Merge pull request #7940 from AgathiyanB/backport-assert-false-macro
[Backport 2.28] Add TEST_FAIL macro for tests
diff --git a/.gitignore b/.gitignore
index f2c4a3b..54b3c54 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,7 @@
# Random seed file created by test scripts and sample programs
seedfile
+# MBEDTLS_PSA_INJECT_ENTROPY seed file created by the test framework
+00000000ffffff52.psa_its
# CMake build artifacts:
CMakeCache.txt
diff --git a/BRANCHES.md b/BRANCHES.md
index 6d2e5c0..f912e95 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -76,6 +76,6 @@
- [`development`](https://github.com/Mbed-TLS/mbedtls/)
- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28)
maintained until at least the end of 2024, see
- <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3>.
+ <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.4>.
Users are urged to always use the latest version of a maintained branch.
diff --git a/ChangeLog b/ChangeLog
index 4033839..c977a68 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,35 @@
Mbed TLS ChangeLog (Sorted per branch, date)
+= Mbed TLS 2.28.4 branch released 2023-08-04
+
+Features
+ * Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by
+ setting the CMake variable of the same name at configuration time.
+
+Bugfix
+ * Fix crypt_and_hash decryption fail when used with a stream cipher
+ mode of operation, due to the input not being a multiple of the block
+ size. Resolves #7417.
+ * Fix a bug where mbedtls_x509_string_to_names() would return success
+ when given a invalid name string, if it did not contain '=' or ','.
+ * Fix missing PSA initialization in sample programs when
+ MBEDTLS_USE_PSA_CRYPTO is enabled.
+ * Fix clang and armclang compilation error when targeting certain Arm
+ M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23,
+ SecurCore SC000). Fixes #1077.
+ * Fixed an issue that caused compile errors when using CMake and the IAR
+ toolchain.
+ * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516.
+ * Fix builds on Windows with clang.
+ * Fix compilation warnings in aes.c for certain combinations
+ of configuration options.
+ * Fix a compilation error on some platforms when including mbedtls/ssl.h
+ with all TLS support disabled. Fixes #6628.
+
+Changes
+ * Update test data to avoid failures of unit tests after 2023-08-07, and
+ update expiring certififcates in the certs module.
+
= Mbed TLS 2.28.3 branch released 2023-03-28
Features
diff --git a/ChangeLog.d/00README.md b/ChangeLog.d/00README.md
index d2ea73d..2fbc989 100644
--- a/ChangeLog.d/00README.md
+++ b/ChangeLog.d/00README.md
@@ -21,6 +21,9 @@
* Performance improvements, unless they are particularly significant.
* Changes to parts of the code base that users don't interact with directly,
such as test code and test data.
+* Fixes for compiler warnings. Releases typically contain a number of fixes
+ of this kind, so we will only mention them in the Changelog if they are
+ particularly significant.
Until Mbed TLS 2.24.0, we required changelog entries in more cases.
Looking at older changelog entries is good practice for how to write a
diff --git a/ChangeLog.d/armclang-compile-fix.txt b/ChangeLog.d/armclang-compile-fix.txt
deleted file mode 100644
index 93ad6af..0000000
--- a/ChangeLog.d/armclang-compile-fix.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix clang and armclang compilation error when targeting certain Arm
- M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23,
- SecurCore SC000). Fixes #1077.
-
diff --git a/ChangeLog.d/bugfix_iar_typo.txt b/ChangeLog.d/bugfix_iar_typo.txt
deleted file mode 100644
index 95f97b1..0000000
--- a/ChangeLog.d/bugfix_iar_typo.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fixed an issue that caused compile errors when using CMake and the IAR
- toolchain.
diff --git a/ChangeLog.d/cmake-pass-through-config-defines.txt b/ChangeLog.d/cmake-pass-through-config-defines.txt
deleted file mode 100644
index 6122f37..0000000
--- a/ChangeLog.d/cmake-pass-through-config-defines.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by
- setting the CMake variable of the same name at configuration time.
diff --git a/ChangeLog.d/fix-crypt_and_hash-decrypt-issue.txt b/ChangeLog.d/fix-crypt_and_hash-decrypt-issue.txt
deleted file mode 100644
index ded9b2d..0000000
--- a/ChangeLog.d/fix-crypt_and_hash-decrypt-issue.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix crypt_and_hash decryption fail when used with a stream cipher
- mode of operation due to the input not being multiple of block size.
- Resolves #7417.
diff --git a/ChangeLog.d/fix-string-to-names-retcode.txt b/ChangeLog.d/fix-string-to-names-retcode.txt
deleted file mode 100644
index ac4b3d1..0000000
--- a/ChangeLog.d/fix-string-to-names-retcode.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a bug in which mbedtls_x509_string_to_names() would return success
- when given a invalid name string if it did not contain '=' or ','.
diff --git a/ChangeLog.d/fix-tfm-build.txt b/ChangeLog.d/fix-tfm-build.txt
deleted file mode 100644
index a63bc2f..0000000
--- a/ChangeLog.d/fix-tfm-build.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix compilation warnings in aes.c for certain combinations
- of configuration options.
diff --git a/ChangeLog.d/fix-win32-llvm-build.txt b/ChangeLog.d/fix-win32-llvm-build.txt
deleted file mode 100644
index 826551c..0000000
--- a/ChangeLog.d/fix-win32-llvm-build.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix builds on Windows with clang
diff --git a/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt b/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt
new file mode 100644
index 0000000..8fdc588
--- /dev/null
+++ b/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt
@@ -0,0 +1,3 @@
+Features
+ * The documentation of mbedtls_ecp_group now describes the optimized
+ representation of A for some curves. Fixes #8045.
diff --git a/ChangeLog.d/programs_psa_fix.txt b/ChangeLog.d/programs_psa_fix.txt
deleted file mode 100644
index fe2099e..0000000
--- a/ChangeLog.d/programs_psa_fix.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix missing PSA initialization in sample programs when
- MBEDTLS_USE_PSA_CRYPTO is enabled.
diff --git a/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt b/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt
new file mode 100644
index 0000000..c1de491
--- /dev/null
+++ b/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
+ using ECC key. The certificate was rejected by some crypto frameworks.
+ Fixes #2924.
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index bbf4ea2..d19f93e 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -22,7 +22,7 @@
*/
/**
- * @mainpage Mbed TLS v2.28.3 API Documentation
+ * @mainpage Mbed TLS v2.28.4 API Documentation
*
* This documentation describes the internal structure of Mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 78299ed..2f22e3f 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -1,4 +1,4 @@
-PROJECT_NAME = "mbed TLS v2.28.3"
+PROJECT_NAME = "mbed TLS v2.28.4"
OUTPUT_DIRECTORY = ../apidoc/
FULL_PATH_NAMES = NO
OPTIMIZE_OUTPUT_FOR_C = YES
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index 9856a1c..d307ff9 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -274,10 +274,6 @@
* \brief This function performs an ARIA-CTR encryption or decryption
* operation.
*
- * This function performs the operation defined in the \p mode
- * parameter (encrypt/decrypt), on the input data buffer
- * defined in the \p input parameter.
- *
* Due to the nature of CTR, you must use the same key schedule
* for both encryption and decryption operations. Therefore, you
* must use the context initialized with mbedtls_aria_setkey_enc()
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 540cdcc..82aaee8 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -453,7 +453,7 @@
* on a successful invocation.
* \param end The end of the ASN.1 SEQUENCE container.
* \param tag_must_mask A mask to be applied to the ASN.1 tags found within
- * the SEQUENCE before comparing to \p tag_must_value.
+ * the SEQUENCE before comparing to \p tag_must_val.
* \param tag_must_val The required value of each ASN.1 tag found in the
* SEQUENCE, after masking with \p tag_must_mask.
* Mismatching tags lead to an error.
@@ -462,7 +462,7 @@
* while a value of \c 0xFF for \p tag_must_mask means
* that \p tag_must_val is the only allowed tag.
* \param tag_may_mask A mask to be applied to the ASN.1 tags found within
- * the SEQUENCE before comparing to \p tag_may_value.
+ * the SEQUENCE before comparing to \p tag_may_val.
* \param tag_may_val The desired value of each ASN.1 tag found in the
* SEQUENCE, after masking with \p tag_may_mask.
* Mismatching tags will be silently ignored.
diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h
index a439268..f453169 100644
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@@ -159,6 +159,27 @@
size_t par_len);
/**
+ * \brief Write an AlgorithmIdentifier sequence in ASN.1 format.
+ *
+ * \note This function works backwards in data buffer.
+ *
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer, for bounds-checking.
+ * \param oid The OID of the algorithm to write.
+ * \param oid_len The length of the algorithm's OID.
+ * \param par_len The length of the parameters, which must be already written.
+ * \param has_par If there are any parameters. If 0, par_len must be 0. If 1
+ * and \p par_len is 0, NULL parameters are added.
+ *
+ * \return The number of bytes written to \p p on success.
+ * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
+ */
+int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p,
+ unsigned char *start,
+ const char *oid, size_t oid_len,
+ size_t par_len, int has_par);
+
+/**
* \brief Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value
* in ASN.1 format.
*
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index f66379d..cbed259 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -533,7 +533,7 @@
* \param X The destination MPI. This must point to an initialized MPI.
* \param buf The input buffer. This must be a readable buffer of length
* \p buflen Bytes.
- * \param buflen The length of the input buffer \p p in Bytes.
+ * \param buflen The length of the input buffer \p buf in Bytes.
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
@@ -548,7 +548,7 @@
* \param X The destination MPI. This must point to an initialized MPI.
* \param buf The input buffer. This must be a readable buffer of length
* \p buflen Bytes.
- * \param buflen The length of the input buffer \p p in Bytes.
+ * \param buflen The length of the input buffer \p buf in Bytes.
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
@@ -986,8 +986,8 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p N is less than
* or equal to one.
- * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse
- * with respect to \p N.
+ * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p A has no modular
+ * inverse with respect to \p N.
*/
int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A,
const mbedtls_mpi *N);
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index 05397d2..e840947 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -231,7 +231,7 @@
* *note Due to the nature of CTR mode, you should use the same
* key for both encryption and decryption. In particular, calls
* to this function should be preceded by a key-schedule via
- * mbedtls_camellia_setkey_enc() regardless of whether \p mode
+ * mbedtls_camellia_setkey_enc() regardless of whether the mode
* is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
*
* \warning You must never reuse a nonce value with the same key. Doing so
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index aa155d7..56fc2d8 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -427,7 +427,7 @@
const mbedtls_cipher_mode_t mode);
/**
- * \brief This function initializes a \p cipher_context as NONE.
+ * \brief This function initializes a \p ctx as NONE.
*
* \param ctx The context to be initialized. This must not be \c NULL.
*/
@@ -602,7 +602,7 @@
* \param ctx The context of the cipher. This must be initialized.
*
* \return The key length of the cipher in bits.
- * \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
+ * \return #MBEDTLS_KEY_LENGTH_NONE if \p ctx has not been
* initialized.
*/
static inline int mbedtls_cipher_get_key_bitlen(
@@ -779,7 +779,7 @@
* \param ctx The generic cipher context. This must be initialized and
* bound to a key.
* \param output The buffer to write data to. This needs to be a writable
- * buffer of at least \p block_size Bytes.
+ * buffer of at least block_size Bytes.
* \param olen The length of the data written to the \p output buffer.
* This may not be \c NULL.
*
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 1381c1f..04acc1c 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1458,8 +1458,8 @@
* );
* ```
* The \c context value is initialized to 0 before the first call.
- * The function must fill the \c output buffer with \p output_size bytes
- * of random data and set \c *output_length to \p output_size.
+ * The function must fill the \c output buffer with \c output_size bytes
+ * of random data and set \c *output_length to \c output_size.
*
* Requires: MBEDTLS_PSA_CRYPTO_C
*
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index e42d114..b7029d7 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -266,8 +266,9 @@
* \param md_alg The hash algorithm used to hash the original data.
* \param f_rng_blind The RNG function used for blinding. This must not be
* \c NULL.
- * \param p_rng_blind The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context parameter.
+ * \param p_rng_blind The RNG context to be passed to \p f_rng_blind. This
+ * may be \c NULL if \p f_rng_blind doesn't need
+ * a context parameter.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
@@ -344,7 +345,7 @@
* via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
* \param md_alg The message digest that was used to hash the message.
* \param hash The message hash to be signed. This must be a readable
- * buffer of length \p blen Bytes.
+ * buffer of length \p hlen Bytes.
* \param hlen The length of the hash \p hash in Bytes.
* \param sig The buffer to which to write the signature. This must be a
* writable buffer of length at least twice as large as the
@@ -386,7 +387,7 @@
* via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
* \param md_alg The message digest that was used to hash the message.
* \param hash The message hash to be signed. This must be a readable
- * buffer of length \p blen Bytes.
+ * buffer of length \p hlen Bytes.
* \param hlen The length of the hash \p hash in Bytes.
* \param sig The buffer to which to write the signature. This must be a
* writable buffer of length at least twice as large as the
@@ -453,7 +454,7 @@
* and have a group and private key bound to it, for example
* via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
* \param hash The message hash to be signed. This must be a readable
- * buffer of length \p blen Bytes.
+ * buffer of length \p hlen Bytes.
* \param hlen The length of the hash \p hash in Bytes.
* \param sig The buffer to which to write the signature. This must be a
* writable buffer of length at least twice as large as the
@@ -490,7 +491,7 @@
* \param ctx The ECDSA context to use. This must be initialized
* and have a group and public key bound to it.
* \param hash The message hash that was signed. This must be a readable
- * buffer of length \p size Bytes.
+ * buffer of length \p hlen Bytes.
* \param hlen The size of the hash \p hash.
* \param sig The signature to read and verify. This must be a readable
* buffer of length \p slen Bytes.
@@ -520,7 +521,7 @@
* \param ctx The ECDSA context to use. This must be initialized
* and have a group and public key bound to it.
* \param hash The message hash that was signed. This must be a readable
- * buffer of length \p size Bytes.
+ * buffer of length \p hlen Bytes.
* \param hlen The size of the hash \p hash.
* \param sig The signature to read and verify. This must be a readable
* buffer of length \p slen Bytes.
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 5402e74..23ebe9b 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -42,6 +42,11 @@
#include "mbedtls/bignum.h"
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \
+ !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
/*
* ECP error codes
*/
@@ -236,6 +241,27 @@
* odd prime as mbedtls_ecp_mul() requires an odd number, and
* mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.
*
+ * The default implementation only initializes \p A without setting it to the
+ * authentic value for curves with <code>A = -3</code>(SECP256R1, etc), in which
+ * case you need to load \p A by yourself when using domain parameters directly,
+ * for example:
+ * \code
+ * mbedtls_mpi_init(&A);
+ * mbedtls_ecp_group_init(&grp);
+ * CHECK_RETURN(mbedtls_ecp_group_load(&grp, grp_id));
+ * if (mbedtls_ecp_group_a_is_minus_3(&grp)) {
+ * CHECK_RETURN(mbedtls_mpi_sub_int(&A, &grp.P, 3));
+ * } else {
+ * CHECK_RETURN(mbedtls_mpi_copy(&A, &grp.A));
+ * }
+ *
+ * do_something_with_a(&A);
+ *
+ * cleanup:
+ * mbedtls_mpi_free(&A);
+ * mbedtls_ecp_group_free(&grp);
+ * \endcode
+ *
* For Montgomery curves, we do not store \p A, but <code>(A + 2) / 4</code>,
* which is the quantity used in the formulas. Additionally, \p nbits is
* not the size of \p N but the required size for private keys.
@@ -256,8 +282,11 @@
typedef struct mbedtls_ecp_group {
mbedtls_ecp_group_id id; /*!< An internal group identifier. */
mbedtls_mpi P; /*!< The prime modulus of the base field. */
- mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
- Montgomery curves: <code>(A + 2) / 4</code>. */
+ mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. Note that
+ \p A is not set to the authentic value in some cases.
+ Refer to detailed description of ::mbedtls_ecp_group if
+ using domain parameters in the structure.
+ For Montgomery curves: <code>(A + 2) / 4</code>. */
mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation.
For Montgomery curves: unused. */
mbedtls_ecp_point G; /*!< The generator of the subgroup used. */
@@ -990,6 +1019,26 @@
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
/**
+ * \brief This function checks if domain parameter A of the curve is
+ * \c -3.
+ *
+ * \note This function is only defined for short Weierstrass curves.
+ * It may not be included in builds without any short
+ * Weierstrass curve.
+ *
+ * \param grp The ECP group to use.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
+ *
+ * \return \c 1 if <code>A = -3</code>.
+ * \return \c 0 Otherwise.
+ */
+static inline int mbedtls_ecp_group_a_is_minus_3(const mbedtls_ecp_group *grp)
+{
+ return grp->A.p == NULL;
+}
+
+/**
* \brief This function performs multiplication and addition of two
* points by integers: \p R = \p m * \p P + \p n * \p Q
*
@@ -1081,7 +1130,7 @@
*
* It only checks that the point is non-zero, has
* valid coordinates and lies on the curve. It does not verify
- * that it is indeed a multiple of \p G. This additional
+ * that it is indeed a multiple of \c G. This additional
* check is computationally more expensive, is not required
* by standards, and should not be necessary if the group
* used has a small cofactor. In particular, it is useless for
@@ -1106,7 +1155,7 @@
const mbedtls_ecp_point *pt);
/**
- * \brief This function checks that an \p mbedtls_mpi is a
+ * \brief This function checks that an \c mbedtls_mpi is a
* valid private key for this curve.
*
* \note This function uses bare components rather than an
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 3ccf61c..6b22485 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -186,8 +186,8 @@
* \param len The length of the personalization string.
* This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT
* and also at most
- * #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len * 3 / 2
- * where \p entropy_len is the entropy length
+ * #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \c entropy_len * 3 / 2
+ * where \c entropy_len is the entropy length
* described above.
*
* \return \c 0 if successful.
@@ -316,8 +316,8 @@
* \param len The length of the additional data.
* This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT
* and also at most
- * #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len
- * where \p entropy_len is the entropy length
+ * #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \c entropy_len
+ * where \c entropy_len is the entropy length
* (see mbedtls_hmac_drbg_set_entropy_len()).
*
* \return \c 0 if successful.
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index ec83551..0e9d58a 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -395,7 +395,7 @@
*
* \return 0 on success (signature is valid),
* #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
- * signature in sig but its length is less than \p siglen,
+ * signature in \p sig but its length is less than \p sig_len,
* or a specific error code.
*
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
@@ -459,7 +459,7 @@
* #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
* used for this type of signatures,
* #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
- * signature in sig but its length is less than \p siglen,
+ * signature in \p sig but its length is less than \p sig_len,
* or a specific error code.
*
* \note If hash_len is 0, then the length associated with md_alg
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index f8725ff..37f07c0 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -260,15 +260,15 @@
* \brief This function completes an RSA context from
* a set of imported core parameters.
*
- * To setup an RSA public key, precisely \p N and \p E
+ * To setup an RSA public key, precisely \c N and \c E
* must have been imported.
*
* To setup an RSA private key, sufficient information must
* be present for the other parameters to be derivable.
*
* The default implementation supports the following:
- * <ul><li>Derive \p P, \p Q from \p N, \p D, \p E.</li>
- * <li>Derive \p N, \p D from \p P, \p Q, \p E.</li></ul>
+ * <ul><li>Derive \c P, \c Q from \c N, \c D, \c E.</li>
+ * <li>Derive \c N, \c D from \c P, \c Q, \c E.</li></ul>
* Alternative implementations need not support these.
*
* If this function runs successfully, it guarantees that
@@ -537,7 +537,7 @@
* \note This function does not handle message padding.
*
* \note Make sure to set \p input[0] = 0 or ensure that
- * input is smaller than \p N.
+ * input is smaller than \c N.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -1109,8 +1109,8 @@
* verification using the mode from the context.
*
* \note For PKCS#1 v2.1 encoding, see comments on
- * mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
- * \p hash_id.
+ * mbedtls_rsa_rsassa_pss_verify() about \c md_alg and
+ * \c hash_id.
*
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 26e4ec4..cc9a270 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -494,6 +494,7 @@
/* Dummy type used only for its size */
union mbedtls_ssl_premaster_secret {
+ unsigned char dummy; /* Make the union non-empty even with SSL disabled */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
#endif
@@ -1746,10 +1747,10 @@
* \param own_cid The address of the readable buffer holding the CID we want
* the peer to use when sending encrypted messages to us.
* This may be \c NULL if \p own_cid_len is \c 0.
- * This parameter is unused if \p enabled is set to
+ * This parameter is unused if \p enable is set to
* MBEDTLS_SSL_CID_DISABLED.
* \param own_cid_len The length of \p own_cid.
- * This parameter is unused if \p enabled is set to
+ * This parameter is unused if \p enable is set to
* MBEDTLS_SSL_CID_DISABLED.
*
* \note The value of \p own_cid_len must match the value of the
@@ -2573,8 +2574,8 @@
*
* \param session The session structure to be saved.
* \param buf The buffer to write the serialized data to. It must be a
- * writeable buffer of at least \p len bytes, or may be \c
- * NULL if \p len is \c 0.
+ * writeable buffer of at least \p buf_len bytes, or may be \c
+ * NULL if \p buf_len is \c 0.
* \param buf_len The number of bytes available for writing in \p buf.
* \param olen The size in bytes of the data that has been or would have
* been written. It must point to a valid \c size_t.
@@ -2659,7 +2660,7 @@
* record headers.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len
+ * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p len
* is too large.
*/
int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len,
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 0ef5213..1ae06e6 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -38,16 +38,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 28
-#define MBEDTLS_VERSION_PATCH 3
+#define MBEDTLS_VERSION_PATCH 4
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x021C0300
-#define MBEDTLS_VERSION_STRING "2.28.3"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.28.3"
+#define MBEDTLS_VERSION_NUMBER 0x021C0400
+#define MBEDTLS_VERSION_STRING "2.28.4"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.28.4"
#if defined(MBEDTLS_VERSION_C)
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 8fd321a..f00f3a6 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -361,7 +361,8 @@
mbedtls_asn1_named_data *first);
int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
const char *oid, size_t oid_len,
- unsigned char *sig, size_t size);
+ unsigned char *sig, size_t size,
+ mbedtls_pk_type_t pk_alg);
#define MBEDTLS_X509_SAFE_SNPRINTF \
do { \
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 466611f..d436635 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -509,7 +509,7 @@
* \param san_buf The buffer holding the raw data item of the subject
* alternative name.
* \param san The target structure to populate with the parsed presentation
- * of the subject alternative name encoded in \p san_raw.
+ * of the subject alternative name encoded in \p san_buf.
*
* \note Only "dnsName" and "otherName" of type hardware_module_name
* as defined in RFC 4180 is supported.
@@ -517,7 +517,7 @@
* \note This function should be called on a single raw data of
* subject alternative name. For example, after successful
* certificate parsing, one must iterate on every item in the
- * \p crt->subject_alt_names sequence, and pass it to
+ * \c crt->subject_alt_names sequence, and pass it to
* this function.
*
* \warning The target structure contains pointers to the raw data of the
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index a159251..147caaf 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -204,15 +204,15 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
add_library(${mbedcrypto_target} SHARED ${src_crypto})
- set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.28.3 SOVERSION 7)
+ set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.28.4 SOVERSION 7)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
add_library(${mbedx509_target} SHARED ${src_x509})
- set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.28.3 SOVERSION 1)
+ set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.28.4 SOVERSION 1)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
add_library(${mbedtls_target} SHARED ${src_tls})
- set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.28.3 SOVERSION 14)
+ set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.28.4 SOVERSION 14)
target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
endif(USE_SHARED_MBEDTLS_LIBRARY)
diff --git a/library/aes.c b/library/aes.c
index c506709..d5a45fd 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -19,7 +19,7 @@
/*
* The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
*
- * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
+ * https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf
* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
*/
diff --git a/library/asn1write.c b/library/asn1write.c
index 0b487dc..a499bea 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -195,13 +195,22 @@
const char *oid, size_t oid_len,
size_t par_len)
{
+ return mbedtls_asn1_write_algorithm_identifier_ext(p, start, oid, oid_len, par_len, 1);
+}
+
+int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p, unsigned char *start,
+ const char *oid, size_t oid_len,
+ size_t par_len, int has_par)
+{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
- if (par_len == 0) {
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_null(p, start));
- } else {
- len += par_len;
+ if (has_par) {
+ if (par_len == 0) {
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_null(p, start));
+ } else {
+ len += par_len;
+ }
}
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 45d9254..6f553dc 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -19,7 +19,7 @@
/*
* The NIST SP 800-90 DRBGs are described in the following publication.
*
- * http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf
+ * https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-90r.pdf
*/
#include "common.h"
diff --git a/library/ecp.c b/library/ecp.c
index 2d80b6f..dc8e279 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -166,7 +166,7 @@
unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES];
/* The list starts with strong hashes */
const mbedtls_md_type_t md_type =
- (const mbedtls_md_type_t) (mbedtls_md_list()[0]);
+ (mbedtls_md_type_t) (mbedtls_md_list()[0]);
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
if (secret_len > MBEDTLS_ECP_MAX_BYTES) {
@@ -2593,6 +2593,7 @@
void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ int have_rng = 1;
size_t i;
unsigned char b;
mbedtls_ecp_point RP;
@@ -2625,9 +2626,8 @@
/* RP.X might be slightly larger than P, so reduce it */
MOD_ADD(RP.X);
- /* Randomize coordinates of the starting point */
- int have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ /* Derandomize coordinates of the starting point */
if (f_rng == NULL) {
have_rng = 0;
}
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index bad7f46..fade286 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1472,6 +1472,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot;
/* Reject a zero-length output buffer now, since this can never be a
@@ -1498,7 +1499,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
status = psa_driver_wrapper_export_public_key(
@@ -2406,6 +2407,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL;
/* A context must be freshly initialized before it can be set up. */
@@ -2423,7 +2425,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -2594,6 +2596,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot;
uint8_t operation_mac_size = 0;
@@ -2606,7 +2609,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -2732,6 +2735,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot;
*signature_length = 0;
@@ -2764,7 +2768,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -3303,6 +3307,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL;
psa_key_usage_t usage = (cipher_operation == MBEDTLS_ENCRYPT ?
PSA_KEY_USAGE_ENCRYPT :
@@ -3338,7 +3343,7 @@
}
operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -3561,6 +3566,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL;
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
size_t default_iv_length = 0;
@@ -3577,7 +3583,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -3633,6 +3639,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL;
if (!PSA_ALG_IS_CIPHER(alg)) {
@@ -3647,7 +3654,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -4251,6 +4258,7 @@
uint8_t *data = NULL;
size_t bytes = PSA_BITS_TO_BYTES(bits);
psa_status_t status;
+ psa_key_attributes_t attributes;
if (!key_type_is_raw_bytes(slot->attr.type)) {
return PSA_ERROR_INVALID_ARGUMENT;
@@ -4279,7 +4287,7 @@
}
slot->attr.bits = (psa_key_bits_t) bits;
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -4891,14 +4899,16 @@
size_t shared_secret_size,
size_t *shared_secret_length)
{
+ mbedtls_ecp_keypair *ecp = NULL;
+ psa_status_t status;
+
switch (alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
case PSA_ALG_ECDH:
if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(private_key->attr.type)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
- mbedtls_ecp_keypair *ecp = NULL;
- psa_status_t status = mbedtls_psa_ecp_load_representation(
+ status = mbedtls_psa_ecp_load_representation(
private_key->attr.type,
private_key->attr.bits,
private_key->key.data,
@@ -4916,6 +4926,8 @@
return status;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
default:
+ (void) ecp;
+ (void) status;
(void) private_key;
(void) peer_key;
(void) peer_key_length;
@@ -5011,6 +5023,7 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
+ size_t expected_length;
if (!PSA_ALG_IS_KEY_AGREEMENT(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
@@ -5030,7 +5043,7 @@
* PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() is exact so the point is moot.
* If FFDH is implemented, PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() can easily
* be exact for it as well. */
- size_t expected_length =
+ expected_length =
PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(slot->attr.type, slot->attr.bits);
if (output_size < expected_length) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
@@ -5066,6 +5079,10 @@
/* Random generation */
/****************************************************************/
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+#include "mbedtls/entropy_poll.h"
+#endif
+
/** Initialize the PSA random generator.
*/
static void mbedtls_psa_random_init(mbedtls_psa_random_context_t *rng)
@@ -5200,8 +5217,6 @@
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
-#include "mbedtls/entropy_poll.h"
-
psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
size_t seed_size)
{
diff --git a/library/x509_create.c b/library/x509_create.c
index cdfc82a..bd772d3 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -285,9 +285,11 @@
int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
const char *oid, size_t oid_len,
- unsigned char *sig, size_t size)
+ unsigned char *sig, size_t size,
+ mbedtls_pk_type_t pk_alg)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ int write_null_par;
size_t len = 0;
if (*p < start || (size_t) (*p - start) < size) {
@@ -310,8 +312,19 @@
// Write OID
//
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier(p, start, oid,
- oid_len, 0));
+ if (pk_alg == MBEDTLS_PK_ECDSA) {
+ /*
+ * The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature
+ * algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and
+ * https://www.rfc-editor.org/rfc/rfc5758#section-3.
+ */
+ write_null_par = 0;
+ } else {
+ write_null_par = 1;
+ }
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_algorithm_identifier_ext(p, start, oid, oid_len,
+ 0, write_null_par));
return (int) len;
}
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index a8f4c28..e994411 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -342,6 +342,7 @@
size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
mbedtls_pk_type_t pk_alg;
+ int write_sig_null_par;
/*
* Prepare data to be signed at the end of the target buffer
@@ -433,9 +434,20 @@
/*
* Signature ::= AlgorithmIdentifier
*/
+ if (pk_alg == MBEDTLS_PK_ECDSA) {
+ /*
+ * The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature
+ * algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and
+ * https://www.rfc-editor.org/rfc/rfc5758#section-3.
+ */
+ write_sig_null_par = 0;
+ } else {
+ write_sig_null_par = 1;
+ }
MBEDTLS_ASN1_CHK_ADD(len,
- mbedtls_asn1_write_algorithm_identifier(&c, buf,
- sig_oid, strlen(sig_oid), 0));
+ mbedtls_asn1_write_algorithm_identifier_ext(&c, buf,
+ sig_oid, strlen(sig_oid),
+ 0, write_sig_null_par));
/*
* Serial ::= INTEGER
@@ -492,8 +504,8 @@
* into the CRT buffer. */
c2 = buf + size;
MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c,
- sig_oid, sig_oid_len, sig,
- sig_len));
+ sig_oid, sig_oid_len,
+ sig, sig_len, pk_alg));
/*
* Memory layout after this step:
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index a421fde..178b166 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -265,7 +265,7 @@
c2 = buf + size;
MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len,
mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len,
- sig, sig_len));
+ sig, sig_len, pk_alg));
/*
* Compact the space between the CSR data and signature by moving the
diff --git a/programs/fuzz/common.c b/programs/fuzz/common.c
index 56b9a13..96a24f7 100644
--- a/programs/fuzz/common.c
+++ b/programs/fuzz/common.c
@@ -13,7 +13,7 @@
}
#endif
-void dummy_init()
+void dummy_init(void)
{
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
mbedtls_platform_set_time(dummy_constant_time);
diff --git a/programs/fuzz/common.h b/programs/fuzz/common.h
index 6b5b515..d5b098f 100644
--- a/programs/fuzz/common.h
+++ b/programs/fuzz/common.h
@@ -19,7 +19,7 @@
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
#endif
-void dummy_init();
+void dummy_init(void);
int dummy_send(void *ctx, const unsigned char *buf, size_t len);
int fuzz_recv(void *ctx, unsigned char *buf, size_t len);
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index d503fab..ebdef4f 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -128,12 +128,12 @@
/*
* Basic printing functions
*/
-void print_version()
+void print_version(void)
{
printf("%s v%d.%d\n", PROG_NAME, VER_MAJOR, VER_MINOR);
}
-void print_usage()
+void print_usage(void)
{
print_version();
printf("\nThis program is used to deserialize an Mbed TLS SSL session from the base64 code provided\n"
@@ -182,7 +182,7 @@
/*
* Exit from the program in case of error
*/
-void error_exit()
+void error_exit(void)
{
if (NULL != b64_file) {
fclose(b64_file);
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index cc0bf79..d31947a 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -645,7 +645,7 @@
memcpy(&prev[prev_len++], delay, sizeof(packet));
}
-int send_delayed()
+int send_delayed(void)
{
uint8_t offset;
int ret;
diff --git a/scripts/code_style.py b/scripts/code_style.py
index 7de93b0..54b5168 100755
--- a/scripts/code_style.py
+++ b/scripts/code_style.py
@@ -81,11 +81,15 @@
universal_newlines=True)
src_files = output.split()
if since:
- output = subprocess.check_output(["git", "diff", "--name-only",
- since, "--"] +
- src_files,
- universal_newlines=True)
- src_files = output.split()
+ # get all files changed in commits since the starting point
+ cmd = ["git", "log", since + "..HEAD", "--name-only", "--pretty=", "--"] + src_files
+ output = subprocess.check_output(cmd, universal_newlines=True)
+ committed_changed_files = output.split()
+ # and also get all files with uncommitted changes
+ cmd = ["git", "diff", "--name-only", "--"] + src_files
+ output = subprocess.check_output(cmd, universal_newlines=True)
+ uncommitted_changed_files = output.split()
+ src_files = list(set(committed_changed_files + uncommitted_changed_files))
generated_files = list_generated_files()
# Don't correct style for third-party files (and, for simplicity,
@@ -189,9 +193,10 @@
parser.add_argument('-f', '--fix', action='store_true',
help=('modify source files to fix the code style '
'(default: print diff, do not modify files)'))
- parser.add_argument('-s', '--since', metavar='COMMIT',
+ parser.add_argument('-s', '--since', metavar='COMMIT', const='mbedtls-2.28', nargs='?',
help=('only check files modified since the specified commit'
- ' (e.g. --since=HEAD~3 or --since=development)'))
+ ' (e.g. --since=HEAD~3 or --since=mbedtls-2.28). If no'
+ ' commit is specified, default to mbedtls-2.28.'))
# --subset is almost useless: it only matters if there are no files
# ('code_style.py' without arguments checks all files known to Git,
# 'code_style.py --subset' does nothing). In particular,
diff --git a/scripts/config.py b/scripts/config.py
index 9bf82c9..2db67ef 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -200,7 +200,7 @@
'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency
'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # incompatible with USE_PSA_CRYPTO
'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
- 'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions)
+ 'MBEDTLS_PSA_INJECT_ENTROPY', # conflicts with platform entropy sources
'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature
'MBEDTLS_REMOVE_ARC4_CIPHERSUITES', # removes a feature
'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS
diff --git a/scripts/output_env.sh b/scripts/output_env.sh
index 1d9e0fa..5356132 100755
--- a/scripts/output_env.sh
+++ b/scripts/output_env.sh
@@ -105,9 +105,37 @@
print_version "gcc" "--version" "" "head -n 1"
echo
+if [ -n "${GCC_EARLIEST+set}" ]; then
+ print_version "${GCC_EARLIEST}" "--version" "" "head -n 1"
+else
+ echo " GCC_EARLIEST : Not configured."
+fi
+echo
+
+if [ -n "${GCC_LATEST+set}" ]; then
+ print_version "${GCC_LATEST}" "--version" "" "head -n 1"
+else
+ echo " GCC_LATEST : Not configured."
+fi
+echo
+
print_version "clang" "--version" "" "head -n 2"
echo
+if [ -n "${CLANG_EARLIEST+set}" ]; then
+ print_version "${CLANG_EARLIEST}" "--version" "" "head -n 2"
+else
+ echo " CLANG_EARLIEST : Not configured."
+fi
+echo
+
+if [ -n "${CLANG_LATEST+set}" ]; then
+ print_version "${CLANG_LATEST}" "--version" "" "head -n 2"
+else
+ echo " CLANG_LATEST : Not configured."
+fi
+echo
+
print_version "ldd" "--version" "" "head -n 1"
echo
diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h
index 6e7c154..fbec4f4 100644
--- a/tests/configs/user-config-for-test.h
+++ b/tests/configs/user-config-for-test.h
@@ -57,3 +57,23 @@
#define MBEDTLS_PSA_ACCEL_ALG_HMAC
#endif /* PSA_CRYPTO_DRIVER_TEST_ALL */
+
+
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform
+ * functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
+ * and #MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO. The job of these functions
+ * is to read and write from the entropy seed file, which is located
+ * in the PSA ITS file whose uid is #PSA_CRYPTO_ITS_RANDOM_SEED_UID.
+ * (These could have been provided as library functions, but for historical
+ * reasons, they weren't, and so each integrator has to provide a copy
+ * of these functions.)
+ *
+ * Provide implementations of these functions for testing. */
+#include <stddef.h>
+int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len);
+int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len);
+#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_test_inject_entropy_seed_read
+#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_test_inject_entropy_seed_write
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 17e0f90..222988c 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -1210,7 +1210,7 @@
# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.'
server5.req.ku.sha1: server5.key
- $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
+ $(OPENSSL) req -key $< -out $@ -new -nodes -subj "/C=NL/O=PolarSSL/CN=PolarSSL Server 1" -sha1 -addext keyUsage=digitalSignature,nonRepudiation
all_final += server5.req.ku.sha1
# server6*
diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt
index 84c775f..82f93d2 100644
--- a/tests/data_files/Readme-x509.txt
+++ b/tests/data_files/Readme-x509.txt
@@ -76,6 +76,10 @@
-badsign.crt: S5 with corrupted signature
-expired.crt: S5 with "not after" date in the past
-future.crt: S5 with "not before" date in the future
+ -non-compliant.crt: S5, RFC non-compliant
+ (with forbidden EC algorithm identifier NULL parameter)
+ generated by (before fix):
+ cert_write subject_key=server5.key subject_name="CN=Test EC RFC non-compliant" issuer_crt=test-ca2.crt issuer_key=test-ca2.key
-selfsigned.crt: Self-signed cert with S5 key
-ss-expired.crt: Self-signed cert with S5 key, expired
-ss-forgeca.crt: Copy of test-int-ca3 self-signed with S5 key
diff --git a/tests/data_files/parse_input/server5-non-compliant.crt b/tests/data_files/parse_input/server5-non-compliant.crt
new file mode 100644
index 0000000..abea17d
--- /dev/null
+++ b/tests/data_files/parse_input/server5-non-compliant.crt
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBwjCCAUagAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0wMTAxMDEwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMCQxIjAgBgNVBAMMGVRlc3Qg
+RUMgUkZDIG5vbi1jb21wbGlhbnQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3
+zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqI
+wmt3DVXNiioO+gHItO3/o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRQYaWP1AfZ
+14IBDOVlf4xjRqcTvjAfBgNVHSMEGDAWgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAM
+BggqhkjOPQQDAgUAA2gAMGUCMAJ3J/DooFSaBG2OhzyWai32q6INDZfoS2bToSKf
+gy6hbJiIX/G9eFts5+BJQ3QpjgIxALRmIgdR91BDdqpeF5JCmhgjbfbgMQ7mrMeS
+ZGfNyFyjS75QnIA6nKryQmgPXo+sCQ==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.req.ku.sha1 b/tests/data_files/server5.req.ku.sha1
index 3281c94..c73a0e2 100644
--- a/tests/data_files/server5.req.ku.sha1
+++ b/tests/data_files/server5.req.ku.sha1
@@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIBFjCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGjAY
+MIIBFDCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGjAY
BgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
QgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/6i/SNF1d
Fr2KiMJrdw1VzYoqDvoByLTt/6AeMBwGCSqGSIb3DQEJDjEPMA0wCwYDVR0PBAQD
-AgbAMAsGByqGSM49BAEFAANIADBFAiEAnIKF+xKk0iEuN4MHd4FZWNvrznLQgkeg
-2n8ejjreTzcCIAH34z2TycuMpWQRhpV+YT988pBWR67LAg7REyZnjSAB
+AgbAMAkGByqGSM49BAEDSAAwRQIhAJyChfsSpNIhLjeDB3eBWVjb685y0IJHoNp/
+Ho463k83AiAB9+M9k8nLjKVkEYaVfmE/fPKQVkeuywIO0RMmZ40gAQ==
-----END CERTIFICATE REQUEST-----
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index f8b98c0..8ac09c8 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -201,6 +201,41 @@
*/
int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename);
+
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform
+ * functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
+ * and #MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO. The job of these functions
+ * is to read and write from the entropy seed file, which is located
+ * in the PSA ITS file whose uid is #PSA_CRYPTO_ITS_RANDOM_SEED_UID.
+ * (These could have been provided as library functions, but for historical
+ * reasons, they weren't, and so each integrator has to provide a copy
+ * of these functions.)
+ *
+ * Provide implementations of these functions for testing. */
+int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len);
+int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len);
+
+
+/** Make sure that the injected entropy is present.
+ *
+ * When MBEDTLS_PSA_INJECT_ENTROPY is enabled, psa_crypto_init()
+ * will fail if the PSA entropy seed is not present.
+ * This function must be called at least once in a test suite or other
+ * program before any call to psa_crypto_init().
+ * It does not need to be called in each test case.
+ *
+ * The test framework calls this function before running any test case.
+ *
+ * The few tests that might remove the entropy file must call this function
+ * in their cleanup.
+ */
+int mbedtls_test_inject_entropy_restore(void);
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
+
+
+
/** Skip a test case if the given key is a 192 bits AES key and the AES
* implementation is at least partially provided by an accelerator or
* alternative implementation.
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 9eb5c39..c357f43 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -175,6 +175,10 @@
: ${ARMC6_BIN_DIR:=/usr/bin}
: ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
: ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-}
+ : ${CLANG_LATEST:="clang-latest"}
+ : ${CLANG_EARLIEST:="clang-earliest"}
+ : ${GCC_LATEST:="gcc-latest"}
+ : ${GCC_EARLIEST:="gcc-earliest"}
# if MAKEFLAGS is not set add the -j option to speed up invocations of make
if [ -z "${MAKEFLAGS+set}" ]; then
@@ -190,9 +194,7 @@
# Gather the list of available components. These are the functions
# defined in this script whose name starts with "component_".
- # Parse the script with sed. This way we get the functions in the order
- # they are defined.
- ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0")
+ ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
# Exclude components that are not supported on this platform.
SUPPORTED_COMPONENTS=
@@ -274,6 +276,10 @@
Tool path options:
--armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
--armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory.
+ --clang-earliest=<Clang_earliest_path> Earliest version of clang available
+ --clang-latest=<Clang_latest_path> Latest version of clang available
+ --gcc-earliest=<GCC_earliest_path> Earliest version of GCC available
+ --gcc-latest=<GCC_latest_path> Latest version of GCC available
--gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
--gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
--gnutls-legacy-cli=<GnuTLS_cli_path> GnuTLS client executable to use for legacy tests.
@@ -417,9 +423,13 @@
--armcc) no_armcc=;;
--armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
+ --clang-earliest) shift; CLANG_EARLIEST="$1";;
+ --clang-latest) shift; CLANG_LATEST="$1";;
--error-test) error_test=$((error_test + 1));;
--except) all_except=1;;
--force|-f) FORCE=1;;
+ --gcc-earliest) shift; GCC_EARLIEST="$1";;
+ --gcc-latest) shift; GCC_LATEST="$1";;
--gnutls-cli) shift; GNUTLS_CLI="$1";;
--gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";;
--gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";;
@@ -1244,6 +1254,21 @@
tests/ssl-opt.sh -f 'Default\|opaque'
}
+component_test_psa_inject_entropy () {
+ msg "build: full + MBEDTLS_PSA_INJECT_ENTROPY"
+ scripts/config.py full
+ scripts/config.py set MBEDTLS_PSA_INJECT_ENTROPY
+ scripts/config.py set MBEDTLS_ENTROPY_NV_SEED
+ scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
+ scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_READ
+ scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_WRITE
+ make CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS"
+
+ msg "test: full + MBEDTLS_PSA_INJECT_ENTROPY"
+ make test
+}
+
component_test_ecp_no_internal_rng () {
msg "build: Default plus ECP_NO_INTERNAL_RNG minus DRBG modules"
scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG
@@ -2931,6 +2956,7 @@
test_build_opt () {
info=$1 cc=$2; shift 2
+ $cc --version
for opt in "$@"; do
msg "build/test: $cc $opt, $info" # ~ 30s
make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror"
@@ -2943,14 +2969,45 @@
done
}
-component_test_clang_opt () {
+# For FreeBSD we invoke the function by name so this condition is added
+# to disable the existing test_clang_opt function for linux.
+if [[ $(uname) != "Linux" ]]; then
+ component_test_clang_opt () {
+ scripts/config.py full
+ test_build_opt 'full config' clang -O0 -Os -O2
+ }
+fi
+
+component_test_clang_latest_opt () {
scripts/config.py full
- test_build_opt 'full config' clang -O0 -Os -O2
+ test_build_opt 'full config' "$CLANG_LATEST" -O0 -Os -O2
+}
+support_test_clang_latest_opt () {
+ type "$CLANG_LATEST" >/dev/null 2>/dev/null
}
-component_test_gcc_opt () {
+component_test_clang_earliest_opt () {
scripts/config.py full
- test_build_opt 'full config' gcc -O0 -Os -O2
+ test_build_opt 'full config' "$CLANG_EARLIEST" -O0
+}
+support_test_clang_earliest_opt () {
+ type "$CLANG_EARLIEST" >/dev/null 2>/dev/null
+}
+
+component_test_gcc_latest_opt () {
+ scripts/config.py full
+ test_build_opt 'full config' "$GCC_LATEST" -O0 -Os -O2
+}
+support_test_gcc_latest_opt () {
+ type "$GCC_LATEST" >/dev/null 2>/dev/null
+}
+
+component_test_gcc_earliest_opt () {
+ scripts/config.py full
+ test_build_opt 'full config' "$GCC_EARLIEST" -O0
+}
+support_test_gcc_earliest_opt () {
+ type "$GCC_EARLIEST" >/dev/null 2>/dev/null
}
component_build_mbedtls_config_file () {
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index 839fccd..ed78449 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -654,6 +654,11 @@
code = code.replace(name, 'test_' + name, 1)
name = 'test_' + name
+ # If a test function has no arguments then add 'void' argument to
+ # avoid "-Wstrict-prototypes" warnings from clang
+ if len(args) == 0:
+ code = code.replace('()', '(void)', 1)
+
for line in funcs_f:
if re.search(END_CASE_REGEX, line):
break
diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py
index fe748ae..b32d184 100755
--- a/tests/scripts/test_generate_test_code.py
+++ b/tests/scripts/test_generate_test_code.py
@@ -647,7 +647,7 @@
self.assertEqual(arg, [])
expected = '''#line 1 "test_suite_ut.function"
-void test_func()
+void test_func(void)
{
ba ba black sheep
have you any wool
@@ -690,7 +690,7 @@
expected = '''#line 1 "test_suite_ut.function"
-void test_func()
+void test_func(void)
{
ba ba black sheep
have you any wool
@@ -750,7 +750,7 @@
void
-test_func()
+test_func(void)
{
ba ba black sheep
have you any wool
@@ -803,7 +803,7 @@
-void test_func()
+void test_func(void)
{
ba ba black sheep
have you any wool
@@ -1139,7 +1139,7 @@
#if defined(MBEDTLS_ENTROPY_NV_SEED)
#if defined(MBEDTLS_FS_IO)
#line 13 "test_suite_ut.function"
-void test_func1()
+void test_func1(void)
{
exit:
;
@@ -1156,7 +1156,7 @@
#if defined(MBEDTLS_ENTROPY_NV_SEED)
#if defined(MBEDTLS_FS_IO)
#line 19 "test_suite_ut.function"
-void test_func2()
+void test_func2(void)
{
exit:
;
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index 6c215d1..198a9c0 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -24,6 +24,11 @@
#include <setjmp.h>
#endif
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+#include <psa/crypto.h>
+#include <test/psa_crypto_helpers.h>
+#endif
+
/*----------------------------------------------------------------------------*/
/* Static global variables */
@@ -52,9 +57,22 @@
int mbedtls_test_platform_setup(void)
{
int ret = 0;
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+ /* Make sure that injected entropy is present. Otherwise
+ * psa_crypto_init() will fail. This is not necessary for test suites
+ * that don't use PSA, but it's harmless (except for leaving a file
+ * behind). */
+ ret = mbedtls_test_inject_entropy_restore();
+ if (ret != 0) {
+ return ret;
+ }
+#endif
+
#if defined(MBEDTLS_PLATFORM_C)
ret = mbedtls_platform_setup(&platform_ctx);
#endif /* MBEDTLS_PLATFORM_C */
+
return ret;
}
diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c
index 77c2f89..cab96ab 100644
--- a/tests/src/psa_crypto_helpers.c
+++ b/tests/src/psa_crypto_helpers.c
@@ -149,4 +149,49 @@
}
}
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+
+#include <mbedtls/entropy.h>
+#include <psa_crypto_its.h>
+
+int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len)
+{
+ size_t actual_len = 0;
+ psa_status_t status = psa_its_get(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
+ 0, len, buf, &actual_len);
+ if (status != 0) {
+ return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
+ }
+ if (actual_len != len) {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ }
+ return 0;
+}
+
+int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len)
+{
+ psa_status_t status = psa_its_set(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
+ len, buf, 0);
+ if (status != 0) {
+ return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
+ }
+ return 0;
+}
+
+int mbedtls_test_inject_entropy_restore(void)
+{
+ unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
+ for (size_t i = 0; i < sizeof(buf); i++) {
+ buf[i] = (unsigned char) i;
+ }
+ psa_status_t status = mbedtls_psa_inject_entropy(buf, sizeof(buf));
+ /* It's ok if the file was just created, or if it already exists. */
+ if (status != PSA_SUCCESS && status != PSA_ERROR_NOT_PERMITTED) {
+ return status;
+ }
+ return PSA_SUCCESS;
+}
+
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
+
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index bc9a204..bd1f46c 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -806,13 +806,15 @@
int *written,
const int expected_fragments)
{
+ int ret;
+
/* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
* a valid no-op for TLS connections. */
if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0);
}
- int ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written);
+ ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written);
if (ret > 0) {
*written += ret;
}
@@ -852,13 +854,15 @@
int *read, int *fragments,
const int expected_fragments)
{
+ int ret;
+
/* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
* a valid no-op for TLS connections. */
if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0);
}
- int ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read);
+ ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read);
if (ret > 0) {
(*fragments)++;
*read += ret;
diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index b04ed54..5d8487c 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -135,7 +135,7 @@
/* END_HEADER */
/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_ENTROPY_C
+ * depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_PSA_INJECT_ENTROPY
* END_DEPENDENCIES
*/
diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function
index 26ce0d3..0c8f2d5 100644
--- a/tests/suites/test_suite_psa_crypto_entropy.function
+++ b/tests/suites/test_suite_psa_crypto_entropy.function
@@ -12,28 +12,56 @@
MBEDTLS_ENTROPY_BLOCK_SIZE)
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+#include <psa_crypto_its.h>
-#if defined(MBEDTLS_PSA_ITS_FILE_C)
-#include <stdio.h>
-#else
-#include <psa/internal_trusted_storage.h>
-#endif
+/* Check the entropy seed file.
+ *
+ * \param expected_size Expected size in bytes.
+ * If 0, the file must not exist.
+ *
+ * \retval 1 Either \p expected_size is nonzero and
+ * the entropy seed file exists and has exactly this size,
+ * or \p expected_size is zero and the file does not exist.
+ * \retval 0 Either \p expected_size is nonzero but
+ * the entropy seed file does not exist or has a different size,
+ * or \p expected_size is zero but the file exists.
+ * In this case, the test case is marked as failed.
+ *
+ * \note We enforce that the seed is in a specific ITS file.
+ * This must not change, otherwise we break backward compatibility if
+ * the library is upgraded on a device with an existing seed.
+ */
+int check_random_seed_file(size_t expected_size)
+{
+ /* The value of the random seed UID must not change. Otherwise that would
+ * break upgrades of the library on devices that already contain a seed
+ * file. If this test assertion fails, you've presumably broken backward
+ * compatibility! */
+ TEST_EQUAL(PSA_CRYPTO_ITS_RANDOM_SEED_UID, 0xFFFFFF52);
-/* Remove the entropy seed file. Since the library does not expose a way
- * to do this (it would be a security risk if such a function was ever
- * accessible in production), implement this functionality in a white-box
- * manner. */
+ struct psa_storage_info_t info = { 0, 0 };
+ psa_status_t status = psa_its_get_info(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
+ &info);
+
+ if (expected_size == 0) {
+ TEST_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST);
+ } else {
+ TEST_EQUAL(status, PSA_SUCCESS);
+ TEST_EQUAL(info.size, expected_size);
+ }
+ return 1;
+
+exit:
+ return 0;
+}
+
+/* Remove the entropy seed file.
+ *
+ * See check_random_seed_file() regarding abstraction boundaries.
+ */
psa_status_t remove_seed_file(void)
{
-#if defined(MBEDTLS_PSA_ITS_FILE_C)
- if (remove("00000000ffffff52.psa_its") == 0) {
- return PSA_SUCCESS;
- } else {
- return PSA_ERROR_DOES_NOT_EXIST;
- }
-#else
return psa_its_remove(PSA_CRYPTO_ITS_RANDOM_SEED_UID);
-#endif
}
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
@@ -143,18 +171,34 @@
status = remove_seed_file();
TEST_ASSERT((status == PSA_SUCCESS) ||
(status == PSA_ERROR_DOES_NOT_EXIST));
+ if (!check_random_seed_file(0)) {
+ goto exit;
+ }
+
status = mbedtls_psa_inject_entropy(seed, seed_length_a);
TEST_EQUAL(status, expected_status_a);
+ if (!check_random_seed_file(expected_status_a == PSA_SUCCESS ? seed_length_a :
+ 0)) {
+ goto exit;
+ }
+
status = mbedtls_psa_inject_entropy(seed, seed_length_b);
TEST_EQUAL(status, expected_status_b);
+ if (!check_random_seed_file(expected_status_a == PSA_SUCCESS ? seed_length_a :
+ expected_status_b == PSA_SUCCESS ? seed_length_b :
+ 0)) {
+ goto exit;
+ }
+
PSA_ASSERT(psa_crypto_init());
PSA_ASSERT(psa_generate_random(output,
sizeof(output)));
TEST_ASSERT(memcmp(output, zeros, sizeof(output)) != 0);
+
exit:
mbedtls_free(seed);
- remove_seed_file();
PSA_DONE();
+ mbedtls_test_inject_entropy_restore();
}
/* END_CASE */
@@ -168,25 +212,40 @@
for (i = 0; i < sizeof(seed); ++i) {
seed[i] = i;
}
+
status = remove_seed_file();
TEST_ASSERT((status == PSA_SUCCESS) ||
(status == PSA_ERROR_DOES_NOT_EXIST));
+ if (!check_random_seed_file(0)) {
+ goto exit;
+ }
status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
PSA_ASSERT(status);
+ TEST_ASSERT(check_random_seed_file(sizeof(seed)));
status = remove_seed_file();
TEST_EQUAL(status, PSA_SUCCESS);
+ if (!check_random_seed_file(0)) {
+ goto exit;
+ }
+
status = psa_crypto_init();
TEST_EQUAL(status, PSA_ERROR_INSUFFICIENT_ENTROPY);
status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
PSA_ASSERT(status);
+ if (!check_random_seed_file(sizeof(seed))) {
+ goto exit;
+ }
+
status = psa_crypto_init();
PSA_ASSERT(status);
PSA_DONE();
+
/* The seed is written by nv_seed callback functions therefore the injection will fail */
status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
+
exit:
- remove_seed_file();
PSA_DONE();
+ mbedtls_test_inject_entropy_restore();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_init.data b/tests/suites/test_suite_psa_crypto_init.data
index 9620a64..8c5b41d 100644
--- a/tests/suites/test_suite_psa_crypto_init.data
+++ b/tests/suites/test_suite_psa_crypto_init.data
@@ -25,7 +25,10 @@
Custom entropy sources: all standard
custom_entropy_sources:0x0000ffff:PSA_SUCCESS
+# MBEDTLS_PSA_INJECT_ENTROPY means that a source of entropy (the seed file)
+# is effectively always available.
Custom entropy sources: none
+depends_on:!MBEDTLS_PSA_INJECT_ENTROPY
custom_entropy_sources:0:PSA_ERROR_INSUFFICIENT_ENTROPY
Fake entropy: never returns anything
diff --git a/tests/suites/test_suite_random.function b/tests/suites/test_suite_random.function
index 0f0c7fa..905ee78 100644
--- a/tests/suites/test_suite_random.function
+++ b/tests/suites/test_suite_random.function
@@ -18,7 +18,7 @@
/* END_HEADER */
-/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_CTR_DRBG_C */
void random_twice_with_ctr_drbg()
{
mbedtls_entropy_context entropy;
@@ -57,7 +57,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:MBEDTLS_HMAC_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_HMAC_DRBG_C */
void random_twice_with_hmac_drbg(int md_type)
{
mbedtls_entropy_context entropy;
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index bc999f1..6bcde71 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -2126,7 +2126,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
void mbedtls_endpoint_sanity(int endpoint_type)
{
enum { BUFFSIZE = 1024 };
@@ -2151,7 +2151,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */
void move_handshake_to_state(int endpoint_type, int state, int need_pass)
{
enum { BUFFSIZE = 1024 };
@@ -2408,7 +2408,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
void raw_key_agreement_fail(int bad_server_ecdhe_key)
{
enum { BUFFSIZE = 17000 };
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 4b57192..8226a68 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compile time library version
-check_compiletime_version:"2.28.3"
+check_compiletime_version:"2.28.4"
Check runtime library version
-check_runtime_version:"2.28.3"
+check_runtime_version:"2.28.4"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index c796cdd..406a063 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -2890,6 +2890,14 @@
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
mbedtls_x509_crt_parse_file:"data_files/parse_input/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH:0
+X509 File parse (does not conform to RFC 5480 / RFC 5758 - AlgorithmIdentifier's parameters field is present, mbedTLS generated before bugfix, OK)
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+x509parse_crt_file:"data_files/parse_input/server5-non-compliant.crt":0
+
+X509 File parse (conforms to RFC 5480 / RFC 5758 - AlgorithmIdentifier's parameters field must be absent for ECDSA)
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+x509parse_crt_file:"data_files/parse_input/server5.crt":0
+
X509 Get time (UTC no issues)
depends_on:MBEDTLS_X509_USE_C
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0