Merge pull request #3341 from paul-elliott-arm/fix-contributing
Fix contributing link to changelog howto
diff --git a/.gitignore b/.gitignore
index 0f95b4c..ee2cd46 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,6 +34,9 @@
# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
*.dir/
+# Microsoft CMake extension for Visual Studio Code generates a build directory by default
+/build/
+
# Visual Studio artifacts
/visualc/VS2010/.localhistory/
/visualc/VS2010/.vs/
diff --git a/.travis.yml b/.travis.yml
index 0685bdb..c67c0cd 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,28 +1,60 @@
language: c
-compiler:
-- clang
-- gcc
+compiler: gcc
sudo: false
cache: ccache
-script:
-- tests/scripts/recursion.pl library/*.c
-- tests/scripts/check-generated-files.sh
-- tests/scripts/check-doxy-blocks.pl
-- tests/scripts/check-names.sh
-- tests/scripts/check-files.py
-- tests/scripts/doxygen.sh
-- cmake -D CMAKE_BUILD_TYPE:String="Check" .
-- make
-- make test
-- programs/test/selftest
-- OSSL_NO_DTLS=1 tests/compat.sh
-- tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl'
-- tests/scripts/test-ref-configs.pl
-- tests/scripts/curves.pl
-- tests/scripts/key-exchanges.pl
+jobs:
+ include:
+ - name: basic checks and reference configurations
+ addons:
+ apt:
+ packages:
+ - gnutls-bin
+ - doxygen
+ - graphviz
+ - gcc-arm-none-eabi
+ - libnewlib-arm-none-eabi
+ language: python # Needed to get pip for Python 3
+ python: 3.5 # version from Ubuntu 16.04
+ install:
+ - pip install pylint==2.4.4
+ script:
+ - tests/scripts/all.sh -k 'check_*'
+ - tests/scripts/all.sh -k test_default_out_of_box
+ - tests/scripts/test-ref-configs.pl
+ - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
+
+ - name: full configuration
+ script:
+ - tests/scripts/all.sh -k test_full_cmake_gcc_asan
+
+ - name: check compilation guards
+ script:
+ - tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges'
+
+ - name: macOS
+ os: osx
+ compiler: clang
+ script:
+ - tests/scripts/all.sh -k test_default_out_of_box
+
+ - name: Windows
+ os: windows
+ before_install:
+ - choco install python --version=3.5.4
+ env:
+ # Add the directory where the Choco package goes
+ - PATH=/c/Python35:/c/Python35/Scripts:$PATH
+ script:
+ - type python; python --version
+ - python scripts/generate_psa_constants.py
+ # Logs appear out of sequence on Windows. Give time to catch up.
+ - sleep 5
+ - scripts/windows_msbuild.bat v141 # Visual Studio 2017
+
after_failure:
- tests/scripts/travis-log-failure.sh
+
env:
global:
- SEED=1
@@ -31,8 +63,7 @@
addons:
apt:
packages:
- - doxygen
- - graphviz
+ - gnutls-bin
coverity_scan:
project:
name: "ARMmbed/mbedtls"
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4d17af8..c84194c 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -14,6 +14,7 @@
option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
+option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}")
@@ -140,9 +141,9 @@
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
- set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
- set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
- set(CMAKE_C_FLAGS_CHECK "-Werror -Os")
+ set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
+ set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
+ set(CMAKE_C_FLAGS_CHECK "-Os")
set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
endif(CMAKE_COMPILER_IS_GNU)
@@ -151,11 +152,11 @@
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
- set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
- set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
- set(CMAKE_C_FLAGS_MEMSAN "-Werror -fsanitize=memory -O3")
- set(CMAKE_C_FLAGS_MEMSANDBG "-Werror -fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2")
- set(CMAKE_C_FLAGS_CHECK "-Werror -Os")
+ set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
+ set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
+ set(CMAKE_C_FLAGS_MEMSAN "-fsanitize=memory -O3")
+ set(CMAKE_C_FLAGS_MEMSANDBG "-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2")
+ set(CMAKE_C_FLAGS_CHECK "-Os")
endif(CMAKE_COMPILER_IS_CLANG)
if(CMAKE_COMPILER_IS_IAR)
@@ -163,11 +164,25 @@
endif(CMAKE_COMPILER_IS_IAR)
if(CMAKE_COMPILER_IS_MSVC)
- # Strictest warnings, and treat as errors
+ # Strictest warnings
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3")
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX")
endif(CMAKE_COMPILER_IS_MSVC)
+if(MBEDTLS_FATAL_WARNINGS)
+ if(CMAKE_COMPILER_IS_MSVC)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX")
+ endif(CMAKE_COMPILER_IS_MSVC)
+
+ if(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror")
+ if(UNSAFE_BUILD)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error=cpp")
+ set(CMAKE_C_FLAGS_ASAN "${CMAKE_C_FLAGS_ASAN} -Wno-error=cpp")
+ set(CMAKE_C_FLAGS_ASANDBG "${CMAKE_C_FLAGS_ASANDBG} -Wno-error=cpp")
+ endif(UNSAFE_BUILD)
+ endif(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU)
+endif(MBEDTLS_FATAL_WARNINGS)
+
if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
if(CMAKE_COMPILER_IS_GNU OR CMAKE_COMPILER_IS_CLANG)
set(CMAKE_SHARED_LINKER_FLAGS "--coverage")
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index db8689f..9b02ba5 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -14,7 +14,7 @@
Making a Contribution
---------------------
-1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
+1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls) around a feature idea or a bug.
1. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis.
1. Write a test which shows that the bug was fixed or that the feature works as expected.
1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :)
diff --git a/ChangeLog.d/bugfix_PR2855.txt b/ChangeLog.d/bugfix_PR2855.txt
new file mode 100644
index 0000000..a097321
--- /dev/null
+++ b/ChangeLog.d/bugfix_PR2855.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Remove dead code in X.509 certificate parsing. Contributed by irwir in #2855.
\ No newline at end of file
diff --git a/ChangeLog.d/fix-masked-hw-record-init-error.txt b/ChangeLog.d/fix-masked-hw-record-init-error.txt
new file mode 100644
index 0000000..2ef80da
--- /dev/null
+++ b/ChangeLog.d/fix-masked-hw-record-init-error.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix issue with a detected HW accelerated record error not being exposed
+ due to shadowed variable. Contributed by Sander Visser in #3310.
diff --git a/ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt b/ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt
new file mode 100644
index 0000000..9554aa0
--- /dev/null
+++ b/ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Avoid NULL pointer dereferencing if mbedtls_ssl_free() is called with a
+ NULL pointer argument. Contributed by Sander Visser in #3312.
\ No newline at end of file
diff --git a/ChangeLog.d/fix-print-non-ascii-string-in-mbedtls_x509_dn_gets.txt b/ChangeLog.d/fix-print-non-ascii-string-in-mbedtls_x509_dn_gets.txt
new file mode 100644
index 0000000..320b0b8
--- /dev/null
+++ b/ChangeLog.d/fix-print-non-ascii-string-in-mbedtls_x509_dn_gets.txt
@@ -0,0 +1,3 @@
+Changes
+ * Fix mbedtls_x509_dn_gets to escape non-ASCII characters as "?".
+ Contributed by Koh M. Nakagawa in #3326.
diff --git a/ChangeLog.d/inline-mbedtls_gcc_group_to_psa.txt b/ChangeLog.d/inline-mbedtls_gcc_group_to_psa.txt
new file mode 100644
index 0000000..d0bd1dc
--- /dev/null
+++ b/ChangeLog.d/inline-mbedtls_gcc_group_to_psa.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix potential linker errors on dual world platforms by inlining
+ mbedtls_gcc_group_to_psa(). This allows the pk.c module to link separately
+ from psa_crypto.c. Fixes #3300.
diff --git a/ChangeLog.d/midipix-support.txt b/ChangeLog.d/midipix-support.txt
new file mode 100644
index 0000000..53599ab
--- /dev/null
+++ b/ChangeLog.d/midipix-support.txt
@@ -0,0 +1,2 @@
+Features
+ * Add support for midipix, a POSIX layer for Microsoft Windows.
diff --git a/ChangeLog.d/psa-lifetime-locations.txt b/ChangeLog.d/psa-lifetime-locations.txt
new file mode 100644
index 0000000..6ac02bc
--- /dev/null
+++ b/ChangeLog.d/psa-lifetime-locations.txt
@@ -0,0 +1,8 @@
+Default behavior changes
+ * In the experimental PSA secure element interface, change the encoding of
+ key lifetimes to encode a persistence level and the location. Although C
+ prototypes do not effectively change, code calling
+ psa_register_se_driver() must be modified to pass the driver's location
+ instead of the keys' lifetime. If the library is upgraded on an existing
+ device, keys created with the old lifetime value will not be readable or
+ removable through Mbed TLS after the upgrade.
diff --git a/ChangeLog.d/unified-exit-in-examples.txt b/ChangeLog.d/unified-exit-in-examples.txt
new file mode 100644
index 0000000..3ef9798
--- /dev/null
+++ b/ChangeLog.d/unified-exit-in-examples.txt
@@ -0,0 +1,4 @@
+Changes
+ * Unify the example programs termination to call mbedtls_exit() instead of
+ using a return command. This has been done to enable customization of the
+ behavior in bare metal environments.
diff --git a/README.md b/README.md
index f868a0a..2058d24 100644
--- a/README.md
+++ b/README.md
@@ -85,11 +85,11 @@
mkdir /path/to/build_dir && cd /path/to/build_dir
cmake /path/to/mbedtls_source
- make
+ cmake --build .
In order to run the tests, enter:
- make test
+ ctest
The test suites need Python to be built and Perl to be executed. If you don't have one of these installed, you'll want to disable the test suites with:
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index e9fa311..84cc5ab 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -578,8 +578,55 @@
* (`PSA_ECC_CURVE_xxx`).
* \return \c 0 on failure (\p grpid is not recognized).
*/
-psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid,
- size_t *bits );
+static inline psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid,
+ size_t *bits )
+{
+ switch( grpid )
+ {
+ case MBEDTLS_ECP_DP_SECP192R1:
+ *bits = 192;
+ return( PSA_ECC_CURVE_SECP_R1 );
+ case MBEDTLS_ECP_DP_SECP224R1:
+ *bits = 224;
+ return( PSA_ECC_CURVE_SECP_R1 );
+ case MBEDTLS_ECP_DP_SECP256R1:
+ *bits = 256;
+ return( PSA_ECC_CURVE_SECP_R1 );
+ case MBEDTLS_ECP_DP_SECP384R1:
+ *bits = 384;
+ return( PSA_ECC_CURVE_SECP_R1 );
+ case MBEDTLS_ECP_DP_SECP521R1:
+ *bits = 521;
+ return( PSA_ECC_CURVE_SECP_R1 );
+ case MBEDTLS_ECP_DP_BP256R1:
+ *bits = 256;
+ return( PSA_ECC_CURVE_BRAINPOOL_P_R1 );
+ case MBEDTLS_ECP_DP_BP384R1:
+ *bits = 384;
+ return( PSA_ECC_CURVE_BRAINPOOL_P_R1 );
+ case MBEDTLS_ECP_DP_BP512R1:
+ *bits = 512;
+ return( PSA_ECC_CURVE_BRAINPOOL_P_R1 );
+ case MBEDTLS_ECP_DP_CURVE25519:
+ *bits = 255;
+ return( PSA_ECC_CURVE_MONTGOMERY );
+ case MBEDTLS_ECP_DP_SECP192K1:
+ *bits = 192;
+ return( PSA_ECC_CURVE_SECP_K1 );
+ case MBEDTLS_ECP_DP_SECP224K1:
+ *bits = 224;
+ return( PSA_ECC_CURVE_SECP_K1 );
+ case MBEDTLS_ECP_DP_SECP256K1:
+ *bits = 256;
+ return( PSA_ECC_CURVE_SECP_K1 );
+ case MBEDTLS_ECP_DP_CURVE448:
+ *bits = 448;
+ return( PSA_ECC_CURVE_MONTGOMERY );
+ default:
+ *bits = 0;
+ return( 0 );
+ }
+}
/** Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
*
diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index 7ac1ed1..0c28579 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h
@@ -119,8 +119,10 @@
* \param[in,out] drv_context The driver context structure.
* \param[in,out] persistent_data A pointer to the persistent data
* that allows writing.
- * \param lifetime The lifetime value for which this driver
- * is registered.
+ * \param location The location value for which this driver
+ * is registered. The driver will be invoked
+ * for all keys whose lifetime is in this
+ * location.
*
* \retval #PSA_SUCCESS
* The driver is operational.
@@ -132,7 +134,7 @@
*/
typedef psa_status_t (*psa_drv_se_init_t)(psa_drv_se_context_t *drv_context,
void *persistent_data,
- psa_key_lifetime_t lifetime);
+ psa_key_location_t location);
#if defined(__DOXYGEN_ONLY__) || !defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* Mbed Crypto with secure element support enabled defines this type in
@@ -1341,17 +1343,19 @@
* after psa_crypto_init().
*
* \note Implementations store metadata about keys including the lifetime
- * value. Therefore, from one instantiation of the PSA Cryptography
+ * value, which contains the driver's location indicator. Therefore,
+ * from one instantiation of the PSA Cryptography
* library to the next one, if there is a key in storage with a certain
* lifetime value, you must always register the same driver (or an
* updated version that communicates with the same secure element)
- * with the same lifetime value.
+ * with the same location value.
*
- * \param lifetime The lifetime value through which this driver will
+ * \param location The location value through which this driver will
* be exposed to applications.
- * The values #PSA_KEY_LIFETIME_VOLATILE and
- * #PSA_KEY_LIFETIME_PERSISTENT are reserved and
- * may not be used for drivers. Implementations
+ * This driver will be used for all keys such that
+ * `location == PSA_KEY_LIFETIME_LOCATION( lifetime )`.
+ * The value #PSA_KEY_LOCATION_LOCAL_STORAGE is reserved
+ * and may not be used for drivers. Implementations
* may reserve other values.
* \param[in] methods The method table of the driver. This structure must
* remain valid for as long as the cryptography
@@ -1376,7 +1380,7 @@
* \return PSA_ERROR_NOT_PERMITTED
*/
psa_status_t psa_register_se_driver(
- psa_key_lifetime_t lifetime,
+ psa_key_location_t location,
const psa_drv_se_t *methods);
/**@}*/
diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
index d96c66e..41f1bea 100644
--- a/include/psa/crypto_types.h
+++ b/include/psa/crypto_types.h
@@ -108,18 +108,117 @@
* The lifetime of a key indicates where it is stored and what system actions
* may create and destroy it.
*
- * Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are automatically
- * destroyed when the application terminates or on a power reset.
+ * Lifetime values have the following structure:
+ * - Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(\c lifetime)):
+ * persistence level. This value indicates what device management
+ * actions can cause it to be destroyed. In particular, it indicates
+ * whether the key is _volatile_ or _persistent_.
+ * See ::psa_key_persistence_t for more information.
+ * - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)):
+ * location indicator. This value indicates where the key is stored
+ * and where operations on the key are performed.
+ * See ::psa_key_location_t for more information.
*
- * Keys with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE are said
- * to be _persistent_.
- * Persistent keys are preserved if the application or the system restarts.
+ * Volatile keys are automatically destroyed when the application instance
+ * terminates or on a power reset of the device. Persistent keys are
+ * preserved until the application explicitly destroys them or until an
+ * implementation-specific device management event occurs (for example,
+ * a factory reset).
+ *
* Persistent keys have a key identifier of type #psa_key_id_t.
+ * This identifier remains valid throughout the lifetime of the key,
+ * even if the application instance that created the key terminates.
* The application can call psa_open_key() to open a persistent key that
* it created previously.
+ *
+ * This specification defines two basic lifetime values:
+ * - Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are volatile.
+ * All implementations should support this lifetime.
+ * - Keys with the lifetime #PSA_KEY_LIFETIME_PERSISTENT are persistent.
+ * All implementations that have access to persistent storage with
+ * appropriate security guarantees should support this lifetime.
*/
typedef uint32_t psa_key_lifetime_t;
+/** Encoding of key persistence levels.
+ *
+ * What distinguishes different persistence levels is what device management
+ * events may cause keys to be destroyed. _Volatile_ keys are destroyed
+ * by a power reset. Persistent keys may be destroyed by events such as
+ * a transfer of ownership or a factory reset. What management events
+ * actually affect persistent keys at different levels is outside the
+ * scope of the PSA Cryptography specification.
+ *
+ * This specification defines the following values of persistence levels:
+ * - \c 0 = #PSA_KEY_PERSISTENCE_VOLATILE: volatile key.
+ * A volatile key is automatically destroyed by the implementation when
+ * the application instance terminates. In particular, a volatile key
+ * is automatically destroyed on a power reset of the device.
+ * - \c 1 = #PSA_KEY_PERSISTENCE_DEFAULT:
+ * persistent key with a default lifetime.
+ * Implementations should support this value if they support persistent
+ * keys at all.
+ * Applications should use this value if they have no specific needs that
+ * are only met by implementation-specific features.
+ * - \c 2-127: persistent key with a PSA-specified lifetime.
+ * The PSA Cryptography specification does not define the meaning of these
+ * values, but other PSA specifications may do so.
+ * - \c 128-254: persistent key with a vendor-specified lifetime.
+ * No PSA specification will define the meaning of these values, so
+ * implementations may choose the meaning freely.
+ * As a guideline, higher persistence levels should cause a key to survive
+ * more management events than lower levels.
+ * - \c 255 = #PSA_KEY_PERSISTENCE_READ_ONLY:
+ * read-only or write-once key.
+ * A key with this persistence level cannot be destroyed.
+ * Implementations that support such keys may either allow their creation
+ * through the PSA Cryptography API, preferably only to applications with
+ * the appropriate privilege, or only expose keys created through
+ * implementation-specific means such as a factory ROM engraving process.
+ * Note that keys that are read-only due to policy restrictions
+ * rather than due to physical limitations should not have this
+ * persistence levels.
+ *
+ * \note Key persistence levels are 8-bit values. Key management
+ * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
+ * encode the persistence as the lower 8 bits of a 32-bit value.
+ */
+typedef uint8_t psa_key_persistence_t;
+
+/** Encoding of key location indicators.
+ *
+ * If an implementation of this API can make calls to external
+ * cryptoprocessors such as secure elements, the location of a key
+ * indicates which secure element performs the operations on the key.
+ * If an implementation offers multiple physical locations for persistent
+ * storage, the location indicator reflects at which physical location
+ * the key is stored.
+ *
+ * This specification defines the following values of location indicators:
+ * - \c 0: primary local storage.
+ * All implementations should support this value.
+ * The primary local storage is typically the same storage area that
+ * contains the key metadata.
+ * - \c 1: primary secure element.
+ * Implementations should support this value if there is a secure element
+ * attached to the operating environment.
+ * As a guideline, secure elements may provide higher resistance against
+ * side channel and physical attacks than the primary local storage, but may
+ * have restrictions on supported key types, sizes, policies and operations
+ * and may have different performance characteristics.
+ * - \c 2-0x7fffff: other locations defined by a PSA specification.
+ * The PSA Cryptography API does not currently assign any meaning to these
+ * locations, but future versions of this specification or other PSA
+ * specifications may do so.
+ * - \c 0x800000-0xffffff: vendor-defined locations.
+ * No PSA specification will assign a meaning to locations in this range.
+ *
+ * \note Key location indicators are 24-bit values. Key management
+ * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
+ * encode the location as the upper 24 bits of a 32-bit value.
+ */
+typedef uint32_t psa_key_location_t;
+
/** Encoding of identifiers of persistent keys.
*
* - Applications may freely choose key identifiers in the range
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index baaabff..18b2d5a 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -1539,12 +1539,20 @@
* @{
*/
-/** A volatile key only exists as long as the handle to it is not closed.
+/** The default lifetime for volatile keys.
+ *
+ * A volatile key only exists as long as the handle to it is not closed.
* The key material is guaranteed to be erased on a power reset.
+ *
+ * A key with this lifetime is typically stored in the RAM area of the
+ * PSA Crypto subsystem. However this is an implementation choice.
+ * If an implementation stores data about the key in a non-volatile memory,
+ * it must release all the resources associated with the key and erase the
+ * key material if the calling application terminates.
*/
#define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000)
-/** The default storage area for persistent keys.
+/** The default lifetime for persistent keys.
*
* A persistent key remains in storage until it is explicitly destroyed or
* until the corresponding storage area is wiped. This specification does
@@ -1555,9 +1563,77 @@
* This lifetime value is the default storage area for the calling
* application. Implementations may offer other storage areas designated
* by other lifetime values as implementation-specific extensions.
+ * See ::psa_key_lifetime_t for more information.
*/
#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001)
+/** The persistence level of volatile keys.
+ *
+ * See ::psa_key_persistence_t for more information.
+ */
+#define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t)0x00)
+
+/** The default persistence level for persistent keys.
+ *
+ * See ::psa_key_persistence_t for more information.
+ */
+#define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t)0x01)
+
+/** A persistence level indicating that a key is never destroyed.
+ *
+ * See ::psa_key_persistence_t for more information.
+ */
+#define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t)0xff)
+
+#define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \
+ ((psa_key_persistence_t)((lifetime) & 0x000000ff))
+
+#define PSA_KEY_LIFETIME_GET_LOCATION(lifetime) \
+ ((psa_key_location_t)((lifetime) >> 8))
+
+/** Whether a key lifetime indicates that the key is volatile.
+ *
+ * A volatile key is automatically destroyed by the implementation when
+ * the application instance terminates. In particular, a volatile key
+ * is automatically destroyed on a power reset of the device.
+ *
+ * A key that is not volatile is persistent. Persistent keys are
+ * preserved until the application explicitly destroys them or until an
+ * implementation-specific device management event occurs (for example,
+ * a factory reset).
+ *
+ * \param lifetime The lifetime value to query (value of type
+ * ::psa_key_lifetime_t).
+ *
+ * \return \c 1 if the key is volatile, otherwise \c 0.
+ */
+#define PSA_KEY_LIFETIME_IS_VOLATILE(lifetime) \
+ (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
+ PSA_KEY_LIFETIME_PERSISTENCE_VOLATILE)
+
+/** Construct a lifetime from a persistence level and a location.
+ *
+ * \param persistence The persistence level
+ * (value of type ::psa_key_persistence_t).
+ * \param location The location indicator
+ * (value of type ::psa_key_location_t).
+ *
+ * \return The constructed lifetime value.
+ */
+#define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(persistence, location) \
+ ((location) << 8 | (persistence))
+
+/** The local storage area for persistent keys.
+ *
+ * This storage area is available on all systems that can store persistent
+ * keys without delegating the storage to a third-party cryptoprocessor.
+ *
+ * See ::psa_key_location_t for more information.
+ */
+#define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t)0x000000)
+
+#define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000)
+
/** The minimum value for a key identifier chosen by the application.
*/
#define PSA_KEY_ID_USER_MIN ((psa_app_key_id_t)0x00000001)
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index fd98fa5..f6a186f 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -113,12 +113,6 @@
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code")
endif(CMAKE_COMPILER_IS_CLANG)
-if(UNSAFE_BUILD)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error")
- set(CMAKE_C_FLAGS_ASAN "${CMAKE_C_FLAGS_ASAN} -Wno-error")
- set(CMAKE_C_FLAGS_ASANDBG "${CMAKE_C_FLAGS_ASANDBG} -Wno-error")
-endif(UNSAFE_BUILD)
-
if(WIN32)
set(libs ${libs} ws2_32)
endif(WIN32)
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index c9b2c95..8b4a5af 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -52,7 +52,7 @@
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
!defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
- !defined(__HAIKU__)
+ !defined(__HAIKU__) && !defined(__midipix__)
#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h"
#endif
@@ -95,7 +95,7 @@
* Since there is no wrapper in the libc yet, use the generic syscall wrapper
* available in GNU libc and compatible libc's (eg uClibc).
*/
-#if defined(__linux__) && defined(__GLIBC__)
+#if ((defined(__linux__) && defined(__GLIBC__)) || defined(__midipix__))
#include <unistd.h>
#include <sys/syscall.h>
#if defined(SYS_getrandom)
@@ -113,7 +113,7 @@
return( syscall( SYS_getrandom, buf, buflen, flags ) );
}
#endif /* SYS_getrandom */
-#endif /* __linux__ */
+#endif /* __linux__ || __midipix__ */
#include <stdio.h>
diff --git a/library/error.c b/library/error.c
index d2f1b18..22c7b16 100644
--- a/library/error.c
+++ b/library/error.c
@@ -216,7 +216,6 @@
const char * mbedtls_high_level_strerr( int error_code )
{
int high_level_error_code;
- const char *error_description = NULL;
if( error_code < 0 )
error_code = -error_code;
@@ -229,497 +228,343 @@
/* Begin Auto-Generated Code. */
#if defined(MBEDTLS_CIPHER_C)
case -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE):
- error_description = "CIPHER - The selected feature is not available";
- break;
+ return( "CIPHER - The selected feature is not available" );
case -(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA):
- error_description = "CIPHER - Bad input parameters";
- break;
+ return( "CIPHER - Bad input parameters" );
case -(MBEDTLS_ERR_CIPHER_ALLOC_FAILED):
- error_description = "CIPHER - Failed to allocate memory";
- break;
+ return( "CIPHER - Failed to allocate memory" );
case -(MBEDTLS_ERR_CIPHER_INVALID_PADDING):
- error_description = "CIPHER - Input data contains invalid padding and is rejected";
- break;
+ return( "CIPHER - Input data contains invalid padding and is rejected" );
case -(MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED):
- error_description = "CIPHER - Decryption of block requires a full block";
- break;
+ return( "CIPHER - Decryption of block requires a full block" );
case -(MBEDTLS_ERR_CIPHER_AUTH_FAILED):
- error_description = "CIPHER - Authentication failed (for AEAD modes)";
- break;
+ return( "CIPHER - Authentication failed (for AEAD modes)" );
case -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT):
- error_description = "CIPHER - The context is invalid. For example, because it was freed";
- break;
+ return( "CIPHER - The context is invalid. For example, because it was freed" );
case -(MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED):
- error_description = "CIPHER - Cipher hardware accelerator failed";
- break;
+ return( "CIPHER - Cipher hardware accelerator failed" );
#endif /* MBEDTLS_CIPHER_C */
#if defined(MBEDTLS_DHM_C)
case -(MBEDTLS_ERR_DHM_BAD_INPUT_DATA):
- error_description = "DHM - Bad input parameters";
- break;
+ return( "DHM - Bad input parameters" );
case -(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED):
- error_description = "DHM - Reading of the DHM parameters failed";
- break;
+ return( "DHM - Reading of the DHM parameters failed" );
case -(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED):
- error_description = "DHM - Making of the DHM parameters failed";
- break;
+ return( "DHM - Making of the DHM parameters failed" );
case -(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED):
- error_description = "DHM - Reading of the public values failed";
- break;
+ return( "DHM - Reading of the public values failed" );
case -(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED):
- error_description = "DHM - Making of the public value failed";
- break;
+ return( "DHM - Making of the public value failed" );
case -(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED):
- error_description = "DHM - Calculation of the DHM secret failed";
- break;
+ return( "DHM - Calculation of the DHM secret failed" );
case -(MBEDTLS_ERR_DHM_INVALID_FORMAT):
- error_description = "DHM - The ASN.1 data is not formatted correctly";
- break;
+ return( "DHM - The ASN.1 data is not formatted correctly" );
case -(MBEDTLS_ERR_DHM_ALLOC_FAILED):
- error_description = "DHM - Allocation of memory failed";
- break;
+ return( "DHM - Allocation of memory failed" );
case -(MBEDTLS_ERR_DHM_FILE_IO_ERROR):
- error_description = "DHM - Read or write of file failed";
- break;
+ return( "DHM - Read or write of file failed" );
case -(MBEDTLS_ERR_DHM_HW_ACCEL_FAILED):
- error_description = "DHM - DHM hardware accelerator failed";
- break;
+ return( "DHM - DHM hardware accelerator failed" );
case -(MBEDTLS_ERR_DHM_SET_GROUP_FAILED):
- error_description = "DHM - Setting the modulus and generator failed";
- break;
+ return( "DHM - Setting the modulus and generator failed" );
#endif /* MBEDTLS_DHM_C */
#if defined(MBEDTLS_ECP_C)
case -(MBEDTLS_ERR_ECP_BAD_INPUT_DATA):
- error_description = "ECP - Bad input parameters to function";
- break;
+ return( "ECP - Bad input parameters to function" );
case -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL):
- error_description = "ECP - The buffer is too small to write to";
- break;
+ return( "ECP - The buffer is too small to write to" );
case -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE):
- error_description = "ECP - The requested feature is not available, for example, the requested curve is not supported";
- break;
+ return( "ECP - The requested feature is not available, for example, the requested curve is not supported" );
case -(MBEDTLS_ERR_ECP_VERIFY_FAILED):
- error_description = "ECP - The signature is not valid";
- break;
+ return( "ECP - The signature is not valid" );
case -(MBEDTLS_ERR_ECP_ALLOC_FAILED):
- error_description = "ECP - Memory allocation failed";
- break;
+ return( "ECP - Memory allocation failed" );
case -(MBEDTLS_ERR_ECP_RANDOM_FAILED):
- error_description = "ECP - Generation of random value, such as ephemeral key, failed";
- break;
+ return( "ECP - Generation of random value, such as ephemeral key, failed" );
case -(MBEDTLS_ERR_ECP_INVALID_KEY):
- error_description = "ECP - Invalid private or public key";
- break;
+ return( "ECP - Invalid private or public key" );
case -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH):
- error_description = "ECP - The buffer contains a valid signature followed by more data";
- break;
+ return( "ECP - The buffer contains a valid signature followed by more data" );
case -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED):
- error_description = "ECP - The ECP hardware accelerator failed";
- break;
+ return( "ECP - The ECP hardware accelerator failed" );
case -(MBEDTLS_ERR_ECP_IN_PROGRESS):
- error_description = "ECP - Operation in progress, call again with the same parameters to continue";
- break;
+ return( "ECP - Operation in progress, call again with the same parameters to continue" );
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_MD_C)
case -(MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE):
- error_description = "MD - The selected feature is not available";
- break;
+ return( "MD - The selected feature is not available" );
case -(MBEDTLS_ERR_MD_BAD_INPUT_DATA):
- error_description = "MD - Bad input parameters to function";
- break;
+ return( "MD - Bad input parameters to function" );
case -(MBEDTLS_ERR_MD_ALLOC_FAILED):
- error_description = "MD - Failed to allocate memory";
- break;
+ return( "MD - Failed to allocate memory" );
case -(MBEDTLS_ERR_MD_FILE_IO_ERROR):
- error_description = "MD - Opening or reading of file failed";
- break;
+ return( "MD - Opening or reading of file failed" );
case -(MBEDTLS_ERR_MD_HW_ACCEL_FAILED):
- error_description = "MD - MD hardware accelerator failed";
- break;
+ return( "MD - MD hardware accelerator failed" );
#endif /* MBEDTLS_MD_C */
#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
case -(MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT):
- error_description = "PEM - No PEM header or footer found";
- break;
+ return( "PEM - No PEM header or footer found" );
case -(MBEDTLS_ERR_PEM_INVALID_DATA):
- error_description = "PEM - PEM string is not as expected";
- break;
+ return( "PEM - PEM string is not as expected" );
case -(MBEDTLS_ERR_PEM_ALLOC_FAILED):
- error_description = "PEM - Failed to allocate memory";
- break;
+ return( "PEM - Failed to allocate memory" );
case -(MBEDTLS_ERR_PEM_INVALID_ENC_IV):
- error_description = "PEM - RSA IV is not in hex-format";
- break;
+ return( "PEM - RSA IV is not in hex-format" );
case -(MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG):
- error_description = "PEM - Unsupported key encryption algorithm";
- break;
+ return( "PEM - Unsupported key encryption algorithm" );
case -(MBEDTLS_ERR_PEM_PASSWORD_REQUIRED):
- error_description = "PEM - Private key password can't be empty";
- break;
+ return( "PEM - Private key password can't be empty" );
case -(MBEDTLS_ERR_PEM_PASSWORD_MISMATCH):
- error_description = "PEM - Given private key password does not allow for correct decryption";
- break;
+ return( "PEM - Given private key password does not allow for correct decryption" );
case -(MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE):
- error_description = "PEM - Unavailable feature, e.g. hashing/encryption combination";
- break;
+ return( "PEM - Unavailable feature, e.g. hashing/encryption combination" );
case -(MBEDTLS_ERR_PEM_BAD_INPUT_DATA):
- error_description = "PEM - Bad input parameters to function";
- break;
+ return( "PEM - Bad input parameters to function" );
#endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */
#if defined(MBEDTLS_PK_C)
case -(MBEDTLS_ERR_PK_ALLOC_FAILED):
- error_description = "PK - Memory allocation failed";
- break;
+ return( "PK - Memory allocation failed" );
case -(MBEDTLS_ERR_PK_TYPE_MISMATCH):
- error_description = "PK - Type mismatch, eg attempt to encrypt with an ECDSA key";
- break;
+ return( "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" );
case -(MBEDTLS_ERR_PK_BAD_INPUT_DATA):
- error_description = "PK - Bad input parameters to function";
- break;
+ return( "PK - Bad input parameters to function" );
case -(MBEDTLS_ERR_PK_FILE_IO_ERROR):
- error_description = "PK - Read/write of file failed";
- break;
+ return( "PK - Read/write of file failed" );
case -(MBEDTLS_ERR_PK_KEY_INVALID_VERSION):
- error_description = "PK - Unsupported key version";
- break;
+ return( "PK - Unsupported key version" );
case -(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT):
- error_description = "PK - Invalid key tag or value";
- break;
+ return( "PK - Invalid key tag or value" );
case -(MBEDTLS_ERR_PK_UNKNOWN_PK_ALG):
- error_description = "PK - Key algorithm is unsupported (only RSA and EC are supported)";
- break;
+ return( "PK - Key algorithm is unsupported (only RSA and EC are supported)" );
case -(MBEDTLS_ERR_PK_PASSWORD_REQUIRED):
- error_description = "PK - Private key password can't be empty";
- break;
+ return( "PK - Private key password can't be empty" );
case -(MBEDTLS_ERR_PK_PASSWORD_MISMATCH):
- error_description = "PK - Given private key password does not allow for correct decryption";
- break;
+ return( "PK - Given private key password does not allow for correct decryption" );
case -(MBEDTLS_ERR_PK_INVALID_PUBKEY):
- error_description = "PK - The pubkey tag or value is invalid (only RSA and EC are supported)";
- break;
+ return( "PK - The pubkey tag or value is invalid (only RSA and EC are supported)" );
case -(MBEDTLS_ERR_PK_INVALID_ALG):
- error_description = "PK - The algorithm tag or value is invalid";
- break;
+ return( "PK - The algorithm tag or value is invalid" );
case -(MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE):
- error_description = "PK - Elliptic curve is unsupported (only NIST curves are supported)";
- break;
+ return( "PK - Elliptic curve is unsupported (only NIST curves are supported)" );
case -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE):
- error_description = "PK - Unavailable feature, e.g. RSA disabled for RSA key";
- break;
+ return( "PK - Unavailable feature, e.g. RSA disabled for RSA key" );
case -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH):
- error_description = "PK - The buffer contains a valid signature followed by more data";
- break;
+ return( "PK - The buffer contains a valid signature followed by more data" );
case -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED):
- error_description = "PK - PK hardware accelerator failed";
- break;
+ return( "PK - PK hardware accelerator failed" );
#endif /* MBEDTLS_PK_C */
#if defined(MBEDTLS_PKCS12_C)
case -(MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA):
- error_description = "PKCS12 - Bad input parameters to function";
- break;
+ return( "PKCS12 - Bad input parameters to function" );
case -(MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE):
- error_description = "PKCS12 - Feature not available, e.g. unsupported encryption scheme";
- break;
+ return( "PKCS12 - Feature not available, e.g. unsupported encryption scheme" );
case -(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT):
- error_description = "PKCS12 - PBE ASN.1 data not as expected";
- break;
+ return( "PKCS12 - PBE ASN.1 data not as expected" );
case -(MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH):
- error_description = "PKCS12 - Given private key password does not allow for correct decryption";
- break;
+ return( "PKCS12 - Given private key password does not allow for correct decryption" );
#endif /* MBEDTLS_PKCS12_C */
#if defined(MBEDTLS_PKCS5_C)
case -(MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA):
- error_description = "PKCS5 - Bad input parameters to function";
- break;
+ return( "PKCS5 - Bad input parameters to function" );
case -(MBEDTLS_ERR_PKCS5_INVALID_FORMAT):
- error_description = "PKCS5 - Unexpected ASN.1 data";
- break;
+ return( "PKCS5 - Unexpected ASN.1 data" );
case -(MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE):
- error_description = "PKCS5 - Requested encryption or digest alg not available";
- break;
+ return( "PKCS5 - Requested encryption or digest alg not available" );
case -(MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH):
- error_description = "PKCS5 - Given private key password does not allow for correct decryption";
- break;
+ return( "PKCS5 - Given private key password does not allow for correct decryption" );
#endif /* MBEDTLS_PKCS5_C */
#if defined(MBEDTLS_RSA_C)
case -(MBEDTLS_ERR_RSA_BAD_INPUT_DATA):
- error_description = "RSA - Bad input parameters to function";
- break;
+ return( "RSA - Bad input parameters to function" );
case -(MBEDTLS_ERR_RSA_INVALID_PADDING):
- error_description = "RSA - Input data contains invalid padding and is rejected";
- break;
+ return( "RSA - Input data contains invalid padding and is rejected" );
case -(MBEDTLS_ERR_RSA_KEY_GEN_FAILED):
- error_description = "RSA - Something failed during generation of a key";
- break;
+ return( "RSA - Something failed during generation of a key" );
case -(MBEDTLS_ERR_RSA_KEY_CHECK_FAILED):
- error_description = "RSA - Key failed to pass the validity check of the library";
- break;
+ return( "RSA - Key failed to pass the validity check of the library" );
case -(MBEDTLS_ERR_RSA_PUBLIC_FAILED):
- error_description = "RSA - The public key operation failed";
- break;
+ return( "RSA - The public key operation failed" );
case -(MBEDTLS_ERR_RSA_PRIVATE_FAILED):
- error_description = "RSA - The private key operation failed";
- break;
+ return( "RSA - The private key operation failed" );
case -(MBEDTLS_ERR_RSA_VERIFY_FAILED):
- error_description = "RSA - The PKCS#1 verification failed";
- break;
+ return( "RSA - The PKCS#1 verification failed" );
case -(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE):
- error_description = "RSA - The output buffer for decryption is not large enough";
- break;
+ return( "RSA - The output buffer for decryption is not large enough" );
case -(MBEDTLS_ERR_RSA_RNG_FAILED):
- error_description = "RSA - The random generator failed to generate non-zeros";
- break;
+ return( "RSA - The random generator failed to generate non-zeros" );
case -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION):
- error_description = "RSA - The implementation does not offer the requested operation, for example, because of security violations or lack of functionality";
- break;
+ return( "RSA - The implementation does not offer the requested operation, for example, because of security violations or lack of functionality" );
case -(MBEDTLS_ERR_RSA_HW_ACCEL_FAILED):
- error_description = "RSA - RSA hardware accelerator failed";
- break;
+ return( "RSA - RSA hardware accelerator failed" );
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_SSL_TLS_C)
case -(MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE):
- error_description = "SSL - The requested feature is not available";
- break;
+ return( "SSL - The requested feature is not available" );
case -(MBEDTLS_ERR_SSL_BAD_INPUT_DATA):
- error_description = "SSL - Bad input parameters to function";
- break;
+ return( "SSL - Bad input parameters to function" );
case -(MBEDTLS_ERR_SSL_INVALID_MAC):
- error_description = "SSL - Verification of the message MAC failed";
- break;
+ return( "SSL - Verification of the message MAC failed" );
case -(MBEDTLS_ERR_SSL_INVALID_RECORD):
- error_description = "SSL - An invalid SSL record was received";
- break;
+ return( "SSL - An invalid SSL record was received" );
case -(MBEDTLS_ERR_SSL_CONN_EOF):
- error_description = "SSL - The connection indicated an EOF";
- break;
+ return( "SSL - The connection indicated an EOF" );
case -(MBEDTLS_ERR_SSL_UNKNOWN_CIPHER):
- error_description = "SSL - An unknown cipher was received";
- break;
+ return( "SSL - An unknown cipher was received" );
case -(MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN):
- error_description = "SSL - The server has no ciphersuites in common with the client";
- break;
+ return( "SSL - The server has no ciphersuites in common with the client" );
case -(MBEDTLS_ERR_SSL_NO_RNG):
- error_description = "SSL - No RNG was provided to the SSL module";
- break;
+ return( "SSL - No RNG was provided to the SSL module" );
case -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE):
- error_description = "SSL - No client certification received from the client, but required by the authentication mode";
- break;
+ return( "SSL - No client certification received from the client, but required by the authentication mode" );
case -(MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE):
- error_description = "SSL - Our own certificate(s) is/are too large to send in an SSL message";
- break;
+ return( "SSL - Our own certificate(s) is/are too large to send in an SSL message" );
case -(MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED):
- error_description = "SSL - The own certificate is not set, but needed by the server";
- break;
+ return( "SSL - The own certificate is not set, but needed by the server" );
case -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED):
- error_description = "SSL - The own private key or pre-shared key is not set, but needed";
- break;
+ return( "SSL - The own private key or pre-shared key is not set, but needed" );
case -(MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED):
- error_description = "SSL - No CA Chain is set, but required to operate";
- break;
+ return( "SSL - No CA Chain is set, but required to operate" );
case -(MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE):
- error_description = "SSL - An unexpected message was received from our peer";
- break;
+ return( "SSL - An unexpected message was received from our peer" );
case -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE):
- error_description = "SSL - A fatal alert message was received from our peer";
- break;
+ return( "SSL - A fatal alert message was received from our peer" );
case -(MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED):
- error_description = "SSL - Verification of our peer failed";
- break;
+ return( "SSL - Verification of our peer failed" );
case -(MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY):
- error_description = "SSL - The peer notified us that the connection is going to be closed";
- break;
+ return( "SSL - The peer notified us that the connection is going to be closed" );
case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO):
- error_description = "SSL - Processing of the ClientHello handshake message failed";
- break;
+ return( "SSL - Processing of the ClientHello handshake message failed" );
case -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO):
- error_description = "SSL - Processing of the ServerHello handshake message failed";
- break;
+ return( "SSL - Processing of the ServerHello handshake message failed" );
case -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE):
- error_description = "SSL - Processing of the Certificate handshake message failed";
- break;
+ return( "SSL - Processing of the Certificate handshake message failed" );
case -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST):
- error_description = "SSL - Processing of the CertificateRequest handshake message failed";
- break;
+ return( "SSL - Processing of the CertificateRequest handshake message failed" );
case -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE):
- error_description = "SSL - Processing of the ServerKeyExchange handshake message failed";
- break;
+ return( "SSL - Processing of the ServerKeyExchange handshake message failed" );
case -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE):
- error_description = "SSL - Processing of the ServerHelloDone handshake message failed";
- break;
+ return( "SSL - Processing of the ServerHelloDone handshake message failed" );
case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE):
- error_description = "SSL - Processing of the ClientKeyExchange handshake message failed";
- break;
+ return( "SSL - Processing of the ClientKeyExchange handshake message failed" );
case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP):
- error_description = "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public";
- break;
+ return( "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public" );
case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS):
- error_description = "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret";
- break;
+ return( "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret" );
case -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY):
- error_description = "SSL - Processing of the CertificateVerify handshake message failed";
- break;
+ return( "SSL - Processing of the CertificateVerify handshake message failed" );
case -(MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC):
- error_description = "SSL - Processing of the ChangeCipherSpec handshake message failed";
- break;
+ return( "SSL - Processing of the ChangeCipherSpec handshake message failed" );
case -(MBEDTLS_ERR_SSL_BAD_HS_FINISHED):
- error_description = "SSL - Processing of the Finished handshake message failed";
- break;
+ return( "SSL - Processing of the Finished handshake message failed" );
case -(MBEDTLS_ERR_SSL_ALLOC_FAILED):
- error_description = "SSL - Memory allocation failed";
- break;
+ return( "SSL - Memory allocation failed" );
case -(MBEDTLS_ERR_SSL_HW_ACCEL_FAILED):
- error_description = "SSL - Hardware acceleration function returned with error";
- break;
+ return( "SSL - Hardware acceleration function returned with error" );
case -(MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH):
- error_description = "SSL - Hardware acceleration function skipped / left alone data";
- break;
+ return( "SSL - Hardware acceleration function skipped / left alone data" );
case -(MBEDTLS_ERR_SSL_COMPRESSION_FAILED):
- error_description = "SSL - Processing of the compression / decompression failed";
- break;
+ return( "SSL - Processing of the compression / decompression failed" );
case -(MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION):
- error_description = "SSL - Handshake protocol not within min/max boundaries";
- break;
+ return( "SSL - Handshake protocol not within min/max boundaries" );
case -(MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET):
- error_description = "SSL - Processing of the NewSessionTicket handshake message failed";
- break;
+ return( "SSL - Processing of the NewSessionTicket handshake message failed" );
case -(MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED):
- error_description = "SSL - Session ticket has expired";
- break;
+ return( "SSL - Session ticket has expired" );
case -(MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH):
- error_description = "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)";
- break;
+ return( "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" );
case -(MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY):
- error_description = "SSL - Unknown identity received (eg, PSK identity)";
- break;
+ return( "SSL - Unknown identity received (eg, PSK identity)" );
case -(MBEDTLS_ERR_SSL_INTERNAL_ERROR):
- error_description = "SSL - Internal error (eg, unexpected failure in lower-level module)";
- break;
+ return( "SSL - Internal error (eg, unexpected failure in lower-level module)" );
case -(MBEDTLS_ERR_SSL_COUNTER_WRAPPING):
- error_description = "SSL - A counter would wrap (eg, too many messages exchanged)";
- break;
+ return( "SSL - A counter would wrap (eg, too many messages exchanged)" );
case -(MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO):
- error_description = "SSL - Unexpected message at ServerHello in renegotiation";
- break;
+ return( "SSL - Unexpected message at ServerHello in renegotiation" );
case -(MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED):
- error_description = "SSL - DTLS client must retry for hello verification";
- break;
+ return( "SSL - DTLS client must retry for hello verification" );
case -(MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL):
- error_description = "SSL - A buffer is too small to receive or write a message";
- break;
+ return( "SSL - A buffer is too small to receive or write a message" );
case -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE):
- error_description = "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)";
- break;
+ return( "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" );
case -(MBEDTLS_ERR_SSL_WANT_READ):
- error_description = "SSL - No data of requested type currently available on underlying transport";
- break;
+ return( "SSL - No data of requested type currently available on underlying transport" );
case -(MBEDTLS_ERR_SSL_WANT_WRITE):
- error_description = "SSL - Connection requires a write call";
- break;
+ return( "SSL - Connection requires a write call" );
case -(MBEDTLS_ERR_SSL_TIMEOUT):
- error_description = "SSL - The operation timed out";
- break;
+ return( "SSL - The operation timed out" );
case -(MBEDTLS_ERR_SSL_CLIENT_RECONNECT):
- error_description = "SSL - The client initiated a reconnect from the same port";
- break;
+ return( "SSL - The client initiated a reconnect from the same port" );
case -(MBEDTLS_ERR_SSL_UNEXPECTED_RECORD):
- error_description = "SSL - Record header looks valid but is not expected";
- break;
+ return( "SSL - Record header looks valid but is not expected" );
case -(MBEDTLS_ERR_SSL_NON_FATAL):
- error_description = "SSL - The alert message received indicates a non-fatal error";
- break;
+ return( "SSL - The alert message received indicates a non-fatal error" );
case -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH):
- error_description = "SSL - Couldn't set the hash for verifying CertificateVerify";
- break;
+ return( "SSL - Couldn't set the hash for verifying CertificateVerify" );
case -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING):
- error_description = "SSL - Internal-only message signaling that further message-processing should be done";
- break;
+ return( "SSL - Internal-only message signaling that further message-processing should be done" );
case -(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS):
- error_description = "SSL - The asynchronous operation is not completed yet";
- break;
+ return( "SSL - The asynchronous operation is not completed yet" );
case -(MBEDTLS_ERR_SSL_EARLY_MESSAGE):
- error_description = "SSL - Internal-only message signaling that a message arrived early";
- break;
+ return( "SSL - Internal-only message signaling that a message arrived early" );
case -(MBEDTLS_ERR_SSL_UNEXPECTED_CID):
- error_description = "SSL - An encrypted DTLS-frame with an unexpected CID was received";
- break;
+ return( "SSL - An encrypted DTLS-frame with an unexpected CID was received" );
case -(MBEDTLS_ERR_SSL_VERSION_MISMATCH):
- error_description = "SSL - An operation failed due to an unexpected version or configuration";
- break;
+ return( "SSL - An operation failed due to an unexpected version or configuration" );
case -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS):
- error_description = "SSL - A cryptographic operation is in progress. Try again later";
- break;
+ return( "SSL - A cryptographic operation is in progress. Try again later" );
#endif /* MBEDTLS_SSL_TLS_C */
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
case -(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE):
- error_description = "X509 - Unavailable feature, e.g. RSA hashing/encryption combination";
- break;
+ return( "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" );
case -(MBEDTLS_ERR_X509_UNKNOWN_OID):
- error_description = "X509 - Requested OID is unknown";
- break;
+ return( "X509 - Requested OID is unknown" );
case -(MBEDTLS_ERR_X509_INVALID_FORMAT):
- error_description = "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected";
- break;
+ return( "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected" );
case -(MBEDTLS_ERR_X509_INVALID_VERSION):
- error_description = "X509 - The CRT/CRL/CSR version element is invalid";
- break;
+ return( "X509 - The CRT/CRL/CSR version element is invalid" );
case -(MBEDTLS_ERR_X509_INVALID_SERIAL):
- error_description = "X509 - The serial tag or value is invalid";
- break;
+ return( "X509 - The serial tag or value is invalid" );
case -(MBEDTLS_ERR_X509_INVALID_ALG):
- error_description = "X509 - The algorithm tag or value is invalid";
- break;
+ return( "X509 - The algorithm tag or value is invalid" );
case -(MBEDTLS_ERR_X509_INVALID_NAME):
- error_description = "X509 - The name tag or value is invalid";
- break;
+ return( "X509 - The name tag or value is invalid" );
case -(MBEDTLS_ERR_X509_INVALID_DATE):
- error_description = "X509 - The date tag or value is invalid";
- break;
+ return( "X509 - The date tag or value is invalid" );
case -(MBEDTLS_ERR_X509_INVALID_SIGNATURE):
- error_description = "X509 - The signature tag or value invalid";
- break;
+ return( "X509 - The signature tag or value invalid" );
case -(MBEDTLS_ERR_X509_INVALID_EXTENSIONS):
- error_description = "X509 - The extension tag or value is invalid";
- break;
+ return( "X509 - The extension tag or value is invalid" );
case -(MBEDTLS_ERR_X509_UNKNOWN_VERSION):
- error_description = "X509 - CRT/CRL/CSR has an unsupported version number";
- break;
+ return( "X509 - CRT/CRL/CSR has an unsupported version number" );
case -(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG):
- error_description = "X509 - Signature algorithm (oid) is unsupported";
- break;
+ return( "X509 - Signature algorithm (oid) is unsupported" );
case -(MBEDTLS_ERR_X509_SIG_MISMATCH):
- error_description = "X509 - Signature algorithms do not match. (see \\c ::mbedtls_x509_crt sig_oid)";
- break;
+ return( "X509 - Signature algorithms do not match. (see \\c ::mbedtls_x509_crt sig_oid)" );
case -(MBEDTLS_ERR_X509_CERT_VERIFY_FAILED):
- error_description = "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed";
- break;
+ return( "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" );
case -(MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT):
- error_description = "X509 - Format not recognized as DER or PEM";
- break;
+ return( "X509 - Format not recognized as DER or PEM" );
case -(MBEDTLS_ERR_X509_BAD_INPUT_DATA):
- error_description = "X509 - Input invalid";
- break;
+ return( "X509 - Input invalid" );
case -(MBEDTLS_ERR_X509_ALLOC_FAILED):
- error_description = "X509 - Allocation of memory failed";
- break;
+ return( "X509 - Allocation of memory failed" );
case -(MBEDTLS_ERR_X509_FILE_IO_ERROR):
- error_description = "X509 - Read/write of file failed";
- break;
+ return( "X509 - Read/write of file failed" );
case -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL):
- error_description = "X509 - Destination buffer is too small";
- break;
+ return( "X509 - Destination buffer is too small" );
case -(MBEDTLS_ERR_X509_FATAL_ERROR):
- error_description = "X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed";
- break;
+ return( "X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed" );
#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */
/* End Auto-Generated Code. */
@@ -727,13 +572,12 @@
break;
}
- return error_description;
+ return( NULL );
}
const char * mbedtls_low_level_strerr( int error_code )
{
int low_level_error_code;
- const char *error_description = NULL;
if( error_code < 0 )
error_code = -error_code;
@@ -746,398 +590,299 @@
/* Begin Auto-Generated Code. */
#if defined(MBEDTLS_AES_C)
case -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH):
- error_description = "AES - Invalid key length";
- break;
+ return( "AES - Invalid key length" );
case -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH):
- error_description = "AES - Invalid data input length";
- break;
+ return( "AES - Invalid data input length" );
case -(MBEDTLS_ERR_AES_BAD_INPUT_DATA):
- error_description = "AES - Invalid input data";
- break;
+ return( "AES - Invalid input data" );
case -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE):
- error_description = "AES - Feature not available. For example, an unsupported AES key size";
- break;
+ return( "AES - Feature not available. For example, an unsupported AES key size" );
case -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED):
- error_description = "AES - AES hardware accelerator failed";
- break;
+ return( "AES - AES hardware accelerator failed" );
#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_ARC4_C)
case -(MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED):
- error_description = "ARC4 - ARC4 hardware accelerator failed";
- break;
+ return( "ARC4 - ARC4 hardware accelerator failed" );
#endif /* MBEDTLS_ARC4_C */
#if defined(MBEDTLS_ARIA_C)
case -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA):
- error_description = "ARIA - Bad input data";
- break;
+ return( "ARIA - Bad input data" );
case -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH):
- error_description = "ARIA - Invalid data input length";
- break;
+ return( "ARIA - Invalid data input length" );
case -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE):
- error_description = "ARIA - Feature not available. For example, an unsupported ARIA key size";
- break;
+ return( "ARIA - Feature not available. For example, an unsupported ARIA key size" );
case -(MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED):
- error_description = "ARIA - ARIA hardware accelerator failed";
- break;
+ return( "ARIA - ARIA hardware accelerator failed" );
#endif /* MBEDTLS_ARIA_C */
#if defined(MBEDTLS_ASN1_PARSE_C)
case -(MBEDTLS_ERR_ASN1_OUT_OF_DATA):
- error_description = "ASN1 - Out of data when parsing an ASN1 data structure";
- break;
+ return( "ASN1 - Out of data when parsing an ASN1 data structure" );
case -(MBEDTLS_ERR_ASN1_UNEXPECTED_TAG):
- error_description = "ASN1 - ASN1 tag was of an unexpected value";
- break;
+ return( "ASN1 - ASN1 tag was of an unexpected value" );
case -(MBEDTLS_ERR_ASN1_INVALID_LENGTH):
- error_description = "ASN1 - Error when trying to determine the length or invalid length";
- break;
+ return( "ASN1 - Error when trying to determine the length or invalid length" );
case -(MBEDTLS_ERR_ASN1_LENGTH_MISMATCH):
- error_description = "ASN1 - Actual length differs from expected length";
- break;
+ return( "ASN1 - Actual length differs from expected length" );
case -(MBEDTLS_ERR_ASN1_INVALID_DATA):
- error_description = "ASN1 - Data is invalid";
- break;
+ return( "ASN1 - Data is invalid" );
case -(MBEDTLS_ERR_ASN1_ALLOC_FAILED):
- error_description = "ASN1 - Memory allocation failed";
- break;
+ return( "ASN1 - Memory allocation failed" );
case -(MBEDTLS_ERR_ASN1_BUF_TOO_SMALL):
- error_description = "ASN1 - Buffer too small when writing ASN.1 data structure";
- break;
+ return( "ASN1 - Buffer too small when writing ASN.1 data structure" );
#endif /* MBEDTLS_ASN1_PARSE_C */
#if defined(MBEDTLS_BASE64_C)
case -(MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL):
- error_description = "BASE64 - Output buffer too small";
- break;
+ return( "BASE64 - Output buffer too small" );
case -(MBEDTLS_ERR_BASE64_INVALID_CHARACTER):
- error_description = "BASE64 - Invalid character in input";
- break;
+ return( "BASE64 - Invalid character in input" );
#endif /* MBEDTLS_BASE64_C */
#if defined(MBEDTLS_BIGNUM_C)
case -(MBEDTLS_ERR_MPI_FILE_IO_ERROR):
- error_description = "BIGNUM - An error occurred while reading from or writing to a file";
- break;
+ return( "BIGNUM - An error occurred while reading from or writing to a file" );
case -(MBEDTLS_ERR_MPI_BAD_INPUT_DATA):
- error_description = "BIGNUM - Bad input parameters to function";
- break;
+ return( "BIGNUM - Bad input parameters to function" );
case -(MBEDTLS_ERR_MPI_INVALID_CHARACTER):
- error_description = "BIGNUM - There is an invalid character in the digit string";
- break;
+ return( "BIGNUM - There is an invalid character in the digit string" );
case -(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL):
- error_description = "BIGNUM - The buffer is too small to write to";
- break;
+ return( "BIGNUM - The buffer is too small to write to" );
case -(MBEDTLS_ERR_MPI_NEGATIVE_VALUE):
- error_description = "BIGNUM - The input arguments are negative or result in illegal output";
- break;
+ return( "BIGNUM - The input arguments are negative or result in illegal output" );
case -(MBEDTLS_ERR_MPI_DIVISION_BY_ZERO):
- error_description = "BIGNUM - The input argument for division is zero, which is not allowed";
- break;
+ return( "BIGNUM - The input argument for division is zero, which is not allowed" );
case -(MBEDTLS_ERR_MPI_NOT_ACCEPTABLE):
- error_description = "BIGNUM - The input arguments are not acceptable";
- break;
+ return( "BIGNUM - The input arguments are not acceptable" );
case -(MBEDTLS_ERR_MPI_ALLOC_FAILED):
- error_description = "BIGNUM - Memory allocation failed";
- break;
+ return( "BIGNUM - Memory allocation failed" );
#endif /* MBEDTLS_BIGNUM_C */
#if defined(MBEDTLS_BLOWFISH_C)
case -(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA):
- error_description = "BLOWFISH - Bad input data";
- break;
+ return( "BLOWFISH - Bad input data" );
case -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH):
- error_description = "BLOWFISH - Invalid data input length";
- break;
+ return( "BLOWFISH - Invalid data input length" );
case -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED):
- error_description = "BLOWFISH - Blowfish hardware accelerator failed";
- break;
+ return( "BLOWFISH - Blowfish hardware accelerator failed" );
#endif /* MBEDTLS_BLOWFISH_C */
#if defined(MBEDTLS_CAMELLIA_C)
case -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA):
- error_description = "CAMELLIA - Bad input data";
- break;
+ return( "CAMELLIA - Bad input data" );
case -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH):
- error_description = "CAMELLIA - Invalid data input length";
- break;
+ return( "CAMELLIA - Invalid data input length" );
case -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED):
- error_description = "CAMELLIA - Camellia hardware accelerator failed";
- break;
+ return( "CAMELLIA - Camellia hardware accelerator failed" );
#endif /* MBEDTLS_CAMELLIA_C */
#if defined(MBEDTLS_CCM_C)
case -(MBEDTLS_ERR_CCM_BAD_INPUT):
- error_description = "CCM - Bad input parameters to the function";
- break;
+ return( "CCM - Bad input parameters to the function" );
case -(MBEDTLS_ERR_CCM_AUTH_FAILED):
- error_description = "CCM - Authenticated decryption failed";
- break;
+ return( "CCM - Authenticated decryption failed" );
case -(MBEDTLS_ERR_CCM_HW_ACCEL_FAILED):
- error_description = "CCM - CCM hardware accelerator failed";
- break;
+ return( "CCM - CCM hardware accelerator failed" );
#endif /* MBEDTLS_CCM_C */
#if defined(MBEDTLS_CHACHA20_C)
case -(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA):
- error_description = "CHACHA20 - Invalid input parameter(s)";
- break;
+ return( "CHACHA20 - Invalid input parameter(s)" );
case -(MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE):
- error_description = "CHACHA20 - Feature not available. For example, s part of the API is not implemented";
- break;
+ return( "CHACHA20 - Feature not available. For example, s part of the API is not implemented" );
case -(MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED):
- error_description = "CHACHA20 - Chacha20 hardware accelerator failed";
- break;
+ return( "CHACHA20 - Chacha20 hardware accelerator failed" );
#endif /* MBEDTLS_CHACHA20_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
case -(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE):
- error_description = "CHACHAPOLY - The requested operation is not permitted in the current state";
- break;
+ return( "CHACHAPOLY - The requested operation is not permitted in the current state" );
case -(MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED):
- error_description = "CHACHAPOLY - Authenticated decryption failed: data was not authentic";
- break;
+ return( "CHACHAPOLY - Authenticated decryption failed: data was not authentic" );
#endif /* MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_CMAC_C)
case -(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED):
- error_description = "CMAC - CMAC hardware accelerator failed";
- break;
+ return( "CMAC - CMAC hardware accelerator failed" );
#endif /* MBEDTLS_CMAC_C */
#if defined(MBEDTLS_CTR_DRBG_C)
case -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED):
- error_description = "CTR_DRBG - The entropy source failed";
- break;
+ return( "CTR_DRBG - The entropy source failed" );
case -(MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG):
- error_description = "CTR_DRBG - The requested random buffer length is too big";
- break;
+ return( "CTR_DRBG - The requested random buffer length is too big" );
case -(MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG):
- error_description = "CTR_DRBG - The input (entropy + additional data) is too large";
- break;
+ return( "CTR_DRBG - The input (entropy + additional data) is too large" );
case -(MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR):
- error_description = "CTR_DRBG - Read or write error in file";
- break;
+ return( "CTR_DRBG - Read or write error in file" );
#endif /* MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_DES_C)
case -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH):
- error_description = "DES - The data input has an invalid length";
- break;
+ return( "DES - The data input has an invalid length" );
case -(MBEDTLS_ERR_DES_HW_ACCEL_FAILED):
- error_description = "DES - DES hardware accelerator failed";
- break;
+ return( "DES - DES hardware accelerator failed" );
#endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_ENTROPY_C)
case -(MBEDTLS_ERR_ENTROPY_SOURCE_FAILED):
- error_description = "ENTROPY - Critical entropy source failure";
- break;
+ return( "ENTROPY - Critical entropy source failure" );
case -(MBEDTLS_ERR_ENTROPY_MAX_SOURCES):
- error_description = "ENTROPY - No more sources can be added";
- break;
+ return( "ENTROPY - No more sources can be added" );
case -(MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED):
- error_description = "ENTROPY - No sources have been added to poll";
- break;
+ return( "ENTROPY - No sources have been added to poll" );
case -(MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE):
- error_description = "ENTROPY - No strong sources have been added to poll";
- break;
+ return( "ENTROPY - No strong sources have been added to poll" );
case -(MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR):
- error_description = "ENTROPY - Read/write error in file";
- break;
+ return( "ENTROPY - Read/write error in file" );
#endif /* MBEDTLS_ENTROPY_C */
#if defined(MBEDTLS_ERROR_C)
case -(MBEDTLS_ERR_ERROR_GENERIC_ERROR):
- error_description = "ERROR - Generic error";
- break;
+ return( "ERROR - Generic error" );
case -(MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED):
- error_description = "ERROR - This is a bug in the library";
- break;
+ return( "ERROR - This is a bug in the library" );
#endif /* MBEDTLS_ERROR_C */
#if defined(MBEDTLS_GCM_C)
case -(MBEDTLS_ERR_GCM_AUTH_FAILED):
- error_description = "GCM - Authenticated decryption failed";
- break;
+ return( "GCM - Authenticated decryption failed" );
case -(MBEDTLS_ERR_GCM_HW_ACCEL_FAILED):
- error_description = "GCM - GCM hardware accelerator failed";
- break;
+ return( "GCM - GCM hardware accelerator failed" );
case -(MBEDTLS_ERR_GCM_BAD_INPUT):
- error_description = "GCM - Bad input parameters to function";
- break;
+ return( "GCM - Bad input parameters to function" );
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_HKDF_C)
case -(MBEDTLS_ERR_HKDF_BAD_INPUT_DATA):
- error_description = "HKDF - Bad input parameters to function";
- break;
+ return( "HKDF - Bad input parameters to function" );
#endif /* MBEDTLS_HKDF_C */
#if defined(MBEDTLS_HMAC_DRBG_C)
case -(MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG):
- error_description = "HMAC_DRBG - Too many random requested in single call";
- break;
+ return( "HMAC_DRBG - Too many random requested in single call" );
case -(MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG):
- error_description = "HMAC_DRBG - Input too large (Entropy + additional)";
- break;
+ return( "HMAC_DRBG - Input too large (Entropy + additional)" );
case -(MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR):
- error_description = "HMAC_DRBG - Read/write error in file";
- break;
+ return( "HMAC_DRBG - Read/write error in file" );
case -(MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED):
- error_description = "HMAC_DRBG - The entropy source failed";
- break;
+ return( "HMAC_DRBG - The entropy source failed" );
#endif /* MBEDTLS_HMAC_DRBG_C */
#if defined(MBEDTLS_MD2_C)
case -(MBEDTLS_ERR_MD2_HW_ACCEL_FAILED):
- error_description = "MD2 - MD2 hardware accelerator failed";
- break;
+ return( "MD2 - MD2 hardware accelerator failed" );
#endif /* MBEDTLS_MD2_C */
#if defined(MBEDTLS_MD4_C)
case -(MBEDTLS_ERR_MD4_HW_ACCEL_FAILED):
- error_description = "MD4 - MD4 hardware accelerator failed";
- break;
+ return( "MD4 - MD4 hardware accelerator failed" );
#endif /* MBEDTLS_MD4_C */
#if defined(MBEDTLS_MD5_C)
case -(MBEDTLS_ERR_MD5_HW_ACCEL_FAILED):
- error_description = "MD5 - MD5 hardware accelerator failed";
- break;
+ return( "MD5 - MD5 hardware accelerator failed" );
#endif /* MBEDTLS_MD5_C */
#if defined(MBEDTLS_NET_C)
case -(MBEDTLS_ERR_NET_SOCKET_FAILED):
- error_description = "NET - Failed to open a socket";
- break;
+ return( "NET - Failed to open a socket" );
case -(MBEDTLS_ERR_NET_CONNECT_FAILED):
- error_description = "NET - The connection to the given server / port failed";
- break;
+ return( "NET - The connection to the given server / port failed" );
case -(MBEDTLS_ERR_NET_BIND_FAILED):
- error_description = "NET - Binding of the socket failed";
- break;
+ return( "NET - Binding of the socket failed" );
case -(MBEDTLS_ERR_NET_LISTEN_FAILED):
- error_description = "NET - Could not listen on the socket";
- break;
+ return( "NET - Could not listen on the socket" );
case -(MBEDTLS_ERR_NET_ACCEPT_FAILED):
- error_description = "NET - Could not accept the incoming connection";
- break;
+ return( "NET - Could not accept the incoming connection" );
case -(MBEDTLS_ERR_NET_RECV_FAILED):
- error_description = "NET - Reading information from the socket failed";
- break;
+ return( "NET - Reading information from the socket failed" );
case -(MBEDTLS_ERR_NET_SEND_FAILED):
- error_description = "NET - Sending information through the socket failed";
- break;
+ return( "NET - Sending information through the socket failed" );
case -(MBEDTLS_ERR_NET_CONN_RESET):
- error_description = "NET - Connection was reset by peer";
- break;
+ return( "NET - Connection was reset by peer" );
case -(MBEDTLS_ERR_NET_UNKNOWN_HOST):
- error_description = "NET - Failed to get an IP address for the given hostname";
- break;
+ return( "NET - Failed to get an IP address for the given hostname" );
case -(MBEDTLS_ERR_NET_BUFFER_TOO_SMALL):
- error_description = "NET - Buffer is too small to hold the data";
- break;
+ return( "NET - Buffer is too small to hold the data" );
case -(MBEDTLS_ERR_NET_INVALID_CONTEXT):
- error_description = "NET - The context is invalid, eg because it was free()ed";
- break;
+ return( "NET - The context is invalid, eg because it was free()ed" );
case -(MBEDTLS_ERR_NET_POLL_FAILED):
- error_description = "NET - Polling the net context failed";
- break;
+ return( "NET - Polling the net context failed" );
case -(MBEDTLS_ERR_NET_BAD_INPUT_DATA):
- error_description = "NET - Input invalid";
- break;
+ return( "NET - Input invalid" );
#endif /* MBEDTLS_NET_C */
#if defined(MBEDTLS_OID_C)
case -(MBEDTLS_ERR_OID_NOT_FOUND):
- error_description = "OID - OID is not found";
- break;
+ return( "OID - OID is not found" );
case -(MBEDTLS_ERR_OID_BUF_TOO_SMALL):
- error_description = "OID - output buffer is too small";
- break;
+ return( "OID - output buffer is too small" );
#endif /* MBEDTLS_OID_C */
#if defined(MBEDTLS_PADLOCK_C)
case -(MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED):
- error_description = "PADLOCK - Input data should be aligned";
- break;
+ return( "PADLOCK - Input data should be aligned" );
#endif /* MBEDTLS_PADLOCK_C */
#if defined(MBEDTLS_PLATFORM_C)
case -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED):
- error_description = "PLATFORM - Hardware accelerator failed";
- break;
+ return( "PLATFORM - Hardware accelerator failed" );
case -(MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED):
- error_description = "PLATFORM - The requested feature is not supported by the platform";
- break;
+ return( "PLATFORM - The requested feature is not supported by the platform" );
#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_POLY1305_C)
case -(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA):
- error_description = "POLY1305 - Invalid input parameter(s)";
- break;
+ return( "POLY1305 - Invalid input parameter(s)" );
case -(MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE):
- error_description = "POLY1305 - Feature not available. For example, s part of the API is not implemented";
- break;
+ return( "POLY1305 - Feature not available. For example, s part of the API is not implemented" );
case -(MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED):
- error_description = "POLY1305 - Poly1305 hardware accelerator failed";
- break;
+ return( "POLY1305 - Poly1305 hardware accelerator failed" );
#endif /* MBEDTLS_POLY1305_C */
#if defined(MBEDTLS_RIPEMD160_C)
case -(MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED):
- error_description = "RIPEMD160 - RIPEMD160 hardware accelerator failed";
- break;
+ return( "RIPEMD160 - RIPEMD160 hardware accelerator failed" );
#endif /* MBEDTLS_RIPEMD160_C */
#if defined(MBEDTLS_SHA1_C)
case -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED):
- error_description = "SHA1 - SHA-1 hardware accelerator failed";
- break;
+ return( "SHA1 - SHA-1 hardware accelerator failed" );
case -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA):
- error_description = "SHA1 - SHA-1 input data was malformed";
- break;
+ return( "SHA1 - SHA-1 input data was malformed" );
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA256_C)
case -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED):
- error_description = "SHA256 - SHA-256 hardware accelerator failed";
- break;
+ return( "SHA256 - SHA-256 hardware accelerator failed" );
case -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA):
- error_description = "SHA256 - SHA-256 input data was malformed";
- break;
+ return( "SHA256 - SHA-256 input data was malformed" );
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA512_C)
case -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED):
- error_description = "SHA512 - SHA-512 hardware accelerator failed";
- break;
+ return( "SHA512 - SHA-512 hardware accelerator failed" );
case -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA):
- error_description = "SHA512 - SHA-512 input data was malformed";
- break;
+ return( "SHA512 - SHA-512 input data was malformed" );
#endif /* MBEDTLS_SHA512_C */
#if defined(MBEDTLS_THREADING_C)
case -(MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE):
- error_description = "THREADING - The selected feature is not available";
- break;
+ return( "THREADING - The selected feature is not available" );
case -(MBEDTLS_ERR_THREADING_BAD_INPUT_DATA):
- error_description = "THREADING - Bad input parameters to function";
- break;
+ return( "THREADING - Bad input parameters to function" );
case -(MBEDTLS_ERR_THREADING_MUTEX_ERROR):
- error_description = "THREADING - Locking / unlocking / free failed with error code";
- break;
+ return( "THREADING - Locking / unlocking / free failed with error code" );
#endif /* MBEDTLS_THREADING_C */
#if defined(MBEDTLS_XTEA_C)
case -(MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH):
- error_description = "XTEA - The data input has an invalid length";
- break;
+ return( "XTEA - The data input has an invalid length" );
case -(MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED):
- error_description = "XTEA - XTEA hardware accelerator failed";
- break;
+ return( "XTEA - XTEA hardware accelerator failed" );
#endif /* MBEDTLS_XTEA_C */
/* End Auto-Generated Code. */
@@ -1145,7 +890,7 @@
break;
}
- return error_description;
+ return( NULL );
}
void mbedtls_strerror( int ret, char *buf, size_t buflen )
diff --git a/library/net_sockets.c b/library/net_sockets.c
index dbde510..8258aea 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -34,7 +34,7 @@
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
!defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
- !defined(__HAIKU__)
+ !defined(__HAIKU__) && !defined(__midipix__)
#error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h"
#endif
@@ -54,8 +54,7 @@
#define IS_EINTR( ret ) ( ( ret ) == WSAEINTR )
-#if !defined(_WIN32_WINNT) || (_WIN32_WINNT < 0x0501)
-#undef _WIN32_WINNT
+#if !defined(_WIN32_WINNT)
/* Enables getaddrinfo() & Co */
#define _WIN32_WINNT 0x0501
#endif
@@ -64,6 +63,9 @@
#include <winsock2.h>
#include <windows.h>
+#if (_WIN32_WINNT < 0x0501)
+#include <wspiapi.h>
+#endif
#if defined(_MSC_VER)
#if defined(_WIN32_WCE)
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 733a2e4..6932318 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -375,55 +375,6 @@
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(MBEDTLS_ECP_C)
-psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid,
- size_t *bits )
-{
- switch( grpid )
- {
- case MBEDTLS_ECP_DP_SECP192R1:
- *bits = 192;
- return( PSA_ECC_CURVE_SECP_R1 );
- case MBEDTLS_ECP_DP_SECP224R1:
- *bits = 224;
- return( PSA_ECC_CURVE_SECP_R1 );
- case MBEDTLS_ECP_DP_SECP256R1:
- *bits = 256;
- return( PSA_ECC_CURVE_SECP_R1 );
- case MBEDTLS_ECP_DP_SECP384R1:
- *bits = 384;
- return( PSA_ECC_CURVE_SECP_R1 );
- case MBEDTLS_ECP_DP_SECP521R1:
- *bits = 521;
- return( PSA_ECC_CURVE_SECP_R1 );
- case MBEDTLS_ECP_DP_BP256R1:
- *bits = 256;
- return( PSA_ECC_CURVE_BRAINPOOL_P_R1 );
- case MBEDTLS_ECP_DP_BP384R1:
- *bits = 384;
- return( PSA_ECC_CURVE_BRAINPOOL_P_R1 );
- case MBEDTLS_ECP_DP_BP512R1:
- *bits = 512;
- return( PSA_ECC_CURVE_BRAINPOOL_P_R1 );
- case MBEDTLS_ECP_DP_CURVE25519:
- *bits = 255;
- return( PSA_ECC_CURVE_MONTGOMERY );
- case MBEDTLS_ECP_DP_SECP192K1:
- *bits = 192;
- return( PSA_ECC_CURVE_SECP_K1 );
- case MBEDTLS_ECP_DP_SECP224K1:
- *bits = 224;
- return( PSA_ECC_CURVE_SECP_K1 );
- case MBEDTLS_ECP_DP_SECP256K1:
- *bits = 256;
- return( PSA_ECC_CURVE_SECP_K1 );
- case MBEDTLS_ECP_DP_CURVE448:
- *bits = 448;
- return( PSA_ECC_CURVE_MONTGOMERY );
- default:
- return( 0 );
- }
-}
-
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_curve_t curve,
size_t byte_length )
{
diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c
index b7fa0c5..087c768 100644
--- a/library/psa_crypto_se.c
+++ b/library/psa_crypto_se.c
@@ -64,16 +64,16 @@
uintptr_t transient_data;
} psa_drv_se_internal_context_t;
-typedef struct psa_se_drv_table_entry_s
+struct psa_se_drv_table_entry_s
{
- psa_key_lifetime_t lifetime;
+ psa_key_location_t location;
const psa_drv_se_t *methods;
union
{
psa_drv_se_internal_context_t internal;
psa_drv_se_context_t context;
- };
-} psa_se_drv_table_entry_t;
+ } u;
+};
static psa_se_drv_table_entry_t driver_table[PSA_MAX_SE_DRIVERS];
@@ -81,15 +81,16 @@
psa_key_lifetime_t lifetime )
{
size_t i;
- /* In the driver table, lifetime=0 means an entry that isn't used.
- * No driver has a lifetime of 0 because it's a reserved value
- * (which designates volatile keys). Make sure we never return
- * a driver entry for lifetime 0. */
- if( lifetime == 0 )
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
+ /* In the driver table, location=0 means an entry that isn't used.
+ * No driver has a location of 0 because it's a reserved value
+ * (which designates transparent keys). Make sure we never return
+ * a driver entry for location 0. */
+ if( location == 0 )
return( NULL );
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
{
- if( driver_table[i].lifetime == lifetime )
+ if( driver_table[i].location == location )
return( &driver_table[i] );
}
return( NULL );
@@ -104,7 +105,7 @@
psa_drv_se_context_t *psa_get_se_driver_context(
psa_se_drv_table_entry_t *driver )
{
- return( &driver->context );
+ return( &driver->u.context );
}
int psa_get_se_driver( psa_key_lifetime_t lifetime,
@@ -115,7 +116,7 @@
if( p_methods != NULL )
*p_methods = ( driver ? driver->methods : NULL );
if( p_drv_context != NULL )
- *p_drv_context = ( driver ? &driver->context : NULL );
+ *p_drv_context = ( driver ? &driver->u.context : NULL );
return( driver != NULL );
}
@@ -129,17 +130,17 @@
const psa_se_drv_table_entry_t *driver,
psa_storage_uid_t *uid )
{
- if( driver->lifetime > PSA_MAX_SE_LIFETIME )
+ if( driver->location > PSA_MAX_SE_LOCATION )
return( PSA_ERROR_NOT_SUPPORTED );
#if SIZE_MAX > UINT32_MAX
/* ITS file sizes are limited to 32 bits. */
- if( driver->internal.persistent_data_size > UINT32_MAX )
+ if( driver->u.internal.persistent_data_size > UINT32_MAX )
return( PSA_ERROR_NOT_SUPPORTED );
#endif
/* See the documentation of PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. */
- *uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->lifetime;
+ *uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->location;
return( PSA_SUCCESS );
}
@@ -162,8 +163,8 @@
* persistent_data_size is in range, but compilers don't know that,
* so cast to reassure them. */
return( psa_its_get( uid, 0,
- (uint32_t) driver->internal.persistent_data_size,
- driver->internal.persistent_data,
+ (uint32_t) driver->u.internal.persistent_data_size,
+ driver->u.internal.persistent_data,
&length ) );
}
@@ -181,17 +182,17 @@
* persistent_data_size is in range, but compilers don't know that,
* so cast to reassure them. */
return( psa_its_set( uid,
- (uint32_t) driver->internal.persistent_data_size,
- driver->internal.persistent_data,
+ (uint32_t) driver->u.internal.persistent_data_size,
+ driver->u.internal.persistent_data,
0 ) );
}
-psa_status_t psa_destroy_se_persistent_data( psa_key_lifetime_t lifetime )
+psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location )
{
psa_storage_uid_t uid;
- if( lifetime > PSA_MAX_SE_LIFETIME )
+ if( location > PSA_MAX_SE_LOCATION )
return( PSA_ERROR_NOT_SUPPORTED );
- uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + lifetime;
+ uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + location;
return( psa_its_remove( uid ) );
}
@@ -202,9 +203,11 @@
psa_key_slot_number_t *slot_number )
{
psa_status_t status;
+ psa_key_location_t key_location =
+ PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( attributes ) );
- /* If the lifetime is wrong, it's a bug in the library. */
- if( driver->lifetime != psa_get_key_lifetime( attributes ) )
+ /* If the location is wrong, it's a bug in the library. */
+ if( driver->location != key_location )
return( PSA_ERROR_CORRUPTION_DETECTED );
/* If the driver doesn't support key creation in any way, give up now. */
@@ -221,8 +224,8 @@
driver->methods->key_management->p_validate_slot_number;
if( p_validate_slot_number == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
- status = p_validate_slot_number( &driver->context,
- driver->internal.persistent_data,
+ status = p_validate_slot_number( &driver->u.context,
+ driver->u.internal.persistent_data,
attributes, method,
*slot_number );
}
@@ -240,8 +243,8 @@
driver->methods->key_management->p_allocate;
if( p_allocate == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
- status = p_allocate( &driver->context,
- driver->internal.persistent_data,
+ status = p_allocate( &driver->u.context,
+ driver->u.internal.persistent_data,
attributes, method,
slot_number );
}
@@ -265,8 +268,8 @@
driver->methods->key_management->p_destroy == NULL )
return( PSA_ERROR_NOT_PERMITTED );
status = driver->methods->key_management->p_destroy(
- &driver->context,
- driver->internal.persistent_data,
+ &driver->u.context,
+ driver->u.internal.persistent_data,
slot_number );
storage_status = psa_save_se_persistent_data( driver );
return( status == PSA_SUCCESS ? storage_status : status );
@@ -278,15 +281,15 @@
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
{
psa_se_drv_table_entry_t *driver = &driver_table[i];
- if( driver->lifetime == 0 )
+ if( driver->location == 0 )
continue; /* skipping unused entry */
const psa_drv_se_t *methods = psa_get_se_driver_methods( driver );
if( methods->p_init != NULL )
{
psa_status_t status = methods->p_init(
- &driver->context,
- driver->internal.persistent_data,
- driver->lifetime );
+ &driver->u.context,
+ driver->u.internal.persistent_data,
+ driver->location );
if( status != PSA_SUCCESS )
return( status );
status = psa_save_se_persistent_data( driver );
@@ -304,7 +307,7 @@
/****************************************************************/
psa_status_t psa_register_se_driver(
- psa_key_lifetime_t lifetime,
+ psa_key_location_t location,
const psa_drv_se_t *methods)
{
size_t i;
@@ -313,42 +316,39 @@
if( methods->hal_version != PSA_DRV_SE_HAL_VERSION )
return( PSA_ERROR_NOT_SUPPORTED );
/* Driver table entries are 0-initialized. 0 is not a valid driver
- * lifetime because it means a volatile key. */
+ * location because it means a transparent key. */
#if defined(static_assert)
- static_assert( PSA_KEY_LIFETIME_VOLATILE == 0,
- "Secure element support requires 0 to mean a volatile key" );
+ static_assert( PSA_KEY_LOCATION_LOCAL_STORAGE == 0,
+ "Secure element support requires 0 to mean a local key" );
#endif
- if( lifetime == PSA_KEY_LIFETIME_VOLATILE ||
- lifetime == PSA_KEY_LIFETIME_PERSISTENT )
- {
+ if( location == PSA_KEY_LOCATION_LOCAL_STORAGE )
return( PSA_ERROR_INVALID_ARGUMENT );
- }
- if( lifetime > PSA_MAX_SE_LIFETIME )
+ if( location > PSA_MAX_SE_LOCATION )
return( PSA_ERROR_NOT_SUPPORTED );
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
{
- if( driver_table[i].lifetime == 0 )
+ if( driver_table[i].location == 0 )
break;
- /* Check that lifetime isn't already in use up to the first free
+ /* Check that location isn't already in use up to the first free
* entry. Since entries are created in order and never deleted,
* there can't be a used entry after the first free entry. */
- if( driver_table[i].lifetime == lifetime )
+ if( driver_table[i].location == location )
return( PSA_ERROR_ALREADY_EXISTS );
}
if( i == PSA_MAX_SE_DRIVERS )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
- driver_table[i].lifetime = lifetime;
+ driver_table[i].location = location;
driver_table[i].methods = methods;
- driver_table[i].internal.persistent_data_size =
+ driver_table[i].u.internal.persistent_data_size =
methods->persistent_data_size;
if( methods->persistent_data_size != 0 )
{
- driver_table[i].internal.persistent_data =
+ driver_table[i].u.internal.persistent_data =
mbedtls_calloc( 1, methods->persistent_data_size );
- if( driver_table[i].internal.persistent_data == NULL )
+ if( driver_table[i].u.internal.persistent_data == NULL )
{
status = PSA_ERROR_INSUFFICIENT_MEMORY;
goto error;
@@ -373,8 +373,8 @@
size_t i;
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
{
- if( driver_table[i].internal.persistent_data != NULL )
- mbedtls_free( driver_table[i].internal.persistent_data );
+ if( driver_table[i].u.internal.persistent_data != NULL )
+ mbedtls_free( driver_table[i].u.internal.persistent_data );
}
memset( driver_table, 0, sizeof( driver_table ) );
}
diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h
index 86bf7a7..c145065 100644
--- a/library/psa_crypto_se.h
+++ b/library/psa_crypto_se.h
@@ -31,31 +31,30 @@
#include "psa/crypto.h"
#include "psa/crypto_se_driver.h"
-/** The maximum lifetime value that this implementation supports
+/** The maximum location value that this implementation supports
* for a secure element.
*
* This is not a characteristic that each PSA implementation has, but a
* limitation of the current implementation due to the constraints imposed
* by storage. See #PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE.
*
- * The minimum lifetime value for a secure element is 2, like on any
- * PSA implementation (0=volatile and 1=internal-storage are taken).
+ * The minimum location value for a secure element is 1, like on any
+ * PSA implementation (0 means a transparent key).
*/
-#define PSA_MAX_SE_LIFETIME 255
+#define PSA_MAX_SE_LOCATION 255
/** The base of the range of ITS file identifiers for secure element
* driver persistent data.
*
* We use a slice of the implemenation reserved range 0xffff0000..0xffffffff,
* specifically the range 0xfffffe00..0xfffffeff. The length of this range
- * drives the value of #PSA_MAX_SE_LIFETIME.
- * The identifiers 0xfffffe00 and 0xfffffe01 are actually not used since
- * they correspond to #PSA_KEY_LIFETIME_VOLATILE and
- * #PSA_KEY_LIFETIME_PERSISTENT which don't have a driver.
+ * drives the value of #PSA_MAX_SE_LOCATION. The identifier 0xfffffe00 is
+ * actually not used since it corresponds to #PSA_KEY_LOCATION_LOCAL_STORAGE
+ * which doesn't have a driver.
*/
#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_key_id_t) 0xfffffe00 )
-/** The maximum number of registered secure element driver lifetimes. */
+/** The maximum number of registered secure element driver locations. */
#define PSA_MAX_SE_DRIVERS 4
/** Unregister all secure element drivers.
@@ -173,10 +172,10 @@
*
* This is currently only used for testing.
*
- * \param[in] lifetime The driver lifetime whose persistent data should
- * be erased.
+ * \param[in] location The location identifier for the driver whose
+ * persistent data is to be erased.
*/
-psa_status_t psa_destroy_se_persistent_data( psa_key_lifetime_t lifetime );
+psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location );
/** The storage representation of a key whose data is in a secure element.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index dbc5a3e..fd0c8a7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -863,7 +863,7 @@
unsigned char *key2;
unsigned char *mac_enc;
unsigned char *mac_dec;
- size_t mac_key_len;
+ size_t mac_key_len = 0;
size_t iv_copy_len;
unsigned keylen;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@@ -1175,7 +1175,7 @@
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
if( mbedtls_ssl_hw_record_init != NULL )
{
- int ret = 0;
+ ret = 0;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) );
@@ -2747,9 +2747,7 @@
{
ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
- if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
- ret = 0;
- else
+ if( authmode != MBEDTLS_SSL_VERIFY_OPTIONAL )
ret = MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE;
goto exit;
@@ -6663,14 +6661,6 @@
*/
void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
{
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t in_buf_len = ssl->in_buf_len;
- size_t out_buf_len = ssl->out_buf_len;
-#else
- size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
- size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
-#endif
-
if( ssl == NULL )
return;
@@ -6678,6 +6668,12 @@
if( ssl->out_buf != NULL )
{
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ size_t out_buf_len = ssl->out_buf_len;
+#else
+ size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
+#endif
+
mbedtls_platform_zeroize( ssl->out_buf, out_buf_len );
mbedtls_free( ssl->out_buf );
ssl->out_buf = NULL;
@@ -6685,6 +6681,12 @@
if( ssl->in_buf != NULL )
{
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ size_t in_buf_len = ssl->in_buf_len;
+#else
+ size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
+#endif
+
mbedtls_platform_zeroize( ssl->in_buf, in_buf_len );
mbedtls_free( ssl->in_buf );
ssl->in_buf = NULL;
diff --git a/library/timing.c b/library/timing.c
index 009516a..4a65422 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -40,7 +40,7 @@
#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
!defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
- !defined(__HAIKU__)
+ !defined(__HAIKU__) && !defined(__midipix__)
#error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h"
#endif
diff --git a/library/x509.c b/library/x509.c
index 4c2f721..e969b8d 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -787,7 +787,7 @@
break;
c = name->val.p[i];
- if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
+ if( c < 32 || c >= 127 )
s[i] = '?';
else s[i] = c;
}
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 1e62ed5..51e6aac 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -652,10 +652,6 @@
mbedtls_x509_subject_alternative_name dummy_san_buf;
memset( &dummy_san_buf, 0, sizeof( dummy_san_buf ) );
- if( ( end - *p ) < 1 )
- return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
- MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
tag = **p;
(*p)++;
if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
@@ -669,7 +665,7 @@
}
/*
- * Check that the SAN are structured correct.
+ * Check that the SAN is structured correctly.
*/
ret = mbedtls_x509_parse_subject_alt_name( &(cur->buf), &dummy_san_buf );
/*
diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
index 8edf85f..f17c641 100644
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@@ -76,7 +76,7 @@
mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_SHA256_C "
"and/or MBEDTLS_FS_IO and/or MBEDTLS_MD_C "
"not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -465,6 +465,6 @@
mbedtls_aes_free( &aes_ctx );
mbedtls_md_free( &sha_ctx );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_AES_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index e2949f2..1e03d43 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -78,14 +78,15 @@
int main( void )
{
mbedtls_printf("MBEDTLS_CIPHER_C and/or MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
int main( int argc, char *argv[] )
{
- int ret = 1, i, n;
+ int ret = 1, i;
+ unsigned n;
int exit_code = MBEDTLS_EXIT_FAILURE;
int mode;
size_t keylen, ilen, olen;
@@ -562,6 +563,6 @@
mbedtls_cipher_free( &cipher_ctx );
mbedtls_md_free( &md_ctx );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index 709a149..97f7a46 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -48,7 +48,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -203,7 +203,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
/*
@@ -213,12 +213,12 @@
if( md_info == NULL )
{
mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
if( mbedtls_md_setup( &md_ctx, md_info, 0 ) )
{
mbedtls_fprintf( stderr, "Failed to initialize context.\n" );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
ret = 0;
@@ -237,6 +237,6 @@
exit:
mbedtls_md_free( &md_ctx );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */
diff --git a/programs/hash/hello.c b/programs/hash/hello.c
index 55a0c7e..66fd315 100644
--- a/programs/hash/hello.c
+++ b/programs/hash/hello.c
@@ -44,7 +44,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_MD5_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -58,7 +58,7 @@
mbedtls_printf( "\n MD5('%s') = ", str );
if( ( ret = mbedtls_md5_ret( (unsigned char *) str, 13, digest ) ) != 0 )
- return( MBEDTLS_EXIT_FAILURE );
+ mbedtls_exit( MBEDTLS_EXIT_FAILURE );
for( i = 0; i < 16; i++ )
mbedtls_printf( "%02x", digest[i] );
@@ -70,6 +70,6 @@
fflush( stdout ); getchar();
#endif
- return( MBEDTLS_EXIT_SUCCESS );
+ mbedtls_exit( MBEDTLS_EXIT_SUCCESS );
}
#endif /* MBEDTLS_MD5_C */
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 86b260c..90fc4e5 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -68,7 +68,7 @@
"and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -307,7 +307,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index bf5482e..5293f89 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -45,7 +45,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_GENPRIME not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -91,7 +91,7 @@
{
usage:
mbedtls_printf( USAGE );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
for( i = 1; i < argc; i++ )
@@ -197,7 +197,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO &&
MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index c011774..06676c0 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -68,7 +68,7 @@
"and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -330,7 +330,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index 9f849dd..e79dce0 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -45,7 +45,7 @@
"MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
"not defined\n" );
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -238,7 +238,7 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index 9feb160..72744e7 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -66,7 +66,7 @@
{
mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
#if defined(VERBOSE)
@@ -248,7 +248,7 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
ECPARAMS */
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 9c1a91c..c5d8ac9 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -133,7 +133,7 @@
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_PEM_WRITE_C"
"not defined.\n" );
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -446,7 +446,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO &&
* MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 345b7b8..d7387f3 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -70,7 +70,7 @@
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -311,6 +311,6 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 937fe90..46cb704 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -94,7 +94,7 @@
int main( void )
{
mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" );
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -436,6 +436,6 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c
index ecdcd32..8163781 100644
--- a/programs/pkey/mpi_demo.c
+++ b/programs/pkey/mpi_demo.c
@@ -46,7 +46,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -112,6 +112,6 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index bccfde0..494bb80 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -56,7 +56,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -64,7 +64,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret = 1, c;
+ int ret = 1;
+ unsigned c;
int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i, olen = 0;
mbedtls_pk_context pk;
@@ -171,7 +172,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 16cd3f0..673e2cb 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -57,7 +57,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -176,7 +176,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 4e755c0..3504bff 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -47,7 +47,7 @@
"MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -173,7 +173,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index 2e08763..b1374b6 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -45,7 +45,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_PK_PARSE_C and/or "
"MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -147,7 +147,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SHA256_C &&
MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index 3327909..6aca217 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -55,7 +55,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -65,7 +65,7 @@
FILE *f;
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
- int c;
+ unsigned c;
size_t i;
mbedtls_rsa_context rsa;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
@@ -207,6 +207,6 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index 4a71c15..48f01ab 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -55,7 +55,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -184,7 +184,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index f2b7b50..719923a 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -59,7 +59,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -172,7 +172,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index 78ab176..38a1f3d 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -46,7 +46,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_MD_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -188,7 +188,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 5019f28..938b93a 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -47,7 +47,7 @@
"MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -175,7 +175,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index b531775..8ea5d51 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -45,7 +45,7 @@
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_MD_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -59,7 +59,8 @@
int main( int argc, char *argv[] )
{
FILE *f;
- int ret = 1, c;
+ int ret = 1;
+ unsigned c;
int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i;
mbedtls_rsa_context rsa;
@@ -161,7 +162,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index de28337..5e4e98e 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -47,7 +47,7 @@
"MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -151,7 +151,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c
index c60aec9..e981b9a 100644
--- a/programs/random/gen_entropy.c
+++ b/programs/random/gen_entropy.c
@@ -47,7 +47,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -63,13 +63,13 @@
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
mbedtls_entropy_init( &entropy );
@@ -99,6 +99,6 @@
fclose( f );
mbedtls_entropy_free( &entropy );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_ENTROPY_C */
diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c
index 59df34b..b088276 100644
--- a/programs/random/gen_random_ctr_drbg.c
+++ b/programs/random/gen_random_ctr_drbg.c
@@ -50,7 +50,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -69,13 +69,13 @@
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
mbedtls_entropy_init( &entropy );
@@ -132,6 +132,6 @@
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */
diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c
index 5ea52ae..6a65de0 100644
--- a/programs/random/gen_random_havege.c
+++ b/programs/random/gen_random_havege.c
@@ -48,7 +48,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_HAVEGE_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -65,13 +65,13 @@
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
mbedtls_havege_init( &hs );
@@ -104,6 +104,6 @@
exit:
mbedtls_havege_free( &hs );
fclose( f );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_HAVEGE_C */
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index ce1056f..a0f4a5f 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -29,6 +29,7 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
+#include <stdlib.h>
#define mbedtls_printf printf
#define mbedtls_fprintf fprintf
#define mbedtls_exit exit
@@ -48,7 +49,7 @@
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.\n" );
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -355,7 +356,7 @@
if( ret < 0 )
ret = 1;
- return( ret );
+ mbedtls_exit( ret );
}
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
MBEDTLD_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index f63741f..dd88f95 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -29,6 +29,7 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
+#include <stdlib.h>
#define mbedtls_printf printf
#define mbedtls_fprintf fprintf
#define mbedtls_time_t time_t
@@ -61,7 +62,7 @@
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C and/or "
"MBEDTLS_TIMING_C not defined.\n" );
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -430,7 +431,7 @@
if( ret < 0 )
ret = 1;
- return( ret );
+ mbedtls_exit( ret );
}
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index b4346bb..5a153cc 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -60,7 +60,7 @@
mbedtls_printf( "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX "
"not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -296,6 +296,6 @@
mbedtls_x509_crt_free( &ca );
#endif
- return( ret );
+ mbedtls_exit( ret );
}
#endif
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 3724c64..00fbe7f 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -51,7 +51,7 @@
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -312,7 +312,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 6b09a89..486b6a6 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -50,7 +50,7 @@
mbedtls_printf("MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -377,7 +377,9 @@
#define USAGE_SERIALIZATION ""
#endif
-#define USAGE \
+/* USAGE is arbitrarily split to stay under the portable string literal
+ * length limit: 4095 bytes in C99. */
+#define USAGE1 \
"\n usage: ssl_client2 param=<>...\n" \
"\n acceptable parameters:\n" \
" server_name=%%s default: localhost\n" \
@@ -401,7 +403,8 @@
"\n" \
USAGE_DTLS \
USAGE_CID \
- "\n" \
+ "\n"
+#define USAGE2 \
" auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \
USAGE_IO \
@@ -411,7 +414,8 @@
USAGE_PSK \
USAGE_ECJPAKE \
USAGE_ECRESTART \
- "\n" \
+ "\n"
+#define USAGE3 \
" allow_legacy=%%d default: (library default: no)\n" \
USAGE_RENEGO \
" exchanges=%%d default: 1\n" \
@@ -434,7 +438,8 @@
USAGE_CURVES \
USAGE_RECSPLIT \
USAGE_DHMLEN \
- "\n" \
+ "\n"
+#define USAGE4 \
" arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \
@@ -1244,7 +1249,10 @@
if( ret == 0 )
ret = 1;
- mbedtls_printf( USAGE );
+ mbedtls_printf( USAGE1 );
+ mbedtls_printf( USAGE2 );
+ mbedtls_printf( USAGE3 );
+ mbedtls_printf( USAGE4 );
list = mbedtls_ssl_list_ciphersuites();
while( *list )
@@ -1710,7 +1718,7 @@
}
else if( strcmp( p, "query_config" ) == 0 )
{
- return query_config( q );
+ mbedtls_exit( query_config( q ) );
}
else if( strcmp( p, "serialize") == 0 )
{
@@ -3417,7 +3425,7 @@
if( ret < 0 )
ret = 1;
- return( ret );
+ mbedtls_exit( ret );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 851bc05..d36aacb 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -54,14 +54,14 @@
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
"MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#elif defined(_WIN32)
int main( void )
{
mbedtls_printf("_WIN32 defined. This application requires fork() and signals "
"to work correctly.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -417,7 +417,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 3163e21..08ff025 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -56,7 +56,7 @@
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -853,7 +853,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C **
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 0624d33..3496ef6 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -54,7 +54,7 @@
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
"MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
"and/or MBEDTLS_PEM_PARSE_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -524,7 +524,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ mbedtls_exit( ret );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 9668cf9..9cba887 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -52,7 +52,7 @@
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
"and/or MBEDTLS_PEM_PARSE_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -397,7 +397,7 @@
fflush( stdout ); getchar();
#endif
- return( ret );
+ mbedtls_exit( ret );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index ca557ca..5dd1871 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -50,7 +50,7 @@
mbedtls_printf("MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -463,7 +463,9 @@
#define USAGE_SERIALIZATION ""
#endif
-#define USAGE \
+/* USAGE is arbitrarily split to stay under the portable string literal
+ * length limit: 4095 bytes in C99. */
+#define USAGE1 \
"\n usage: ssl_server2 param=<>...\n" \
"\n acceptable parameters:\n" \
" server_addr=%%s default: (all interfaces)\n" \
@@ -484,7 +486,8 @@
USAGE_COOKIES \
USAGE_ANTI_REPLAY \
USAGE_BADMAC_LIMIT \
- "\n" \
+ "\n"
+#define USAGE2 \
" auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \
" cert_req_ca_list=%%d default: 1 (send ca list)\n" \
@@ -496,7 +499,8 @@
USAGE_PSK \
USAGE_CA_CALLBACK \
USAGE_ECJPAKE \
- "\n" \
+ "\n"
+#define USAGE3 \
" allow_legacy=%%d default: (library default: no)\n" \
USAGE_RENEGO \
" exchanges=%%d default: 1\n" \
@@ -513,7 +517,8 @@
USAGE_EMS \
USAGE_ETM \
USAGE_CURVES \
- "\n" \
+ "\n"
+#define USAGE4 \
" arc4=%%d default: (library default: 0)\n" \
" allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \
@@ -1910,7 +1915,10 @@
if( ret == 0 )
ret = 1;
- mbedtls_printf( USAGE );
+ mbedtls_printf( USAGE1 );
+ mbedtls_printf( USAGE2 );
+ mbedtls_printf( USAGE3 );
+ mbedtls_printf( USAGE4 );
list = mbedtls_ssl_list_ciphersuites();
while( *list )
@@ -2409,7 +2417,7 @@
}
else if( strcmp( p, "query_config" ) == 0 )
{
- return query_config( q );
+ mbedtls_exit( query_config( q ) );
}
else if( strcmp( p, "serialize") == 0 )
{
@@ -4376,7 +4384,7 @@
if( ret < 0 )
ret = 1;
- return( ret );
+ mbedtls_exit( ret );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 1575930..0c04cd8 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -38,7 +38,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_TIMING_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -101,7 +101,7 @@
#define OPTIONS \
"md4, md5, ripemd160, sha1, sha256, sha512,\n" \
"arc4, des3, des, camellia, blowfish, chacha20,\n" \
- "aes_cbc, aes_gcm, aes_ccm, aes_ctx, chachapoly,\n" \
+ "aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,\n" \
"aes_cmac, des3_cmac, poly1305\n" \
"havege, ctr_drbg, hmac_drbg\n" \
"rsa, dhm, ecdsa, ecdh.\n"
@@ -1065,7 +1065,7 @@
fflush( stdout ); getchar();
#endif
- return( 0 );
+ mbedtls_exit( 0 );
}
#endif /* MBEDTLS_TIMING_C */
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index bd28e9a..3fa05f3 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -500,7 +500,5 @@
if( suites_failed > 0)
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
- /* return() is here to prevent compiler warnings */
- return( MBEDTLS_EXIT_SUCCESS );
+ mbedtls_exit( MBEDTLS_EXIT_SUCCESS );
}
-
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index d601dcc..94bae43 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -42,6 +42,7 @@
#define mbedtls_printf printf
#define mbedtls_calloc calloc
#define mbedtls_free free
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */
@@ -50,7 +51,7 @@
int main( void )
{
mbedtls_printf( "MBEDTLS_NET_C not defined.\n" );
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -181,7 +182,7 @@
mbedtls_printf( " option %s: illegal value: %s\n", name, value );
mbedtls_printf( USAGE );
- exit( 1 );
+ mbedtls_exit( 1 );
}
static void get_options( int argc, char *argv[] )
@@ -1019,7 +1020,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_NET_C */
diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c
index 29cc0ac..c670a6b 100644
--- a/programs/test/zeroize.c
+++ b/programs/test/zeroize.c
@@ -42,6 +42,7 @@
#else
#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
@@ -72,14 +73,14 @@
{
mbedtls_printf( "This program takes exactly 1 agument\n" );
usage();
- return( exit_code );
+ mbedtls_exit( exit_code );
}
fp = fopen( argv[1], "r" );
if( fp == NULL )
{
mbedtls_printf( "Could not open file '%s'\n", argv[1] );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
while( ( c = fgetc( fp ) ) != EOF && p < end - 1 )
@@ -97,5 +98,5 @@
fclose( fp );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
- return( exit_code );
+ mbedtls_exit( exit_code );
}
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index f184939..f1961a1 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -61,7 +61,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_BASE64_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -290,6 +290,6 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BASE64_C && MBEDTLS_FS_IO */
diff --git a/programs/util/strerror.c b/programs/util/strerror.c
index b0487c0..45ddd4e 100644
--- a/programs/util/strerror.c
+++ b/programs/util/strerror.c
@@ -29,7 +29,9 @@
#include "mbedtls/platform.h"
#else
#include <stdio.h>
+#include <stdlib.h>
#define mbedtls_printf printf
+#define mbedtls_exit exit
#endif
#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
@@ -48,7 +50,7 @@
int main( void )
{
mbedtls_printf("MBEDTLS_ERROR_C and/or MBEDTLS_ERROR_STRERROR_DUMMY not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
int main( int argc, char *argv[] )
@@ -59,7 +61,7 @@
if( argc != 2 )
{
mbedtls_printf( USAGE );
- return( 0 );
+ mbedtls_exit( 0 );
}
val = strtol( argv[1], &end, 10 );
@@ -87,6 +89,6 @@
fflush( stdout ); getchar();
#endif
- return( val );
+ mbedtls_exit( val );
}
#endif /* MBEDTLS_ERROR_C */
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 7723a37..1b364dd 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -51,7 +51,7 @@
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -497,7 +497,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index f3d9157..81e0d8c 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -46,7 +46,7 @@
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
"not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -444,7 +444,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 9a7dc59..318f226 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -47,7 +47,7 @@
"MBEDTLS_FS_IO and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_ERROR_C not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -815,7 +815,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C &&
MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index 127320a..cebc724 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -42,7 +42,7 @@
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -147,7 +147,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CRL_PARSE_C &&
MBEDTLS_FS_IO */
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 3bb4277..3182d30 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -42,7 +42,7 @@
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
- return( 0 );
+ mbedtls_exit( 0 );
}
#else
@@ -147,7 +147,7 @@
fflush( stdout ); getchar();
#endif
- return( exit_code );
+ mbedtls_exit( exit_code );
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CSR_PARSE_C &&
MBEDTLS_FS_IO */
diff --git a/scripts/config.py b/scripts/config.py
index 20521a5..7f94587 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -159,45 +159,68 @@
return active
return True
+# The goal of the full configuration is to have everything that can be tested
+# together. This includes deprecated or insecure options. It excludes:
+# * Options that require additional build dependencies or unusual hardware.
+# * Options that make testing less effective.
+# * Options that are incompatible with other options, or more generally that
+# interact with other parts of the code in such a way that a bulk enabling
+# is not a good way to test them.
+# * Options that remove features.
+EXCLUDE_FROM_FULL = frozenset([
+ #pylint: disable=line-too-long
+ 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256
+ 'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options
+ 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options
+ 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS
+ 'MBEDTLS_ECP_RESTARTABLE', # incompatible with USE_PSA_CRYPTO
+ 'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY
+ 'MBEDTLS_HAVE_SSE2', # hardware dependency
+ 'MBEDTLS_MEMORY_BACKTRACE', # depends on MEMORY_BUFFER_ALLOC_C
+ 'MBEDTLS_MEMORY_BUFFER_ALLOC_C', # makes sanitizers (e.g. ASan) less effective
+ 'MBEDTLS_MEMORY_DEBUG', # depends on MEMORY_BUFFER_ALLOC_C
+ 'MBEDTLS_NO_64BIT_MULTIPLICATION', # influences anything that uses bignum
+ 'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature
+ 'MBEDTLS_NO_PLATFORM_ENTROPY', # removes a feature
+ 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum
+ 'MBEDTLS_PKCS11_C', # build dependency (libpkcs11-helper)
+ 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
+ 'MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER', # platform dependency (PSA SPM) (at this time)
+ 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
+ 'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions)
+ 'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature
+ 'MBEDTLS_REMOVE_ARC4_CIPHERSUITES', # removes a feature
+ 'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS
+ 'MBEDTLS_SHA512_NO_SHA384', # removes a feature
+ 'MBEDTLS_SSL_HW_RECORD_ACCEL', # build dependency (hook functions)
+ 'MBEDTLS_TEST_NULL_ENTROPY', # removes a feature
+ 'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION', # influences the use of X.509 in TLS
+ 'MBEDTLS_ZLIB_SUPPORT', # build dependency (libz)
+])
+
+def is_seamless_alt(name):
+ """Whether the xxx_ALT symbol should be included in the full configuration.
+
+ Include alternative implementations of platform functions, which are
+ configurable function pointers that default to the built-in function.
+ This way we test that the function pointers exist and build correctly
+ without changing the behavior, and tests can verify that the function
+ pointers are used by modifying those pointers.
+
+ Exclude alternative implementations of library functions since they require
+ an implementation of the relevant functions and an xxx_alt.h header.
+ """
+ if name == 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT':
+ # Similar to non-platform xxx_ALT, requires platform_alt.h
+ return False
+ return name.startswith('MBEDTLS_PLATFORM_')
+
def include_in_full(name):
"""Rules for symbols in the "full" configuration."""
- if re.search(r'PLATFORM_[A-Z0-9]+_ALT', name):
- return True
- if name in [
- 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY',
- 'MBEDTLS_DEPRECATED_REMOVED',
- 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED',
- 'MBEDTLS_ECP_RESTARTABLE',
- 'MBEDTLS_ENTROPY_FORCE_SHA256', # Variant toggle, tested separately
- 'MBEDTLS_HAVE_SSE2',
- 'MBEDTLS_MEMORY_BACKTRACE',
- 'MBEDTLS_MEMORY_BUFFER_ALLOC_C',
- 'MBEDTLS_MEMORY_DEBUG',
- 'MBEDTLS_NO_64BIT_MULTIPLICATION',
- 'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES',
- 'MBEDTLS_NO_PLATFORM_ENTROPY',
- 'MBEDTLS_NO_UDBL_DIVISION',
- 'MBEDTLS_PKCS11_C',
- 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS',
- 'MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER',
- 'MBEDTLS_PSA_CRYPTO_SE_C',
- 'MBEDTLS_PSA_CRYPTO_SPM',
- 'MBEDTLS_PSA_INJECT_ENTROPY',
- 'MBEDTLS_REMOVE_3DES_CIPHERSUITES',
- 'MBEDTLS_REMOVE_ARC4_CIPHERSUITES',
- 'MBEDTLS_RSA_NO_CRT',
- 'MBEDTLS_SHA512_NO_SHA384',
- 'MBEDTLS_SSL_HW_RECORD_ACCEL',
- 'MBEDTLS_SSL_PROTO_SSL3',
- 'MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO',
- 'MBEDTLS_TEST_NULL_ENTROPY',
- 'MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3',
- 'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION',
- 'MBEDTLS_ZLIB_SUPPORT',
- ]:
+ if name in EXCLUDE_FROM_FULL:
return False
if name.endswith('_ALT'):
- return False
+ return is_seamless_alt(name)
return True
def full_adapter(name, active, section):
@@ -206,25 +229,33 @@
return active
return include_in_full(name)
+# The baremetal configuration excludes options that require a library or
+# operating system feature that is typically not present on bare metal
+# systems. Features that are excluded from "full" won't be in "baremetal"
+# either (unless explicitly turned on in baremetal_adapter) so they don't
+# need to be repeated here.
+EXCLUDE_FROM_BAREMETAL = frozenset([
+ #pylint: disable=line-too-long
+ 'MBEDTLS_ENTROPY_NV_SEED', # requires a filesystem and FS_IO or alternate NV seed hooks
+ 'MBEDTLS_FS_IO', # requires a filesystem
+ 'MBEDTLS_HAVEGE_C', # requires a clock
+ 'MBEDTLS_HAVE_TIME', # requires a clock
+ 'MBEDTLS_HAVE_TIME_DATE', # requires a clock
+ 'MBEDTLS_NET_C', # requires POSIX-like networking
+ 'MBEDTLS_PLATFORM_FPRINTF_ALT', # requires FILE* from stdio.h
+ 'MBEDTLS_PLATFORM_NV_SEED_ALT', # requires a filesystem and ENTROPY_NV_SEED
+ 'MBEDTLS_PLATFORM_TIME_ALT', # requires a clock and HAVE_TIME
+ 'MBEDTLS_PSA_CRYPTO_SE_C', # requires a filesystem and PSA_CRYPTO_STORAGE_C
+ 'MBEDTLS_PSA_CRYPTO_STORAGE_C', # requires a filesystem
+ 'MBEDTLS_PSA_ITS_FILE_C', # requires a filesystem
+ 'MBEDTLS_THREADING_C', # requires a threading interface
+ 'MBEDTLS_THREADING_PTHREAD', # requires pthread
+ 'MBEDTLS_TIMING_C', # requires a clock
+])
+
def keep_in_baremetal(name):
"""Rules for symbols in the "baremetal" configuration."""
- if name in [
- 'MBEDTLS_DEPRECATED_WARNING',
- 'MBEDTLS_ENTROPY_NV_SEED',
- 'MBEDTLS_FS_IO',
- 'MBEDTLS_HAVEGE_C',
- 'MBEDTLS_HAVE_TIME',
- 'MBEDTLS_HAVE_TIME_DATE',
- 'MBEDTLS_NET_C',
- 'MBEDTLS_PLATFORM_FPRINTF_ALT',
- 'MBEDTLS_PLATFORM_TIME_ALT',
- 'MBEDTLS_PSA_CRYPTO_SE_C',
- 'MBEDTLS_PSA_CRYPTO_STORAGE_C',
- 'MBEDTLS_PSA_ITS_FILE_C',
- 'MBEDTLS_THREADING_C',
- 'MBEDTLS_THREADING_PTHREAD',
- 'MBEDTLS_TIMING_C',
- ]:
+ if name in EXCLUDE_FROM_BAREMETAL:
return False
return True
@@ -233,6 +264,7 @@
if not is_full_section(section):
return active
if name == 'MBEDTLS_NO_PLATFORM_ENTROPY':
+ # No OS-provided entropy source
return True
return include_in_full(name) and keep_in_baremetal(name)
@@ -243,10 +275,10 @@
name.startswith('MBEDTLS_KEY_EXCHANGE_'):
return False
if name in [
- 'MBEDTLS_CERTS_C',
- 'MBEDTLS_DEBUG_C',
- 'MBEDTLS_NET_C',
- 'MBEDTLS_PKCS11_C',
+ 'MBEDTLS_CERTS_C', # part of libmbedx509
+ 'MBEDTLS_DEBUG_C', # part of libmbedtls
+ 'MBEDTLS_NET_C', # part of libmbedtls
+ 'MBEDTLS_PKCS11_C', # part of libmbedx509
]:
return False
return True
@@ -265,6 +297,28 @@
return adapter(name, active, section)
return continuation
+DEPRECATED = frozenset([
+ 'MBEDTLS_SSL_PROTO_SSL3',
+ 'MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO',
+])
+
+def no_deprecated_adapter(adapter):
+ """Modify an adapter to disable deprecated symbols.
+
+ ``no_deprecated_adapter(adapter)(name, active, section)`` is like
+ ``adapter(name, active, section)``, but unsets all deprecated symbols
+ and sets ``MBEDTLS_DEPRECATED_REMOVED``.
+ """
+ def continuation(name, active, section):
+ if name == 'MBEDTLS_DEPRECATED_REMOVED':
+ return True
+ if name in DEPRECATED:
+ return False
+ if adapter is None:
+ return active
+ return adapter(name, active, section)
+ return continuation
+
class ConfigFile(Config):
"""Representation of the Mbed TLS configuration read for a file.
@@ -430,6 +484,10 @@
Exclude alternative implementations and platform support
options, as well as some options that are awkward to test.
""")
+ add_adapter('full_no_deprecated', no_deprecated_adapter(full_adapter),
+ """Uncomment most non-deprecated features.
+ Like "full", but without deprecated features.
+ """)
add_adapter('realfull', realfull_adapter,
"""Uncomment all boolean #defines.
Suitable for generating documentation, but not for building.""")
diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt
index 97b74bc..f65881b 100644
--- a/scripts/data_files/error.fmt
+++ b/scripts/data_files/error.fmt
@@ -45,7 +45,6 @@
const char * mbedtls_high_level_strerr( int error_code )
{
int high_level_error_code;
- const char *error_description = NULL;
if( error_code < 0 )
error_code = -error_code;
@@ -63,13 +62,12 @@
break;
}
- return error_description;
+ return( NULL );
}
const char * mbedtls_low_level_strerr( int error_code )
{
int low_level_error_code;
- const char *error_description = NULL;
if( error_code < 0 )
error_code = -error_code;
@@ -87,7 +85,7 @@
break;
}
- return error_description;
+ return( NULL );
}
void mbedtls_strerror( int ret, char *buf, size_t buflen )
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index cb59669..0512d59 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -161,8 +161,7 @@
}
${$code_check} .= "${white_space}case -($error_name):\n".
- "${white_space} error_description = \"$module_name - $description\";\n".
- "${white_space} break;\n"
+ "${white_space} return( \"$module_name - $description\" );\n"
};
if ($ll_old_define ne "")
diff --git a/scripts/windows_msbuild.bat b/scripts/windows_msbuild.bat
new file mode 100644
index 0000000..e419931
--- /dev/null
+++ b/scripts/windows_msbuild.bat
@@ -0,0 +1,20 @@
+@rem Build and test Mbed TLS with Visual Studio using msbuild.
+@rem Usage: windows_msbuild [RETARGET]
+@rem RETARGET: version of Visual Studio to emulate
+@rem https://docs.microsoft.com/en-us/cpp/build/how-to-modify-the-target-framework-and-platform-toolset
+
+@rem These parameters are hard-coded for now.
+set "arch=x64" & @rem "x86" or "x64"
+set "cfg=Release" & @rem "Debug" or "Release"
+set "vcvarsall=C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\VC\Auxiliary\Build\vcvarsall.bat"
+
+if not "%~1"=="" set "retarget=,PlatformToolset=%1"
+
+@rem If the %USERPROFILE%\Source directory exists, then running
+@rem vcvarsall.bat will silently change the directory to that directory.
+@rem Setting the VSCMD_START_DIR environment variable causes it to change
+@rem to that directory instead.
+set "VSCMD_START_DIR=%~dp0\..\visualc\VS2010"
+
+"%vcvarsall%" x64 && ^
+msbuild /t:Rebuild /p:Configuration=%cfg%%retarget% /m mbedTLS.sln
diff --git a/tests/data_files/non-ascii-string-in-issuer.crt b/tests/data_files/non-ascii-string-in-issuer.crt
new file mode 100644
index 0000000..99db871
--- /dev/null
+++ b/tests/data_files/non-ascii-string-in-issuer.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnTCCAoWgAwIBAgIUBeZT5xt08LXThG0Mbdz6P6RaK+AwDQYJKoZIhvcNAQEL
+BQAwXjELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMR8wHQYDVQQKDBbDo8KD
+wobDo8KCwrnDo8KDwoggTHRkMR4wHAYDVQQDDBXDo8KDwobDo8KCwrnDo8KDwogg
+Q0EwHhcNMjAwNTIwMTYxNzIzWhcNMjAwNjE5MTYxNzIzWjBeMQswCQYDVQQGEwJK
+UDEOMAwGA1UECAwFVG9reW8xHzAdBgNVBAoMFsOjwoPChsOjwoLCucOjwoPCiCBM
+dGQxHjAcBgNVBAMMFcOjwoPChsOjwoLCucOjwoPCiCBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMkh8YszXqyKsEzm5XMpmLd9WL6ba3QDK0uuePTj
+Uqt6RYjTHMDdu1T/gRUi15++6VAl2vUEcUKI4Lxarb9TuypsHfWLGDlioC4xo/5X
+63fbvIEK6qeluY43v3/dXVLoak4E5C3i9hGpcCVUrawlFKQeuEoNgpxtAy4cA0HV
+RhGK6cEddIo9lRksvO1jD2Xmi90+7STRYmyTVkHyj966f3xEr+8/VKcz2mG1PZgw
+x2kYwv7JZ0F+vbjU2S1OATCS4lqEPJT0ggotIJCmxdv1XorPbYn3uNjT8Lp/UHgW
++4+K0OxdlD0GS7AxffCcq0ltVeUyHq9s2cG2AiP8603aeAUCAwEAAaNTMFEwHQYD
+VR0OBBYEFKT8qVhvMaptyhJMcvz+c3Q0fkzDMB8GA1UdIwQYMBaAFKT8qVhvMapt
+yhJMcvz+c3Q0fkzDMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
+AHR6U3p2DdhwdqhY73vAxtdmAML157cYoZSQiEfpp/Kr3MWoBods6VKHS6flv+T3
+TEf4G0oyEqKoJk3liIyTvUO5CiwXmiiJlYhQmWkEb3zcYVSSFXKvyEQYKLR3ggD/
+C4sCTohfYGB924vI619u6mjnNEBX7yiyZbfJ0uHd7BpOimFVeAos8hJ8Z5T+gESa
+Tiv6EJPK+m3vKTK2w45M/xLEmGMrwxEB1IZnRz19in/Iqe5/sfMfEVXJSQ052tuO
+GLl6reeMaHlbflB/HyoBRo1xM7Av6zy3TIM55Z3C6ry3pcTH6Y+U7Sz9Lw9MyYCX
+b1QAPqg1U0lZZaSNUMsiAjI=
+-----END CERTIFICATE-----
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 5b70caa..5ea1c35 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -138,6 +138,7 @@
: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
: ${ARMC5_BIN_DIR:=/usr/bin}
: ${ARMC6_BIN_DIR:=/usr/bin}
+ : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
# if MAKEFLAGS is not set add the -j option to speed up invocations of make
if [ -z "${MAKEFLAGS+set}" ]; then
@@ -203,6 +204,9 @@
-k|--keep-going Run all tests and report errors at the end.
-m|--memory Additional optional memory tests.
--append-outcome Append to the outcome file (if used).
+ --arm-none-eabi-gcc-prefix=<string>
+ Prefix for a cross-compiler for arm-none-eabi
+ (default: "${ARM_NONE_EABI_GCC_PREFIX}")
--armcc Run ARM Compiler builds (on by default).
--except Exclude the COMPONENTs listed on the command line,
instead of running only those.
@@ -295,9 +299,13 @@
{
FLAGS="$1"
- msg "build: ARM Compiler 6 ($FLAGS), make"
+ msg "build: ARM Compiler 6 ($FLAGS)"
ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \
WARNING_CFLAGS='-xc -std=c99' make lib
+
+ msg "size: ARM Compiler 6 ($FLAGS)"
+ "$ARMC6_FROMELF" -z library/*.o
+
make clean
}
@@ -335,6 +343,7 @@
while [ $# -gt 0 ]; do
case "$1" in
--append-outcome) append_outcome=1;;
+ --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
--armcc) no_armcc=;;
--armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
@@ -547,7 +556,7 @@
esac
case " $RUN_COMPONENTS " in
- *_arm_none_eabi_gcc[_\ ]*) check_tools "arm-none-eabi-gcc";;
+ *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";;
esac
case " $RUN_COMPONENTS " in
@@ -562,9 +571,12 @@
*_armcc*)
ARMC5_CC="$ARMC5_BIN_DIR/armcc"
ARMC5_AR="$ARMC5_BIN_DIR/armar"
+ ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf"
ARMC6_CC="$ARMC6_BIN_DIR/armclang"
ARMC6_AR="$ARMC6_BIN_DIR/armar"
- check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR";;
+ ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf"
+ check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \
+ "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";;
esac
msg "info: output_env.sh"
@@ -645,7 +657,7 @@
make test
msg "selftest: make, default config (out-of-box)" # ~10s
- programs/test/selftest
+ if_build_succeeded programs/test/selftest
export MBEDTLS_TEST_OUTCOME_FILE="$SAVE_MBEDTLS_TEST_OUTCOME_FILE"
unset SAVE_MBEDTLS_TEST_OUTCOME_FILE
@@ -659,6 +671,9 @@
msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
make test
+ msg "test: selftest (ASan build)" # ~ 10s
+ if_build_succeeded programs/test/selftest
+
msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
if_build_succeeded tests/ssl-opt.sh
@@ -678,6 +693,9 @@
msg "test: main suites (inc. selftests) (full config, ASan build)"
make test
+ msg "test: selftest (ASan build)" # ~ 10s
+ if_build_succeeded programs/test/selftest
+
msg "test: ssl-opt.sh (full config, ASan build)"
if_build_succeeded tests/ssl-opt.sh
@@ -909,26 +927,58 @@
if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
}
-component_build_deprecated () {
- msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s
+component_test_default_no_deprecated () {
+ # Test that removing the deprecated features from the default
+ # configuration leaves something consistent.
+ msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s
+ scripts/config.py set MBEDTLS_DEPRECATED_REMOVED
+ make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
+
+ msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s
+ make test
+}
+
+component_test_full_no_deprecated () {
+ msg "build: make, full_no_deprecated config" # ~ 30s
+ scripts/config.py full_no_deprecated
+ make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
+
+ msg "test: make, full_no_deprecated config" # ~ 5s
+ make test
+}
+
+component_test_full_no_deprecated_deprecated_warning () {
+ # Test that there is nothing deprecated in "full_no_deprecated".
+ # A deprecated feature would trigger a warning (made fatal) from
+ # MBEDTLS_DEPRECATED_WARNING.
+ msg "build: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 30s
+ scripts/config.py full_no_deprecated
+ scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED
+ scripts/config.py set MBEDTLS_DEPRECATED_WARNING
+ make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
+
+ msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s
+ make test
+}
+
+component_test_full_deprecated_warning () {
+ # Test that when MBEDTLS_DEPRECATED_WARNING is enabled, the build passes
+ # with only certain whitelisted types of warnings.
+ msg "build: make, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s
scripts/config.py full
scripts/config.py set MBEDTLS_DEPRECATED_WARNING
- # Build with -O -Wextra to catch a maximum of issues.
- make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs
- make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
+ # Expect warnings from '#warning' directives in check_config.h.
+ make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs
- msg "test: make, full config + DEPRECATED_WARNING, expect warnings" # ~ 30s
- make -C tests clean
- make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -DMBEDTLS_TEST_DEPRECATED' tests
+ msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s
+ # Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features.
+ # By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set.
+ # Expect warnings from '#warning' directives in check_config.h and
+ # from the use of deprecated functions in test suites.
+ make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests
- msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s
- # No cleanup, just tweak the configuration and rebuild
- make clean
- scripts/config.py unset MBEDTLS_DEPRECATED_WARNING
- scripts/config.py set MBEDTLS_DEPRECATED_REMOVED
- # Build with -O -Wextra to catch a maximum of issues.
- make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs
- make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
+ msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s
+ make test
}
# Check that the specified libraries exist and are empty.
@@ -997,6 +1047,7 @@
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@@ -1035,6 +1086,7 @@
scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT
scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT
scripts/config.py unset MBEDTLS_PLATFORM_MEMORY
+ scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT
scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
@@ -1064,6 +1116,7 @@
scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT
scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT
scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT
+ scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.py unset MBEDTLS_FS_IO
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
@@ -1081,6 +1134,7 @@
scripts/config.py full
scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
+ scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
}
@@ -1270,6 +1324,7 @@
scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
scripts/config.py set MBEDTLS_ENTROPY_C
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
+ scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
scripts/config.py unset MBEDTLS_ENTROPY_HARDWARE_ALT
scripts/config.py unset MBEDTLS_HAVEGE_C
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON .
@@ -1387,16 +1442,6 @@
make test
}
-component_test_se_full () {
- msg "build: full config + MBEDTLS_PSA_CRYPTO_SE_C"
- scripts/config.py full
- scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C
- make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
-
- msg "test: full config + MBEDTLS_PSA_CRYPTO_SE_C"
- make test
-}
-
component_test_make_shared () {
msg "build/test: make shared" # ~ 40s
make SHARED=1 all check
@@ -1415,7 +1460,7 @@
info=$1 cc=$2; shift 2
for opt in "$@"; do
msg "build/test: $cc $opt, $info" # ~ 30s
- make CC="$cc" CFLAGS="$opt -Wall -Wextra -Werror"
+ make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror"
# We're confident enough in compilers to not run _all_ the tests,
# but at least run the unit tests. In particular, runs with
# optimizations use inline assembly whereas runs with -O0
@@ -1566,45 +1611,63 @@
}
component_build_arm_none_eabi_gcc () {
- msg "build: arm-none-eabi-gcc, make" # ~ 10s
+ msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s
scripts/config.py baremetal
- make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
+ make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -O1' lib
+
+ msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1"
+ ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
}
component_build_arm_none_eabi_gcc_arm5vte () {
- msg "build: arm-none-eabi-gcc -march=arm5vte, make" # ~ 10s
+ msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=arm5vte" # ~ 10s
scripts/config.py baremetal
# Build for a target platform that's close to what Debian uses
# for its "armel" distribution (https://wiki.debian.org/ArmEabiPort).
# See https://github.com/ARMmbed/mbedtls/pull/2169 and comments.
# It would be better to build with arm-linux-gnueabi-gcc but
# we don't have that on our CI at this time.
- make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
+ make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
+
+ msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1"
+ ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
+}
+
+component_build_arm_none_eabi_gcc_m0plus () {
+ msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus" # ~ 10s
+ scripts/config.py baremetal
+ make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib
+
+ msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os"
+ ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
}
component_build_arm_none_eabi_gcc_no_udbl_division () {
- msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
+ msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
scripts/config.py baremetal
scripts/config.py set MBEDTLS_NO_UDBL_DIVISION
- make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
+ make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib
echo "Checking that software 64-bit division is not required"
if_build_succeeded not grep __aeabi_uldiv library/*.o
}
component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
- msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
+ msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
scripts/config.py baremetal
scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION
- make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib
+ make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib
echo "Checking that software 64-bit multiplication is not required"
if_build_succeeded not grep __aeabi_lmul library/*.o
}
component_build_armcc () {
- msg "build: ARM Compiler 5, make"
+ msg "build: ARM Compiler 5"
scripts/config.py baremetal
-
make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
+
+ msg "size: ARM Compiler 5"
+ "$ARMC5_FROMELF" -z library/*.o
+
make clean
# ARM Compiler 6 - Target ARMv7-A
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index aca2f11..08c1410 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -68,10 +68,6 @@
make clean
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.py full
-# Enable some deprecated or experimental features that are not in the
-# full config, but are compatible with it and have tests.
-scripts/config.py set MBEDTLS_SSL_PROTO_SSL3
-scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C
make -j
diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py
index 7474ac7..e8abd75 100755
--- a/tests/scripts/check-files.py
+++ b/tests/scripts/check-files.py
@@ -103,7 +103,7 @@
def is_windows_file(filepath):
_root, ext = os.path.splitext(filepath)
- return ext in ('.dsp', '.sln', '.vcxproj')
+ return ext in ('.bat', '.dsp', '.sln', '.vcxproj')
class PermissionIssueTracker(FileIssueTracker):
@@ -224,6 +224,7 @@
self.logger = None
self.setup_logger(log_file)
self.extensions_to_check = (
+ ".bat",
".c",
".data",
".dsp",
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index 9dde6c2..db65c0f 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -551,7 +551,7 @@
return( 1 );
}
- if( outcome_file_name != NULL )
+ if( outcome_file_name != NULL && *outcome_file_name != '\0' )
{
outcome_file = fopen( outcome_file_name, "a" );
if( outcome_file == NULL )
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 5986758..ff4cf20 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -19,6 +19,12 @@
* This file is part of Mbed TLS (https://tls.mbed.org)
*/
+#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
+#if !defined(_POSIX_C_SOURCE)
+#define _POSIX_C_SOURCE 1 // for fileno() from <stdio.h>
+#endif
+#endif
+
#if !defined(MBEDTLS_CONFIG_FILE)
#include <mbedtls/config.h>
#else
diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index 9f10a90..d9ea441 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -1,6 +1,7 @@
/* BEGIN_HEADER */
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
+#include "mbedtls/md.h"
#include "string.h"
typedef enum
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data
index 0c2411b..55c3426 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.data
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.data
@@ -6,14 +6,11 @@
Register SE driver: good, again
register_one:2:PSA_DRV_SE_HAL_VERSION:PSA_SUCCESS
-Register SE driver: invalid lifetime (0)
+Register SE driver: invalid location (0)
register_one:0:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT
-Register SE driver: invalid lifetime (VOLATILE)
-register_one:PSA_KEY_LIFETIME_VOLATILE:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT
-
-Register SE driver: invalid lifetime (PERSISTENT)
-register_one:PSA_KEY_LIFETIME_PERSISTENT:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT
+Register SE driver: invalid location (local)
+register_one:PSA_KEY_LOCATION_LOCAL_STORAGE:PSA_DRV_SE_HAL_VERSION:PSA_ERROR_INVALID_ARGUMENT
Register SE driver: invalid version (ancient)
register_one:2:0x00000003:PSA_ERROR_NOT_SUPPORTED
@@ -121,7 +118,7 @@
generate_key_smoke:PSA_KEY_TYPE_HMAC:256:PSA_ALG_HMAC( PSA_ALG_SHA_256 )
Key registration: smoke test
-register_key_smoke_test:MIN_DRIVER_LIFETIME:1:PSA_SUCCESS
+register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:PSA_SUCCESS
Key registration: invalid lifetime (volatile)
register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT
@@ -130,13 +127,13 @@
register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_INVALID_ARGUMENT
Key registration: invalid lifetime (no registered driver)
-register_key_smoke_test:MIN_DRIVER_LIFETIME + 1:1:PSA_ERROR_INVALID_ARGUMENT
+register_key_smoke_test:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION + 1 ):1:PSA_ERROR_INVALID_ARGUMENT
Key registration: rejected
-register_key_smoke_test:MIN_DRIVER_LIFETIME:0:PSA_ERROR_NOT_PERMITTED
+register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:0:PSA_ERROR_NOT_PERMITTED
Key registration: not supported
-register_key_smoke_test:MIN_DRIVER_LIFETIME:-1:PSA_ERROR_NOT_SUPPORTED
+register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:-1:PSA_ERROR_NOT_SUPPORTED
Import-sign-verify: sign in driver, ECDSA
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
index b468d5e..f95f7e5 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -18,8 +18,14 @@
/* Test driver helpers */
/****************************************************************/
-/** The minimum valid lifetime value for a secure element driver. */
-#define MIN_DRIVER_LIFETIME 2
+/** The minimum valid location value for a secure element driver. */
+#define MIN_DRIVER_LOCATION 1
+
+/** The location and lifetime used for tests that use a single driver. */
+#define TEST_DRIVER_LOCATION 1
+#define TEST_SE_PERSISTENT_LIFETIME \
+ ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
+ PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) )
/** The driver detected a condition that shouldn't happen.
* This is probably a bug in the library. */
@@ -547,7 +553,7 @@
psa_get_key_lifetime( &actual_attributes );
psa_status_t status = psa_get_key_slot_number( &actual_attributes,
&actual_slot_number );
- if( lifetime < MIN_DRIVER_LIFETIME )
+ if( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) < MIN_DRIVER_LOCATION )
{
/* The key is not in a secure element. */
TEST_EQUAL( status, PSA_ERROR_INVALID_ARGUMENT );
@@ -571,23 +577,23 @@
return( ok );
}
-/* Get the file UID corresponding to the specified lifetime.
+/* Get the file UID corresponding to the specified location.
* If this changes, the storage format version must change.
* See psa_get_se_driver_its_file_uid() in psa_crypto_se.c.
*/
-psa_storage_uid_t file_uid_for_lifetime( psa_key_lifetime_t lifetime )
+psa_storage_uid_t file_uid_for_location( psa_key_location_t location )
{
- if( lifetime > PSA_MAX_SE_LIFETIME )
+ if( location > PSA_MAX_SE_LOCATION )
return( 0 );
- return( 0xfffffe00 + lifetime );
+ return( 0xfffffe00 + location );
}
/* Check that the persistent data of a driver has its expected content. */
-static int check_persistent_data( psa_key_lifetime_t lifetime,
+static int check_persistent_data( psa_key_location_t location,
const void *expected_data,
size_t size )
{
- psa_storage_uid_t uid = file_uid_for_lifetime( lifetime );
+ psa_storage_uid_t uid = file_uid_for_location( location );
struct psa_storage_info_t info;
uint8_t *loaded = NULL;
int ok = 0;
@@ -737,7 +743,7 @@
static void psa_purge_storage( void )
{
psa_key_id_t id;
- psa_key_lifetime_t lifetime;
+ psa_key_location_t location;
/* The tests may have potentially created key ids from 1 to
* MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id
* 0, which file-based storage uses as a temporary file. */
@@ -746,8 +752,8 @@
/* Purge the transaction file. */
psa_crypto_stop_transaction( );
/* Purge driver persistent data. */
- for( lifetime = 0; lifetime < PSA_MAX_SE_LIFETIME; lifetime++ )
- psa_destroy_se_persistent_data( lifetime );
+ for( location = 0; location < PSA_MAX_SE_LOCATION; location++ )
+ psa_destroy_se_persistent_data( location );
}
/* END_HEADER */
@@ -758,7 +764,7 @@
*/
/* BEGIN_CASE */
-void register_one( int lifetime, int version, int expected_status_arg )
+void register_one( int location, int version, int expected_status_arg )
{
psa_status_t expected_status = expected_status_arg;
psa_drv_se_t driver;
@@ -766,7 +772,7 @@
memset( &driver, 0, sizeof( driver ) );
driver.hal_version = version;
- TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
+ TEST_EQUAL( psa_register_se_driver( location, &driver ),
expected_status );
PSA_ASSERT( psa_crypto_init( ) );
@@ -780,16 +786,16 @@
void register_twice( int count )
{
psa_drv_se_t driver;
- psa_key_lifetime_t lifetime;
- psa_key_lifetime_t max = MIN_DRIVER_LIFETIME + count;
+ psa_key_location_t location;
+ psa_key_location_t max = MIN_DRIVER_LOCATION + count;
memset( &driver, 0, sizeof( driver ) );
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
- for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ )
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
- for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ )
- TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
+ for( location = MIN_DRIVER_LOCATION; location < max; location++ )
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
+ for( location = MIN_DRIVER_LOCATION; location < max; location++ )
+ TEST_EQUAL( psa_register_se_driver( location, &driver ),
PSA_ERROR_ALREADY_EXISTS );
PSA_ASSERT( psa_crypto_init( ) );
@@ -803,16 +809,16 @@
void register_max( )
{
psa_drv_se_t driver;
- psa_key_lifetime_t lifetime;
- psa_key_lifetime_t max = MIN_DRIVER_LIFETIME + PSA_MAX_SE_DRIVERS;
+ psa_key_location_t location;
+ psa_key_location_t max = MIN_DRIVER_LOCATION + PSA_MAX_SE_DRIVERS;
memset( &driver, 0, sizeof( driver ) );
driver.hal_version = PSA_DRV_SE_HAL_VERSION;
- for( lifetime = MIN_DRIVER_LIFETIME; lifetime < max; lifetime++ )
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ for( location = MIN_DRIVER_LOCATION; location < max; location++ )
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
- TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
+ TEST_EQUAL( psa_register_se_driver( location, &driver ),
PSA_ERROR_INSUFFICIENT_MEMORY );
PSA_ASSERT( psa_crypto_init( ) );
@@ -827,7 +833,8 @@
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -846,7 +853,7 @@
key_management.p_export = ram_export;
ram_min_slot = min_slot;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
/* Create a key. */
@@ -857,7 +864,7 @@
PSA_ASSERT( psa_import_key( &attributes,
key_material, sizeof( key_material ),
&handle ) );
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
@@ -866,9 +873,9 @@
if( restart )
{
mbedtls_psa_crypto_free( );
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
@@ -894,7 +901,7 @@
PSA_ASSERT( psa_destroy_key( handle ) );
handle = 0;
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
@@ -921,7 +928,8 @@
psa_status_t status;
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -937,7 +945,7 @@
key_management.p_destroy = ram_destroy;
key_management.p_export = ram_export;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
/* Create a key. */
@@ -953,7 +961,7 @@
if( status != PSA_SUCCESS )
goto exit;
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
@@ -962,9 +970,9 @@
if( restart )
{
mbedtls_psa_crypto_free( );
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
@@ -980,7 +988,7 @@
PSA_ASSERT( psa_destroy_key( handle ) );
handle = 0;
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&ram_shadow_slot_usage,
sizeof( ram_shadow_slot_usage ) ) )
goto exit;
@@ -1002,7 +1010,8 @@
psa_algorithm_t alg = alg_arg;
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -1016,7 +1025,7 @@
key_management.p_import = null_import;
key_management.p_destroy = null_destroy;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
/* Create a key. */
@@ -1031,7 +1040,7 @@
PSA_ASSERT( psa_import_key( &attributes,
key_material->x, key_material->len,
&handle ) );
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
@@ -1041,9 +1050,9 @@
/* Restart and try again. */
mbedtls_psa_crypto_free( );
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
PSA_ASSERT( psa_open_key( id, &handle ) );
@@ -1053,7 +1062,7 @@
/* We're done. */
PSA_ASSERT( psa_destroy_key( handle ) );
handle = 0;
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
TEST_EQUAL( psa_open_key( id, &handle ),
@@ -1073,7 +1082,8 @@
size_t bits = bits_arg;
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -1086,7 +1096,7 @@
key_management.p_allocate = counter_allocate;
/* No p_generate method */
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@@ -1111,7 +1121,8 @@
psa_algorithm_t alg = alg_arg;
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -1125,7 +1136,7 @@
key_management.p_generate = null_generate;
key_management.p_destroy = null_destroy;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
/* Create a key. */
@@ -1139,7 +1150,7 @@
psa_set_key_type( &attributes, type );
psa_set_key_bits( &attributes, bits );
PSA_ASSERT( psa_generate_key( &attributes, &handle ) );
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
@@ -1149,9 +1160,9 @@
/* Restart and try again. */
mbedtls_psa_crypto_free( );
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
PSA_ASSERT( psa_open_key( id, &handle ) );
@@ -1161,7 +1172,7 @@
/* We're done. */
PSA_ASSERT( psa_destroy_key( handle ) );
handle = 0;
- if( ! check_persistent_data( lifetime,
+ if( ! check_persistent_data( location,
&shadow_counter, sizeof( shadow_counter ) ) )
goto exit;
TEST_EQUAL( psa_open_key( id, &handle ),
@@ -1190,7 +1201,8 @@
psa_drv_se_key_management_t key_management;
psa_drv_se_asymmetric_t asymmetric;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t drv_handle = 0; /* key managed by the driver */
psa_key_handle_t sw_handle = 0; /* transparent key */
@@ -1229,7 +1241,7 @@
}
asymmetric.p_verify = ram_verify;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
/* Prepare to create two keys with the same key material: a transparent
@@ -1347,6 +1359,7 @@
int expected_status_arg )
{
psa_key_lifetime_t lifetime = lifetime_arg;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_status_t expected_status = expected_status_arg;
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
@@ -1371,7 +1384,7 @@
( validate > 0 ? PSA_SUCCESS : PSA_ERROR_NOT_PERMITTED );
}
- PSA_ASSERT( psa_register_se_driver( MIN_DRIVER_LIFETIME, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( MIN_DRIVER_LOCATION, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@@ -1395,7 +1408,7 @@
/* Restart and try again. */
PSA_DONE( );
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
PSA_ASSERT( psa_open_key( id, &handle ) );
if( ! check_key_attributes( handle, &attributes ) )
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data
index f60bd76..23e035a 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.data
@@ -1,11 +1,14 @@
SE init mock test: success
-mock_init:2:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:1
+mock_init:1:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:1
SE init mock test: failure
-mock_init:2:PSA_SUCCESS:PSA_ERROR_HARDWARE_FAILURE:PSA_ERROR_HARDWARE_FAILURE:1
+mock_init:1:PSA_SUCCESS:PSA_ERROR_HARDWARE_FAILURE:PSA_ERROR_HARDWARE_FAILURE:1
-SE init mock test: invalid lifetime
-mock_init:1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0
+SE init mock test: invalid location (0)
+mock_init:0:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0
+
+SE init mock test: location not supported (INT_MAX)
+mock_init:INT_MAX:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_SUCCESS:0
SE key importing mock test
mock_import:PSA_SUCCESS:PSA_SUCCESS:0:PSA_SUCCESS
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
index 9f17b84..f6acb07 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
@@ -5,10 +5,16 @@
#include "psa_crypto_se.h"
#include "psa_crypto_storage.h"
+/** The location and lifetime used for tests that use a single driver. */
+#define TEST_DRIVER_LOCATION 1
+#define TEST_SE_PERSISTENT_LIFETIME \
+ ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
+ PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) )
+
static struct
{
uint16_t called;
- psa_key_lifetime_t lifetime;
+ psa_key_location_t location;
psa_status_t return_value;
} mock_init_data;
@@ -84,7 +90,7 @@
static void psa_purge_storage( void )
{
psa_key_id_t id;
- psa_key_lifetime_t lifetime;
+ psa_key_location_t location;
/* The tests may have potentially created key ids from 1 to
* MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id
* 0, which file-based storage uses as a temporary file. */
@@ -93,8 +99,8 @@
/* Purge the transaction file. */
psa_crypto_stop_transaction( );
/* Purge driver persistent data. */
- for( lifetime = 0; lifetime < PSA_MAX_SE_LIFETIME; lifetime++ )
- psa_destroy_se_persistent_data( lifetime );
+ for( location = 0; location < PSA_MAX_SE_LOCATION; location++ )
+ psa_destroy_se_persistent_data( location );
}
static void mock_teardown( void )
@@ -113,13 +119,13 @@
static psa_status_t mock_init( psa_drv_se_context_t *drv_context,
void *persistent_data,
- psa_key_lifetime_t lifetime )
+ psa_key_location_t location )
{
(void) drv_context;
(void) persistent_data;
mock_init_data.called++;
- mock_init_data.lifetime = lifetime;
+ mock_init_data.location = location;
return( mock_init_data.return_value );
}
@@ -279,13 +285,13 @@
*/
/* BEGIN_CASE */
-void mock_init( int lifetime_arg,
+void mock_init( int location_arg,
int expected_register_status_arg,
int driver_status_arg,
int expected_psa_status_arg,
int expected_called )
{
- psa_key_lifetime_t lifetime = lifetime_arg;
+ psa_key_location_t location = location_arg;
psa_status_t expected_register_status = expected_register_status_arg;
psa_status_t driver_status = driver_status_arg;
psa_status_t expected_psa_status = expected_psa_status_arg;
@@ -297,7 +303,7 @@
mock_init_data.return_value = driver_status;
- TEST_EQUAL( psa_register_se_driver( lifetime, &driver ),
+ TEST_EQUAL( psa_register_se_driver( location, &driver ),
expected_register_status );
psa_crypto_init_called = 1;
@@ -305,7 +311,7 @@
TEST_EQUAL( mock_init_data.called, expected_called );
if( expected_called )
- TEST_EQUAL( mock_init_data.lifetime, lifetime );
+ TEST_EQUAL( mock_init_data.location, location );
exit:
if( psa_crypto_init_called )
@@ -322,7 +328,8 @@
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -339,7 +346,7 @@
key_management.p_destroy = mock_destroy;
key_management.p_allocate = mock_allocate;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@@ -378,7 +385,8 @@
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -397,7 +405,7 @@
key_management.p_destroy = mock_destroy;
key_management.p_allocate = mock_allocate;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@@ -431,7 +439,8 @@
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -446,7 +455,7 @@
key_management.p_destroy = mock_destroy;
key_management.p_allocate = mock_allocate;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@@ -485,7 +494,8 @@
{
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -503,7 +513,7 @@
key_management.p_destroy = mock_destroy;
key_management.p_allocate = mock_allocate;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@@ -534,7 +544,8 @@
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_drv_se_asymmetric_t asymmetric;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -559,7 +570,7 @@
driver.asymmetric = &asymmetric;
asymmetric.p_sign = mock_sign;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
@@ -594,7 +605,8 @@
psa_drv_se_t driver;
psa_drv_se_key_management_t key_management;
psa_drv_se_asymmetric_t asymmetric;
- psa_key_lifetime_t lifetime = 2;
+ psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
psa_key_id_t id = 1;
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -618,7 +630,7 @@
driver.asymmetric = &asymmetric;
asymmetric.p_verify = mock_verify;
- PSA_ASSERT( psa_register_se_driver( lifetime, &driver ) );
+ PSA_ASSERT( psa_register_se_driver( location, &driver ) );
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_id( &attributes, id );
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 7012e8e..831e0ab 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -174,9 +174,13 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n <unsupported>\next key usage \: TLS Web Client Authentication\n"
+X509 CRT information Non-ASCII string in issuer name and subject name
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509_cert_info:"data_files/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nsubject name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
+
X509 certificate v1 with extension
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \:\n dNSName \: identity-check.org\n dNSName \: www.identity-check.org\n"
+x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \:\n dNSName \: identity-check.org\n dNSName \: www.identity-check.org\n <unsupported>\n"
X509 SAN parsing otherName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
@@ -1563,7 +1567,7 @@
x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv tag)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 CRT ASN1 (TBSCertificate v3, ext SubjectAlternativeName malformed)
@@ -1583,13 +1587,21 @@
x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRT ASN1 (TBS, IssuerID unsupported in v1 CRT)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+X509 CRT ASN1 (TBS, IssuerID unsupported in v1 CRT, ALLOW_EXTENSIONS_NON_V3)
+depends_on:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
X509 CRT ASN1 (TBS, SubjectID unsupported in v1 CRT)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+X509 CRT ASN1 (TBS, SubjectID unsupported in v1 CRT, ALLOW_EXTENSIONS_NON_V3)
+depends_on:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
X509 CRT ASN1 (TBS, inv v3Ext, inv tag)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a2000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
@@ -1838,12 +1850,24 @@
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-X509 CRT ASN1 (TBS, valid v3Ext in v1 CRT)
+X509 CRT (TBS, valid v3Ext in v1 CRT, ALLOW_EXTENSIONS_NON_V3)
+depends_on:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0
+
+X509 CRT (TBS, valid v3Ext in v2 CRT, ALLOW_EXTENSIONS_NON_V3)
+depends_on:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 2\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0
+
+X509 CRT (TBS, valid v3Ext in v3 CRT)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0
+
+X509 CRT ASN1 (TBS, valid v3Ext in v1 CRT)
+depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 CRT ASN1 (TBS, valid v3Ext in v2 CRT)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 CRT ASN1 (TBS, valid SubjectID, valid IssuerID, inv v3Ext, SubjectAltName repeated outside Extensions, inv SubjectAltNames tag)