
remotely.
|
||||||
* Fix stack buffer overflow in pkcs12 decryption (used by
|
* Fix stack buffer overflow in pkcs12 decryption (used by
|
||||||
@ -3245,7 +3245,7 @@ Default behavior changes
|
|||||||
|
|
||||||
Requirement changes
|
Requirement changes
|
||||||
* The minimum MSVC version required is now 2010 (better C99 support).
|
* The minimum MSVC version required is now 2010 (better C99 support).
|
||||||
* The NET layer now unconditionnaly relies on getaddrinfo() and select().
|
* The NET layer now unconditionally relies on getaddrinfo() and select().
|
||||||
* Compiler is required to support C99 types such as long long and uint32_t.
|
* Compiler is required to support C99 types such as long long and uint32_t.
|
||||||
|
|
||||||
API changes from the 1.4 preview branch
|
API changes from the 1.4 preview branch
|
||||||
@ -3458,7 +3458,7 @@ Bugfix
|
|||||||
are defined but not POLARSSL_HAVE_TIME (found by Stephane Di Vito).
|
are defined but not POLARSSL_HAVE_TIME (found by Stephane Di Vito).
|
||||||
* Remove non-existent file from VS projects (found by Peter Vaskovic).
|
* Remove non-existent file from VS projects (found by Peter Vaskovic).
|
||||||
* ssl_read() could return non-application data records on server while
|
* ssl_read() could return non-application data records on server while
|
||||||
renegotation was pending, and on client when a HelloRequest was received.
|
renegotiation was pending, and on client when a HelloRequest was received.
|
||||||
* Server-initiated renegotiation would fail with non-blocking I/O if the
|
* Server-initiated renegotiation would fail with non-blocking I/O if the
|
||||||
write callback returned WANT_WRITE when requesting renegotiation.
|
write callback returned WANT_WRITE when requesting renegotiation.
|
||||||
* ssl_close_notify() could send more than one message in some circumstances
|
* ssl_close_notify() could send more than one message in some circumstances
|
||||||
@ -3942,7 +3942,7 @@ Bugfix
|
|||||||
* Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
|
* Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
|
||||||
* Fix net_accept() regarding non-blocking sockets (found by Luca Pesce).
|
* Fix net_accept() regarding non-blocking sockets (found by Luca Pesce).
|
||||||
* ssl_read() could return non-application data records on server while
|
* ssl_read() could return non-application data records on server while
|
||||||
renegotation was pending, and on client when a HelloRequest was received.
|
renegotiation was pending, and on client when a HelloRequest was received.
|
||||||
* Fix warnings from Clang's scan-build (contributed by Alfred Klomp).
|
* Fix warnings from Clang's scan-build (contributed by Alfred Klomp).
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
@ -4378,7 +4378,7 @@ Changes
|
|||||||
x509parse_crtfile(). With permissive parsing the parsing does not stop on
|
x509parse_crtfile(). With permissive parsing the parsing does not stop on
|
||||||
encountering a parse-error. Beware that the meaning of return values has
|
encountering a parse-error. Beware that the meaning of return values has
|
||||||
changed!
|
changed!
|
||||||
* All error codes are now negative. Even on mermory failures and IO errors.
|
* All error codes are now negative. Even on memory failures and IO errors.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes
|
* Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes
|
||||||
@ -4538,7 +4538,7 @@ Features
|
|||||||
Changes
|
Changes
|
||||||
* Made Makefile cleaner
|
* Made Makefile cleaner
|
||||||
* Removed dependency on rand() in rsa_pkcs1_encrypt().
|
* Removed dependency on rand() in rsa_pkcs1_encrypt().
|
||||||
Now using random fuction provided to function and
|
Now using random function provided to function and
|
||||||
changed the prototype of rsa_pkcs1_encrypt(),
|
changed the prototype of rsa_pkcs1_encrypt(),
|
||||||
rsa_init() and rsa_gen_key().
|
rsa_init() and rsa_gen_key().
|
||||||
* Some SSL defines were renamed in order to avoid
|
* Some SSL defines were renamed in order to avoid
|
||||||
|
|||||||
@ -6,7 +6,7 @@ send an email to the security team at
|
|||||||
|
|
||||||
## Security Incident Handling Process
|
## Security Incident Handling Process
|
||||||
|
|
||||||
Our security process is detailled in our
|
Our security process is detailed in our
|
||||||
[security
|
[security
|
||||||
center](https://developer.trustedfirmware.org/w/mbed-tls/security-center/).
|
center](https://developer.trustedfirmware.org/w/mbed-tls/security-center/).
|
||||||
|
|
||||||
|
|||||||
@ -104,7 +104,7 @@
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Save RAM at the expense of interoperability: do this only if you control
|
* Save RAM at the expense of interoperability: do this only if you control
|
||||||
* both ends of the connection! (See coments in "mbedtls/ssl.h".)
|
* both ends of the connection! (See comments in "mbedtls/ssl.h".)
|
||||||
* The minimum size here depends on the certificate chain used as well as the
|
* The minimum size here depends on the certificate chain used as well as the
|
||||||
* typical size of records.
|
* typical size of records.
|
||||||
*/
|
*/
|
||||||
|
|||||||
@ -40,7 +40,7 @@ If the way certain keys are stored changes, and we don't deliberately decide to
|
|||||||
|
|
||||||
## Storage architecture overview
|
## Storage architecture overview
|
||||||
|
|
||||||
The PSA subsystem provides storage on top of the PSA trusted storage interface. The state of the storage is a mapping from file identifer (a 64-bit number) to file content (a byte array). These files include:
|
The PSA subsystem provides storage on top of the PSA trusted storage interface. The state of the storage is a mapping from file identifier (a 64-bit number) to file content (a byte array). These files include:
|
||||||
|
|
||||||
* [Key files](#key-storage) (files containing one key's metadata and, except for some secure element keys, key material).
|
* [Key files](#key-storage) (files containing one key's metadata and, except for some secure element keys, key material).
|
||||||
* The [random generator injected seed or state file](#random-generator-state) (`PSA_CRYPTO_ITS_RANDOM_SEED_UID`).
|
* The [random generator injected seed or state file](#random-generator-state) (`PSA_CRYPTO_ITS_RANDOM_SEED_UID`).
|
||||||
|
|||||||
@ -41,7 +41,7 @@
|
|||||||
#define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */
|
#define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */
|
||||||
|
|
||||||
#define MBEDTLS_ARIA_BLOCKSIZE 16 /**< ARIA block size in bytes. */
|
#define MBEDTLS_ARIA_BLOCKSIZE 16 /**< ARIA block size in bytes. */
|
||||||
#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */
|
#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maximum number of rounds in ARIA. */
|
||||||
#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
|
#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
|
||||||
|
|
||||||
/** Bad input data. */
|
/** Bad input data. */
|
||||||
|
|||||||
@ -253,7 +253,7 @@ int mbedtls_asn1_get_len( unsigned char **p,
|
|||||||
* with the requested tag.
|
* with the requested tag.
|
||||||
* \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
|
* \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
|
||||||
* would end beyond \p end.
|
* would end beyond \p end.
|
||||||
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
|
* \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
|
||||||
*/
|
*/
|
||||||
int mbedtls_asn1_get_tag( unsigned char **p,
|
int mbedtls_asn1_get_tag( unsigned char **p,
|
||||||
const unsigned char *end,
|
const unsigned char *end,
|
||||||
|
|||||||
@ -146,7 +146,7 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
|
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
|
||||||
#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
|
#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_PKCS5_C) && !defined(MBEDTLS_MD_C)
|
#if defined(MBEDTLS_PKCS5_C) && !defined(MBEDTLS_MD_C)
|
||||||
@ -334,11 +334,11 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
#if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||||
#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
|
#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
#if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||||
#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
|
#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
|
#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
|
||||||
@ -792,12 +792,12 @@
|
|||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
|
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
|
||||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
|
#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
|
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
|
||||||
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
|
#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
|
#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
|
||||||
|
|||||||
@ -139,7 +139,7 @@ extern "C" {
|
|||||||
* discarded.
|
* discarded.
|
||||||
* (Default value: 0 = No debug )
|
* (Default value: 0 = No debug )
|
||||||
*
|
*
|
||||||
* \param threshold theshold level of messages to filter on. Messages at a
|
* \param threshold threshold level of messages to filter on. Messages at a
|
||||||
* higher level will be discarded.
|
* higher level will be discarded.
|
||||||
* - Debug levels
|
* - Debug levels
|
||||||
* - 0 No debug
|
* - 0 No debug
|
||||||
|
|||||||
@ -65,7 +65,7 @@ typedef enum {
|
|||||||
* (KeyExchange) as defined by the Thread spec.
|
* (KeyExchange) as defined by the Thread spec.
|
||||||
*
|
*
|
||||||
* In order to benefit from this symmetry, we choose a different naming
|
* In order to benefit from this symmetry, we choose a different naming
|
||||||
* convetion from the Thread v1.0 spec. Correspondance is indicated in the
|
* convention from the Thread v1.0 spec. Correspondence is indicated in the
|
||||||
* description as a pair C: client name, S: server name
|
* description as a pair C: client name, S: server name
|
||||||
*/
|
*/
|
||||||
typedef struct mbedtls_ecjpake_context
|
typedef struct mbedtls_ecjpake_context
|
||||||
|
|||||||
@ -204,7 +204,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
|
|||||||
size_t len );
|
size_t len );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Initilisation of simpified HMAC_DRBG (never reseeds).
|
* \brief Initialisation of simplified HMAC_DRBG (never reseeds).
|
||||||
*
|
*
|
||||||
* This function is meant for use in algorithms that need a pseudorandom
|
* This function is meant for use in algorithms that need a pseudorandom
|
||||||
* input such as deterministic ECDSA.
|
* input such as deterministic ECDSA.
|
||||||
|
|||||||
@ -330,7 +330,7 @@
|
|||||||
//#define MBEDTLS_SHA512_ALT
|
//#define MBEDTLS_SHA512_ALT
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* When replacing the elliptic curve module, pleace consider, that it is
|
* When replacing the elliptic curve module, please consider, that it is
|
||||||
* implemented with two .c files:
|
* implemented with two .c files:
|
||||||
* - ecp.c
|
* - ecp.c
|
||||||
* - ecp_curves.c
|
* - ecp_curves.c
|
||||||
@ -1416,7 +1416,7 @@
|
|||||||
* Enable support for RFC 7627: Session Hash and Extended Master Secret
|
* Enable support for RFC 7627: Session Hash and Extended Master Secret
|
||||||
* Extension.
|
* Extension.
|
||||||
*
|
*
|
||||||
* This was introduced as "the proper fix" to the Triple Handshake familiy of
|
* This was introduced as "the proper fix" to the Triple Handshake family of
|
||||||
* attacks, but it is recommended to always use it (even if you disable
|
* attacks, but it is recommended to always use it (even if you disable
|
||||||
* renegotiation), since it actually fixes a more fundamental issue in the
|
* renegotiation), since it actually fixes a more fundamental issue in the
|
||||||
* original SSL/TLS design, and has implications beyond Triple Handshake.
|
* original SSL/TLS design, and has implications beyond Triple Handshake.
|
||||||
@ -1442,7 +1442,7 @@
|
|||||||
* \note This option has no influence on the protection against the
|
* \note This option has no influence on the protection against the
|
||||||
* triple handshake attack. Even if it is disabled, Mbed TLS will
|
* triple handshake attack. Even if it is disabled, Mbed TLS will
|
||||||
* still ensure that certificates do not change during renegotiation,
|
* still ensure that certificates do not change during renegotiation,
|
||||||
* for exaple by keeping a hash of the peer's certificate.
|
* for example by keeping a hash of the peer's certificate.
|
||||||
*
|
*
|
||||||
* Comment this macro to disable storing the peer's certificate
|
* Comment this macro to disable storing the peer's certificate
|
||||||
* after the handshake.
|
* after the handshake.
|
||||||
@ -2554,7 +2554,7 @@
|
|||||||
/**
|
/**
|
||||||
* \def MBEDTLS_PK_C
|
* \def MBEDTLS_PK_C
|
||||||
*
|
*
|
||||||
* Enable the generic public (asymetric) key layer.
|
* Enable the generic public (asymmetric) key layer.
|
||||||
*
|
*
|
||||||
* Module: library/pk.c
|
* Module: library/pk.c
|
||||||
* Caller: library/psa_crypto_rsa.c
|
* Caller: library/psa_crypto_rsa.c
|
||||||
@ -2572,7 +2572,7 @@
|
|||||||
/**
|
/**
|
||||||
* \def MBEDTLS_PK_PARSE_C
|
* \def MBEDTLS_PK_PARSE_C
|
||||||
*
|
*
|
||||||
* Enable the generic public (asymetric) key parser.
|
* Enable the generic public (asymmetric) key parser.
|
||||||
*
|
*
|
||||||
* Module: library/pkparse.c
|
* Module: library/pkparse.c
|
||||||
* Caller: library/x509_crt.c
|
* Caller: library/x509_crt.c
|
||||||
@ -2587,7 +2587,7 @@
|
|||||||
/**
|
/**
|
||||||
* \def MBEDTLS_PK_WRITE_C
|
* \def MBEDTLS_PK_WRITE_C
|
||||||
*
|
*
|
||||||
* Enable the generic public (asymetric) key writer.
|
* Enable the generic public (asymmetric) key writer.
|
||||||
*
|
*
|
||||||
* Module: library/pkwrite.c
|
* Module: library/pkwrite.c
|
||||||
* Caller: library/x509write.c
|
* Caller: library/x509write.c
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/**
|
/**
|
||||||
* \file private_access.h
|
* \file private_access.h
|
||||||
*
|
*
|
||||||
* \brief Macro wrapper for struct's memebrs.
|
* \brief Macro wrapper for struct's members.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Copyright The Mbed TLS Contributors
|
* Copyright The Mbed TLS Contributors
|
||||||
|
|||||||
@ -74,7 +74,7 @@
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* The above constants may be used even if the RSA module is compile out,
|
* The above constants may be used even if the RSA module is compile out,
|
||||||
* eg for alternative (PKCS#11) RSA implemenations in the PK layers.
|
* eg for alternative (PKCS#11) RSA implementations in the PK layers.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
@ -540,7 +540,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
|
|||||||
*
|
*
|
||||||
* \note Blinding is used if and only if a PRNG is provided.
|
* \note Blinding is used if and only if a PRNG is provided.
|
||||||
*
|
*
|
||||||
* \note If blinding is used, both the base of exponentation
|
* \note If blinding is used, both the base of exponentiation
|
||||||
* and the exponent are blinded, providing protection
|
* and the exponent are blinded, providing protection
|
||||||
* against some side-channel attacks.
|
* against some side-channel attacks.
|
||||||
*
|
*
|
||||||
|
|||||||
@ -2130,7 +2130,7 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
|
|||||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Set the Maximum Tranport Unit (MTU).
|
* \brief Set the Maximum Transport Unit (MTU).
|
||||||
* Special value: 0 means unset (no limit).
|
* Special value: 0 means unset (no limit).
|
||||||
* This represents the maximum size of a datagram payload
|
* This represents the maximum size of a datagram payload
|
||||||
* handled by the transport layer (usually UDP) as determined
|
* handled by the transport layer (usually UDP) as determined
|
||||||
@ -3454,7 +3454,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
|
|||||||
* Both sides: limits the set of curves accepted for use in
|
* Both sides: limits the set of curves accepted for use in
|
||||||
* ECDHE and in the peer's end-entity certificate.
|
* ECDHE and in the peer's end-entity certificate.
|
||||||
*
|
*
|
||||||
* \deprecated Superseeded by mbedtls_ssl_conf_groups().
|
* \deprecated Superseded by mbedtls_ssl_conf_groups().
|
||||||
*
|
*
|
||||||
* \note This has no influence on which curves are allowed inside the
|
* \note This has no influence on which curves are allowed inside the
|
||||||
* certificate chains, see \c mbedtls_ssl_conf_cert_profile()
|
* certificate chains, see \c mbedtls_ssl_conf_cert_profile()
|
||||||
@ -3725,7 +3725,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
|
|||||||
* \param protos Pointer to a NULL-terminated list of supported protocols,
|
* \param protos Pointer to a NULL-terminated list of supported protocols,
|
||||||
* in decreasing preference order. The pointer to the list is
|
* in decreasing preference order. The pointer to the list is
|
||||||
* recorded by the library for later reference as required, so
|
* recorded by the library for later reference as required, so
|
||||||
* the lifetime of the table must be atleast as long as the
|
* the lifetime of the table must be at least as long as the
|
||||||
* lifetime of the SSL configuration structure.
|
* lifetime of the SSL configuration structure.
|
||||||
*
|
*
|
||||||
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
|
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
|
||||||
@ -3739,7 +3739,7 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot
|
|||||||
*
|
*
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
*
|
*
|
||||||
* \return Protcol name, or NULL if no protocol was negotiated.
|
* \return Protocol name, or NULL if no protocol was negotiated.
|
||||||
*/
|
*/
|
||||||
const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
|
const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
|
||||||
#endif /* MBEDTLS_SSL_ALPN */
|
#endif /* MBEDTLS_SSL_ALPN */
|
||||||
@ -3822,7 +3822,7 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
|
|||||||
unsigned char *mki_value,
|
unsigned char *mki_value,
|
||||||
uint16_t mki_len );
|
uint16_t mki_len );
|
||||||
/**
|
/**
|
||||||
* \brief Get the negotiated DTLS-SRTP informations:
|
* \brief Get the negotiated DTLS-SRTP information:
|
||||||
* Protection profile and MKI value.
|
* Protection profile and MKI value.
|
||||||
*
|
*
|
||||||
* \warning This function must be called after the handshake is
|
* \warning This function must be called after the handshake is
|
||||||
@ -3830,7 +3830,7 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
|
|||||||
* not be trusted or acted upon before the handshake completes.
|
* not be trusted or acted upon before the handshake completes.
|
||||||
*
|
*
|
||||||
* \param ssl The SSL context to query.
|
* \param ssl The SSL context to query.
|
||||||
* \param dtls_srtp_info The negotiated DTLS-SRTP informations:
|
* \param dtls_srtp_info The negotiated DTLS-SRTP information:
|
||||||
* - Protection profile in use.
|
* - Protection profile in use.
|
||||||
* A direct mapping of the iana defined value for protection
|
* A direct mapping of the iana defined value for protection
|
||||||
* profile on an uint16_t.
|
* profile on an uint16_t.
|
||||||
@ -4053,7 +4053,7 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets
|
|||||||
* initiated by peer
|
* initiated by peer
|
||||||
* (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
|
* (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
|
||||||
*
|
*
|
||||||
* \warning It is recommended to always disable renegotation unless you
|
* \warning It is recommended to always disable renegotiation unless you
|
||||||
* know you need it and you know what you're doing. In the
|
* know you need it and you know what you're doing. In the
|
||||||
* past, there have been several issues associated with
|
* past, there have been several issues associated with
|
||||||
* renegotiation or a poor understanding of its properties.
|
* renegotiation or a poor understanding of its properties.
|
||||||
@ -4116,7 +4116,7 @@ void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_
|
|||||||
* scenario.
|
* scenario.
|
||||||
*
|
*
|
||||||
* \note With DTLS and server-initiated renegotiation, the
|
* \note With DTLS and server-initiated renegotiation, the
|
||||||
* HelloRequest is retransmited every time mbedtls_ssl_read() times
|
* HelloRequest is retransmitted every time mbedtls_ssl_read() times
|
||||||
* out or receives Application Data, until:
|
* out or receives Application Data, until:
|
||||||
* - max_records records have beens seen, if it is >= 0, or
|
* - max_records records have beens seen, if it is >= 0, or
|
||||||
* - the number of retransmits that would happen during an
|
* - the number of retransmits that would happen during an
|
||||||
@ -4775,7 +4775,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
|
|||||||
* \return \c 0 if successful.
|
* \return \c 0 if successful.
|
||||||
* \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
|
* \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
|
||||||
* \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed
|
* \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed
|
||||||
* while reseting the context.
|
* while resetting the context.
|
||||||
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in
|
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in
|
||||||
* progress, or there is pending data for reading or sending,
|
* progress, or there is pending data for reading or sending,
|
||||||
* or the connection does not use DTLS 1.2 with an AEAD
|
* or the connection does not use DTLS 1.2 with an AEAD
|
||||||
|
|||||||
@ -90,7 +90,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
|
|||||||
* \brief Set expiration delay for cookies
|
* \brief Set expiration delay for cookies
|
||||||
* (Default MBEDTLS_SSL_COOKIE_TIMEOUT)
|
* (Default MBEDTLS_SSL_COOKIE_TIMEOUT)
|
||||||
*
|
*
|
||||||
* \param ctx Cookie contex
|
* \param ctx Cookie context
|
||||||
* \param delay Delay, in seconds if HAVE_TIME, or in number of cookies
|
* \param delay Delay, in seconds if HAVE_TIME, or in number of cookies
|
||||||
* issued in the meantime.
|
* issued in the meantime.
|
||||||
* 0 to disable expiration (NOT recommended)
|
* 0 to disable expiration (NOT recommended)
|
||||||
|
|||||||
@ -968,7 +968,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
|
|||||||
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
|
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Set the verion for a Certificate
|
* \brief Set the version for a Certificate
|
||||||
* Default: MBEDTLS_X509_CRT_VERSION_3
|
* Default: MBEDTLS_X509_CRT_VERSION_3
|
||||||
*
|
*
|
||||||
* \param ctx CRT context to use
|
* \param ctx CRT context to use
|
||||||
|
|||||||
@ -184,7 +184,7 @@ int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
|
|||||||
* private key used to sign the CSR when writing it)
|
* private key used to sign the CSR when writing it)
|
||||||
*
|
*
|
||||||
* \param ctx CSR context to use
|
* \param ctx CSR context to use
|
||||||
* \param key Asymetric key to include
|
* \param key Asymmetric key to include
|
||||||
*/
|
*/
|
||||||
void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
|
void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
|
||||||
|
|
||||||
|
|||||||
@ -1023,7 +1023,7 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
|
|||||||
* This function calculates the hash of the message formed by concatenating
|
* This function calculates the hash of the message formed by concatenating
|
||||||
* the inputs passed to preceding calls to psa_hash_update().
|
* the inputs passed to preceding calls to psa_hash_update().
|
||||||
*
|
*
|
||||||
* When this function returns successfuly, the operation becomes inactive.
|
* When this function returns successfully, the operation becomes inactive.
|
||||||
* If this function returns an error status, the operation enters an error
|
* If this function returns an error status, the operation enters an error
|
||||||
* state and must be aborted by calling psa_hash_abort().
|
* state and must be aborted by calling psa_hash_abort().
|
||||||
*
|
*
|
||||||
@ -1073,7 +1073,7 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
|
|||||||
* compares the calculated hash with the expected hash passed as a
|
* compares the calculated hash with the expected hash passed as a
|
||||||
* parameter to this function.
|
* parameter to this function.
|
||||||
*
|
*
|
||||||
* When this function returns successfuly, the operation becomes inactive.
|
* When this function returns successfully, the operation becomes inactive.
|
||||||
* If this function returns an error status, the operation enters an error
|
* If this function returns an error status, the operation enters an error
|
||||||
* state and must be aborted by calling psa_hash_abort().
|
* state and must be aborted by calling psa_hash_abort().
|
||||||
*
|
*
|
||||||
@ -1458,7 +1458,7 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
|
|||||||
* This function calculates the MAC of the message formed by concatenating
|
* This function calculates the MAC of the message formed by concatenating
|
||||||
* the inputs passed to preceding calls to psa_mac_update().
|
* the inputs passed to preceding calls to psa_mac_update().
|
||||||
*
|
*
|
||||||
* When this function returns successfuly, the operation becomes inactive.
|
* When this function returns successfully, the operation becomes inactive.
|
||||||
* If this function returns an error status, the operation enters an error
|
* If this function returns an error status, the operation enters an error
|
||||||
* state and must be aborted by calling psa_mac_abort().
|
* state and must be aborted by calling psa_mac_abort().
|
||||||
*
|
*
|
||||||
@ -1511,7 +1511,7 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
|
|||||||
* compares the calculated MAC with the expected MAC passed as a
|
* compares the calculated MAC with the expected MAC passed as a
|
||||||
* parameter to this function.
|
* parameter to this function.
|
||||||
*
|
*
|
||||||
* When this function returns successfuly, the operation becomes inactive.
|
* When this function returns successfully, the operation becomes inactive.
|
||||||
* If this function returns an error status, the operation enters an error
|
* If this function returns an error status, the operation enters an error
|
||||||
* state and must be aborted by calling psa_mac_abort().
|
* state and must be aborted by calling psa_mac_abort().
|
||||||
*
|
*
|
||||||
@ -1971,7 +1971,7 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
|
|||||||
* formed by concatenating the inputs passed to preceding calls to
|
* formed by concatenating the inputs passed to preceding calls to
|
||||||
* psa_cipher_update().
|
* psa_cipher_update().
|
||||||
*
|
*
|
||||||
* When this function returns successfuly, the operation becomes inactive.
|
* When this function returns successfully, the operation becomes inactive.
|
||||||
* If this function returns an error status, the operation enters an error
|
* If this function returns an error status, the operation enters an error
|
||||||
* state and must be aborted by calling psa_cipher_abort().
|
* state and must be aborted by calling psa_cipher_abort().
|
||||||
*
|
*
|
||||||
@ -2638,7 +2638,7 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
|
|||||||
* preceding calls to psa_aead_update().
|
* preceding calls to psa_aead_update().
|
||||||
* - \p tag contains the authentication tag.
|
* - \p tag contains the authentication tag.
|
||||||
*
|
*
|
||||||
* When this function returns successfuly, the operation becomes inactive.
|
* When this function returns successfully, the operation becomes inactive.
|
||||||
* If this function returns an error status, the operation enters an error
|
* If this function returns an error status, the operation enters an error
|
||||||
* state and must be aborted by calling psa_aead_abort().
|
* state and must be aborted by calling psa_aead_abort().
|
||||||
*
|
*
|
||||||
@ -2728,7 +2728,7 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
|
|||||||
* plaintext and reports success. If the authentication tag is not correct,
|
* plaintext and reports success. If the authentication tag is not correct,
|
||||||
* this function returns #PSA_ERROR_INVALID_SIGNATURE.
|
* this function returns #PSA_ERROR_INVALID_SIGNATURE.
|
||||||
*
|
*
|
||||||
* When this function returns successfuly, the operation becomes inactive.
|
* When this function returns successfully, the operation becomes inactive.
|
||||||
* If this function returns an error status, the operation enters an error
|
* If this function returns an error status, the operation enters an error
|
||||||
* state and must be aborted by calling psa_aead_abort().
|
* state and must be aborted by calling psa_aead_abort().
|
||||||
*
|
*
|
||||||
@ -3026,7 +3026,7 @@ psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key,
|
|||||||
* \retval #PSA_ERROR_INVALID_HANDLE
|
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||||
* \retval #PSA_ERROR_NOT_PERMITTED
|
* \retval #PSA_ERROR_NOT_PERMITTED
|
||||||
* \retval #PSA_ERROR_INVALID_SIGNATURE
|
* \retval #PSA_ERROR_INVALID_SIGNATURE
|
||||||
* The calculation was perfomed successfully, but the passed
|
* The calculation was performed successfully, but the passed
|
||||||
* signature is not a valid signature.
|
* signature is not a valid signature.
|
||||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||||
@ -3050,7 +3050,7 @@ psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key,
|
|||||||
/**
|
/**
|
||||||
* \brief Encrypt a short message with a public key.
|
* \brief Encrypt a short message with a public key.
|
||||||
*
|
*
|
||||||
* \param key Identifer of the key to use for the operation.
|
* \param key Identifier of the key to use for the operation.
|
||||||
* It must be a public key or an asymmetric key
|
* It must be a public key or an asymmetric key
|
||||||
* pair. It must allow the usage
|
* pair. It must allow the usage
|
||||||
* #PSA_KEY_USAGE_ENCRYPT.
|
* #PSA_KEY_USAGE_ENCRYPT.
|
||||||
|
|||||||
@ -348,7 +348,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
|
|||||||
* length of the byte string is the private key size in bytes (leading zeroes
|
* length of the byte string is the private key size in bytes (leading zeroes
|
||||||
* are not stripped).
|
* are not stripped).
|
||||||
*
|
*
|
||||||
* Determinstic DSA key derivation with psa_generate_derived_key follows
|
* Deterministic DSA key derivation with psa_generate_derived_key follows
|
||||||
* FIPS 186-4 §B.1.2: interpret the byte string as integer
|
* FIPS 186-4 §B.1.2: interpret the byte string as integer
|
||||||
* in big-endian order. Discard it if it is not in the range
|
* in big-endian order. Discard it if it is not in the range
|
||||||
* [0, *N* - 2] where *N* is the boundary of the private key domain
|
* [0, *N* - 2] where *N* is the boundary of the private key domain
|
||||||
@ -1145,7 +1145,7 @@ typedef uint32_t psa_pake_primitive_t;
|
|||||||
*/
|
*/
|
||||||
#define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t)0x03)
|
#define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t)0x03)
|
||||||
|
|
||||||
/** The type of the data strucure for PAKE cipher suites.
|
/** The type of the data structure for PAKE cipher suites.
|
||||||
*
|
*
|
||||||
* This is an implementation-defined \c struct. Applications should not
|
* This is an implementation-defined \c struct. Applications should not
|
||||||
* make any assumptions about the content of this structure.
|
* make any assumptions about the content of this structure.
|
||||||
|
|||||||
@ -462,7 +462,7 @@ static inline void psa_set_key_type( psa_key_attributes_t *attributes,
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* Call the bigger function to free the old domain paramteres.
|
/* Call the bigger function to free the old domain parameters.
|
||||||
* Ignore any errors which may arise due to type requiring
|
* Ignore any errors which may arise due to type requiring
|
||||||
* non-default domain parameters, since this function can't
|
* non-default domain parameters, since this function can't
|
||||||
* report errors. */
|
* report errors. */
|
||||||
|
|||||||
@ -1456,7 +1456,7 @@
|
|||||||
* with a random per-message secret number (*k*).
|
* with a random per-message secret number (*k*).
|
||||||
*
|
*
|
||||||
* The representation of the signature as a byte string consists of
|
* The representation of the signature as a byte string consists of
|
||||||
* the concatentation of the signature values *r* and *s*. Each of
|
* the concatenation of the signature values *r* and *s*. Each of
|
||||||
* *r* and *s* is encoded as an *N*-octet string, where *N* is the length
|
* *r* and *s* is encoded as an *N*-octet string, where *N* is the length
|
||||||
* of the base point of the curve in octets. Each value is represented
|
* of the base point of the curve in octets. Each value is represented
|
||||||
* in big-endian order (most significant octet first).
|
* in big-endian order (most significant octet first).
|
||||||
|
|||||||
@ -1089,7 +1089,7 @@ typedef unsigned char mbedtls_be128[16];
|
|||||||
*
|
*
|
||||||
* This function multiplies a field element by x in the polynomial field
|
* This function multiplies a field element by x in the polynomial field
|
||||||
* representation. It uses 64-bit word operations to gain speed but compensates
|
* representation. It uses 64-bit word operations to gain speed but compensates
|
||||||
* for machine endianess and hence works correctly on both big and little
|
* for machine endianness and hence works correctly on both big and little
|
||||||
* endian machines.
|
* endian machines.
|
||||||
*/
|
*/
|
||||||
static void mbedtls_gf128mul_x_ble( unsigned char r[16],
|
static void mbedtls_gf128mul_x_ble( unsigned char r[16],
|
||||||
@ -1189,7 +1189,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
|
|||||||
unsigned char *prev_output = output - 16;
|
unsigned char *prev_output = output - 16;
|
||||||
|
|
||||||
/* Copy ciphertext bytes from the previous block to our output for each
|
/* Copy ciphertext bytes from the previous block to our output for each
|
||||||
* byte of cyphertext we won't steal. At the same time, copy the
|
* byte of ciphertext we won't steal. At the same time, copy the
|
||||||
* remainder of the input for this final round (since the loop bounds
|
* remainder of the input for this final round (since the loop bounds
|
||||||
* are the same). */
|
* are the same). */
|
||||||
for( i = 0; i < leftover; i++ )
|
for( i = 0; i < leftover; i++ )
|
||||||
|
|||||||
@ -2278,7 +2278,7 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B
|
|||||||
* TA-TB is even so the division by 2 has an integer result.
|
* TA-TB is even so the division by 2 has an integer result.
|
||||||
* Invariant (I) is preserved since any odd divisor of both TA and TB
|
* Invariant (I) is preserved since any odd divisor of both TA and TB
|
||||||
* also divides |TA-TB|/2, and any odd divisor of both TA and |TA-TB|/2
|
* also divides |TA-TB|/2, and any odd divisor of both TA and |TA-TB|/2
|
||||||
* also divides TB, and any odd divisior of both TB and |TA-TB|/2 also
|
* also divides TB, and any odd divisor of both TB and |TA-TB|/2 also
|
||||||
* divides TA.
|
* divides TA.
|
||||||
*/
|
*/
|
||||||
if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 )
|
if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 )
|
||||||
|
|||||||
@ -690,7 +690,7 @@ cleanup:
|
|||||||
/*
|
/*
|
||||||
* Conditionally swap X and Y, without leaking information
|
* Conditionally swap X and Y, without leaking information
|
||||||
* about whether the swap was made or not.
|
* about whether the swap was made or not.
|
||||||
* Here it is not ok to simply swap the pointers, which whould lead to
|
* Here it is not ok to simply swap the pointers, which would lead to
|
||||||
* different memory access patterns when X and Y are used afterwards.
|
* different memory access patterns when X and Y are used afterwards.
|
||||||
*/
|
*/
|
||||||
int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X,
|
int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X,
|
||||||
|
|||||||
@ -449,7 +449,7 @@ cleanup:
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs
|
* Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs
|
||||||
* Ouputs: verified peer public keys Xa, Xb
|
* Outputs: verified peer public keys Xa, Xb
|
||||||
*/
|
*/
|
||||||
static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info,
|
static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info,
|
||||||
const mbedtls_ecp_group *grp,
|
const mbedtls_ecp_group *grp,
|
||||||
|
|||||||
@ -1267,7 +1267,7 @@ cleanup:
|
|||||||
* For curves in short Weierstrass form, we do all the internal operations in
|
* For curves in short Weierstrass form, we do all the internal operations in
|
||||||
* Jacobian coordinates.
|
* Jacobian coordinates.
|
||||||
*
|
*
|
||||||
* For multiplication, we'll use a comb method with coutermeasueres against
|
* For multiplication, we'll use a comb method with countermeasures against
|
||||||
* SPA, hence timing attacks.
|
* SPA, hence timing attacks.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -2231,7 +2231,7 @@ static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp,
|
|||||||
* This function is mainly responsible for administrative work:
|
* This function is mainly responsible for administrative work:
|
||||||
* - managing the restart context if enabled
|
* - managing the restart context if enabled
|
||||||
* - managing the table of precomputed points (passed between the below two
|
* - managing the table of precomputed points (passed between the below two
|
||||||
* functions): allocation, computation, ownership tranfer, freeing.
|
* functions): allocation, computation, ownership transfer, freeing.
|
||||||
*
|
*
|
||||||
* It delegates the actual arithmetic work to:
|
* It delegates the actual arithmetic work to:
|
||||||
* ecp_precompute_comb() and ecp_mul_comb_with_precomp()
|
* ecp_precompute_comb() and ecp_mul_comb_with_precomp()
|
||||||
@ -2365,7 +2365,7 @@ cleanup:
|
|||||||
/*
|
/*
|
||||||
* For Montgomery curves, we do all the internal arithmetic in projective
|
* For Montgomery curves, we do all the internal arithmetic in projective
|
||||||
* coordinates. Import/export of points uses only the x coordinates, which is
|
* coordinates. Import/export of points uses only the x coordinates, which is
|
||||||
* internaly represented as X / Z.
|
* internally represented as X / Z.
|
||||||
*
|
*
|
||||||
* For scalar multiplication, we'll use a Montgomery ladder.
|
* For scalar multiplication, we'll use a Montgomery ladder.
|
||||||
*/
|
*/
|
||||||
@ -2519,7 +2519,7 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
|
|||||||
MPI_ECP_LSET( &R->Z, 0 );
|
MPI_ECP_LSET( &R->Z, 0 );
|
||||||
mbedtls_mpi_free( &R->Y );
|
mbedtls_mpi_free( &R->Y );
|
||||||
|
|
||||||
/* RP.X might be sligtly larger than P, so reduce it */
|
/* RP.X might be slightly larger than P, so reduce it */
|
||||||
MOD_ADD( &RP.X );
|
MOD_ADD( &RP.X );
|
||||||
|
|
||||||
/* Randomize coordinates of the starting point */
|
/* Randomize coordinates of the starting point */
|
||||||
|
|||||||
@ -561,8 +561,8 @@ static void *buffer_alloc_calloc_mutexed( size_t n, size_t size )
|
|||||||
|
|
||||||
static void buffer_alloc_free_mutexed( void *ptr )
|
static void buffer_alloc_free_mutexed( void *ptr )
|
||||||
{
|
{
|
||||||
/* We have to good option here, but corrupting the heap seems
|
/* We have no good option here, but corrupting the heap seems
|
||||||
* worse than loosing memory. */
|
* worse than losing memory. */
|
||||||
if( mbedtls_mutex_lock( &heap.mutex ) )
|
if( mbedtls_mutex_lock( &heap.mutex ) )
|
||||||
return;
|
return;
|
||||||
buffer_alloc_free( ptr );
|
buffer_alloc_free( ptr );
|
||||||
|
|||||||
@ -475,7 +475,7 @@ static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *g
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* grp may already be initilialized; if so, make sure IDs match
|
* grp may already be initialized; if so, make sure IDs match
|
||||||
*/
|
*/
|
||||||
if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
|
if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
|
||||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
||||||
@ -808,7 +808,7 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
||||||
#else
|
#else
|
||||||
/* Verify existance of the CRT params */
|
/* Verify existence of the CRT params */
|
||||||
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||||
( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
|
||||||
( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 )
|
( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 )
|
||||||
|
|||||||
@ -913,7 +913,7 @@ static psa_status_t psa_get_and_lock_key_slot_with_policy(
|
|||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Enforce that the usage policy permits the requested algortihm. */
|
/* Enforce that the usage policy permits the requested algorithm. */
|
||||||
if( alg != 0 )
|
if( alg != 0 )
|
||||||
{
|
{
|
||||||
status = psa_key_policy_permits( &slot->attr.policy,
|
status = psa_key_policy_permits( &slot->attr.policy,
|
||||||
|
|||||||
@ -428,7 +428,7 @@ psa_status_t mbedtls_psa_aead_update(
|
|||||||
* preceding calls to mbedtls_psa_aead_update().
|
* preceding calls to mbedtls_psa_aead_update().
|
||||||
* - \p tag contains the authentication tag.
|
* - \p tag contains the authentication tag.
|
||||||
*
|
*
|
||||||
* Whether or not this function returns successfuly, the PSA core subsequently
|
* Whether or not this function returns successfully, the PSA core subsequently
|
||||||
* calls mbedtls_psa_aead_abort() to deactivate the operation.
|
* calls mbedtls_psa_aead_abort() to deactivate the operation.
|
||||||
*
|
*
|
||||||
* \param[in,out] operation Active AEAD operation.
|
* \param[in,out] operation Active AEAD operation.
|
||||||
|
|||||||
@ -175,7 +175,7 @@ psa_status_t mbedtls_psa_hash_update(
|
|||||||
* This function calculates the hash of the message formed by concatenating
|
* This function calculates the hash of the message formed by concatenating
|
||||||
* the inputs passed to preceding calls to mbedtls_psa_hash_update().
|
* the inputs passed to preceding calls to mbedtls_psa_hash_update().
|
||||||
*
|
*
|
||||||
* When this function returns successfuly, the operation becomes inactive.
|
* When this function returns successfully, the operation becomes inactive.
|
||||||
* If this function returns an error status, the operation enters an error
|
* If this function returns an error status, the operation enters an error
|
||||||
* state and must be aborted by calling mbedtls_psa_hash_abort().
|
* state and must be aborted by calling mbedtls_psa_hash_abort().
|
||||||
*
|
*
|
||||||
|
|||||||
@ -848,10 +848,10 @@ cleanup:
|
|||||||
* the more bits of the key can be recovered. See [3].
|
* the more bits of the key can be recovered. See [3].
|
||||||
*
|
*
|
||||||
* Collecting n collisions with m bit long blinding value requires 2^(m-m/n)
|
* Collecting n collisions with m bit long blinding value requires 2^(m-m/n)
|
||||||
* observations on avarage.
|
* observations on average.
|
||||||
*
|
*
|
||||||
* For example with 28 byte blinding to achieve 2 collisions the adversary has
|
* For example with 28 byte blinding to achieve 2 collisions the adversary has
|
||||||
* to make 2^112 observations on avarage.
|
* to make 2^112 observations on average.
|
||||||
*
|
*
|
||||||
* (With the currently (as of 2017 April) known best algorithms breaking 2048
|
* (With the currently (as of 2017 April) known best algorithms breaking 2048
|
||||||
* bit RSA requires approximately as much time as trying out 2^112 random keys.
|
* bit RSA requires approximately as much time as trying out 2^112 random keys.
|
||||||
|
|||||||
@ -62,7 +62,7 @@
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Cookies are formed of a 4-bytes timestamp (or serial number) and
|
* Cookies are formed of a 4-bytes timestamp (or serial number) and
|
||||||
* an HMAC of timestemp and client ID.
|
* an HMAC of timestamp and client ID.
|
||||||
*/
|
*/
|
||||||
#define COOKIE_LEN ( 4 + COOKIE_HMAC_LEN )
|
#define COOKIE_LEN ( 4 + COOKIE_HMAC_LEN )
|
||||||
|
|
||||||
|
|||||||
@ -1234,7 +1234,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
|||||||
add_data, add_data_len );
|
add_data, add_data_len );
|
||||||
|
|
||||||
/* Because of the check above, we know that there are
|
/* Because of the check above, we know that there are
|
||||||
* explicit_iv_len Bytes preceeding data, and taglen
|
* explicit_iv_len Bytes preceding data, and taglen
|
||||||
* bytes following data + data_len. This justifies
|
* bytes following data + data_len. This justifies
|
||||||
* the debug message and the invocation of
|
* the debug message and the invocation of
|
||||||
* mbedtls_cipher_auth_decrypt_ext() below. */
|
* mbedtls_cipher_auth_decrypt_ext() below. */
|
||||||
@ -2404,7 +2404,7 @@ int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type,
|
|||||||
unsigned char **buf, size_t *buf_len )
|
unsigned char **buf, size_t *buf_len )
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* Reserve 4 bytes for hanshake header. ( Section 4,RFC 8446 )
|
* Reserve 4 bytes for handshake header. ( Section 4,RFC 8446 )
|
||||||
* ...
|
* ...
|
||||||
* HandshakeType msg_type;
|
* HandshakeType msg_type;
|
||||||
* uint24 length;
|
* uint24 length;
|
||||||
|
|||||||
@ -37,7 +37,7 @@
|
|||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Initialze context
|
* Initialize context
|
||||||
*/
|
*/
|
||||||
void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx )
|
void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx )
|
||||||
{
|
{
|
||||||
|
|||||||
@ -4017,7 +4017,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Initialze mbedtls_ssl_config
|
* Initialize mbedtls_ssl_config
|
||||||
*/
|
*/
|
||||||
void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
|
void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
|
||||||
{
|
{
|
||||||
@ -6614,7 +6614,7 @@ void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl )
|
|||||||
ssl->handshake = NULL;
|
ssl->handshake = NULL;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Free the previous transform and swith in the current one
|
* Free the previous transform and switch in the current one
|
||||||
*/
|
*/
|
||||||
if( ssl->transform )
|
if( ssl->transform )
|
||||||
{
|
{
|
||||||
|
|||||||
@ -2276,7 +2276,7 @@ start_processing:
|
|||||||
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
|
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
|
||||||
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
|
||||||
}
|
}
|
||||||
} /* FALLTROUGH */
|
} /* FALLTHROUGH */
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
|
|||||||
@ -1261,7 +1261,7 @@ read_record_header:
|
|||||||
* Handshake layer:
|
* Handshake layer:
|
||||||
* 0 . 0 handshake type
|
* 0 . 0 handshake type
|
||||||
* 1 . 3 handshake length
|
* 1 . 3 handshake length
|
||||||
* 4 . 5 DTLS only: message seqence number
|
* 4 . 5 DTLS only: message sequence number
|
||||||
* 6 . 8 DTLS only: fragment offset
|
* 6 . 8 DTLS only: fragment offset
|
||||||
* 9 . 11 DTLS only: fragment length
|
* 9 . 11 DTLS only: fragment length
|
||||||
*/
|
*/
|
||||||
|
|||||||
@ -1110,7 +1110,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
|
|||||||
transform->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
transform->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
||||||
|
|
||||||
/* We add the true record content type (1 Byte) to the plaintext and
|
/* We add the true record content type (1 Byte) to the plaintext and
|
||||||
* then pad to the configured granularity. The mimimum length of the
|
* then pad to the configured granularity. The minimum length of the
|
||||||
* type-extended and padded plaintext is therefore the padding
|
* type-extended and padded plaintext is therefore the padding
|
||||||
* granularity. */
|
* granularity. */
|
||||||
transform->minlen =
|
transform->minlen =
|
||||||
@ -1425,7 +1425,7 @@ int mbedtls_ssl_tls13_generate_application_keys(
|
|||||||
hash_alg = mbedtls_psa_translate_md( handshake->ciphersuite_info->mac );
|
hash_alg = mbedtls_psa_translate_md( handshake->ciphersuite_info->mac );
|
||||||
hash_len = PSA_HASH_LENGTH( hash_alg );
|
hash_len = PSA_HASH_LENGTH( hash_alg );
|
||||||
|
|
||||||
/* Compute current handshake transcript. It's the caller's responsiblity
|
/* Compute current handshake transcript. It's the caller's responsibility
|
||||||
* to call this at the right time, that is, after the ServerFinished. */
|
* to call this at the right time, that is, after the ServerFinished. */
|
||||||
|
|
||||||
ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
|
ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
|
||||||
|
|||||||
@ -35,10 +35,10 @@ make
|
|||||||
Finally, you can run the targets like `./test/fuzz/fuzz_client`.
|
Finally, you can run the targets like `./test/fuzz/fuzz_client`.
|
||||||
|
|
||||||
|
|
||||||
Corpus generation for network trafic targets
|
Corpus generation for network traffic targets
|
||||||
------
|
------
|
||||||
|
|
||||||
These targets use network trafic as inputs :
|
These targets use network traffic as inputs :
|
||||||
* client : simulates a client against (fuzzed) server traffic
|
* client : simulates a client against (fuzzed) server traffic
|
||||||
* server : simulates a server against (fuzzed) client traffic
|
* server : simulates a server against (fuzzed) client traffic
|
||||||
* dtls_client
|
* dtls_client
|
||||||
@ -48,7 +48,7 @@ They also use the last bytes as configuration options.
|
|||||||
|
|
||||||
To generate corpus for these targets, you can do the following, not fully automated steps :
|
To generate corpus for these targets, you can do the following, not fully automated steps :
|
||||||
* Build mbedtls programs ssl_server2 and ssl_client2
|
* Build mbedtls programs ssl_server2 and ssl_client2
|
||||||
* Run them one against the other with `reproducible` option turned on while capturing trafic into test.pcap
|
* Run them one against the other with `reproducible` option turned on while capturing traffic into test.pcap
|
||||||
* Extract tcp payloads, for instance with tshark : `tshark -Tfields -e tcp.dstport -e tcp.payload -r test.pcap > test.txt`
|
* Extract tcp payloads, for instance with tshark : `tshark -Tfields -e tcp.dstport -e tcp.payload -r test.pcap > test.txt`
|
||||||
* Run a dummy python script to output either client or server corpus file like `python dummy.py test.txt > test.cor`
|
* Run a dummy python script to output either client or server corpus file like `python dummy.py test.txt > test.cor`
|
||||||
* Finally, you can add the options by appending the last bytes to the file test.cor
|
* Finally, you can add the options by appending the last bytes to the file test.cor
|
||||||
|
|||||||
@ -47,7 +47,7 @@ int main(int argc, char** argv)
|
|||||||
return 2;
|
return 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
//lauch fuzzer
|
//launch fuzzer
|
||||||
LLVMFuzzerTestOneInput(Data, Size);
|
LLVMFuzzerTestOneInput(Data, Size);
|
||||||
free(Data);
|
free(Data);
|
||||||
fclose(fp);
|
fclose(fp);
|
||||||
|
|||||||
@ -37,7 +37,7 @@
|
|||||||
* dominate memory usage in small configurations. For the sake of simplicity,
|
* dominate memory usage in small configurations. For the sake of simplicity,
|
||||||
* only a Unix version is implemented.
|
* only a Unix version is implemented.
|
||||||
*
|
*
|
||||||
* Warning: we are breaking some of the abtractions from the NET layer here.
|
* Warning: we are breaking some of the abstractions from the NET layer here.
|
||||||
* This is not a good example for general use. This programs has the specific
|
* This is not a good example for general use. This programs has the specific
|
||||||
* goal of minimizing use of the libc functions on full-blown OSes.
|
* goal of minimizing use of the libc functions on full-blown OSes.
|
||||||
*/
|
*/
|
||||||
|
|||||||
@ -507,7 +507,7 @@ struct options
|
|||||||
int transport; /* TLS or DTLS? */
|
int transport; /* TLS or DTLS? */
|
||||||
uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
|
uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
|
||||||
uint32_t hs_to_max; /* Max value of DTLS handshake timer */
|
uint32_t hs_to_max; /* Max value of DTLS handshake timer */
|
||||||
int dtls_mtu; /* UDP Maximum tranport unit for DTLS */
|
int dtls_mtu; /* UDP Maximum transport unit for DTLS */
|
||||||
int fallback; /* is this a fallback connection? */
|
int fallback; /* is this a fallback connection? */
|
||||||
int dgram_packing; /* allow/forbid datagram packing */
|
int dgram_packing; /* allow/forbid datagram packing */
|
||||||
int extended_ms; /* negotiate extended master secret? */
|
int extended_ms; /* negotiate extended master secret? */
|
||||||
|
|||||||
@ -651,7 +651,7 @@ struct options
|
|||||||
int anti_replay; /* Use anti-replay for DTLS? -1 for default */
|
int anti_replay; /* Use anti-replay for DTLS? -1 for default */
|
||||||
uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
|
uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
|
||||||
uint32_t hs_to_max; /* Max value of DTLS handshake timer */
|
uint32_t hs_to_max; /* Max value of DTLS handshake timer */
|
||||||
int dtls_mtu; /* UDP Maximum tranport unit for DTLS */
|
int dtls_mtu; /* UDP Maximum transport unit for DTLS */
|
||||||
int dgram_packing; /* allow/forbid datagram packing */
|
int dgram_packing; /* allow/forbid datagram packing */
|
||||||
int badmac_limit; /* Limit of records with bad MAC */
|
int badmac_limit; /* Limit of records with bad MAC */
|
||||||
int eap_tls; /* derive EAP-TLS keying material? */
|
int eap_tls; /* derive EAP-TLS keying material? */
|
||||||
|
|||||||
@ -278,7 +278,7 @@ int ca_callback( void *data, mbedtls_x509_crt const *child,
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Test recv/send functions that make sure each try returns
|
* Test recv/send functions that make sure each try returns
|
||||||
* WANT_READ/WANT_WRITE at least once before sucesseding
|
* WANT_READ/WANT_WRITE at least once before succeeding
|
||||||
*/
|
*/
|
||||||
int delayed_recv( void *ctx, unsigned char *buf, size_t len );
|
int delayed_recv( void *ctx, unsigned char *buf, size_t len );
|
||||||
int delayed_send( void *ctx, const unsigned char *buf, size_t len );
|
int delayed_send( void *ctx, const unsigned char *buf, size_t len );
|
||||||
|
|||||||
@ -179,7 +179,7 @@ do { \
|
|||||||
*
|
*
|
||||||
* This computes the maximum length of a title +3, because we appends "/s" and
|
* This computes the maximum length of a title +3, because we appends "/s" and
|
||||||
* want at least one space. (If the value is too small, the only consequence
|
* want at least one space. (If the value is too small, the only consequence
|
||||||
* is poor alignement.) */
|
* is poor alignment.) */
|
||||||
#define TITLE_SPACE 17
|
#define TITLE_SPACE 17
|
||||||
|
|
||||||
#define MEMORY_MEASURE_INIT \
|
#define MEMORY_MEASURE_INIT \
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* UDP proxy: emulate an unreliable UDP connexion for DTLS testing
|
* UDP proxy: emulate an unreliable UDP connection for DTLS testing
|
||||||
*
|
*
|
||||||
* Copyright The Mbed TLS Contributors
|
* Copyright The Mbed TLS Contributors
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
|
|||||||
@ -63,7 +63,7 @@ int main( int argc, char** argv )
|
|||||||
|
|
||||||
if( argc != 2 )
|
if( argc != 2 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( "This program takes exactly 1 agument\n" );
|
mbedtls_printf( "This program takes exactly 1 argument\n" );
|
||||||
usage();
|
usage();
|
||||||
mbedtls_exit( exit_code );
|
mbedtls_exit( exit_code );
|
||||||
}
|
}
|
||||||
|
|||||||
@ -37,7 +37,7 @@ class CodeSizeComparison:
|
|||||||
"""
|
"""
|
||||||
old_revision: revision to compare against
|
old_revision: revision to compare against
|
||||||
new_revision:
|
new_revision:
|
||||||
result_dir: directory for comparision result
|
result_dir: directory for comparison result
|
||||||
"""
|
"""
|
||||||
self.repo_path = "."
|
self.repo_path = "."
|
||||||
self.result_dir = os.path.abspath(result_dir)
|
self.result_dir = os.path.abspath(result_dir)
|
||||||
@ -140,7 +140,7 @@ class CodeSizeComparison:
|
|||||||
+ "-" + self.new_rev + ".csv"), "w")
|
+ "-" + self.new_rev + ".csv"), "w")
|
||||||
|
|
||||||
res_file.write("file_name, this_size, old_size, change, change %\n")
|
res_file.write("file_name, this_size, old_size, change, change %\n")
|
||||||
print("Generating comparision results.")
|
print("Generating comparison results.")
|
||||||
|
|
||||||
old_ds = {}
|
old_ds = {}
|
||||||
for line in old_file.readlines()[1:]:
|
for line in old_file.readlines()[1:]:
|
||||||
@ -199,7 +199,7 @@ def main():
|
|||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
"-n", "--new-rev", type=str, default=None,
|
"-n", "--new-rev", type=str, default=None,
|
||||||
help="new revision for comparison, default is the current work \
|
help="new revision for comparison, default is the current work \
|
||||||
directory, including uncommited changes."
|
directory, including uncommitted changes."
|
||||||
)
|
)
|
||||||
comp_args = parser.parse_args()
|
comp_args = parser.parse_args()
|
||||||
|
|
||||||
|
|||||||
@ -418,7 +418,7 @@ class ConfigFile(Config):
|
|||||||
value = setting.value
|
value = setting.value
|
||||||
if value is None:
|
if value is None:
|
||||||
value = ''
|
value = ''
|
||||||
# Normally the whitespace to separte the symbol name from the
|
# Normally the whitespace to separate the symbol name from the
|
||||||
# value is part of middle, and there's no whitespace for a symbol
|
# value is part of middle, and there's no whitespace for a symbol
|
||||||
# with no value. But if a symbol has been changed from having a
|
# with no value. But if a symbol has been changed from having a
|
||||||
# value to not having one, the whitespace is wrong, so fix it.
|
# value to not having one, the whitespace is wrong, so fix it.
|
||||||
|
|||||||
@ -53,7 +53,7 @@ def preprocess_c_source_code(source, *classes):
|
|||||||
"""
|
"""
|
||||||
Simple preprocessor for C source code.
|
Simple preprocessor for C source code.
|
||||||
|
|
||||||
Only processses condition directives without expanding them.
|
Only processes condition directives without expanding them.
|
||||||
Yield object according to the classes input. Most match firstly
|
Yield object according to the classes input. Most match firstly
|
||||||
|
|
||||||
If the directive pair does not match , raise CondDirectiveNotMatch.
|
If the directive pair does not match , raise CondDirectiveNotMatch.
|
||||||
|
|||||||
@ -89,8 +89,8 @@ List of certificates:
|
|||||||
_int-ca.crt: S7 + I1
|
_int-ca.crt: S7 + I1
|
||||||
_int-ca_ca2.crt: S7 + I1 + 2
|
_int-ca_ca2.crt: S7 + I1 + 2
|
||||||
_all_space.crt: S7 + I1 both with misplaced spaces (invalid PEM)
|
_all_space.crt: S7 + I1 both with misplaced spaces (invalid PEM)
|
||||||
_pem_space.crt: S7 with misplace space (invalid PEM) + I1
|
_pem_space.crt: S7 with misplaced space (invalid PEM) + I1
|
||||||
_trailing_space.crt: S7 + I1 both with trainling space (valid PEM)
|
_trailing_space.crt: S7 + I1 both with trailing space (valid PEM)
|
||||||
_spurious_int-ca.crt: S7 + I2(spurious) + I1
|
_spurious_int-ca.crt: S7 + I2(spurious) + I1
|
||||||
- server8*.crt: I2 R L: RSA signed by EC signed by RSA (P1 for _int-ca2)
|
- server8*.crt: I2 R L: RSA signed by EC signed by RSA (P1 for _int-ca2)
|
||||||
- server9*.crt: 1 R C* L P1*: signed using RSASSA-PSS
|
- server9*.crt: 1 R C* L P1*: signed using RSASSA-PSS
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
// Context with added '1234' at the begining to simulate too much data in the base64 code
|
// Context with added '1234' at the beginning to simulate too much data in the base64 code
|
||||||
1234AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==
|
1234AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==
|
||||||
|
|||||||
@ -259,7 +259,7 @@ General options:
|
|||||||
--no-force Refuse to overwrite modified files (default).
|
--no-force Refuse to overwrite modified files (default).
|
||||||
--no-keep-going Stop at the first error (default).
|
--no-keep-going Stop at the first error (default).
|
||||||
--no-memory No additional memory tests (default).
|
--no-memory No additional memory tests (default).
|
||||||
--no-quiet Print full ouput from components.
|
--no-quiet Print full output from components.
|
||||||
--out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
|
--out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
|
||||||
--outcome-file=<path> File where test outcomes are written (not done if
|
--outcome-file=<path> File where test outcomes are written (not done if
|
||||||
empty; default: \$MBEDTLS_TEST_OUTCOME_FILE).
|
empty; default: \$MBEDTLS_TEST_OUTCOME_FILE).
|
||||||
|
|||||||
@ -187,7 +187,7 @@ class ShebangIssueTracker(FileIssueTracker):
|
|||||||
# Allow either /bin/sh, /bin/bash, or /usr/bin/env.
|
# Allow either /bin/sh, /bin/bash, or /usr/bin/env.
|
||||||
# Allow at most one argument (this is a Linux limitation).
|
# Allow at most one argument (this is a Linux limitation).
|
||||||
# For sh and bash, the argument if present must be options.
|
# For sh and bash, the argument if present must be options.
|
||||||
# For env, the argument must be the base name of the interpeter.
|
# For env, the argument must be the base name of the interpreter.
|
||||||
_shebang_re = re.compile(rb'^#! ?(?:/bin/(bash|sh)(?: -[^\n ]*)?'
|
_shebang_re = re.compile(rb'^#! ?(?:/bin/(bash|sh)(?: -[^\n ]*)?'
|
||||||
rb'|/usr/bin/env ([^\n /]+))$')
|
rb'|/usr/bin/env ([^\n /]+))$')
|
||||||
_extensions = {
|
_extensions = {
|
||||||
|
|||||||
@ -813,7 +813,7 @@ class NameChecker():
|
|||||||
|
|
||||||
def check_for_typos(self):
|
def check_for_typos(self):
|
||||||
"""
|
"""
|
||||||
Perform a check that all words in the soure code beginning with MBED are
|
Perform a check that all words in the source code beginning with MBED are
|
||||||
either defined as macros, or as enum constants.
|
either defined as macros, or as enum constants.
|
||||||
Assumes parse_names_in_source() was called before this.
|
Assumes parse_names_in_source() was called before this.
|
||||||
|
|
||||||
|
|||||||
@ -46,12 +46,12 @@ my $config_h = 'include/mbedtls/mbedtls_config.h';
|
|||||||
|
|
||||||
# as many SSL options depend on specific hashes,
|
# as many SSL options depend on specific hashes,
|
||||||
# and SSL is not in the test suites anyways,
|
# and SSL is not in the test suites anyways,
|
||||||
# disable it to avoid dependcies issues
|
# disable it to avoid dependencies issues
|
||||||
my $ssl_sed_cmd = 's/^#define \(MBEDTLS_SSL.*\)/\1/p';
|
my $ssl_sed_cmd = 's/^#define \(MBEDTLS_SSL.*\)/\1/p';
|
||||||
my @ssl = split( /\s+/, `sed -n -e '$ssl_sed_cmd' $config_h` );
|
my @ssl = split( /\s+/, `sed -n -e '$ssl_sed_cmd' $config_h` );
|
||||||
|
|
||||||
# Each element of this array holds list of configuration options that
|
# Each element of this array holds list of configuration options that
|
||||||
# should be tested together. Certain options depend on eachother and
|
# should be tested together. Certain options depend on each other and
|
||||||
# separating them would generate invalid configurations.
|
# separating them would generate invalid configurations.
|
||||||
my @hash_configs = (
|
my @hash_configs = (
|
||||||
['unset MBEDTLS_MD5_C'],
|
['unset MBEDTLS_MD5_C'],
|
||||||
|
|||||||
@ -831,7 +831,7 @@ class StorageFormatV0(StorageFormat):
|
|||||||
def gather_key_types_for_sign_alg(self) -> Dict[str, List[str]]:
|
def gather_key_types_for_sign_alg(self) -> Dict[str, List[str]]:
|
||||||
# pylint: disable=too-many-locals
|
# pylint: disable=too-many-locals
|
||||||
"""Match possible key types for sign algorithms."""
|
"""Match possible key types for sign algorithms."""
|
||||||
# To create a valid combinaton both the algorithms and key types
|
# To create a valid combination both the algorithms and key types
|
||||||
# must be filtered. Pair them with keywords created from its names.
|
# must be filtered. Pair them with keywords created from its names.
|
||||||
incompatible_alg_keyword = frozenset(['RAW', 'ANY', 'PURE'])
|
incompatible_alg_keyword = frozenset(['RAW', 'ANY', 'PURE'])
|
||||||
incompatible_key_type_keywords = frozenset(['MONTGOMERY'])
|
incompatible_key_type_keywords = frozenset(['MONTGOMERY'])
|
||||||
@ -855,7 +855,7 @@ class StorageFormatV0(StorageFormat):
|
|||||||
if re.match(pattern, keyword):
|
if re.match(pattern, keyword):
|
||||||
alg_keywords.remove(keyword)
|
alg_keywords.remove(keyword)
|
||||||
alg_keywords.add(replace)
|
alg_keywords.add(replace)
|
||||||
# Filter out incompatible algortihms
|
# Filter out incompatible algorithms
|
||||||
if not alg_keywords.isdisjoint(incompatible_alg_keyword):
|
if not alg_keywords.isdisjoint(incompatible_alg_keyword):
|
||||||
continue
|
continue
|
||||||
|
|
||||||
@ -863,7 +863,7 @@ class StorageFormatV0(StorageFormat):
|
|||||||
# Generate keywords from the of the key type
|
# Generate keywords from the of the key type
|
||||||
key_type_keywords = set(key_type.translate(translation_table).split(sep='_')[3:])
|
key_type_keywords = set(key_type.translate(translation_table).split(sep='_')[3:])
|
||||||
|
|
||||||
# Remove ambigious keywords
|
# Remove ambiguous keywords
|
||||||
for keyword1, keyword2 in exclusive_keywords.items():
|
for keyword1, keyword2 in exclusive_keywords.items():
|
||||||
if keyword1 in key_type_keywords:
|
if keyword1 in key_type_keywords:
|
||||||
key_type_keywords.remove(keyword2)
|
key_type_keywords.remove(keyword2)
|
||||||
@ -880,7 +880,7 @@ class StorageFormatV0(StorageFormat):
|
|||||||
"""Generate test keys for usage flag extensions."""
|
"""Generate test keys for usage flag extensions."""
|
||||||
# Generate a key type and algorithm pair for each extendable usage
|
# Generate a key type and algorithm pair for each extendable usage
|
||||||
# flag to generate a valid key for exercising. The key is generated
|
# flag to generate a valid key for exercising. The key is generated
|
||||||
# without usage extension to check the extension compatiblity.
|
# without usage extension to check the extension compatibility.
|
||||||
alg_with_keys = self.gather_key_types_for_sign_alg()
|
alg_with_keys = self.gather_key_types_for_sign_alg()
|
||||||
|
|
||||||
for usage in sorted(StorageKey.IMPLICIT_USAGE_FLAGS, key=str):
|
for usage in sorted(StorageKey.IMPLICIT_USAGE_FLAGS, key=str):
|
||||||
|
|||||||
@ -4,7 +4,7 @@
|
|||||||
# (Multiple recursion where a() calls b() which calls a() not covered.)
|
# (Multiple recursion where a() calls b() which calls a() not covered.)
|
||||||
#
|
#
|
||||||
# When the recursion depth might depend on data controlled by the attacker in
|
# When the recursion depth might depend on data controlled by the attacker in
|
||||||
# an unbounded way, those functions should use interation instead.
|
# an unbounded way, those functions should use iteration instead.
|
||||||
#
|
#
|
||||||
# Typical usage: scripts/recursion.pl library/*.c
|
# Typical usage: scripts/recursion.pl library/*.c
|
||||||
#
|
#
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
"""Run the PSA Cryto API compliance test suite.
|
"""Run the PSA Crypto API compliance test suite.
|
||||||
Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF,
|
Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF,
|
||||||
then complie and run the test suite. The clone is stored at <Mbed TLS root>/psa-arch-tests.
|
then complie and run the test suite. The clone is stored at <Mbed TLS root>/psa-arch-tests.
|
||||||
Known defects in either the test suite or mbedtls - identified by their test number - are ignored,
|
Known defects in either the test suite or mbedtls - identified by their test number - are ignored,
|
||||||
|
|||||||
@ -221,7 +221,7 @@ static int exercise_cipher_key( mbedtls_svc_key_id_t key,
|
|||||||
sizeof( decrypted ) - part_length,
|
sizeof( decrypted ) - part_length,
|
||||||
&part_length );
|
&part_length );
|
||||||
/* For a stream cipher, all inputs are valid. For a block cipher,
|
/* For a stream cipher, all inputs are valid. For a block cipher,
|
||||||
* if the input is some aribtrary data rather than an actual
|
* if the input is some arbitrary data rather than an actual
|
||||||
ciphertext, a padding error is likely. */
|
ciphertext, a padding error is likely. */
|
||||||
if( maybe_invalid_padding )
|
if( maybe_invalid_padding )
|
||||||
TEST_ASSERT( status == PSA_SUCCESS ||
|
TEST_ASSERT( status == PSA_SUCCESS ||
|
||||||
@ -929,7 +929,7 @@ int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key,
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
|
|
||||||
if( alg == 0 )
|
if( alg == 0 )
|
||||||
ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */
|
ok = 1; /* If no algorithm, do nothing (used for raw data "keys"). */
|
||||||
else if( PSA_ALG_IS_MAC( alg ) )
|
else if( PSA_ALG_IS_MAC( alg ) )
|
||||||
ok = exercise_mac_key( key, usage, alg );
|
ok = exercise_mac_key( key, usage, alg );
|
||||||
else if( PSA_ALG_IS_CIPHER( alg ) )
|
else if( PSA_ALG_IS_CIPHER( alg ) )
|
||||||
|
|||||||
@ -4580,7 +4580,7 @@ run_test "Renegotiation: DTLS, gnutls server, client-initiated" \
|
|||||||
-C "error" \
|
-C "error" \
|
||||||
-s "Extra-header:"
|
-s "Extra-header:"
|
||||||
|
|
||||||
# Test for the "secure renegotation" extension only (no actual renegotiation)
|
# Test for the "secure renegotiation" extension only (no actual renegotiation)
|
||||||
|
|
||||||
requires_gnutls
|
requires_gnutls
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
@ -5317,7 +5317,7 @@ run_test "Authentication, CA callback: client max_int chain, server required"
|
|||||||
-s "use CA callback for X.509 CRT verification" \
|
-s "use CA callback for X.509 CRT verification" \
|
||||||
-S "X509 - A fatal error occurred"
|
-S "X509 - A fatal error occurred"
|
||||||
|
|
||||||
# Tests for certificate selection based on SHA verson
|
# Tests for certificate selection based on SHA version
|
||||||
|
|
||||||
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
|
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
|
||||||
run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
|
run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
|
||||||
@ -9068,7 +9068,7 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
|
|||||||
# certificate obtained from the server. Here, however, it
|
# certificate obtained from the server. Here, however, it
|
||||||
# connects to 127.0.0.1 while our test certificates use 'localhost'
|
# connects to 127.0.0.1 while our test certificates use 'localhost'
|
||||||
# as the server name in the certificate. This will make the
|
# as the server name in the certificate. This will make the
|
||||||
# certifiate validation fail, but passing --insecure makes
|
# certificate validation fail, but passing --insecure makes
|
||||||
# GnuTLS continue the connection nonetheless.
|
# GnuTLS continue the connection nonetheless.
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
|
|||||||
@ -519,7 +519,7 @@ int execute_tests( int argc , const char ** argv )
|
|||||||
FILE *file;
|
FILE *file;
|
||||||
char buf[5000];
|
char buf[5000];
|
||||||
char *params[50];
|
char *params[50];
|
||||||
/* Store for proccessed integer params. */
|
/* Store for processed integer params. */
|
||||||
int32_t int_params[50];
|
int32_t int_params[50];
|
||||||
void *pointer;
|
void *pointer;
|
||||||
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
|
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/* BEGIN_HEADER */
|
/* BEGIN_HEADER */
|
||||||
#include "mbedtls/aria.h"
|
#include "mbedtls/aria.h"
|
||||||
|
|
||||||
/* Maxium size of data used by test vectors
|
/* Maximum size of data used by test vectors
|
||||||
* WARNING: to be adapted if and when adding larger test cases */
|
* WARNING: to be adapted if and when adding larger test cases */
|
||||||
#define ARIA_MAX_DATASIZE 160
|
#define ARIA_MAX_DATASIZE 160
|
||||||
|
|
||||||
|
|||||||
@ -49,7 +49,7 @@ read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779
|
|||||||
ECJPAKE round one: KKP1: no second point data
|
ECJPAKE round one: KKP1: no second point data
|
||||||
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b0104":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
|
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b0104":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
|
||||||
|
|
||||||
ECJPAKE round one: KKP1: unknow second point format
|
ECJPAKE round one: KKP1: unknown second point format
|
||||||
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410509f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb516":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
|
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410509f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb516":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
|
||||||
|
|
||||||
ECJPAKE round one: KKP1: nothing after second point
|
ECJPAKE round one: KKP1: nothing after second point
|
||||||
@ -97,7 +97,7 @@ read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5
|
|||||||
ECJPAKE round one: KKP2: no second point data
|
ECJPAKE round one: KKP2: no second point data
|
||||||
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b0104":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
|
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b0104":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
|
||||||
|
|
||||||
ECJPAKE round one: KKP2: unknow second point format
|
ECJPAKE round one: KKP2: unknown second point format
|
||||||
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410509f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb516":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
|
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410509f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb516":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
|
||||||
|
|
||||||
ECJPAKE round one: KKP2: nothing after second point
|
ECJPAKE round one: KKP2: nothing after second point
|
||||||
@ -190,7 +190,7 @@ read_round_two_srv:"410469d54ee85e90ce3f1246742de507e939e81d1dc1c5cb988b58c310c9
|
|||||||
ECJPAKE round two server: no data
|
ECJPAKE round two server: no data
|
||||||
read_round_two_srv:"":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
|
read_round_two_srv:"":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
|
||||||
|
|
||||||
ECJPAKE round two server: length of forst point too small
|
ECJPAKE round two server: length of first point too small
|
||||||
read_round_two_srv:"00":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
|
read_round_two_srv:"00":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
|
||||||
|
|
||||||
ECJPAKE round two server: length of first point too big
|
ECJPAKE round two server: length of first point too big
|
||||||
|
|||||||
@ -21,7 +21,7 @@ void mbedtls_md_process( )
|
|||||||
/*
|
/*
|
||||||
* Very minimal testing of mbedtls_md_process, just make sure the various
|
* Very minimal testing of mbedtls_md_process, just make sure the various
|
||||||
* xxx_process_wrap() function pointers are valid. (Testing that they
|
* xxx_process_wrap() function pointers are valid. (Testing that they
|
||||||
* indeed do the right thing whould require messing with the internal
|
* indeed do the right thing would require messing with the internal
|
||||||
* state of the underlying mbedtls_md/sha context.)
|
* state of the underlying mbedtls_md/sha context.)
|
||||||
*
|
*
|
||||||
* Also tests that mbedtls_md_list() only returns valid MDs.
|
* Also tests that mbedtls_md_list() only returns valid MDs.
|
||||||
|
|||||||
@ -28,7 +28,7 @@
|
|||||||
* On success, it refers to the opened file (\p wanted_fd).
|
* On success, it refers to the opened file (\p wanted_fd).
|
||||||
* \param wanted_fd The desired file descriptor.
|
* \param wanted_fd The desired file descriptor.
|
||||||
*
|
*
|
||||||
* \return \c 0 on succes, a negative error code on error.
|
* \return \c 0 on success, a negative error code on error.
|
||||||
*/
|
*/
|
||||||
static int open_file_on_fd( mbedtls_net_context *ctx, int wanted_fd )
|
static int open_file_on_fd( mbedtls_net_context *ctx, int wanted_fd )
|
||||||
{
|
{
|
||||||
|
|||||||
@ -1080,7 +1080,7 @@ void pk_rsa_alt( )
|
|||||||
memset( ciph, 0, sizeof ciph );
|
memset( ciph, 0, sizeof ciph );
|
||||||
memset( test, 0, sizeof test );
|
memset( test, 0, sizeof test );
|
||||||
|
|
||||||
/* Initiliaze PK RSA context with random key */
|
/* Initialize PK RSA context with random key */
|
||||||
TEST_ASSERT( mbedtls_pk_setup( &rsa,
|
TEST_ASSERT( mbedtls_pk_setup( &rsa,
|
||||||
mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
|
mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
|
||||||
TEST_ASSERT( pk_genkey( &rsa, RSA_KEY_SIZE ) == 0 );
|
TEST_ASSERT( pk_genkey( &rsa, RSA_KEY_SIZE ) == 0 );
|
||||||
|
|||||||
@ -2259,7 +2259,7 @@ PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes)
|
|||||||
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
|
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
|
||||||
cipher_decrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
|
cipher_decrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
|
||||||
PSA symetric decrypt: CCM*-no-tag, input too short (15 bytes)
|
PSA symmetric decrypt: CCM*-no-tag, input too short (15 bytes)
|
||||||
depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:MBEDTLS_AES_C
|
depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:MBEDTLS_AES_C
|
||||||
cipher_decrypt_fail:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"2a2a2a2a2a2a2a2a":PSA_ERROR_INVALID_ARGUMENT
|
cipher_decrypt_fail:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"2a2a2a2a2a2a2a2a":PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
|
||||||
|
|||||||
@ -834,7 +834,7 @@ void import_large_key( int type_arg, int byte_size_arg,
|
|||||||
size_t n;
|
size_t n;
|
||||||
|
|
||||||
/* Skip the test case if the target running the test cannot
|
/* Skip the test case if the target running the test cannot
|
||||||
* accomodate large keys due to heap size constraints */
|
* accommodate large keys due to heap size constraints */
|
||||||
ASSERT_ALLOC_WEAK( buffer, buffer_size );
|
ASSERT_ALLOC_WEAK( buffer, buffer_size );
|
||||||
memset( buffer, 'K', byte_size );
|
memset( buffer, 'K', byte_size );
|
||||||
|
|
||||||
@ -1198,7 +1198,7 @@ void key_attributes_init( )
|
|||||||
/* Test each valid way of initializing the object, except for `= {0}`, as
|
/* Test each valid way of initializing the object, except for `= {0}`, as
|
||||||
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
|
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
|
||||||
* though it's OK by the C standard. We could test for this, but we'd need
|
* though it's OK by the C standard. We could test for this, but we'd need
|
||||||
* to supress the Clang warning for the test. */
|
* to suppress the Clang warning for the test. */
|
||||||
psa_key_attributes_t func = psa_key_attributes_init( );
|
psa_key_attributes_t func = psa_key_attributes_init( );
|
||||||
psa_key_attributes_t init = PSA_KEY_ATTRIBUTES_INIT;
|
psa_key_attributes_t init = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
psa_key_attributes_t zero;
|
psa_key_attributes_t zero;
|
||||||
@ -1989,7 +1989,7 @@ void hash_operation_init( )
|
|||||||
/* Test each valid way of initializing the object, except for `= {0}`, as
|
/* Test each valid way of initializing the object, except for `= {0}`, as
|
||||||
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
|
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
|
||||||
* though it's OK by the C standard. We could test for this, but we'd need
|
* though it's OK by the C standard. We could test for this, but we'd need
|
||||||
* to supress the Clang warning for the test. */
|
* to suppress the Clang warning for the test. */
|
||||||
psa_hash_operation_t func = psa_hash_operation_init( );
|
psa_hash_operation_t func = psa_hash_operation_init( );
|
||||||
psa_hash_operation_t init = PSA_HASH_OPERATION_INIT;
|
psa_hash_operation_t init = PSA_HASH_OPERATION_INIT;
|
||||||
psa_hash_operation_t zero;
|
psa_hash_operation_t zero;
|
||||||
@ -2518,7 +2518,7 @@ void mac_operation_init( )
|
|||||||
/* Test each valid way of initializing the object, except for `= {0}`, as
|
/* Test each valid way of initializing the object, except for `= {0}`, as
|
||||||
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
|
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
|
||||||
* though it's OK by the C standard. We could test for this, but we'd need
|
* though it's OK by the C standard. We could test for this, but we'd need
|
||||||
* to supress the Clang warning for the test. */
|
* to suppress the Clang warning for the test. */
|
||||||
psa_mac_operation_t func = psa_mac_operation_init( );
|
psa_mac_operation_t func = psa_mac_operation_init( );
|
||||||
psa_mac_operation_t init = PSA_MAC_OPERATION_INIT;
|
psa_mac_operation_t init = PSA_MAC_OPERATION_INIT;
|
||||||
psa_mac_operation_t zero;
|
psa_mac_operation_t zero;
|
||||||
@ -2941,7 +2941,7 @@ void cipher_operation_init( )
|
|||||||
/* Test each valid way of initializing the object, except for `= {0}`, as
|
/* Test each valid way of initializing the object, except for `= {0}`, as
|
||||||
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
|
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
|
||||||
* though it's OK by the C standard. We could test for this, but we'd need
|
* though it's OK by the C standard. We could test for this, but we'd need
|
||||||
* to supress the Clang warning for the test. */
|
* to suppress the Clang warning for the test. */
|
||||||
psa_cipher_operation_t func = psa_cipher_operation_init( );
|
psa_cipher_operation_t func = psa_cipher_operation_init( );
|
||||||
psa_cipher_operation_t init = PSA_CIPHER_OPERATION_INIT;
|
psa_cipher_operation_t init = PSA_CIPHER_OPERATION_INIT;
|
||||||
psa_cipher_operation_t zero;
|
psa_cipher_operation_t zero;
|
||||||
@ -5964,7 +5964,7 @@ void sign_hash_deterministic( int key_type_arg, data_t *key_data,
|
|||||||
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
|
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
|
||||||
key_bits = psa_get_key_bits( &attributes );
|
key_bits = psa_get_key_bits( &attributes );
|
||||||
|
|
||||||
/* Allocate a buffer which has the size advertized by the
|
/* Allocate a buffer which has the size advertised by the
|
||||||
* library. */
|
* library. */
|
||||||
signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
|
signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
|
||||||
key_bits, alg );
|
key_bits, alg );
|
||||||
@ -6063,7 +6063,7 @@ void sign_verify_hash( int key_type_arg, data_t *key_data,
|
|||||||
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
|
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
|
||||||
key_bits = psa_get_key_bits( &attributes );
|
key_bits = psa_get_key_bits( &attributes );
|
||||||
|
|
||||||
/* Allocate a buffer which has the size advertized by the
|
/* Allocate a buffer which has the size advertised by the
|
||||||
* library. */
|
* library. */
|
||||||
signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
|
signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
|
||||||
key_bits, alg );
|
key_bits, alg );
|
||||||
@ -6697,7 +6697,7 @@ void key_derivation_init( )
|
|||||||
/* Test each valid way of initializing the object, except for `= {0}`, as
|
/* Test each valid way of initializing the object, except for `= {0}`, as
|
||||||
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
|
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
|
||||||
* though it's OK by the C standard. We could test for this, but we'd need
|
* though it's OK by the C standard. We could test for this, but we'd need
|
||||||
* to supress the Clang warning for the test. */
|
* to suppress the Clang warning for the test. */
|
||||||
size_t capacity;
|
size_t capacity;
|
||||||
psa_key_derivation_operation_t func = psa_key_derivation_operation_init( );
|
psa_key_derivation_operation_t func = psa_key_derivation_operation_init( );
|
||||||
psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT;
|
psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT;
|
||||||
@ -7617,7 +7617,7 @@ void key_agreement_capacity( int alg_arg,
|
|||||||
NULL, 0 ) );
|
NULL, 0 ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Test the advertized capacity. */
|
/* Test the advertised capacity. */
|
||||||
PSA_ASSERT( psa_key_derivation_get_capacity(
|
PSA_ASSERT( psa_key_derivation_get_capacity(
|
||||||
&operation, &actual_capacity ) );
|
&operation, &actual_capacity ) );
|
||||||
TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg );
|
TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg );
|
||||||
|
|||||||
@ -995,7 +995,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg,
|
|||||||
/*
|
/*
|
||||||
* Test encrypt failure
|
* Test encrypt failure
|
||||||
* First test that if we don't force a driver error, encryption is
|
* First test that if we don't force a driver error, encryption is
|
||||||
* successfull, then force driver error.
|
* successful, then force driver error.
|
||||||
*/
|
*/
|
||||||
status = psa_cipher_encrypt(
|
status = psa_cipher_encrypt(
|
||||||
key, alg, input->x, input->len,
|
key, alg, input->x, input->len,
|
||||||
|
|||||||
@ -7,7 +7,7 @@ external_rng_failure_generate:
|
|||||||
# randomization for (e.g.) blinding. An external implementation could use
|
# randomization for (e.g.) blinding. An external implementation could use
|
||||||
# its own randomness source which is not affected by the forced failure of
|
# its own randomness source which is not affected by the forced failure of
|
||||||
# the RNG driver.
|
# the RNG driver.
|
||||||
# Key types and non-randomized auxilary algorithms (in practice, hashes) can
|
# Key types and non-randomized auxiliary algorithms (in practice, hashes) can
|
||||||
# use an external implementation.
|
# use an external implementation.
|
||||||
PSA external RNG failure: randomized ECDSA
|
PSA external RNG failure: randomized ECDSA
|
||||||
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PSA_BUILTIN_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256
|
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PSA_BUILTIN_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256
|
||||||
|
|||||||
@ -325,7 +325,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg,
|
|||||||
case INVALIDATE_BY_DESTROYING:
|
case INVALIDATE_BY_DESTROYING:
|
||||||
case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN:
|
case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN:
|
||||||
/*
|
/*
|
||||||
* Test that the key handle and identifier are now not refering to an
|
* Test that the key handle and identifier are now not referring to an
|
||||||
* existing key.
|
* existing key.
|
||||||
*/
|
*/
|
||||||
TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ),
|
TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ),
|
||||||
|
|||||||
@ -10,7 +10,7 @@ test_multiple_psks_opaque:1
|
|||||||
Attempt to register multiple PSKs, incl. opaque PSK, #2
|
Attempt to register multiple PSKs, incl. opaque PSK, #2
|
||||||
test_multiple_psks_opaque:2
|
test_multiple_psks_opaque:2
|
||||||
|
|
||||||
Test calback buffer sanity
|
Test callback buffer sanity
|
||||||
test_callback_buffer_sanity:
|
test_callback_buffer_sanity:
|
||||||
|
|
||||||
Callback buffer test: Exercise simple write/read
|
Callback buffer test: Exercise simple write/read
|
||||||
@ -624,7 +624,7 @@ ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12350000":0
|
|||||||
SSL DTLS replay: delayed
|
SSL DTLS replay: delayed
|
||||||
ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340002":0
|
ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340002":0
|
||||||
|
|
||||||
SSL DTLS replay: lastest replayed
|
SSL DTLS replay: latest replayed
|
||||||
ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340003":-1
|
ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340003":-1
|
||||||
|
|
||||||
SSL DTLS replay: older replayed
|
SSL DTLS replay: older replayed
|
||||||
|
|||||||
@ -2229,7 +2229,7 @@ void perform_handshake( handshake_test_options* options )
|
|||||||
|
|
||||||
/* After calling mbedtls_ssl_renegotiate for the client all renegotiation
|
/* After calling mbedtls_ssl_renegotiate for the client all renegotiation
|
||||||
* should happen inside this function. However in this test, we cannot
|
* should happen inside this function. However in this test, we cannot
|
||||||
* perform simultaneous communication betwen client and server so this
|
* perform simultaneous communication between client and server so this
|
||||||
* function will return waiting error on the socket. All rest of
|
* function will return waiting error on the socket. All rest of
|
||||||
* renegotiation should happen during data exchanging */
|
* renegotiation should happen during data exchanging */
|
||||||
ret = mbedtls_ssl_renegotiate( &(client.ssl) );
|
ret = mbedtls_ssl_renegotiate( &(client.ssl) );
|
||||||
@ -2321,7 +2321,7 @@ void test_callback_buffer_sanity()
|
|||||||
TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
|
TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
|
||||||
|
|
||||||
/* Make sure calling put and get on a buffer that hasn't been set up results
|
/* Make sure calling put and get on a buffer that hasn't been set up results
|
||||||
* in eror. */
|
* in error. */
|
||||||
mbedtls_test_buffer_init( &buf );
|
mbedtls_test_buffer_init( &buf );
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
|
TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
Check compiletime library version
|
Check compile time library version
|
||||||
check_compiletime_version:"3.1.0"
|
check_compiletime_version:"3.1.0"
|
||||||
|
|
||||||
Check runtime library version
|
Check runtime library version
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user