Merge pull request #3320 from gilles-peskine-arm/check-files-changelog-development
Check changelog entries on CI
diff --git a/ChangeLog.d/error-asn1.txt b/ChangeLog.d/error-asn1.txt
new file mode 100644
index 0000000..c165696
--- /dev/null
+++ b/ChangeLog.d/error-asn1.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Include asn1.h in error.c. Fixes #3328 reported by David Hu.
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 1f04222..cc0eab4 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -431,7 +431,7 @@
* \param key_type An asymmetric key type (this may indifferently be a
* key pair type or a public key type).
* \param key_bits The size of the key in bits.
- * \param alg The signature algorithm.
+ * \param alg The asymmetric encryption algorithm.
*
* \return If the parameters are valid and supported, return
* a buffer size in bytes that guarantees that
@@ -450,9 +450,9 @@
/** Sufficient output buffer size for psa_asymmetric_decrypt().
*
- * This macro returns a sufficient buffer size for a ciphertext produced using
+ * This macro returns a sufficient buffer size for a plaintext produced using
* a key of the specified type and size, with the specified algorithm.
- * Note that the actual size of the ciphertext may be smaller, depending
+ * Note that the actual size of the plaintext may be smaller, depending
* on the algorithm.
*
* \warning This function may call its arguments multiple times or
@@ -462,7 +462,7 @@
* \param key_type An asymmetric key type (this may indifferently be a
* key pair type or a public key type).
* \param key_bits The size of the key in bits.
- * \param alg The signature algorithm.
+ * \param alg The asymmetric encryption algorithm.
*
* \return If the parameters are valid and supported, return
* a buffer size in bytes that guarantees that
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 18b2d5a..9fed276 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -672,22 +672,24 @@
#define PSA_ALG_IS_AEAD(alg) \
(((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_AEAD)
-/** Whether the specified algorithm is a public-key signature algorithm.
+/** Whether the specified algorithm is an asymmetric signature algorithm,
+ * also known as public-key signature algorithm.
*
* \param alg An algorithm identifier (value of type #psa_algorithm_t).
*
- * \return 1 if \p alg is a public-key signature algorithm, 0 otherwise.
+ * \return 1 if \p alg is an asymmetric signature algorithm, 0 otherwise.
* This macro may return either 0 or 1 if \p alg is not a supported
* algorithm identifier.
*/
#define PSA_ALG_IS_SIGN(alg) \
(((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN)
-/** Whether the specified algorithm is a public-key encryption algorithm.
+/** Whether the specified algorithm is an asymmetric encryption algorithm,
+ * also known as public-key encryption algorithm.
*
* \param alg An algorithm identifier (value of type #psa_algorithm_t).
*
- * \return 1 if \p alg is a public-key encryption algorithm, 0 otherwise.
+ * \return 1 if \p alg is an asymmetric encryption algorithm, 0 otherwise.
* This macro may return either 0 or 1 if \p alg is not a supported
* algorithm identifier.
*/
@@ -1205,9 +1207,9 @@
/** Whether the specified algorithm is a hash-and-sign algorithm.
*
- * Hash-and-sign algorithms are public-key signature algorithms structured
- * in two parts: first the calculation of a hash in a way that does not
- * depend on the key, then the calculation of a signature from the
+ * Hash-and-sign algorithms are asymmetric (public-key) signature algorithms
+ * structured in two parts: first the calculation of a hash in a way that
+ * does not depend on the key, then the calculation of a signature from the
* hash value and the key.
*
* \param alg An algorithm identifier (value of type #psa_algorithm_t).
@@ -1259,7 +1261,7 @@
* #PSA_ALG_IS_HASH(\p hash_alg) is true) to use
* for MGF1.
*
- * \return The corresponding RSA OAEP signature algorithm.
+ * \return The corresponding RSA OAEP encryption algorithm.
* \return Unspecified if \p hash_alg is not a supported
* hash algorithm.
*/
diff --git a/library/error.c b/library/error.c
index 22c7b16..be60798 100644
--- a/library/error.c
+++ b/library/error.c
@@ -52,6 +52,10 @@
#include "mbedtls/aria.h"
#endif
+#if defined(MBEDTLS_ASN1_PARSE_C)
+#include "mbedtls/asn1.h"
+#endif
+
#if defined(MBEDTLS_BASE64_C)
#include "mbedtls/base64.h"
#endif
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index 0512d59..150e10e 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -48,12 +48,16 @@
$/ = $line_separator;
my @files = <$include_dir/*.h>;
+my @necessary_include_files;
my @matches;
foreach my $file (@files) {
open(FILE, "$file");
my @grep_res = grep(/^\s*#define\s+MBEDTLS_ERR_\w+\s+\-0x[0-9A-Fa-f]+/, <FILE>);
push(@matches, @grep_res);
close FILE;
+ my $include_name = $file;
+ $include_name =~ s!.*/!!;
+ push @necessary_include_files, $include_name if @grep_res;
}
my $ll_old_define = "";
@@ -63,10 +67,10 @@
my $hl_code_check = "";
my $headers = "";
+my %included_headers;
my %error_codes_seen;
-
foreach my $line (@matches)
{
next if ($line =~ /compat-1.2.h/);
@@ -97,11 +101,12 @@
my $include_name = $module_name;
$include_name =~ tr/A-Z/a-z/;
- $include_name = "" if ($include_name eq "asn1");
# Fix faulty ones
$include_name = "net_sockets" if ($module_name eq "NET");
+ $included_headers{"${include_name}.h"} = $module_name;
+
my $found_ll = grep $_ eq $module_name, @low_level_modules;
my $found_hl = grep $_ eq $module_name, @high_level_modules;
if (!$found_ll && !$found_hl)
@@ -194,3 +199,15 @@
open(ERROR_FILE, ">$error_file") or die "Opening destination file '$error_file': $!";
print ERROR_FILE $error_format;
close(ERROR_FILE);
+
+my $errors = 0;
+for my $include_name (@necessary_include_files)
+{
+ if (not $included_headers{$include_name})
+ {
+ print STDERR "The header file \"$include_name\" defines error codes but has not been included!\n";
+ ++$errors;
+ }
+}
+
+exit !!$errors;
diff --git a/scripts/output_env.sh b/scripts/output_env.sh
index 04edc38..3545279 100755
--- a/scripts/output_env.sh
+++ b/scripts/output_env.sh
@@ -13,6 +13,7 @@
# This includes:
# - architecture of the system
# - type and version of the operating system
+# - version of make and cmake
# - version of armcc, clang, gcc-arm and gcc compilers
# - version of libc, clang, asan and valgrind if installed
# - version of gnuTLS and OpenSSL
@@ -71,6 +72,12 @@
echo "** Tool Versions:"
echo
+print_version "make" "--version" "" "head -n 1"
+echo
+
+print_version "cmake" "--version" "" "head -n 1"
+echo
+
if [ "${RUN_ARMCC:-1}" -ne 0 ]; then
: "${ARMC5_CC:=armcc}"
print_version "$ARMC5_CC" "--vsn" "" "head -n 2"
@@ -105,6 +112,9 @@
print_version "python" "--version" "" "head -n 1"
echo
+print_version "python3" "--version" "" "head -n 1"
+echo
+
# Find the installed version of Pylint. Installed as a distro package this can
# be pylint3 and as a PEP egg, pylint. In test scripts We prefer pylint over
# pylint3