Merge pull request #6165 from mprse/md_x509_test
Avoid use of MD in X.509 write test suite
diff --git a/ChangeLog.d/fix_psa_crypto_cipher_h_include.txt b/ChangeLog.d/fix_psa_crypto_cipher_h_include.txt
new file mode 100644
index 0000000..bf2e65d
--- /dev/null
+++ b/ChangeLog.d/fix_psa_crypto_cipher_h_include.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Use double quotes to include private header file psa_crypto_cipher.h.
+ Fixes 'file not found with <angled> include' error
+ when building with Xcode.
diff --git a/ChangeLog.d/x509-broken-symlink-handling.txt b/ChangeLog.d/x509-broken-symlink-handling.txt
new file mode 100644
index 0000000..52288dc
--- /dev/null
+++ b/ChangeLog.d/x509-broken-symlink-handling.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix handling of broken symlinks when loading certificates using
+ mbedtls_x509_crt_parse_path(). Instead of returning an error as soon as a
+ broken link is encountered, skip the broken link and continue parsing
+ other certificate files. Contributed by Eduardo Silva in #2602.
diff --git a/SECURITY.md b/SECURITY.md
index 26b77ab..33bbc2f 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,4 +1,4 @@
-## Reporting Vulneratibilities
+## Reporting Vulnerabilities
If you think you have found an Mbed TLS security vulnerability, then please
send an email to the security team at
diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md
index b933edf..884810d 100644
--- a/docs/3.0-migration-guide.md
+++ b/docs/3.0-migration-guide.md
@@ -800,7 +800,7 @@
### Relaxed semantics for PSK configuration
This affects users which call the PSK configuration APIs
-`mbedtlsl_ssl_conf_psk()` and `mbedtls_ssl_conf_psk_opaque()`
+`mbedtls_ssl_conf_psk()` and `mbedtls_ssl_conf_psk_opaque()`
multiple times on the same SSL configuration.
In Mbed TLS 2.x, users would observe later calls overwriting
diff --git a/docs/architecture/psa-crypto-implementation-structure.md b/docs/architecture/psa-crypto-implementation-structure.md
index cd4d427..6a0a095 100644
--- a/docs/architecture/psa-crypto-implementation-structure.md
+++ b/docs/architecture/psa-crypto-implementation-structure.md
@@ -1,4 +1,4 @@
-PSA Cryptograpy API implementation and PSA driver interface
+PSA Cryptography API implementation and PSA driver interface
===========================================================
## Introduction
diff --git a/docs/architecture/psa-migration/psa-limitations.md b/docs/architecture/psa-migration/psa-limitations.md
index 7b8ec99..e2efeb9 100644
--- a/docs/architecture/psa-migration/psa-limitations.md
+++ b/docs/architecture/psa-migration/psa-limitations.md
@@ -171,7 +171,7 @@
It is unclear what parameters people use in practice. It looks like by default
OpenSSL picks saltlen = keylen - hashlen - 2 (tested with openssl 1.1.1f).
-The `certool` command provided by GnuTLS seems to be picking saltlen = hashlen
+The `certtool` command provided by GnuTLS seems to be picking saltlen = hashlen
by default (tested with GnuTLS 3.6.13). FIPS 186-4 requires 0 <= saltlen <=
hashlen.
diff --git a/docs/architecture/psa-migration/strategy.md b/docs/architecture/psa-migration/strategy.md
index 883fd42..8d2d59f 100644
--- a/docs/architecture/psa-migration/strategy.md
+++ b/docs/architecture/psa-migration/strategy.md
@@ -42,9 +42,9 @@
- When `MBEDTLS_PSA_CRYPTO_C` is enabled and used, applications need to call
`psa_crypto_init()` before TLS/X.509 uses PSA functions. (This prevents us
from even enabling the option by default.)
- - `MBEDTLS_PSA_CRYPTO_C` has a hard depend on `MBEDTLS_ENTROPY_C ||
+ - `MBEDTLS_PSA_CRYPTO_C` has a hard dependency on `MBEDTLS_ENTROPY_C ||
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` but it's
- currently possible to compilte TLS and X.509 without any of the options.
+ currently possible to compile TLS and X.509 without any of the options.
Also, we can't just auto-enable `MBEDTLS_ENTROPY_C` as it doesn't build
out of the box on all platforms, and even less
`MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG` as it requires a user-provided RNG
diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md
index 8147562..8f02af1 100644
--- a/docs/proposed/psa-driver-interface.md
+++ b/docs/proposed/psa-driver-interface.md
@@ -241,7 +241,7 @@
1. The core calls the `xxx_setup` entry point for this operation family. If this fails, the core destroys the operation context object without calling any other driver entry point on it.
1. The core calls other entry points that manipulate the operation context object, respecting the constraints.
1. If any entry point fails, the core calls the driver's `xxx_abort` entry point for this operation family, then destroys the operation context object without calling any other driver entry point on it.
-1. If a “finish” entry point fails, the core destroys the operation context object without calling any other driver entry point on it. The finish entry points are: *prefix*`_mac_sign_finish`, *prefix*`_mac_verify_finish`, *prefix*`_cipher_fnish`, *prefix*`_aead_finish`, *prefix*`_aead_verify`.
+1. If a “finish” entry point fails, the core destroys the operation context object without calling any other driver entry point on it. The finish entry points are: *prefix*`_mac_sign_finish`, *prefix*`_mac_verify_finish`, *prefix*`_cipher_finish`, *prefix*`_aead_finish`, *prefix*`_aead_verify`.
If a driver implements a multi-part operation but not the corresponding single-part operation, the core calls the driver's multipart operation entry points to perform the single-part operation.
diff --git a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
index 2a10ca0..6172159 100644
--- a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
+++ b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
@@ -21,7 +21,7 @@
### What's critical for a migrating user
-The Driver Wrapper auto generation project is designed to use a python templating library ( Jinja2 ) to render templates based on drivers that are defined using a Driver descrioption JSON file(s).
+The Driver Wrapper auto generation project is designed to use a python templating library ( Jinja2 ) to render templates based on drivers that are defined using a Driver description JSON file(s).
While that is the larger goal, for version 1.0 here's what's changed
diff --git a/library/ecdh.c b/library/ecdh.c
index cc1340c..35ab1b7 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -34,12 +34,6 @@
#include <string.h>
-/* Parameter validation macros based on platform_util.h */
-#define ECDH_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECDH_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed;
#endif
@@ -97,10 +91,6 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- ECDH_VALIDATE_RET( grp != NULL );
- ECDH_VALIDATE_RET( d != NULL );
- ECDH_VALIDATE_RET( Q != NULL );
- ECDH_VALIDATE_RET( f_rng != NULL );
return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) );
}
#endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */
@@ -146,10 +136,6 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- ECDH_VALIDATE_RET( grp != NULL );
- ECDH_VALIDATE_RET( Q != NULL );
- ECDH_VALIDATE_RET( d != NULL );
- ECDH_VALIDATE_RET( z != NULL );
return( ecdh_compute_shared_restartable( grp, z, Q, d,
f_rng, p_rng, NULL ) );
}
@@ -173,8 +159,6 @@
*/
void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx )
{
- ECDH_VALIDATE( ctx != NULL );
-
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
ecdh_init_internal( ctx );
mbedtls_ecp_point_init( &ctx->Vi );
@@ -210,8 +194,6 @@
*/
int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id )
{
- ECDH_VALIDATE_RET( ctx != NULL );
-
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_setup_internal( ctx, grp_id ) );
#else
@@ -253,8 +235,6 @@
*/
void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx )
{
- ECDH_VALIDATE( ctx != NULL );
-
ctx->restart_enabled = 1;
}
#endif
@@ -357,11 +337,6 @@
void *p_rng )
{
int restart_enabled = 0;
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( olen != NULL );
- ECDH_VALIDATE_RET( buf != NULL );
- ECDH_VALIDATE_RET( f_rng != NULL );
-
#if defined(MBEDTLS_ECP_RESTARTABLE)
restart_enabled = ctx->restart_enabled;
#else
@@ -411,11 +386,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group_id grp_id;
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( buf != NULL );
- ECDH_VALIDATE_RET( *buf != NULL );
- ECDH_VALIDATE_RET( end != NULL );
-
if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, end - *buf ) )
!= 0 )
return( ret );
@@ -471,10 +441,8 @@
mbedtls_ecdh_side side )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( key != NULL );
- ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS ||
- side == MBEDTLS_ECDH_THEIRS );
+ if( side != MBEDTLS_ECDH_OURS && side != MBEDTLS_ECDH_THEIRS )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE )
{
@@ -563,11 +531,6 @@
void *p_rng )
{
int restart_enabled = 0;
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( olen != NULL );
- ECDH_VALIDATE_RET( buf != NULL );
- ECDH_VALIDATE_RET( f_rng != NULL );
-
#if defined(MBEDTLS_ECP_RESTARTABLE)
restart_enabled = ctx->restart_enabled;
#endif
@@ -616,9 +579,6 @@
int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
const unsigned char *buf, size_t blen )
{
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( buf != NULL );
-
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_read_public_internal( ctx, buf, blen ) );
#else
@@ -697,10 +657,6 @@
void *p_rng )
{
int restart_enabled = 0;
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( olen != NULL );
- ECDH_VALIDATE_RET( buf != NULL );
-
#if defined(MBEDTLS_ECP_RESTARTABLE)
restart_enabled = ctx->restart_enabled;
#endif
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 0b612ce..dcdf83c 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -47,12 +47,6 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
-/* Parameter validation macros based on platform_util.h */
-#define ECDSA_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECDSA_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if defined(MBEDTLS_ECP_RESTARTABLE)
/*
@@ -404,13 +398,6 @@
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- ECDSA_VALIDATE_RET( grp != NULL );
- ECDSA_VALIDATE_RET( r != NULL );
- ECDSA_VALIDATE_RET( s != NULL );
- ECDSA_VALIDATE_RET( d != NULL );
- ECDSA_VALIDATE_RET( f_rng != NULL );
- ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
-
/* Use the same RNG for both blinding and ephemeral key generation */
return( ecdsa_sign_restartable( grp, r, s, d, buf, blen,
f_rng, p_rng, f_rng, p_rng, NULL ) );
@@ -503,13 +490,6 @@
size_t),
void *p_rng_blind )
{
- ECDSA_VALIDATE_RET( grp != NULL );
- ECDSA_VALIDATE_RET( r != NULL );
- ECDSA_VALIDATE_RET( s != NULL );
- ECDSA_VALIDATE_RET( d != NULL );
- ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
- ECDSA_VALIDATE_RET( f_rng_blind != NULL );
-
return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg,
f_rng_blind, p_rng_blind, NULL ) );
}
@@ -634,12 +614,6 @@
const mbedtls_mpi *r,
const mbedtls_mpi *s)
{
- ECDSA_VALIDATE_RET( grp != NULL );
- ECDSA_VALIDATE_RET( Q != NULL );
- ECDSA_VALIDATE_RET( r != NULL );
- ECDSA_VALIDATE_RET( s != NULL );
- ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
-
return( ecdsa_verify_restartable( grp, buf, blen, Q, r, s, NULL ) );
}
#endif /* !MBEDTLS_ECDSA_VERIFY_ALT */
@@ -685,11 +659,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi r, s;
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( hash != NULL );
- ECDSA_VALIDATE_RET( sig != NULL );
- ECDSA_VALIDATE_RET( slen != NULL );
-
if( f_rng == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
@@ -735,10 +704,6 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( hash != NULL );
- ECDSA_VALIDATE_RET( sig != NULL );
- ECDSA_VALIDATE_RET( slen != NULL );
return( mbedtls_ecdsa_write_signature_restartable(
ctx, md_alg, hash, hlen, sig, sig_size, slen,
f_rng, p_rng, NULL ) );
@@ -751,9 +716,6 @@
const unsigned char *hash, size_t hlen,
const unsigned char *sig, size_t slen )
{
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( hash != NULL );
- ECDSA_VALIDATE_RET( sig != NULL );
return( mbedtls_ecdsa_read_signature_restartable(
ctx, hash, hlen, sig, slen, NULL ) );
}
@@ -771,10 +733,6 @@
const unsigned char *end = sig + slen;
size_t len;
mbedtls_mpi r, s;
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( hash != NULL );
- ECDSA_VALIDATE_RET( sig != NULL );
-
mbedtls_mpi_init( &r );
mbedtls_mpi_init( &s );
@@ -831,9 +789,6 @@
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret = 0;
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( f_rng != NULL );
-
ret = mbedtls_ecp_group_load( &ctx->grp, gid );
if( ret != 0 )
return( ret );
@@ -849,9 +804,6 @@
int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( key != NULL );
-
if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 ||
( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 ||
( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 )
@@ -867,8 +819,6 @@
*/
void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx )
{
- ECDSA_VALIDATE( ctx != NULL );
-
mbedtls_ecp_keypair_init( ctx );
}
@@ -889,8 +839,6 @@
*/
void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx )
{
- ECDSA_VALIDATE( ctx != NULL );
-
mbedtls_ecp_restart_init( &ctx->ecp );
ctx->ver = NULL;
diff --git a/library/ecjpake.c b/library/ecjpake.c
index d467a65..c591924 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -34,12 +34,6 @@
#if !defined(MBEDTLS_ECJPAKE_ALT)
-/* Parameter validation macros based on platform_util.h */
-#define ECJPAKE_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECJPAKE_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
/*
* Convert a mbedtls_ecjpake_role to identifier string
*/
@@ -56,8 +50,6 @@
*/
void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )
{
- ECJPAKE_VALIDATE( ctx != NULL );
-
ctx->md_info = NULL;
mbedtls_ecp_group_init( &ctx->grp );
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
@@ -107,10 +99,8 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECJPAKE_VALIDATE_RET( ctx != NULL );
- ECJPAKE_VALIDATE_RET( role == MBEDTLS_ECJPAKE_CLIENT ||
- role == MBEDTLS_ECJPAKE_SERVER );
- ECJPAKE_VALIDATE_RET( secret != NULL || len == 0 );
+ if( role != MBEDTLS_ECJPAKE_CLIENT && role != MBEDTLS_ECJPAKE_SERVER )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
ctx->role = role;
@@ -147,8 +137,6 @@
*/
int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )
{
- ECJPAKE_VALIDATE_RET( ctx != NULL );
-
if( ctx->md_info == NULL ||
ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
ctx->s.p == NULL )
@@ -521,9 +509,6 @@
const unsigned char *buf,
size_t len )
{
- ECJPAKE_VALIDATE_RET( ctx != NULL );
- ECJPAKE_VALIDATE_RET( buf != NULL );
-
return( ecjpake_kkpp_read( ctx->md_info, &ctx->grp, ctx->point_format,
&ctx->grp.G,
&ctx->Xp1, &ctx->Xp2, ID_PEER,
@@ -538,11 +523,6 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- ECJPAKE_VALIDATE_RET( ctx != NULL );
- ECJPAKE_VALIDATE_RET( buf != NULL );
- ECJPAKE_VALIDATE_RET( olen != NULL );
- ECJPAKE_VALIDATE_RET( f_rng != NULL );
-
return( ecjpake_kkpp_write( ctx->md_info, &ctx->grp, ctx->point_format,
&ctx->grp.G,
&ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,
@@ -585,9 +565,6 @@
mbedtls_ecp_group grp;
mbedtls_ecp_point G; /* C: GB, S: GA */
- ECJPAKE_VALIDATE_RET( ctx != NULL );
- ECJPAKE_VALIDATE_RET( buf != NULL );
-
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &G );
@@ -680,11 +657,6 @@
const unsigned char *end = buf + len;
size_t ec_len;
- ECJPAKE_VALIDATE_RET( ctx != NULL );
- ECJPAKE_VALIDATE_RET( buf != NULL );
- ECJPAKE_VALIDATE_RET( olen != NULL );
- ECJPAKE_VALIDATE_RET( f_rng != NULL );
-
mbedtls_ecp_point_init( &G );
mbedtls_ecp_point_init( &Xm );
mbedtls_mpi_init( &xm );
@@ -760,11 +732,6 @@
unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
size_t x_bytes;
- ECJPAKE_VALIDATE_RET( ctx != NULL );
- ECJPAKE_VALIDATE_RET( buf != NULL );
- ECJPAKE_VALIDATE_RET( olen != NULL );
- ECJPAKE_VALIDATE_RET( f_rng != NULL );
-
*olen = mbedtls_md_get_size( ctx->md_info );
if( len < *olen )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
diff --git a/library/ecp.c b/library/ecp.c
index 67c46f2..009be61 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -84,12 +84,6 @@
#if !defined(MBEDTLS_ECP_ALT)
-/* Parameter validation macros based on platform_util.h */
-#define ECP_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECP_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
@@ -242,7 +236,6 @@
*/
void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx )
{
- ECP_VALIDATE( ctx != NULL );
ctx->ops_done = 0;
ctx->depth = 0;
ctx->rsm = NULL;
@@ -273,8 +266,6 @@
mbedtls_ecp_restart_ctx *rs_ctx,
unsigned ops )
{
- ECP_VALIDATE_RET( grp != NULL );
-
if( rs_ctx != NULL && ecp_max_ops != 0 )
{
/* scale depending on curve size: the chosen reference is 256-bit,
@@ -525,8 +516,6 @@
*/
void mbedtls_ecp_point_init( mbedtls_ecp_point *pt )
{
- ECP_VALIDATE( pt != NULL );
-
mbedtls_mpi_init( &pt->X );
mbedtls_mpi_init( &pt->Y );
mbedtls_mpi_init( &pt->Z );
@@ -537,8 +526,6 @@
*/
void mbedtls_ecp_group_init( mbedtls_ecp_group *grp )
{
- ECP_VALIDATE( grp != NULL );
-
grp->id = MBEDTLS_ECP_DP_NONE;
mbedtls_mpi_init( &grp->P );
mbedtls_mpi_init( &grp->A );
@@ -561,8 +548,6 @@
*/
void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key )
{
- ECP_VALIDATE( key != NULL );
-
mbedtls_ecp_group_init( &key->grp );
mbedtls_mpi_init( &key->d );
mbedtls_ecp_point_init( &key->Q );
@@ -641,9 +626,6 @@
int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECP_VALIDATE_RET( P != NULL );
- ECP_VALIDATE_RET( Q != NULL );
-
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->X, &Q->X ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Y, &Q->Y ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Z, &Q->Z ) );
@@ -657,9 +639,6 @@
*/
int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src )
{
- ECP_VALIDATE_RET( dst != NULL );
- ECP_VALIDATE_RET( src != NULL );
-
return( mbedtls_ecp_group_load( dst, src->id ) );
}
@@ -669,8 +648,6 @@
int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECP_VALIDATE_RET( pt != NULL );
-
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Y , 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z , 0 ) );
@@ -684,8 +661,6 @@
*/
int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt )
{
- ECP_VALIDATE_RET( pt != NULL );
-
return( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 );
}
@@ -695,9 +670,6 @@
int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
const mbedtls_ecp_point *Q )
{
- ECP_VALIDATE_RET( P != NULL );
- ECP_VALIDATE_RET( Q != NULL );
-
if( mbedtls_mpi_cmp_mpi( &P->X, &Q->X ) == 0 &&
mbedtls_mpi_cmp_mpi( &P->Y, &Q->Y ) == 0 &&
mbedtls_mpi_cmp_mpi( &P->Z, &Q->Z ) == 0 )
@@ -715,10 +687,6 @@
const char *x, const char *y )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECP_VALIDATE_RET( P != NULL );
- ECP_VALIDATE_RET( x != NULL );
- ECP_VALIDATE_RET( y != NULL );
-
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->X, radix, x ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->Y, radix, y ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) );
@@ -737,12 +705,9 @@
{
int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
size_t plen;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( P != NULL );
- ECP_VALIDATE_RET( olen != NULL );
- ECP_VALIDATE_RET( buf != NULL );
- ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED ||
- format == MBEDTLS_ECP_PF_COMPRESSED );
+ if( format != MBEDTLS_ECP_PF_UNCOMPRESSED &&
+ format != MBEDTLS_ECP_PF_COMPRESSED )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
plen = mbedtls_mpi_size( &grp->P );
@@ -811,10 +776,6 @@
{
int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
size_t plen;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( pt != NULL );
- ECP_VALIDATE_RET( buf != NULL );
-
if( ilen < 1 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
@@ -876,11 +837,6 @@
{
unsigned char data_len;
const unsigned char *buf_start;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( pt != NULL );
- ECP_VALIDATE_RET( buf != NULL );
- ECP_VALIDATE_RET( *buf != NULL );
-
/*
* We must have at least two bytes (1 for length, at least one for data)
*/
@@ -911,12 +867,9 @@
unsigned char *buf, size_t blen )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( pt != NULL );
- ECP_VALIDATE_RET( olen != NULL );
- ECP_VALIDATE_RET( buf != NULL );
- ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED ||
- format == MBEDTLS_ECP_PF_COMPRESSED );
+ if( format != MBEDTLS_ECP_PF_UNCOMPRESSED &&
+ format != MBEDTLS_ECP_PF_COMPRESSED )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
/*
* buffer length must be at least one, for our length byte
@@ -945,10 +898,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group_id grp_id;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( buf != NULL );
- ECP_VALIDATE_RET( *buf != NULL );
-
if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, len ) ) != 0 )
return( ret );
@@ -964,10 +913,6 @@
{
uint16_t tls_id;
const mbedtls_ecp_curve_info *curve_info;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( buf != NULL );
- ECP_VALIDATE_RET( *buf != NULL );
-
/*
* We expect at least three bytes (see below)
*/
@@ -1002,10 +947,6 @@
unsigned char *buf, size_t blen )
{
const mbedtls_ecp_curve_info *curve_info;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( buf != NULL );
- ECP_VALIDATE_RET( olen != NULL );
-
if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( grp->id ) ) == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
@@ -2642,11 +2583,6 @@
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx )
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( R != NULL );
- ECP_VALIDATE_RET( m != NULL );
- ECP_VALIDATE_RET( P != NULL );
-
if( f_rng == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
@@ -2660,10 +2596,6 @@
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( R != NULL );
- ECP_VALIDATE_RET( m != NULL );
- ECP_VALIDATE_RET( P != NULL );
return( mbedtls_ecp_mul_restartable( grp, R, m, P, f_rng, p_rng, NULL ) );
}
@@ -2775,13 +2707,6 @@
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
char is_grp_capable = 0;
#endif
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( R != NULL );
- ECP_VALIDATE_RET( m != NULL );
- ECP_VALIDATE_RET( P != NULL );
- ECP_VALIDATE_RET( n != NULL );
- ECP_VALIDATE_RET( Q != NULL );
-
if( mbedtls_ecp_get_type( grp ) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
@@ -2867,12 +2792,6 @@
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
const mbedtls_mpi *n, const mbedtls_ecp_point *Q )
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( R != NULL );
- ECP_VALIDATE_RET( m != NULL );
- ECP_VALIDATE_RET( P != NULL );
- ECP_VALIDATE_RET( n != NULL );
- ECP_VALIDATE_RET( Q != NULL );
return( mbedtls_ecp_muladd_restartable( grp, R, m, P, n, Q, NULL ) );
}
#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
@@ -2996,9 +2915,6 @@
int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
const mbedtls_ecp_point *pt )
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( pt != NULL );
-
/* Must use affine coordinates */
if( mbedtls_mpi_cmp_int( &pt->Z, 1 ) != 0 )
return( MBEDTLS_ERR_ECP_INVALID_KEY );
@@ -3020,9 +2936,6 @@
int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
const mbedtls_mpi *d )
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( d != NULL );
-
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
{
@@ -3112,10 +3025,6 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( d != NULL );
- ECP_VALIDATE_RET( f_rng != NULL );
-
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
return( mbedtls_ecp_gen_privkey_mx( grp->nbits, d, f_rng, p_rng ) );
@@ -3139,12 +3048,6 @@
void *p_rng )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( d != NULL );
- ECP_VALIDATE_RET( G != NULL );
- ECP_VALIDATE_RET( Q != NULL );
- ECP_VALIDATE_RET( f_rng != NULL );
-
MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) );
@@ -3160,11 +3063,6 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( d != NULL );
- ECP_VALIDATE_RET( Q != NULL );
- ECP_VALIDATE_RET( f_rng != NULL );
-
return( mbedtls_ecp_gen_keypair_base( grp, &grp->G, d, Q, f_rng, p_rng ) );
}
@@ -3175,9 +3073,6 @@
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECP_VALIDATE_RET( key != NULL );
- ECP_VALIDATE_RET( f_rng != NULL );
-
if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
return( ret );
@@ -3194,9 +3089,6 @@
{
int ret = 0;
- ECP_VALIDATE_RET( key != NULL );
- ECP_VALIDATE_RET( buf != NULL );
-
if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
return( ret );
@@ -3277,9 +3169,6 @@
{
int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
- ECP_VALIDATE_RET( key != NULL );
- ECP_VALIDATE_RET( buf != NULL );
-
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
{
@@ -3320,9 +3209,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point Q;
mbedtls_ecp_group grp;
- ECP_VALIDATE_RET( pub != NULL );
- ECP_VALIDATE_RET( prv != NULL );
-
if( pub->grp.id == MBEDTLS_ECP_DP_NONE ||
pub->grp.id != prv->grp.id ||
mbedtls_mpi_cmp_mpi( &pub->Q.X, &prv->Q.X ) ||
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index fafe68b..70dc74d 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -22,7 +22,7 @@
#if defined(MBEDTLS_PSA_CRYPTO_C)
-#include <psa_crypto_cipher.h>
+#include "psa_crypto_cipher.h"
#include "psa_crypto_core.h"
#include "psa_crypto_random_impl.h"
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 5677a5c..ad235bf 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -82,6 +82,7 @@
#else
#include <dirent.h>
#endif /* __MBED__ */
+#include <errno.h>
#endif /* !_WIN32 || EFIX64 || EFI32 */
#endif
@@ -1658,8 +1659,22 @@
}
else if( stat( entry_name, &sb ) == -1 )
{
- ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
- goto cleanup;
+ if( errno == ENOENT )
+ {
+ /* Broken symbolic link - ignore this entry.
+ stat(2) will return this error for either (a) a dangling
+ symlink or (b) a missing file.
+ Given that we have just obtained the filename from readdir,
+ assume that it does exist and therefore treat this as a
+ dangling symlink. */
+ continue;
+ }
+ else
+ {
+ /* Some other file error; report the error. */
+ ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
+ goto cleanup;
+ }
}
if( !S_ISREG( sb.st_mode ) )
diff --git a/tests/git-scripts/README.md b/tests/git-scripts/README.md
index 29d7501..23db168 100644
--- a/tests/git-scripts/README.md
+++ b/tests/git-scripts/README.md
@@ -1,16 +1,16 @@
README for git hooks script
===========================
git has a way to run scripts, which are invoked by specific git commands.
-The git hooks are located in `<mbed TLS root>/.git/hooks`, and as such are not under version control
+The git hooks are located in `<Mbed TLS root>/.git/hooks`, and as such are not under version control
for more information, see the [git documentation](https://git-scm.com/docs/githooks).
-The mbed TLS git hooks are located in `<mbed TLS root>/tests/git-scripts` directory, and one must create a soft link from `<mbed TLS root>/.git/hooks` to `<mbed TLS root>/tesst/git-scripts`, in order to make the hook scripts successfully work.
+The Mbed TLS git hooks are located in `<Mbed TLS root>/tests/git-scripts` directory, and one must create a soft link from `<Mbed TLS root>/.git/hooks` to `<Mbed TLS root>/tests/git-scripts`, in order to make the hook scripts successfully work.
Example:
-Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory:
+Execute the following command to create a link on Linux from the Mbed TLS `.git/hooks` directory:
`ln -s ../../tests/git-scripts/pre-push.sh pre-push`
-**Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!**
+**Note: Currently the Mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!**
These scripts can also be used independently.
diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function
index 68db8fe..78ade2e 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -43,7 +43,7 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
void ecdh_invalid_param( )
{
mbedtls_ecdh_context ctx;
diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function
index 311733b..e8aaa6c 100644
--- a/tests/suites/test_suite_ecjpake.function
+++ b/tests/suites/test_suite_ecjpake.function
@@ -98,7 +98,7 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
void ecjpake_invalid_param( )
{
mbedtls_ecjpake_context ctx;
@@ -114,7 +114,6 @@
valid_md,
valid_group,
buf, len ) );
-
exit:
return;
}
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 1b77f1d..868a011 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -61,7 +61,7 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
void ecp_invalid_param( )
{
mbedtls_ecp_group grp;