Merge pull request #4211 from ccawley2011/mingw
Fix compilation with MinGW32
diff --git a/3rdparty/everest/README.md b/3rdparty/everest/README.md
index 0e25466..bcf12c0 100644
--- a/3rdparty/everest/README.md
+++ b/3rdparty/everest/README.md
@@ -2,4 +2,4 @@
This is a formally verified implementation of Curve25519-based handshakes. The C code is automatically derived from the (verified) [original implementation](https://github.com/project-everest/hacl-star/tree/master/code/curve25519) in the [F* language](https://github.com/fstarlang/fstar) by [KreMLin](https://github.com/fstarlang/kremlin). In addition to the improved safety and security of the implementation, it is also significantly faster than the default implementation of Curve25519 in mbedTLS.
-The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explictly supported platforms are currently `x86` and `x86_64` using gcc or clang, and Visual C (2010 and later).
+The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explicitly supported platforms are currently `x86` and `x86_64` using gcc or clang, and Visual C (2010 and later).
diff --git a/3rdparty/everest/library/Hacl_Curve25519_joined.c b/3rdparty/everest/library/Hacl_Curve25519_joined.c
index ee62be1..957294f 100644
--- a/3rdparty/everest/library/Hacl_Curve25519_joined.c
+++ b/3rdparty/everest/library/Hacl_Curve25519_joined.c
@@ -18,6 +18,15 @@
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
+#ifndef _BSD_SOURCE
+/* Required to get htole64() from gcc/glibc's endian.h (older systems)
+ * when we compile with -std=c99 */
+#define _BSD_SOURCE
+#endif
+#ifndef _DEFAULT_SOURCE
+/* (modern version of _BSD_SOURCE) */
+#define _DEFAULT_SOURCE
+#endif
#include "common.h"
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0fccd3d..cac13bd 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -6,7 +6,7 @@
# command but rather at the target level using the
# target_include_directories command. That way, it is easier to guarantee
# that targets are built using the proper list of include directories.
-# + Use the PUBLIC and PRIVATE keywords to specifiy the scope of include
+# + Use the PUBLIC and PRIVATE keywords to specify the scope of include
# directories. That way, a target linking to a library (using the
# target_link_librairies command) inherits from the library PUBLIC include
# directories and not from the PRIVATE ones.
@@ -170,6 +170,9 @@
include(CheckCCompilerFlag)
+set(CMAKE_C_EXTENSIONS OFF)
+set(CMAKE_C_STANDARD 99)
+
if(CMAKE_COMPILER_IS_GNU)
# some warnings we want are not available with old GCC versions
# note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION
diff --git a/SECURITY.md b/SECURITY.md
index bd18f6c..26b77ab 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -6,7 +6,7 @@
## Security Incident Handling Process
-Our security process is detailled in our
+Our security process is detailed in our
[security
center](https://developer.trustedfirmware.org/w/mbed-tls/security-center/).
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 68ccf10..35622fc 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -104,7 +104,7 @@
/*
* Save RAM at the expense of interoperability: do this only if you control
- * both ends of the connection! (See coments in "mbedtls/ssl.h".)
+ * both ends of the connection! (See comments in "mbedtls/ssl.h".)
* The minimum size here depends on the certificate chain used as well as the
* typical size of records.
*/
diff --git a/docs/architecture/psa-migration/psa-limitations.md b/docs/architecture/psa-migration/psa-limitations.md
index 31adec3..f5b5700 100644
--- a/docs/architecture/psa-migration/psa-limitations.md
+++ b/docs/architecture/psa-migration/psa-limitations.md
@@ -84,7 +84,7 @@
- most commonly MGF1, which in turn is parametrized by a hash algorithm
- a salt length
- a trailer field - the value is fixed to 0xBC by PKCS#1 v2.1, but was left
- configurable in the original scheme; 0xBC is used everywhere in pratice.
+ configurable in the original scheme; 0xBC is used everywhere in practice.
Both the existing `mbedtls_` API and the PSA API support only MGF1 as the
generation function (and only 0xBC as the trailer field), but there are
@@ -317,7 +317,7 @@
HKDF: Expand not exposed on its own (TLS 1.3)
---------------------------------------------
-The HKDF function uses and Extract-then-Expand approch, that is:
+The HKDF function uses an Extract-then-Expand approach, that is:
HKDF(x, ...) = HKDF-Expand(HKDF-Extract(x, ...), ...)
diff --git a/docs/architecture/testing/psa-storage-format-testing.md b/docs/architecture/testing/psa-storage-format-testing.md
index 0e20a8b..5514dfa 100644
--- a/docs/architecture/testing/psa-storage-format-testing.md
+++ b/docs/architecture/testing/psa-storage-format-testing.md
@@ -40,7 +40,7 @@
## Storage architecture overview
-The PSA subsystem provides storage on top of the PSA trusted storage interface. The state of the storage is a mapping from file identifer (a 64-bit number) to file content (a byte array). These files include:
+The PSA subsystem provides storage on top of the PSA trusted storage interface. The state of the storage is a mapping from file identifier (a 64-bit number) to file content (a byte array). These files include:
* [Key files](#key-storage) (files containing one key's metadata and, except for some secure element keys, key material).
* The [random generator injected seed or state file](#random-generator-state) (`PSA_CRYPTO_ITS_RANDOM_SEED_UID`).
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index 1a96d15..296f9a8 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -41,7 +41,7 @@
#define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */
#define MBEDTLS_ARIA_BLOCKSIZE 16 /**< ARIA block size in bytes. */
-#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */
+#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maximum number of rounds in ARIA. */
#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
/** Bad input data. */
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 30b0ed2..be2cae7 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -228,7 +228,7 @@
* \return 0 if successful.
* \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
* would end beyond \p end.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
+ * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
*/
int mbedtls_asn1_get_len( unsigned char **p,
const unsigned char *end,
@@ -253,7 +253,7 @@
* with the requested tag.
* \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
* would end beyond \p end.
- * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
+ * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
*/
int mbedtls_asn1_get_tag( unsigned char **p,
const unsigned char *end,
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 1ced6e5..73c50c2 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -76,7 +76,7 @@
#endif
#if defined(MBEDTLS_CMAC_C) && \
- !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C)
+ ( !defined(MBEDTLS_CIPHER_C ) || ( !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C) ) )
#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
#endif
@@ -146,13 +146,30 @@
#endif
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
+#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_PKCS5_C) && !defined(MBEDTLS_MD_C)
+#if defined(MBEDTLS_PKCS12_C) && !defined(MBEDTLS_CIPHER_C)
+#error "MBEDTLS_PKCS12_C defined, but not all prerequesites"
+#endif
+
+#if defined(MBEDTLS_PKCS5_C) && (!defined(MBEDTLS_MD_C) || \
+ !defined(MBEDTLS_CIPHER_C))
#error "MBEDTLS_PKCS5_C defined, but not all prerequesites"
#endif
+#if defined(MBEDTLS_PKCS12_C) && !defined(MBEDTLS_MD_C)
+#error "MBEDTLS_PKCS12_C defined, but not all prerequesites"
+#endif
+
+#if defined(MBEDTLS_PKCS1_V15) && !defined(MBEDTLS_MD_C)
+#error "MBEDTLS_PKCS1_V15 defined, but not all prerequesites"
+#endif
+
+#if defined(MBEDTLS_PKCS1_V21) && !defined(MBEDTLS_MD_C)
+#error "MBEDTLS_PKCS1_V21 defined, but not all prerequesites"
+#endif
+
#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \
!defined(MBEDTLS_SHA256_C))
#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
@@ -322,11 +339,11 @@
#endif
#if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
+#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
+#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
@@ -342,7 +359,7 @@
#endif
#if defined(MBEDTLS_PK_C) && \
- ( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) )
+ ( !defined(MBEDTLS_MD_C) || ( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) ) )
#error "MBEDTLS_PK_C defined, but not all prerequisites"
#endif
@@ -550,6 +567,10 @@
#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)"
#endif
+#if defined(MBEDTLS_PSA_CRYPTO_C) && !defined(MBEDTLS_CIPHER_C )
+#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_PSA_CRYPTO_SPM) && !defined(MBEDTLS_PSA_CRYPTO_C)
#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
#endif
@@ -780,15 +801,16 @@
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
+#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
+#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
+#if defined(MBEDTLS_SSL_TICKET_C) && ( !defined(MBEDTLS_CIPHER_C) && \
+ !defined(MBEDTLS_USE_PSA_CRYPTO) )
#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
#endif
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index c04097d..9ce1195 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -844,6 +844,12 @@
* \note Some ciphers do not use IVs nor nonce. For these
* ciphers, this function has no effect.
*
+ * \note For #MBEDTLS_CIPHER_CHACHA20, the nonce length must
+ * be 12, and the initial counter value is 0.
+ *
+ * \note For #MBEDTLS_CIPHER_CHACHA20_POLY1305, the nonce length
+ * must be 12.
+ *
* \param ctx The generic cipher context. This must be initialized and
* bound to a cipher information structure.
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index 0aed596..5c8aba8 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -139,7 +139,7 @@
* discarded.
* (Default value: 0 = No debug )
*
- * \param threshold theshold level of messages to filter on. Messages at a
+ * \param threshold threshold level of messages to filter on. Messages at a
* higher level will be discarded.
* - Debug levels
* - 0 No debug
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index a73f624..7853a6a 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -65,7 +65,7 @@
* (KeyExchange) as defined by the Thread spec.
*
* In order to benefit from this symmetry, we choose a different naming
- * convetion from the Thread v1.0 spec. Correspondance is indicated in the
+ * convention from the Thread v1.0 spec. Correspondence is indicated in the
* description as a pair C: client name, S: server name
*/
typedef struct mbedtls_ecjpake_context
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 37702b5..f2cf2c0 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -204,7 +204,7 @@
size_t len );
/**
- * \brief Initilisation of simpified HMAC_DRBG (never reseeds).
+ * \brief Initialisation of simplified HMAC_DRBG (never reseeds).
*
* This function is meant for use in algorithms that need a pseudorandom
* input such as deterministic ECDSA.
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 2d32f67..016b219 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -330,7 +330,7 @@
//#define MBEDTLS_SHA512_ALT
/*
- * When replacing the elliptic curve module, pleace consider, that it is
+ * When replacing the elliptic curve module, please consider, that it is
* implemented with two .c files:
* - ecp.c
* - ecp_curves.c
@@ -1129,7 +1129,7 @@
*
* Enable support for PKCS#1 v1.5 encoding.
*
- * Requires: MBEDTLS_RSA_C
+ * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
*
* This enables support for PKCS#1 v1.5 operations.
*/
@@ -1416,7 +1416,7 @@
* Enable support for RFC 7627: Session Hash and Extended Master Secret
* Extension.
*
- * This was introduced as "the proper fix" to the Triple Handshake familiy of
+ * This was introduced as "the proper fix" to the Triple Handshake family of
* attacks, but it is recommended to always use it (even if you disable
* renegotiation), since it actually fixes a more fundamental issue in the
* original SSL/TLS design, and has implications beyond Triple Handshake.
@@ -1442,7 +1442,7 @@
* \note This option has no influence on the protection against the
* triple handshake attack. Even if it is disabled, Mbed TLS will
* still ensure that certificates do not change during renegotiation,
- * for exaple by keeping a hash of the peer's certificate.
+ * for example by keeping a hash of the peer's certificate.
*
* Comment this macro to disable storing the peer's certificate
* after the handshake.
@@ -1576,7 +1576,7 @@
* unless you know for sure amplification cannot be a problem in the
* environment in which your server operates.
*
- * \warning Disabling this can ba a security risk! (see above)
+ * \warning Disabling this can be a security risk! (see above)
*
* Requires: MBEDTLS_SSL_PROTO_DTLS
*
@@ -2115,7 +2115,8 @@
*
* Module: library/ccm.c
*
- * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or
+ * MBEDTLS_ARIA_C
*
* This module enables the AES-CCM ciphersuites, if other requisites are
* enabled as well.
@@ -2148,7 +2149,17 @@
* Enable the generic cipher layer.
*
* Module: library/cipher.c
- * Caller: library/ssl_tls.c
+ * Caller: library/ccm.c
+ * library/cmac.c
+ * library/gcm.c
+ * library/nist_kw.c
+ * library/pkcs12.c
+ * library/pkcs5.c
+ * library/psa_crypto_aead.c
+ * library/psa_crypto_mac.c
+ * library/ssl_ciphersuites.c
+ * library/ssl_msg.c
+ * library/ssl_ticket.c (unless MBEDTLS_USE_PSA_CRYPTO is enabled)
*
* Uncomment to enable generic cipher wrappers.
*/
@@ -2167,7 +2178,7 @@
*
* Module: library/cmac.c
*
- * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_DES_C
*
*/
#define MBEDTLS_CMAC_C
@@ -2346,7 +2357,8 @@
*
* Module: library/gcm.c
*
- * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or
+ * MBEDTLS_ARIA_C
*
* This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
* requisites are enabled as well.
@@ -2401,7 +2413,24 @@
* Enable the generic message digest layer.
*
* Module: library/md.c
- * Caller:
+ * Caller: library/constant_time.c
+ * library/ecdsa.c
+ * library/ecjpake.c
+ * library/hkdf.c
+ * library/hmac_drbg.c
+ * library/pk.c
+ * library/pkcs5.c
+ * library/pkcs12.c
+ * library/psa_crypto_ecp.c
+ * library/psa_crypto_rsa.c
+ * library/rsa.c
+ * library/ssl_cookie.c
+ * library/ssl_msg.c
+ * library/ssl_tls.c
+ * library/x509.c
+ * library/x509_crt.c
+ * library/x509write_crt.c
+ * library/x509write_csr.c
*
* Uncomment to enable generic message digest wrappers.
*/
@@ -2537,7 +2566,7 @@
/**
* \def MBEDTLS_PK_C
*
- * Enable the generic public (asymetric) key layer.
+ * Enable the generic public (asymmetric) key layer.
*
* Module: library/pk.c
* Caller: library/psa_crypto_rsa.c
@@ -2546,7 +2575,7 @@
* library/ssl*_server.c
* library/x509.c
*
- * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
+ * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C or MBEDTLS_ECP_C
*
* Uncomment to enable generic public key wrappers.
*/
@@ -2555,7 +2584,7 @@
/**
* \def MBEDTLS_PK_PARSE_C
*
- * Enable the generic public (asymetric) key parser.
+ * Enable the generic public (asymmetric) key parser.
*
* Module: library/pkparse.c
* Caller: library/x509_crt.c
@@ -2570,7 +2599,7 @@
/**
* \def MBEDTLS_PK_WRITE_C
*
- * Enable the generic public (asymetric) key writer.
+ * Enable the generic public (asymmetric) key writer.
*
* Module: library/pkwrite.c
* Caller: library/x509write.c
@@ -2588,7 +2617,7 @@
*
* Module: library/pkcs5.c
*
- * Requires: MBEDTLS_MD_C
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
*
* This module adds support for the PKCS#5 functions.
*/
@@ -2646,7 +2675,8 @@
*
* Module: library/psa_crypto.c
*
- * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
+ * Requires: MBEDTLS_CIPHER_C,
+ * either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
* or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C,
* or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
*
@@ -2947,7 +2977,7 @@
* Module: library/ssl_ticket.c
* Caller:
*
- * Requires: MBEDTLS_CIPHER_C
+ * Requires: MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO
*/
#define MBEDTLS_SSL_TICKET_C
diff --git a/include/mbedtls/private_access.h b/include/mbedtls/private_access.h
index 98d3419..85461f6 100644
--- a/include/mbedtls/private_access.h
+++ b/include/mbedtls/private_access.h
@@ -1,7 +1,7 @@
/**
* \file private_access.h
*
- * \brief Macro wrapper for struct's memebrs.
+ * \brief Macro wrapper for struct's members.
*/
/*
* Copyright The Mbed TLS Contributors
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index d03c31d..7562d1c 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -74,7 +74,7 @@
/*
* The above constants may be used even if the RSA module is compile out,
- * eg for alternative (PKCS#11) RSA implemenations in the PK layers.
+ * eg for alternative (PKCS#11) RSA implementations in the PK layers.
*/
#ifdef __cplusplus
@@ -540,7 +540,7 @@
*
* \note Blinding is used if and only if a PRNG is provided.
*
- * \note If blinding is used, both the base of exponentation
+ * \note If blinding is used, both the base of exponentiation
* and the exponent are blinded, providing protection
* against some side-channel attacks.
*
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index c8c1219..c882371 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2130,7 +2130,7 @@
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/**
- * \brief Set the Maximum Tranport Unit (MTU).
+ * \brief Set the Maximum Transport Unit (MTU).
* Special value: 0 means unset (no limit).
* This represents the maximum size of a datagram payload
* handled by the transport layer (usually UDP) as determined
@@ -2735,7 +2735,7 @@
* ones going through the authentication-decryption phase.
*
* \note This is a security trade-off related to the fact that it's
- * often relatively easy for an active attacker ot inject UDP
+ * often relatively easy for an active attacker to inject UDP
* datagrams. On one hand, setting a low limit here makes it
* easier for such an attacker to forcibly terminated a
* connection. On the other hand, a high limit or no limit
@@ -3454,7 +3454,7 @@
* Both sides: limits the set of curves accepted for use in
* ECDHE and in the peer's end-entity certificate.
*
- * \deprecated Superseeded by mbedtls_ssl_conf_groups().
+ * \deprecated Superseded by mbedtls_ssl_conf_groups().
*
* \note This has no influence on which curves are allowed inside the
* certificate chains, see \c mbedtls_ssl_conf_cert_profile()
@@ -3725,7 +3725,7 @@
* \param protos Pointer to a NULL-terminated list of supported protocols,
* in decreasing preference order. The pointer to the list is
* recorded by the library for later reference as required, so
- * the lifetime of the table must be atleast as long as the
+ * the lifetime of the table must be at least as long as the
* lifetime of the SSL configuration structure.
*
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
@@ -3739,7 +3739,7 @@
*
* \param ssl SSL context
*
- * \return Protcol name, or NULL if no protocol was negotiated.
+ * \return Protocol name, or NULL if no protocol was negotiated.
*/
const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_ALPN */
@@ -3822,7 +3822,7 @@
unsigned char *mki_value,
uint16_t mki_len );
/**
- * \brief Get the negotiated DTLS-SRTP informations:
+ * \brief Get the negotiated DTLS-SRTP information:
* Protection profile and MKI value.
*
* \warning This function must be called after the handshake is
@@ -3830,7 +3830,7 @@
* not be trusted or acted upon before the handshake completes.
*
* \param ssl The SSL context to query.
- * \param dtls_srtp_info The negotiated DTLS-SRTP informations:
+ * \param dtls_srtp_info The negotiated DTLS-SRTP information:
* - Protection profile in use.
* A direct mapping of the iana defined value for protection
* profile on an uint16_t.
@@ -4053,7 +4053,7 @@
* initiated by peer
* (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
*
- * \warning It is recommended to always disable renegotation unless you
+ * \warning It is recommended to always disable renegotiation unless you
* know you need it and you know what you're doing. In the
* past, there have been several issues associated with
* renegotiation or a poor understanding of its properties.
@@ -4116,7 +4116,7 @@
* scenario.
*
* \note With DTLS and server-initiated renegotiation, the
- * HelloRequest is retransmited every time mbedtls_ssl_read() times
+ * HelloRequest is retransmitted every time mbedtls_ssl_read() times
* out or receives Application Data, until:
* - max_records records have beens seen, if it is >= 0, or
* - the number of retransmits that would happen during an
@@ -4775,7 +4775,7 @@
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
* \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed
- * while reseting the context.
+ * while resetting the context.
* \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in
* progress, or there is pending data for reading or sending,
* or the connection does not use DTLS 1.2 with an AEAD
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index c5b80d9..a1ca74b 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -90,7 +90,7 @@
* \brief Set expiration delay for cookies
* (Default MBEDTLS_SSL_COOKIE_TIMEOUT)
*
- * \param ctx Cookie contex
+ * \param ctx Cookie context
* \param delay Delay, in seconds if HAVE_TIME, or in number of cookies
* issued in the meantime.
* 0 to disable expiration (NOT recommended)
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 51ce257..9ed2bbe 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -968,7 +968,7 @@
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
/**
- * \brief Set the verion for a Certificate
+ * \brief Set the version for a Certificate
* Default: MBEDTLS_X509_CRT_VERSION_3
*
* \param ctx CRT context to use
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 20a516e..44b7aab 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -184,7 +184,7 @@
* private key used to sign the CSR when writing it)
*
* \param ctx CSR context to use
- * \param key Asymetric key to include
+ * \param key Asymmetric key to include
*/
void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 5f4a9be..211ea8a 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -1023,7 +1023,7 @@
* This function calculates the hash of the message formed by concatenating
* the inputs passed to preceding calls to psa_hash_update().
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_hash_abort().
*
@@ -1073,7 +1073,7 @@
* compares the calculated hash with the expected hash passed as a
* parameter to this function.
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_hash_abort().
*
@@ -1458,7 +1458,7 @@
* This function calculates the MAC of the message formed by concatenating
* the inputs passed to preceding calls to psa_mac_update().
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_mac_abort().
*
@@ -1511,7 +1511,7 @@
* compares the calculated MAC with the expected MAC passed as a
* parameter to this function.
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_mac_abort().
*
@@ -1971,7 +1971,7 @@
* formed by concatenating the inputs passed to preceding calls to
* psa_cipher_update().
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_cipher_abort().
*
@@ -2638,7 +2638,7 @@
* preceding calls to psa_aead_update().
* - \p tag contains the authentication tag.
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_aead_abort().
*
@@ -2728,7 +2728,7 @@
* plaintext and reports success. If the authentication tag is not correct,
* this function returns #PSA_ERROR_INVALID_SIGNATURE.
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling psa_aead_abort().
*
@@ -3026,7 +3026,7 @@
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_SIGNATURE
- * The calculation was perfomed successfully, but the passed
+ * The calculation was performed successfully, but the passed
* signature is not a valid signature.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
@@ -3050,7 +3050,7 @@
/**
* \brief Encrypt a short message with a public key.
*
- * \param key Identifer of the key to use for the operation.
+ * \param key Identifier of the key to use for the operation.
* It must be a public key or an asymmetric key
* pair. It must allow the usage
* #PSA_KEY_USAGE_ENCRYPT.
@@ -3783,7 +3783,7 @@
*
* \param[in,out] operation The key derivation operation object to read from.
* \param[in] expected_output Buffer containing the expected derivation output.
- * \param output_length Length ot the expected output; this is also the
+ * \param output_length Length of the expected output; this is also the
* number of bytes that will be read.
*
* \retval #PSA_SUCCESS
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index df28fef..8fb1a21 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -348,7 +348,7 @@
* length of the byte string is the private key size in bytes (leading zeroes
* are not stripped).
*
- * Determinstic DSA key derivation with psa_generate_derived_key follows
+ * Deterministic DSA key derivation with psa_generate_derived_key follows
* FIPS 186-4 §B.1.2: interpret the byte string as integer
* in big-endian order. Discard it if it is not in the range
* [0, *N* - 2] where *N* is the boundary of the private key domain
@@ -1145,7 +1145,7 @@
*/
#define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t)0x03)
-/** The type of the data strucure for PAKE cipher suites.
+/** The type of the data structure for PAKE cipher suites.
*
* This is an implementation-defined \c struct. Applications should not
* make any assumptions about the content of this structure.
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index f333db1..434554d 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -462,7 +462,7 @@
}
else
{
- /* Call the bigger function to free the old domain paramteres.
+ /* Call the bigger function to free the old domain parameters.
* Ignore any errors which may arise due to type requiring
* non-default domain parameters, since this function can't
* report errors. */
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 2f9a15a..17d7a9b 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -489,8 +489,12 @@
*
* ChaCha20 and the ChaCha20_Poly1305 construction are defined in RFC 7539.
*
- * Implementations must support 12-byte nonces, may support 8-byte nonces,
- * and should reject other sizes.
+ * \note For ChaCha20 and ChaCha20_Poly1305, Mbed TLS only supports
+ * 12-byte nonces.
+ *
+ * \note For ChaCha20, the initial counter value is 0. To encrypt or decrypt
+ * with the initial counter value 1, you can process and discard a
+ * 64-byte block before the real data.
*/
#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x2004)
@@ -1456,7 +1460,7 @@
* with a random per-message secret number (*k*).
*
* The representation of the signature as a byte string consists of
- * the concatentation of the signature values *r* and *s*. Each of
+ * the concatenation of the signature values *r* and *s*. Each of
* *r* and *s* is encoded as an *N*-octet string, where *N* is the length
* of the base point of the curve in octets. Each value is represented
* in big-endian order (most significant octet first).
@@ -2269,8 +2273,8 @@
#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
#define MBEDTLS_SVC_KEY_ID_INIT ( (mbedtls_svc_key_id_t){ 0, 0 } )
-#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).key_id )
-#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( ( id ).owner )
+#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).MBEDTLS_PRIVATE(key_id) )
+#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( ( id ).MBEDTLS_PRIVATE(owner) )
/** Utility to initialize a key identifier at runtime.
*
diff --git a/library/aes.c b/library/aes.c
index d2b05e2..bf5d432 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1089,7 +1089,7 @@
*
* This function multiplies a field element by x in the polynomial field
* representation. It uses 64-bit word operations to gain speed but compensates
- * for machine endianess and hence works correctly on both big and little
+ * for machine endianness and hence works correctly on both big and little
* endian machines.
*/
static void mbedtls_gf128mul_x_ble( unsigned char r[16],
@@ -1189,7 +1189,7 @@
unsigned char *prev_output = output - 16;
/* Copy ciphertext bytes from the previous block to our output for each
- * byte of cyphertext we won't steal. At the same time, copy the
+ * byte of ciphertext we won't steal. At the same time, copy the
* remainder of the input for this final round (since the loop bounds
* are the same). */
for( i = 0; i < leftover; i++ )
diff --git a/library/bignum.c b/library/bignum.c
index f06eff0..11acc01 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -2278,7 +2278,7 @@
* TA-TB is even so the division by 2 has an integer result.
* Invariant (I) is preserved since any odd divisor of both TA and TB
* also divides |TA-TB|/2, and any odd divisor of both TA and |TA-TB|/2
- * also divides TB, and any odd divisior of both TB and |TA-TB|/2 also
+ * also divides TB, and any odd divisor of both TB and |TA-TB|/2 also
* divides TA.
*/
if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 )
diff --git a/library/constant_time.c b/library/constant_time.c
index a6451bb..8475b0c 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -690,7 +690,7 @@
/*
* Conditionally swap X and Y, without leaking information
* about whether the swap was made or not.
- * Here it is not ok to simply swap the pointers, which whould lead to
+ * Here it is not ok to simply swap the pointers, which would lead to
* different memory access patterns when X and Y are used afterwards.
*/
int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X,
diff --git a/library/ecjpake.c b/library/ecjpake.c
index 738a977..d467a65 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -449,7 +449,7 @@
/*
* Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs
- * Ouputs: verified peer public keys Xa, Xb
+ * Outputs: verified peer public keys Xa, Xb
*/
static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info,
const mbedtls_ecp_group *grp,
diff --git a/library/ecp.c b/library/ecp.c
index f39cb02..8b32caa 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -1267,7 +1267,7 @@
* For curves in short Weierstrass form, we do all the internal operations in
* Jacobian coordinates.
*
- * For multiplication, we'll use a comb method with coutermeasueres against
+ * For multiplication, we'll use a comb method with countermeasures against
* SPA, hence timing attacks.
*/
@@ -2231,7 +2231,7 @@
* This function is mainly responsible for administrative work:
* - managing the restart context if enabled
* - managing the table of precomputed points (passed between the below two
- * functions): allocation, computation, ownership tranfer, freeing.
+ * functions): allocation, computation, ownership transfer, freeing.
*
* It delegates the actual arithmetic work to:
* ecp_precompute_comb() and ecp_mul_comb_with_precomp()
@@ -2365,7 +2365,7 @@
/*
* For Montgomery curves, we do all the internal arithmetic in projective
* coordinates. Import/export of points uses only the x coordinates, which is
- * internaly represented as X / Z.
+ * internally represented as X / Z.
*
* For scalar multiplication, we'll use a Montgomery ladder.
*/
@@ -2519,7 +2519,7 @@
MPI_ECP_LSET( &R->Z, 0 );
mbedtls_mpi_free( &R->Y );
- /* RP.X might be sligtly larger than P, so reduce it */
+ /* RP.X might be slightly larger than P, so reduce it */
MOD_ADD( &RP.X );
/* Randomize coordinates of the starting point */
diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c
index 8c6b442..61432d8 100644
--- a/library/memory_buffer_alloc.c
+++ b/library/memory_buffer_alloc.c
@@ -561,8 +561,8 @@
static void buffer_alloc_free_mutexed( void *ptr )
{
- /* We have to good option here, but corrupting the heap seems
- * worse than loosing memory. */
+ /* We have no good option here, but corrupting the heap seems
+ * worse than losing memory. */
if( mbedtls_mutex_lock( &heap.mutex ) )
return;
buffer_alloc_free( ptr );
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 852c46e..e234a8d 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -100,7 +100,8 @@
}
}
-#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
int mbedtls_pk_error_from_psa_rsa( psa_status_t status )
{
switch( status )
@@ -121,7 +122,7 @@
return( mbedtls_pk_error_from_psa( status ) );
}
}
-#endif
+#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
#endif /* MBEDTLS_PSA_CRYPTO_C */
@@ -1602,6 +1603,32 @@
NULL, /* debug - could be done later, or even left NULL */
};
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
+static int pk_opaque_rsa_decrypt( void *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx;
+ psa_status_t status;
+
+ /* PSA has its own RNG */
+ (void) f_rng;
+ (void) p_rng;
+
+ status = psa_asymmetric_decrypt( *key, PSA_ALG_RSA_PKCS1V15_CRYPT,
+ input, ilen,
+ NULL, 0,
+ output, osize, olen );
+ if( status != PSA_SUCCESS )
+ {
+ return( mbedtls_pk_error_from_psa_rsa( status ) );
+ }
+
+ return 0;
+}
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
+
const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info = {
MBEDTLS_PK_OPAQUE,
"Opaque",
@@ -1613,7 +1640,11 @@
NULL, /* restartable verify - not relevant */
NULL, /* restartable sign - not relevant */
#endif
- NULL, /* decrypt - will be done later */
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
+ pk_opaque_rsa_decrypt,
+#else
+ NULL, /* decrypt - not available */
+#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
NULL, /* encrypt - will be done later */
NULL, /* check_pair - could be done later or left NULL */
pk_opaque_alloc_wrap,
diff --git a/library/pk_wrap.h b/library/pk_wrap.h
index 5e81a65..fc756db 100644
--- a/library/pk_wrap.h
+++ b/library/pk_wrap.h
@@ -148,9 +148,10 @@
#if defined(MBEDTLS_PSA_CRYPTO_C)
int mbedtls_pk_error_from_psa( psa_status_t status );
-#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
int mbedtls_pk_error_from_psa_rsa( psa_status_t status );
-#endif
+#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
#if defined(MBEDTLS_RSA_C)
int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t psa_alg_md,
diff --git a/library/pkparse.c b/library/pkparse.c
index 22dab3a..89398b7 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -475,7 +475,7 @@
}
/*
- * grp may already be initilialized; if so, make sure IDs match
+ * grp may already be initialized; if so, make sure IDs match
*/
if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
@@ -808,7 +808,7 @@
goto cleanup;
#else
- /* Verify existance of the CRT params */
+ /* Verify existence of the CRT params */
if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 )
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index fa6800b..635981d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -913,7 +913,7 @@
goto error;
}
- /* Enforce that the usage policy permits the requested algortihm. */
+ /* Enforce that the usage policy permits the requested algorithm. */
if( alg != 0 )
{
status = psa_key_policy_permits( &slot->attr.policy,
@@ -4810,7 +4810,7 @@
/* 4. If k > N - 2, discard the result and return to step 1.
* Result of comparison is returned. When it indicates error
- * then this fuction is called again.
+ * then this function is called again.
*/
MBEDTLS_MPI_CHK( mbedtls_mpi_lt_mpi_ct( &diff_N_2, &k, &key_out_of_range ) );
}
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index e82e1cc..17b3953 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -428,7 +428,7 @@
* preceding calls to mbedtls_psa_aead_update().
* - \p tag contains the authentication tag.
*
- * Whether or not this function returns successfuly, the PSA core subsequently
+ * Whether or not this function returns successfully, the PSA core subsequently
* calls mbedtls_psa_aead_abort() to deactivate the operation.
*
* \param[in,out] operation Active AEAD operation.
diff --git a/library/psa_crypto_hash.h b/library/psa_crypto_hash.h
index 7091dc5..3bcea59 100644
--- a/library/psa_crypto_hash.h
+++ b/library/psa_crypto_hash.h
@@ -175,7 +175,7 @@
* This function calculates the hash of the message formed by concatenating
* the inputs passed to preceding calls to mbedtls_psa_hash_update().
*
- * When this function returns successfuly, the operation becomes inactive.
+ * When this function returns successfully, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling mbedtls_psa_hash_abort().
*
diff --git a/library/rsa.c b/library/rsa.c
index 36f487f..6a9e402 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -49,10 +49,6 @@
#include <string.h>
-#if defined(MBEDTLS_PKCS1_V21)
-#include "mbedtls/md.h"
-#endif
-
#if defined(MBEDTLS_PKCS1_V15) && !defined(__OpenBSD__) && !defined(__NetBSD__)
#include <stdlib.h>
#endif
@@ -852,10 +848,10 @@
* the more bits of the key can be recovered. See [3].
*
* Collecting n collisions with m bit long blinding value requires 2^(m-m/n)
- * observations on avarage.
+ * observations on average.
*
* For example with 28 byte blinding to achieve 2 collisions the adversary has
- * to make 2^112 observations on avarage.
+ * to make 2^112 observations on average.
*
* (With the currently (as of 2017 April) known best algorithms breaking 2048
* bit RSA requires approximately as much time as trying out 2^112 random keys.
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 3be4b45..0f2bc60 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -62,7 +62,7 @@
/*
* Cookies are formed of a 4-bytes timestamp (or serial number) and
- * an HMAC of timestemp and client ID.
+ * an HMAC of timestamp and client ID.
*/
#define COOKIE_LEN ( 4 + COOKIE_HMAC_LEN )
diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h
index 29b64dc..9f1df73 100644
--- a/library/ssl_debug_helpers.h
+++ b/library/ssl_debug_helpers.h
@@ -41,6 +41,8 @@
const char *mbedtls_ssl_sig_alg_to_str( uint16_t in );
+const char *mbedtls_ssl_named_group_to_str( uint16_t in );
+
#endif /* MBEDTLS_DEBUG_C */
#endif /* SSL_DEBUG_HELPERS_H */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index c2c3cd2..ce41a45 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -585,17 +585,14 @@
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
int tls13_kex_modes; /*!< key exchange modes for TLS 1.3 */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
-#if defined(MBEDTLS_SSL_CLI_C)
- /** Number of Hello Retry Request messages received from the server. */
+ /** Number of HelloRetryRequest messages received/sent from/to the server. */
int hello_retry_request_count;
-#endif /* MBEDTLS_SSL_CLI_C */
-
#if defined(MBEDTLS_SSL_SRV_C)
/** selected_group of key_share extension in HelloRetryRequest message. */
uint16_t hrr_selected_group;
#endif /* MBEDTLS_SSL_SRV_C */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@@ -1634,7 +1631,8 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-
+extern const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[
+ MBEDTLS_SERVER_HELLO_RANDOM_LEN ];
int mbedtls_ssl_tls13_process_finished_message( mbedtls_ssl_context *ssl );
int mbedtls_ssl_tls13_write_finished_message( mbedtls_ssl_context *ssl );
void mbedtls_ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl );
@@ -1856,7 +1854,7 @@
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1 ||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1 ||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448 ||
- /* Below deprected curves should be removed with notice to users */
+ /* Below deprecated curves should be removed with notice to users */
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 ||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 ||
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 ||
@@ -2169,7 +2167,7 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL.
- * Same value is used fo PSA_ALG_CATEGORY_CIPHER, hence it is
+ * Same value is used for PSA_ALG_CATEGORY_CIPHER, hence it is
* guaranteed to not be a valid PSA algorithm identifier.
*/
#define MBEDTLS_SSL_NULL_CIPHER 0x04000000
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 083c8d2..e1ea440 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -1234,7 +1234,7 @@
add_data, add_data_len );
/* Because of the check above, we know that there are
- * explicit_iv_len Bytes preceeding data, and taglen
+ * explicit_iv_len Bytes preceding data, and taglen
* bytes following data + data_len. This justifies
* the debug message and the invocation of
* mbedtls_cipher_auth_decrypt_ext() below. */
@@ -2404,7 +2404,7 @@
unsigned char **buf, size_t *buf_len )
{
/*
- * Reserve 4 bytes for hanshake header. ( Section 4,RFC 8446 )
+ * Reserve 4 bytes for handshake header. ( Section 4,RFC 8446 )
* ...
* HandshakeType msg_type;
* uint24 length;
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 1c05001..e1439f0 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -37,7 +37,7 @@
#include <string.h>
/*
- * Initialze context
+ * Initialize context
*/
void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx )
{
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ae697b1..a1a0003 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2918,7 +2918,7 @@
* In the case of TLS 1.3, handshake step handlers do not send data to the
* peer. Data are only sent here and through
* `mbedtls_ssl_handle_pending_alert` in case an error that triggered an
- * alert occured.
+ * alert occurred.
*/
if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
return( ret );
@@ -4017,7 +4017,7 @@
}
/*
- * Initialze mbedtls_ssl_config
+ * Initialize mbedtls_ssl_config
*/
void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
{
@@ -6614,7 +6614,7 @@
ssl->handshake = NULL;
/*
- * Free the previous transform and swith in the current one
+ * Free the previous transform and switch in the current one
*/
if( ssl->transform )
{
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 095db8f..f516efa 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2276,7 +2276,7 @@
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
- } /* FALLTROUGH */
+ } /* FALLTHROUGH */
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index a1505d1..590c874 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -1261,7 +1261,7 @@
* Handshake layer:
* 0 . 0 handshake type
* 1 . 3 handshake length
- * 4 . 5 DTLS only: message seqence number
+ * 4 . 5 DTLS only: message sequence number
* 6 . 8 DTLS only: fragment offset
* 9 . 11 DTLS only: fragment length
*/
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 59e42c8..320c5b4 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -750,11 +750,6 @@
const unsigned char *buf,
const unsigned char *end )
{
- static const unsigned char magic_hrr_string[MBEDTLS_SERVER_HELLO_RANDOM_LEN] =
- { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
- 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
- 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
- 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33 ,0x9C };
/* Check whether this message is a HelloRetryRequest ( HRR ) message.
*
@@ -771,9 +766,11 @@
* } ServerHello;
*
*/
- MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 2 + sizeof( magic_hrr_string ) );
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end,
+ 2 + sizeof( mbedtls_ssl_tls13_hello_retry_request_magic ) );
- if( memcmp( buf + 2, magic_hrr_string, sizeof( magic_hrr_string ) ) == 0 )
+ if( memcmp( buf + 2, mbedtls_ssl_tls13_hello_retry_request_magic,
+ sizeof( mbedtls_ssl_tls13_hello_retry_request_magic ) ) == 0 )
{
return( SSL_SERVER_HELLO_COORDINATE_HRR );
}
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index f5d791f..9de9d6d 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -34,6 +34,13 @@
#include "ssl_tls13_keys.h"
#include "ssl_debug_helpers.h"
+const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[
+ MBEDTLS_SERVER_HELLO_RANDOM_LEN ] =
+ { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
+ 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
+ 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
+ 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C };
+
int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char **buf,
@@ -975,7 +982,7 @@
#endif /* MBEDTLS_RSA_C */
default:
MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "unkown signature type : %u", sig ) );
+ ( "unknown signature type : %u", sig ) );
break;
}
return( -1 );
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 8ffd9a1..072c869 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1110,7 +1110,7 @@
transform->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
/* We add the true record content type (1 Byte) to the plaintext and
- * then pad to the configured granularity. The mimimum length of the
+ * then pad to the configured granularity. The minimum length of the
* type-extended and padded plaintext is therefore the padding
* granularity. */
transform->minlen =
@@ -1425,7 +1425,7 @@
hash_alg = mbedtls_psa_translate_md( handshake->ciphersuite_info->mac );
hash_len = PSA_HASH_LENGTH( hash_alg );
- /* Compute current handshake transcript. It's the caller's responsiblity
+ /* Compute current handshake transcript. It's the caller's responsibility
* to call this at the right time, that is, after the ServerFinished. */
ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 775443c..46a6a49 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -106,9 +106,9 @@
* NamedGroup named_group_list<2..2^16-1>;
* } NamedGroupList;
*/
-static int ssl_tls13_parse_supported_groups_ext(
- mbedtls_ssl_context *ssl,
- const unsigned char *buf, const unsigned char *end )
+static int ssl_tls13_parse_supported_groups_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
{
const unsigned char *p = buf;
size_t named_group_list_len;
@@ -129,7 +129,10 @@
named_group = MBEDTLS_GET_UINT16_BE( p, 0 );
p += 2;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "got named group: %d", named_group ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2,
+ ( "got named group: %s(%04x)",
+ mbedtls_ssl_named_group_to_str( named_group ),
+ named_group ) );
if( ! mbedtls_ssl_named_group_is_offered( ssl, named_group ) ||
! mbedtls_ssl_named_group_is_supported( named_group ) ||
@@ -138,9 +141,11 @@
continue;
}
- MBEDTLS_SSL_DEBUG_MSG(
- 2, ( "add named group (%04x) into received list.",
- named_group ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2,
+ ( "add named group %s(%04x) into received list.",
+ mbedtls_ssl_named_group_to_str( named_group ),
+ named_group ) );
+
ssl->handshake->hrr_selected_group = named_group;
}
@@ -162,8 +167,7 @@
* does not match a group supported by the server. A HelloRetryRequest will
* be needed.
* - A negative value for fatal errors.
-*/
-
+ */
static int ssl_tls13_parse_key_shares_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
const unsigned char *end )
@@ -171,8 +175,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char const *p = buf;
unsigned char const *client_shares_end;
- size_t client_shares_len, key_exchange_len;
- int match_found = 0;
+ size_t client_shares_len;
/* From RFC 8446:
*
@@ -196,9 +199,11 @@
* dismiss it and send a HelloRetryRequest message.
*/
- for( ; p < client_shares_end; p += key_exchange_len )
+ while( p < client_shares_end )
{
uint16_t group;
+ size_t key_exchange_len;
+ const unsigned char *key_exchange;
/*
* struct {
@@ -208,19 +213,18 @@
*/
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, client_shares_end, 4 );
group = MBEDTLS_GET_UINT16_BE( p, 0 );
- p += 2;
- key_exchange_len = MBEDTLS_GET_UINT16_BE( p, 0 );
- p += 2;
+ key_exchange_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+ p += 4;
+ key_exchange = p;
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, client_shares_end, key_exchange_len );
+ p += key_exchange_len;
/* Continue parsing even if we have already found a match,
* for input validation purposes.
*/
- if( match_found == 1 )
- continue;
-
if( ! mbedtls_ssl_named_group_is_offered( ssl, group ) ||
- ! mbedtls_ssl_named_group_is_supported( group ) )
+ ! mbedtls_ssl_named_group_is_supported( group ) ||
+ ssl->handshake->offered_group_id != 0 )
{
continue;
}
@@ -230,16 +234,14 @@
*/
if( mbedtls_ssl_tls13_named_group_is_ecdhe( group ) )
{
- const mbedtls_ecp_curve_info *curve_info =
- mbedtls_ecp_curve_info_from_tls_id( group );
- ((void) curve_info);
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH group: %s (%04x)",
+ mbedtls_ssl_named_group_to_str( group ),
+ group ) );
ret = mbedtls_ssl_tls13_read_public_ecdhe_share(
- ssl, p - 2, key_exchange_len + 2 );
+ ssl, key_exchange - 2, key_exchange_len + 2 );
if( ret != 0 )
return( ret );
- match_found = 1;
}
else
{
@@ -251,7 +253,8 @@
ssl->handshake->offered_group_id = group;
}
- if( match_found == 0 )
+
+ if( ssl->handshake->offered_group_id == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "no matching key share" ) );
return( SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH );
@@ -388,6 +391,7 @@
const unsigned char *cipher_suites_end;
size_t extensions_len;
const unsigned char *extensions_end;
+ int hrr_required = 0;
const mbedtls_ssl_ciphersuite_t* ciphersuite_info;
@@ -435,9 +439,9 @@
*/
ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
- /* ---
- * Random random;
- * ---
+ /* ...
+ * Random random;
+ * ...
* with Random defined as:
* opaque Random[32];
*/
@@ -447,9 +451,9 @@
memcpy( &ssl->handshake->randbytes[0], p, MBEDTLS_CLIENT_HELLO_RANDOM_LEN );
p += MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
- /* ---
+ /* ...
* opaque legacy_session_id<0..32>;
- * ---
+ * ...
*/
legacy_session_id_len = p[0];
p++;
@@ -480,9 +484,9 @@
*/
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cipher_suites_len + 2 + 2 );
- /* ---
+ /* ...
* CipherSuite cipher_suites<2..2^16-2>;
- * ---
+ * ...
* with CipherSuite defined as:
* uint8 CipherSuite[2];
*/
@@ -504,10 +508,12 @@
* Check whether this ciphersuite is valid and offered.
*/
if( ( mbedtls_ssl_validate_ciphersuite(
- ssl, ciphersuite_info, ssl->tls_version,
- ssl->tls_version ) != 0 ) ||
- !mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
+ ssl, ciphersuite_info, ssl->tls_version,
+ ssl->tls_version ) != 0 ) ||
+ ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
+ {
continue;
+ }
ssl->session_negotiate->ciphersuite = cipher_suite;
ssl->handshake->ciphersuite_info = ciphersuite_info;
@@ -517,7 +523,7 @@
}
- if( !ciphersuite_match )
+ if( ! ciphersuite_match )
{
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
@@ -528,6 +534,7 @@
ciphersuite_info->name ) );
p = cipher_suites + cipher_suites_len;
+
/* ...
* opaque legacy_compression_methods<1..2^8-1>;
* ...
@@ -541,9 +548,9 @@
}
p += 2;
- /* ---
+ /* ...
* Extension extensions<8..2^16-1>;
- * ---
+ * ...
* with Extension defined as:
* struct {
* ExtensionType extension_type;
@@ -583,8 +590,8 @@
* indicates the named groups which the client supports,
* ordered from most preferred to least preferred.
*/
- ret = ssl_tls13_parse_supported_groups_ext( ssl, p,
- extension_data_end );
+ ret = ssl_tls13_parse_supported_groups_ext(
+ ssl, p, extension_data_end );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
@@ -607,15 +614,20 @@
* contains the endpoint's cryptographic parameters for
* ECDHE/DHE key establishment methods.
*/
- ret = ssl_tls13_parse_key_shares_ext( ssl, p, extension_data_end );
+ ret = ssl_tls13_parse_key_shares_ext(
+ ssl, p, extension_data_end );
if( ret == SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "HRR needed " ) );
- ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ hrr_required = 1;
}
- if( ret != 0 )
+ if( ret < 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "ssl_tls13_parse_key_shares_ext", ret );
return( ret );
+ }
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE;
break;
@@ -625,7 +637,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported versions extension" ) );
ret = ssl_tls13_parse_supported_versions_ext(
- ssl, p, extension_data_end );
+ ssl, p, extension_data_end );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
@@ -639,8 +651,8 @@
case MBEDTLS_TLS_EXT_SIG_ALG:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
- ret = mbedtls_ssl_tls13_parse_sig_alg_ext( ssl, p,
- extension_data_end );
+ ret = mbedtls_ssl_tls13_parse_sig_alg_ext(
+ ssl, p, extension_data_end );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
@@ -687,9 +699,11 @@
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
- return( 0 );
+ return( hrr_required ? SSL_CLIENT_HELLO_HRR_REQUIRED : SSL_CLIENT_HELLO_OK );
}
+/* Update the handshake state machine */
+
static int ssl_tls13_postprocess_client_hello( mbedtls_ssl_context* ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -716,6 +730,8 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char* buf = NULL;
size_t buflen = 0;
+ int parse_client_hello_ret;
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg(
@@ -724,8 +740,18 @@
MBEDTLS_SSL_PROC_CHK_NEG( ssl_tls13_parse_client_hello( ssl, buf,
buf + buflen ) );
+ parse_client_hello_ret = ret; /* Store return value of parse_client_hello,
+ * only SSL_CLIENT_HELLO_OK or
+ * SSL_CLIENT_HELLO_HRR_REQUIRED at this
+ * stage as negative error codes are handled
+ * by MBEDTLS_SSL_PROC_CHK_NEG. */
+
MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_client_hello( ssl ) );
- mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
+
+ if( parse_client_hello_ret == SSL_CLIENT_HELLO_OK )
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
+ else
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HELLO_RETRY_REQUEST );
cleanup:
@@ -894,6 +920,7 @@
if( ret != 0 )
return( ret );
p += key_exchange_length;
+
MBEDTLS_PUT_UINT16_BE( key_exchange_length, server_share + 2, 0 );
MBEDTLS_PUT_UINT16_BE( p - server_share, buf, 2 );
@@ -903,6 +930,68 @@
return( 0 );
}
+static int ssl_tls13_write_hrr_key_share_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ size_t *out_len )
+{
+ uint16_t selected_group = ssl->handshake->hrr_selected_group;
+ /* key_share Extension
+ *
+ * struct {
+ * select (Handshake.msg_type) {
+ * ...
+ * case hello_retry_request:
+ * NamedGroup selected_group;
+ * ...
+ * };
+ * } KeyShare;
+ */
+
+ *out_len = 0;
+
+ /*
+ * For a pure PSK key exchange, there is no group to agree upon. The purpose
+ * of the HRR is then to transmit a cookie to force the client to demonstrate
+ * reachability at their apparent network address (primarily useful for DTLS).
+ */
+ if( ! mbedtls_ssl_tls13_some_ephemeral_enabled( ssl ) )
+ return( 0 );
+
+ /* We should only send the key_share extension if the client's initial
+ * key share was not acceptable. */
+ if( ssl->handshake->offered_group_id != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "Skip key_share extension in HRR" ) );
+ return( 0 );
+ }
+
+ if( selected_group == 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "no matching named group found" ) );
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ }
+
+ /* Check if we have enough space:
+ * - extension_type (2 bytes)
+ * - extension_data_length (2 bytes)
+ * - selected_group (2 bytes)
+ */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( buf, end, 6 );
+
+ MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_KEY_SHARE, buf, 0 );
+ MBEDTLS_PUT_UINT16_BE( 2, buf, 2 );
+ MBEDTLS_PUT_UINT16_BE( selected_group, buf, 4 );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "HRR selected_group: %s (%x)",
+ mbedtls_ssl_named_group_to_str( selected_group ),
+ selected_group ) );
+
+ *out_len = 6;
+
+ return( 0 );
+}
/*
* Structure of ServerHello message:
@@ -919,12 +1008,13 @@
static int ssl_tls13_write_server_hello_body( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
- size_t *out_len )
+ size_t *out_len,
+ int is_hrr )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf;
unsigned char *p_extensions_len;
- size_t output_len; /* Length of buffer used by function */
+ size_t output_len;
*out_len = 0;
@@ -945,8 +1035,16 @@
* opaque Random[MBEDTLS_SERVER_HELLO_RANDOM_LEN];
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, MBEDTLS_SERVER_HELLO_RANDOM_LEN );
- memcpy( p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN],
- MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+ if( is_hrr )
+ {
+ memcpy( p, mbedtls_ssl_tls13_hello_retry_request_magic,
+ MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+ }
+ else
+ {
+ memcpy( p, &ssl->handshake->randbytes[MBEDTLS_CLIENT_HELLO_RANDOM_LEN],
+ MBEDTLS_SERVER_HELLO_RANDOM_LEN );
+ }
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes",
p, MBEDTLS_SERVER_HELLO_RANDOM_LEN );
p += MBEDTLS_SERVER_HELLO_RANDOM_LEN;
@@ -1012,7 +1110,10 @@
if( mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
{
- ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len );
+ if( is_hrr )
+ ret = ssl_tls13_write_hrr_key_share_ext( ssl, p, end, &output_len );
+ else
+ ret = ssl_tls13_write_key_share_ext( ssl, p, end, &output_len );
if( ret != 0 )
return( ret );
p += output_len;
@@ -1065,7 +1166,8 @@
MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_server_hello_body( ssl, buf,
buf + buf_len,
- &msg_len ) );
+ &msg_len,
+ 0 ) );
mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len );
@@ -1277,6 +1379,71 @@
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
/*
+ * Handler for MBEDTLS_SSL_HELLO_RETRY_REQUEST
+ */
+
+static int ssl_tls13_write_hello_retry_request_coordinate(
+ mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ if( ssl->handshake->hello_retry_request_count > 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "Too many HRRs" ) );
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+ MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ }
+
+ /*
+ * Create stateless transcript hash for HRR
+ */
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "Reset transcript for HRR" ) );
+ ret = mbedtls_ssl_reset_transcript_for_hrr( ssl );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_reset_transcript_for_hrr", ret );
+ return( ret );
+ }
+ mbedtls_ssl_session_reset_msg_layer( ssl, 0 );
+
+ return( 0 );
+}
+
+static int ssl_tls13_write_hello_retry_request( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *buf;
+ size_t buf_len, msg_len;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello retry request" ) );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_hello_retry_request_coordinate( ssl ) );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
+ &buf, &buf_len ) );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_server_hello_body( ssl, buf,
+ buf + buf_len,
+ &msg_len,
+ 1 ) );
+ mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len );
+
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl, buf_len,
+ msg_len ) );
+
+ ssl->handshake->hello_retry_request_count++;
+
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
+
+cleanup:
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello retry request" ) );
+ return( ret );
+}
+
+/*
* TLS 1.3 State Machine -- server side
*/
int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
@@ -1295,16 +1462,22 @@
/* start state */
case MBEDTLS_SSL_HELLO_REQUEST:
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO );
-
ret = 0;
break;
case MBEDTLS_SSL_CLIENT_HELLO:
-
ret = ssl_tls13_process_client_hello( ssl );
if( ret != 0 )
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_process_client_hello", ret );
+ break;
+ case MBEDTLS_SSL_HELLO_RETRY_REQUEST:
+ ret = ssl_tls13_write_hello_retry_request( ssl );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_write_hello_retry_request", ret );
+ return( ret );
+ }
break;
case MBEDTLS_SSL_SERVER_HELLO:
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index 74ea88c..7288548 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -137,11 +137,6 @@
list++;
}
-#if defined(_WIN32)
- mbedtls_printf( "\n Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
goto exit;
}
diff --git a/programs/fuzz/README.md b/programs/fuzz/README.md
index b6a4333..aaef030 100644
--- a/programs/fuzz/README.md
+++ b/programs/fuzz/README.md
@@ -35,10 +35,10 @@
Finally, you can run the targets like `./test/fuzz/fuzz_client`.
-Corpus generation for network trafic targets
+Corpus generation for network traffic targets
------
-These targets use network trafic as inputs :
+These targets use network traffic as inputs :
* client : simulates a client against (fuzzed) server traffic
* server : simulates a server against (fuzzed) client traffic
* dtls_client
@@ -48,7 +48,7 @@
To generate corpus for these targets, you can do the following, not fully automated steps :
* Build mbedtls programs ssl_server2 and ssl_client2
-* Run them one against the other with `reproducible` option turned on while capturing trafic into test.pcap
+* Run them one against the other with `reproducible` option turned on while capturing traffic into test.pcap
* Extract tcp payloads, for instance with tshark : `tshark -Tfields -e tcp.dstport -e tcp.payload -r test.pcap > test.txt`
* Run a dummy python script to output either client or server corpus file like `python dummy.py test.txt > test.cor`
* Finally, you can add the options by appending the last bytes to the file test.cor
diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c
index efd8dbb..730be36 100644
--- a/programs/fuzz/onefile.c
+++ b/programs/fuzz/onefile.c
@@ -47,7 +47,7 @@
return 2;
}
- //lauch fuzzer
+ //launch fuzzer
LLVMFuzzerTestOneInput(Data, Size);
free(Data);
fclose(fp);
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index 9243f0a..f38a976 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -192,11 +192,6 @@
list++;
}
-#if defined(_WIN32)
- mbedtls_printf( "\n Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
diff --git a/programs/hash/hello.c b/programs/hash/hello.c
index d2b6910..cb8de8b 100644
--- a/programs/hash/hello.c
+++ b/programs/hash/hello.c
@@ -59,11 +59,6 @@
mbedtls_printf( "\n\n" );
-#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( MBEDTLS_EXIT_SUCCESS );
}
#endif /* MBEDTLS_MD5_C */
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index d633e4d..45de57b 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -300,11 +300,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index 174a363..9ada4ea 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -186,11 +186,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
-#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO &&
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 75713ff..2956308 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -322,11 +322,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index ca046fd..dff5480 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -222,11 +222,6 @@
exit:
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_ecdh_free( &ctx_srv );
mbedtls_ecdh_free( &ctx_cli );
mbedtls_ctr_drbg_free( &ctr_drbg );
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index 550a230..c1c5070 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -232,11 +232,6 @@
exit:
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_ecdsa_free( &ctx_verify );
mbedtls_ecdsa_free( &ctx_sign );
mbedtls_ctr_drbg_free( &ctr_drbg );
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 7535eee..8779519 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -435,11 +435,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO &&
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 4203902..bd16b24 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -324,11 +324,6 @@
mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index ed6addf..df1e502 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -454,11 +454,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO &&
diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c
index 6341752..eed8dfc 100644
--- a/programs/pkey/mpi_demo.c
+++ b/programs/pkey/mpi_demo.c
@@ -101,11 +101,6 @@
mbedtls_printf( "\nAn error occurred.\n" );
}
-#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index f1bfd8a..b09b6b8 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -162,11 +162,6 @@
}
#endif
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 293c0a0..3df11f7 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -165,11 +165,6 @@
}
#endif
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C &&
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 2ab428d..7b5d8e1 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -164,11 +164,6 @@
}
#endif
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index 5173507..e82653b 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -136,11 +136,6 @@
}
#endif
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SHA256_C &&
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index 42ec6a7..c01a5cf 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -196,11 +196,6 @@
mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index f7ff68f..25a42d3 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -172,11 +172,6 @@
mbedtls_entropy_free( &entropy );
mbedtls_rsa_free( &rsa );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C &&
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index e48050a..67711bd 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -161,11 +161,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
-#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index 5aa592d..1df9b13 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -177,11 +177,6 @@
mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 7ec7335..8078ab6 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -172,11 +172,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 1b3e193..a8b1abb 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -151,11 +151,6 @@
mbedtls_rsa_free( &rsa );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index d6634ba..3a20778 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -146,11 +146,6 @@
exit:
mbedtls_pk_free( &pk );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
diff --git a/programs/psa/aead_demo.c b/programs/psa/aead_demo.c
index 5bc0af0..c4ed0dd 100644
--- a/programs/psa/aead_demo.c
+++ b/programs/psa/aead_demo.c
@@ -156,7 +156,7 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
- /* Prepare key attibutes */
+ /* Prepare key attributes */
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
psa_set_key_algorithm( &attributes, *alg );
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 2bebb0d..e06d535 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -346,11 +346,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
/* Shell can not handle large exit numbers -> 1 for errors */
if( ret < 0 )
ret = 1;
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 5d1cccb..9317449 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -416,11 +416,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
-#if defined(_WIN32)
- printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
/* Shell can not handle large exit numbers -> 1 for errors */
if( ret < 0 )
ret = 1;
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 97bfe68..8f2fed8 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -37,7 +37,7 @@
* dominate memory usage in small configurations. For the sake of simplicity,
* only a Unix version is implemented.
*
- * Warning: we are breaking some of the abtractions from the NET layer here.
+ * Warning: we are breaking some of the abstractions from the NET layer here.
* This is not a good example for general use. This programs has the specific
* goal of minimizing use of the libc functions on full-blown OSes.
*/
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 3f7256f..a80ff71 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -305,11 +305,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 2cfdde6..97b786a 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -507,7 +507,7 @@
int transport; /* TLS or DTLS? */
uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
uint32_t hs_to_max; /* Max value of DTLS handshake timer */
- int dtls_mtu; /* UDP Maximum tranport unit for DTLS */
+ int dtls_mtu; /* UDP Maximum transport unit for DTLS */
int fallback; /* is this a fallback connection? */
int dgram_packing; /* allow/forbid datagram packing */
int extended_ms; /* negotiate extended master secret? */
@@ -3151,14 +3151,6 @@
mbedtls_memory_buffer_alloc_free();
#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
-#if defined(_WIN32)
- if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
- {
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
- }
-#endif
-
// Shell can not handle large exit numbers -> 1 for errors
if( ret < 0 )
ret = 1;
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 694fc3b..07b3e6f 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -407,11 +407,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
-#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 32960ad..664a384 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -848,11 +848,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index a8db4d8..ac14789 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -515,11 +515,6 @@
mbedtls_memory_buffer_alloc_free();
#endif
-#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( ret );
}
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 95557fb..3b66372 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -386,11 +386,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
-#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( ret );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 0047cab..c144b05 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -651,7 +651,7 @@
int anti_replay; /* Use anti-replay for DTLS? -1 for default */
uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
uint32_t hs_to_max; /* Max value of DTLS handshake timer */
- int dtls_mtu; /* UDP Maximum tranport unit for DTLS */
+ int dtls_mtu; /* UDP Maximum transport unit for DTLS */
int dgram_packing; /* allow/forbid datagram packing */
int badmac_limit; /* Limit of records with bad MAC */
int eap_tls; /* derive EAP-TLS keying material? */
@@ -4231,11 +4231,6 @@
if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE )
{
mbedtls_printf( " done.\n" );
-
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
}
// Shell can not handle large exit numbers -> 1 for errors
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index f0d0c3b..48da1bf 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -278,7 +278,7 @@
/*
* Test recv/send functions that make sure each try returns
- * WANT_READ/WANT_WRITE at least once before sucesseding
+ * WANT_READ/WANT_WRITE at least once before succeeding
*/
int delayed_recv( void *ctx, unsigned char *buf, size_t len );
int delayed_send( void *ctx, const unsigned char *buf, size_t len );
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 6ff2eb8..a6d83e7 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -179,7 +179,7 @@
*
* This computes the maximum length of a title +3, because we appends "/s" and
* want at least one space. (If the value is too small, the only consequence
- * is poor alignement.) */
+ * is poor alignment.) */
#define TITLE_SPACE 17
#define MEMORY_MEASURE_INIT \
@@ -1280,11 +1280,6 @@
mbedtls_memory_buffer_alloc_free();
#endif
-#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( 0 );
}
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 0c40686..a314bd2 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -537,10 +537,6 @@
{
mbedtls_printf( " [ All tests PASS ]\n\n" );
}
-#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
}
if( suites_failed > 0)
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 41a90a9..e3386d1 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -1,5 +1,5 @@
/*
- * UDP proxy: emulate an unreliable UDP connexion for DTLS testing
+ * UDP proxy: emulate an unreliable UDP connection for DTLS testing
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
@@ -73,9 +73,10 @@
#endif
#endif /* _MSC_VER */
#else /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
-#if defined(MBEDTLS_HAVE_TIME)
+#if defined(MBEDTLS_HAVE_TIME) || (defined(MBEDTLS_TIMING_C) && !defined(MBEDTLS_TIMING_ALT))
#include <sys/time.h>
#endif
+#include <sys/select.h>
#include <sys/types.h>
#include <unistd.h>
#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
@@ -1015,11 +1016,6 @@
mbedtls_net_free( &server_fd );
mbedtls_net_free( &listen_fd );
-#if defined(_WIN32)
- mbedtls_printf( " Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c
index a44099d..d6e5561 100644
--- a/programs/test/zeroize.c
+++ b/programs/test/zeroize.c
@@ -63,7 +63,7 @@
if( argc != 2 )
{
- mbedtls_printf( "This program takes exactly 1 agument\n" );
+ mbedtls_printf( "This program takes exactly 1 argument\n" );
usage();
mbedtls_exit( exit_code );
}
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index e273200..cf6a56c 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -279,11 +279,6 @@
exit:
free( pem_buffer );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BASE64_C && MBEDTLS_FS_IO */
diff --git a/programs/util/strerror.c b/programs/util/strerror.c
index 4b776d3..f91da13 100644
--- a/programs/util/strerror.c
+++ b/programs/util/strerror.c
@@ -78,11 +78,6 @@
mbedtls_printf("Last error was: -0x%04x - %s\n\n", (unsigned int) -val, error_buf );
}
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( val );
}
#endif /* MBEDTLS_ERROR_C */
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 3d8f37b..985b970 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -486,11 +486,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index ed42079..7460bbf 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -389,11 +389,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 763f868..793982d 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -793,11 +793,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C &&
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index 2720b1d..aa353be 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -138,11 +138,6 @@
exit:
mbedtls_x509_crl_free( &crl );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CRL_PARSE_C &&
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index fd316e2..24324ff 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -138,11 +138,6 @@
exit:
mbedtls_x509_csr_free( &csr );
-#if defined(_WIN32)
- mbedtls_printf( " + Press Enter to exit this program.\n" );
- fflush( stdout ); getchar();
-#endif
-
mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CSR_PARSE_C &&
diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py
index 85393d0..0ef438d 100755
--- a/scripts/code_size_compare.py
+++ b/scripts/code_size_compare.py
@@ -37,7 +37,7 @@
"""
old_revision: revision to compare against
new_revision:
- result_dir: directory for comparision result
+ result_dir: directory for comparison result
"""
self.repo_path = "."
self.result_dir = os.path.abspath(result_dir)
@@ -140,7 +140,7 @@
+ "-" + self.new_rev + ".csv"), "w")
res_file.write("file_name, this_size, old_size, change, change %\n")
- print("Generating comparision results.")
+ print("Generating comparison results.")
old_ds = {}
for line in old_file.readlines()[1:]:
@@ -199,7 +199,7 @@
parser.add_argument(
"-n", "--new-rev", type=str, default=None,
help="new revision for comparison, default is the current work \
- directory, including uncommited changes."
+ directory, including uncommitted changes."
)
comp_args = parser.parse_args()
diff --git a/scripts/config.py b/scripts/config.py
index c09212b..356b998 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -418,7 +418,7 @@
value = setting.value
if value is None:
value = ''
- # Normally the whitespace to separte the symbol name from the
+ # Normally the whitespace to separate the symbol name from the
# value is part of middle, and there's no whitespace for a symbol
# with no value. But if a symbol has been changed from having a
# value to not having one, the whitespace is wrong, so fix it.
diff --git a/scripts/driver.requirements.txt b/scripts/driver.requirements.txt
index 0d75a3d..5364d8e 100644
--- a/scripts/driver.requirements.txt
+++ b/scripts/driver.requirements.txt
@@ -10,7 +10,9 @@
# See https://github.com/Mbed-TLS/mbedtls/pull/5067#discussion_r738794607 .
# Note that Jinja 3.0 drops support for Python 3.5, so we need to support
# Jinja 2.x as long as we're still using Python 3.5 anywhere.
-Jinja2 >= 2.10.1
+# Jinja 2.10.1 doesn't support Python 3.10+
+Jinja2 >= 2.10.1; python_version < '3.10'
+Jinja2 >= 2.10.3; python_version >= '3.10'
# Jinja2 >=2.10, <3.0 needs a separate package for type annotations
types-Jinja2
diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py
index 42331ac..71b881e 100755
--- a/scripts/generate_driver_wrappers.py
+++ b/scripts/generate_driver_wrappers.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python3
"""Generate library/psa_crypto_driver_wrappers.c
- This module is invoked by the build sripts to auto generate the
+ This module is invoked by the build scripts to auto generate the
psa_crypto_driver_wrappers.c based on template files in
script/data_files/driver_templates/.
"""
diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py
index 42e4fc8..959cbbc 100755
--- a/scripts/generate_ssl_debug_helpers.py
+++ b/scripts/generate_ssl_debug_helpers.py
@@ -53,7 +53,7 @@
"""
Simple preprocessor for C source code.
- Only processses condition directives without expanding them.
+ Only processes condition directives without expanding them.
Yield object according to the classes input. Most match firstly
If the directive pair does not match , raise CondDirectiveNotMatch.
@@ -234,6 +234,7 @@
prototype=self._prototype)
return body
+
class SignatureAlgorithmDefinition:
"""
Generate helper functions for signature algorithms.
@@ -267,6 +268,7 @@
def span(self):
return self._definitions[0].span()
+
def __str__(self):
"""
Generate function for translating value to string
@@ -277,7 +279,7 @@
translation_table.append(
'\tcase {}:\n\t return "{}";'.format(name,
name[len('MBEDTLS_TLS1_3_SIG_'):].lower())
- )
+ )
body = textwrap.dedent('''\
const char *mbedtls_ssl_sig_alg_to_str( uint16_t in )
@@ -287,11 +289,70 @@
{translation_table}
}};
+ return "UNKNOWN";
+ }}''')
+ body = body.format(translation_table='\n'.join(translation_table))
+ return body
+
+
+class NamedGroupDefinition:
+ """
+ Generate helper functions for named group
+
+ It generates translation function from named group define to string.
+ Named group definition looks like:
+ #define MBEDTLS_SSL_IANA_TLS_GROUP_[ upper case named group ] [ value(hex) ]
+
+ Known limitation:
+ - the definitions SHOULD exist in same macro blocks.
+ """
+
+ @classmethod
+ def extract(cls, source_code, start=0, end=-1):
+ named_group_pattern = re.compile(r'#define\s+(?P<name>MBEDTLS_SSL_IANA_TLS_GROUP_\w+)\s+' +
+ r'(?P<value>0[xX][0-9a-fA-F]+)$',
+ re.MULTILINE | re.DOTALL)
+ matches = list(named_group_pattern.finditer(source_code, start, end))
+ if matches:
+ yield NamedGroupDefinition(source_code, definitions=matches)
+
+ def __init__(self, source_code, definitions=None):
+ if definitions is None:
+ definitions = []
+ assert isinstance(definitions, list) and definitions
+ self._definitions = definitions
+ self._source = source_code
+
+ def __repr__(self):
+ return 'NamedGroup({})'.format(self._definitions[0].span())
+
+ def span(self):
+ return self._definitions[0].span()
+
+ def __str__(self):
+ """
+ Generate function for translating value to string
+ """
+ translation_table = []
+ for m in self._definitions:
+ name = m.groupdict()['name']
+ iana_name = name[len('MBEDTLS_SSL_IANA_TLS_GROUP_'):].lower()
+ translation_table.append('\tcase {}:\n\t return "{}";'.format(name, iana_name))
+
+ body = textwrap.dedent('''\
+ const char *mbedtls_ssl_named_group_to_str( uint16_t in )
+ {{
+ switch( in )
+ {{
+ {translation_table}
+ }};
+
return "UNKOWN";
}}''')
body = body.format(translation_table='\n'.join(translation_table))
return body
+
OUTPUT_C_TEMPLATE = '''\
/* Automatically generated by generate_ssl_debug_helpers.py. DO NOT EDIT. */
@@ -335,14 +396,16 @@
"""
Generate functions of debug helps
"""
- mbedtls_root = os.path.abspath(mbedtls_root or build_tree.guess_mbedtls_root())
+ mbedtls_root = os.path.abspath(
+ mbedtls_root or build_tree.guess_mbedtls_root())
with open(os.path.join(mbedtls_root, 'include/mbedtls/ssl.h')) as f:
source_code = remove_c_comments(f.read())
definitions = dict()
for start, instance in preprocess_c_source_code(source_code,
EnumDefinition,
- SignatureAlgorithmDefinition):
+ SignatureAlgorithmDefinition,
+ NamedGroupDefinition):
if start in definitions:
continue
if isinstance(instance, EnumDefinition):
diff --git a/scripts/min_requirements.py b/scripts/min_requirements.py
index eecab1c..c00d58e 100755
--- a/scripts/min_requirements.py
+++ b/scripts/min_requirements.py
@@ -44,8 +44,9 @@
"""Adjust a requirement to the minimum specified version."""
# allow inheritance #pylint: disable=no-self-use
# If a requirement specifies a minimum version, impose that version.
- req = re.sub(r'>=|~=', r'==', req)
- return req
+ split_req = req.split(';', 1)
+ split_req[0] = re.sub(r'>=|~=', r'==', split_req[0])
+ return ';'.join(split_req)
def add_file(self, filename: str) -> None:
"""Add requirements from the specified file.
diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt
index d07241a..84c775f 100644
--- a/tests/data_files/Readme-x509.txt
+++ b/tests/data_files/Readme-x509.txt
@@ -89,8 +89,8 @@
_int-ca.crt: S7 + I1
_int-ca_ca2.crt: S7 + I1 + 2
_all_space.crt: S7 + I1 both with misplaced spaces (invalid PEM)
- _pem_space.crt: S7 with misplace space (invalid PEM) + I1
- _trailing_space.crt: S7 + I1 both with trainling space (valid PEM)
+ _pem_space.crt: S7 with misplaced space (invalid PEM) + I1
+ _trailing_space.crt: S7 + I1 both with trailing space (valid PEM)
_spurious_int-ca.crt: S7 + I2(spurious) + I1
- server8*.crt: I2 R L: RSA signed by EC signed by RSA (P1 for _int-ca2)
- server9*.crt: 1 R C* L P1*: signed using RSASSA-PSS
diff --git a/tests/data_files/base64/def_b64_too_big_1.txt b/tests/data_files/base64/def_b64_too_big_1.txt
index 0fe8a18..47be05c 100644
--- a/tests/data_files/base64/def_b64_too_big_1.txt
+++ b/tests/data_files/base64/def_b64_too_big_1.txt
@@ -1,2 +1,2 @@
-// Context with added '1234' at the begining to simulate too much data in the base64 code
+// Context with added '1234' at the beginning to simulate too much data in the base64 code
1234AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 1e5cd65..6144c2f 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -259,7 +259,7 @@
--no-force Refuse to overwrite modified files (default).
--no-keep-going Stop at the first error (default).
--no-memory No additional memory tests (default).
- --no-quiet Print full ouput from components.
+ --no-quiet Print full output from components.
--out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
--outcome-file=<path> File where test outcomes are written (not done if
empty; default: \$MBEDTLS_TEST_OUTCOME_FILE).
@@ -1203,6 +1203,81 @@
tests/ssl-opt.sh -f 'Default\|opaque'
}
+component_test_crypto_full_no_md () {
+ msg "build: crypto_full minus MD"
+ scripts/config.py crypto_full
+ scripts/config.py unset MBEDTLS_MD_C
+ # Direct dependencies
+ scripts/config.py unset MBEDTLS_ECJPAKE_C
+ scripts/config.py unset MBEDTLS_HKDF_C
+ scripts/config.py unset MBEDTLS_HMAC_DRBG_C
+ scripts/config.py unset MBEDTLS_PK_C
+ scripts/config.py unset MBEDTLS_PKCS1_V15
+ scripts/config.py unset MBEDTLS_PKCS1_V21
+ scripts/config.py unset MBEDTLS_PKCS5_C
+ scripts/config.py unset MBEDTLS_PKCS12_C
+ # Indirect dependencies
+ scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC
+ scripts/config.py unset MBEDTLS_PK_PARSE_C
+ scripts/config.py unset MBEDTLS_PK_WRITE_C
+ scripts/config.py unset MBEDTLS_RSA_C
+ make
+
+ msg "test: crypto_full minus MD"
+ make test
+}
+
+component_test_full_no_cipher () {
+ msg "build: full minus CIPHER"
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_CIPHER_C
+ # Direct dependencies
+ scripts/config.py unset MBEDTLS_CCM_C
+ scripts/config.py unset MBEDTLS_CMAC_C
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py unset MBEDTLS_NIST_KW_C
+ scripts/config.py unset MBEDTLS_PKCS12_C
+ scripts/config.py unset MBEDTLS_PKCS5_C
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
+ scripts/config.py unset MBEDTLS_SSL_TLS_C
+ scripts/config.py unset MBEDTLS_SSL_TICKET_C
+ # Indirect dependencies
+ scripts/config.py unset MBEDTLS_SSL_CLI_C
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
+ scripts/config.py unset MBEDTLS_SSL_DTLS_ANTI_REPLAY
+ scripts/config.py unset MBEDTLS_SSL_DTLS_CONNECTION_ID
+ scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py unset MBEDTLS_SSL_SRV_C
+ scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ make
+
+ msg "test: full minus CIPHER"
+ make test
+}
+
+component_test_crypto_full_no_cipher () {
+ msg "build: crypto_full minus CIPHER"
+ scripts/config.py crypto_full
+ scripts/config.py unset MBEDTLS_CIPHER_C
+ # Direct dependencies
+ scripts/config.py unset MBEDTLS_CCM_C
+ scripts/config.py unset MBEDTLS_CMAC_C
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py unset MBEDTLS_NIST_KW_C
+ scripts/config.py unset MBEDTLS_PKCS12_C
+ scripts/config.py unset MBEDTLS_PKCS5_C
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
+ # Indirect dependencies
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
+ scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ make
+
+ msg "test: crypto_full minus CIPHER"
+ make test
+}
+
component_test_psa_external_rng_use_psa_crypto () {
msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
scripts/config.py full
diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py
index 8857e00..a0f5e1f 100755
--- a/tests/scripts/check_files.py
+++ b/tests/scripts/check_files.py
@@ -187,7 +187,7 @@
# Allow either /bin/sh, /bin/bash, or /usr/bin/env.
# Allow at most one argument (this is a Linux limitation).
# For sh and bash, the argument if present must be options.
- # For env, the argument must be the base name of the interpeter.
+ # For env, the argument must be the base name of the interpreter.
_shebang_re = re.compile(rb'^#! ?(?:/bin/(bash|sh)(?: -[^\n ]*)?'
rb'|/usr/bin/env ([^\n /]+))$')
_extensions = {
diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 8bb4923..96117a2 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -813,7 +813,7 @@
def check_for_typos(self):
"""
- Perform a check that all words in the soure code beginning with MBED are
+ Perform a check that all words in the source code beginning with MBED are
either defined as macros, or as enum constants.
Assumes parse_names_in_source() was called before this.
diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl
index cd17066..68297a6 100755
--- a/tests/scripts/depends-hashes.pl
+++ b/tests/scripts/depends-hashes.pl
@@ -46,12 +46,12 @@
# as many SSL options depend on specific hashes,
# and SSL is not in the test suites anyways,
-# disable it to avoid dependcies issues
+# disable it to avoid dependency issues
my $ssl_sed_cmd = 's/^#define \(MBEDTLS_SSL.*\)/\1/p';
my @ssl = split( /\s+/, `sed -n -e '$ssl_sed_cmd' $config_h` );
# Each element of this array holds list of configuration options that
-# should be tested together. Certain options depend on eachother and
+# should be tested together. Certain options depend on each other and
# separating them would generate invalid configurations.
my @hash_configs = (
['unset MBEDTLS_MD5_C'],
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 492810b..3d23edd 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -165,6 +165,7 @@
ALWAYS_SUPPORTED = frozenset([
'PSA_KEY_TYPE_DERIVE',
'PSA_KEY_TYPE_RAW_DATA',
+ 'PSA_KEY_TYPE_HMAC'
])
def test_cases_for_key_type_not_supported(
self,
@@ -830,7 +831,7 @@
def gather_key_types_for_sign_alg(self) -> Dict[str, List[str]]:
# pylint: disable=too-many-locals
"""Match possible key types for sign algorithms."""
- # To create a valid combinaton both the algorithms and key types
+ # To create a valid combination both the algorithms and key types
# must be filtered. Pair them with keywords created from its names.
incompatible_alg_keyword = frozenset(['RAW', 'ANY', 'PURE'])
incompatible_key_type_keywords = frozenset(['MONTGOMERY'])
@@ -854,7 +855,7 @@
if re.match(pattern, keyword):
alg_keywords.remove(keyword)
alg_keywords.add(replace)
- # Filter out incompatible algortihms
+ # Filter out incompatible algorithms
if not alg_keywords.isdisjoint(incompatible_alg_keyword):
continue
@@ -862,7 +863,7 @@
# Generate keywords from the of the key type
key_type_keywords = set(key_type.translate(translation_table).split(sep='_')[3:])
- # Remove ambigious keywords
+ # Remove ambiguous keywords
for keyword1, keyword2 in exclusive_keywords.items():
if keyword1 in key_type_keywords:
key_type_keywords.remove(keyword2)
@@ -879,7 +880,7 @@
"""Generate test keys for usage flag extensions."""
# Generate a key type and algorithm pair for each extendable usage
# flag to generate a valid key for exercising. The key is generated
- # without usage extension to check the extension compatiblity.
+ # without usage extension to check the extension compatibility.
alg_with_keys = self.gather_key_types_for_sign_alg()
for usage in sorted(StorageKey.IMPLICIT_USAGE_FLAGS, key=str):
@@ -922,7 +923,7 @@
filename = self.filename_for(basename)
test_case.write_data_file(filename, test_cases)
- # Note that targets whose name containns 'test_format' have their content
+ # Note that targets whose names contain 'test_format' have their content
# validated by `abi_check.py`.
TARGETS = {
'test_suite_psa_crypto_generate_key.generated':
diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl
index e4b2d94..2a7dba5 100755
--- a/tests/scripts/recursion.pl
+++ b/tests/scripts/recursion.pl
@@ -4,7 +4,7 @@
# (Multiple recursion where a() calls b() which calls a() not covered.)
#
# When the recursion depth might depend on data controlled by the attacker in
-# an unbounded way, those functions should use interation instead.
+# an unbounded way, those functions should use iteration instead.
#
# Typical usage: scripts/recursion.pl library/*.c
#
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 3e7a9a6..55529c8 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -1,5 +1,5 @@
#!/usr/bin/env python3
-"""Run the PSA Cryto API compliance test suite.
+"""Run the PSA Crypto API compliance test suite.
Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF,
then complie and run the test suite. The clone is stored at <Mbed TLS root>/psa-arch-tests.
Known defects in either the test suite or mbedtls - identified by their test number - are ignored,
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index 9576afd..d1650f1 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -221,7 +221,7 @@
sizeof( decrypted ) - part_length,
&part_length );
/* For a stream cipher, all inputs are valid. For a block cipher,
- * if the input is some aribtrary data rather than an actual
+ * if the input is some arbitrary data rather than an actual
ciphertext, a padding error is likely. */
if( maybe_invalid_padding )
TEST_ASSERT( status == PSA_SUCCESS ||
@@ -929,7 +929,7 @@
return( 0 );
if( alg == 0 )
- ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */
+ ok = 1; /* If no algorithm, do nothing (used for raw data "keys"). */
else if( PSA_ALG_IS_MAC( alg ) )
ok = exercise_mac_key( key, usage, alg );
else if( PSA_ALG_IS_CIPHER( alg ) )
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 754d669..fc49b06 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -4580,7 +4580,7 @@
-C "error" \
-s "Extra-header:"
-# Test for the "secure renegotation" extension only (no actual renegotiation)
+# Test for the "secure renegotiation" extension only (no actual renegotiation)
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@@ -5317,7 +5317,7 @@
-s "use CA callback for X.509 CRT verification" \
-S "X509 - A fatal error occurred"
-# Tests for certificate selection based on SHA verson
+# Tests for certificate selection based on SHA version
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
@@ -9068,7 +9068,7 @@
# certificate obtained from the server. Here, however, it
# connects to 127.0.0.1 while our test certificates use 'localhost'
# as the server name in the certificate. This will make the
-# certifiate validation fail, but passing --insecure makes
+# certificate validation fail, but passing --insecure makes
# GnuTLS continue the connection nonetheless.
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled MBEDTLS_RSA_C
@@ -10839,7 +10839,7 @@
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "signature algorithm not in received or offered list." \
- -C "unkown pk type"
+ -C "unknown pk type"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -10857,7 +10857,7 @@
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "signature algorithm not in received or offered list." \
- -C "unkown pk type"
+ -C "unknown pk type"
# Test using an opaque private key for client authentication
requires_openssl_tls1_3
@@ -11299,6 +11299,25 @@
-s "=> parse client hello" \
-s "<= parse client hello"
+
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+run_test "TLS 1.3: server: HRR check - mbedtls" \
+ "$P_SRV debug_level=4 force_version=tls13 curves=secp384r1" \
+ "$P_CLI debug_level=4 force_version=tls13 curves=secp256r1,secp384r1" \
+ 1 \
+ -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
+ -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \
+ -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
+ -s "selected_group: secp384r1" \
+ -s "SSL - The requested feature is not available" \
+ -s "=> write hello retry request" \
+ -s "<= write hello retry request"
+
for i in opt-testcases/*.sh
do
TEST_SUITE_NAME=${i##*/}
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index 17926eb..b9ea3d6 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -519,7 +519,7 @@
FILE *file;
char buf[5000];
char *params[50];
- /* Store for proccessed integer params. */
+ /* Store for processed integer params. */
int32_t int_params[50];
void *pointer;
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function
index 0426324..ad7c773 100644
--- a/tests/suites/test_suite_aria.function
+++ b/tests/suites/test_suite_aria.function
@@ -1,7 +1,7 @@
/* BEGIN_HEADER */
#include "mbedtls/aria.h"
-/* Maxium size of data used by test vectors
+/* Maximum size of data used by test vectors
* WARNING: to be adapted if and when adding larger test cases */
#define ARIA_MAX_DATASIZE 160
diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function
index 6893bcf..68db8fe 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -262,7 +262,7 @@
rnd_info_B.buf = dB->x;
rnd_info_B.length = dB->len;
- /* The ECDH context is not guaranteed ot have an mbedtls_ecp_group structure
+ /* The ECDH context is not guaranteed to have an mbedtls_ecp_group structure
* in every configuration, therefore we load it separately. */
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
diff --git a/tests/suites/test_suite_ecjpake.data b/tests/suites/test_suite_ecjpake.data
index fe14f88..73808c9 100644
--- a/tests/suites/test_suite_ecjpake.data
+++ b/tests/suites/test_suite_ecjpake.data
@@ -49,7 +49,7 @@
ECJPAKE round one: KKP1: no second point data
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b0104":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
-ECJPAKE round one: KKP1: unknow second point format
+ECJPAKE round one: KKP1: unknown second point format
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410509f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb516":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
ECJPAKE round one: KKP1: nothing after second point
@@ -97,7 +97,7 @@
ECJPAKE round one: KKP2: no second point data
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b0104":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
-ECJPAKE round one: KKP2: unknow second point format
+ECJPAKE round one: KKP2: unknown second point format
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410509f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb516":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
ECJPAKE round one: KKP2: nothing after second point
@@ -190,7 +190,7 @@
ECJPAKE round two server: no data
read_round_two_srv:"":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
-ECJPAKE round two server: length of forst point too small
+ECJPAKE round two server: length of first point too small
read_round_two_srv:"00":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
ECJPAKE round two server: length of first point too big
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index 2deb92a..602afa4 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -21,7 +21,7 @@
/*
* Very minimal testing of mbedtls_md_process, just make sure the various
* xxx_process_wrap() function pointers are valid. (Testing that they
- * indeed do the right thing whould require messing with the internal
+ * indeed do the right thing would require messing with the internal
* state of the underlying mbedtls_md/sha context.)
*
* Also tests that mbedtls_md_list() only returns valid MDs.
diff --git a/tests/suites/test_suite_net.function b/tests/suites/test_suite_net.function
index 513b723..08d48b3 100644
--- a/tests/suites/test_suite_net.function
+++ b/tests/suites/test_suite_net.function
@@ -28,7 +28,7 @@
* On success, it refers to the opened file (\p wanted_fd).
* \param wanted_fd The desired file descriptor.
*
- * \return \c 0 on succes, a negative error code on error.
+ * \return \c 0 on success, a negative error code on error.
*/
static int open_file_on_fd( mbedtls_net_context *ctx, int wanted_fd )
{
diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function
index 5c56ef4..a255530 100644
--- a/tests/suites/test_suite_oid.function
+++ b/tests/suites/test_suite_oid.function
@@ -82,7 +82,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_MD_C */
void oid_get_md_alg_id( data_t *oid, int exp_md_id )
{
mbedtls_asn1_buf md_oid = { 0, 0, NULL };
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index a0844ea..f17711d 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -153,6 +153,14 @@
depends_on:MBEDTLS_PKCS1_V15
pk_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404feb284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING
+RSA Opaque decrypt test vector #1
+depends_on:MBEDTLS_PKCS1_V15
+pk_wrap_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":0
+
+RSA Opaque decrypt test vector #2
+depends_on:MBEDTLS_PKCS1_V15
+pk_wrap_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404feb284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING
+
EC nocrypt
depends_on:MBEDTLS_ECP_C
pk_ec_nocrypt:MBEDTLS_PK_ECKEY
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 32c2644..7587d6c 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -168,12 +168,12 @@
if( key_is_rsa )
{
- bitlen = 1024; /* harcoded in genkey() */
+ bitlen = 1024; /* hardcoded in genkey() */
key = pk_psa_genkey_rsa();
}
else
{
- bitlen = 256; /* harcoded in genkey() */
+ bitlen = 256; /* hardcoded in genkey() */
key = pk_psa_genkey_ecc();
}
if( mbedtls_svc_key_id_is_null( key ) )
@@ -204,10 +204,13 @@
TEST_ASSERT( mbedtls_pk_verify( &pk, md_alg,
b1, sizeof( b1), b2, sizeof( b2 ) )
== MBEDTLS_ERR_PK_TYPE_MISMATCH );
- TEST_ASSERT( mbedtls_pk_decrypt( &pk, b1, sizeof( b1 ),
- b2, &len, sizeof( b2 ),
- NULL, NULL )
- == MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ if( key_is_rsa == 0 )
+ {
+ TEST_ASSERT( mbedtls_pk_decrypt( &pk, b1, sizeof( b1 ),
+ b2, &len, sizeof( b2 ),
+ NULL, NULL )
+ == MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ }
TEST_ASSERT( mbedtls_pk_encrypt( &pk, b1, sizeof( b1 ),
b2, &len, sizeof( b2 ),
NULL, NULL )
@@ -916,6 +919,72 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_USE_PSA_CRYPTO */
+void pk_wrap_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P,
+ char * input_P, int radix_Q, char * input_Q,
+ int radix_N, char * input_N, int radix_E,
+ char * input_E, data_t * clear, int ret )
+{
+ unsigned char output[256];
+ mbedtls_test_rnd_pseudo_info rnd_info;
+ mbedtls_mpi N, P, Q, E;
+ mbedtls_rsa_context *rsa;
+ mbedtls_pk_context pk;
+ mbedtls_svc_key_id_t key_id;
+ size_t olen;
+
+ USE_PSA_INIT( );
+
+ mbedtls_pk_init( &pk );
+ mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
+ mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
+
+ memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
+
+ /* init pk-rsa context */
+ TEST_EQUAL( mbedtls_pk_setup( &pk,
+ mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ), 0 );
+ rsa = mbedtls_pk_rsa( pk );
+
+ /* load public key */
+ TEST_EQUAL( mbedtls_test_read_mpi( &N, radix_N, input_N ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &E, radix_E, input_E ), 0 );
+
+ /* load private key */
+ TEST_EQUAL( mbedtls_test_read_mpi( &P, radix_P, input_P ), 0 );
+ TEST_EQUAL( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ), 0 );
+ TEST_EQUAL( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ), 0 );
+ TEST_EQUAL( mbedtls_rsa_get_len( rsa ), (size_t) ( mod / 8 ) );
+ TEST_EQUAL( mbedtls_rsa_complete( rsa ), 0 );
+
+ /* Turn PK context into an opaque one. */
+ TEST_EQUAL( mbedtls_pk_wrap_as_opaque( &pk, &key_id,
+ PSA_ALG_RSA_PKCS1V15_CRYPT,
+ PSA_KEY_USAGE_DECRYPT,
+ PSA_ALG_NONE ), 0 );
+
+ /* decryption test */
+ memset( output, 0, sizeof( output ) );
+ olen = 0;
+ TEST_EQUAL( mbedtls_pk_decrypt( &pk, cipher->x, cipher->len,
+ output, &olen, sizeof( output ),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info ), ret );
+ if( ret == 0 )
+ {
+ TEST_EQUAL( olen, clear->len );
+ TEST_EQUAL( memcmp( output, clear->x, olen ), 0 );
+ }
+
+ TEST_EQUAL( PSA_SUCCESS, psa_destroy_key( key_id ) );
+
+exit:
+ mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P );
+ mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E );
+ mbedtls_pk_free( &pk );
+ USE_PSA_DONE( );
+}
+/* END_CASE */
+
/* BEGIN_CASE */
void pk_ec_nocrypt( int type )
{
@@ -1011,7 +1080,7 @@
memset( ciph, 0, sizeof ciph );
memset( test, 0, sizeof test );
- /* Initiliaze PK RSA context with random key */
+ /* Initialize PK RSA context with random key */
TEST_ASSERT( mbedtls_pk_setup( &rsa,
mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
TEST_ASSERT( pk_genkey( &rsa, RSA_KEY_SIZE ) == 0 );
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 14343aa..7250753 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2259,7 +2259,7 @@
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
cipher_decrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
-PSA symetric decrypt: CCM*-no-tag, input too short (15 bytes)
+PSA symmetric decrypt: CCM*-no-tag, input too short (15 bytes)
depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:MBEDTLS_AES_C
cipher_decrypt_fail:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"2a2a2a2a2a2a2a2a":PSA_ERROR_INVALID_ARGUMENT
@@ -2315,6 +2315,18 @@
depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES
cipher_decrypt:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+PSA symmetric decrypt: ChaCha20, RFC7539 keystream
+depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
+# Keystream from RFC 7539 §2.4.2, with an extra 64-byte output block prepended
+# because the test vector starts at counter=1 but our API starts at counter=0.
+cipher_decrypt:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"000000000000004a00000000":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"af051e40bba0354981329a806a140eafd258a22a6dcb4bb9f6569cb3efe2deaf837bd87ca20b5ba12081a306af0eb35c41a239d20dfc74c81771560d9c9c1e4b224f51f3401bd9e12fde276fb8631ded8c131f823d2c06e27e4fcaec9ef3cf788a3b0aa372600a92b57974cded2b9334794cba40c63e34cdea212c4cf07d41b769a6749f3f630f4122cafe28ec4dc47e26d4346d70b98c73f3e9c53ac40c5945398b6eda1a832c89c167eacd901d7e2bf363"
+
+PSA symmetric decrypt: ChaCha20, RFC7539 sunscreen
+depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
+# Test vector from RFC 7539 §2.4.2, with an extra 64-byte block prepended
+# because the test vector starts at counter=1 but our API starts at counter=0.
+cipher_decrypt:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"000000000000004a00000000":"fb6d7b60e9e67669b607a9b94a606bdca678d44f0ebf24cbd623efd69cc2bdc0f615ac19d0366a8d00e3d6728f5ee01d61d74ab77edc17a7621f2268eea12e656e2e359a2568f98041ba0728dd0d6981e97e7aec1d4360c20a27afccfd9fae0bf91b65c5524733ab8f593dabcd62b3571639d624e65152ab8f530c359f0861d807ca0dbf500d6a6156a38e088a22b65e52bc514d16ccf806818ce91ab77937365af90bbf74a35be6b40b8eedf2785e42874d":"546865205246432037353339207465737420766563746f72207573657320636f756e7465723d312c2062757420505341207573657320636f756e7465723d302e4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e"
+
PSA symmetric decrypt multipart: AES-ECB, 0 bytes, good
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":0:0:0:"":PSA_SUCCESS
@@ -2611,6 +2623,12 @@
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
cipher_encrypt_multipart:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":14:14:50:"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4":PSA_SUCCESS
+PSA symmetric encryption multipart: ChaCha20, RFC7539 sunscreen
+depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
+# Test vector from RFC 7539 §2.4.2, with an extra 64-byte block prepended
+# because the test vector starts at counter=1 but our API starts at counter=0.
+cipher_encrypt_multipart:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"000000000000004a00000000":"546865205246432037353339207465737420766563746f72207573657320636f756e7465723d312c2062757420505341207573657320636f756e7465723d302e4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":64:64:114:"fb6d7b60e9e67669b607a9b94a606bdca678d44f0ebf24cbd623efd69cc2bdc0f615ac19d0366a8d00e3d6728f5ee01d61d74ab77edc17a7621f2268eea12e656e2e359a2568f98041ba0728dd0d6981e97e7aec1d4360c20a27afccfd9fae0bf91b65c5524733ab8f593dabcd62b3571639d624e65152ab8f530c359f0861d807ca0dbf500d6a6156a38e088a22b65e52bc514d16ccf806818ce91ab77937365af90bbf74a35be6b40b8eedf2785e42874d":PSA_SUCCESS
+
PSA symmetric decrypt multipart: ChaCha20, K=rand N=rand
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
cipher_decrypt_multipart:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":64:64:0:"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4":PSA_SUCCESS
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 6cd6bee..8dd8e39 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -834,7 +834,7 @@
size_t n;
/* Skip the test case if the target running the test cannot
- * accomodate large keys due to heap size constraints */
+ * accommodate large keys due to heap size constraints */
ASSERT_ALLOC_WEAK( buffer, buffer_size );
memset( buffer, 'K', byte_size );
@@ -1198,7 +1198,7 @@
/* Test each valid way of initializing the object, except for `= {0}`, as
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
- * to supress the Clang warning for the test. */
+ * to suppress the Clang warning for the test. */
psa_key_attributes_t func = psa_key_attributes_init( );
psa_key_attributes_t init = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t zero;
@@ -1989,7 +1989,7 @@
/* Test each valid way of initializing the object, except for `= {0}`, as
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
- * to supress the Clang warning for the test. */
+ * to suppress the Clang warning for the test. */
psa_hash_operation_t func = psa_hash_operation_init( );
psa_hash_operation_t init = PSA_HASH_OPERATION_INIT;
psa_hash_operation_t zero;
@@ -2518,7 +2518,7 @@
/* Test each valid way of initializing the object, except for `= {0}`, as
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
- * to supress the Clang warning for the test. */
+ * to suppress the Clang warning for the test. */
psa_mac_operation_t func = psa_mac_operation_init( );
psa_mac_operation_t init = PSA_MAC_OPERATION_INIT;
psa_mac_operation_t zero;
@@ -2941,7 +2941,7 @@
/* Test each valid way of initializing the object, except for `= {0}`, as
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
- * to supress the Clang warning for the test. */
+ * to suppress the Clang warning for the test. */
psa_cipher_operation_t func = psa_cipher_operation_init( );
psa_cipher_operation_t init = PSA_CIPHER_OPERATION_INIT;
psa_cipher_operation_t zero;
@@ -5964,7 +5964,7 @@
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
- /* Allocate a buffer which has the size advertized by the
+ /* Allocate a buffer which has the size advertised by the
* library. */
signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
key_bits, alg );
@@ -6063,7 +6063,7 @@
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
- /* Allocate a buffer which has the size advertized by the
+ /* Allocate a buffer which has the size advertised by the
* library. */
signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
key_bits, alg );
@@ -6697,7 +6697,7 @@
/* Test each valid way of initializing the object, except for `= {0}`, as
* Clang 5 complains when `-Wmissing-field-initializers` is used, even
* though it's OK by the C standard. We could test for this, but we'd need
- * to supress the Clang warning for the test. */
+ * to suppress the Clang warning for the test. */
size_t capacity;
psa_key_derivation_operation_t func = psa_key_derivation_operation_init( );
psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT;
@@ -7617,7 +7617,7 @@
NULL, 0 ) );
}
- /* Test the advertized capacity. */
+ /* Test the advertised capacity. */
PSA_ASSERT( psa_key_derivation_get_capacity(
&operation, &actual_capacity ) );
TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg );
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index a5ea840..128352b 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -995,7 +995,7 @@
/*
* Test encrypt failure
* First test that if we don't force a driver error, encryption is
- * successfull, then force driver error.
+ * successful, then force driver error.
*/
status = psa_cipher_encrypt(
key, alg, input->x, input->len,
diff --git a/tests/suites/test_suite_psa_crypto_entropy.data b/tests/suites/test_suite_psa_crypto_entropy.data
index 49d3f69..322363d 100644
--- a/tests/suites/test_suite_psa_crypto_entropy.data
+++ b/tests/suites/test_suite_psa_crypto_entropy.data
@@ -7,7 +7,7 @@
# randomization for (e.g.) blinding. An external implementation could use
# its own randomness source which is not affected by the forced failure of
# the RNG driver.
-# Key types and non-randomized auxilary algorithms (in practice, hashes) can
+# Key types and non-randomized auxiliary algorithms (in practice, hashes) can
# use an external implementation.
PSA external RNG failure: randomized ECDSA
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PSA_BUILTIN_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
index 79d658f..9f68491 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -170,6 +170,7 @@
}
/* Null import: do nothing, but pretend it worked. */
+#if defined(AT_LEAST_ONE_BUILTIN_KDF)
static psa_status_t null_import( psa_drv_se_context_t *context,
psa_key_slot_number_t slot_number,
const psa_key_attributes_t *attributes,
@@ -186,8 +187,10 @@
*bits = PSA_BYTES_TO_BITS( data_length );
return( PSA_SUCCESS );
}
+#endif /* AT_LEAST_ONE_BUILTIN_KDF */
/* Null generate: do nothing, but pretend it worked. */
+#if defined(AT_LEAST_ONE_BUILTIN_KDF)
static psa_status_t null_generate( psa_drv_se_context_t *context,
psa_key_slot_number_t slot_number,
const psa_key_attributes_t *attributes,
@@ -208,6 +211,7 @@
return( PSA_SUCCESS );
}
+#endif /* AT_LEAST_ONE_BUILTIN_KDF */
/* Null destroy: do nothing, but pretend it worked. */
static psa_status_t null_destroy( psa_drv_se_context_t *context,
@@ -635,6 +639,7 @@
/* Check that a function's return status is "smoke-free", i.e. that
* it's an acceptable error code when calling an API function that operates
* on a key with potentially bogus parameters. */
+#if defined(AT_LEAST_ONE_BUILTIN_KDF)
static int is_status_smoke_free( psa_status_t status )
{
switch( status )
@@ -651,6 +656,8 @@
return( 0 );
}
}
+#endif /* AT_LEAST_ONE_BUILTIN_KDF */
+
#define SMOKE_ASSERT( expr ) \
TEST_ASSERT( is_status_smoke_free( expr ) )
@@ -658,6 +665,7 @@
* mostly bogus parameters: the goal is to ensure that there is no memory
* corruption or crash. This test function is most useful when run under
* an environment with sanity checks such as ASan or MSan. */
+#if defined(AT_LEAST_ONE_BUILTIN_KDF)
static int smoke_test_key( mbedtls_svc_key_id_t key )
{
int ok = 0;
@@ -766,6 +774,7 @@
return( ok );
}
+#endif /* AT_LEAST_ONE_BUILTIN_KDF */
static void psa_purge_storage( void )
{
@@ -1073,7 +1082,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:AT_LEAST_ONE_BUILTIN_KDF */
void import_key_smoke( int type_arg, int alg_arg,
data_t *key_material )
{
@@ -1186,7 +1195,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:AT_LEAST_ONE_BUILTIN_KDF */
void generate_key_smoke( int type_arg, int bits_arg, int alg_arg )
{
psa_key_type_t type = type_arg;
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index aa3ce28..d577663 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -325,7 +325,7 @@
case INVALIDATE_BY_DESTROYING:
case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN:
/*
- * Test that the key handle and identifier are now not refering to an
+ * Test that the key handle and identifier are now not referring to an
* existing key.
*/
TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ),
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 848a497..274f0de 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -10,7 +10,7 @@
Attempt to register multiple PSKs, incl. opaque PSK, #2
test_multiple_psks_opaque:2
-Test calback buffer sanity
+Test callback buffer sanity
test_callback_buffer_sanity:
Callback buffer test: Exercise simple write/read
@@ -624,7 +624,7 @@
SSL DTLS replay: delayed
ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340002":0
-SSL DTLS replay: lastest replayed
+SSL DTLS replay: last replayed
ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340003":-1
SSL DTLS replay: older replayed
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 35f1638..2685e6a 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -2229,7 +2229,7 @@
/* After calling mbedtls_ssl_renegotiate for the client all renegotiation
* should happen inside this function. However in this test, we cannot
- * perform simultaneous communication betwen client and server so this
+ * perform simultaneous communication between client and server so this
* function will return waiting error on the socket. All rest of
* renegotiation should happen during data exchanging */
ret = mbedtls_ssl_renegotiate( &(client.ssl) );
@@ -2321,7 +2321,7 @@
TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
/* Make sure calling put and get on a buffer that hasn't been set up results
- * in eror. */
+ * in error. */
mbedtls_test_buffer_init( &buf );
TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 0ce4a2e..da12382 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,4 +1,4 @@
-Check compiletime library version
+Check compile time library version
check_compiletime_version:"3.1.0"
Check runtime library version
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 33591d3..8605b63 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -87,7 +87,7 @@
return -1;
}
-
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
int ca_callback( void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates )
{
@@ -141,6 +141,7 @@
*candidates = first;
return( ret );
}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
int verify_fatal( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )