Merge pull request #6070 from wernerlewis/bignum_test_radix
Remove radix argument from bignum test functions
diff --git a/ChangeLog.d/fix_psa_crypto_cipher_h_include.txt b/ChangeLog.d/fix_psa_crypto_cipher_h_include.txt
new file mode 100644
index 0000000..bf2e65d
--- /dev/null
+++ b/ChangeLog.d/fix_psa_crypto_cipher_h_include.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Use double quotes to include private header file psa_crypto_cipher.h.
+ Fixes 'file not found with <angled> include' error
+ when building with Xcode.
diff --git a/ChangeLog.d/x509-broken-symlink-handling.txt b/ChangeLog.d/x509-broken-symlink-handling.txt
new file mode 100644
index 0000000..52288dc
--- /dev/null
+++ b/ChangeLog.d/x509-broken-symlink-handling.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix handling of broken symlinks when loading certificates using
+ mbedtls_x509_crt_parse_path(). Instead of returning an error as soon as a
+ broken link is encountered, skip the broken link and continue parsing
+ other certificate files. Contributed by Eduardo Silva in #2602.
diff --git a/library/ecdh.c b/library/ecdh.c
index cc1340c..35ab1b7 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -34,12 +34,6 @@
#include <string.h>
-/* Parameter validation macros based on platform_util.h */
-#define ECDH_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECDH_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed;
#endif
@@ -97,10 +91,6 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- ECDH_VALIDATE_RET( grp != NULL );
- ECDH_VALIDATE_RET( d != NULL );
- ECDH_VALIDATE_RET( Q != NULL );
- ECDH_VALIDATE_RET( f_rng != NULL );
return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) );
}
#endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */
@@ -146,10 +136,6 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- ECDH_VALIDATE_RET( grp != NULL );
- ECDH_VALIDATE_RET( Q != NULL );
- ECDH_VALIDATE_RET( d != NULL );
- ECDH_VALIDATE_RET( z != NULL );
return( ecdh_compute_shared_restartable( grp, z, Q, d,
f_rng, p_rng, NULL ) );
}
@@ -173,8 +159,6 @@
*/
void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx )
{
- ECDH_VALIDATE( ctx != NULL );
-
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
ecdh_init_internal( ctx );
mbedtls_ecp_point_init( &ctx->Vi );
@@ -210,8 +194,6 @@
*/
int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id )
{
- ECDH_VALIDATE_RET( ctx != NULL );
-
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_setup_internal( ctx, grp_id ) );
#else
@@ -253,8 +235,6 @@
*/
void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx )
{
- ECDH_VALIDATE( ctx != NULL );
-
ctx->restart_enabled = 1;
}
#endif
@@ -357,11 +337,6 @@
void *p_rng )
{
int restart_enabled = 0;
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( olen != NULL );
- ECDH_VALIDATE_RET( buf != NULL );
- ECDH_VALIDATE_RET( f_rng != NULL );
-
#if defined(MBEDTLS_ECP_RESTARTABLE)
restart_enabled = ctx->restart_enabled;
#else
@@ -411,11 +386,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group_id grp_id;
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( buf != NULL );
- ECDH_VALIDATE_RET( *buf != NULL );
- ECDH_VALIDATE_RET( end != NULL );
-
if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, end - *buf ) )
!= 0 )
return( ret );
@@ -471,10 +441,8 @@
mbedtls_ecdh_side side )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( key != NULL );
- ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS ||
- side == MBEDTLS_ECDH_THEIRS );
+ if( side != MBEDTLS_ECDH_OURS && side != MBEDTLS_ECDH_THEIRS )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE )
{
@@ -563,11 +531,6 @@
void *p_rng )
{
int restart_enabled = 0;
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( olen != NULL );
- ECDH_VALIDATE_RET( buf != NULL );
- ECDH_VALIDATE_RET( f_rng != NULL );
-
#if defined(MBEDTLS_ECP_RESTARTABLE)
restart_enabled = ctx->restart_enabled;
#endif
@@ -616,9 +579,6 @@
int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
const unsigned char *buf, size_t blen )
{
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( buf != NULL );
-
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_read_public_internal( ctx, buf, blen ) );
#else
@@ -697,10 +657,6 @@
void *p_rng )
{
int restart_enabled = 0;
- ECDH_VALIDATE_RET( ctx != NULL );
- ECDH_VALIDATE_RET( olen != NULL );
- ECDH_VALIDATE_RET( buf != NULL );
-
#if defined(MBEDTLS_ECP_RESTARTABLE)
restart_enabled = ctx->restart_enabled;
#endif
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 0b612ce..dcdf83c 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -47,12 +47,6 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
-/* Parameter validation macros based on platform_util.h */
-#define ECDSA_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECDSA_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if defined(MBEDTLS_ECP_RESTARTABLE)
/*
@@ -404,13 +398,6 @@
const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- ECDSA_VALIDATE_RET( grp != NULL );
- ECDSA_VALIDATE_RET( r != NULL );
- ECDSA_VALIDATE_RET( s != NULL );
- ECDSA_VALIDATE_RET( d != NULL );
- ECDSA_VALIDATE_RET( f_rng != NULL );
- ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
-
/* Use the same RNG for both blinding and ephemeral key generation */
return( ecdsa_sign_restartable( grp, r, s, d, buf, blen,
f_rng, p_rng, f_rng, p_rng, NULL ) );
@@ -503,13 +490,6 @@
size_t),
void *p_rng_blind )
{
- ECDSA_VALIDATE_RET( grp != NULL );
- ECDSA_VALIDATE_RET( r != NULL );
- ECDSA_VALIDATE_RET( s != NULL );
- ECDSA_VALIDATE_RET( d != NULL );
- ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
- ECDSA_VALIDATE_RET( f_rng_blind != NULL );
-
return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg,
f_rng_blind, p_rng_blind, NULL ) );
}
@@ -634,12 +614,6 @@
const mbedtls_mpi *r,
const mbedtls_mpi *s)
{
- ECDSA_VALIDATE_RET( grp != NULL );
- ECDSA_VALIDATE_RET( Q != NULL );
- ECDSA_VALIDATE_RET( r != NULL );
- ECDSA_VALIDATE_RET( s != NULL );
- ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
-
return( ecdsa_verify_restartable( grp, buf, blen, Q, r, s, NULL ) );
}
#endif /* !MBEDTLS_ECDSA_VERIFY_ALT */
@@ -685,11 +659,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi r, s;
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( hash != NULL );
- ECDSA_VALIDATE_RET( sig != NULL );
- ECDSA_VALIDATE_RET( slen != NULL );
-
if( f_rng == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
@@ -735,10 +704,6 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( hash != NULL );
- ECDSA_VALIDATE_RET( sig != NULL );
- ECDSA_VALIDATE_RET( slen != NULL );
return( mbedtls_ecdsa_write_signature_restartable(
ctx, md_alg, hash, hlen, sig, sig_size, slen,
f_rng, p_rng, NULL ) );
@@ -751,9 +716,6 @@
const unsigned char *hash, size_t hlen,
const unsigned char *sig, size_t slen )
{
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( hash != NULL );
- ECDSA_VALIDATE_RET( sig != NULL );
return( mbedtls_ecdsa_read_signature_restartable(
ctx, hash, hlen, sig, slen, NULL ) );
}
@@ -771,10 +733,6 @@
const unsigned char *end = sig + slen;
size_t len;
mbedtls_mpi r, s;
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( hash != NULL );
- ECDSA_VALIDATE_RET( sig != NULL );
-
mbedtls_mpi_init( &r );
mbedtls_mpi_init( &s );
@@ -831,9 +789,6 @@
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret = 0;
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( f_rng != NULL );
-
ret = mbedtls_ecp_group_load( &ctx->grp, gid );
if( ret != 0 )
return( ret );
@@ -849,9 +804,6 @@
int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECDSA_VALIDATE_RET( ctx != NULL );
- ECDSA_VALIDATE_RET( key != NULL );
-
if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 ||
( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 ||
( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 )
@@ -867,8 +819,6 @@
*/
void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx )
{
- ECDSA_VALIDATE( ctx != NULL );
-
mbedtls_ecp_keypair_init( ctx );
}
@@ -889,8 +839,6 @@
*/
void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx )
{
- ECDSA_VALIDATE( ctx != NULL );
-
mbedtls_ecp_restart_init( &ctx->ecp );
ctx->ver = NULL;
diff --git a/library/ecjpake.c b/library/ecjpake.c
index d467a65..c591924 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -34,12 +34,6 @@
#if !defined(MBEDTLS_ECJPAKE_ALT)
-/* Parameter validation macros based on platform_util.h */
-#define ECJPAKE_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECJPAKE_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
/*
* Convert a mbedtls_ecjpake_role to identifier string
*/
@@ -56,8 +50,6 @@
*/
void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )
{
- ECJPAKE_VALIDATE( ctx != NULL );
-
ctx->md_info = NULL;
mbedtls_ecp_group_init( &ctx->grp );
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
@@ -107,10 +99,8 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECJPAKE_VALIDATE_RET( ctx != NULL );
- ECJPAKE_VALIDATE_RET( role == MBEDTLS_ECJPAKE_CLIENT ||
- role == MBEDTLS_ECJPAKE_SERVER );
- ECJPAKE_VALIDATE_RET( secret != NULL || len == 0 );
+ if( role != MBEDTLS_ECJPAKE_CLIENT && role != MBEDTLS_ECJPAKE_SERVER )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
ctx->role = role;
@@ -147,8 +137,6 @@
*/
int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )
{
- ECJPAKE_VALIDATE_RET( ctx != NULL );
-
if( ctx->md_info == NULL ||
ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
ctx->s.p == NULL )
@@ -521,9 +509,6 @@
const unsigned char *buf,
size_t len )
{
- ECJPAKE_VALIDATE_RET( ctx != NULL );
- ECJPAKE_VALIDATE_RET( buf != NULL );
-
return( ecjpake_kkpp_read( ctx->md_info, &ctx->grp, ctx->point_format,
&ctx->grp.G,
&ctx->Xp1, &ctx->Xp2, ID_PEER,
@@ -538,11 +523,6 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- ECJPAKE_VALIDATE_RET( ctx != NULL );
- ECJPAKE_VALIDATE_RET( buf != NULL );
- ECJPAKE_VALIDATE_RET( olen != NULL );
- ECJPAKE_VALIDATE_RET( f_rng != NULL );
-
return( ecjpake_kkpp_write( ctx->md_info, &ctx->grp, ctx->point_format,
&ctx->grp.G,
&ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,
@@ -585,9 +565,6 @@
mbedtls_ecp_group grp;
mbedtls_ecp_point G; /* C: GB, S: GA */
- ECJPAKE_VALIDATE_RET( ctx != NULL );
- ECJPAKE_VALIDATE_RET( buf != NULL );
-
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &G );
@@ -680,11 +657,6 @@
const unsigned char *end = buf + len;
size_t ec_len;
- ECJPAKE_VALIDATE_RET( ctx != NULL );
- ECJPAKE_VALIDATE_RET( buf != NULL );
- ECJPAKE_VALIDATE_RET( olen != NULL );
- ECJPAKE_VALIDATE_RET( f_rng != NULL );
-
mbedtls_ecp_point_init( &G );
mbedtls_ecp_point_init( &Xm );
mbedtls_mpi_init( &xm );
@@ -760,11 +732,6 @@
unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
size_t x_bytes;
- ECJPAKE_VALIDATE_RET( ctx != NULL );
- ECJPAKE_VALIDATE_RET( buf != NULL );
- ECJPAKE_VALIDATE_RET( olen != NULL );
- ECJPAKE_VALIDATE_RET( f_rng != NULL );
-
*olen = mbedtls_md_get_size( ctx->md_info );
if( len < *olen )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
diff --git a/library/ecp.c b/library/ecp.c
index 67c46f2..009be61 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -84,12 +84,6 @@
#if !defined(MBEDTLS_ECP_ALT)
-/* Parameter validation macros based on platform_util.h */
-#define ECP_VALIDATE_RET( cond ) \
- MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECP_VALIDATE( cond ) \
- MBEDTLS_INTERNAL_VALIDATE( cond )
-
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
@@ -242,7 +236,6 @@
*/
void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx )
{
- ECP_VALIDATE( ctx != NULL );
ctx->ops_done = 0;
ctx->depth = 0;
ctx->rsm = NULL;
@@ -273,8 +266,6 @@
mbedtls_ecp_restart_ctx *rs_ctx,
unsigned ops )
{
- ECP_VALIDATE_RET( grp != NULL );
-
if( rs_ctx != NULL && ecp_max_ops != 0 )
{
/* scale depending on curve size: the chosen reference is 256-bit,
@@ -525,8 +516,6 @@
*/
void mbedtls_ecp_point_init( mbedtls_ecp_point *pt )
{
- ECP_VALIDATE( pt != NULL );
-
mbedtls_mpi_init( &pt->X );
mbedtls_mpi_init( &pt->Y );
mbedtls_mpi_init( &pt->Z );
@@ -537,8 +526,6 @@
*/
void mbedtls_ecp_group_init( mbedtls_ecp_group *grp )
{
- ECP_VALIDATE( grp != NULL );
-
grp->id = MBEDTLS_ECP_DP_NONE;
mbedtls_mpi_init( &grp->P );
mbedtls_mpi_init( &grp->A );
@@ -561,8 +548,6 @@
*/
void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key )
{
- ECP_VALIDATE( key != NULL );
-
mbedtls_ecp_group_init( &key->grp );
mbedtls_mpi_init( &key->d );
mbedtls_ecp_point_init( &key->Q );
@@ -641,9 +626,6 @@
int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECP_VALIDATE_RET( P != NULL );
- ECP_VALIDATE_RET( Q != NULL );
-
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->X, &Q->X ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Y, &Q->Y ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Z, &Q->Z ) );
@@ -657,9 +639,6 @@
*/
int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src )
{
- ECP_VALIDATE_RET( dst != NULL );
- ECP_VALIDATE_RET( src != NULL );
-
return( mbedtls_ecp_group_load( dst, src->id ) );
}
@@ -669,8 +648,6 @@
int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECP_VALIDATE_RET( pt != NULL );
-
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Y , 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z , 0 ) );
@@ -684,8 +661,6 @@
*/
int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt )
{
- ECP_VALIDATE_RET( pt != NULL );
-
return( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 );
}
@@ -695,9 +670,6 @@
int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
const mbedtls_ecp_point *Q )
{
- ECP_VALIDATE_RET( P != NULL );
- ECP_VALIDATE_RET( Q != NULL );
-
if( mbedtls_mpi_cmp_mpi( &P->X, &Q->X ) == 0 &&
mbedtls_mpi_cmp_mpi( &P->Y, &Q->Y ) == 0 &&
mbedtls_mpi_cmp_mpi( &P->Z, &Q->Z ) == 0 )
@@ -715,10 +687,6 @@
const char *x, const char *y )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECP_VALIDATE_RET( P != NULL );
- ECP_VALIDATE_RET( x != NULL );
- ECP_VALIDATE_RET( y != NULL );
-
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->X, radix, x ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->Y, radix, y ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) );
@@ -737,12 +705,9 @@
{
int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
size_t plen;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( P != NULL );
- ECP_VALIDATE_RET( olen != NULL );
- ECP_VALIDATE_RET( buf != NULL );
- ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED ||
- format == MBEDTLS_ECP_PF_COMPRESSED );
+ if( format != MBEDTLS_ECP_PF_UNCOMPRESSED &&
+ format != MBEDTLS_ECP_PF_COMPRESSED )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
plen = mbedtls_mpi_size( &grp->P );
@@ -811,10 +776,6 @@
{
int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
size_t plen;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( pt != NULL );
- ECP_VALIDATE_RET( buf != NULL );
-
if( ilen < 1 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
@@ -876,11 +837,6 @@
{
unsigned char data_len;
const unsigned char *buf_start;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( pt != NULL );
- ECP_VALIDATE_RET( buf != NULL );
- ECP_VALIDATE_RET( *buf != NULL );
-
/*
* We must have at least two bytes (1 for length, at least one for data)
*/
@@ -911,12 +867,9 @@
unsigned char *buf, size_t blen )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( pt != NULL );
- ECP_VALIDATE_RET( olen != NULL );
- ECP_VALIDATE_RET( buf != NULL );
- ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED ||
- format == MBEDTLS_ECP_PF_COMPRESSED );
+ if( format != MBEDTLS_ECP_PF_UNCOMPRESSED &&
+ format != MBEDTLS_ECP_PF_COMPRESSED )
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
/*
* buffer length must be at least one, for our length byte
@@ -945,10 +898,6 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group_id grp_id;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( buf != NULL );
- ECP_VALIDATE_RET( *buf != NULL );
-
if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, len ) ) != 0 )
return( ret );
@@ -964,10 +913,6 @@
{
uint16_t tls_id;
const mbedtls_ecp_curve_info *curve_info;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( buf != NULL );
- ECP_VALIDATE_RET( *buf != NULL );
-
/*
* We expect at least three bytes (see below)
*/
@@ -1002,10 +947,6 @@
unsigned char *buf, size_t blen )
{
const mbedtls_ecp_curve_info *curve_info;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( buf != NULL );
- ECP_VALIDATE_RET( olen != NULL );
-
if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( grp->id ) ) == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
@@ -2642,11 +2583,6 @@
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx )
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( R != NULL );
- ECP_VALIDATE_RET( m != NULL );
- ECP_VALIDATE_RET( P != NULL );
-
if( f_rng == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
@@ -2660,10 +2596,6 @@
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( R != NULL );
- ECP_VALIDATE_RET( m != NULL );
- ECP_VALIDATE_RET( P != NULL );
return( mbedtls_ecp_mul_restartable( grp, R, m, P, f_rng, p_rng, NULL ) );
}
@@ -2775,13 +2707,6 @@
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
char is_grp_capable = 0;
#endif
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( R != NULL );
- ECP_VALIDATE_RET( m != NULL );
- ECP_VALIDATE_RET( P != NULL );
- ECP_VALIDATE_RET( n != NULL );
- ECP_VALIDATE_RET( Q != NULL );
-
if( mbedtls_ecp_get_type( grp ) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
@@ -2867,12 +2792,6 @@
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
const mbedtls_mpi *n, const mbedtls_ecp_point *Q )
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( R != NULL );
- ECP_VALIDATE_RET( m != NULL );
- ECP_VALIDATE_RET( P != NULL );
- ECP_VALIDATE_RET( n != NULL );
- ECP_VALIDATE_RET( Q != NULL );
return( mbedtls_ecp_muladd_restartable( grp, R, m, P, n, Q, NULL ) );
}
#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
@@ -2996,9 +2915,6 @@
int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
const mbedtls_ecp_point *pt )
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( pt != NULL );
-
/* Must use affine coordinates */
if( mbedtls_mpi_cmp_int( &pt->Z, 1 ) != 0 )
return( MBEDTLS_ERR_ECP_INVALID_KEY );
@@ -3020,9 +2936,6 @@
int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
const mbedtls_mpi *d )
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( d != NULL );
-
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
{
@@ -3112,10 +3025,6 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( d != NULL );
- ECP_VALIDATE_RET( f_rng != NULL );
-
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
return( mbedtls_ecp_gen_privkey_mx( grp->nbits, d, f_rng, p_rng ) );
@@ -3139,12 +3048,6 @@
void *p_rng )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( d != NULL );
- ECP_VALIDATE_RET( G != NULL );
- ECP_VALIDATE_RET( Q != NULL );
- ECP_VALIDATE_RET( f_rng != NULL );
-
MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) );
@@ -3160,11 +3063,6 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- ECP_VALIDATE_RET( grp != NULL );
- ECP_VALIDATE_RET( d != NULL );
- ECP_VALIDATE_RET( Q != NULL );
- ECP_VALIDATE_RET( f_rng != NULL );
-
return( mbedtls_ecp_gen_keypair_base( grp, &grp->G, d, Q, f_rng, p_rng ) );
}
@@ -3175,9 +3073,6 @@
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- ECP_VALIDATE_RET( key != NULL );
- ECP_VALIDATE_RET( f_rng != NULL );
-
if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
return( ret );
@@ -3194,9 +3089,6 @@
{
int ret = 0;
- ECP_VALIDATE_RET( key != NULL );
- ECP_VALIDATE_RET( buf != NULL );
-
if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
return( ret );
@@ -3277,9 +3169,6 @@
{
int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
- ECP_VALIDATE_RET( key != NULL );
- ECP_VALIDATE_RET( buf != NULL );
-
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
{
@@ -3320,9 +3209,6 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point Q;
mbedtls_ecp_group grp;
- ECP_VALIDATE_RET( pub != NULL );
- ECP_VALIDATE_RET( prv != NULL );
-
if( pub->grp.id == MBEDTLS_ECP_DP_NONE ||
pub->grp.id != prv->grp.id ||
mbedtls_mpi_cmp_mpi( &pub->Q.X, &prv->Q.X ) ||
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index fafe68b..70dc74d 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -22,7 +22,7 @@
#if defined(MBEDTLS_PSA_CRYPTO_C)
-#include <psa_crypto_cipher.h>
+#include "psa_crypto_cipher.h"
#include "psa_crypto_core.h"
#include "psa_crypto_random_impl.h"
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 5677a5c..ad235bf 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -82,6 +82,7 @@
#else
#include <dirent.h>
#endif /* __MBED__ */
+#include <errno.h>
#endif /* !_WIN32 || EFIX64 || EFI32 */
#endif
@@ -1658,8 +1659,22 @@
}
else if( stat( entry_name, &sb ) == -1 )
{
- ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
- goto cleanup;
+ if( errno == ENOENT )
+ {
+ /* Broken symbolic link - ignore this entry.
+ stat(2) will return this error for either (a) a dangling
+ symlink or (b) a missing file.
+ Given that we have just obtained the filename from readdir,
+ assume that it does exist and therefore treat this as a
+ dangling symlink. */
+ continue;
+ }
+ else
+ {
+ /* Some other file error; report the error. */
+ ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
+ goto cleanup;
+ }
}
if( !S_ISREG( sb.st_mode ) )
diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function
index 4bba375..e23b471 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -43,7 +43,7 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
void ecdh_invalid_param( )
{
mbedtls_ecdh_context ctx;
diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function
index 311733b..e8aaa6c 100644
--- a/tests/suites/test_suite_ecjpake.function
+++ b/tests/suites/test_suite_ecjpake.function
@@ -98,7 +98,7 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
void ecjpake_invalid_param( )
{
mbedtls_ecjpake_context ctx;
@@ -114,7 +114,6 @@
valid_md,
valid_group,
buf, len ) );
-
exit:
return;
}
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index e55cd32..2cabef4 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -61,7 +61,7 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
void ecp_invalid_param( )
{
mbedtls_ecp_group grp;
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 12b4512..d63fa35 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -34,8 +34,7 @@
defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C)
static int x509_crt_verifycsr( const unsigned char *buf, size_t buflen )
{
- unsigned char hash[MBEDTLS_MD_MAX_SIZE];
- const mbedtls_md_info_t *md_info;
+ unsigned char hash[PSA_HASH_MAX_SIZE];
mbedtls_x509_csr csr;
int ret = 0;
@@ -47,8 +46,12 @@
goto cleanup;
}
- md_info = mbedtls_md_info_from_type( csr.sig_md );
- if( mbedtls_md( md_info, csr.cri.p, csr.cri.len, hash ) != 0 )
+ psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md( csr.sig_md );
+ size_t hash_size = 0;
+ psa_status_t status = psa_hash_compute( psa_alg, csr.cri.p, csr.cri.len,
+ hash, PSA_HASH_MAX_SIZE, &hash_size );
+
+ if( status != PSA_SUCCESS )
{
/* Note: this can't happen except after an internal error */
ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
@@ -56,7 +59,7 @@
}
if( mbedtls_pk_verify_ext( csr.sig_pk, csr.sig_opts, &csr.pk,
- csr.sig_md, hash, mbedtls_md_get_size( md_info ),
+ csr.sig_md, hash, mbedtls_hash_info_get_size( csr.sig_md ),
csr.sig.p, csr.sig.len ) != 0 )
{
ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;